package com.airwatch.gateway.clients;

import android.content.Context;
import android.text.TextUtils;
import com.airwatch.auth.helpers.IntegratedAuthDataModel;
import com.airwatch.auth.helpers.IntegratedAuthDataModelImpl;
import com.airwatch.gateway.auth.ApacheNTLMEngine;
import com.airwatch.gateway.clients.utils.IACredentialsManagerFactory;
import com.airwatch.gateway.clients.utils.UpdateCredentialsResult;
import com.airwatch.login.UserCredential;
import com.airwatch.util.Logger;
import java.util.List;
import okhttp3.Authenticator;
import okhttp3.Credentials;
import okhttp3.Request;
import okhttp3.Response;
import okhttp3.Route;

/* loaded from: classes4.dex */
public class AWOkHttpAuthenticator implements Authenticator {
    private static final String AUTHORIZATION_HDR = "Authorization";
    private static final String BASIC_AUTH_TYPE = "Basic";
    private static final String BLANKSPACE = " ";
    private static final String NTLM_AUTH_TYPE = "NTLM";
    public static final String TAG = "AWOkHttpAuthenticator";
    private static final String WWW_AUTHENTICATE_HDR = "www-authenticate";
    private Context context;
    private final boolean useDomainWithCredentials;
    private boolean ntlm1Attempted = false;
    private boolean ntlm3Attempted = false;
    private boolean basicAuthAttempted = false;
    private IntegratedAuthDataModel iaDataModel = new IntegratedAuthDataModelImpl();

    public AWOkHttpAuthenticator(Context context, boolean z) {
        this.context = context;
        this.useDomainWithCredentials = z;
    }

    public AWOkHttpAuthenticator(boolean z) {
        this.useDomainWithCredentials = z;
    }

    private String getAuthType(String str) {
        return str.split(" ")[0];
    }

    private char[] getPassword(String str) {
        if (isIAAllowed(str)) {
            return this.iaDataModel.getEnrollmentPassword();
        }
        UserCredential cachedCredentialsForNonIA = this.iaDataModel.getCachedCredentialsForNonIA(str);
        return cachedCredentialsForNonIA != null ? cachedCredentialsForNonIA.getPassword() : "".toCharArray();
    }

    private String getUsername(String str) {
        if (isIAAllowed(str)) {
            return this.useDomainWithCredentials ? this.iaDataModel.getEnrollmentUsername() : this.iaDataModel.getEnrollmentUsernameWithoutDomain();
        }
        UserCredential cachedCredentialsForNonIA = this.iaDataModel.getCachedCredentialsForNonIA(str);
        return cachedCredentialsForNonIA != null ? cachedCredentialsForNonIA.getUsername() : "";
    }

    private Request handleBasicAuth(Response response) {
        String host = response.request().url().host();
        if (this.basicAuthAttempted) {
            this.basicAuthAttempted = false;
            if (this.context == null) {
                Logger.d(TAG, "Context null. Unable to show auth dialog.");
                return null;
            }
            Logger.d(TAG, "Already attempted Basic auth. Showing auth dialog.");
            UpdateCredentialsResult promptAndUpdateCredentials = IACredentialsManagerFactory.INSTANCE.getIaCredentialsManager().promptAndUpdateCredentials(this.context, host);
            Logger.d(TAG, "Resuming network request after wait.");
            if (promptAndUpdateCredentials != UpdateCredentialsResult.SUCCESS && promptAndUpdateCredentials != UpdateCredentialsResult.PARTIAL_SUCCESS_APP_LEVEL_SUCCESS_ANCHOR_APP_FAILED) {
                Logger.d(TAG, "Updating credentials failed.");
                return null;
            }
        }
        String username = getUsername(host);
        char[] password = getPassword(host);
        if (username == null || password == null) {
            return null;
        }
        String basic = Credentials.basic(username, new String(password));
        this.basicAuthAttempted = true;
        return response.request().newBuilder().header("Authorization", basic).build();
    }

    private Request handleNtlmAuth(Response response, String str) {
        if (this.ntlm1Attempted && this.ntlm3Attempted) {
            this.ntlm3Attempted = false;
            this.ntlm1Attempted = false;
            if (this.context == null) {
                Logger.d(TAG, "Context null. Unable to show auth dialog.");
                return null;
            }
            Logger.d(TAG, "Already attempted NTLM type 1 and type 3. Showing auth dialog.");
            UpdateCredentialsResult promptAndUpdateCredentials = IACredentialsManagerFactory.INSTANCE.getIaCredentialsManager().promptAndUpdateCredentials(this.context, response.request().url().host());
            Logger.d(TAG, "Resuming network request after wait.");
            if (promptAndUpdateCredentials != UpdateCredentialsResult.SUCCESS && promptAndUpdateCredentials != UpdateCredentialsResult.PARTIAL_SUCCESS_APP_LEVEL_SUCCESS_ANCHOR_APP_FAILED) {
                Logger.d(TAG, "Updating credentials failed.");
                return null;
            }
        }
        String[] split = str.trim().split(" ");
        if (split.length == 1) {
            try {
                String str2 = "NTLM " + ApacheNTLMEngine.getType1Message(null, null);
                this.ntlm1Attempted = true;
                return response.request().newBuilder().header("Authorization", str2).build();
            } catch (ApacheNTLMEngine.NtlmHeaderGenerationException e) {
                Logger.e(TAG, "Error generating NTLM Type1 header.", (Throwable) e);
                return null;
            }
        }
        if (split.length == 2) {
            String str3 = split[1];
            try {
                String host = response.request().url().host();
                String str4 = "NTLM " + ApacheNTLMEngine.getType3Message(getUsername(host), getPassword(host), null, null, str3);
                this.ntlm3Attempted = true;
                return response.request().newBuilder().header("Authorization", str4).build();
            } catch (ApacheNTLMEngine.NtlmHeaderGenerationException e2) {
                Logger.e(TAG, "Error generating NTLM Type3 header.", (Throwable) e2);
            }
        }
        return null;
    }

    private boolean isIAAllowed(String str) {
        return this.iaDataModel.isHostAllowedForIA(str) && !TextUtils.isEmpty(this.iaDataModel.getEnrollmentUsernameWithoutDomain());
    }

    @Override // okhttp3.Authenticator
    public Request authenticate(Route route, Response response) {
        List<String> headers = response.headers(WWW_AUTHENTICATE_HDR);
        if (headers != null && !headers.isEmpty()) {
            boolean z = false;
            String str = null;
            boolean z2 = false;
            for (String str2 : headers) {
                String authType = getAuthType(str2);
                if (authType.equalsIgnoreCase("NTLM")) {
                    str = str2;
                    z2 = true;
                } else if (authType.equalsIgnoreCase("Basic")) {
                    z = true;
                }
            }
            if (!z && !z2) {
                return null;
            }
            if (z2) {
                return handleNtlmAuth(response, str);
            }
            if (z) {
                return handleBasicAuth(response);
            }
        }
        return null;
    }
}
