package org.bouncycastle.est;

import androidx.constraintlayout.core.motion.utils.w;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import org.bouncycastle.operator.d0;
import org.bouncycastle.util.z;

/* loaded from: classes3.dex */
public class s implements f {

    /* renamed from: f, reason: collision with root package name */
    private static final org.bouncycastle.operator.o f46253f = new org.bouncycastle.operator.j();

    /* renamed from: g, reason: collision with root package name */
    private static final Set<String> f46254g;

    /* renamed from: a, reason: collision with root package name */
    private final String f46255a;

    /* renamed from: b, reason: collision with root package name */
    private final String f46256b;

    /* renamed from: c, reason: collision with root package name */
    private final char[] f46257c;

    /* renamed from: d, reason: collision with root package name */
    private final SecureRandom f46258d;

    /* renamed from: e, reason: collision with root package name */
    private final org.bouncycastle.operator.q f46259e;

    /* loaded from: classes3.dex */
    class a implements k {
        a() {
        }

        @Override // org.bouncycastle.est.k
        public n a(l lVar, v vVar) throws IOException {
            n nVar = new n(lVar, vVar);
            if (nVar.n() != 401) {
                return nVar;
            }
            String g9 = nVar.g("WWW-Authenticate");
            if (g9 == null) {
                throw new j("Status of 401 but no WWW-Authenticate header");
            }
            String l9 = z.l(g9);
            if (l9.startsWith(org.bouncycastle.cms.e.f42697b)) {
                return s.this.f(nVar);
            }
            if (!l9.startsWith("basic")) {
                throw new j("Unknown auth mode: " + l9);
            }
            nVar.d();
            Map<String, String> c9 = t.c("Basic", nVar.g("WWW-Authenticate"));
            if (s.this.f46255a != null && !s.this.f46255a.equals(c9.get("realm"))) {
                throw new j("Supplied realm '" + s.this.f46255a + "' does not match server realm '" + c9.get("realm") + "'", null, w.c.f3256b, null);
            }
            m g10 = new m(lVar).g(null);
            if (s.this.f46255a != null && s.this.f46255a.length() > 0) {
                g10.c("WWW-Authenticate", "Basic realm=\"" + s.this.f46255a + "\"");
            }
            if (s.this.f46256b.contains(":")) {
                throw new IllegalArgumentException("User must not contain a ':'");
            }
            char[] cArr = new char[s.this.f46256b.length() + 1 + s.this.f46257c.length];
            System.arraycopy(s.this.f46256b.toCharArray(), 0, cArr, 0, s.this.f46256b.length());
            cArr[s.this.f46256b.length()] = ':';
            System.arraycopy(s.this.f46257c, 0, cArr, s.this.f46256b.length() + 1, s.this.f46257c.length);
            g10.c("Authorization", "Basic " + org.bouncycastle.util.encoders.c.i(z.k(cArr)));
            n a9 = lVar.a().a(g10.b());
            org.bouncycastle.util.a.g0(cArr, (char) 0);
            return a9;
        }
    }

    static {
        HashSet hashSet = new HashSet();
        hashSet.add("realm");
        hashSet.add("nonce");
        hashSet.add("opaque");
        hashSet.add("algorithm");
        hashSet.add("qop");
        f46254g = Collections.unmodifiableSet(hashSet);
    }

    public s(String str, String str2, char[] cArr) {
        this(str, str2, cArr, null, null);
    }

    public s(String str, String str2, char[] cArr, SecureRandom secureRandom, org.bouncycastle.operator.q qVar) {
        this.f46255a = str;
        this.f46256b = str2;
        this.f46257c = cArr;
        this.f46258d = secureRandom;
        this.f46259e = qVar;
    }

    public s(String str, char[] cArr) {
        this(null, str, cArr, null, null);
    }

