package com.microsoft.identity.common.internal.ui.webview.certbasedauth;

import android.app.Activity;
import android.security.KeyChain;
import android.security.KeyChainAliasCallback;
import android.security.KeyChainException;
import android.webkit.ClientCertRequest;
import androidx.annotation.NonNull;
import androidx.annotation.RequiresApi;
import com.microsoft.identity.common.java.exception.BaseException;
import com.microsoft.identity.common.java.opentelemetry.ICertBasedAuthTelemetryHelper;
import com.microsoft.identity.common.java.providers.RawAuthorizationResult;
import com.microsoft.identity.common.logging.Logger;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;

/* loaded from: classes8.dex */
public class OnDeviceCertBasedAuthChallengeHandler implements ICertBasedAuthChallengeHandler {

    /* renamed from: O8, reason: collision with root package name */
    private static final String f60062O8 = "OnDeviceCertBasedAuthChallengeHandler";

    /* renamed from: 〇080, reason: contains not printable characters */
    private final Activity f34972080;

    /* renamed from: 〇o00〇〇Oo, reason: contains not printable characters */
    private final ICertBasedAuthTelemetryHelper f34973o00Oo;

    /* renamed from: 〇o〇, reason: contains not printable characters */
    private boolean f34974o;

    public OnDeviceCertBasedAuthChallengeHandler(@NonNull Activity activity, @NonNull ICertBasedAuthTelemetryHelper iCertBasedAuthTelemetryHelper) {
        this.f34972080 = activity;
        this.f34973o00Oo = iCertBasedAuthTelemetryHelper;
        iCertBasedAuthTelemetryHelper.Oo08(f60062O8);
        this.f34974o = false;
    }

    @Override // com.microsoft.identity.common.internal.ui.webview.certbasedauth.ICertBasedAuthChallengeHandler
    public void O8() {
    }

    @Override // com.microsoft.identity.common.internal.ui.webview.certbasedauth.ICertBasedAuthChallengeHandler
    /* renamed from: 〇080 */
    public void mo51879080(@NonNull RawAuthorizationResult rawAuthorizationResult) {
        if (this.f34974o) {
            RawAuthorizationResult.ResultCode oO802 = rawAuthorizationResult.oO80();
            if (oO802 != RawAuthorizationResult.ResultCode.NON_OAUTH_ERROR && oO802 != RawAuthorizationResult.ResultCode.SDK_CANCELLED && oO802 != RawAuthorizationResult.ResultCode.CANCELLED) {
                this.f34973o00Oo.mo52232o00Oo();
                return;
            }
            BaseException m52245888 = rawAuthorizationResult.m52245888();
            if (m52245888 != null) {
                this.f34973o00Oo.mo52231080(m52245888);
            } else {
                this.f34973o00Oo.mo52233o(oO802.toString());
            }
        }
    }

    @Override // com.microsoft.identity.common.internal.ui.webview.challengehandlers.IChallengeHandler
    @RequiresApi(api = 21)
    /* renamed from: 〇〇888, reason: contains not printable characters and merged with bridge method [inline-methods] */
    public Void mo51883o00Oo(final ClientCertRequest clientCertRequest) {
        final String str = f60062O8 + ":processChallenge";
        Principal[] principals = clientCertRequest.getPrincipals();
        if (principals != null) {
            for (Principal principal : principals) {
                if (principal.getName().contains("CN=MS-Organization-Access")) {
                    Logger.oO80(str, "Cancelling the TLS request, not respond to TLS challenge triggered by device authentication.");
                    this.f34973o00Oo.mo52233o("Cancelling the TLS request, not respond to TLS challenge triggered by device authentication.");
                    clientCertRequest.cancel();
                    return null;
                }
            }
        }
        KeyChain.choosePrivateKeyAlias(this.f34972080, new KeyChainAliasCallback() { // from class: com.microsoft.identity.common.internal.ui.webview.certbasedauth.OnDeviceCertBasedAuthChallengeHandler.1
            @Override // android.security.KeyChainAliasCallback
            public void alias(String str2) {
                if (str2 == null) {
                    Logger.oO80(str, "No certificate chosen by user, cancelling the TLS request.");
                    OnDeviceCertBasedAuthChallengeHandler.this.f34973o00Oo.mo52233o("No certificate chosen by user, cancelling the TLS request.");
                    clientCertRequest.cancel();
                    return;
                }
                try {
                    X509Certificate[] certificateChain = KeyChain.getCertificateChain(OnDeviceCertBasedAuthChallengeHandler.this.f34972080.getApplicationContext(), str2);
                    PrivateKey privateKey = KeyChain.getPrivateKey(OnDeviceCertBasedAuthChallengeHandler.this.f34972080, str2);
                    Logger.oO80(str, "Certificate is chosen by user, proceed with TLS request.");
                    OnDeviceCertBasedAuthChallengeHandler.this.f34974o = true;
                    clientCertRequest.proceed(privateKey, certificateChain);
                } catch (KeyChainException e) {
                    Logger.Oo08(str, "KeyChain exception", e);
                    OnDeviceCertBasedAuthChallengeHandler.this.f34973o00Oo.mo52231080(e);
                    OnDeviceCertBasedAuthChallengeHandler.this.f34973o00Oo.mo52233o("ClientCertRequest unexpectedly cancelled.");
                    clientCertRequest.cancel();
                } catch (InterruptedException e2) {
                    Logger.Oo08(str, "InterruptedException exception", e2);
                    OnDeviceCertBasedAuthChallengeHandler.this.f34973o00Oo.mo52231080(e2);
                    OnDeviceCertBasedAuthChallengeHandler.this.f34973o00Oo.mo52233o("ClientCertRequest unexpectedly cancelled.");
                    clientCertRequest.cancel();
                }
            }
        }, clientCertRequest.getKeyTypes(), clientCertRequest.getPrincipals(), clientCertRequest.getHost(), clientCertRequest.getPort(), null);
        return null;
    }
}
