package com.microsoft.aad.adal;

import android.net.Uri;
import android.os.Build;
import android.text.TextUtils;
import android.util.Base64;
import com.microsoft.aad.adal.TelemetryUtils;
import com.microsoft.identity.common.exception.ServiceException;
import com.microsoft.identity.common.internal.providers.microsoft.azureactivedirectory.ClientInfo;
import io.fabric.sdk.android.services.common.AbstractC0268a;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.SocketTimeoutException;
import java.net.URL;
import java.net.URLEncoder;
import java.util.GregorianCalendar;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.UUID;
import org.json.JSONException;
import org.json.JSONObject;
import tt.Sk;
import tt.Uk;
import tt.Xk;
import tt.Zk;

/* loaded from: classes.dex */
class va {
    private AuthenticationRequest a;
    private Uk b;
    private la c;
    private String d;
    private boolean e;
    private String f;
    private String g;

    /* JADX INFO: Access modifiers changed from: package-private */
    public va(AuthenticationRequest authenticationRequest) {
        this.c = new sa();
        this.e = true;
        this.f = "";
        this.g = "";
        this.a = authenticationRequest;
        this.b = null;
        this.c = null;
        g(this.a.c() + "/oauth2/token");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public va(AuthenticationRequest authenticationRequest, Uk uk) {
        this.c = new sa();
        this.e = true;
        this.f = "";
        this.g = "";
        this.a = authenticationRequest;
        this.b = uk;
        this.c = null;
        g(this.a.c() + "/oauth2/token");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public va(AuthenticationRequest authenticationRequest, Uk uk, la laVar) {
        this.c = new sa();
        this.e = true;
        this.f = "";
        this.g = "";
        this.a = authenticationRequest;
        this.b = uk;
        this.c = laVar;
        g(this.a.c() + "/oauth2/token");
    }

