package org.bouncycastle.est;

import cn.sirius.nga.inner.ok;
import com.tapsdk.lc.LCUser;
import com.tencent.connect.common.Constants;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import org.bouncycastle.asn1.i1;
import org.bouncycastle.operator.z;
import org.bouncycastle.util.w;

/* loaded from: classes2.dex */
public class r implements e {

    /* renamed from: f, reason: collision with root package name */
    private static final org.bouncycastle.operator.m f19550f = new org.bouncycastle.operator.j();

    /* renamed from: g, reason: collision with root package name */
    private static final Set<String> f19551g;

    /* renamed from: a, reason: collision with root package name */
    private final String f19552a;

    /* renamed from: b, reason: collision with root package name */
    private final String f19553b;

    /* renamed from: c, reason: collision with root package name */
    private final char[] f19554c;

    /* renamed from: d, reason: collision with root package name */
    private final SecureRandom f19555d;

    /* renamed from: e, reason: collision with root package name */
    private final org.bouncycastle.operator.o f19556e;

    /* loaded from: classes2.dex */
    class a implements j {
        a() {
        }

        @Override // org.bouncycastle.est.j
        public m a(k kVar, u uVar) throws IOException {
            m mVar = new m(kVar, uVar);
            if (mVar.l() != 401) {
                return mVar;
            }
            String f3 = mVar.f("WWW-Authenticate");
            if (f3 == null) {
                throw new i("Status of 401 but no WWW-Authenticate header");
            }
            String j2 = w.j(f3);
            if (j2.startsWith(org.bouncycastle.cms.e.f16585b)) {
                return r.this.f(mVar);
            }
            if (!j2.startsWith("basic")) {
                throw new i("Unknown auth mode: " + j2);
            }
            mVar.d();
            Map<String, String> c3 = s.c("Basic", mVar.f("WWW-Authenticate"));
            if (r.this.f19552a != null && !r.this.f19552a.equals(c3.get("realm"))) {
                throw new i("Supplied realm '" + r.this.f19552a + "' does not match server realm '" + c3.get("realm") + "'", null, 401, null);
            }
            l g3 = new l(kVar).g(null);
            if (r.this.f19552a != null && r.this.f19552a.length() > 0) {
                g3.c("WWW-Authenticate", "Basic realm=\"" + r.this.f19552a + "\"");
            }
            if (r.this.f19553b.contains(":")) {
                throw new IllegalArgumentException("User must not contain a ':'");
            }
            char[] cArr = new char[r.this.f19553b.length() + 1 + r.this.f19554c.length];
            System.arraycopy(r.this.f19553b.toCharArray(), 0, cArr, 0, r.this.f19553b.length());
            cArr[r.this.f19553b.length()] = ':';
            System.arraycopy(r.this.f19554c, 0, cArr, r.this.f19553b.length() + 1, r.this.f19554c.length);
            g3.c("Authorization", "Basic " + org.bouncycastle.util.encoders.a.i(w.i(cArr)));
            m a3 = kVar.a().a(g3.b());
            org.bouncycastle.util.a.g0(cArr, (char) 0);
            return a3;
        }
    }

    static {
        HashSet hashSet = new HashSet();
        hashSet.add("realm");
        hashSet.add(Constants.NONCE);
        hashSet.add("opaque");
        hashSet.add("algorithm");
        hashSet.add("qop");
        f19551g = Collections.unmodifiableSet(hashSet);
    }

    public r(String str, String str2, char[] cArr) {
        this(str, str2, cArr, null, null);
    }

    public r(String str, String str2, char[] cArr, SecureRandom secureRandom, org.bouncycastle.operator.o oVar) {
        this.f19552a = str;
        this.f19553b = str2;
        this.f19554c = cArr;
        this.f19555d = secureRandom;
        this.f19556e = oVar;
    }

    public r(String str, char[] cArr) {
        this(null, str, cArr, null, null);
    }

