package com.microsoft.identity.common.java.challengehandlers;

import com.microsoft.identity.common.java.AuthenticationSettings;
import com.microsoft.identity.common.java.logging.Logger;
import com.microsoft.identity.common.java.util.JWSBuilder;
import com.microsoft.identity.common.java.util.StringUtil;
import edu.umd.cs.findbugs.annotations.NonNull;
import edu.umd.cs.findbugs.annotations.Nullable;
import java.util.HashMap;
import java.util.List;
import java.util.Map;

/* loaded from: classes.dex */
public class PKeyAuthChallenge {
    private static final String TAG = "PKeyAuthChallenge";

    @Nullable
    private final List<String> mCertAuthorities;
    private final String mContext;
    private final JWSBuilder mJwsBuilder;
    private final String mNonce;
    private final String mSubmitUrl;

    @Nullable
    private final String mTenantId;

    @Nullable
    private final String mThumbprint;
    private final String mVersion;

    /* loaded from: classes.dex */
    public static class PKeyAuthChallengeBuilder {
        private List<String> certAuthorities;
        private String context;
        private boolean jwsBuilder$set;
        private JWSBuilder jwsBuilder$value;
        private String nonce;
        private String submitUrl;
        private String tenantId;
        private String thumbprint;
        private String version;

        public PKeyAuthChallenge build() {
            JWSBuilder jWSBuilder = this.jwsBuilder$value;
            if (!this.jwsBuilder$set) {
                jWSBuilder = PKeyAuthChallenge.access$000();
            }
            return new PKeyAuthChallenge(this.nonce, this.context, this.certAuthorities, this.thumbprint, this.version, this.submitUrl, jWSBuilder, this.tenantId);
        }

        public PKeyAuthChallengeBuilder certAuthorities(@Nullable List<String> list) {
            this.certAuthorities = list;
            return this;
        }

        public PKeyAuthChallengeBuilder context(String str) {
            this.context = str;
            return this;
        }

        public PKeyAuthChallengeBuilder jwsBuilder(JWSBuilder jWSBuilder) {
            this.jwsBuilder$value = jWSBuilder;
            this.jwsBuilder$set = true;
            return this;
        }

        public PKeyAuthChallengeBuilder nonce(String str) {
            this.nonce = str;
            return this;
        }

        public PKeyAuthChallengeBuilder submitUrl(String str) {
            this.submitUrl = str;
            return this;
        }

        public PKeyAuthChallengeBuilder tenantId(@Nullable String str) {
            this.tenantId = str;
            return this;
        }

        public PKeyAuthChallengeBuilder thumbprint(@Nullable String str) {
            this.thumbprint = str;
            return this;
        }

        public String toString() {
            return "PKeyAuthChallenge.PKeyAuthChallengeBuilder(nonce=" + this.nonce + ", context=" + this.context + ", certAuthorities=" + this.certAuthorities + ", thumbprint=" + this.thumbprint + ", version=" + this.version + ", submitUrl=" + this.submitUrl + ", jwsBuilder$value=" + this.jwsBuilder$value + ", tenantId=" + this.tenantId + ")";
        }

        public PKeyAuthChallengeBuilder version(String str) {
            this.version = str;
            return this;
        }
    }

    /* loaded from: classes.dex */
    enum RequestField {
        Nonce,
        CertAuthorities,
        Version,
        SubmitUrl,
        Context,
        CertThumbprint,
        TenantId
    }

    private static JWSBuilder $default$jwsBuilder() {
        return new JWSBuilder();
    }

    PKeyAuthChallenge(String str, String str2, @Nullable List<String> list, @Nullable String str3, String str4, String str5, JWSBuilder jWSBuilder, @Nullable String str6) {
        this.mNonce = str;
        this.mContext = str2;
        this.mCertAuthorities = list;
        this.mThumbprint = str3;
        this.mVersion = str4;
        this.mSubmitUrl = str5;
        this.mJwsBuilder = jWSBuilder;
        this.mTenantId = str6;
    }

    static /* synthetic */ JWSBuilder access$000() {
        return $default$jwsBuilder();
    }

    public static PKeyAuthChallengeBuilder builder() {
        return new PKeyAuthChallengeBuilder();
    }

    private Map<String, String> getChallengeHeaderWithSignedJwt(@NonNull IDeviceCertificate iDeviceCertificate) {
        if (!StringUtil.equalsIgnoreCase(this.mVersion, "1.0")) {
            Logger.warn(TAG + ":getChallengeHeaderWithSignedJwt", "PKeyAuth version mismatch, server provides: " + this.mVersion + "We support: 1.0Proceed anyway with 1.0");
        }
        String generateSignedJWT = this.mJwsBuilder.generateSignedJWT(this.mNonce, this.mSubmitUrl, iDeviceCertificate);
        Logger.info(TAG + ":getChallengeHeaderWithSignedJwt", "Generated a signed challenge response.");
        HashMap hashMap = new HashMap();
        hashMap.put("Authorization", String.format("%s AuthToken=\"%s\",Context=\"%s\",Version=\"%s\"", "PKeyAuth", generateSignedJWT, this.mContext, "1.0"));
        return hashMap;
    }

    private Map<String, String> getChallengeHeaderWithoutSignedJwt() {
        HashMap hashMap = new HashMap();
        hashMap.put("Authorization", String.format("%s Context=\"%s\",Version=\"%s\"", "PKeyAuth", this.mContext, "1.0"));
        return hashMap;
    }

    @Nullable
    public List<String> getCertAuthorities() {
        return this.mCertAuthorities;
    }

    public Map<String, String> getChallengeHeader() {
        List<String> list = this.mCertAuthorities;
        if ((list == null || list.size() == 0) && StringUtil.isNullOrEmpty(this.mThumbprint)) {
            Logger.info(TAG + ":getChallengeHeader", "Both cert Authorities and Thumbprint are not provided.Sending a response which is equivalent to no certificate present on client.");
            return getChallengeHeaderWithoutSignedJwt();
        }
        IDeviceCertificateLoader certificateLoader = AuthenticationSettings.INSTANCE.getCertificateLoader();
        if (certificateLoader == null) {
            Logger.warn(TAG + ":getChallengeHeader", "Device Certificate loader is not initialized.");
            return getChallengeHeaderWithoutSignedJwt();
        }
        IDeviceCertificate loadCertificate = certificateLoader.loadCertificate(this.mTenantId);
        if (loadCertificate == null) {
            Logger.warn(TAG + ":getChallengeHeader", "Device Certificate not found.");
            return getChallengeHeaderWithoutSignedJwt();
        }
        if (!loadCertificate.isValidIssuer(this.mCertAuthorities)) {
            return getChallengeHeaderWithoutSignedJwt();
        }
        Logger.info(TAG + ":getChallengeHeader", "Found a certificate matching the provided authority.");
        return getChallengeHeaderWithSignedJwt(loadCertificate);
    }

    public String getContext() {
        return this.mContext;
    }

    public JWSBuilder getJwsBuilder() {
        return this.mJwsBuilder;
    }

    public String getNonce() {
        return this.mNonce;
    }

    public String getSubmitUrl() {
        return this.mSubmitUrl;
    }

    @Nullable
    public String getTenantId() {
        return this.mTenantId;
    }

    @Nullable
    public String getThumbprint() {
        return this.mThumbprint;
    }

    public String getVersion() {
        return this.mVersion;
    }
}
