package com.microsoft.onlineid.sdk.extension;

import android.content.Context;
import android.os.Bundle;
import com.azure.authenticator.notifications.fcm.FcmListenerService;
import com.azure.authenticator.notifications.msa.MsaProtectionNotification;
import com.microsoft.onlineid.ISecurityScope;
import com.microsoft.onlineid.SecurityScope;
import com.microsoft.onlineid.Ticket;
import com.microsoft.onlineid.exception.AuthenticationException;
import com.microsoft.onlineid.internal.exception.AccountNotFoundException;
import com.microsoft.onlineid.internal.log.Logger;
import com.microsoft.onlineid.internal.sso.BundleMarshaller;
import com.microsoft.onlineid.internal.sso.client.MsaSsoClient;
import com.microsoft.onlineid.internal.storage.TypedStorage;
import com.microsoft.onlineid.sdk.extension.Session;
import com.microsoft.onlineid.sdk.extension.storage.ExtensionTypedStorage;
import com.microsoft.onlineid.sts.AuthenticatorUserAccount;
import com.microsoft.onlineid.sts.DeviceIdentity;
import com.microsoft.onlineid.sts.ExtensionDeviceIdentityManager;
import com.microsoft.onlineid.sts.exception.StsException;
import com.microsoft.onlineid.sts.request.AbstractSessionApprovalRequest;
import com.microsoft.onlineid.sts.request.ApproveSessionRequest;
import com.microsoft.onlineid.sts.request.NgcRequestFactory;
import com.microsoft.onlineid.sts.request.SessionRequestFactory;
import com.microsoft.onlineid.sts.response.ApproveSessionResponse;
import com.microsoft.onlineid.sts.response.ListSessionsResponse;
import com.microsoft.onlineid.sts.response.ManageApproverResponse;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Locale;
import java.util.Set;

/* loaded from: classes.dex */
public class SessionManager {
    public static final ISecurityScope ApproverRegisterLoginProofTokenScope = new SecurityScope("http://Passport.NET/purpose", "PURPOSE_APPROVERREGISTER");
    public static final String NgcApprovalNotificationType = "RemoteNGCPending";
    public static final String SessionApprovalNotificationType = "SessionApprovalPending";
    private final Context _applicationContext;
    private final ExtensionDeviceIdentityManager _deviceManager;
    private final ExtensionTypedStorage _localStorage;
    private final MsaSsoClient _msaSsoClient;
    private final NgcRequestFactory _ngcRequestFactory;
    private final SessionRequestFactory _sessionRequestFactory;
    private final TypedStorage _ssoStorage;

    public SessionManager(Context context) {
        this._applicationContext = context;
        this._deviceManager = new ExtensionDeviceIdentityManager(context);
        this._sessionRequestFactory = new SessionRequestFactory(context);
        this._ngcRequestFactory = new NgcRequestFactory(context);
        this._localStorage = new ExtensionTypedStorage(context);
        this._ssoStorage = new TypedStorage(context);
        this._msaSsoClient = new MsaSsoClient(context);
    }

    private static Date getDate(String str) {
        try {
            return new Date(Long.parseLong(str) * 1000);
        } catch (NumberFormatException unused) {
            Logger.error(String.format(Locale.US, "Server returned invalid time %s", str));
            return null;
        }
    }

    private DeviceIdentity getDeviceIdentity() throws AuthenticationException {
        DeviceIdentity readDeviceIdentity = this._localStorage.readDeviceIdentity();
        if (readDeviceIdentity != null && readDeviceIdentity.getDAToken() != null) {
            return readDeviceIdentity;
        }
        DeviceIdentity readDeviceIdentity2 = this._ssoStorage.readDeviceIdentity();
        if (readDeviceIdentity2 != null && readDeviceIdentity2.getDAToken() != null) {
            this._localStorage.writeDeviceIdentity(readDeviceIdentity2);
            return readDeviceIdentity2;
        }
        DeviceIdentity retrieveDeviceIdentityFromSsoMaster = retrieveDeviceIdentityFromSsoMaster();
        if (retrieveDeviceIdentityFromSsoMaster != null && retrieveDeviceIdentityFromSsoMaster.getDAToken() != null) {
            this._localStorage.writeDeviceIdentity(retrieveDeviceIdentityFromSsoMaster);
            return retrieveDeviceIdentityFromSsoMaster;
        }
        DeviceIdentity deviceIdentity = this._deviceManager.getDeviceIdentity(false);
        this._ssoStorage.writeDeviceIdentity(deviceIdentity);
        return deviceIdentity;
    }

