package com.microsoft.aad.adal;

import android.content.Context;
import android.content.Intent;
import android.content.pm.PackageManager;
import android.os.Bundle;
import android.os.Handler;
import android.os.Looper;
import android.os.Process;
import com.microsoft.aad.adal.BrokerProxy;
import com.microsoft.aad.adal.TelemetryUtils;
import java.io.Serializable;
import java.io.UnsupportedEncodingException;
import java.net.MalformedURLException;
import java.net.URL;
import java.net.URLEncoder;
import java.util.Date;
import java.util.UUID;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import tt.Zk;

/* JADX INFO: Access modifiers changed from: package-private */
/* renamed from: com.microsoft.aad.adal.i, reason: case insensitive filesystem */
/* loaded from: classes.dex */
public class C0214i {
    private static final String a = "i";
    private static final ExecutorService b = Executors.newSingleThreadExecutor();
    private static Handler c = null;
    private final Context d;
    private final C0224q e;
    private Ea f;
    private final InterfaceC0215ia g;
    private Z h;
    private C0198a i;

    /* JADX INFO: Access modifiers changed from: private */
    /* renamed from: com.microsoft.aad.adal.i$a */
    /* loaded from: classes.dex */
    public static class a {
        private Handler a;
        private InterfaceC0222o<AuthenticationResult> b;

        a(Handler handler, InterfaceC0222o<AuthenticationResult> interfaceC0222o) {
            this.a = handler;
            this.b = interfaceC0222o;
        }

        InterfaceC0222o<AuthenticationResult> a() {
            return this.b;
        }

        public void a(AuthenticationException authenticationException) {
            InterfaceC0222o<AuthenticationResult> interfaceC0222o = this.b;
            if (interfaceC0222o != null) {
                Handler handler = this.a;
                if (handler != null) {
                    handler.post(new RunnableC0210g(this, authenticationException));
                } else {
                    interfaceC0222o.a(authenticationException);
                }
            }
        }

        public void a(AuthenticationResult authenticationResult) {
            InterfaceC0222o<AuthenticationResult> interfaceC0222o = this.b;
            if (interfaceC0222o != null) {
                Handler handler = this.a;
                if (handler != null) {
                    handler.post(new RunnableC0212h(this, authenticationResult));
                } else {
                    interfaceC0222o.onSuccess(authenticationResult);
                }
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public C0214i(Context context, C0224q c0224q, C0198a c0198a) {
        this.d = context;
        this.e = c0224q;
        this.h = new Z(this.d);
        if (c0224q.b() != null && c0198a != null) {
            this.f = new Ea(context.getApplicationContext(), c0224q.b(), c0224q.a(), c0198a.b());
            this.f.a(this.e.g());
        }
        this.g = new BrokerProxy(context);
        this.i = c0198a;
    }

    private AuthenticationResult a(AuthenticationRequest authenticationRequest) {
        boolean a2 = this.g.a(authenticationRequest);
        if ((authenticationRequest.j() || authenticationRequest.x()) && a2) {
            return f(authenticationRequest);
        }
        AuthenticationResult e = e(authenticationRequest);
        return (!a(e) && a2) ? f(authenticationRequest) : e;
    }

    private void a(AuthenticationRequest authenticationRequest, URL url) {
        Ba.b().a(authenticationRequest.s(), "Microsoft.ADAL.authority_validation");
        C0198a c0198a = new C0198a("Microsoft.ADAL.authority_validation");
        c0198a.b(authenticationRequest.h().toString());
        c0198a.c(authenticationRequest.s());
        if (this.e.g()) {
            try {
                try {
                    a(url, authenticationRequest.t(), authenticationRequest.y(), authenticationRequest.h());
                    c0198a.n("yes");
                } catch (AuthenticationException e) {
                    if (e.a() == null || !(e.a().equals(ADALError.DEVICE_CONNECTION_IS_NOT_AVAILABLE) || e.a().equals(ADALError.NO_NETWORK_CONNECTION_POWER_OPTIMIZATION))) {
                        c0198a.n("no");
                    } else {
                        c0198a.n("not_done");
                    }
                    throw e;
                }
            } finally {
                Ba.b().a(authenticationRequest.s(), c0198a, "Microsoft.ADAL.authority_validation");
            }
        } else {
            if (!Ga.a(url) && !A.a(url)) {
                try {
                    this.h.a(url);
                } catch (AuthenticationException unused) {
                    A.a(url.getHost(), new qa(false));
                    com.microsoft.identity.common.internal.providers.microsoft.azureactivedirectory.b.a(url.getHost(), new com.microsoft.identity.common.internal.providers.microsoft.azureactivedirectory.e(false));
                    Logger.b(a + ":performAuthorityValidation", "Fail to get authority validation metadata back. Ignore the failure since authority validation is turned off.");
                }
            }
            c0198a.n("not_done");
        }
        qa b2 = A.b(url);
        if (b2 == null || !b2.d()) {
            return;
        }
        a(url, authenticationRequest, b2);
    }

