package com.microsoft.identity.common.internal.ui.webview.challengehandlers;

import android.app.Activity;
import android.security.KeyChain;
import android.security.KeyChainAliasCallback;
import android.security.KeyChainException;
import android.webkit.ClientCertRequest;
import com.microsoft.identity.common.internal.logging.Logger;
import com.microsoft.identity.common.internal.ui.webview.challengehandlers.ClientCertAuthChallengeHandler;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;

/* loaded from: classes2.dex */
public final class ClientCertAuthChallengeHandler implements IChallengeHandler<ClientCertRequest, Void> {

    /* renamed from: b, reason: collision with root package name */
    private static final String f21520b = "ClientCertAuthChallengeHandler";

    /* renamed from: a, reason: collision with root package name */
    private Activity f21521a;

    public ClientCertAuthChallengeHandler(Activity activity) {
        this.f21521a = activity;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public /* synthetic */ void c(ClientCertRequest clientCertRequest, String str) {
        if (str == null) {
            Logger.h(f21520b, "No certificate chosen by user, cancelling the TLS request.");
            clientCertRequest.cancel();
            return;
        }
        try {
            X509Certificate[] certificateChain = KeyChain.getCertificateChain(this.f21521a.getApplicationContext(), str);
            PrivateKey privateKey = KeyChain.getPrivateKey(this.f21521a, str);
            Logger.h(f21520b, "Certificate is chosen by user, proceed with TLS request.");
            clientCertRequest.proceed(privateKey, certificateChain);
        } catch (KeyChainException e2) {
            Logger.d(f21520b, "KeyChain exception", e2);
            clientCertRequest.cancel();
        } catch (InterruptedException e3) {
            Logger.d(f21520b, "InterruptedException exception", e3);
            clientCertRequest.cancel();
        }
    }

    @Override // com.microsoft.identity.common.internal.ui.webview.challengehandlers.IChallengeHandler
    /* renamed from: d, reason: merged with bridge method [inline-methods] */
    public Void a(final ClientCertRequest clientCertRequest) {
        Principal[] principals = clientCertRequest.getPrincipals();
        if (principals != null) {
            for (Principal principal : principals) {
                if (principal.getName().contains("CN=MS-Organization-Access")) {
                    Logger.h(f21520b, "Cancelling the TLS request, not respond to TLS challenge triggered by device authentication.");
                    clientCertRequest.cancel();
                    return null;
                }
            }
        }
        KeyChain.choosePrivateKeyAlias(this.f21521a, new KeyChainAliasCallback() { // from class: z0.a
            @Override // android.security.KeyChainAliasCallback
            public final void alias(String str) {
                ClientCertAuthChallengeHandler.this.c(clientCertRequest, str);
            }
        }, clientCertRequest.getKeyTypes(), clientCertRequest.getPrincipals(), clientCertRequest.getHost(), clientCertRequest.getPort(), null);
        return null;
    }
}
