package com.microsoft.aad.adal;

import android.content.Context;
import android.content.Intent;
import android.os.Bundle;
import android.os.Handler;
import android.os.HandlerThread;
import android.os.Process;
import com.microsoft.aad.adal.BrokerProxy;
import com.microsoft.aad.adal.TelemetryUtils;
import java.io.Serializable;
import java.io.UnsupportedEncodingException;
import java.net.MalformedURLException;
import java.net.URL;
import java.net.URLEncoder;
import java.util.Date;
import java.util.UUID;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes.dex */
public class e {
    private static final String a = e.class.getSimpleName();
    private static final ExecutorService b = Executors.newSingleThreadExecutor();
    private static Handler g = null;

    /* renamed from: c, reason: collision with root package name */
    private final Context f1292c;
    private final i d;
    private az e;
    private final ag f;
    private x h;
    private b i;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public static class a {
        private Handler a;
        private h<AuthenticationResult> b;

        public a(Handler handler, h<AuthenticationResult> hVar) {
            this.a = handler;
            this.b = hVar;
        }

        h<AuthenticationResult> a() {
            return this.b;
        }

        public void a(final AuthenticationException authenticationException) {
            if (this.b != null) {
                if (this.a != null) {
                    this.a.post(new Runnable() { // from class: com.microsoft.aad.adal.e.a.1
                        @Override // java.lang.Runnable
                        public void run() {
                            a.this.b.a((Exception) authenticationException);
                        }
                    });
                } else {
                    this.b.a(authenticationException);
                }
            }
        }

        public void a(final AuthenticationResult authenticationResult) {
            if (this.b != null) {
                if (this.a != null) {
                    this.a.post(new Runnable() { // from class: com.microsoft.aad.adal.e.a.2
                        @Override // java.lang.Runnable
                        public void run() {
                            a.this.b.a((h) authenticationResult);
                        }
                    });
                } else {
                    this.b.a((h<AuthenticationResult>) authenticationResult);
                }
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public e(Context context, i iVar, b bVar) {
        this.f1292c = context;
        this.d = iVar;
        this.h = new x(this.f1292c);
        if (iVar.a() != null && bVar != null) {
            this.e = new az(iVar.a(), iVar.c(), bVar.e());
        }
        this.f = new BrokerProxy(context);
        this.i = bVar;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void a(AuthenticationRequest authenticationRequest) throws AuthenticationException {
        URL e = ax.e(authenticationRequest.a());
        if (e == null) {
            throw new AuthenticationException(ADALError.DEVELOPER_AUTHORITY_IS_NOT_VALID_URL);
        }
        a(authenticationRequest, e);
        BrokerProxy.SwitchToBroker a2 = this.f.a(authenticationRequest.a());
        if (a2 == BrokerProxy.SwitchToBroker.CANNOT_SWITCH_TO_BROKER || !this.f.a(authenticationRequest.e(), authenticationRequest.l()) || authenticationRequest.m()) {
            return;
        }
        if (a2 == BrokerProxy.SwitchToBroker.NEED_PERMISSIONS_TO_SWITCH_TO_BROKER) {
            throw new UsageAuthenticationException(ADALError.DEVELOPER_BROKER_PERMISSIONS_MISSING, "Broker related permissions are missing for GET_ACCOUNTS.");
        }
        h(authenticationRequest);
    }