    private void a(AuthenticationResult authenticationResult, AuthenticationException authenticationException) {
        if (authenticationResult == null || authenticationException == null) {
            return;
        }
        if (authenticationResult.q() != null) {
            authenticationException.b(authenticationResult.q());
        }
        if (authenticationResult.p() != null) {
            authenticationException.a(authenticationResult.p());
        }
        authenticationException.a(authenticationResult.w());
    }

    private void a(a aVar, na naVar, boolean z, AuthenticationRequest authenticationRequest) {
        if (naVar == null && !z) {
            throw new AuthenticationException(ADALError.AUTH_REFRESH_FAILED_PROMPT_NOT_ALLOWED, authenticationRequest.l() + " Cannot launch webview, activity is null.");
        }
        C0213ha.a(this.d);
        int hashCode = aVar.a().hashCode();
        authenticationRequest.a(hashCode);
        this.e.a(hashCode, new C0232z(hashCode, authenticationRequest, aVar.a(), this.i));
        BrokerProxy.SwitchToBroker c2 = this.g.c(authenticationRequest.c());
        if (c2 == BrokerProxy.SwitchToBroker.CANNOT_SWITCH_TO_BROKER || !this.g.a(authenticationRequest.n(), authenticationRequest.v())) {
            Logger.c(a + ":acquireTokenInteractiveFlow", "Starting Authentication Activity for embedded flow. ", " Callback is: " + aVar.a().hashCode(), null);
            new C0202c(this.d, authenticationRequest, this.f).a(naVar, z ? new C0231y(c(), this.d, this, authenticationRequest) : null);
            return;
        }
        if (c2 == BrokerProxy.SwitchToBroker.NEED_PERMISSIONS_TO_SWITCH_TO_BROKER) {
            throw new UsageAuthenticationException(ADALError.DEVELOPER_BROKER_PERMISSIONS_MISSING, "Broker related permissions are missing for GET_ACCOUNTS");
        }
        Logger.c(a + ":acquireTokenInteractiveFlow", "Launch activity for interactive authentication via broker with callback. ", "" + aVar.a().hashCode(), null);
        new C0218k(authenticationRequest, this.g).a(naVar);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void a(a aVar, C0232z c0232z, int i, AuthenticationException authenticationException) {
        if (c0232z != null) {
            try {
                if (c0232z.b() != null) {
                    Logger.b(a + ":waitingRequestOnError", "Sending error to callback" + this.e.a(c0232z));
                    c0232z.a().a(false, (Exception) authenticationException);
                    c0232z.a().b(c0232z.c().h().toString());
                    c0232z.a().d();
                    if (aVar != null) {
                        aVar.a(authenticationException);
                    } else {
                        c0232z.b().a(authenticationException);
                    }
                }
            } finally {
                if (authenticationException != null) {
                    this.e.b(i);
                }
            }
        }
    }

    private void a(C0232z c0232z, int i, AuthenticationException authenticationException) {
        a((a) null, c0232z, i, authenticationException);
    }

    private void a(URL url, AuthenticationRequest authenticationRequest, qa qaVar) {
        if (qaVar == null || !qaVar.d() || qaVar.c() == null || url.getHost().equalsIgnoreCase(qaVar.c())) {
            return;
        }
        try {
            authenticationRequest.c(Z.a(url, qaVar.c()).toString());
        } catch (MalformedURLException unused) {
            Logger.a(a, "preferred network is invalid", "use exactly the same authority url that is passed");
        }
    }