    public static String parseCidFromNotification(Bundle bundle) {
        return bundle.getString(MsaProtectionNotification.KEY_MESSAGE_CID);
    }

    public static Session parseSessionFromNotification(Context context, Bundle bundle) throws AuthenticationException {
        Session.SessionType sessionType;
        Session.SessionType sessionType2;
        Date date = new Date();
        String string = bundle.getString("type");
        String string2 = bundle.getString(MsaProtectionNotification.KEY_MESSAGE_CID);
        String string3 = bundle.getString(FcmListenerService.MSA_SESSION_INTERNAL_SID);
        String string4 = bundle.getString("DisplaySID");
        String string5 = bundle.getString(FcmListenerService.MSA_SESSION_REQUEST_TIME);
        String string6 = bundle.getString("expirationTime");
        String string7 = bundle.getString("country");
        String string8 = bundle.getString("operatingSystem");
        String string9 = bundle.getString("browser");
        String string10 = bundle.getString("firstVerificationSign");
        String string11 = bundle.getString("secondVerificationSign");
        String string12 = bundle.getString("thirdVerificationSign");
        AuthenticatorUserAccount readAccount = readAccount(new TypedStorage(context), string2);
        if (readAccount == null) {
            throw new AccountNotFoundException();
        }
        Session.SessionType sessionType3 = Session.SessionType.Unknown;
        try {
            if (SessionApprovalNotificationType.equals(string)) {
                sessionType2 = Session.SessionType.Device;
            } else {
                if (!NgcApprovalNotificationType.equals(string)) {
                    sessionType = sessionType3;
                    return new Session(readAccount.getPuid(), readAccount.getCid(), Session.State.Pending, string3, string4, getDate(string5), getDate(string6), date, string7, string8, string9, string10, string11, string12, sessionType);
                }
                sessionType2 = Session.SessionType.NGC;
            }
            return new Session(readAccount.getPuid(), readAccount.getCid(), Session.State.Pending, string3, string4, getDate(string5), getDate(string6), date, string7, string8, string9, string10, string11, string12, sessionType);
        } catch (IllegalArgumentException e) {
            Logger.error("Error parsing session from GCM bundle.", e);
            return null;
        }
        sessionType = sessionType2;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static AuthenticatorUserAccount readAccount(TypedStorage typedStorage, String str) {
        for (AuthenticatorUserAccount authenticatorUserAccount : typedStorage.readAllAccounts()) {
            if (authenticatorUserAccount.getCid().equals(str)) {
                return authenticatorUserAccount;
            }
        }
        return null;
    }

    private Set<AuthenticatorUserAccount> readAccounts(Set<String> set) {
        HashSet hashSet = new HashSet();
        for (AuthenticatorUserAccount authenticatorUserAccount : this._ssoStorage.readAllAccounts()) {
            if (set.contains(authenticatorUserAccount.getCid())) {
                hashSet.add(authenticatorUserAccount);
            }
        }
        return hashSet;
    }

    private byte[] register(Ticket ticket, String str, String str2) throws AuthenticationException {
        DeviceIdentity deviceIdentity = getDeviceIdentity();
        String market = AbstractSessionApprovalRequest.getMarket(this._applicationContext);
        ManageApproverResponse manageApproverResponse = (ManageApproverResponse) (str2 == null ? this._sessionRequestFactory.createRegisterApproverRequest(ticket, deviceIdentity, str, market) : this._ngcRequestFactory.createRegisterApproverRequest(ticket, deviceIdentity, str, str2, market)).send();
        if (!manageApproverResponse.succeeded()) {
            throw new StsException("Could not register.", manageApproverResponse.getError());
        }
        Logger.info("Account is successfully registered.");
        return manageApproverResponse.getTotpKey();
    }

