package com.microsoft.identity.common.internal.cache;

import android.content.Context;
import android.support.annotation.NonNull;
import com.microsoft.identity.common.adal.internal.util.StringExtensions;
import com.microsoft.identity.common.exception.ClientException;
import com.microsoft.identity.common.exception.ErrorStrings;
import com.microsoft.identity.common.internal.dto.AccessToken;
import com.microsoft.identity.common.internal.dto.Account;
import com.microsoft.identity.common.internal.dto.Credential;
import com.microsoft.identity.common.internal.dto.CredentialType;
import com.microsoft.identity.common.internal.dto.IdToken;
import com.microsoft.identity.common.internal.dto.RefreshToken;
import com.microsoft.identity.common.internal.logging.Logger;
import com.microsoft.identity.common.internal.providers.microsoft.MicrosoftAccount;
import com.microsoft.identity.common.internal.providers.microsoft.MicrosoftRefreshToken;
import com.microsoft.identity.common.internal.providers.microsoft.microsoftsts.MicrosoftStsAuthorizationRequest;
import com.microsoft.identity.common.internal.providers.microsoft.microsoftsts.MicrosoftStsOAuth2Strategy;
import com.microsoft.identity.common.internal.providers.microsoft.microsoftsts.MicrosoftStsTokenResponse;
import com.microsoft.identity.common.internal.providers.oauth2.OAuth2TokenCache;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashSet;
import java.util.List;
import java.util.Set;

/* loaded from: classes.dex */
public class MsalOAuth2TokenCache extends OAuth2TokenCache<MicrosoftStsOAuth2Strategy, MicrosoftStsAuthorizationRequest, MicrosoftStsTokenResponse> implements IShareSingleSignOnState<MicrosoftAccount, MicrosoftRefreshToken> {
    private static final String TAG = MsalOAuth2TokenCache.class.getSimpleName();
    private IAccountCredentialAdapter<MicrosoftStsOAuth2Strategy, MicrosoftStsAuthorizationRequest, MicrosoftStsTokenResponse, MicrosoftAccount, MicrosoftRefreshToken> mAccountCredentialAdapter;
    private IAccountCredentialCache mAccountCredentialCache;
    private List<IShareSingleSignOnState> mSharedSsoCaches;

    public MsalOAuth2TokenCache(Context context, IAccountCredentialCache iAccountCredentialCache, IAccountCredentialAdapter<MicrosoftStsOAuth2Strategy, MicrosoftStsAuthorizationRequest, MicrosoftStsTokenResponse, MicrosoftAccount, MicrosoftRefreshToken> iAccountCredentialAdapter) {
        super(context);
        Logger.verbose(TAG, "Init: " + TAG);
        this.mAccountCredentialCache = iAccountCredentialCache;
        this.mSharedSsoCaches = new ArrayList();
        this.mAccountCredentialAdapter = iAccountCredentialAdapter;
    }

    public MsalOAuth2TokenCache(Context context, IAccountCredentialCache iAccountCredentialCache, IAccountCredentialAdapter<MicrosoftStsOAuth2Strategy, MicrosoftStsAuthorizationRequest, MicrosoftStsTokenResponse, MicrosoftAccount, MicrosoftRefreshToken> iAccountCredentialAdapter, List<IShareSingleSignOnState> list) {
        super(context);
        Logger.verbose(TAG, "Init: " + TAG);
        this.mAccountCredentialCache = iAccountCredentialCache;
        this.mSharedSsoCaches = list;
        this.mAccountCredentialAdapter = iAccountCredentialAdapter;
    }

    private void deleteAccessTokensWithIntersectingScopes(AccessToken accessToken) {
        List<Credential> credentialsFilteredBy = this.mAccountCredentialCache.getCredentialsFilteredBy(accessToken.getHomeAccountId(), accessToken.getEnvironment(), CredentialType.AccessToken, accessToken.getClientId(), accessToken.getRealm(), null);
        Logger.verbose(TAG + ":deleteAccessTokensWithIntersectingScopes", "Inspecting " + credentialsFilteredBy.size() + " accessToken[s].");
        for (Credential credential : credentialsFilteredBy) {
            if (scopesIntersect(accessToken, (AccessToken) credential)) {
                Logger.infoPII(TAG + ":deleteAccessTokensWithIntersectingScopes", "Removing credential: " + credential);
                this.mAccountCredentialCache.removeCredential(credential);
            }
        }
    }

