package com.citrix.auth.impl;

import com.citrix.auth.AMUrl;
import com.citrix.auth.exceptions.AuthManException;
import com.citrix.auth.exceptions.PrimaryAuthException;
import io.fabric.sdk.android.services.common.AbstractC1244a;
import org.apache.http.HttpResponse;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.message.BasicHeader;

/* loaded from: classes.dex */
public class AGSSOAuthenticator implements InterfaceC0326ha {

    /* renamed from: a, reason: collision with root package name */
    private final Z f2724a;

    /* renamed from: b, reason: collision with root package name */
    private HttpResponse f2725b;

    /* renamed from: c, reason: collision with root package name */
    private SsoMode f2726c;

    /* renamed from: d, reason: collision with root package name */
    private AMUrl f2727d;

    /* renamed from: e, reason: collision with root package name */
    private AMUrl f2728e;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes.dex */
    public enum SsoMode {
        Password,
        NoPassword
    }

    public AGSSOAuthenticator(Z z, SsoMode ssoMode) {
        this.f2724a = z;
        this.f2726c = ssoMode;
    }

    private String a() {
        return Da.d("During AGSSO; direct url='%s'; actual url='%s'; SSO mode='%s'", this.f2727d, this.f2728e, this.f2726c);
    }

    private void a(String str, boolean z) {
        StringBuilder sb = new StringBuilder();
        if (z && this.f2726c == SsoMode.NoPassword) {
            sb.append("This failure typically occurs with certificate based authentication when ");
            sb.append("the StoreFront authentication service rejects the user name which Access Gateway extracted from the ");
            sb.append("client certificate. Check that the User Name Field of the Access Gateway authentication server/request profile ");
            sb.append("is set to 'SubjectAltName:PrincipalName'.");
        }
        Da.b(Da.d("A logon using gateway single sign-on failed; the reason provided by the server was %s. %s. %s", str, a(), sb.toString()));
    }

    private com.citrix.auth.impl.a.g b(AMUrl aMUrl, com.citrix.auth.impl.a.f fVar, AgSession agSession) throws AuthManException {
        Da.a("AGSSOAuthenticator.authenticateImpl");
        Da.a(agSession != null, "AGSSO logon must be via a gateway");
        this.f2728e = agSession.a(this.f2727d);
        Da.a("AGSSO Logon URL is '%s'", this.f2728e);
        HttpPost httpPost = new HttpPost();
        httpPost.setURI(this.f2728e.i());
        C0330l.a(httpPost, agSession.j());
        httpPost.setHeader(new BasicHeader("Content-Type", "application/vnd.citrix.requesttoken+xml"));
        httpPost.setHeader(new BasicHeader(AbstractC1244a.HEADER_ACCEPT, "application/vnd.citrix.requesttokenresponse+xml"));
        C0330l.a(this.f2724a.i(), httpPost);
        httpPost.setEntity(C0330l.a(fVar));
        this.f2725b = S.a(this.f2724a, httpPost, Da.d("IOException during AGSSOAuthenticator.authenticate startUrl='%s'", aMUrl));
        if (AgSession.a(agSession, this.f2725b)) {
            throw AuthManException.primaryAuthError(PrimaryAuthException.ErrorCode.InvalidGatewaySession);
        }
        int statusCode = this.f2725b.getStatusLine().getStatusCode();
        Da.e("statusCode=%d", Integer.valueOf(statusCode));
        if (statusCode == 200) {
            if (!C0330l.c(this.f2725b, "application/vnd.citrix.requesttokenresponse+xml")) {
                throw AuthManException.protocolError("An unexpected content type was received from the server: %s", C0330l.c(this.f2725b));
            }
            com.citrix.auth.impl.a.g a2 = com.citrix.auth.impl.a.g.a(Ha.a(this.f2725b));
            Da.g("Authentication succeeded");
            return a2;
        }
        if (statusCode == 401) {
            throw AuthManException.primaryAuthError(PrimaryAuthException.ErrorCode.UnsuitableProtocol);
        }
        if (statusCode != 403) {
            throw AuthManException.protocolError("An unexpected HTTP status was received from the server: %d", Integer.valueOf(statusCode));
        }
        String a3 = C0330l.a(this.f2725b, "X-Citrix-SSOFailure-Reason");
        boolean equals = "BadCredentials".equals(a3);
        a(a3, equals);
        if (!equals) {
            throw AuthManException.authServiceError("AGSSO failed", new Object[0]);
        }
        Da.g("The server indicated the credentials cached in the AG session were not valid; returning BadGatewaySessionCredentials so the session will be trashed");
        throw AuthManException.primaryAuthError(PrimaryAuthException.ErrorCode.BadGatewaySessionCredentials);
    }

    @Override // com.citrix.auth.impl.InterfaceC0326ha
    public com.citrix.auth.impl.a.g a(AMUrl aMUrl, com.citrix.auth.impl.a.f fVar, AgSession agSession) throws AuthManException {
        Aa aa = new Aa("AGSSOAuthenticator::authenticate");
        Da.a("AGSSOAuthenticator.authenticate");
        Da.a(agSession != null, "AGSSO logon must be via a gateway");
        this.f2727d = aMUrl;
        try {
            try {
                this.f2724a.r();
                return b(aMUrl, fVar, agSession);
            } catch (AuthManException e2) {
                e2.addInfo("During AGSSOAuthenticator.authenticate startUrl='%s'", aMUrl);
                throw e2;
            }
        } finally {
            C0330l.a(this.f2725b);
            aa.a();
        }
    }
}
