package com.microsoft.identity.client;

import android.accounts.Account;
import android.content.Context;
import android.content.Intent;
import android.text.TextUtils;
import com.microsoft.identity.common.adal.internal.AuthenticationConstants;
import com.microsoft.identity.common.adal.internal.net.HttpWebRequest;
import com.microsoft.identity.common.exception.ArgumentException;
import com.microsoft.identity.common.exception.ClientException;
import com.microsoft.identity.common.exception.ErrorStrings;
import com.microsoft.identity.common.exception.ServiceException;
import com.microsoft.identity.common.internal.authorities.Authority;
import com.microsoft.identity.common.internal.broker.JoinedAccountRequestHandler;
import com.microsoft.identity.common.internal.cache.BrokerOAuth2TokenCache;
import com.microsoft.identity.common.internal.cache.ICacheRecord;
import com.microsoft.identity.common.internal.cache.SchemaUtil;
import com.microsoft.identity.common.internal.controllers.BaseController;
import com.microsoft.identity.common.internal.dto.AccessTokenRecord;
import com.microsoft.identity.common.internal.dto.AccountRecord;
import com.microsoft.identity.common.internal.dto.Credential;
import com.microsoft.identity.common.internal.dto.CredentialType;
import com.microsoft.identity.common.internal.dto.IdTokenRecord;
import com.microsoft.identity.common.internal.logging.Logger;
import com.microsoft.identity.common.internal.providers.microsoft.MicrosoftTokenResponse;
import com.microsoft.identity.common.internal.providers.microsoft.azureactivedirectory.AzureActiveDirectory;
import com.microsoft.identity.common.internal.providers.microsoft.azureactivedirectory.AzureActiveDirectoryCloud;
import com.microsoft.identity.common.internal.providers.microsoft.azureactivedirectory.ClientInfo;
import com.microsoft.identity.common.internal.providers.microsoft.microsoftsts.MicrosoftStsTokenResponse;
import com.microsoft.identity.common.internal.providers.oauth2.IDToken;
import com.microsoft.identity.common.internal.providers.oauth2.OpenIdConnectPromptParameter;
import com.microsoft.identity.common.internal.providers.oauth2.TokenResult;
import com.microsoft.identity.common.internal.request.AcquireTokenOperationParameters;
import com.microsoft.identity.common.internal.request.AcquireTokenSilentOperationParameters;
import com.microsoft.identity.common.internal.request.BrokerAcquireTokenOperationParameters;
import com.microsoft.identity.common.internal.request.BrokerAcquireTokenSilentOperationParameters;
import com.microsoft.identity.common.internal.request.OperationParameters;
import com.microsoft.identity.common.internal.request.SdkType;
import com.microsoft.identity.common.internal.result.AcquireTokenResult;
import com.microsoft.identity.common.internal.result.LocalAuthenticationResult;
import com.microsoft.identity.common.internal.ui.webview.WebViewUtil;
import com.microsoft.identity.common.internal.util.DateUtilities;
import com.microsoft.workaccount.authenticatorservice.KeyHandler;
import com.microsoft.workaccount.workplacejoin.AccountManagerStorageHelper;
import com.microsoft.workaccount.workplacejoin.core.StringHelper;
import com.microsoft.workaccount.workplacejoin.telemetry.EventPropertyGenerator;
import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.Arrays;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.TimeoutException;

/* loaded from: classes.dex */
public class BrokerJoinedAccountController extends BrokerLocalController {
    private static final String TAG = "BrokerJoinedAccountController";

    private AcquireTokenResult acquireBRT(BrokerAcquireTokenOperationParameters brokerAcquireTokenOperationParameters, AccountManagerStorageHelper accountManagerStorageHelper) throws InterruptedException, ClientException, TimeoutException, ServiceException, ExecutionException, ArgumentException, IOException {
        Logger.info(TAG + ":acquireBRT", "Start BRT acquisition.");
        if (!brokerAcquireTokenOperationParameters.isRequestFromBroker()) {
            brokerAcquireTokenOperationParameters = BrokerOperationParametersUtils.getBrokerRTAcquireTokenParametersWithDRSDiscovery(brokerAcquireTokenOperationParameters, accountManagerStorageHelper.getWPJAccount().name);
        }
        return super.acquireToken(brokerAcquireTokenOperationParameters);
    }