    private static boolean isAccessTokenSchemaCompliant(@NonNull AccessToken accessToken) {
        return isSchemaCompliant(accessToken.getClass(), new String[][]{new String[]{Credential.SerializedNames.CREDENTIAL_TYPE, accessToken.getCredentialType()}, new String[]{"home_account_id", accessToken.getHomeAccountId()}, new String[]{"realm", accessToken.getRealm()}, new String[]{"environment", accessToken.getEnvironment()}, new String[]{"client_id", accessToken.getClientId()}, new String[]{"target", accessToken.getTarget()}, new String[]{Credential.SerializedNames.CACHED_AT, accessToken.getCachedAt()}, new String[]{Credential.SerializedNames.EXPIRES_ON, accessToken.getExpiresOn()}, new String[]{"secret", accessToken.getSecret()}});
    }

    private static boolean isAccountSchemaCompliant(@NonNull Account account) {
        return isSchemaCompliant(account.getClass(), new String[][]{new String[]{"home_account_id", account.getHomeAccountId()}, new String[]{"environment", account.getEnvironment()}, new String[]{"realm", account.getRealm()}, new String[]{Account.SerializedNames.LOCAL_ACCOUNT_ID, account.getLocalAccountId()}, new String[]{Account.SerializedNames.USERNAME, account.getUsername()}, new String[]{Account.SerializedNames.AUTHORITY_TYPE, account.getAuthorityType()}});
    }

    private static boolean isIdTokenSchemaCompliant(@NonNull IdToken idToken) {
        return isSchemaCompliant(idToken.getClass(), new String[][]{new String[]{"home_account_id", idToken.getHomeAccountId()}, new String[]{"environment", idToken.getEnvironment()}, new String[]{"realm", idToken.getRealm()}, new String[]{Credential.SerializedNames.CREDENTIAL_TYPE, idToken.getCredentialType()}, new String[]{"client_id", idToken.getClientId()}, new String[]{"secret", idToken.getSecret()}});
    }

    private static boolean isRefreshTokenSchemaCompliant(@NonNull RefreshToken refreshToken) {
        return isSchemaCompliant(refreshToken.getClass(), new String[][]{new String[]{Credential.SerializedNames.CREDENTIAL_TYPE, refreshToken.getCredentialType()}, new String[]{"environment", refreshToken.getEnvironment()}, new String[]{"home_account_id", refreshToken.getHomeAccountId()}, new String[]{"client_id", refreshToken.getClientId()}, new String[]{"secret", refreshToken.getSecret()}});
    }

    private static boolean isSchemaCompliant(Class<?> cls, String[][] strArr) {
        boolean z = true;
        for (String[] strArr2 : strArr) {
            z = z && !StringExtensions.isNullOrBlank(strArr2[1]);
        }
        if (!z) {
            Logger.warn(TAG + ":isSchemaCompliant", cls.getSimpleName() + " does not contain all required fields.");
            for (String[] strArr3 : strArr) {
                Logger.warn(TAG + ":isSchemaCompliant", strArr3[0] + " is null? [" + StringExtensions.isNullOrBlank(strArr3[1]) + "]");
            }
        }
        return z;
    }

    private void saveAccounts(Account... accountArr) {
        for (Account account : accountArr) {
            this.mAccountCredentialCache.saveAccount(account);
        }
    }

    private void saveCredentials(Credential... credentialArr) {
        for (Credential credential : credentialArr) {
            if (credential instanceof AccessToken) {
                deleteAccessTokensWithIntersectingScopes((AccessToken) credential);
            }
            this.mAccountCredentialCache.saveCredential(credential);
        }
    }

    private Set<String> scopesAsSet(AccessToken accessToken) {
        HashSet hashSet = new HashSet();
        String target = accessToken.getTarget();
        if (!StringExtensions.isNullOrBlank(target)) {
            hashSet.addAll(Arrays.asList(target.split("\\s+")));
        }
        return hashSet;
    }

