package com.ca.mas.core.policy;

import Ac.w;
import ab.C0765c;
import android.content.Context;
import android.util.Base64;
import android.util.Log;
import com.ca.mas.core.datasource.AccountManagerStoreDataSource;
import com.ca.mas.core.datasource.MASSecureStorageDataSource;
import com.ca.mas.core.registration.RegistrationServerException;
import com.ca.mas.core.token.IdToken;
import com.ca.mas.foundation.A;
import com.ca.mas.foundation.C1942c;
import com.ca.mas.foundation.C1946g;
import com.ca.mas.foundation.MASAuthCredentials;
import com.ca.mas.foundation.r;
import com.ca.mas.foundation.s;
import com.ca.mas.foundation.t;
import com.ca.mas.foundation.x;
import com.google.android.gms.vision.barcode.Barcode;
import java.io.IOException;
import java.net.URI;
import java.nio.charset.Charset;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.util.Calendar;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;

/* loaded from: classes2.dex */
public final class e implements h {

    /* renamed from: a, reason: collision with root package name */
    public L1.a f24539a;

    @Override // com.ca.mas.core.policy.h
    public final void a(x xVar) {
    }

    @Override // com.ca.mas.core.policy.h
    public final void b(Ja.b bVar, Context context) {
        L1.a aVar = bVar.f2316d;
        this.f24539a = aVar;
        if (aVar == null) {
            throw new NullPointerException("mssoContext.tokenManager");
        }
        if (bVar.f2314b == null) {
            throw new NullPointerException("mssoContext.configurationProvider");
        }
    }

    @Override // com.ca.mas.core.policy.h
    public final synchronized void c(Ja.b bVar, j jVar) {
        X509Certificate[] f3 = this.f24539a.f();
        if (f3 != null && f3.length > 0) {
            X509Certificate x509Certificate = f3[0];
            try {
                Calendar calendar = Calendar.getInstance();
                calendar.add(6, com.ca.mas.core.conf.b.f24511j.f24520i);
                x509Certificate.checkValidity(calendar.getTime());
            } catch (CertificateExpiredException e4) {
                throw new Ra.a(e4);
            } catch (CertificateNotYetValidException unused) {
            }
            if (this.f24539a.j() != null) {
                if (C1942c.f24623a) {
                    Log.d("MAS", "Device is registered with identifier: " + this.f24539a.j());
                }
                return;
            }
        }
        d(bVar, jVar);
    }