    private AcquireTokenResult acquireTokenInterruptFlow(BrokerAcquireTokenOperationParameters brokerAcquireTokenOperationParameters, AccountManagerStorageHelper accountManagerStorageHelper, String str) throws InterruptedException, ExecutionException, ClientException, ServiceException, ArgumentException, IOException, TimeoutException {
        Logger.info(TAG + ":acquireTokenInterruptFlow", "Resolve the interrupt.");
        HashMap<String, String> hashMap = new HashMap<>();
        hashMap.put(AuthenticationConstants.Broker.PRT_RESPONSE_HEADER, str);
        brokerAcquireTokenOperationParameters.setRequestHeaders(hashMap);
        brokerAcquireTokenOperationParameters.setOpenIdConnectPromptParameter(OpenIdConnectPromptParameter.NONE);
        brokerAcquireTokenOperationParameters.setRequestType(BrokerAcquireTokenOperationParameters.RequestType.RESOLVE_INTERRUPT);
        AcquireTokenResult acquireToken = super.acquireToken(brokerAcquireTokenOperationParameters);
        if (!acquireToken.getSucceeded().booleanValue()) {
            Logger.warn(TAG + ":acquireTokenInterruptFlow", "Failed to resolve an interrupt.");
            return acquireToken;
        }
        Logger.info(TAG + ":acquireTokenInterruptFlow", "Interrupt resolved. Update BRT with the resolved claim.");
        BrokerAcquireTokenOperationParameters brokerRTAcquireTokenParametersWithDRSDiscovery = BrokerOperationParametersUtils.getBrokerRTAcquireTokenParametersWithDRSDiscovery(brokerAcquireTokenOperationParameters, accountManagerStorageHelper.getWPJAccount().name);
        HashSet hashSet = new HashSet();
        hashSet.add("urn:aad:tb:update:prt/.default");
        hashSet.add(AuthenticationConstants.OAuth2Scopes.OFFLINE_ACCESS_SCOPE);
        hashSet.add("openid");
        hashSet.add("profile");
        brokerRTAcquireTokenParametersWithDRSDiscovery.setScopes(hashSet);
        brokerRTAcquireTokenParametersWithDRSDiscovery.setOpenIdConnectPromptParameter(OpenIdConnectPromptParameter.NONE);
        brokerRTAcquireTokenParametersWithDRSDiscovery.setRequestType(BrokerAcquireTokenOperationParameters.RequestType.RESOLVE_INTERRUPT);
        return super.acquireToken(brokerRTAcquireTokenParametersWithDRSDiscovery);
    }

    private AcquireTokenResult acquireTokenWithPRT(BrokerAcquireTokenSilentOperationParameters brokerAcquireTokenSilentOperationParameters) throws ClientException, ServiceException {
        HttpWebRequest.throwIfNetworkNotAvailable(brokerAcquireTokenSilentOperationParameters.getAppContext());
        Authority.KnownAuthorityResult knownAuthorityResult = Authority.getKnownAuthorityResult(brokerAcquireTokenSilentOperationParameters.getAuthority());
        if (!knownAuthorityResult.getKnown()) {
            throw knownAuthorityResult.getClientException();
        }
        JoinedAccountRequestHandler joinedAccountRequestHandler = new JoinedAccountRequestHandler(brokerAcquireTokenSilentOperationParameters.getAppContext(), new AccountManagerStorageHelper(brokerAcquireTokenSilentOperationParameters.getAppContext()));
        MicrosoftStsTokenResponse requestAccessTokenWithPrt = joinedAccountRequestHandler.requestAccessTokenWithPrt(joinedAccountRequestHandler.getPrimaryRefreshToken(brokerAcquireTokenSilentOperationParameters.getAccountManagerAccount(), brokerAcquireTokenSilentOperationParameters.getAuthority(), brokerAcquireTokenSilentOperationParameters.getCorrelationId(), brokerAcquireTokenSilentOperationParameters.getSleepTimeBeforePrtAcquisition()), brokerAcquireTokenSilentOperationParameters);
        List<ICacheRecord> saveToCache = saveToCache(brokerAcquireTokenSilentOperationParameters, brokerAcquireTokenSilentOperationParameters.getSdkType(), (BrokerOAuth2TokenCache) brokerAcquireTokenSilentOperationParameters.getTokenCache(), requestAccessTokenWithPrt);
        AcquireTokenResult acquireTokenResult = new AcquireTokenResult();
        TokenResult tokenResult = new TokenResult(requestAccessTokenWithPrt);
        BaseController.logResult(TAG + ":acquireTokenWithPRT", tokenResult);
        LocalAuthenticationResult localAuthenticationResult = new LocalAuthenticationResult(saveToCache.get(0), saveToCache, brokerAcquireTokenSilentOperationParameters.getSdkType());
        localAuthenticationResult.setSpeRing(requestAccessTokenWithPrt.getSpeRing());
        localAuthenticationResult.setRefreshTokenAge(requestAccessTokenWithPrt.getRefreshTokenAge());
        acquireTokenResult.setTokenResult(tokenResult);
        acquireTokenResult.setLocalAuthenticationResult(localAuthenticationResult);
        return acquireTokenResult;
    }

