package org.bouncycastle.est;

import com.content.b4;
import com.facebook.internal.security.CertificateUtil;
import com.facebook.share.internal.ShareConstants;
import com.google.common.net.HttpHeaders;
import io.ktor.http.auth.HttpAuthHeader;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.util.Strings;

/* loaded from: classes8.dex */
public class r implements f {

    /* renamed from: f, reason: collision with root package name */
    public static final wl.o f55373f = new wl.j();

    /* renamed from: g, reason: collision with root package name */
    public static final Set<String> f55374g;

    /* renamed from: a, reason: collision with root package name */
    public final String f55375a;

    /* renamed from: b, reason: collision with root package name */
    public final String f55376b;

    /* renamed from: c, reason: collision with root package name */
    public final char[] f55377c;

    /* renamed from: d, reason: collision with root package name */
    public final SecureRandom f55378d;

    /* renamed from: e, reason: collision with root package name */
    public final wl.q f55379e;

    /* loaded from: classes8.dex */
    public class a implements j {
        public a() {
        }

        @Override // org.bouncycastle.est.j
        public m a(k kVar, t tVar) throws IOException {
            m mVar = new m(kVar, tVar);
            if (mVar.f55339f != 401) {
                return mVar;
            }
            String f10 = mVar.f55335b.f(HttpHeaders.WWW_AUTHENTICATE);
            if (f10 == null) {
                throw new ESTException("Status of 401 but no WWW-Authenticate header");
            }
            String l10 = Strings.l(f10);
            if (l10.startsWith(org.bouncycastle.cms.d.f53375b)) {
                return r.this.f(mVar);
            }
            if (!l10.startsWith("basic")) {
                throw new ESTException("Unknown auth mode: ".concat(l10));
            }
            mVar.d();
            Map<String, String> c10 = HttpUtil.c(io.ktor.http.auth.a.Basic, mVar.f55335b.f(HttpHeaders.WWW_AUTHENTICATE));
            if (r.this.f55375a != null) {
                HashMap hashMap = (HashMap) c10;
                if (!r.this.f55375a.equals(hashMap.get(HttpAuthHeader.b.Realm))) {
                    StringBuilder sb2 = new StringBuilder("Supplied realm '");
                    sb2.append(r.this.f55375a);
                    sb2.append("' does not match server realm '");
                    throw new ESTException(androidx.compose.foundation.content.a.a(sb2, (String) hashMap.get(HttpAuthHeader.b.Realm), z7.c.f64644p0), null, 401, null);
                }
            }
            l lVar = new l(kVar);
            lVar.f55329d = null;
            String str = r.this.f55375a;
            if (str != null && str.length() > 0) {
                lVar.c(HttpHeaders.WWW_AUTHENTICATE, "Basic realm=\"" + r.this.f55375a + z7.c.f64646q0);
            }
            if (r.this.f55376b.contains(CertificateUtil.DELIMITER)) {
                throw new IllegalArgumentException("User must not contain a ':'");
            }
            int length = r.this.f55376b.length() + 1;
            r rVar = r.this;
            char[] cArr = new char[length + rVar.f55377c.length];
            System.arraycopy(rVar.f55376b.toCharArray(), 0, cArr, 0, r.this.f55376b.length());
            cArr[r.this.f55376b.length()] = kotlinx.serialization.json.internal.b.f50784h;
            r rVar2 = r.this;
            System.arraycopy(rVar2.f55377c, 0, cArr, rVar2.f55376b.length() + 1, r.this.f55377c.length);
            lVar.c("Authorization", "Basic ".concat(eo.c.i(Strings.k(cArr))));
            m a10 = kVar.a().a(lVar.b());
            Arrays.fill(cArr, (char) 0);
            return a10;
        }
    }

    static {
        HashSet hashSet = new HashSet();
        hashSet.add(HttpAuthHeader.b.Realm);
        hashSet.add("nonce");
        hashSet.add("opaque");
        hashSet.add("algorithm");
        hashSet.add("qop");
        f55374g = Collections.unmodifiableSet(hashSet);
    }

    public r(String str, String str2, char[] cArr) {
        this(str, str2, cArr, null, null);
    }

    public r(String str, String str2, char[] cArr, SecureRandom secureRandom, wl.q qVar) {
        this.f55375a = str;
        this.f55376b = str2;
        this.f55377c = cArr;
        this.f55378d = secureRandom;
        this.f55379e = qVar;
    }

    public r(String str, char[] cArr) {
        this(null, str, cArr, null, null);
    }

    public r(String str, char[] cArr, SecureRandom secureRandom, wl.q qVar) {
        this(null, str, cArr, secureRandom, qVar);
    }

