package com.microsoft.identity.common.internal.ui.webview.challengehandlers;

import com.microsoft.identity.client.claims.WWWAuthenticateHeader;
import com.microsoft.identity.common.adal.internal.AuthenticationConstants;
import com.microsoft.identity.common.adal.internal.AuthenticationSettings;
import com.microsoft.identity.common.adal.internal.util.StringExtensions;
import com.microsoft.identity.common.exception.ClientException;
import com.microsoft.identity.common.exception.ErrorStrings;
import com.microsoft.identity.common.internal.ui.webview.challengehandlers.PKeyAuthChallenge;
import com.microsoft.identity.common.internal.ui.webview.challengehandlers.PKeyAuthChallengeHandler;
import com.microsoft.identity.common.internal.util.StringUtil;
import com.microsoft.identity.common.logging.Logger;
import java.io.UnsupportedEncodingException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Locale;
import java.util.Map;

/* loaded from: classes.dex */
public class PKeyAuthChallengeFactory {
    private static final String CHALLENGE_REQUEST_CERT_AUTH_DELIMITER = ";";
    private static final String TAG = "PKeyAuthChallengeFactory";

    private Map<String, String> getPKeyAuthHeader(String str) throws ClientException, UnsupportedEncodingException {
        String substring = str.substring(8);
        ArrayList<String> splitWithQuotes = StringExtensions.splitWithQuotes(substring, WWWAuthenticateHeader.COMMA);
        HashMap hashMap = new HashMap();
        Iterator<String> it = splitWithQuotes.iterator();
        while (it.hasNext()) {
            ArrayList<String> splitWithQuotes2 = StringExtensions.splitWithQuotes(it.next(), '=');
            if (splitWithQuotes2.size() == 2 && !StringExtensions.isNullOrBlank(splitWithQuotes2.get(0)) && !StringExtensions.isNullOrBlank(splitWithQuotes2.get(1))) {
                String str2 = splitWithQuotes2.get(0);
                String str3 = splitWithQuotes2.get(1);
                hashMap.put(StringExtensions.urlFormDecode(str2).trim(), StringExtensions.removeQuoteInHeaderValue(StringExtensions.urlFormDecode(str3).trim()));
            } else {
                if (splitWithQuotes2.size() != 1 || StringExtensions.isNullOrBlank(splitWithQuotes2.get(0))) {
                    throw new ClientException(ErrorStrings.DEVICE_CERTIFICATE_REQUEST_INVALID, substring);
                }
                hashMap.put(StringExtensions.urlFormDecode(splitWithQuotes2.get(0)).trim(), StringExtensions.urlFormDecode(""));
            }
        }
        return hashMap;
    }

    private boolean isWorkplaceJoined() {
        return AuthenticationSettings.INSTANCE.getDeviceCertificateProxy() != null;
    }

    private void validateHeaderForPkeyAuthChallenge(String str) throws ClientException {
        if (StringUtil.isEmpty(str)) {
            throw new ClientException(ErrorStrings.DEVICE_CERTIFICATE_REQUEST_INVALID, "header value is empty.");
        }
        if (!StringExtensions.hasPrefixInHeader(str, AuthenticationConstants.Broker.CHALLENGE_RESPONSE_TYPE)) {
            throw new ClientException(ErrorStrings.DEVICE_CERTIFICATE_REQUEST_INVALID, "challenge response type is wrong.");
        }
    }

