package com.microsoft.identity.common.java.challengehandlers;

import com.microsoft.identity.common.java.AuthenticationSettings;
import com.microsoft.identity.common.java.exception.ClientException;
import com.microsoft.identity.common.java.exception.ErrorStrings;
import com.microsoft.identity.common.java.logging.Logger;
import com.microsoft.identity.common.java.util.JWSBuilder;
import com.microsoft.identity.common.java.util.StringUtil;
import edu.umd.cs.findbugs.annotations.NonNull;
import java.io.Serializable;
import java.lang.reflect.InvocationTargetException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.util.HashMap;
import java.util.List;
import java.util.Map;

/* loaded from: classes2.dex */
public class PKeyAuthChallenge implements Serializable {
    private static final String TAG = "PKeyAuthChallenge";
    private final List<String> mCertAuthorities;
    private final String mContext;
    private final String mNonce;
    private final String mSubmitUrl;
    private final String mThumbprint;
    private final String mVersion;

    /* loaded from: classes2.dex */
    public static class Builder {
        private List<String> mCertAuthorities;
        private String mSubmitUrl;
        private String mVersion;
        private String mNonce = "";
        private String mContext = "";
        private String mThumbprint = "";

        public PKeyAuthChallenge build() {
            return new PKeyAuthChallenge(this);
        }

        public Builder self() {
            return this;
        }

        public Builder setCertAuthorities(List<String> list) {
            this.mCertAuthorities = list;
            return self();
        }

        public Builder setContext(String str) {
            this.mContext = str;
            return self();
        }

        public Builder setNonce(String str) {
            this.mNonce = str;
            return self();
        }

        public Builder setSubmitUrl(String str) {
            this.mSubmitUrl = str;
            return self();
        }

        public Builder setThumbprint(String str) {
            this.mThumbprint = str;
            return self();
        }

        public Builder setVersion(String str) {
            this.mVersion = str;
            return self();
        }
    }

    /* loaded from: classes2.dex */
    enum RequestField {
        Nonce,
        CertAuthorities,
        Version,
        SubmitUrl,
        Context,
        CertThumbprint
    }

    protected PKeyAuthChallenge(Builder builder) {
        this.mNonce = builder.mNonce;
        this.mContext = builder.mContext;
        this.mCertAuthorities = builder.mCertAuthorities;
        this.mThumbprint = builder.mThumbprint;
        this.mVersion = builder.mVersion;
        this.mSubmitUrl = builder.mSubmitUrl;
    }

    private static IDeviceCertificate getWPJAPIInstance(@NonNull Class<IDeviceCertificate> cls) {
        try {
            return cls.getDeclaredConstructor(null).newInstance(null);
        } catch (IllegalAccessException | IllegalArgumentException | InstantiationException | NoSuchMethodException | InvocationTargetException e4) {
            throw new ClientException(ErrorStrings.DEVICE_CERTIFICATE_API_EXCEPTION, "WPJ Api constructor is not defined", e4);
        }
    }

    public List<String> getCertAuthorities() {
        return this.mCertAuthorities;
    }

    public Map<String, String> getChallengeHeader() {
        String format = String.format("%s Context=\"%s\",Version=\"%s\"", "PKeyAuth", this.mContext, this.mVersion);
        Class<?> deviceCertificateProxy = AuthenticationSettings.INSTANCE.getDeviceCertificateProxy();
        if (deviceCertificateProxy != null) {
            IDeviceCertificate wPJAPIInstance = getWPJAPIInstance(deviceCertificateProxy);
            if (wPJAPIInstance.isValidIssuer(this.mCertAuthorities) || StringUtil.equalsIgnoreCase(wPJAPIInstance.getThumbPrint(), this.mThumbprint)) {
                PrivateKey privateKey = wPJAPIInstance.getPrivateKey();
                if (privateKey == null) {
                    throw new ClientException(ErrorStrings.KEY_CHAIN_PRIVATE_KEY_EXCEPTION);
                }
                PublicKey publicKey = wPJAPIInstance.getPublicKey();
                X509Certificate certificate = wPJAPIInstance.getCertificate();
                if (certificate == null) {
                    throw new ClientException(ErrorStrings.KEY_CHAIN_CERTIFICATE_EXCEPTION);
                }
                format = String.format("%s AuthToken=\"%s\",Context=\"%s\",Version=\"%s\"", "PKeyAuth", new JWSBuilder().generateSignedJWT(this.mNonce, this.mSubmitUrl, privateKey, publicKey, certificate), this.mContext, this.mVersion);
                Logger.info(TAG + ":getChallengeHeader", "Receive challenge response. ");
            }
        }
        HashMap hashMap = new HashMap();
        hashMap.put("Authorization", format);
        return hashMap;
    }

    public String getContext() {
        return this.mContext;
    }

    public String getNonce() {
        return this.mNonce;
    }

    public String getSubmitUrl() {
        return this.mSubmitUrl;
    }

    public String getThumbprint() {
        return this.mThumbprint;
    }

    public String getVersion() {
        return this.mVersion;
    }
}