    private void a(AuthenticationRequest authenticationRequest, URL url) throws AuthenticationException {
        ay.a().a(authenticationRequest.s(), "Microsoft.ADAL.authority_validation");
        b bVar = new b("Microsoft.ADAL.authority_validation");
        bVar.l(authenticationRequest.f().toString());
        bVar.m(authenticationRequest.s());
        try {
            if (this.d.d()) {
                try {
                    a(url, authenticationRequest.r(), authenticationRequest.m(), authenticationRequest.f());
                    bVar.c("Microsoft.ADAL.authority_validation_status_success");
                } catch (AuthenticationException e) {
                    if (e.a() == null || !(e.a().equals(ADALError.DEVICE_CONNECTION_IS_NOT_AVAILABLE) || e.a().equals(ADALError.NO_NETWORK_CONNECTION_POWER_OPTIMIZATION))) {
                        bVar.c("Microsoft.ADAL.authority_validation_status_failure");
                    } else {
                        bVar.c("Microsoft.ADAL.authority_validation_status_not_done");
                    }
                    throw e;
                }
            } else {
                if (!bb.a(url) && !l.a(url)) {
                    try {
                        this.h.a(url);
                    } catch (AuthenticationException e2) {
                        l.a(url.getHost(), new ap(false));
                        Logger.c(a, "Fail to get authority validation metadata back. Ignore the failure since authority validation is turned off.");
                    }
                }
                bVar.c("Microsoft.ADAL.authority_validation_status_not_done");
            }
            ap c2 = l.c(url);
            if (c2 == null || !c2.d()) {
                return;
            }
            a(url, authenticationRequest, c2);
        } finally {
            ay.a().a(authenticationRequest.s(), bVar, "Microsoft.ADAL.authority_validation");
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void a(a aVar, am amVar, boolean z, AuthenticationRequest authenticationRequest) throws AuthenticationException {
        AuthenticationResult b2 = b(authenticationRequest);
        if (!a(b2)) {
            Logger.b(a, "Trying to acquire token interactively.");
            b(aVar, amVar, z, authenticationRequest);
            return;
        }
        this.i.a(true, (Exception) null);
        this.i.l(authenticationRequest.f().toString());
        this.i.f(b2.o());
        this.i.b();
        aVar.a(b2);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void a(a aVar, k kVar, int i, AuthenticationException authenticationException) {
        if (kVar != null) {
            try {
                if (kVar.a() != null) {
                    Logger.c(a, "Sending error to callback" + this.d.a(kVar));
                    kVar.c().a(false, (Exception) authenticationException);
                    kVar.c().l(kVar.b().f().toString());
                    kVar.c().b();
                    if (aVar != null) {
                        aVar.a(authenticationException);
                    } else {
                        kVar.a().a(authenticationException);
                    }
                }
            } finally {
                if (authenticationException != null) {
                    this.d.b(i);
                }
            }
        }
    }

    private void a(k kVar, int i, AuthenticationException authenticationException) {
        a((a) null, kVar, i, authenticationException);
    }

    private void a(URL url, AuthenticationRequest authenticationRequest, ap apVar) throws AuthenticationException {
        if (apVar == null || !apVar.d() || apVar.a() == null || url.getHost().equalsIgnoreCase(apVar.a())) {
            return;
        }
        try {
            authenticationRequest.a(bd.a(url, apVar.a()).toString());
        } catch (MalformedURLException e) {
            Logger.a(a, "preferred network is invalid", "use exactly the same authority url that is passed");
        }
    }

    private void a(URL url, String str, boolean z, UUID uuid) throws AuthenticationException {
        boolean a2 = bb.a(url);
        if (l.b(url)) {
            return;
        }
        if (a2 && this.d.g()) {
            return;
        }
        Logger.c(a, "Start validating authority");
        this.h.a(uuid);
        x.b(url);
        if (z || !a2 || str == null) {
            if (z && bb.a(url)) {
                Logger.c(a, "Silent request. Skipping AD FS authority validation");
            }
            this.h.a(url);
        } else {
            this.h.a(url, str);
        }
        Logger.c(a, "The passed in authority is valid.");
        this.d.a(true);
    }

    private boolean a(AuthenticationResult authenticationResult) {
        return (authenticationResult == null || ax.a(authenticationResult.b())) ? false : true;
    }

    private synchronized Handler b() {
        if (g == null) {
            HandlerThread handlerThread = new HandlerThread("AcquireTokenRequestHandlerThread");
            handlerThread.start();
            g = new Handler(handlerThread.getLooper());
        }
        return g;
    }