    private boolean scopesIntersect(AccessToken accessToken, AccessToken accessToken2) {
        Set<String> scopesAsSet = scopesAsSet(accessToken);
        for (String str : scopesAsSet(accessToken2)) {
            if (scopesAsSet.contains(str)) {
                Logger.info(TAG + ":scopesIntersect", "Scopes intersect.");
                Logger.infoPII(TAG + ":scopesIntersect", scopesAsSet.toString() + " contains [" + str + "]");
                return true;
            }
        }
        return false;
    }

    private void validateCacheArtifacts(@NonNull Account account, AccessToken accessToken, @NonNull RefreshToken refreshToken, @NonNull IdToken idToken) throws ClientException {
        boolean isAccountSchemaCompliant = isAccountSchemaCompliant(account);
        boolean z = accessToken == null || isAccessTokenSchemaCompliant(accessToken);
        boolean isRefreshTokenSchemaCompliant = isRefreshTokenSchemaCompliant(refreshToken);
        boolean isIdTokenSchemaCompliant = isIdTokenSchemaCompliant(idToken);
        if (!isAccountSchemaCompliant) {
            throw new ClientException(ErrorStrings.ACCOUNT_IS_SCHEMA_NONCOMPLIANT);
        }
        if (z && isRefreshTokenSchemaCompliant && isIdTokenSchemaCompliant) {
            return;
        }
        String str = z ? "[" : "[(AT)";
        if (!isRefreshTokenSchemaCompliant) {
            str = str + "(RT)";
        }
        if (!isIdTokenSchemaCompliant) {
            str = str + "(ID)";
        }
        throw new ClientException(ErrorStrings.CREDENTIAL_IS_SCHEMA_NONCOMPLIANT, str + "]");
    }

    @Override // com.microsoft.identity.common.internal.cache.IShareSingleSignOnState
    public MicrosoftRefreshToken getSingleSignOnState(MicrosoftAccount microsoftAccount) {
        return null;
    }

    @Override // com.microsoft.identity.common.internal.providers.oauth2.OAuth2TokenCache
    public void saveTokens(MicrosoftStsOAuth2Strategy microsoftStsOAuth2Strategy, MicrosoftStsAuthorizationRequest microsoftStsAuthorizationRequest, MicrosoftStsTokenResponse microsoftStsTokenResponse) throws ClientException {
        Account createAccount = this.mAccountCredentialAdapter.createAccount(microsoftStsOAuth2Strategy, microsoftStsAuthorizationRequest, microsoftStsTokenResponse);
        AccessToken createAccessToken = this.mAccountCredentialAdapter.createAccessToken(microsoftStsOAuth2Strategy, microsoftStsAuthorizationRequest, microsoftStsTokenResponse);
        RefreshToken createRefreshToken = this.mAccountCredentialAdapter.createRefreshToken(microsoftStsOAuth2Strategy, microsoftStsAuthorizationRequest, microsoftStsTokenResponse);
        IdToken createIdToken = this.mAccountCredentialAdapter.createIdToken(microsoftStsOAuth2Strategy, microsoftStsAuthorizationRequest, microsoftStsTokenResponse);
        validateCacheArtifacts(createAccount, createAccessToken, createRefreshToken, createIdToken);
        saveAccounts(createAccount);
        saveCredentials(createAccessToken, createRefreshToken, createIdToken);
    }

    @Override // com.microsoft.identity.common.internal.cache.IShareSingleSignOnState
    public void setSingleSignOnState(MicrosoftAccount microsoftAccount, MicrosoftRefreshToken microsoftRefreshToken) {
        try {
            Account asAccount = this.mAccountCredentialAdapter.asAccount(microsoftAccount);
            RefreshToken asRefreshToken = this.mAccountCredentialAdapter.asRefreshToken(microsoftRefreshToken);
            IdToken asIdToken = this.mAccountCredentialAdapter.asIdToken(microsoftAccount, microsoftRefreshToken);
            validateCacheArtifacts(asAccount, null, asRefreshToken, asIdToken);
            this.mAccountCredentialCache.saveAccount(asAccount);
            this.mAccountCredentialCache.saveCredential(asIdToken);
            this.mAccountCredentialCache.saveCredential(asRefreshToken);
        } catch (ClientException e) {
            Logger.error(TAG + ":setSingleSignOnState", "", new IllegalArgumentException("Cannot set SSO state. Invalid or inadequate Account and/or token provided. (See logs)", e));
        }
    }
}