    private void a(URL url, String str, boolean z, UUID uuid) {
        boolean a2 = Ga.a(url);
        if (A.c(url)) {
            return;
        }
        if (a2 && this.e.d()) {
            return;
        }
        Logger.b(a + ":validateAuthority", "Start validating authority");
        this.h.a(uuid);
        Z.b(url);
        if (z || !a2 || str == null) {
            if (z && Ga.a(url)) {
                Logger.b(a + ":validateAuthority", "Silent request. Skipping AD FS authority validation");
            }
            this.h.a(url);
        } else {
            this.h.b(url, str);
        }
        Logger.b(a + ":validateAuthority", "The passed in authority is valid.");
        this.e.a(true);
    }

    private boolean a(AuthenticationResult authenticationResult) {
        return (authenticationResult == null || Zk.e(authenticationResult.a())) ? false : true;
    }

    private void b(AuthenticationRequest authenticationRequest) {
        if (this.f == null) {
            return;
        }
        String v = !Zk.e(authenticationRequest.v()) ? authenticationRequest.v() : authenticationRequest.n();
        try {
            TokenCacheItem a2 = this.f.a("1", v);
            if (a2 != null) {
                this.f.a(a2, authenticationRequest.r());
            }
            try {
                TokenCacheItem b2 = this.f.b(authenticationRequest.g(), v);
                TokenCacheItem b3 = this.f.b(authenticationRequest.r(), authenticationRequest.g(), v);
                if (b2 != null) {
                    this.f.a(b2, authenticationRequest.r());
                    return;
                }
                if (b3 != null) {
                    this.f.a(b3, authenticationRequest.r());
                    return;
                }
                Logger.b(a + ":removeTokensForUser", "No token items need to be deleted for the user.");
            } catch (MalformedURLException e) {
                throw new AuthenticationException(ADALError.DEVELOPER_AUTHORITY_IS_NOT_VALID_URL, e.getMessage(), e);
            }
        } catch (MalformedURLException e2) {
            throw new AuthenticationException(ADALError.DEVELOPER_AUTHORITY_IS_NOT_VALID_URL, e2.getMessage(), e2);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void b(a aVar, na naVar, boolean z, AuthenticationRequest authenticationRequest) {
        AuthenticationResult d = d(authenticationRequest);
        if (a(d)) {
            this.i.a(true, (Exception) null);
            this.i.b(authenticationRequest.h().toString());
            this.i.g(d.r());
            this.i.d();
            aVar.a(d);
            return;
        }
        Logger.a(a + ":performAcquireTokenRequest", "Trying to acquire token interactively.");
        a(aVar, naVar, z, authenticationRequest);
    }

    private boolean b() {
        int i;
        PackageManager packageManager = this.d.getPackageManager();
        int i2 = Integer.MAX_VALUE;
        try {
            i = packageManager.getPackageInfo("com.azure.authenticator", 0).versionCode;
        } catch (PackageManager.NameNotFoundException unused) {
            i = Integer.MAX_VALUE;
        }
        try {
            i2 = packageManager.getPackageInfo("com.microsoft.windowsintune.companyportal", 0).versionCode;
        } catch (PackageManager.NameNotFoundException unused2) {
        }
        return ((long) i) >= 138 && ((long) i2) >= 2950722;
    }

    private synchronized Handler c() {
        if (c == null) {
            c = new Handler(Looper.getMainLooper());
        }
        return c;
    }

    private boolean c(AuthenticationRequest authenticationRequest) {
        boolean b2 = authenticationRequest.x() ? b() : true;
        if (authenticationRequest.y()) {
            return true;
        }
        return b2 && authenticationRequest.o() == PromptBehavior.Auto;
    }

