package com.microsoft.identity.common.internal.ui.webview.challengehandlers;

import android.content.Intent;
import android.webkit.WebView;
import com.microsoft.identity.common.adal.internal.AuthenticationConstants;
import com.microsoft.identity.common.adal.internal.AuthenticationSettings;
import com.microsoft.identity.common.adal.internal.IDeviceCertificate;
import com.microsoft.identity.common.adal.internal.JWSBuilder;
import com.microsoft.identity.common.exception.ClientException;
import com.microsoft.identity.common.exception.ErrorStrings;
import com.microsoft.identity.common.internal.logging.Logger;
import java.lang.reflect.InvocationTargetException;
import java.security.interfaces.RSAPrivateKey;
import java.util.HashMap;
import java.util.Map;

/* loaded from: classes2.dex */
public final class PKeyAuthChallengeHandler implements IChallengeHandler<PKeyAuthChallenge, Void> {
    private static final String TAG = PKeyAuthChallengeHandler.class.getSimpleName();
    private IAuthorizationCompletionCallback mChallengeCallback;
    private WebView mWebView;

    /* loaded from: classes2.dex */
    enum RequestField {
        Nonce,
        CertAuthorities,
        Version,
        SubmitUrl,
        Context,
        CertThumbprint
    }

    public PKeyAuthChallengeHandler(WebView webView, IAuthorizationCompletionCallback iAuthorizationCompletionCallback) {
        this.mWebView = webView;
        this.mChallengeCallback = iAuthorizationCompletionCallback;
    }

    public static Map<String, String> getChallengeHeader(PKeyAuthChallenge pKeyAuthChallenge) throws ClientException {
        String format = String.format("%s Context=\"%s\",Version=\"%s\"", AuthenticationConstants.Broker.CHALLENGE_RESPONSE_TYPE, pKeyAuthChallenge.getContext(), pKeyAuthChallenge.getVersion());
        Class<?> deviceCertificateProxy = AuthenticationSettings.INSTANCE.getDeviceCertificateProxy();
        if (deviceCertificateProxy != null) {
            IDeviceCertificate wPJAPIInstance = getWPJAPIInstance(deviceCertificateProxy);
            if (wPJAPIInstance.isValidIssuer(pKeyAuthChallenge.getCertAuthorities()) || (wPJAPIInstance.getThumbPrint() != null && wPJAPIInstance.getThumbPrint().equalsIgnoreCase(pKeyAuthChallenge.getThumbprint()))) {
                RSAPrivateKey rSAPrivateKey = wPJAPIInstance.getRSAPrivateKey();
                if (rSAPrivateKey == null) {
                    throw new ClientException(ErrorStrings.KEY_CHAIN_PRIVATE_KEY_EXCEPTION);
                }
                format = String.format("%s AuthToken=\"%s\",Context=\"%s\",Version=\"%s\"", AuthenticationConstants.Broker.CHALLENGE_RESPONSE_TYPE, new JWSBuilder().generateSignedJWT(pKeyAuthChallenge.getNonce(), pKeyAuthChallenge.getSubmitUrl(), rSAPrivateKey, wPJAPIInstance.getRSAPublicKey(), wPJAPIInstance.getCertificate()), pKeyAuthChallenge.getContext(), pKeyAuthChallenge.getVersion());
                Logger.verbose(TAG, "Receive challenge response. ");
            }
        }
        HashMap hashMap = new HashMap();
        hashMap.put(AuthenticationConstants.Broker.CHALLENGE_RESPONSE_HEADER, format);
        return hashMap;
    }

    private static IDeviceCertificate getWPJAPIInstance(Class<IDeviceCertificate> cls) throws ClientException {
        try {
            return cls.getDeclaredConstructor(new Class[0]).newInstance((Object[]) null);
        } catch (IllegalAccessException | IllegalArgumentException | InstantiationException | NoSuchMethodException | InvocationTargetException e) {
            throw new ClientException(ErrorStrings.DEVICE_CERTIFICATE_API_EXCEPTION, "WPJ Api constructor is not defined", e);
        }
    }

    @Override // com.microsoft.identity.common.internal.ui.webview.challengehandlers.IChallengeHandler
    public Void processChallenge(final PKeyAuthChallenge pKeyAuthChallenge) {
        this.mWebView.stopLoading();
        this.mChallengeCallback.setPKeyAuthStatus(true);
        try {
            final Map<String, String> challengeHeader = getChallengeHeader(pKeyAuthChallenge);
            this.mWebView.post(new Runnable() { // from class: com.microsoft.identity.common.internal.ui.webview.challengehandlers.PKeyAuthChallengeHandler.1
                @Override // java.lang.Runnable
                public void run() {
                    String submitUrl = pKeyAuthChallenge.getSubmitUrl();
                    Logger.verbose(PKeyAuthChallengeHandler.TAG, "Respond to pkeyAuth challenge");
                    Logger.verbosePII(PKeyAuthChallengeHandler.TAG, "Challenge submit url:" + pKeyAuthChallenge.getSubmitUrl());
                    PKeyAuthChallengeHandler.this.mWebView.loadUrl(submitUrl, challengeHeader);
                }
            });
            return null;
        } catch (ClientException e) {
            Intent intent = new Intent();
            intent.putExtra(AuthenticationConstants.Browser.RESPONSE_AUTHENTICATION_EXCEPTION, e);
            this.mChallengeCallback.onChallengeResponseReceived(2005, intent);
            return null;
        }
    }
}