    private AuthenticationResult b(AuthenticationRequest authenticationRequest) throws AuthenticationException {
        AuthenticationResult authenticationResult = null;
        if (c(authenticationRequest)) {
            Logger.c(a, "Try to acquire token silently, return valid AT or use RT in the cache.");
            authenticationResult = d(authenticationRequest);
            boolean a2 = a(authenticationResult);
            if (!a2 && authenticationRequest.m()) {
                String l = authenticationResult == null ? "No result returned from acquireTokenSilent" : authenticationResult.l();
                Logger.g(a, "Prompt is not allowed and failed to get token:", authenticationRequest.h() + " " + l, ADALError.AUTH_REFRESH_FAILED_PROMPT_NOT_ALLOWED);
                throw new AuthenticationException(ADALError.AUTH_REFRESH_FAILED_PROMPT_NOT_ALLOWED, authenticationRequest.h() + " " + l);
            }
            if (a2) {
                Logger.c(a, "Token is successfully returned from silent flow. ");
            }
        }
        return authenticationResult;
    }

    private void b(a aVar, am amVar, boolean z, AuthenticationRequest authenticationRequest) throws AuthenticationException {
        if (amVar == null && !z) {
            throw new AuthenticationException(ADALError.AUTH_REFRESH_FAILED_PROMPT_NOT_ALLOWED, authenticationRequest.h() + " Cannot launch webview, acitivity is null.");
        }
        ad.a(this.f1292c);
        int hashCode = aVar.a().hashCode();
        authenticationRequest.a(hashCode);
        this.d.a(hashCode, new k(hashCode, authenticationRequest, aVar.a(), this.i));
        BrokerProxy.SwitchToBroker a2 = this.f.a(authenticationRequest.a());
        if (a2 == BrokerProxy.SwitchToBroker.CANNOT_SWITCH_TO_BROKER || !this.f.a(authenticationRequest.e(), authenticationRequest.l())) {
            Logger.c(a, "Starting Authentication Activity for embedded flow. Callback is:" + aVar.a().hashCode());
            new d(this.f1292c, authenticationRequest, this.e).a(amVar, z ? new j(b(), this.f1292c, this, authenticationRequest) : null);
        } else {
            if (a2 == BrokerProxy.SwitchToBroker.NEED_PERMISSIONS_TO_SWITCH_TO_BROKER) {
                throw new UsageAuthenticationException(ADALError.DEVELOPER_BROKER_PERMISSIONS_MISSING, "Broker related permissions are missing for GET_ACCOUNTS");
            }
            Logger.c(a, "Launch activity for interactive authentication via broker with callback: " + aVar.a().hashCode());
            new g(authenticationRequest, this.f).a(amVar);
        }
    }

    private boolean c(AuthenticationRequest authenticationRequest) {
        return (!bd.a(authenticationRequest) && authenticationRequest.i() == PromptBehavior.Auto) || authenticationRequest.m();
    }

    private AuthenticationResult d(AuthenticationRequest authenticationRequest) throws AuthenticationException {
        BrokerProxy.SwitchToBroker a2;
        AuthenticationResult e = e(authenticationRequest);
        if (a(e) || (a2 = this.f.a(authenticationRequest.a())) == BrokerProxy.SwitchToBroker.CANNOT_SWITCH_TO_BROKER || !this.f.a(authenticationRequest.e(), authenticationRequest.l())) {
            return e;
        }
        if (a2 == BrokerProxy.SwitchToBroker.NEED_PERMISSIONS_TO_SWITCH_TO_BROKER) {
            throw new UsageAuthenticationException(ADALError.DEVELOPER_BROKER_PERMISSIONS_MISSING, "Broker related permissions are missing for GET_ACCOUNTS");
        }
        Logger.b(a, "Cannot get AT from local cache, switch to Broker for auth, clear tokens from local cache for the user.");
        g(authenticationRequest);
        return f(authenticationRequest);
    }

    private AuthenticationResult e(AuthenticationRequest authenticationRequest) throws AuthenticationException {
        Logger.c(a, "Try to silently get token from local cache.");
        return new f(this.f1292c, authenticationRequest, this.e).a();
    }

    private AuthenticationResult f(AuthenticationRequest authenticationRequest) throws AuthenticationException {
        return new g(authenticationRequest, this.f).a();
    }