    private void validatePKeyAuthChallenge(Map<String, String> map) throws ClientException {
        PKeyAuthChallengeHandler.RequestField requestField = PKeyAuthChallengeHandler.RequestField.Nonce;
        if (!map.containsKey(requestField.name()) && !map.containsKey(requestField.name().toLowerCase(Locale.US))) {
            throw new ClientException(ErrorStrings.DEVICE_CERTIFICATE_REQUEST_INVALID, "Nonce is empty.");
        }
        if (!map.containsKey(PKeyAuthChallengeHandler.RequestField.Version.name())) {
            throw new ClientException(ErrorStrings.DEVICE_CERTIFICATE_REQUEST_INVALID, "Version name is empty");
        }
        if (!map.containsKey(PKeyAuthChallengeHandler.RequestField.SubmitUrl.name())) {
            throw new ClientException(ErrorStrings.DEVICE_CERTIFICATE_REQUEST_INVALID, "SubmitUrl is empty");
        }
        if (!map.containsKey(PKeyAuthChallengeHandler.RequestField.Context.name())) {
            throw new ClientException(ErrorStrings.DEVICE_CERTIFICATE_REQUEST_INVALID, "Context is empty");
        }
        if (!map.containsKey(PKeyAuthChallengeHandler.RequestField.CertAuthorities.name())) {
            throw new ClientException(ErrorStrings.DEVICE_CERTIFICATE_REQUEST_INVALID, "CertAuthorities is empty");
        }
    }

    public PKeyAuthChallenge getPKeyAuthChallenge(String str) throws ClientException {
        HashMap<String, String> urlParameters = StringExtensions.getUrlParameters(str);
        validatePKeyAuthChallenge(urlParameters);
        PKeyAuthChallenge.Builder builder = new PKeyAuthChallenge.Builder();
        builder.setNonce(urlParameters.get(PKeyAuthChallengeHandler.RequestField.Nonce.name().toLowerCase(Locale.US))).setContext(urlParameters.get(PKeyAuthChallengeHandler.RequestField.Context.name())).setCertAuthorities(StringExtensions.getStringTokens(urlParameters.get(PKeyAuthChallengeHandler.RequestField.CertAuthorities.name()), ";")).setVersion(urlParameters.get(PKeyAuthChallengeHandler.RequestField.Version.name())).setSubmitUrl(urlParameters.get(PKeyAuthChallengeHandler.RequestField.SubmitUrl.name()));
        return builder.build();
    }

    public PKeyAuthChallenge getPKeyAuthChallenge(String str, String str2) throws ClientException, UnsupportedEncodingException {
        validateHeaderForPkeyAuthChallenge(str);
        Map<String, String> pKeyAuthHeader = getPKeyAuthHeader(str);
        validatePKeyAuthChallenge(pKeyAuthHeader);
        PKeyAuthChallenge.Builder builder = new PKeyAuthChallenge.Builder();
        builder.setSubmitUrl(str2).setNonce(pKeyAuthHeader.get(PKeyAuthChallengeHandler.RequestField.Nonce.name().toLowerCase(Locale.US))).setVersion(pKeyAuthHeader.get(PKeyAuthChallengeHandler.RequestField.Version.name())).setContext(pKeyAuthHeader.get(PKeyAuthChallengeHandler.RequestField.Context.name()));
        if (isWorkplaceJoined()) {
            PKeyAuthChallengeHandler.RequestField requestField = PKeyAuthChallengeHandler.RequestField.CertThumbprint;
            if (StringExtensions.isNullOrBlank(pKeyAuthHeader.get(requestField.name()))) {
                PKeyAuthChallengeHandler.RequestField requestField2 = PKeyAuthChallengeHandler.RequestField.CertAuthorities;
                if (!pKeyAuthHeader.containsKey(requestField2.name())) {
                    throw new ClientException(ErrorStrings.DEVICE_CERTIFICATE_REQUEST_INVALID, "Both certThumbprint and cert authorities are not present");
                }
                Logger.info(TAG, "CertAuthorities exists in the device auth challenge.");
                builder.setCertAuthorities(StringExtensions.getStringTokens(pKeyAuthHeader.get(requestField2.name()), ";"));
            } else {
                Logger.info(TAG, "CertThumbprint exists in the device auth challenge.");
                builder.setThumbprint(pKeyAuthHeader.get(requestField.name()));
            }
        } else {
            Logger.info(TAG, "Device is not workplace joined. ");
        }
        return builder.build();
    }
}