    public final void d(Ja.b bVar, j jVar) {
        PublicKey publicKey;
        com.ca.mas.core.registration.b bVar2;
        IdToken idToken;
        Sa.a aVar = jVar.f24554a;
        MASAuthCredentials credentials = ((s) aVar.f4337b).f().getCredentials(bVar);
        if (credentials == null || !credentials.isValid()) {
            throw new Ra.b();
        }
        if (C1942c.f24623a) {
            Log.d("MAS", "Device registration process start");
        }
        try {
            this.f24539a.b();
            PrivateKey g10 = this.f24539a.g();
            if (g10 == null) {
                Integer num = (Integer) bVar.f2314b.f24524d.get("msso.cert.rsa.keybits");
                if (num == null) {
                    num = Integer.valueOf(Barcode.PDF417);
                }
                try {
                    L1.a aVar2 = this.f24539a;
                    int intValue = num.intValue();
                    Ka.b bVar3 = (Ka.b) aVar2.f2490a;
                    if (!(bVar3 instanceof AccountManagerStoreDataSource) && !(bVar3 instanceof MASSecureStorageDataSource)) {
                        g10 = C0765c.a(intValue, L1.a.i("msso.clientCertPrivateKey"), "cn=msso", true, -1);
                    }
                    g10 = C0765c.a(intValue, L1.a.i("msso.clientCertPrivateKey"), "cn=msso", false, -1);
                } catch (Ua.i e4) {
                    throw new com.ca.mas.core.registration.c(120004, "Failed to generate private key.", e4);
                }
            }
            PrivateKey privateKey = g10;
            this.f24539a.getClass();
            try {
                publicKey = C0765c.c(L1.a.i("msso.clientCertPrivateKey"));
            } catch (Exception e10) {
                if (C1942c.f24623a) {
                    Log.e("MAS", "Unable to get client public key: " + e10.getMessage(), e10);
                }
                publicKey = null;
            }
            String str = bVar.f2319g;
            try {
                String str2 = (String) new Ja.d(0).f2325b;
                byte[] a10 = Ua.k.f4537a.a(credentials.k(), str2, str, (String) bVar.f2314b.f24524d.get("msso.organization"), privateKey, publicKey);
                C1946g.f24640k.notifyObservers();
                Boolean bool = (Boolean) bVar.f2314b.f24524d.get("msso.sso.enabled");
                boolean z10 = bool != null && bool.booleanValue();
                String e11 = bVar.e();
                String f3 = bVar.f();
                if (((s) aVar.f4337b).f().getCredentials(bVar) == null) {
                    throw new NullPointerException("credentials");
                }
                URI registrationPath = ((s) aVar.f4337b).f().getRegistrationPath(bVar);
                if (registrationPath == null) {
                    throw new com.ca.mas.core.registration.c(120004, "No device registration URL is configured");
                }
                s.a aVar3 = new s.a(registrationPath);
                Map<String, List<String>> headers = ((s) aVar.f4337b).f().getCredentials(bVar).getHeaders();
                if (headers != null) {
                    HashMap hashMap = (HashMap) headers;
                    for (String str3 : hashMap.keySet()) {
                        if (hashMap.get(str3) != null) {
                            Iterator it = ((List) hashMap.get(str3)).iterator();
                            while (it.hasNext()) {
                                aVar3.b(str3, (String) it.next());
                            }
                        }
                    }
                }
                StringBuilder sb2 = new StringBuilder("Basic ");
                String c6 = w.c(e11, ":", f3);
                Charset charset = Na.a.f3020b;
                sb2.append(Na.b.a(c6, charset));
                aVar3.b("client-authorization", sb2.toString());
                aVar3.b("device-id", Base64.encodeToString(str2.getBytes(charset), 2));
                aVar3.b("device-name", Base64.encodeToString(str.getBytes(charset), 2));
                if (((s) aVar.f4337b).f().isSessionSupported()) {
                    aVar3.b("create-session", Boolean.toString(z10));
                }
                aVar3.b("cert-format", "pem");
                aVar3.c(new t(Base64.encode(a10, 11)));
                Ma.c g11 = bVar.g();
                try {
                    r a11 = aVar3.a();
                    g11.getClass();
                    Ma.b a12 = Ma.c.a(a11);
                    boolean z11 = C1942c.f24623a;
                    int i10 = a12.f2816b;
                    if (z11) {
                        Log.d("MAS", String.format("%s response with status: %d", ((s) aVar.f4337b).h(), Integer.valueOf(i10)));
                    }
                    if (i10 != 200) {
                        throw ((RegistrationServerException) Ha.a.a(a12, RegistrationServerException.class));
                    }
                    Map map = a12.f2815a;
                    List list = (List) map.get("device-status");
                    if (list == null || list.size() != 1) {
                        throw new com.ca.mas.core.registration.c(120006, "register_device response did not include exactly one device status header.");
                    }
                    String str4 = (String) list.get(0);
                    if ("activated".equalsIgnoreCase(str4)) {
                        bVar2 = com.ca.mas.core.registration.b.ACTIVATED;
                    } else {
                        if (!"registered".equalsIgnoreCase(str4)) {
                            throw new com.ca.mas.core.registration.c(120006, B.f.d("register_device response did not include a recognized device status.  Status was: ", str4));
                        }
                        bVar2 = com.ca.mas.core.registration.b.REGISTERED;
                    }
                    List list2 = (List) map.get("mag-identifier");
                    if (list2 == null || list2.size() != 1) {
                        throw new com.ca.mas.core.registration.c(120008, "register_device response did not include exactly one mag identifier header.");
                    }
                    String str5 = (String) list2.get(0);
                    byte[] decode = Base64.decode(str5, 0);
                    if (decode == null || decode.length < 1) {
                        throw new com.ca.mas.core.registration.c(120008, "register_device response did not include a valid mag identifier.");
                    }
                    boolean z12 = z10 && ((s) aVar.f4337b).f().isSessionSupported();
                    List list3 = (List) map.get("id-token");
                    List list4 = (List) map.get("id-token-type");
                    if (list3 != null && list3.size() == 1 && list4 != null && list4.size() == 1) {
                        String str6 = (String) list3.get(0);
                        if (str6.trim().length() < 1) {
                            throw new com.ca.mas.core.registration.c(120006, "register_device response did not include a valid ID token.");
                        }
                        String str7 = (String) list4.get(0);
                        if (str7.trim().length() < 1) {
                            throw new com.ca.mas.core.registration.c(120006, "register_device response did not include a valid ID token type.");
                        }
                        idToken = new IdToken(str6, str7);
                    } else {
                        if (z12) {
                            throw new com.ca.mas.core.registration.c(120006, "register_device response did not include exactly one ID token and ID Token type header.");
                        }
                        idToken = null;
                    }
                    A a13 = a12.f2818d;
                    if (a13 == null) {
                        throw new com.ca.mas.core.registration.c(120006, "register_device response did not contain an entity");
                    }
                    byte[] bArr = a13.f24589b;
                    if (bArr.length < 1) {
                        throw new com.ca.mas.core.registration.c(120006, "register_device response was empty");
                    }
                    X509Certificate[] v10 = Ga.a.v(bArr);
                    if (v10.length < 1) {
                        throw new com.ca.mas.core.registration.c(120006, "register_device response did not include a certificate chain");
                    }
                    try {
                        this.f24539a.getClass();
                        L1.a.n(v10);
                        L1.a aVar4 = this.f24539a;
                        aVar4.getClass();
                        aVar4.o("msso.magIdentifier", str5.getBytes(Na.a.f3019a));
                        C1946g.f24640k.notifyObservers();
                        if (idToken != null) {
                            bVar.j(idToken);
                        }
                        if (com.ca.mas.core.registration.b.REGISTERED.equals(bVar2)) {
                            throw new com.ca.mas.core.registration.a();
                        }
                    } catch (Exception e12) {
                        throw new Ra.i(e12);
                    }
                } catch (IOException e13) {
                    throw new com.ca.mas.core.registration.c(120004, "Unable to post to register_device: " + e13.getMessage(), e13);
                }
            } catch (CertificateException e14) {
                throw new com.ca.mas.core.registration.c(120004, e14);
            } catch (Exception e15) {
                throw new Ja.c(e15);
            }
        } catch (Ya.d e16) {
            throw new Ra.i(e16);
        }
    }
}