    private void g(AuthenticationRequest authenticationRequest) throws AuthenticationException {
        if (this.e == null) {
            return;
        }
        String l = !ax.a(authenticationRequest.l()) ? authenticationRequest.l() : authenticationRequest.e();
        try {
            TokenCacheItem b2 = this.e.b("1", l);
            if (b2 != null) {
                this.e.a(b2, authenticationRequest.c());
            }
            try {
                TokenCacheItem a2 = this.e.a(authenticationRequest.d(), l);
                TokenCacheItem b3 = this.e.b(authenticationRequest.c(), authenticationRequest.d(), l);
                if (a2 != null) {
                    this.e.a(a2, authenticationRequest.c());
                } else if (b3 != null) {
                    this.e.a(b3, authenticationRequest.c());
                } else {
                    Logger.c(a, "No token items need to be deleted for the user.");
                }
            } catch (MalformedURLException e) {
                throw new AuthenticationException(ADALError.DEVELOPER_AUTHORITY_IS_NOT_VALID_URL, e.getMessage(), e);
            }
        } catch (MalformedURLException e2) {
            throw new AuthenticationException(ADALError.DEVELOPER_AUTHORITY_IS_NOT_VALID_URL, e2.getMessage(), e2);
        }
    }

    private void h(AuthenticationRequest authenticationRequest) throws UsageAuthenticationException {
        String b2 = authenticationRequest.b();
        String e = this.d.e();
        if (ax.a(b2)) {
            String str = "The redirectUri is null or blank. so the redirect uri is expected to be:" + e;
            Logger.g(a + ":verifyBrokerRedirectUri", str, "", ADALError.DEVELOPER_REDIRECTURI_INVALID);
            throw new UsageAuthenticationException(ADALError.DEVELOPER_REDIRECTURI_INVALID, str);
        }
        if (!b2.startsWith("msauth://")) {
            String str2 = "The prefix of the redirect uri does not match the expected value.  The valid broker redirect URI prefix: msauth so the redirect uri is expected to be: " + e;
            Logger.g(a + ":verifyBrokerRedirectUri", str2, "", ADALError.DEVELOPER_REDIRECTURI_INVALID);
            throw new UsageAuthenticationException(ADALError.DEVELOPER_REDIRECTURI_INVALID, str2);
        }
        at atVar = new at(this.f1292c);
        try {
            String encode = URLEncoder.encode(this.f1292c.getPackageName(), "UTF_8");
            String encode2 = URLEncoder.encode(atVar.a(this.f1292c.getPackageName()), "UTF_8");
            if (!b2.startsWith("msauth://" + encode + "/")) {
                String str3 = "The base64 url encoded package name component of the redirect uri does not match the expected value. This apps package name is: " + encode + " so the redirect uri is expected to be: " + e;
                Logger.g(a + ":verifyBrokerRedirectUri", str3, "", ADALError.DEVELOPER_REDIRECTURI_INVALID);
                throw new UsageAuthenticationException(ADALError.DEVELOPER_REDIRECTURI_INVALID, str3);
            }
            if (b2.equalsIgnoreCase(e)) {
                Logger.c(a + ":verifyBrokerRedirectUri", "The broker redirect URI is valid: " + b2);
            } else {
                String str4 = "The base64 url encoded signature component of the redirect uri does not match the expected value. This apps signature is: " + encode2 + " so the redirect uri is expected to be: " + e;
                Logger.g(a + ":verifyBrokerRedirectUri", str4, "", ADALError.DEVELOPER_REDIRECTURI_INVALID);
                throw new UsageAuthenticationException(ADALError.DEVELOPER_REDIRECTURI_INVALID, str4);
            }
        } catch (UnsupportedEncodingException e2) {
            Logger.b(a + ":verifyBrokerRedirectUri", e2.getMessage(), "", ADALError.ENCODING_IS_NOT_SUPPORTED, e2);
            throw new UsageAuthenticationException(ADALError.ENCODING_IS_NOT_SUPPORTED, "The verifying BrokerRedirectUri process failed because the base64 url encoding is not supported.", e2);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void a(int i, int i2, Intent intent) {
        if (i == 1001) {
            b();
            if (intent == null) {
                Logger.g(a, "onActivityResult BROWSER_FLOW data is null.", "", ADALError.ON_ACTIVITY_RESULT_INTENT_NULL);
                return;
            }
            Bundle extras = intent.getExtras();
            final int i3 = extras.getInt("com.microsoft.aad.adal:RequestId");
            try {