    public s(String str, char[] cArr, SecureRandom secureRandom, org.bouncycastle.operator.q qVar) {
        this(null, str, cArr, secureRandom, qVar);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public n f(n nVar) throws IOException {
        String str;
        String str2;
        nVar.d();
        l l9 = nVar.l();
        try {
            Map<String, String> c9 = t.c("Digest", nVar.g("WWW-Authenticate"));
            try {
                String path = l9.f().toURI().getPath();
                for (String str3 : c9.keySet()) {
                    if (!f46254g.contains(str3)) {
                        throw new j("Unrecognised entry in WWW-Authenticate header: '" + ((Object) str3) + "'");
                    }
                }
                String e9 = l9.e();
                String str4 = c9.get("realm");
                String str5 = c9.get("nonce");
                String str6 = c9.get("opaque");
                String str7 = "algorithm";
                String str8 = c9.get("algorithm");
                String str9 = "qop";
                String str10 = c9.get("qop");
                ArrayList arrayList = new ArrayList();
                String str11 = this.f46255a;
                if (str11 != null && !str11.equals(str4)) {
                    throw new j("Supplied realm '" + this.f46255a + "' does not match server realm '" + str4 + "'", null, w.c.f3256b, null);
                }
                if (str8 == null) {
                    str8 = "MD5";
                }
                if (str8.length() == 0) {
                    throw new j("WWW-Authenticate no algorithm defined.");
                }
                String p8 = z.p(str8);
                if (str10 == null) {
                    throw new j("Qop is not defined in WWW-Authenticate header.");
                }
                if (str10.length() == 0) {
                    throw new j("QoP value is empty.");
                }
                String[] split = z.l(str10).split(com.verifone.commerce.entities.p.f20357m);
                int i9 = 0;
                while (true) {
                    String str12 = str7;
                    String str13 = str9;
                    if (i9 == split.length) {
                        org.bouncycastle.asn1.x509.b h9 = h(p8);
                        if (h9 == null || h9.x0() == null) {
                            throw new IOException("auth digest algorithm unknown: " + p8);
                        }
                        org.bouncycastle.operator.p g9 = g(p8, h9);
                        OutputStream b9 = g9.b();
                        String i10 = i(10);
                        j(b9, this.f46256b);
                        j(b9, ":");
                        j(b9, str4);
                        j(b9, ":");
                        k(b9, this.f46257c);
                        b9.close();
                        byte[] digest = g9.getDigest();
                        if (p8.endsWith("-SESS")) {
                            org.bouncycastle.operator.p g10 = g(p8, h9);
                            OutputStream b10 = g10.b();
                            j(b10, org.bouncycastle.util.encoders.j.j(digest));
                            j(b10, ":");
                            j(b10, str5);
                            j(b10, ":");
                            j(b10, i10);
                            b10.close();
                            digest = g10.getDigest();
                        }
                        String j9 = org.bouncycastle.util.encoders.j.j(digest);
                        org.bouncycastle.operator.p g11 = g(p8, h9);
                        OutputStream b11 = g11.b();
                        if (((String) arrayList.get(0)).equals("auth-int")) {
                            org.bouncycastle.operator.p g12 = g(p8, h9);
                            str = "auth-int";
                            OutputStream b12 = g12.b();
                            l9.g(b12);
                            b12.close();
                            byte[] digest2 = g12.getDigest();
                            j(b11, e9);
                            j(b11, ":");
                            j(b11, path);
                            j(b11, ":");
                            j(b11, org.bouncycastle.util.encoders.j.j(digest2));
                        } else {
                            str = "auth-int";
                            if (((String) arrayList.get(0)).equals("auth")) {
                                j(b11, e9);
                                j(b11, ":");
                                j(b11, path);
                            }
                        }
                        b11.close();
                        String j10 = org.bouncycastle.util.encoders.j.j(g11.getDigest());
                        org.bouncycastle.operator.p g13 = g(p8, h9);
                        OutputStream b13 = g13.b();
                        boolean contains = arrayList.contains("missing");
                        j(b13, j9);
                        j(b13, ":");
                        j(b13, str5);
                        j(b13, ":");
                        if (contains) {
                            j(b13, j10);
                            str2 = str;
                        } else {
                            j(b13, "00000001");
                            j(b13, ":");
                            j(b13, i10);
                            j(b13, ":");
                            str2 = str;
                            if (((String) arrayList.get(0)).equals(str2)) {
                                j(b13, str2);
                            } else {
                                j(b13, "auth");
                            }
                            j(b13, ":");
                            j(b13, j10);
                        }
                        b13.close();
                        String j11 = org.bouncycastle.util.encoders.j.j(g13.getDigest());
                        HashMap hashMap = new HashMap();
                        hashMap.put("username", this.f46256b);
                        hashMap.put("realm", str4);
                        hashMap.put("nonce", str5);
                        hashMap.put("uri", path);
                        hashMap.put("response", j11);
                        if (!((String) arrayList.get(0)).equals(str2)) {
                            if (((String) arrayList.get(0)).equals("auth")) {
                                hashMap.put(str13, "auth");
                            }
                            hashMap.put(str12, p8);
                            if (str6 != null || str6.length() == 0) {
                                hashMap.put("opaque", i(20));
                            }
                            m g14 = new m(l9).g(null);
                            g14.c("Authorization", t.b("Digest", hashMap));
                            return l9.a().a(g14.b());
                        }
                        hashMap.put(str13, str2);
                        hashMap.put("nc", "00000001");
                        hashMap.put("cnonce", i10);
                        hashMap.put(str12, p8);
                        if (str6 != null) {
                        }
                        hashMap.put("opaque", i(20));
                        m g142 = new m(l9).g(null);
                        g142.c("Authorization", t.b("Digest", hashMap));
                        return l9.a().a(g142.b());
                    }
                    if (!split[i9].equals("auth") && !split[i9].equals("auth-int")) {
                        throw new j("QoP value unknown: '" + i9 + "'");
                    }
                    String trim = split[i9].trim();
                    if (!arrayList.contains(trim)) {
                        arrayList.add(trim);
                    }
                    i9++;
                    str7 = str12;
                    str9 = str13;
                }
            } catch (Exception e10) {
                throw new IOException("unable to process URL in request: " + e10.getMessage());
            }
        } catch (Throwable th) {
            throw new j("Parsing WWW-Authentication header: " + th.getMessage(), th, nVar.n(), new ByteArrayInputStream(nVar.g("WWW-Authenticate").getBytes()));
        }
    }

    private org.bouncycastle.operator.p g(String str, org.bouncycastle.asn1.x509.b bVar) throws IOException {
        try {
            return this.f46259e.a(bVar);
        } catch (d0 e9) {
            throw new IOException("cannot create digest calculator for " + str + ": " + e9.getMessage());
        }
    }

    private org.bouncycastle.asn1.x509.b h(String str) {
        if (str.endsWith("-SESS")) {
            str = str.substring(0, str.length() - 5);
        }
        return str.equals("SHA-512-256") ? f46253f.b(org.bouncycastle.asn1.nist.d.f41024h) : f46253f.a(str);
    }

    private String i(int i9) {
        byte[] bArr = new byte[i9];
        this.f46258d.nextBytes(bArr);
        return org.bouncycastle.util.encoders.j.j(bArr);
    }

    private void j(OutputStream outputStream, String str) throws IOException {
        outputStream.write(z.n(str));
    }

    private void k(OutputStream outputStream, char[] cArr) throws IOException {
        outputStream.write(z.o(cArr));
    }

    @Override // org.bouncycastle.est.f
    public void a(m mVar) {
        mVar.g(new a());
    }
}