    @Override // org.bouncycastle.est.f
    public void a(l lVar) {
        lVar.g(new a());
    }

    public final m f(m mVar) throws IOException {
        String str;
        String str2;
        String str3;
        mVar.d();
        k l10 = mVar.l();
        try {
            Map<String, String> c10 = HttpUtil.c(io.ktor.http.auth.a.Digest, mVar.g(HttpHeaders.WWW_AUTHENTICATE));
            try {
                String path = l10.f().toURI().getPath();
                HashMap hashMap = (HashMap) c10;
                for (Object obj : hashMap.keySet()) {
                    if (!f55374g.contains(obj)) {
                        throw new ESTException(androidx.collection.o.a("Unrecognised entry in WWW-Authenticate header: '", obj, z7.c.f64644p0));
                    }
                }
                String e10 = l10.e();
                String str4 = (String) hashMap.get(HttpAuthHeader.b.Realm);
                String str5 = (String) hashMap.get("nonce");
                String str6 = (String) hashMap.get("opaque");
                String str7 = "algorithm";
                String str8 = (String) hashMap.get("algorithm");
                String str9 = "qop";
                String str10 = (String) hashMap.get("qop");
                ArrayList arrayList = new ArrayList();
                String str11 = this.f55375a;
                if (str11 != null && !str11.equals(str4)) {
                    throw new ESTException(androidx.fragment.app.a.a(new StringBuilder("Supplied realm '"), this.f55375a, "' does not match server realm '", str4, z7.c.f64644p0), null, 401, null);
                }
                if (str8 == null) {
                    str8 = "MD5";
                }
                if (str8.length() == 0) {
                    throw new ESTException("WWW-Authenticate no algorithm defined.");
                }
                String p10 = Strings.p(str8);
                if (str10 == null) {
                    throw new ESTException("Qop is not defined in WWW-Authenticate header.");
                }
                if (str10.length() == 0) {
                    throw new ESTException("QoP value is empty.");
                }
                String[] split = Strings.l(str10).split(b4.f21845i);
                int i10 = 0;
                while (true) {
                    String str12 = str7;
                    String str13 = str9;
                    if (i10 == split.length) {
                        AlgorithmIdentifier h10 = h(p10);
                        if (h10 == null || h10.v() == null) {
                            throw new IOException("auth digest algorithm unknown: ".concat(p10));
                        }
                        wl.p g10 = g(p10, h10);
                        OutputStream b10 = g10.b();
                        String i11 = i(10);
                        j(b10, this.f55376b);
                        b10.write(Strings.o(CertificateUtil.DELIMITER.toCharArray()));
                        j(b10, str4);
                        b10.write(Strings.o(CertificateUtil.DELIMITER.toCharArray()));
                        k(b10, this.f55377c);
                        b10.close();
                        byte[] c11 = g10.c();
                        if (p10.endsWith("-SESS")) {
                            wl.p g11 = g(p10, h10);
                            OutputStream b11 = g11.b();
                            str = str4;
                            str2 = "auth";
                            b11.write(Strings.o(eo.h.k(c11, 0, c11.length).toCharArray()));
                            b11.write(Strings.o(CertificateUtil.DELIMITER.toCharArray()));
                            j(b11, str5);
                            b11.write(Strings.o(CertificateUtil.DELIMITER.toCharArray()));
                            b11.write(Strings.o(i11.toCharArray()));
                            b11.close();
                            c11 = g11.c();
                        } else {
                            str = str4;
                            str2 = "auth";
                        }
                        String k10 = eo.h.k(c11, 0, c11.length);
                        wl.p g12 = g(p10, h10);
                        OutputStream b12 = g12.b();
                        if (((String) arrayList.get(0)).equals("auth-int")) {
                            wl.p g13 = g(p10, h10);
                            OutputStream b13 = g13.b();
                            l10.g(b13);
                            b13.close();
                            byte[] c12 = g13.c();
                            j(b12, e10);
                            b12.write(Strings.o(CertificateUtil.DELIMITER.toCharArray()));
                            j(b12, path);
                            b12.write(Strings.o(CertificateUtil.DELIMITER.toCharArray()));
                            b12.write(Strings.o(eo.h.k(c12, 0, c12.length).toCharArray()));
                            str3 = str2;
                        } else {
                            str3 = str2;
                            if (((String) arrayList.get(0)).equals(str3)) {
                                j(b12, e10);
                                b12.write(Strings.o(CertificateUtil.DELIMITER.toCharArray()));
                                j(b12, path);
                            }
                        }
                        b12.close();
                        byte[] c13 = g12.c();
                        String k11 = eo.h.k(c13, 0, c13.length);
                        wl.p g14 = g(p10, h10);