                final k a2 = this.d.a(i3);
                Logger.c(a, "onActivityResult RequestId:" + i3);
                String a3 = this.d.a(a2);
                if (i2 == 2004) {
                    String stringExtra = intent.getStringExtra("account.access.token");
                    this.f.c(intent.getStringExtra("account.name"));
                    Date date = new Date(intent.getLongExtra("account.expiredate", 0L));
                    String stringExtra2 = intent.getStringExtra("account.idtoken");
                    String stringExtra3 = intent.getStringExtra("account.userinfo.tenantid");
                    UserInfo a4 = UserInfo.a(intent.getExtras());
                    String stringExtra4 = intent.getStringExtra("cliteleminfo.server_error");
                    String stringExtra5 = intent.getStringExtra("cliteleminfo.server_suberror");
                    String stringExtra6 = intent.getStringExtra("cliteleminfo.rt_age");
                    String stringExtra7 = intent.getStringExtra("cliteleminfo.spe_ring");
                    AuthenticationResult authenticationResult = new AuthenticationResult(stringExtra, null, date, false, a4, stringExtra3, stringExtra2, null);
                    TelemetryUtils.CliTelemInfo cliTelemInfo = new TelemetryUtils.CliTelemInfo();
                    cliTelemInfo.b(stringExtra4);
                    cliTelemInfo.c(stringExtra5);
                    cliTelemInfo.d(stringExtra6);
                    cliTelemInfo.e(stringExtra7);
                    authenticationResult.a(cliTelemInfo);
                    if (authenticationResult.b() != null) {
                        a2.c().a(true, (Exception) null);
                        a2.c().l(a2.b().f().toString());
                        a2.c().f(authenticationResult.o());
                        a2.c().h(cliTelemInfo.a());
                        a2.c().i(cliTelemInfo.b());
                        a2.c().j(cliTelemInfo.c());
                        a2.c().k(cliTelemInfo.d());
                        a2.c().b();
                        a2.a().a((h<AuthenticationResult>) authenticationResult);
                        return;
                    }
                    return;
                }
                if (i2 == 2001) {
                    Logger.c(a, "User cancelled the flow RequestId:" + i3 + a3);
                    a(a2, i3, new AuthenticationCancelError("User cancelled the flow RequestId:" + i3 + a3));
                    return;
                }
                if (i2 == 2006) {
                    Logger.c(a + ":onActivityResult", "Device needs to have broker installed, we expect the apps to call usback when the broker is installed");
                    a(a2, i3, new AuthenticationException(ADALError.BROKER_APP_INSTALLATION_STARTED));
                    return;
                }
                if (i2 == 2005) {
                    Serializable serializable = extras.getSerializable("com.microsoft.aad.adal:AuthenticationException");
                    if (serializable == null || !(serializable instanceof AuthenticationException)) {
                        a(a2, i3, new AuthenticationException(ADALError.WEBVIEW_RETURNED_INVALID_AUTHENTICATION_EXCEPTION, a3));
                        return;
                    }
                    AuthenticationException authenticationException = (AuthenticationException) serializable;
                    Logger.f(a, "Webview returned exception", authenticationException.getMessage(), ADALError.WEBVIEW_RETURNED_AUTHENTICATION_EXCEPTION);
                    a(a2, i3, authenticationException);
                    return;
                }
                if (i2 == 2002) {
                    String string = extras.getString("com.microsoft.aad.adal:BrowserErrorCode");
                    String string2 = extras.getString("com.microsoft.aad.adal:BrowserErrorMessage");
                    Logger.c(a, "Error info:" + string + " " + string2 + " for requestId: " + i3 + a3);
                    a(a2, i3, new AuthenticationException(ADALError.SERVER_INVALID_REQUEST, string + " " + string2 + a3));
                    return;
                }
                if (i2 == 2003) {
                    AuthenticationRequest authenticationRequest = (AuthenticationRequest) extras.getSerializable("com.microsoft.aad.adal:BrowserRequestInfo");
                    final String string3 = extras.getString("com.microsoft.aad.adal:BrowserFinalUrl", "");
                    if (!string3.isEmpty()) {
