package com.citrix.auth.impl;

import com.citrix.auth.AMUrl;
import com.citrix.auth.exceptions.AuthManException;
import com.citrix.auth.exceptions.TemporaryFailureException;
import com.citrix.auth.impl.TokenOperation;
import java.util.List;
import org.apache.http.HttpResponse;

/* compiled from: StorefrontAuth.java */
/* loaded from: classes.dex */
public class za {

    /* renamed from: a, reason: collision with root package name */
    private final Z f3033a;

    /* renamed from: b, reason: collision with root package name */
    private int f3034b = 0;

    public za(Z z) {
        this.f3033a = z;
    }

    public static com.citrix.auth.impl.a.a a(HttpResponse httpResponse, AMUrl aMUrl) throws AuthManException {
        if (httpResponse == null || 401 != httpResponse.getStatusLine().getStatusCode()) {
            return null;
        }
        return com.citrix.auth.impl.a.a.a(httpResponse.getAllHeaders(), aMUrl);
    }

    private C0340w b() {
        return new C0340w(this.f3033a.h());
    }

    private ta c() {
        return new ta(this.f3033a);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public TokenCaches d() {
        return this.f3033a.o();
    }

    protected TokenData a(com.citrix.auth.impl.a.c cVar, com.citrix.auth.impl.a.a aVar, AgSession agSession) throws AuthManException {
        Da.a("handleChoicesResponse");
        List<com.citrix.auth.impl.a.b> list = cVar.f2870b;
        Da.a("Choices are:");
        for (com.citrix.auth.impl.a.b bVar : list) {
            Da.a("\t%s: %s", bVar.f2867a, bVar.f2868b);
        }
        boolean a2 = this.f3033a.a();
        boolean t = this.f3033a.c().t();
        boolean z = agSession != null;
        boolean n = z ? agSession.n() : false;
        boolean a3 = z ? agSession.a() : false;
        boolean q = this.f3033a.q();
        Da.a("Protocol logon info: allowLogonFlag(%s)  alwaysAllowAGSSO(%s)  throughGateway(%s)  gatewaySessionHasPassword(%s)", Boolean.valueOf(a2), Boolean.valueOf(t), Boolean.valueOf(z), Boolean.valueOf(n));
        if (a2) {
            Da.a("Logon of any protocol is allowed by logon flags.");
        } else {
            if (!t || !z) {
                Da.a("Logon of any protocol is not allowed by logon flags.");
                throw AuthManException.logonNotAllowed();
            }
            Da.a("Logon via AG SSOn allowed by logon flags.");
        }
        ya yaVar = new ya(this, aVar, agSession, new ka(this.f3033a.h(), list, z, n, a3, q));
        d().c().a(yaVar);
        return yaVar.f3026d;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public oa a() {
        return new oa(this.f3033a);
    }

    void a(TokenData tokenData, com.citrix.auth.impl.a.a aVar) {
        Da.a("StorefontAuth.purgeCachesForChallenge authToken=(%s) challenge=(%s)", tokenData, aVar);
        Da.a(tokenData != null, "purgeCachesForChallenge should not be empty");
        int i = xa.f3020a[ChallengeAction.a(aVar.a()).ordinal()];
        if (i == 1) {
            Da.a("ChallengeAction.DiscardToken");
            b().a(tokenData);
            return;
        }
        if (i == 2) {
            Da.a("ChallengeAction.DestroyTokenFamily");
            b().a(tokenData.h());
        } else {
            if (i != 3) {
                Da.a(false, "Unexpected CChallengeAction");
                return;
            }
            Da.a("ChallengeAction.DestroyCredsFamily");
            try {
                b().a(tokenData.b(), true, this.f3033a.b());
            } catch (AuthManException unused) {
                Da.a("purgeCachesForChallenge failed because the getAuthRequirementsFulfiller threw an exception");
            }
        }
    }

    public void a(com.citrix.auth.impl.a.a aVar) throws AuthManException {
        try {
            TokenData b2 = b(aVar);
            if (b2.k()) {
                throw AuthManException.protocolError("A primary token was generated to access a service - this may indicate that a client application was incorrectly configured with a token service URL");
            }
            d().a(b2);
        } catch (TemporaryFailureException e2) {
            Da.a("Caught CTemporaryFailureException: %s", e2.getMessage());
            Da.a("Not adding a secondary token to the caches");
        }
    }