    private AuthenticationResult d(AuthenticationRequest authenticationRequest) {
        String str;
        if (!c(authenticationRequest)) {
            return null;
        }
        Logger.b(a + ":tryAcquireTokenSilent", "Try to acquire token silently, return valid AT or use RT in the cache.");
        AuthenticationResult a2 = a(authenticationRequest);
        boolean a3 = a(a2);
        if (a3 || !authenticationRequest.y()) {
            if (!a3) {
                return a2;
            }
            Logger.b(a + ":tryAcquireTokenSilent", "Token is successfully returned from silent flow. ");
            return a2;
        }
        if (a2 == null) {
            str = "No result returned from acquireTokenSilent";
        } else {
            str = " ErrorCode:" + a2.h();
        }
        Logger.a(a + ":tryAcquireTokenSilent", "Prompt is not allowed and failed to get token. " + str, authenticationRequest.l(), ADALError.AUTH_REFRESH_FAILED_PROMPT_NOT_ALLOWED);
        AuthenticationException authenticationException = new AuthenticationException(ADALError.AUTH_REFRESH_FAILED_PROMPT_NOT_ALLOWED, authenticationRequest.l() + " " + str);
        a(a2, authenticationException);
        throw authenticationException;
    }

    private AuthenticationResult e(AuthenticationRequest authenticationRequest) {
        Logger.b(a + ":tryAcquireTokenSilentLocally", "Try to silently get token from local cache.");
        return new C0216j(this.d, authenticationRequest, this.f).a();
    }

    private AuthenticationResult f(AuthenticationRequest authenticationRequest) {
        Logger.a(a + ":tryAcquireTokenSilentWithBroker", "Either could not get tokens from local cache or is force refresh request, switch to Broker for auth, clear tokens from local cache for the user.");
        b(authenticationRequest);
        return new C0218k(authenticationRequest, this.g).a();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void g(AuthenticationRequest authenticationRequest) {
        URL c2 = Zk.c(authenticationRequest.c());
        if (c2 == null) {
            throw new AuthenticationException(ADALError.DEVELOPER_AUTHORITY_IS_NOT_VALID_URL);
        }
        a(authenticationRequest, c2);
        BrokerProxy.SwitchToBroker c3 = this.g.c(authenticationRequest.c());
        if (c3 == BrokerProxy.SwitchToBroker.CANNOT_SWITCH_TO_BROKER || !this.g.a(authenticationRequest.n(), authenticationRequest.v()) || authenticationRequest.y()) {
            return;
        }
        if (c3 == BrokerProxy.SwitchToBroker.NEED_PERMISSIONS_TO_SWITCH_TO_BROKER) {
            throw new UsageAuthenticationException(ADALError.DEVELOPER_BROKER_PERMISSIONS_MISSING, "Broker related permissions are missing for GET_ACCOUNTS.");
        }
        h(authenticationRequest);
    }

