package com.microsoft.identity.common.internal.ui.webview.certbasedauth;

import android.app.Activity;
import android.security.KeyChain;
import android.security.KeyChainAliasCallback;
import android.security.KeyChainException;
import android.webkit.ClientCertRequest;
import androidx.annotation.NonNull;
import androidx.annotation.Nullable;
import androidx.annotation.RequiresApi;
import androidx.appcompat.widget.B;
import androidx.collection.b;
import com.microsoft.identity.common.java.opentelemetry.ICertBasedAuthTelemetryHelper;
import com.microsoft.identity.common.logging.Logger;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;

/* compiled from: src */
/* loaded from: classes7.dex */
public class OnDeviceCertBasedAuthChallengeHandler extends AbstractCertBasedAuthChallengeHandler {
    private static final String ECDSA_CONSTANT = "ECDSA";
    private static final String TAG = "OnDeviceCertBasedAuthChallengeHandler";
    private final Activity mActivity;

    public OnDeviceCertBasedAuthChallengeHandler(@NonNull Activity activity, @NonNull ICertBasedAuthTelemetryHelper iCertBasedAuthTelemetryHelper) {
        this.mActivity = activity;
        this.mTelemetryHelper = iCertBasedAuthTelemetryHelper;
        iCertBasedAuthTelemetryHelper.setCertBasedAuthChallengeHandler(TAG);
        this.mIsCertBasedAuthProceeding = false;
    }

    @Nullable
    @RequiresApi(api = 23)
    public static String[] mapKeyTypes(@Nullable String[] strArr) {
        if (strArr == null) {
            return null;
        }
        for (int i = 0; i < strArr.length; i++) {
            if (strArr[i].equals(ECDSA_CONSTANT)) {
                strArr[i] = "EC";
                return strArr;
            }
        }
        return strArr;
    }

    @RequiresApi(api = 23)
    private String printRequestDetails(ClientCertRequest clientCertRequest) {
        StringBuilder e = B.e(256, "Processing CBA challenge.");
        if (clientCertRequest.getKeyTypes() != null) {
            e.append("\nKey Types: ");
            for (String str : clientCertRequest.getKeyTypes()) {
                e.append(str);
                e.append(", ");
            }
        }
        if (clientCertRequest.getPrincipals() != null) {
            e.append("\nPrincipals: ");
            for (Principal principal : clientCertRequest.getPrincipals()) {
                e.append(principal.getName());
                e.append(", ");
            }
        }
        e.append("\nHost: ");
        e.append(clientCertRequest.getHost());
        e.append("\nPort: ");
        e.append(clientCertRequest.getPort());
        return e.toString();
    }

    @Override // com.microsoft.identity.common.internal.ui.webview.certbasedauth.AbstractCertBasedAuthChallengeHandler
    public void cleanUp() {
    }

    @Override // com.microsoft.identity.common.internal.ui.webview.challengehandlers.IChallengeHandler
    @RequiresApi(api = 23)
    public Void processChallenge(final ClientCertRequest clientCertRequest) {
        final String c4 = b.c(new StringBuilder(), TAG, ":processChallenge");
        Logger.info(c4, printRequestDetails(clientCertRequest));
        KeyChain.choosePrivateKeyAlias(this.mActivity, new KeyChainAliasCallback() { // from class: com.microsoft.identity.common.internal.ui.webview.certbasedauth.OnDeviceCertBasedAuthChallengeHandler.1
            @Override // android.security.KeyChainAliasCallback
            public void alias(String str) {
                if (str == null) {
                    Logger.info(c4, "No certificate chosen by user, cancelling the TLS request.");
                    OnDeviceCertBasedAuthChallengeHandler.this.mTelemetryHelper.setResultFailure("No certificate chosen by user, cancelling the TLS request.");
                    clientCertRequest.cancel();
                    return;
                }
                try {
                    X509Certificate[] certificateChain = KeyChain.getCertificateChain(OnDeviceCertBasedAuthChallengeHandler.this.mActivity.getApplicationContext(), str);
                    if (certificateChain != null && certificateChain.length > 0) {
                        OnDeviceCertBasedAuthChallengeHandler.this.mTelemetryHelper.setPublicKeyAlgoType(certificateChain[0].getPublicKey().getAlgorithm());
                    }
                    PrivateKey privateKey = KeyChain.getPrivateKey(OnDeviceCertBasedAuthChallengeHandler.this.mActivity, str);
                    Logger.info(c4, "Certificate is chosen by user, proceed with TLS request.");
                    OnDeviceCertBasedAuthChallengeHandler.this.mIsCertBasedAuthProceeding = true;
                    clientCertRequest.proceed(privateKey, certificateChain);
                } catch (KeyChainException e) {
                    Logger.errorPII(c4, "KeyChain exception", e);
                    OnDeviceCertBasedAuthChallengeHandler.this.mTelemetryHelper.setResultFailure(e);
                    OnDeviceCertBasedAuthChallengeHandler.this.mTelemetryHelper.setResultFailure("ClientCertRequest unexpectedly cancelled.");
                    clientCertRequest.cancel();
                } catch (InterruptedException e4) {
                    Logger.errorPII(c4, "InterruptedException exception", e4);
                    OnDeviceCertBasedAuthChallengeHandler.this.mTelemetryHelper.setResultFailure(e4);
                    OnDeviceCertBasedAuthChallengeHandler.this.mTelemetryHelper.setResultFailure("ClientCertRequest unexpectedly cancelled.");
                    clientCertRequest.cancel();
                }
            }
        }, mapKeyTypes(clientCertRequest.getKeyTypes()), clientCertRequest.getPrincipals(), clientCertRequest.getHost(), clientCertRequest.getPort(), null);
        return null;
    }
}