    public r(String str, char[] cArr, SecureRandom secureRandom, org.bouncycastle.operator.o oVar) {
        this(null, str, cArr, secureRandom, oVar);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public m f(m mVar) throws IOException {
        String str;
        String str2;
        mVar.d();
        k j2 = mVar.j();
        try {
            Map<String, String> c3 = s.c("Digest", mVar.f("WWW-Authenticate"));
            try {
                String path = j2.f().toURI().getPath();
                for (String str3 : c3.keySet()) {
                    if (!f19551g.contains(str3)) {
                        throw new i("Unrecognised entry in WWW-Authenticate header: '" + ((Object) str3) + "'");
                    }
                }
                String e3 = j2.e();
                String str4 = c3.get("realm");
                String str5 = c3.get(Constants.NONCE);
                String str6 = c3.get("opaque");
                String str7 = "algorithm";
                String str8 = c3.get("algorithm");
                String str9 = "qop";
                String str10 = c3.get("qop");
                ArrayList arrayList = new ArrayList();
                String str11 = this.f19552a;
                if (str11 != null && !str11.equals(str4)) {
                    throw new i("Supplied realm '" + this.f19552a + "' does not match server realm '" + str4 + "'", null, 401, null);
                }
                if (str8 == null) {
                    str8 = "MD5";
                }
                if (str8.length() == 0) {
                    throw new i("WWW-Authenticate no algorithm defined.");
                }
                String n2 = w.n(str8);
                if (str10 == null) {
                    throw new i("Qop is not defined in WWW-Authenticate header.");
                }
                if (str10.length() == 0) {
                    throw new i("QoP value is empty.");
                }
                String[] split = w.j(str10).split(ok.f2399c);
                int i2 = 0;
                while (true) {
                    String str12 = str7;
                    String str13 = str9;
                    if (i2 == split.length) {
                        org.bouncycastle.asn1.x509.b h3 = h(n2);
                        if (h3 == null || h3.m() == null) {
                            throw new IOException("auth digest algorithm unknown: " + n2);
                        }
                        org.bouncycastle.operator.n g3 = g(n2, h3);
                        OutputStream b3 = g3.b();
                        String i3 = i(10);
                        j(b3, this.f19553b);
                        j(b3, ":");
                        j(b3, str4);
                        j(b3, ":");
                        k(b3, this.f19554c);
                        b3.close();
                        byte[] c4 = g3.c();
                        if (n2.endsWith("-SESS")) {
                            org.bouncycastle.operator.n g4 = g(n2, h3);
                            OutputStream b4 = g4.b();
                            j(b4, org.bouncycastle.util.encoders.h.j(c4));
                            j(b4, ":");
                            j(b4, str5);
                            j(b4, ":");
                            j(b4, i3);
                            b4.close();
                            c4 = g4.c();
                        }
                        String j3 = org.bouncycastle.util.encoders.h.j(c4);
                        org.bouncycastle.operator.n g5 = g(n2, h3);
                        OutputStream b5 = g5.b();
                        if (((String) arrayList.get(0)).equals("auth-int")) {
                            org.bouncycastle.operator.n g6 = g(n2, h3);
                            str = "auth-int";
                            OutputStream b6 = g6.b();
                            j2.g(b6);
                            b6.close();
                            byte[] c5 = g6.c();
                            j(b5, e3);
                            j(b5, ":");
                            j(b5, path);
                            j(b5, ":");
                            j(b5, org.bouncycastle.util.encoders.h.j(c5));
                        } else {
                            str = "auth-int";
                            if (((String) arrayList.get(0)).equals(com.alipay.sdk.app.statistic.b.f4457n)) {
                                j(b5, e3);
                                j(b5, ":");
                                j(b5, path);
                            }
                        }
                        b5.close();
                        String j4 = org.bouncycastle.util.encoders.h.j(g5.c());
                        org.bouncycastle.operator.n g7 = g(n2, h3);