    private void h(AuthenticationRequest authenticationRequest) {
        String p = authenticationRequest.p();
        String e = this.e.e();
        if (Zk.e(p)) {
            Logger.a(a + ":verifyBrokerRedirectUri", "The redirectUri is null or blank. ", "The redirect uri is expected to be:" + e, ADALError.DEVELOPER_REDIRECTURI_INVALID);
            throw new UsageAuthenticationException(ADALError.DEVELOPER_REDIRECTURI_INVALID, "The redirectUri is null or blank.");
        }
        if (!p.startsWith("msauth://")) {
            Logger.a(a + ":verifyBrokerRedirectUri", "The prefix of the redirect uri does not match the expected value. ", " The valid broker redirect URI prefix: msauth so the redirect uri is expected to be: " + e, ADALError.DEVELOPER_REDIRECTURI_INVALID);
            throw new UsageAuthenticationException(ADALError.DEVELOPER_REDIRECTURI_INVALID, "The prefix of the redirect uri does not match the expected value.");
        }
        wa waVar = new wa(this.d);
        try {
            String encode = URLEncoder.encode(this.d.getPackageName(), "UTF_8");
            String encode2 = URLEncoder.encode(waVar.a(this.d.getPackageName()), "UTF_8");
            if (!p.startsWith("msauth://" + encode + "/")) {
                Logger.a(a + ":verifyBrokerRedirectUri", "The base64 url encoded package name component of the redirect uri does not match the expected value. ", "This apps package name is: " + encode + " so the redirect uri is expected to be: " + e, ADALError.DEVELOPER_REDIRECTURI_INVALID);
                throw new UsageAuthenticationException(ADALError.DEVELOPER_REDIRECTURI_INVALID, "The base64 url encoded package name component of the redirect uri does not match the expected value. ");
            }
            if (p.equalsIgnoreCase(e)) {
                Logger.b(a + ":verifyBrokerRedirectUri", "The broker redirect URI is valid.");
                return;
            }
            Logger.a(a + ":verifyBrokerRedirectUri", "The base64 url encoded signature component of the redirect uri does not match the expected value. ", "This apps signature is: " + encode2 + " so the redirect uri is expected to be: " + e, ADALError.DEVELOPER_REDIRECTURI_INVALID);
            throw new UsageAuthenticationException(ADALError.DEVELOPER_REDIRECTURI_INVALID, "The base64 url encoded signature component of the redirect uri does not match the expected value.");
        } catch (UnsupportedEncodingException e2) {
            Logger.a(a + ":verifyBrokerRedirectUri", ADALError.ENCODING_IS_NOT_SUPPORTED.c(), e2.getMessage(), ADALError.ENCODING_IS_NOT_SUPPORTED, e2);
            throw new UsageAuthenticationException(ADALError.ENCODING_IS_NOT_SUPPORTED, "The verifying BrokerRedirectUri process failed because the base64 url encoding is not supported.", e2);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void a(int i, int i2, Intent intent) {
        if (i == 1001) {
            c();
            if (intent == null || intent.getExtras() == null) {
                Logger.a(a + ":onActivityResult", "BROWSER_FLOW data is null.", "", ADALError.ON_ACTIVITY_RESULT_INTENT_NULL);
                return;
            }
            Bundle extras = intent.getExtras();
            int i3 = extras.getInt("com.microsoft.aad.adal:RequestId");
            try {
                C0232z a2 = this.e.a(i3);
                Logger.b(a + ":onActivityResult", "Waiting request found. RequestId:" + i3);
                String a3 = this.e.a(a2);
                if (i2 == 2004) {
                    String stringExtra = intent.getStringExtra("account.access.token");
                    this.g.b(intent.getStringExtra("account.name"));
                    Date date = new Date(intent.getLongExtra("account.expiredate", 0L));
                    String stringExtra2 = intent.getStringExtra("account.idtoken");
                    String stringExtra3 = intent.getStringExtra("account.userinfo.tenantid");
                    UserInfo a4 = UserInfo.a(intent.getExtras());
                    String stringExtra4 = intent.getStringExtra("cliteleminfo.server_error");
                    String stringExtra5 = intent.getStringExtra("cliteleminfo.server_suberror");
                    String stringExtra6 = intent.getStringExtra("cliteleminfo.rt_age");
                    String stringExtra7 = intent.getStringExtra("cliteleminfo.spe_ring");
                    AuthenticationRequest c2 = a2.c();
                    AuthenticationResult authenticationResult = new AuthenticationResult(stringExtra, null, date, false, a4, stringExtra3, stringExtra2, null, c2 != null ? c2.g() : null);
                    authenticationResult.b(intent.getStringExtra("account.authority"));
                    TelemetryUtils.CliTelemInfo cliTelemInfo = new TelemetryUtils.CliTelemInfo();
                    cliTelemInfo.b(stringExtra4);
                    cliTelemInfo.c(stringExtra5);
                    cliTelemInfo.a(stringExtra6);
                    cliTelemInfo.f(stringExtra7);
                    authenticationResult.a(cliTelemInfo);
                    if (authenticationResult.a() != null) {
                        a2.a().a(true, (Exception) null);
                        a2.a().b(a2.c().h().toString());
                        a2.a().g(authenticationResult.r());
