package com.microsoft.identity.common.java.challengehandlers;

import com.microsoft.aad.adal.AuthenticationConstants;
import com.microsoft.identity.common.java.AuthenticationSettings;
import com.microsoft.identity.common.java.exception.ClientException;
import com.microsoft.identity.common.java.logging.Logger;
import com.microsoft.identity.common.java.util.JWSBuilder;
import com.microsoft.identity.common.java.util.StringUtil;
import edu.umd.cs.findbugs.annotations.NonNull;
import edu.umd.cs.findbugs.annotations.Nullable;
import java.util.HashMap;
import java.util.List;
import java.util.Map;

/* loaded from: classes8.dex */
public class PKeyAuthChallenge {

    /* renamed from: i, reason: collision with root package name */
    private static final String f62521i = "PKeyAuthChallenge";

    /* renamed from: a, reason: collision with root package name */
    private final String f62522a;

    /* renamed from: b, reason: collision with root package name */
    private final String f62523b;

    /* renamed from: c, reason: collision with root package name */
    @Nullable
    private final List<String> f62524c;

    /* renamed from: d, reason: collision with root package name */
    @Nullable
    private final String f62525d;

    /* renamed from: e, reason: collision with root package name */
    private final String f62526e;

    /* renamed from: f, reason: collision with root package name */
    private final String f62527f;

    /* renamed from: g, reason: collision with root package name */
    private final JWSBuilder f62528g;

    /* renamed from: h, reason: collision with root package name */
    @Nullable
    private final String f62529h;

    /* loaded from: classes8.dex */
    public static class PKeyAuthChallengeBuilder {

        /* renamed from: a, reason: collision with root package name */
        private String f62530a;

        /* renamed from: b, reason: collision with root package name */
        private String f62531b;

        /* renamed from: c, reason: collision with root package name */
        private List<String> f62532c;

        /* renamed from: d, reason: collision with root package name */
        private String f62533d;

        /* renamed from: e, reason: collision with root package name */
        private String f62534e;

        /* renamed from: f, reason: collision with root package name */
        private String f62535f;

        /* renamed from: g, reason: collision with root package name */
        private boolean f62536g;

        /* renamed from: h, reason: collision with root package name */
        private JWSBuilder f62537h;

        /* renamed from: i, reason: collision with root package name */
        private String f62538i;

        public PKeyAuthChallenge a() {
            JWSBuilder jWSBuilder = this.f62537h;
            if (!this.f62536g) {
                jWSBuilder = PKeyAuthChallenge.b();
            }
            return new PKeyAuthChallenge(this.f62530a, this.f62531b, this.f62532c, this.f62533d, this.f62534e, this.f62535f, jWSBuilder, this.f62538i);
        }

        public PKeyAuthChallengeBuilder b(@Nullable List<String> list) {
            this.f62532c = list;
            return this;
        }

        public PKeyAuthChallengeBuilder c(String str) {
            this.f62531b = str;
            return this;
        }

        public PKeyAuthChallengeBuilder d(String str) {
            this.f62530a = str;
            return this;
        }

        public PKeyAuthChallengeBuilder e(String str) {
            this.f62535f = str;
            return this;
        }

        public PKeyAuthChallengeBuilder f(@Nullable String str) {
            this.f62538i = str;
            return this;
        }

        public PKeyAuthChallengeBuilder g(String str) {
            this.f62534e = str;
            return this;
        }

        public String toString() {
            return "PKeyAuthChallenge.PKeyAuthChallengeBuilder(nonce=" + this.f62530a + ", context=" + this.f62531b + ", certAuthorities=" + this.f62532c + ", thumbprint=" + this.f62533d + ", version=" + this.f62534e + ", submitUrl=" + this.f62535f + ", jwsBuilder$value=" + this.f62537h + ", tenantId=" + this.f62538i + ")";
        }
    }

    /* loaded from: classes8.dex */
    enum RequestField {
        Nonce,
        CertAuthorities,
        Version,
        SubmitUrl,
        Context,
        CertThumbprint,
        TenantId
    }

    PKeyAuthChallenge(String str, String str2, @Nullable List<String> list, @Nullable String str3, String str4, String str5, JWSBuilder jWSBuilder, @Nullable String str6) {
        this.f62522a = str;
        this.f62523b = str2;
        this.f62524c = list;
        this.f62525d = str3;
        this.f62526e = str4;
        this.f62527f = str5;
        this.f62528g = jWSBuilder;
        this.f62529h = str6;
    }

    private static JWSBuilder a() {
        return new JWSBuilder();
    }

    static /* synthetic */ JWSBuilder b() {
        return a();
    }

    private Map<String, String> d(@NonNull IDeviceCertificate iDeviceCertificate) throws ClientException {
        if (!StringUtil.d(this.f62526e, "1.0")) {
            Logger.z(f62521i + ":getChallengeHeaderWithSignedJwt", "PKeyAuth version mismatch, server provides: " + this.f62526e + "We support: 1.0Proceed anyway with 1.0");
        }
        String b10 = this.f62528g.b(this.f62522a, this.f62527f, iDeviceCertificate);
        Logger.l(f62521i + ":getChallengeHeaderWithSignedJwt", "Generated a signed challenge response.");
        HashMap hashMap = new HashMap();
        hashMap.put("Authorization", String.format("%s AuthToken=\"%s\",Context=\"%s\",Version=\"%s\"", AuthenticationConstants.Broker.CHALLENGE_RESPONSE_TYPE, b10, this.f62523b, "1.0"));
        return hashMap;
    }

    private Map<String, String> e() {
        HashMap hashMap = new HashMap();
        hashMap.put("Authorization", String.format("%s Context=\"%s\",Version=\"%s\"", AuthenticationConstants.Broker.CHALLENGE_RESPONSE_TYPE, this.f62523b, "1.0"));
        return hashMap;
    }

    public Map<String, String> c() throws ClientException {
        List<String> list = this.f62524c;
        if ((list == null || list.size() == 0) && StringUtil.i(this.f62525d)) {
            Logger.l(f62521i + ":getChallengeHeader", "Both cert Authorities and Thumbprint are not provided.Sending a response which is equivalent to no certificate present on client.");
            return e();
        }
        IDeviceCertificateLoader certificateLoader = AuthenticationSettings.INSTANCE.getCertificateLoader();
        if (certificateLoader == null) {
            Logger.z(f62521i + ":getChallengeHeader", "Device Certificate loader is not initialized.");
            return e();
        }
        IDeviceCertificate a10 = certificateLoader.a(this.f62529h);
        if (a10 == null) {
            Logger.z(f62521i + ":getChallengeHeader", "Device Certificate not found.");
            return e();
        }
        if (a10.b(this.f62524c)) {
            Logger.l(f62521i + ":getChallengeHeader", "Found a certificate matching the provided authority.");
            return d(a10);
        }
        if (!StringUtil.d(a10.c(), this.f62525d)) {
            return e();
        }
        Logger.l(f62521i + ":getChallengeHeader", "Found a certificate matching the provided thumbprint.");
        return d(a10);
    }

    public String f() {
        return this.f62527f;
    }

    public String getContext() {
        return this.f62523b;
    }
}