    private Account getAccountForBRTResult(AcquireTokenResult acquireTokenResult, AcquireTokenOperationParameters acquireTokenOperationParameters, AccountManagerStorageHelper accountManagerStorageHelper) throws ServiceException {
        String loginHint = acquireTokenOperationParameters.getLoginHint();
        if (TextUtils.isEmpty(loginHint)) {
            loginHint = SchemaUtil.getDisplayableId(new IDToken(acquireTokenResult.getTokenResult().getTokenResponse().getIdToken()).getTokenClaims());
        }
        return accountManagerStorageHelper.getAccount(loginHint, "com.microsoft.workaccount");
    }

    private String getInterruptFlowRefreshTokenCredential(BrokerAcquireTokenOperationParameters brokerAcquireTokenOperationParameters, AccountManagerStorageHelper accountManagerStorageHelper) {
        Account account;
        if (!brokerAcquireTokenOperationParameters.getShouldResolveInterrupt() || (account = accountManagerStorageHelper.getAccount(brokerAcquireTokenOperationParameters.getLoginHint(), "com.microsoft.workaccount")) == null) {
            return null;
        }
        try {
            return JoinedAccountRequestHandler.getResolveInterruptRefreshCredential(account, new KeyHandler(brokerAcquireTokenOperationParameters.getAppContext()), brokerAcquireTokenOperationParameters.getAuthority());
        } catch (ClientException e) {
            Logger.error(TAG, "Exception when trying to resolve interrupt refresh credential", e);
            return null;
        }
    }

    private List<ICacheRecord> saveToCache(OperationParameters operationParameters, SdkType sdkType, BrokerOAuth2TokenCache brokerOAuth2TokenCache, MicrosoftStsTokenResponse microsoftStsTokenResponse) throws ClientException, ServiceException {
        Logger.verbose(TAG + ":saveToCache", "Saving tokens to cache..");
        AccessTokenRecord accessTokenRecord = getAccessTokenRecord(microsoftStsTokenResponse, operationParameters);
        AccountRecord accountRecord = getAccountRecord(sdkType, operationParameters, microsoftStsTokenResponse);
        IdTokenRecord idTokenRecord = getIdTokenRecord(microsoftStsTokenResponse, accountRecord.getRealm(), operationParameters);
        List<ICacheRecord> saveAndLoadAggregatedAccountData = brokerOAuth2TokenCache.saveAndLoadAggregatedAccountData(accountRecord, idTokenRecord, accessTokenRecord, microsoftStsTokenResponse.getFamilyId());
        saveResultToAccountManager(operationParameters.getAppContext(), accountRecord, idTokenRecord, operationParameters.getAuthority(), microsoftStsTokenResponse);
        return saveAndLoadAggregatedAccountData;
    }