                        OutputStream b14 = g14.b();
                        if (arrayList.contains("missing")) {
                            b14.write(Strings.o(k10.toCharArray()));
                            b14.write(Strings.o(CertificateUtil.DELIMITER.toCharArray()));
                            j(b14, str5);
                            b14.write(Strings.o(CertificateUtil.DELIMITER.toCharArray()));
                            b14.write(Strings.o(k11.toCharArray()));
                        } else {
                            b14.write(Strings.o(k10.toCharArray()));
                            b14.write(Strings.o(CertificateUtil.DELIMITER.toCharArray()));
                            j(b14, str5);
                            b14.write(Strings.o(CertificateUtil.DELIMITER.toCharArray()));
                            b14.write(Strings.o("00000001".toCharArray()));
                            b14.write(Strings.o(CertificateUtil.DELIMITER.toCharArray()));
                            b14.write(Strings.o(i11.toCharArray()));
                            b14.write(Strings.o(CertificateUtil.DELIMITER.toCharArray()));
                            if (((String) arrayList.get(0)).equals("auth-int")) {
                                b14.write(Strings.o("auth-int".toCharArray()));
                            } else {
                                b14.write(Strings.o(str3.toCharArray()));
                            }
                            b14.write(Strings.o(CertificateUtil.DELIMITER.toCharArray()));
                            b14.write(Strings.o(k11.toCharArray()));
                        }
                        b14.close();
                        byte[] c14 = g14.c();
                        String k12 = eo.h.k(c14, 0, c14.length);
                        HashMap hashMap2 = new HashMap();
                        hashMap2.put("username", this.f55376b);
                        hashMap2.put(HttpAuthHeader.b.Realm, str);
                        hashMap2.put("nonce", str5);
                        hashMap2.put(ShareConstants.MEDIA_URI, path);
                        hashMap2.put(io.sentry.protocol.l.f44793g, k12);
                        if (!((String) arrayList.get(0)).equals("auth-int")) {
                            if (((String) arrayList.get(0)).equals(str3)) {
                                hashMap2.put(str13, str3);
                            }
                            hashMap2.put(str12, p10);
                            if (str6 != null || str6.length() == 0) {
                                hashMap2.put("opaque", i(20));
                            }
                            l lVar = new l(l10);
                            lVar.f55329d = null;
                            lVar.c("Authorization", HttpUtil.b(io.ktor.http.auth.a.Digest, hashMap2));
                            return l10.a().a(lVar.b());
                        }
                        hashMap2.put(str13, "auth-int");
                        hashMap2.put("nc", "00000001");
                        hashMap2.put("cnonce", i11);
                        hashMap2.put(str12, p10);
                        if (str6 != null) {
                        }
                        hashMap2.put("opaque", i(20));
                        l lVar2 = new l(l10);
                        lVar2.f55329d = null;
                        lVar2.c("Authorization", HttpUtil.b(io.ktor.http.auth.a.Digest, hashMap2));
                        return l10.a().a(lVar2.b());
                    }
                    if (!split[i10].equals("auth") && !split[i10].equals("auth-int")) {
                        throw new ESTException(androidx.collection.q.a("QoP value unknown: '", i10, z7.c.f64644p0));
                    }
                    String trim = split[i10].trim();
                    if (!arrayList.contains(trim)) {
                        arrayList.add(trim);
                    }
                    i10++;
                    str7 = str12;
                    str9 = str13;
                }
            } catch (Exception e11) {
                throw new IOException(u3.o.a(e11, new StringBuilder("unable to process URL in request: ")));
            }
        } catch (Throwable th2) {
            throw new ESTException("Parsing WWW-Authentication header: " + th2.getMessage(), th2, mVar.n(), new ByteArrayInputStream(mVar.g(HttpHeaders.WWW_AUTHENTICATE).getBytes()));
        }
    }

    public final wl.p g(String str, AlgorithmIdentifier algorithmIdentifier) throws IOException {
        try {
            return this.f55379e.a(algorithmIdentifier);
        } catch (OperatorCreationException e10) {
            StringBuilder a10 = androidx.appcompat.view.a.a("cannot create digest calculator for ", str, ": ");
            a10.append(e10.getMessage());
            throw new IOException(a10.toString());
        }
    }

    public final AlgorithmIdentifier h(String str) {
        if (str.endsWith("-SESS")) {
            str = androidx.core.content.b.a(str, 5, 0);
        }
        return str.equals("SHA-512-256") ? f55373f.b(og.d.f52771h) : f55373f.a(str);
    }

    public final String i(int i10) {
        byte[] bArr = new byte[i10];
        this.f55378d.nextBytes(bArr);
        return eo.h.j(bArr);
    }

    public final void j(OutputStream outputStream, String str) throws IOException {
        outputStream.write(Strings.n(str));
    }

    public final void k(OutputStream outputStream, char[] cArr) throws IOException {
        outputStream.write(Strings.o(cArr));
    }
}
