package org.bouncycastle.est;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.util.Strings;
import uh0.k1;

/* loaded from: classes7.dex */
public class q implements e {

    /* renamed from: f, reason: collision with root package name */
    public static final kn0.m f88849f = new kn0.j();

    /* renamed from: g, reason: collision with root package name */
    public static final Set<String> f88850g;

    /* renamed from: a, reason: collision with root package name */
    public final String f88851a;

    /* renamed from: b, reason: collision with root package name */
    public final String f88852b;

    /* renamed from: c, reason: collision with root package name */
    public final char[] f88853c;

    /* renamed from: d, reason: collision with root package name */
    public final SecureRandom f88854d;

    /* renamed from: e, reason: collision with root package name */
    public final kn0.o f88855e;

    /* loaded from: classes7.dex */
    public class a implements i {
        public a() {
        }

        @Override // org.bouncycastle.est.i
        public l a(j jVar, s sVar) throws IOException {
            l lVar = new l(jVar, sVar);
            if (lVar.l() != 401) {
                return lVar;
            }
            String f11 = lVar.f("WWW-Authenticate");
            if (f11 == null) {
                throw new ESTException("Status of 401 but no WWW-Authenticate header");
            }
            String j11 = Strings.j(f11);
            if (j11.startsWith(fk0.d.f47440b)) {
                return q.this.f(lVar);
            }
            if (!j11.startsWith("basic")) {
                throw new ESTException("Unknown auth mode: " + j11);
            }
            lVar.d();
            Map<String, String> c12 = HttpUtil.c("Basic", lVar.f("WWW-Authenticate"));
            if (q.this.f88851a != null && !q.this.f88851a.equals(c12.get("realm"))) {
                throw new ESTException("Supplied realm '" + q.this.f88851a + "' does not match server realm '" + c12.get("realm") + "'", null, 401, null);
            }
            k g11 = new k(jVar).g(null);
            if (q.this.f88851a != null && q.this.f88851a.length() > 0) {
                g11.c("WWW-Authenticate", "Basic realm=\"" + q.this.f88851a + "\"");
            }
            if (q.this.f88852b.contains(":")) {
                throw new IllegalArgumentException("User must not contain a ':'");
            }
            char[] cArr = new char[q.this.f88852b.length() + 1 + q.this.f88853c.length];
            System.arraycopy(q.this.f88852b.toCharArray(), 0, cArr, 0, q.this.f88852b.length());
            cArr[q.this.f88852b.length()] = ':';
            System.arraycopy(q.this.f88853c, 0, cArr, q.this.f88852b.length() + 1, q.this.f88853c.length);
            g11.c("Authorization", "Basic " + po0.a.i(Strings.i(cArr)));
            l a12 = jVar.a().a(g11.b());
            org.bouncycastle.util.a.e0(cArr, (char) 0);
            return a12;
        }
    }

    static {
        HashSet hashSet = new HashSet();
        hashSet.add("realm");
        hashSet.add("nonce");
        hashSet.add("opaque");
        hashSet.add("algorithm");
        hashSet.add("qop");
        f88850g = Collections.unmodifiableSet(hashSet);
    }

    public q(String str, String str2, char[] cArr) {
        this(str, str2, cArr, null, null);
    }

    public q(String str, String str2, char[] cArr, SecureRandom secureRandom, kn0.o oVar) {
        this.f88851a = str;
        this.f88852b = str2;
        this.f88853c = cArr;
        this.f88854d = secureRandom;
        this.f88855e = oVar;
    }

    public q(String str, char[] cArr) {
        this(null, str, cArr, null, null);
    }

    public q(String str, char[] cArr, SecureRandom secureRandom, kn0.o oVar) {
        this(null, str, cArr, secureRandom, oVar);
    }

    @Override // org.bouncycastle.est.e
    public void a(k kVar) {
        kVar.g(new a());
    }

