package com.microsoft.office.outlook.gcc;

import com.acompli.accore.util.ADALUtil;
import com.acompli.accore.util.Environment;
import com.acompli.accore.util.OutlookVersionManager;
import com.acompli.libcircle.log.Logger;
import com.acompli.libcircle.log.LoggerFactory;
import com.acompli.libcircle.util.ContainerHelper;
import com.microsoft.aad.adal.AuthenticationResult;
import com.microsoft.office.outlook.cloudenvironment.CloudEnvironment;
import com.microsoft.office.outlook.cloudenvironment.MappedCloudEnvironment;
import com.microsoft.office.outlook.feature.AfdFlightRetriever;
import java.io.IOException;
import java.security.SecureRandom;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.Intrinsics;
import kotlin.text.StringsKt;
import okhttp3.OkHttpClient;
import okhttp3.Request;
import okhttp3.Response;
import org.threeten.bp.ZonedDateTime;

/* compiled from: GccRestrictionsChecker.kt */
/* loaded from: classes3.dex */
public final class IsHxCapableAfdGccRestrictionsChecker implements GccRestrictionsChecker {
    private static final String GCC_OVERRIDE_COMMANDLET_FF = "androidOverrideGccHeaderRestrictions";
    private static final String HEADER_HAS_GCC_RESTRICTIONS = "X-IsGCCRestrictionsEnabled";
    private final Environment environment;
    private final OkHttpClient httpClient;
    private final OutlookVersionManager versionManager;
    public static final Companion Companion = new Companion(null);
    private static final Logger LOG = LoggerFactory.a("IsHxCapableAfdGccRestrictionsChecker");

    /* compiled from: GccRestrictionsChecker.kt */
    /* loaded from: classes3.dex */
    public static final class Companion {
        private Companion() {
        }

        public /* synthetic */ Companion(DefaultConstructorMarker defaultConstructorMarker) {
            this();
        }
    }

    public IsHxCapableAfdGccRestrictionsChecker(OkHttpClient httpClient, Environment environment, OutlookVersionManager versionManager) {
        Intrinsics.b(httpClient, "httpClient");
        Intrinsics.b(environment, "environment");
        Intrinsics.b(versionManager, "versionManager");
        this.httpClient = httpClient;
        this.environment = environment;
        this.versionManager = versionManager;
    }

    private final String generateOneTimeClientId() {
        String a = ContainerHelper.a(new SecureRandom(), "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789", 10);
        Intrinsics.a((Object) a, "ContainerHelper.generate…reClient.CLIENTID_LENGTH)");
        return a;
    }

    private final String getTokenTenantId(AuthenticationResult authenticationResult) {
        if (authenticationResult.getTenantId() != null) {
            return authenticationResult.getTenantId();
        }
        try {
            LOG.d("No tenant ID found in AuthenticationResult, parsing JWT instead");
            return (String) ADALUtil.a(authenticationResult.getAccessToken(), ADALUtil.AADTokenProperty.TID).get(ADALUtil.AADTokenProperty.TID);
        } catch (Exception e) {
            LOG.b("Unable to parse AAD token properties, no tenant found", e);
            return null;
        }
    }

    public final Environment getEnvironment() {
        return this.environment;
    }

    public final OkHttpClient getHttpClient() {
        return this.httpClient;
    }

    public final OutlookVersionManager getVersionManager() {
        return this.versionManager;
    }

    public final boolean isFfWaiveredOverrideTenant(String tenantId) throws IOException {
        Intrinsics.b(tenantId, "tenantId");
        return new AfdFlightRetriever(generateOneTimeClientId(), this.httpClient, this.environment, this.versionManager, null, 16, null).isFlightOn(GCC_OVERRIDE_COMMANDLET_FF, tenantId);
    }

    @Override // com.microsoft.office.outlook.gcc.GccRestrictionsChecker
    public boolean isGccRestrictedAccount(CloudEnvironment cloud, AuthenticationResult aadCredentials) throws IOException, GccWaiveredOverrideException {
        Intrinsics.b(cloud, "cloud");
        Intrinsics.b(aadCredentials, "aadCredentials");
        Request.Builder url = new Request.Builder().url("https://" + cloud.getExoHostname() + "/outlookservice/ishxscapable");
        StringBuilder sb = new StringBuilder();
        sb.append("Bearer ");
        sb.append(aadCredentials.getAccessToken());
        Response response = this.httpClient.newCall(url.header("Authorization", sb.toString()).build()).execute();
        Intrinsics.a((Object) response, "response");
        if (!response.isSuccessful()) {
            throw new IOException("Error getting GCC restrictions: " + response.code());
        }
        boolean a = StringsKt.a(response.header(HEADER_HAS_GCC_RESTRICTIONS, "True"), "True", true);
        if (a && cloud.isEquivalentToCloud(MappedCloudEnvironment.GCC_MODERATE) && GccUtil.allowGccModerateOnAC(ZonedDateTime.a())) {
            String tokenTenantId = getTokenTenantId(aadCredentials);
            if (tokenTenantId == null) {
                LOG.b("Unable to determine tenant ID from ADAL, skipping GCC Moderate AFD tenant check");
            } else if (isFfWaiveredOverrideTenant(tokenTenantId)) {
                throw new GccWaiveredOverrideException();
            }
        }
        return a;
    }
}