                        final a aVar = new a(b(), a2.a());
                        b.execute(new Runnable() { // from class: com.microsoft.aad.adal.e.3
                            @Override // java.lang.Runnable
                            public void run() {
                                try {
                                    AuthenticationResult a5 = new d(e.this.f1292c, a2.b(), e.this.e).a(string3);
                                    a2.c().a(true, (Exception) null);
                                    a2.c().l(a2.b().f().toString());
                                    a2.c().f(a5.o());
                                    a2.c().b();
                                    if (a2.a() != null) {
                                        Logger.c(e.a, "Sending result to callback. " + a2.b().h());
                                        aVar.a(a5);
                                    }
                                } catch (AuthenticationException e) {
                                    StringBuilder sb = new StringBuilder(e.getMessage());
                                    if (e.getCause() != null) {
                                        sb.append(e.getCause().getMessage());
                                    }
                                    Logger.b(e.a, sb.toString(), y.a(e), ADALError.AUTHORIZATION_CODE_NOT_EXCHANGED_FOR_TOKEN, e);
                                    e.this.a(aVar, a2, i3, e);
                                }
                            }
                        });
                        return;
                    }
                    StringBuilder sb = new StringBuilder("Webview did not reach the redirectUrl. ");
                    if (authenticationRequest != null) {
                        sb.append(authenticationRequest.h());
                    }
                    sb.append(a3);
                    AuthenticationException authenticationException2 = new AuthenticationException(ADALError.WEBVIEW_RETURNED_EMPTY_REDIRECT_URL, sb.toString());
                    Logger.g(a, authenticationException2.getMessage(), "", authenticationException2.a());
                    a(a2, i3, authenticationException2);
                }
            } catch (AuthenticationException e) {
                Logger.g(a, "onActivityResult did not find waiting request for RequestId:" + i3, "", ADALError.ON_ACTIVITY_RESULT_INTENT_NULL);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void a(final am amVar, final boolean z, final AuthenticationRequest authenticationRequest, h<AuthenticationResult> hVar) {
        final a aVar = new a(b(), hVar);
        Logger.a(authenticationRequest.f());
        Logger.c(a, "Sending async task from thread:" + Process.myTid());
        b.execute(new Runnable() { // from class: com.microsoft.aad.adal.e.1
            @Override // java.lang.Runnable
            public void run() {
                Logger.c(e.a, "Running task in thread:" + Process.myTid());
                try {
                    e.this.a(authenticationRequest);
                    e.this.a(aVar, amVar, z, authenticationRequest);
                } catch (AuthenticationException e) {
                    e.this.i.a(false, (Exception) e);
                    e.this.i.l(authenticationRequest.f().toString());
                    e.this.i.b();
                    aVar.a(e);
                }
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void a(final String str, final AuthenticationRequest authenticationRequest, h<AuthenticationResult> hVar) {
        Logger.a(authenticationRequest.f());
        Logger.c(a, "Refresh token without cache");
        final a aVar = new a(b(), hVar);
        b.execute(new Runnable() { // from class: com.microsoft.aad.adal.e.2
            @Override // java.lang.Runnable
            public void run() {
                try {
                    e.this.a(authenticationRequest);
                    AuthenticationResult a2 = new f(e.this.f1292c, authenticationRequest, e.this.e).a(str);
                    e.this.i.a(true, (Exception) null);
                    e.this.i.f(a2.o());
                    aVar.a(a2);
                } catch (AuthenticationException e) {
                    e.this.i.a(false, (Exception) e);
                    aVar.a(e);
                } finally {
                    e.this.i.l(authenticationRequest.f().toString());
                    e.this.i.b();
                }
            }
        });
    }
}