    TokenData b(com.citrix.auth.impl.a.a aVar) throws AuthManException {
        String u;
        try {
            try {
                this.f3034b++;
                Da.a("getTokenForChallengeLoop authChallenge=(%s)", aVar);
                Da.a("m_challengeChainDepth=%d", Integer.valueOf(this.f3034b));
                if (this.f3034b > 5) {
                    throw AuthManException.protocolError("Challenge chain too deep (depth=%d)", Integer.valueOf(this.f3034b));
                }
                TokenData b2 = d().b(aVar.f());
                boolean z = b2 != null;
                if (z) {
                    Da.a("Found cached primary token=(%s)", b2);
                }
                boolean z2 = z;
                TokenData tokenData = b2;
                int i = 0;
                while (true) {
                    i++;
                    if (i > 5) {
                        throw AuthManException.systemError("getTokenForChallengeLoop looped an unexpected number of times (count=%s)", Integer.valueOf(i));
                    }
                    this.f3033a.r();
                    la laVar = new la(aVar, this.f3033a.h().i());
                    laVar.a(this.f3033a);
                    if (tokenData != null) {
                        laVar.a(tokenData);
                    }
                    laVar.a(this.f3033a.i());
                    AgSession a2 = c().a(laVar);
                    TokenOperation.Result g = laVar.g();
                    Da.a("Token operation result type: %s", g);
                    int i2 = xa.f3021b[g.ordinal()];
                    if (i2 == 1) {
                        if (tokenData == null) {
                            throw AuthManException.protocolError("getTokenForChallange - RequestTokenOperation generated a token when no authorization was supplied");
                        }
                        TokenData f = laVar.f();
                        Da.a("Generated secondary token=(%s)", f);
                        Da.a(f.l(), "Invalid token generated");
                        Da.a(!f.k(), "Generated token should be secondary");
                        String g2 = tokenData.g();
                        if (g2 != null) {
                            String trim = g2.trim();
                            if (!trim.isEmpty()) {
                                f.b(trim);
                            }
                        }
                        return f;
                    }
                    if (i2 == 2) {
                        if (tokenData != null) {
                            throw AuthManException.protocolError("Choices response generated when an authorization token was supplied");
                        }
                        if (this.f3034b >= 2) {
                            return a(laVar.c(), aVar, a2);
                        }
                        throw AuthManException.protocolError("The token service URL generated a choices response - this is not supported and may indicate a configuration error");
                    }
                    if (i2 != 3) {
                        if (i2 != 4) {
                            throw AuthManException.protocolError("getTokenForChallange - unexpected result from CRequestTokenOperation: %s", g);
                        }
                        Da.a(a2 != null, "InvalidAgSession reported for an empty session");
                        b().a(a2);
                        throw AuthManException.temporaryFailure("The session used for the token operation was no longer valid");
                    }
                    com.citrix.auth.impl.a.a b3 = laVar.b();
                    if (b3 != null && (u = this.f3033a.c().u()) != null) {
                        b3.c(u);
                    }
                    Da.a("Received challenge=(%s)", b3);
                    if (tokenData == null) {
                        Da.a("No authorization was supplied");
                    } else {
                        a(tokenData, b3);
                        if (!tokenData.k()) {
                            if ("expired".equals(b3.a())) {
                                throw AuthManException.temporaryFailure("An intermediate authorization token expired");
                            }
                            throw AuthManException.protocolError("Access failed with a newly generated secondary authorization token");
                        }
                        if (!z2) {
                            throw AuthManException.protocolError("Access failed with a newly generated primary authorization token");
                        }
                        Da.a("A cached primary token was used");
                    }
                    Da.a("Generate a new authorization token for a retry");
                    tokenData = b(b3);
                    Da.a(tokenData != null, "getTokenForChallengeLoop generated an empty token");
                    Da.a("Retry with new authorization token");
                    z2 = false;
                }
            } catch (AuthManException e2) {
                e2.addInfo("During getTokenForChallengeLoop challenge='%s'", aVar);
                throw e2;
            }
        } finally {
            this.f3034b--;
        }
    }

    public void b(TokenData tokenData, com.citrix.auth.impl.a.a aVar) {
        Da.a("StorefrontAuth.reportChallenge");
        Da.a(tokenData == null || !tokenData.k(), "reportChallenge cannot be called with a primary token");
        if (tokenData == null) {
            Da.a("Empty authorization token - nothing to do");
            if ("notoken".equals(aVar.a())) {
                return;
            }
            Da.b("Empty authorization token caused unexpected challenge reason=%s", aVar.a());
            return;
        }
        if ("notoken".equals(aVar.a())) {
            Da.b("An authorization token was used, but the challenge reason is 'notoken'");
        }
        if (tokenData.f().equals(aVar.c())) {
            a(tokenData, aVar);
            return;
        }
        Da.a("The guessed authorization token had the wrong realm - nothing to do");
        if ("notforthisservice".equals(aVar.a())) {
            return;
        }
        Da.b("Expected notforthisservice but got a different reason");
    }
}