    public final l f(l lVar) throws IOException {
        String str;
        String str2;
        lVar.d();
        j j11 = lVar.j();
        try {
            Map<String, String> c12 = HttpUtil.c("Digest", lVar.f("WWW-Authenticate"));
            try {
                String path = j11.f().toURI().getPath();
                for (String str3 : c12.keySet()) {
                    if (!f88850g.contains(str3)) {
                        throw new ESTException("Unrecognised entry in WWW-Authenticate header: '" + ((Object) str3) + "'");
                    }
                }
                String e11 = j11.e();
                String str4 = c12.get("realm");
                String str5 = c12.get("nonce");
                String str6 = c12.get("opaque");
                String str7 = "algorithm";
                String str8 = c12.get("algorithm");
                String str9 = "qop";
                String str10 = c12.get("qop");
                ArrayList arrayList = new ArrayList();
                String str11 = this.f88851a;
                if (str11 != null && !str11.equals(str4)) {
                    throw new ESTException("Supplied realm '" + this.f88851a + "' does not match server realm '" + str4 + "'", null, 401, null);
                }
                if (str8 == null) {
                    str8 = "MD5";
                }
                if (str8.length() == 0) {
                    throw new ESTException("WWW-Authenticate no algorithm defined.");
                }
                String n11 = Strings.n(str8);
                if (str10 == null) {
                    throw new ESTException("Qop is not defined in WWW-Authenticate header.");
                }
                if (str10.length() == 0) {
                    throw new ESTException("QoP value is empty.");
                }
                String[] split = Strings.j(str10).split(",");
                int i11 = 0;
                while (true) {
                    String str12 = str7;
                    String str13 = str9;
                    if (i11 == split.length) {
                        mj0.b h11 = h(n11);
                        if (h11 == null || h11.m() == null) {
                            throw new IOException("auth digest algorithm unknown: " + n11);
                        }
                        kn0.n g11 = g(n11, h11);
                        OutputStream outputStream = g11.getOutputStream();
                        String i12 = i(10);
                        j(outputStream, this.f88852b);
                        j(outputStream, ":");
                        j(outputStream, str4);
                        j(outputStream, ":");
                        k(outputStream, this.f88853c);
                        outputStream.close();
                        byte[] b12 = g11.b();
                        if (n11.endsWith("-SESS")) {
                            kn0.n g12 = g(n11, h11);
                            OutputStream outputStream2 = g12.getOutputStream();
                            j(outputStream2, po0.f.j(b12));
                            j(outputStream2, ":");
                            j(outputStream2, str5);
                            j(outputStream2, ":");
                            j(outputStream2, i12);
                            outputStream2.close();
                            b12 = g12.b();
                        }
                        String j12 = po0.f.j(b12);
                        kn0.n g13 = g(n11, h11);
                        OutputStream outputStream3 = g13.getOutputStream();
                        if (((String) arrayList.get(0)).equals("auth-int")) {
                            kn0.n g14 = g(n11, h11);
                            str = "auth-int";
                            OutputStream outputStream4 = g14.getOutputStream();
                            j11.g(outputStream4);
                            outputStream4.close();
                            byte[] b13 = g14.b();
                            j(outputStream3, e11);
                            j(outputStream3, ":");
                            j(outputStream3, path);
                            j(outputStream3, ":");
                            j(outputStream3, po0.f.j(b13));
                        } else {
                            str = "auth-int";
                            if (((String) arrayList.get(0)).equals("auth")) {
                                j(outputStream3, e11);
                                j(outputStream3, ":");
                                j(outputStream3, path);
                            }
                        }
                        outputStream3.close();
                        String j13 = po0.f.j(g13.b());
                        kn0.n g15 = g(n11, h11);
                        OutputStream outputStream5 = g15.getOutputStream();
                        boolean contains = arrayList.contains("missing");
                        j(outputStream5, j12);
                        j(outputStream5, ":");
                        j(outputStream5, str5);
                        j(outputStream5, ":");
                        if (contains) {
                            j(outputStream5, j13);
                            str2 = str;
                        } else {
                            j(outputStream5, "00000001");
                            j(outputStream5, ":");
                            j(outputStream5, i12);
                            j(outputStream5, ":");
                            str2 = str;
                            if (((String) arrayList.get(0)).equals(str2)) {
                                j(outputStream5, str2);
                            } else {
                                j(outputStream5, "auth");
                            }
                            j(outputStream5, ":");
                            j(outputStream5, j13);
                        }
                        outputStream5.close();
                        String j14 = po0.f.j(g15.b());
                        HashMap hashMap = new HashMap();
                        hashMap.put(f30.c.f46580e, this.f88852b);
                        hashMap.put("realm", str4);
                        hashMap.put("nonce", str5);
                        hashMap.put("uri", path);
                        hashMap.put("response", j14);
                        if (!((String) arrayList.get(0)).equals(str2)) {
                            if (((String) arrayList.get(0)).equals("auth")) {
                                hashMap.put(str13, "auth");
                            }
                            hashMap.put(str12, n11);
                            if (str6 != null || str6.length() == 0) {
                                hashMap.put("opaque", i(20));
                            }
                            k g16 = new k(j11).g(null);
                            g16.c("Authorization", HttpUtil.b("Digest", hashMap));
                            return j11.a().a(g16.b());
                        }
                        hashMap.put(str13, str2);
                        hashMap.put("nc", "00000001");
                        hashMap.put("cnonce", i12);
                        hashMap.put(str12, n11);
                        if (str6 != null) {
                        }
                        hashMap.put("opaque", i(20));
                        k g162 = new k(j11).g(null);
                        g162.c("Authorization", HttpUtil.b("Digest", hashMap));
                        return j11.a().a(g162.b());
                    }
                    if (!split[i11].equals("auth") && !split[i11].equals("auth-int")) {
                        throw new ESTException("QoP value unknown: '" + i11 + "'");
                    }
                    String trim = split[i11].trim();
                    if (!arrayList.contains(trim)) {
                        arrayList.add(trim);
                    }
                    i11++;
                    str7 = str12;
                    str9 = str13;
                }
            } catch (Exception e12) {
                throw new IOException("unable to process URL in request: " + e12.getMessage());
            }
        } catch (Throwable th2) {
            throw new ESTException("Parsing WWW-Authentication header: " + th2.getMessage(), th2, lVar.l(), new ByteArrayInputStream(lVar.f("WWW-Authenticate").getBytes()));
        }
    }

    public final kn0.n g(String str, mj0.b bVar) throws IOException {
        try {
            return this.f88855e.a(bVar);
        } catch (OperatorCreationException e11) {
            throw new IOException("cannot create digest calculator for " + str + ": " + e11.getMessage());
        }
    }

    public final mj0.b h(String str) {
        if (str.endsWith("-SESS")) {
            str = str.substring(0, str.length() - 5);
        }
        return str.equals("SHA-512-256") ? new mj0.b(xi0.b.f114397h, k1.f107247a) : f88849f.a(str);
    }

    public final String i(int i11) {
        byte[] bArr = new byte[i11];
        this.f88854d.nextBytes(bArr);
        return po0.f.j(bArr);
    }

    public final void j(OutputStream outputStream, String str) throws IOException {
        outputStream.write(Strings.l(str));
    }

    public final void k(OutputStream outputStream, char[] cArr) throws IOException {
        outputStream.write(Strings.m(cArr));
    }
}