                        OutputStream b7 = g7.b();
                        boolean contains = arrayList.contains("missing");
                        j(b7, j3);
                        j(b7, ":");
                        j(b7, str5);
                        j(b7, ":");
                        if (contains) {
                            j(b7, j4);
                            str2 = str;
                        } else {
                            j(b7, "00000001");
                            j(b7, ":");
                            j(b7, i3);
                            j(b7, ":");
                            str2 = str;
                            if (((String) arrayList.get(0)).equals(str2)) {
                                j(b7, str2);
                            } else {
                                j(b7, com.alipay.sdk.app.statistic.b.f4457n);
                            }
                            j(b7, ":");
                            j(b7, j4);
                        }
                        b7.close();
                        String j5 = org.bouncycastle.util.encoders.h.j(g7.c());
                        HashMap hashMap = new HashMap();
                        hashMap.put(LCUser.ATTR_USERNAME, this.f19553b);
                        hashMap.put("realm", str4);
                        hashMap.put(Constants.NONCE, str5);
                        hashMap.put("uri", path);
                        hashMap.put("response", j5);
                        if (!((String) arrayList.get(0)).equals(str2)) {
                            if (((String) arrayList.get(0)).equals(com.alipay.sdk.app.statistic.b.f4457n)) {
                                hashMap.put(str13, com.alipay.sdk.app.statistic.b.f4457n);
                            }
                            hashMap.put(str12, n2);
                            if (str6 != null || str6.length() == 0) {
                                hashMap.put("opaque", i(20));
                            }
                            l g8 = new l(j2).g(null);
                            g8.c("Authorization", s.b("Digest", hashMap));
                            return j2.a().a(g8.b());
                        }
                        hashMap.put(str13, str2);
                        hashMap.put("nc", "00000001");
                        hashMap.put("cnonce", i3);
                        hashMap.put(str12, n2);
                        if (str6 != null) {
                        }
                        hashMap.put("opaque", i(20));
                        l g82 = new l(j2).g(null);
                        g82.c("Authorization", s.b("Digest", hashMap));
                        return j2.a().a(g82.b());
                    }
                    if (!split[i2].equals(com.alipay.sdk.app.statistic.b.f4457n) && !split[i2].equals("auth-int")) {
                        throw new i("QoP value unknown: '" + i2 + "'");
                    }
                    String trim = split[i2].trim();
                    if (!arrayList.contains(trim)) {
                        arrayList.add(trim);
                    }
                    i2++;
                    str7 = str12;
                    str9 = str13;
                }
            } catch (Exception e4) {
                throw new IOException("unable to process URL in request: " + e4.getMessage());
            }
        } catch (Throwable th) {
            throw new i("Parsing WWW-Authentication header: " + th.getMessage(), th, mVar.l(), new ByteArrayInputStream(mVar.f("WWW-Authenticate").getBytes()));
        }
    }

    private org.bouncycastle.operator.n g(String str, org.bouncycastle.asn1.x509.b bVar) throws IOException {
        try {
            return this.f19556e.a(bVar);
        } catch (z e3) {
            throw new IOException("cannot create digest calculator for " + str + ": " + e3.getMessage());
        }
    }

    private org.bouncycastle.asn1.x509.b h(String str) {
        if (str.endsWith("-SESS")) {
            str = str.substring(0, str.length() - 5);
        }
        return str.equals("SHA-512-256") ? new org.bouncycastle.asn1.x509.b(org.bouncycastle.asn1.nist.d.f15052h, i1.f14885a) : f19550f.a(str);
    }

    private String i(int i2) {
        byte[] bArr = new byte[i2];
        this.f19555d.nextBytes(bArr);
        return org.bouncycastle.util.encoders.h.j(bArr);
    }

    private void j(OutputStream outputStream, String str) throws IOException {
        outputStream.write(w.l(str));
    }

    private void k(OutputStream outputStream, char[] cArr) throws IOException {
        outputStream.write(w.m(cArr));
    }

    @Override // org.bouncycastle.est.e
    public void a(l lVar) {
        lVar.g(new a());
    }
}