    private AuthenticationResult a(String str, Map<String, String> map) {
        AuthenticationResult authenticationResult;
        String a;
        C0211ga g = g();
        URL c = Zk.c(e());
        if (c == null) {
            a(g);
            throw new AuthenticationException(ADALError.DEVELOPER_AUTHORITY_IS_NOT_VALID_URL);
        }
        g.a(c);
        try {
            try {
                try {
                    this.b.a(this.a.h());
                    ClientMetrics.INSTANCE.a(c, this.a.h(), map);
                    Sk a2 = this.b.a(c, map, str.getBytes("UTF_8"), "application/x-www-form-urlencoded");
                    g.a(a2.c());
                    g.b(this.a.h().toString());
                    a(g);
                    if (a2.c() == 401) {
                        if (a2.b() == null || !a2.b().containsKey("WWW-Authenticate")) {
                            Logger.b("Oauth:postMessage", "401 http status code is returned without authorization header.");
                        } else {
                            String str2 = a2.b().get("WWW-Authenticate").get(0);
                            Logger.a("Oauth:postMessage", "Device certificate challenge request. ", "Challenge header: " + str2);
                            if (Zk.e(str2)) {
                                throw new AuthenticationException(ADALError.DEVICE_CERTIFICATE_REQUEST_INVALID, "Challenge header is empty", a2);
                            }
                            if (Zk.b(str2, "PKeyAuth")) {
                                C0211ga g2 = g();
                                g2.a(c);
                                Logger.b("Oauth:postMessage", "Received pkeyAuth device challenge.");
                                ChallengeResponseBuilder challengeResponseBuilder = new ChallengeResponseBuilder(this.c);
                                Logger.b("Oauth:postMessage", "Processing device challenge.");
                                map.put("Authorization", challengeResponseBuilder.a(str2, c.toString()).a());
                                Logger.b("Oauth:postMessage", "Sending request with challenge response.");
                                Sk a3 = this.b.a(c, map, str.getBytes("UTF_8"), "application/x-www-form-urlencoded");
                                g2.a(a3.c());
                                g2.b(this.a.h().toString());
                                a(g2);
                                a2 = a3;
                            }
                        }
                    }
                    boolean isEmpty = TextUtils.isEmpty(a2.a());
                    if (isEmpty) {
                        authenticationResult = null;
                    } else {
                        Logger.b("Oauth:postMessage", "Token request does not have exception.");
                        try {
                            authenticationResult = a(a2, g);
                            ClientMetrics.INSTANCE.a((String) null);
                        } catch (ServerRespondingWithRetryableException e) {
                            AuthenticationResult b = b(str, map);
                            if (b != null) {
                                ClientMetrics.INSTANCE.a("token", this.a.h());
                                return b;
                            }
                            if (this.a.k()) {
                                Logger.b("Oauth:postMessage", "WebResponse is not a success due to: " + a2.c());
                                throw e;
                            }
                            Logger.b("Oauth:postMessage", "WebResponse is not a success due to: " + a2.c());
                            throw new AuthenticationException(ADALError.SERVER_ERROR, "WebResponse is not a success due to: " + a2.c(), a2);
                        }
                    }
                    if (authenticationResult != null) {
                        ClientMetrics.INSTANCE.a(authenticationResult.i());
                        ClientMetrics.INSTANCE.a("token", this.a.h());
                        return authenticationResult;
                    }
                    if (isEmpty) {
                        a = "Status code:" + a2.c();
                    } else {
                        a = a2.a();
                    }
                    Logger.a("Oauth:postMessage", ADALError.SERVER_ERROR.c(), a, ADALError.SERVER_ERROR);
                    throw new AuthenticationException(ADALError.SERVER_ERROR, a, a2);
                } catch (UnsupportedEncodingException e2) {
                    ClientMetrics.INSTANCE.a((String) null);
                    Logger.a("Oauth:postMessage", ADALError.ENCODING_IS_NOT_SUPPORTED.c(), e2.getMessage(), ADALError.ENCODING_IS_NOT_SUPPORTED, e2);
                    throw e2;
                }
            } catch (SocketTimeoutException e3) {
                AuthenticationResult b2 = b(str, map);
                if (b2 != null) {
                    ClientMetrics.INSTANCE.a("token", this.a.h());
                    return b2;
                }
                ClientMetrics.INSTANCE.a((String) null);
                if (this.a.k()) {
                    Logger.a("Oauth:postMessage", ADALError.SERVER_ERROR.c(), e3.getMessage(), ADALError.SERVER_ERROR, e3);
                    throw new ServerRespondingWithRetryableException(e3.getMessage(), e3);
                }
                Logger.a("Oauth:postMessage", ADALError.SERVER_ERROR.c(), e3.getMessage(), ADALError.SERVER_ERROR, e3);
                throw e3;
            } catch (IOException e4) {
                ClientMetrics.INSTANCE.a((String) null);
                Logger.a("Oauth:postMessage", ADALError.SERVER_ERROR.c(), e4.getMessage(), ADALError.SERVER_ERROR, e4);
                throw e4;
            }
        } catch (Throwable th) {
            ClientMetrics.INSTANCE.a("token", this.a.h());
            throw th;
        }
    }