                        a2.a().k(cliTelemInfo.b());
                        a2.a().l(cliTelemInfo.c());
                        a2.a().j(cliTelemInfo.a());
                        a2.a().m(cliTelemInfo.d());
                        a2.a().d();
                        a2.b().onSuccess(authenticationResult);
                        return;
                    }
                    return;
                }
                if (i2 == 2001) {
                    Logger.b(a + ":onActivityResult", "User cancelled the flow. RequestId:" + i3 + " " + a3);
                    StringBuilder sb = new StringBuilder();
                    sb.append("User cancelled the flow RequestId:");
                    sb.append(i3);
                    sb.append(a3);
                    a(a2, i3, new AuthenticationCancelError(sb.toString()));
                    return;
                }
                if (i2 == 2006) {
                    Logger.b(a + ":onActivityResult", "Device needs to have broker installed, we expect the apps to call usback when the broker is installed");
                    a(a2, i3, new AuthenticationException(ADALError.BROKER_APP_INSTALLATION_STARTED));
                    return;
                }
                if (i2 == 2005) {
                    Serializable serializable = extras.getSerializable("com.microsoft.aad.adal:AuthenticationException");
                    if (serializable == null || !(serializable instanceof AuthenticationException)) {
                        a(a2, i3, new AuthenticationException(ADALError.WEBVIEW_RETURNED_INVALID_AUTHENTICATION_EXCEPTION, a3));
                        return;
                    }
                    AuthenticationException authenticationException = (AuthenticationException) serializable;
                    Logger.d(a + ":onActivityResult", "Webview returned exception.", authenticationException.getMessage(), ADALError.WEBVIEW_RETURNED_AUTHENTICATION_EXCEPTION);
                    a(a2, i3, authenticationException);
                    return;
                }
                if (i2 != 2002) {
                    if (i2 == 2003) {
                        AuthenticationRequest authenticationRequest = (AuthenticationRequest) extras.getSerializable("com.microsoft.aad.adal:BrowserRequestInfo");
                        String string = extras.getString("com.microsoft.aad.adal:BrowserFinalUrl", "");
                        if (!string.isEmpty()) {
                            b.execute(new RunnableC0208f(this, a2, string, new a(c(), a2.b()), i3));
                            return;
                        }
                        StringBuilder sb2 = new StringBuilder("Webview did not reach the redirectUrl. ");
                        if (authenticationRequest != null) {
                            sb2.append(authenticationRequest.l());
                        }
                        sb2.append(a3);
                        AuthenticationException authenticationException2 = new AuthenticationException(ADALError.WEBVIEW_RETURNED_EMPTY_REDIRECT_URL, sb2.toString());
                        Logger.a(a + ":onActivityResult", "", authenticationException2.getMessage(), authenticationException2.a());
                        a(a2, i3, authenticationException2);
                        return;
                    }
                    return;
                }
                String string2 = extras.getString("com.microsoft.aad.adal:BrowserErrorCode");
                String string3 = extras.getString("com.microsoft.aad.adal:BrowserErrorMessage");
                Logger.c(a + ":onActivityResult", "Error info:" + string2 + " for requestId: " + i3 + " " + a3, string3, null);
                String format = String.format("%s %s %s", string2, string3, a3);
                if (Zk.e(string2) || ADALError.AUTH_FAILED_INTUNE_POLICY_REQUIRED.name().compareTo(string2) != 0) {
                    a(a2, i3, new AuthenticationException(ADALError.SERVER_INVALID_REQUEST, format));
                } else {
                    a(a2, i3, new IntuneAppProtectionPolicyRequiredException(format, extras.getString("account.name"), extras.getString("account.userinfo.userid"), extras.getString("account.userinfo.tenantid"), extras.getString("account.authority")));
                }
            } catch (AuthenticationException unused) {
                Logger.a(a + ":onActivityResult", "Failed to find waiting request. RequestId:" + i3, "", ADALError.ON_ACTIVITY_RESULT_INTENT_NULL);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void a(na naVar, boolean z, AuthenticationRequest authenticationRequest, InterfaceC0222o<AuthenticationResult> interfaceC0222o) {
        a aVar = new a(c(), interfaceC0222o);
        Logger.a(authenticationRequest.h());
        Logger.b(a + ":acquireToken", "Sending async task from thread:" + Process.myTid());
        b.execute(new RunnableC0204d(this, authenticationRequest, aVar, naVar, z));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void a(String str, AuthenticationRequest authenticationRequest, InterfaceC0222o<AuthenticationResult> interfaceC0222o) {
        Logger.a(authenticationRequest.h());
        Logger.b(a + ":refreshTokenWithoutCache", "Refresh token without cache");
        b.execute(new RunnableC0206e(this, authenticationRequest, str, new a(c(), interfaceC0222o)));
    }
}
