package com.microsoft.identity.common.java.challengehandlers;

import com.microsoft.aad.adal.AuthenticationConstants;
import com.microsoft.identity.common.java.AuthenticationSettings;
import com.microsoft.identity.common.java.exception.ClientException;
import com.microsoft.identity.common.java.logging.Logger;
import com.microsoft.identity.common.java.util.JWSBuilder;
import com.microsoft.identity.common.java.util.StringUtil;
import edu.umd.cs.findbugs.annotations.NonNull;
import edu.umd.cs.findbugs.annotations.Nullable;
import java.util.HashMap;
import java.util.List;
import java.util.Map;

/* loaded from: classes8.dex */
public class PKeyAuthChallenge {

    /* renamed from: i, reason: collision with root package name */
    private static final String f61856i = "PKeyAuthChallenge";

    /* renamed from: a, reason: collision with root package name */
    private final String f61857a;

    /* renamed from: b, reason: collision with root package name */
    private final String f61858b;

    /* renamed from: c, reason: collision with root package name */
    @Nullable
    private final List<String> f61859c;

    /* renamed from: d, reason: collision with root package name */
    @Nullable
    private final String f61860d;

    /* renamed from: e, reason: collision with root package name */
    private final String f61861e;

    /* renamed from: f, reason: collision with root package name */
    private final String f61862f;

    /* renamed from: g, reason: collision with root package name */
    private final JWSBuilder f61863g;

    /* renamed from: h, reason: collision with root package name */
    @Nullable
    private final String f61864h;

    /* loaded from: classes8.dex */
    public static class PKeyAuthChallengeBuilder {

        /* renamed from: a, reason: collision with root package name */
        private String f61865a;

        /* renamed from: b, reason: collision with root package name */
        private String f61866b;

        /* renamed from: c, reason: collision with root package name */
        private List<String> f61867c;

        /* renamed from: d, reason: collision with root package name */
        private String f61868d;

        /* renamed from: e, reason: collision with root package name */
        private String f61869e;

        /* renamed from: f, reason: collision with root package name */
        private String f61870f;

        /* renamed from: g, reason: collision with root package name */
        private boolean f61871g;

        /* renamed from: h, reason: collision with root package name */
        private JWSBuilder f61872h;

        /* renamed from: i, reason: collision with root package name */
        private String f61873i;

        public PKeyAuthChallenge a() {
            JWSBuilder jWSBuilder = this.f61872h;
            if (!this.f61871g) {
                jWSBuilder = PKeyAuthChallenge.b();
            }
            return new PKeyAuthChallenge(this.f61865a, this.f61866b, this.f61867c, this.f61868d, this.f61869e, this.f61870f, jWSBuilder, this.f61873i);
        }

        public PKeyAuthChallengeBuilder b(@Nullable List<String> list) {
            this.f61867c = list;
            return this;
        }

        public PKeyAuthChallengeBuilder c(String str) {
            this.f61866b = str;
            return this;
        }

        public PKeyAuthChallengeBuilder d(String str) {
            this.f61865a = str;
            return this;
        }

        public PKeyAuthChallengeBuilder e(String str) {
            this.f61870f = str;
            return this;
        }

        public PKeyAuthChallengeBuilder f(@Nullable String str) {
            this.f61873i = str;
            return this;
        }

        public PKeyAuthChallengeBuilder g(String str) {
            this.f61869e = str;
            return this;
        }

        public String toString() {
            return "PKeyAuthChallenge.PKeyAuthChallengeBuilder(nonce=" + this.f61865a + ", context=" + this.f61866b + ", certAuthorities=" + this.f61867c + ", thumbprint=" + this.f61868d + ", version=" + this.f61869e + ", submitUrl=" + this.f61870f + ", jwsBuilder$value=" + this.f61872h + ", tenantId=" + this.f61873i + ")";
        }
    }

    /* loaded from: classes8.dex */
    enum RequestField {
        Nonce,
        CertAuthorities,
        Version,
        SubmitUrl,
        Context,
        CertThumbprint,
        TenantId
    }

    PKeyAuthChallenge(String str, String str2, @Nullable List<String> list, @Nullable String str3, String str4, String str5, JWSBuilder jWSBuilder, @Nullable String str6) {
        this.f61857a = str;
        this.f61858b = str2;
        this.f61859c = list;
        this.f61860d = str3;
        this.f61861e = str4;
        this.f61862f = str5;
        this.f61863g = jWSBuilder;
        this.f61864h = str6;
    }

    private static JWSBuilder a() {
        return new JWSBuilder();
    }

    static /* synthetic */ JWSBuilder b() {
        return a();
    }

    private Map<String, String> d(@NonNull IDeviceCertificate iDeviceCertificate) throws ClientException {
        if (!StringUtil.d(this.f61861e, "1.0")) {
            Logger.z(f61856i + ":getChallengeHeaderWithSignedJwt", "PKeyAuth version mismatch, server provides: " + this.f61861e + "We support: 1.0Proceed anyway with 1.0");
        }
        String b10 = this.f61863g.b(this.f61857a, this.f61862f, iDeviceCertificate);
        Logger.l(f61856i + ":getChallengeHeaderWithSignedJwt", "Generated a signed challenge response.");
        HashMap hashMap = new HashMap();
        hashMap.put("Authorization", String.format("%s AuthToken=\"%s\",Context=\"%s\",Version=\"%s\"", AuthenticationConstants.Broker.CHALLENGE_RESPONSE_TYPE, b10, this.f61858b, "1.0"));
        return hashMap;
    }

    private Map<String, String> e() {
        HashMap hashMap = new HashMap();
        hashMap.put("Authorization", String.format("%s Context=\"%s\",Version=\"%s\"", AuthenticationConstants.Broker.CHALLENGE_RESPONSE_TYPE, this.f61858b, "1.0"));
        return hashMap;
    }

    public Map<String, String> c() throws ClientException {
        List<String> list = this.f61859c;
        if ((list == null || list.size() == 0) && StringUtil.i(this.f61860d)) {
            Logger.l(f61856i + ":getChallengeHeader", "Both cert Authorities and Thumbprint are not provided.Sending a response which is equivalent to no certificate present on client.");
            return e();
        }
        IDeviceCertificateLoader certificateLoader = AuthenticationSettings.INSTANCE.getCertificateLoader();
        if (certificateLoader == null) {
            Logger.z(f61856i + ":getChallengeHeader", "Device Certificate loader is not initialized.");
            return e();
        }
        IDeviceCertificate a10 = certificateLoader.a(this.f61864h);
        if (a10 == null) {
            Logger.z(f61856i + ":getChallengeHeader", "Device Certificate not found.");
            return e();
        }
        if (a10.b(this.f61859c)) {
            Logger.l(f61856i + ":getChallengeHeader", "Found a certificate matching the provided authority.");
            return d(a10);
        }
        if (!StringUtil.d(a10.c(), this.f61860d)) {
            return e();
        }
        Logger.l(f61856i + ":getChallengeHeader", "Found a certificate matching the provided thumbprint.");
        return d(a10);
    }

    public String f() {
        return this.f61862f;
    }

    public String getContext() {
        return this.f61858b;
    }
}