    private AuthenticationResult a(Sk sk, C0211ga c0211ga) {
        String str;
        List<String> list;
        TelemetryUtils.CliTelemInfo a;
        List<String> list2;
        List<String> list3;
        String str2 = null;
        if (sk.b() != null) {
            str = (!sk.b().containsKey("client-request-id") || (list3 = sk.b().get("client-request-id")) == null || list3.size() <= 0) ? null : list3.get(0);
            if (sk.b().containsKey("x-ms-request-id") && (list2 = sk.b().get("x-ms-request-id")) != null && list2.size() > 0) {
                Logger.b("Oauth:processTokenResponse", "Set request id header. x-ms-request-id: " + list2.get(0));
                c0211ga.g(list2.get(0));
            }
            if (sk.b().get("x-ms-clitelem") != null && !sk.b().get("x-ms-clitelem").isEmpty() && (a = TelemetryUtils.a(sk.b().get("x-ms-clitelem").get(0))) != null) {
                c0211ga.a(a);
                str2 = a.d();
            }
        } else {
            str = null;
        }
        int c = sk.c();
        if (c != 200 && c != 400 && c != 401) {
            if (c >= 500 && c <= 599) {
                throw new ServerRespondingWithRetryableException("Server Error " + c + " " + sk.a(), sk);
            }
            throw new AuthenticationException(ADALError.SERVER_ERROR, "Unexpected server response " + c + " " + sk.a(), sk);
        }
        try {
            AuthenticationResult h = h(sk.a());
            if (h != null) {
                if (h.h() != null) {
                    h.a(sk);
                }
                TelemetryUtils.CliTelemInfo cliTelemInfo = new TelemetryUtils.CliTelemInfo();
                cliTelemInfo.f(str2);
                h.a(cliTelemInfo);
                c0211ga.e(h.h());
            }
            if (str != null && !str.isEmpty()) {
                try {
                    if (!UUID.fromString(str).equals(this.a.h())) {
                        Logger.d("Oauth:processTokenResponse", "CorrelationId is not matching", "", ADALError.CORRELATION_ID_NOT_MATCHING_REQUEST_RESPONSE);
                    }
                    Logger.b("Oauth:processTokenResponse", "Response correlationId:" + str);
                } catch (IllegalArgumentException e) {
                    Logger.a("Oauth:processTokenResponse", "Wrong format of the correlation ID:" + str, "", ADALError.CORRELATION_ID_FORMAT, e);
                }
            }
            if (sk.b() != null && (list = sk.b().get("x-ms-clitelem")) != null && !list.isEmpty()) {
                TelemetryUtils.CliTelemInfo a2 = TelemetryUtils.a(list.get(0));
                if (h != null) {
                    h.a(a2);
                }
            }
            return h;
        } catch (JSONException e2) {
            throw new AuthenticationException(ADALError.SERVER_INVALID_JSON_RESPONSE, "Can't parse server response. " + sk.a(), sk, e2);
        }
    }

    private void a(C0211ga c0211ga) {
        Ba.b().a(this.a.s(), c0211ga, "Microsoft.ADAL.http_event");
    }

    public static void a(Map<String, String> map, String str) {
        JSONObject jSONObject = new JSONObject(str);
        Iterator<String> keys = jSONObject.keys();
        while (keys.hasNext()) {
            String next = keys.next();
            map.put(next, jSONObject.getString(next));
        }
    }

    private AuthenticationResult b(String str, Map<String, String> map) {
        if (!this.e) {
            return null;
        }
        this.e = false;
        try {
            Thread.sleep(1000L);
        } catch (InterruptedException unused) {
            Logger.b("Oauth:retry", "The thread is interrupted while it is sleeping. ");
        }
        Logger.b("Oauth:retry", "Try again...");
        return a(str, map);
    }

    public static String c(String str) {
        if (Zk.e(str)) {
            return null;
        }
        return new String(Base64.decode(str, 9), "UTF-8");
    }

    private Map<String, String> f() {
        HashMap hashMap = new HashMap();
        hashMap.put(AbstractC0268a.HEADER_ACCEPT, AbstractC0268a.ACCEPT_JSON_VALUE);
        return hashMap;
    }

    private C0211ga g() {
        C0211ga c0211ga = new C0211ga("Microsoft.ADAL.http_event");
        c0211ga.c(this.a.s());
        c0211ga.d("Microsoft.ADAL.post");
        Ba.b().a(this.a.s(), "Microsoft.ADAL.http_event");
        return c0211ga;
    }

    private AuthenticationResult h(String str) {
        HashMap hashMap = new HashMap();
        a(hashMap, str);
        return a(hashMap);
    }

