package com.ca.mas.core.registration;

import android.util.Base64;
import android.util.Log;
import com.ca.mas.core.MobileSsoConfig;
import com.ca.mas.core.cert.CertUtils;
import com.ca.mas.core.client.ServerClient;
import com.ca.mas.core.context.MssoContext;
import com.ca.mas.core.error.MAGErrorCode;
import com.ca.mas.core.io.Charsets;
import com.ca.mas.core.io.IoUtils;
import com.ca.mas.core.token.IdToken;
import com.ca.mas.foundation.FoundationConsts;
import com.ca.mas.foundation.MAS;
import com.ca.mas.foundation.MASRequest;
import com.ca.mas.foundation.MASRequestBody;
import com.ca.mas.foundation.MASResponse;
import com.ca.mas.foundation.MASResponseBody;
import java.io.IOException;
import java.net.URI;
import java.nio.charset.Charset;
import java.security.cert.X509Certificate;
import java.util.Iterator;
import java.util.List;
import java.util.Map;

/* loaded from: classes2.dex */
public class RegistrationClient extends ServerClient {

    /* loaded from: classes2.dex */
    public interface DeviceRegistrationResult {
        X509Certificate[] getClientCertificateChain();

        DeviceStatus getDeviceStatus();

        IdToken getIdToken();

        String getMagIdentifier();
    }

    /* loaded from: classes2.dex */
    public enum DeviceStatus {
        ACTIVATED,
        REGISTERED
    }

    public RegistrationClient(MssoContext mssoContext) {
        super(mssoContext);
    }

    private static DeviceStatus findDeviceStatus(MASResponse mASResponse) throws RegistrationException {
        List<String> list = mASResponse.getHeaders().get(ServerClient.DEVICE_STATUS);
        if (list == null || list.size() != 1) {
            throw new RegistrationException(MAGErrorCode.DEVICE_RECORD_IS_NOT_VALID, "register_device response did not include exactly one device status header.");
        }
        String str = list.get(0);
        if (ServerClient.ACTIVATED.equalsIgnoreCase(str)) {
            return DeviceStatus.ACTIVATED;
        }
        if (ServerClient.REGISTERED.equalsIgnoreCase(str)) {
            return DeviceStatus.REGISTERED;
        }
        throw new RegistrationException(MAGErrorCode.DEVICE_RECORD_IS_NOT_VALID, "register_device response did not include a recognized device status.  Status was: " + str);
    }

    private IdToken findIdToken(MASResponse mASResponse, boolean z10) throws RegistrationException {
        List<String> list = mASResponse.getHeaders().get(ServerClient.ID_TOKEN);
        List<String> list2 = mASResponse.getHeaders().get(ServerClient.ID_TOKEN_TYPE);
        if (list == null || list.size() != 1 || list2 == null || list2.size() != 1) {
            if (z10) {
                throw new RegistrationException(MAGErrorCode.DEVICE_RECORD_IS_NOT_VALID, "register_device response did not include exactly one ID token and ID Token type header.");
            }
            return null;
        }
        String str = list.get(0);
        if (str.trim().length() < 1) {
            throw new RegistrationException(MAGErrorCode.DEVICE_RECORD_IS_NOT_VALID, "register_device response did not include a valid ID token.");
        }
        String str2 = list2.get(0);
        if (str2.trim().length() >= 1) {
            return new IdToken(str, str2);
        }
        throw new RegistrationException(MAGErrorCode.DEVICE_RECORD_IS_NOT_VALID, "register_device response did not include a valid ID token type.");
    }

    private String findMagIdentifier(MASResponse mASResponse) throws RegistrationException {
        List<String> list = mASResponse.getHeaders().get(ServerClient.MAG_IDENTIFIER);
        if (list == null || list.size() != 1) {
            throw new RegistrationException(MAGErrorCode.REGISTRATION_WITHOUT_REQUIRED_PARAMETERS, "register_device response did not include exactly one mag identifier header.");
        }
        String str = list.get(0);
        byte[] decode = Base64.decode(str, 0);
        if (decode == null || decode.length < 1) {
            throw new RegistrationException(MAGErrorCode.REGISTRATION_WITHOUT_REQUIRED_PARAMETERS, "register_device response did not include a valid mag identifier.");
        }
        return str;
    }

