package com.microsoft.identity.common.internal.ui.webview.certbasedauth;

import android.app.Activity;
import android.security.KeyChain;
import android.security.KeyChainAliasCallback;
import android.security.KeyChainException;
import android.webkit.ClientCertRequest;
import androidx.activity.e;
import com.microsoft.identity.common.java.exception.BaseException;
import com.microsoft.identity.common.java.opentelemetry.ICertBasedAuthTelemetryHelper;
import com.microsoft.identity.common.java.providers.RawAuthorizationResult;
import com.microsoft.identity.common.logging.Logger;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;

/* loaded from: classes.dex */
public class OnDeviceCertBasedAuthChallengeHandler implements ICertBasedAuthChallengeHandler {
    private static final String ACCEPTABLE_ISSUER = "CN=MS-Organization-Access";
    private static final String TAG = "OnDeviceCertBasedAuthChallengeHandler";
    private final Activity mActivity;
    private boolean mIsOnDeviceCertBasedAuthProceeding;
    private final ICertBasedAuthTelemetryHelper mTelemetryHelper;

    public OnDeviceCertBasedAuthChallengeHandler(Activity activity, ICertBasedAuthTelemetryHelper iCertBasedAuthTelemetryHelper) {
        this.mActivity = activity;
        this.mTelemetryHelper = iCertBasedAuthTelemetryHelper;
        iCertBasedAuthTelemetryHelper.setCertBasedAuthChallengeHandler(TAG);
        this.mIsOnDeviceCertBasedAuthProceeding = false;
    }

    @Override // com.microsoft.identity.common.internal.ui.webview.certbasedauth.ICertBasedAuthChallengeHandler
    public void cleanUp() {
    }

    @Override // com.microsoft.identity.common.internal.ui.webview.certbasedauth.ICertBasedAuthChallengeHandler
    public void emitTelemetryForCertBasedAuthResults(RawAuthorizationResult rawAuthorizationResult) {
        if (this.mIsOnDeviceCertBasedAuthProceeding) {
            RawAuthorizationResult.ResultCode resultCode = rawAuthorizationResult.getResultCode();
            if (resultCode != RawAuthorizationResult.ResultCode.NON_OAUTH_ERROR && resultCode != RawAuthorizationResult.ResultCode.SDK_CANCELLED && resultCode != RawAuthorizationResult.ResultCode.CANCELLED) {
                this.mTelemetryHelper.setResultSuccess();
                return;
            }
            BaseException exception = rawAuthorizationResult.getException();
            if (exception != null) {
                this.mTelemetryHelper.setResultFailure(exception);
            } else {
                this.mTelemetryHelper.setResultFailure(resultCode.toString());
            }
        }
    }

    @Override // com.microsoft.identity.common.internal.ui.webview.challengehandlers.IChallengeHandler
    public Void processChallenge(final ClientCertRequest clientCertRequest) {
        final String k10 = e.k(new StringBuilder(), TAG, ":processChallenge");
        Principal[] principals = clientCertRequest.getPrincipals();
        if (principals != null) {
            for (Principal principal : principals) {
                if (principal.getName().contains(ACCEPTABLE_ISSUER)) {
                    Logger.info(k10, "Cancelling the TLS request, not respond to TLS challenge triggered by device authentication.");
                    this.mTelemetryHelper.setResultFailure("Cancelling the TLS request, not respond to TLS challenge triggered by device authentication.");
                    clientCertRequest.cancel();
                    return null;
                }
            }
        }
        KeyChain.choosePrivateKeyAlias(this.mActivity, new KeyChainAliasCallback() { // from class: com.microsoft.identity.common.internal.ui.webview.certbasedauth.OnDeviceCertBasedAuthChallengeHandler.1
            @Override // android.security.KeyChainAliasCallback
            public void alias(String str) {
                if (str == null) {
                    Logger.info(k10, "No certificate chosen by user, cancelling the TLS request.");
                    OnDeviceCertBasedAuthChallengeHandler.this.mTelemetryHelper.setResultFailure("No certificate chosen by user, cancelling the TLS request.");
                    clientCertRequest.cancel();
                    return;
                }
                try {
                    X509Certificate[] certificateChain = KeyChain.getCertificateChain(OnDeviceCertBasedAuthChallengeHandler.this.mActivity.getApplicationContext(), str);
                    PrivateKey privateKey = KeyChain.getPrivateKey(OnDeviceCertBasedAuthChallengeHandler.this.mActivity, str);
                    Logger.info(k10, "Certificate is chosen by user, proceed with TLS request.");
                    OnDeviceCertBasedAuthChallengeHandler.this.mIsOnDeviceCertBasedAuthProceeding = true;
                    clientCertRequest.proceed(privateKey, certificateChain);
                } catch (KeyChainException e10) {
                    Logger.errorPII(k10, "KeyChain exception", e10);
                    OnDeviceCertBasedAuthChallengeHandler.this.mTelemetryHelper.setResultFailure(e10);
                    OnDeviceCertBasedAuthChallengeHandler.this.mTelemetryHelper.setResultFailure("ClientCertRequest unexpectedly cancelled.");
                    clientCertRequest.cancel();
                } catch (InterruptedException e11) {
                    Logger.errorPII(k10, "InterruptedException exception", e11);
                    OnDeviceCertBasedAuthChallengeHandler.this.mTelemetryHelper.setResultFailure(e11);
                    OnDeviceCertBasedAuthChallengeHandler.this.mTelemetryHelper.setResultFailure("ClientCertRequest unexpectedly cancelled.");
                    clientCertRequest.cancel();
                }
            }
        }, clientCertRequest.getKeyTypes(), clientCertRequest.getPrincipals(), clientCertRequest.getHost(), clientCertRequest.getPort(), null);
        return null;
    }
}