    public AuthenticationResult a(Map<String, String> map) {
        String str;
        boolean z;
        UserInfo userInfo;
        String str2;
        String str3;
        ClientInfo clientInfo = null;
        if (map.containsKey("error")) {
            String str4 = map.get("correlation_id");
            if (!Zk.e(str4)) {
                try {
                    Logger.a(UUID.fromString(str4));
                } catch (IllegalArgumentException unused) {
                    Logger.a("Oauth", "CorrelationId is malformed: " + str4, "", ADALError.CORRELATION_ID_FORMAT);
                }
            }
            Logger.a("Oauth", "OAuth2 error:" + map.get("error"), " Description:" + map.get("error_description"));
            AuthenticationResult authenticationResult = new AuthenticationResult(map.get("error"), map.get("error_description"), map.get("error_codes"));
            if (map.get("response_body") != null) {
                try {
                    a((Map<String, String>) null, map.get("response_body"));
                    authenticationResult.a((HashMap<String, String>) null);
                } catch (JSONException e) {
                    Logger.a("Oauth", "Json exception", C0199aa.a(e), ADALError.SERVER_INVALID_JSON_RESPONSE);
                }
            }
            if (map.get("response_headers") != null) {
                try {
                    authenticationResult.b(Xk.b(map.get("response_headers")));
                } catch (JSONException e2) {
                    Logger.a("Oauth", "Json exception", C0199aa.a(e2), ADALError.SERVER_INVALID_JSON_RESPONSE);
                }
            }
            if (map.get("status_code") != null) {
                authenticationResult.a(Integer.parseInt(map.get("status_code")));
            }
            return authenticationResult;
        }
        if (map.containsKey("code")) {
            AuthenticationResult authenticationResult2 = new AuthenticationResult(this.a.g(), map.get("code"));
            String str5 = map.get("cloud_instance_host_name");
            if (Zk.e(str5)) {
                return authenticationResult2;
            }
            String uri = new Uri.Builder().scheme("https").authority(str5).path(Zk.c(this.a.c()).getPath()).build().toString();
            g(uri + "/oauth2/token");
            authenticationResult2.b(uri);
            return authenticationResult2;
        }
        if (!map.containsKey("access_token")) {
            return null;
        }
        String str6 = map.get("expires_in");
        GregorianCalendar gregorianCalendar = new GregorianCalendar();
        Long valueOf = Long.valueOf((str6 == null || str6.isEmpty()) ? 3600L : Long.parseLong(str6));
        gregorianCalendar.add(13, (str6 == null || str6.isEmpty()) ? 3600 : Integer.parseInt(str6));
        String str7 = map.get("refresh_token");
        if (!map.containsKey("resource") || Zk.e(str7)) {
            str = null;
            z = false;
        } else {
            str = map.get("resource");
            z = true;
        }
        if (map.containsKey("id_token")) {
            String str8 = map.get("id_token");
            if (Zk.e(str8)) {
                Logger.b("Oauth", "IdToken was not returned from token request.");
                str3 = str8;
                userInfo = null;
                str2 = null;
            } else {
                Logger.b("Oauth", "Id token was returned, parsing id token.");
                oa oaVar = new oa(str8);
                str3 = str8;
                str2 = oaVar.i();
                userInfo = new UserInfo(oaVar);
            }
        } else {
            userInfo = null;
            str2 = null;
            str3 = null;
        }
        String str9 = map.containsKey("foci") ? map.get("foci") : null;
        if (map.containsKey("client_info")) {
            try {
                clientInfo = new ClientInfo(map.get("client_info"));
            } catch (ServiceException unused2) {
                Logger.c("Oauth", "ClientInfo decoding/parsing failed.");
            }
        }
        AuthenticationResult authenticationResult3 = new AuthenticationResult(map.get("access_token"), str7, gregorianCalendar.getTime(), z, userInfo, str2, str3, null, this.a.g());
        authenticationResult3.h(str);
        authenticationResult3.a(clientInfo);
        authenticationResult3.a(valueOf);
        authenticationResult3.b(Long.valueOf(System.currentTimeMillis()));
        if (map.containsKey("ext_expires_in")) {
            String str10 = map.get("ext_expires_in");
            GregorianCalendar gregorianCalendar2 = new GregorianCalendar();
            gregorianCalendar2.add(13, Zk.e(str10) ? 3600 : Integer.parseInt(str10));
            authenticationResult3.b(gregorianCalendar2.getTime());
        }
        authenticationResult3.c(str9);
        return authenticationResult3;
    }

