package com.microsoft.aad.adal;

import defpackage.C1625aeW;
import defpackage.C1630aeb;
import defpackage.C1631aec;
import defpackage.InterfaceC1605aeC;
import defpackage.InterfaceC1654aez;
import java.io.UnsupportedEncodingException;
import java.lang.reflect.InvocationTargetException;
import java.security.interfaces.RSAPrivateKey;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Locale;
import java.util.Map;

/* compiled from: PG */
/* loaded from: classes2.dex */
public class ChallengeResponseBuilder {

    /* renamed from: a, reason: collision with root package name */
    private final InterfaceC1605aeC f5618a;

    /* compiled from: PG */
    /* loaded from: classes2.dex */
    public enum RequestField {
        Nonce,
        CertAuthorities,
        Version,
        SubmitUrl,
        Context,
        CertThumbprint
    }

    public ChallengeResponseBuilder(InterfaceC1605aeC interfaceC1605aeC) {
        this.f5618a = interfaceC1605aeC;
    }

    private static InterfaceC1654aez a(Class<InterfaceC1654aez> cls) throws AuthenticationException {
        try {
            return cls.getDeclaredConstructor(new Class[0]).newInstance(null);
        } catch (IllegalAccessException | IllegalArgumentException | InstantiationException | NoSuchMethodException | InvocationTargetException e) {
            throw new AuthenticationException(ADALError.DEVICE_CERTIFICATE_API_EXCEPTION, "WPJ Api constructor is not defined", e);
        }
    }

    public static void a(Map<String, String> map, boolean z) throws AuthenticationException {
        if (!map.containsKey(RequestField.Nonce.name()) && !map.containsKey(RequestField.Nonce.name().toLowerCase(Locale.US))) {
            throw new AuthenticationException(ADALError.DEVICE_CERTIFICATE_REQUEST_INVALID, "Nonce");
        }
        if (!map.containsKey(RequestField.Version.name())) {
            throw new AuthenticationException(ADALError.DEVICE_CERTIFICATE_REQUEST_INVALID, "Version");
        }
        if (z && !map.containsKey(RequestField.SubmitUrl.name())) {
            throw new AuthenticationException(ADALError.DEVICE_CERTIFICATE_REQUEST_INVALID, "SubmitUrl");
        }
        if (!map.containsKey(RequestField.Context.name())) {
            throw new AuthenticationException(ADALError.DEVICE_CERTIFICATE_REQUEST_INVALID, "Context");
        }
        if (z && !map.containsKey(RequestField.CertAuthorities.name())) {
            throw new AuthenticationException(ADALError.DEVICE_CERTIFICATE_REQUEST_INVALID, "CertAuthorities");
        }
    }

    public final C1631aec a(C1630aeb c1630aeb) throws AuthenticationException {
        C1631aec c1631aec = new C1631aec();
        c1631aec.f1917a = c1630aeb.e;
        c1631aec.b = String.format("%s Context=\"%s\",Version=\"%s\"", "PKeyAuth", c1630aeb.b, c1630aeb.d);
        c1631aec.f1917a = c1630aeb.e;
        Class<?> deviceCertificateProxy = AuthenticationSettings.INSTANCE.getDeviceCertificateProxy();
        if (deviceCertificateProxy != null) {
            InterfaceC1654aez a2 = a((Class<InterfaceC1654aez>) deviceCertificateProxy);
            if (a2.a() || (a2.d() != null && a2.d().equalsIgnoreCase(c1630aeb.c))) {
                RSAPrivateKey c = a2.c();
                if (c == null) {
                    throw new AuthenticationException(ADALError.KEY_CHAIN_PRIVATE_KEY_EXCEPTION);
                }
                c1631aec.b = String.format("%s AuthToken=\"%s\",Context=\"%s\",Version=\"%s\"", "PKeyAuth", this.f5618a.a(c1630aeb.f1916a, c1630aeb.e, c, a2.e(), a2.b()), c1630aeb.b, c1630aeb.d);
                Logger.a("ChallengeResponseBuilder", "Challenge response:" + c1631aec.b);
            }
        }
        return c1631aec;
    }

    public final C1631aec a(String str, String str2) throws UnsupportedEncodingException, AuthenticationException {
        if (C1625aeW.a(str)) {
            throw new AuthenticationServerProtocolException("headerValue");
        }
        if (!C1625aeW.b(str, "PKeyAuth")) {
            throw new AuthenticationException(ADALError.DEVICE_CERTIFICATE_REQUEST_INVALID, str);
        }
        C1630aeb c1630aeb = new C1630aeb();
        String substring = str.substring(8);
        ArrayList<String> a2 = C1625aeW.a(substring, ',');
        HashMap hashMap = new HashMap();
        Iterator<String> it = a2.iterator();
        while (it.hasNext()) {
            ArrayList<String> a3 = C1625aeW.a(it.next(), '=');
            if (a3.size() != 2 || C1625aeW.a(a3.get(0)) || C1625aeW.a(a3.get(1))) {
                throw new AuthenticationException(ADALError.DEVICE_CERTIFICATE_REQUEST_INVALID, substring);
            }
            hashMap.put(C1625aeW.d(a3.get(0)).trim(), C1625aeW.g(C1625aeW.d(a3.get(1)).trim()));
        }
        a((Map<String, String>) hashMap, false);
        c1630aeb.f1916a = (String) hashMap.get(RequestField.Nonce.name());
        if (C1625aeW.a(c1630aeb.f1916a)) {
            c1630aeb.f1916a = (String) hashMap.get(RequestField.Nonce.name().toLowerCase(Locale.US));
        }
        if (!(AuthenticationSettings.INSTANCE.getDeviceCertificateProxy() != null)) {
            Logger.a("ChallengeResponseBuilder:getChallengeRequestFromHeader", "Device is not workplace joined. ");
        } else if (!C1625aeW.a((String) hashMap.get(RequestField.CertThumbprint.name()))) {
            Logger.a("ChallengeResponseBuilder:getChallengeRequestFromHeader", "CertThumbprint exists in the device auth challenge.");
            c1630aeb.c = (String) hashMap.get(RequestField.CertThumbprint.name());
        } else {
            if (!hashMap.containsKey(RequestField.CertAuthorities.name())) {
                throw new AuthenticationException(ADALError.DEVICE_CERTIFICATE_REQUEST_INVALID, "Both certThumbprint and certauthorities are not present");
            }
            Logger.a("ChallengeResponseBuilder:getChallengeRequestFromHeader", "CertAuthorities exists in the device auth challenge.");
            C1625aeW.a((String) hashMap.get(RequestField.CertAuthorities.name()), ";");
        }
        c1630aeb.d = (String) hashMap.get(RequestField.Version.name());
        c1630aeb.b = (String) hashMap.get(RequestField.Context.name());
        c1630aeb.e = str2;
        return a(c1630aeb);
    }
}