    private void setCredentialEnvironment(Credential credential, Authority authority, MicrosoftTokenResponse microsoftTokenResponse) {
        URL authorityURL = authority.getAuthorityURL();
        if (!microsoftTokenResponse.getAuthority().isEmpty()) {
            try {
                authorityURL = new URL(microsoftTokenResponse.getAuthority());
            } catch (MalformedURLException e) {
                Logger.error(TAG, "Authority url construction failed, setting request authority to result", e);
            }
        }
        AzureActiveDirectoryCloud azureActiveDirectoryCloud = AzureActiveDirectory.getAzureActiveDirectoryCloud(authorityURL);
        if (azureActiveDirectoryCloud != null) {
            Logger.info(TAG, "Using preferred cache host name...");
            credential.setEnvironment(azureActiveDirectoryCloud.getPreferredCacheHostName());
        } else {
            credential.setEnvironment(authorityURL.getHost());
        }
        if (credential instanceof IdTokenRecord) {
            ((IdTokenRecord) credential).setAuthority(authorityURL.toString());
        }
        if (credential instanceof AccessTokenRecord) {
            ((AccessTokenRecord) credential).setAuthority(authorityURL.toString());
        }
    }

    private void throwIfBRTAccountDoesNotBelongToWpjTenant(Account account, AccountManagerStorageHelper accountManagerStorageHelper) throws ClientException, ServiceException {
        if (!accountManagerStorageHelper.isSharedDevice() || accountManagerStorageHelper.getAccountHomeTenantId(account).equalsIgnoreCase(accountManagerStorageHelper.getAccountHomeTenantId(accountManagerStorageHelper.getWPJAccount()))) {
            return;
        }
        accountManagerStorageHelper.getAccountManager().removeAccount(account, null, null);
        throw new ClientException(ClientException.BRT_TENANT_MISMATCH, "The account's home tenant is not the same tenant this device is registered to.");
    }

    private void throwIfThereIsAlreadyASignedInAccountInSharedDeviceMode(Account account, AccountManagerStorageHelper accountManagerStorageHelper, Context context) throws ClientException {
        if (accountManagerStorageHelper.isSharedDevice()) {
            List<Account> brtHolders = accountManagerStorageHelper.getBrtHolders();
            if (brtHolders.isEmpty() || brtHolders.get(0).name.equalsIgnoreCase(account.name)) {
                return;
            }
            Logger.error(TAG + ":throwIfThereIsAlreadyASignedInAccountInSharedDeviceMode", "There is already a BRT holder. Remove this account and throw an exception.", null);
            BrokerClientApplication.getInstance(context).removeAccountFromBrokerInSharedModeAsync(account, accountManagerStorageHelper, context);
            WebViewUtil.removeCookiesFromWebView(context);
            throw new ClientException(ErrorStrings.BROKER_REQUEST_CANCELLED, "This device is in shared mode and can only be signed in by one account.");
        }
    }