    public String a() {
        return Base64.encodeToString(String.format("a=%s&r=%s", this.a.c(), this.a.r()).getBytes("UTF-8"), 9);
    }

    public String a(String str) {
        Logger.b("Oauth", "Building request message for redeeming token with refresh token.");
        String format = String.format("%s=%s&%s=%s&%s=%s&%s=%s", "grant_type", Zk.h("refresh_token"), "refresh_token", Zk.h(str), "client_id", Zk.h(this.a.g()), "client_info", "1");
        if (!Zk.e(this.a.r())) {
            format = String.format("%s&%s=%s", format, "resource", Zk.h(this.a.r()));
        }
        if (!Zk.e(this.a.p()) && !this.a.g().equalsIgnoreCase("29d9ed98-a469-4536-ade2-f981bc1d605e")) {
            format = String.format("%s&%s=%s", format, "redirect_uri", Zk.h(this.a.p()));
        }
        if (!Zk.e(this.a.e()) || this.a.f() != null) {
            format = String.format("%s&%s=%s", format, "claims", Zk.h(C0224q.a(this.a.e(), this.a.f())));
        }
        if (!Zk.e(this.a.a())) {
            format = String.format("%s&%s=%s", format, "x-app-name", Zk.h(this.a.a()));
        }
        return !Zk.e(this.a.b()) ? String.format("%s&%s=%s", format, "x-app-ver", Zk.h(this.a.b())) : format;
    }

    public String b() {
        return this.a.c() + "/oauth2/authorize";
    }

    public String b(String str) {
        Logger.b("Oauth", "Building request message for redeeming token with auth code.");
        String format = String.format("%s=%s&%s=%s&%s=%s&%s=%s&%s=%s", "grant_type", Zk.h("authorization_code"), "code", Zk.h(str), "client_id", Zk.h(this.a.g()), "redirect_uri", Zk.h(this.a.p()), "client_info", "1");
        if (!Zk.e(this.a.e()) || this.a.f() != null) {
            format = String.format("%s&%s=%s", format, "claims", Zk.h(C0224q.a(this.a.e(), this.a.f())));
        }
        if (!Zk.e(this.a.a())) {
            format = String.format("%s&%s=%s", format, "x-app-name", Zk.h(this.a.a()));
        }
        return !Zk.e(this.a.b()) ? String.format("%s&%s=%s", format, "x-app-ver", Zk.h(this.a.b())) : format;
    }