    private DeviceIdentity retrieveDeviceIdentityFromSsoMaster() {
        try {
            return BundleMarshaller.deviceAccountFromBundle(this._msaSsoClient.getBackup());
        } catch (Exception e) {
            Logger.error("Retrieve device identity failed.", e);
            return null;
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    public void approveRequest(Session session, ApproveSessionRequest.RequestType requestType) throws AuthenticationException {
        ApproveSessionResponse approveSessionResponse = (ApproveSessionResponse) this._sessionRequestFactory.createApproveSessionRequest(getDeviceIdentity(), session, requestType).send();
        if (!approveSessionResponse.succeeded() && approveSessionResponse.getError().isRetryableDeviceDAErrorForDeviceAuth()) {
            Logger.warning("The device DAToken is expired or invalid.");
            approveSessionResponse = (ApproveSessionResponse) this._sessionRequestFactory.createApproveSessionRequest(this._deviceManager.getDeviceIdentity(true), session, requestType).send();
        }
        if (!approveSessionResponse.succeeded()) {
            throw new StsException("Could not approve session.", approveSessionResponse.getError());
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    public ListSessionsResult listSessions(Set<String> set, boolean z) throws AuthenticationException {
        Set<AuthenticatorUserAccount> readAccounts = readAccounts(set);
        if (readAccounts.isEmpty()) {
            return new ListSessionsResult();
        }
        ListSessionsResponse listSessionsResponse = (ListSessionsResponse) this._sessionRequestFactory.createListSessionsRequest(getDeviceIdentity(), readAccounts, z).send();
        if (!listSessionsResponse.succeeded() && listSessionsResponse.getError().isRetryableDeviceDAErrorForDeviceAuth()) {
            Logger.warning("The device DAToken is expired or invalid.");
            listSessionsResponse = (ListSessionsResponse) this._sessionRequestFactory.createListSessionsRequest(this._deviceManager.getDeviceIdentity(true), readAccounts, true).send();
        }
        if (!listSessionsResponse.succeeded()) {
            throw new StsException("ListSessions request failed.", listSessionsResponse.getError());
        }
        HashSet hashSet = new HashSet();
        if (z) {
            Iterator<String> it = listSessionsResponse.getNotRegistered().iterator();
            while (it.hasNext()) {
                AuthenticatorUserAccount readAccount = this._ssoStorage.readAccount(it.next());
                if (readAccount != null) {
                    hashSet.add(readAccount.getCid());
                } else {
                    Logger.error("Unregistered account not found in storage.");
                }
            }
        }
        ArrayList arrayList = new ArrayList();
        for (Session session : listSessionsResponse.getSessions()) {
            AuthenticatorUserAccount readAccount2 = this._ssoStorage.readAccount(session.getAccountPuid());
            if (readAccount2 == null) {
                Logger.error("Account associated with session not found in storage.");
            } else if (session.getState() == Session.State.Pending) {
                session.setAccountCid(readAccount2.getCid());
                arrayList.add(session);
            }
        }
        return new ListSessionsResult(hashSet, arrayList);
    }

    public byte[] registerForNgcAndSessionApproval(Ticket ticket, String str, String str2) throws AuthenticationException {
        return register(ticket, str, str2);
    }

    public byte[] registerForSessionApproval(Ticket ticket, String str) throws AuthenticationException {
        return register(ticket, str, null);
    }

    /* JADX WARN: Multi-variable type inference failed */
    public void unregister(String str) throws AuthenticationException {
        AuthenticatorUserAccount readAccount = readAccount(this._ssoStorage, str);
        if (readAccount == null) {
            throw new AccountNotFoundException("Account not found in storage.");
        }
        ManageApproverResponse manageApproverResponse = (ManageApproverResponse) this._sessionRequestFactory.createUnregisterApproverRequest(getDeviceIdentity(), readAccount.getPuid()).send();
        if (!manageApproverResponse.succeeded() && manageApproverResponse.getError().isRetryableDeviceDAErrorForDeviceAuth()) {
            Logger.warning("The device DAToken is expired or invalid.");
            manageApproverResponse = (ManageApproverResponse) this._sessionRequestFactory.createUnregisterApproverRequest(this._deviceManager.getDeviceIdentity(true), readAccount.getPuid()).send();
        }
        if (!manageApproverResponse.succeeded()) {
            throw new StsException("Could not unregister session approver.", manageApproverResponse.getError());
        }
        Logger.info("Account is unregistered for session approval.");
    }

    /* JADX WARN: Multi-variable type inference failed */
    public void updateRegistration(String str, String str2) throws AuthenticationException {
        AuthenticatorUserAccount readAccount = readAccount(this._ssoStorage, str);
        if (readAccount == null) {
            throw new AccountNotFoundException("Account not found in storage.");
        }
        ManageApproverResponse manageApproverResponse = (ManageApproverResponse) this._sessionRequestFactory.createUpdateApproverRequest(getDeviceIdentity(), readAccount.getPuid(), str2).send();
        if (!manageApproverResponse.succeeded() && manageApproverResponse.getError().isRetryableDeviceDAErrorForDeviceAuth()) {
            Logger.warning("The device DAToken is expired or invalid.");
            manageApproverResponse = (ManageApproverResponse) this._sessionRequestFactory.createUpdateApproverRequest(this._deviceManager.getDeviceIdentity(true), readAccount.getPuid(), str2).send();
        }
        if (!manageApproverResponse.succeeded()) {
            throw new StsException("Could not update session approval registration.", manageApproverResponse.getError());
        }
    }
}