    @Override // com.microsoft.identity.client.BrokerLocalController, com.microsoft.identity.common.internal.controllers.BaseController
    public AcquireTokenResult acquireToken(AcquireTokenOperationParameters acquireTokenOperationParameters) throws InterruptedException, ExecutionException, IOException, ArgumentException, ClientException, ServiceException {
        Logger.info(TAG + ":acquireToken", "Acquiring token for Broker Joined account...");
        if (!(acquireTokenOperationParameters instanceof BrokerAcquireTokenOperationParameters)) {
            throw new ArgumentException(ArgumentException.ACQUIRE_TOKEN_SILENT_OPERATION_NAME, "AcquireTokenOperationParameters", "AcquireTokenOperationParameters not an instance of BrokerAcquireTokenOperationParameters");
        }
        BrokerAcquireTokenOperationParameters brokerAcquireTokenOperationParameters = (BrokerAcquireTokenOperationParameters) acquireTokenOperationParameters;
        logParameters(TAG + ":acquireToken", brokerAcquireTokenOperationParameters);
        brokerAcquireTokenOperationParameters.validate();
        AccountManagerStorageHelper accountManagerStorageHelper = new AccountManagerStorageHelper(brokerAcquireTokenOperationParameters.getAppContext());
        addDefaultScopes(brokerAcquireTokenOperationParameters);
        try {
            String interruptFlowRefreshTokenCredential = getInterruptFlowRefreshTokenCredential(brokerAcquireTokenOperationParameters, accountManagerStorageHelper);
            AcquireTokenResult acquireTokenInterruptFlow = !StringHelper.IsNullOrBlank(interruptFlowRefreshTokenCredential) ? acquireTokenInterruptFlow(brokerAcquireTokenOperationParameters, accountManagerStorageHelper, interruptFlowRefreshTokenCredential) : acquireBRT(brokerAcquireTokenOperationParameters, accountManagerStorageHelper);
            if (!acquireTokenInterruptFlow.getSucceeded().booleanValue()) {
                Logger.warn(TAG + ":acquireToken", "Failed to acquire an updated BRT.");
                return acquireTokenInterruptFlow;
            }
            Account accountForBRTResult = getAccountForBRTResult(acquireTokenInterruptFlow, acquireTokenOperationParameters, accountManagerStorageHelper);
            brokerAcquireTokenOperationParameters.setLoginHint(accountForBRTResult.name);
            throwIfThereIsAlreadyASignedInAccountInSharedDeviceMode(accountForBRTResult, accountManagerStorageHelper, acquireTokenOperationParameters.getAppContext());
            throwIfBRTAccountDoesNotBelongToWpjTenant(accountForBRTResult, accountManagerStorageHelper);
            accountManagerStorageHelper.setBRT(accountForBRTResult, acquireTokenInterruptFlow.getTokenResult().getTokenResponse().getRefreshToken());
            BrokerAcquireTokenSilentOperationParameters brokerAcquireTokenSilentOperationParameters = new BrokerAcquireTokenSilentOperationParameters(brokerAcquireTokenOperationParameters);
            brokerAcquireTokenSilentOperationParameters.setAccountManagerAccount(accountForBRTResult);
            String accountHomeAccountId = new AccountManagerStorageHelper(brokerAcquireTokenOperationParameters.getAppContext()).getAccountHomeAccountId(accountForBRTResult);
            brokerAcquireTokenSilentOperationParameters.setHomeAccountId(accountHomeAccountId);
            brokerAcquireTokenSilentOperationParameters.setLocalAccountId(BrokerOperationParametersUtils.getUIdFromHomeAccountId(accountHomeAccountId));
            return acquireTokenWithPRT(brokerAcquireTokenSilentOperationParameters);
        } catch (TimeoutException e) {
            throw new ServiceException(ErrorStrings.SOCKET_TIMEOUT, e.getMessage(), e);
        }
    }