    public DeviceRegistrationResult registerDevice(byte[] bArr, MASRequest mASRequest, String str, String str2, String str3, String str4, boolean z10) throws RegistrationException, RegistrationServerException {
        if (mASRequest.getGrantProvider().getCredentials(this.mssoContext) == null) {
            throw new NullPointerException("credentials");
        }
        URI registrationPath = mASRequest.getGrantProvider().getRegistrationPath(this.mssoContext);
        if (registrationPath == null) {
            throw new RegistrationException(MAGErrorCode.DEVICE_NOT_REGISTERED, "No device registration URL is configured");
        }
        MASRequest.MASRequestBuilder mASRequestBuilder = new MASRequest.MASRequestBuilder(registrationPath);
        Map<String, List<String>> headers = mASRequest.getGrantProvider().getCredentials(this.mssoContext).getHeaders();
        if (headers != null) {
            for (String str5 : headers.keySet()) {
                if (headers.get(str5) != null) {
                    Iterator<String> it = headers.get(str5).iterator();
                    while (it.hasNext()) {
                        mASRequestBuilder.header(str5, it.next());
                    }
                }
            }
        }
        StringBuilder sb2 = new StringBuilder();
        sb2.append("Basic ");
        String str6 = str + FoundationConsts.COLON + str2;
        Charset charset = Charsets.ASCII;
        sb2.append(IoUtils.base64(str6, charset));
        mASRequestBuilder.header(ServerClient.CLIENT_AUTHORIZATION, sb2.toString());
        mASRequestBuilder.header(ServerClient.DEVICE_ID, IoUtils.base64(str3, charset));
        mASRequestBuilder.header(ServerClient.DEVICE_NAME, IoUtils.base64(str4, charset));
        if (mASRequest.getGrantProvider().isSessionSupported()) {
            mASRequestBuilder.header(ServerClient.CREATE_SESSION, Boolean.toString(z10));
        }
        mASRequestBuilder.header(ServerClient.CERT_FORMAT, ServerClient.PEM);
        mASRequestBuilder.post(MASRequestBody.byteArrayBody(Base64.encode(bArr, 11)));
        try {
            MASResponse execute = this.mssoContext.getMAGHttpClient().execute(mASRequestBuilder.build());
            boolean z11 = false;
            if (MAS.DEBUG) {
                Log.d(MAS.TAG, String.format("%s response with status: %d", mASRequest.getURL(), Integer.valueOf(execute.getResponseCode())));
            }
            if (execute.getResponseCode() != 200) {
                throw ((RegistrationServerException) ServerClient.createServerException(execute, RegistrationServerException.class));
            }
            final DeviceStatus findDeviceStatus = findDeviceStatus(execute);
            final String findMagIdentifier = findMagIdentifier(execute);
            if (z10 && mASRequest.getGrantProvider().isSessionSupported()) {
                z11 = true;
            }
            final IdToken findIdToken = findIdToken(execute, z11);
            MASResponseBody body = execute.getBody();
            if (body == null) {
                throw new RegistrationException(MAGErrorCode.DEVICE_RECORD_IS_NOT_VALID, "register_device response did not contain an entity");
            }
            byte[] rawContent = body.getRawContent();
            if (rawContent.length < 1) {
                throw new RegistrationException(MAGErrorCode.DEVICE_RECORD_IS_NOT_VALID, "register_device response was empty");
            }
            final X509Certificate[] decodeCertificateChain = CertUtils.decodeCertificateChain(rawContent);
            if (decodeCertificateChain.length >= 1) {
                return new DeviceRegistrationResult() { // from class: com.ca.mas.core.registration.RegistrationClient.1
                    @Override // com.ca.mas.core.registration.RegistrationClient.DeviceRegistrationResult
                    public X509Certificate[] getClientCertificateChain() {
                        return decodeCertificateChain;
                    }

                    @Override // com.ca.mas.core.registration.RegistrationClient.DeviceRegistrationResult
                    public DeviceStatus getDeviceStatus() {
                        return findDeviceStatus;
                    }

                    @Override // com.ca.mas.core.registration.RegistrationClient.DeviceRegistrationResult
                    public IdToken getIdToken() {
                        return findIdToken;
                    }

                    @Override // com.ca.mas.core.registration.RegistrationClient.DeviceRegistrationResult
                    public String getMagIdentifier() {
                        return findMagIdentifier;
                    }
                };
            }
            throw new RegistrationException(MAGErrorCode.DEVICE_RECORD_IS_NOT_VALID, "register_device response did not include a certificate chain");
        } catch (IOException e10) {
            throw new RegistrationException(MAGErrorCode.DEVICE_NOT_REGISTERED, "Unable to post to register_device: " + e10.getMessage(), e10);
        }
    }

    public void removeDeviceRegistration() throws RegistrationException, RegistrationServerException {
        try {
            MASResponse execute = this.mssoContext.getMAGHttpClient().execute(new MASRequest.MASRequestBuilder(this.conf.getTokenUri(MobileSsoConfig.PROP_TOKEN_URL_SUFFIX_REMOVE_DEVICE_X509)).delete(null).build());
            if (200 != execute.getResponseCode()) {
                throw ((RegistrationServerException) ServerClient.createServerException(execute, RegistrationServerException.class));
            }
        } catch (IOException e10) {
            throw new RegistrationException(MAGErrorCode.DEVICE_COULD_NOT_BE_DEREGISTERED, "Unable to de-register device: " + e10.getMessage(), e10);
        }
    }
}