    public String c() {
        Uri.Builder builder = new Uri.Builder();
        builder.appendQueryParameter("response_type", "code").appendQueryParameter("client_id", URLEncoder.encode(this.a.g(), "UTF_8")).appendQueryParameter("resource", URLEncoder.encode(this.a.r(), "UTF_8")).appendQueryParameter("redirect_uri", URLEncoder.encode(this.a.p(), "UTF_8")).appendQueryParameter("state", a());
        if (!Zk.e(this.a.n())) {
            builder.appendQueryParameter("login_hint", URLEncoder.encode(this.a.n(), "UTF_8"));
        }
        if (Zk.e(this.g)) {
            this.g = C0224q.h();
        }
        builder.appendQueryParameter("x-client-SKU", "Android").appendQueryParameter("x-client-Ver", URLEncoder.encode(this.g, "UTF_8")).appendQueryParameter("x-client-OS", URLEncoder.encode(String.valueOf(Build.VERSION.SDK_INT), "UTF_8")).appendQueryParameter("x-client-DM", URLEncoder.encode(Build.MODEL, "UTF_8"));
        if (!Zk.e(this.f)) {
            builder.appendQueryParameter("x-client-brkrver", URLEncoder.encode(this.f, "UTF_8"));
        }
        if (this.a.h() != null) {
            builder.appendQueryParameter("client-request-id", URLEncoder.encode(this.a.h().toString(), "UTF_8"));
        }
        if (this.a.o() == PromptBehavior.Always) {
            builder.appendQueryParameter("prompt", URLEncoder.encode("login", "UTF_8"));
        } else if (this.a.o() == PromptBehavior.REFRESH_SESSION) {
            builder.appendQueryParameter("prompt", URLEncoder.encode("refresh_session", "UTF_8"));
        }
        String i = this.a.i();
        if (Zk.e(i) || !i.contains("haschrome")) {
            builder.appendQueryParameter("haschrome", "1");
        }
        if (!Zk.e(this.a.e()) || this.a.f() != null) {
            builder.appendQueryParameter("claims", URLEncoder.encode(C0224q.a(this.a.e(), this.a.f()), "UTF_8"));
        }
        if (!Zk.e(this.a.a())) {
            builder.appendQueryParameter("x-app-name", this.a.a());
        }
        if (!Zk.e(this.a.b())) {
            builder.appendQueryParameter("x-app-ver", this.a.b());
        }
        String query = builder.build().getQuery();
        if (Zk.e(i)) {
            return query;
        }
        if (!i.startsWith("&")) {
            i = "&" + i;
        }
        return query + i;
    }

    public AuthenticationResult d(String str) {
        if (Zk.e(str)) {
            throw new IllegalArgumentException("authorizationUrl");
        }
        HashMap<String, String> d = Zk.d(str);
        String c = c(d.get("state"));
        if (Zk.e(c)) {
            throw new AuthenticationException(ADALError.AUTH_FAILED_NO_STATE);
        }
        Uri parse = Uri.parse("http://state/path?" + c);
        String queryParameter = parse.getQueryParameter("a");
        String queryParameter2 = parse.getQueryParameter("r");
        if (Zk.e(queryParameter) || Zk.e(queryParameter2) || !queryParameter2.equalsIgnoreCase(this.a.r())) {
            throw new AuthenticationException(ADALError.AUTH_FAILED_BAD_STATE);
        }
        AuthenticationResult a = a(d);
        if (a == null || a.g() == null || a.g().isEmpty()) {
            return a;
        }
        AuthenticationResult e = e(a.g());
        if (Zk.e(a.c())) {
            e.b(this.a.c());
        } else {
            e.b(a.c());
        }
        return e;
    }

    public String d() {
        return String.format("%s?%s", b(), c());
    }

    public AuthenticationResult e(String str) {
        if (this.b == null) {
            throw new IllegalArgumentException("webRequestHandler");
        }
        try {
            String b = b(str);
            Map<String, String> f = f();
            Logger.b("Oauth:getTokenForCode", "Sending request to redeem token with auth code.");
            return a(b, f);
        } catch (UnsupportedEncodingException e) {
            Logger.a("Oauth:getTokenForCode", ADALError.ENCODING_IS_NOT_SUPPORTED.c(), e.getMessage(), ADALError.ENCODING_IS_NOT_SUPPORTED, e);
            return null;
        }
    }

    public String e() {
        return this.d;
    }

    public AuthenticationResult f(String str) {
        if (this.b == null) {
            Logger.b("Oauth", "Web request is not set correctly.");
            throw new IllegalArgumentException("webRequestHandler is null.");
        }
        try {
            String a = a(str);
            Map<String, String> f = f();
            f.put("x-ms-PKeyAuth", "1.0");
            Logger.b("Oauth", "Sending request to redeem token with refresh token.");
            return a(a, f);
        } catch (UnsupportedEncodingException e) {
            Logger.a("Oauth", ADALError.ENCODING_IS_NOT_SUPPORTED.c(), e.getMessage(), ADALError.ENCODING_IS_NOT_SUPPORTED, e);
            return null;
        }
    }

    public void g(String str) {
        this.d = str;
    }
}