    @Override // com.microsoft.identity.client.BrokerLocalController, com.microsoft.identity.common.internal.controllers.BaseController
    public AcquireTokenResult acquireTokenSilent(AcquireTokenSilentOperationParameters acquireTokenSilentOperationParameters) throws ClientException, ServiceException, ArgumentException {
        AccountRecord cachedAccountRecord;
        Logger.info(TAG + ":acquireTokenSilent", "Acquiring token silently for Broker Joined account...");
        if (!(acquireTokenSilentOperationParameters instanceof BrokerAcquireTokenSilentOperationParameters)) {
            throw new ArgumentException(ArgumentException.ACQUIRE_TOKEN_SILENT_OPERATION_NAME, "AcquireTokenSilentOperationParameters", "AcquireTokenSilentOperationParameters not an instance of BrokerAcquireTokenSilentOperationParameters");
        }
        BrokerAcquireTokenSilentOperationParameters brokerAcquireTokenSilentOperationParameters = (BrokerAcquireTokenSilentOperationParameters) acquireTokenSilentOperationParameters;
        logParameters(TAG + ":acquireTokenSilent", brokerAcquireTokenSilentOperationParameters);
        brokerAcquireTokenSilentOperationParameters.validate();
        addDefaultScopes(brokerAcquireTokenSilentOperationParameters);
        brokerAcquireTokenSilentOperationParameters.getScopes().removeAll(Arrays.asList("", null));
        BrokerOAuth2TokenCache brokerOAuth2TokenCache = (BrokerOAuth2TokenCache) brokerAcquireTokenSilentOperationParameters.getTokenCache();
        if (!brokerAcquireTokenSilentOperationParameters.getForceRefresh() && brokerAcquireTokenSilentOperationParameters.getAccount() != null && (cachedAccountRecord = getCachedAccountRecord(brokerAcquireTokenSilentOperationParameters)) != null) {
            List<ICacheRecord> loadWithAggregatedAccountData = brokerOAuth2TokenCache.loadWithAggregatedAccountData(brokerAcquireTokenSilentOperationParameters.getClientId(), TextUtils.join(EventPropertyGenerator.whitespaceReplacement, brokerAcquireTokenSilentOperationParameters.getScopes()), cachedAccountRecord);
            ICacheRecord iCacheRecord = loadWithAggregatedAccountData.get(0);
            if (!accessTokenIsNull(iCacheRecord) && !iCacheRecord.getAccessToken().isExpired() && !idTokenIsNull(iCacheRecord, brokerAcquireTokenSilentOperationParameters.getSdkType()) && isRequestAuthorityRealmSameAsATRealm(acquireTokenSilentOperationParameters.getAuthority(), iCacheRecord.getAccessToken())) {
                AcquireTokenResult acquireTokenResult = new AcquireTokenResult();
                acquireTokenResult.setLocalAuthenticationResult(new LocalAuthenticationResult(iCacheRecord, loadWithAggregatedAccountData, brokerAcquireTokenSilentOperationParameters.getSdkType()));
                return acquireTokenResult;
            }
        }
        return acquireTokenWithPRT(brokerAcquireTokenSilentOperationParameters);
    }

    @Override // com.microsoft.identity.client.BrokerLocalController, com.microsoft.identity.common.internal.controllers.BaseController
    public void completeAcquireToken(int i, int i2, Intent intent) {
        super.completeAcquireToken(i, i2, intent);
    }

    public AccessTokenRecord getAccessTokenRecord(MicrosoftStsTokenResponse microsoftStsTokenResponse, OperationParameters operationParameters) {
        AccessTokenRecord accessTokenRecord = new AccessTokenRecord();
        try {
            accessTokenRecord.setHomeAccountId(SchemaUtil.getHomeAccountId(new ClientInfo(microsoftStsTokenResponse.getClientInfo())));
            accessTokenRecord.setRealm(SchemaUtil.getTenantId(microsoftStsTokenResponse.getClientInfo(), microsoftStsTokenResponse.getIdToken()));
        } catch (ServiceException e) {
            Logger.error(TAG + ":getAccessTokenRecord", "ClientInfo construction failed ", e);
        }
        accessTokenRecord.setClientId(operationParameters.getClientId());
        accessTokenRecord.setSecret(microsoftStsTokenResponse.getAccessToken());
        accessTokenRecord.setAccessTokenType(microsoftStsTokenResponse.getTokenType());
        accessTokenRecord.setTarget(TextUtils.join(EventPropertyGenerator.whitespaceReplacement, operationParameters.getScopes()));
        accessTokenRecord.setCredentialType(CredentialType.AccessToken.name());
        setCredentialEnvironment(accessTokenRecord, operationParameters.getAuthority(), microsoftStsTokenResponse);
        if (microsoftStsTokenResponse.getExpiresIn() != null) {
            accessTokenRecord.setExpiresOn(String.valueOf(DateUtilities.getExpiresOn(microsoftStsTokenResponse.getExpiresIn().longValue())));
        }
        if (microsoftStsTokenResponse.getExtExpiresIn() != null) {
            accessTokenRecord.setExtendedExpiresOn(String.valueOf(DateUtilities.getExpiresOn(microsoftStsTokenResponse.getExtExpiresIn().longValue())));
        }
        accessTokenRecord.setCachedAt(String.valueOf(TimeUnit.MILLISECONDS.toSeconds(System.currentTimeMillis())));
        return accessTokenRecord;
    }

    IdTokenRecord getIdTokenRecord(MicrosoftStsTokenResponse microsoftStsTokenResponse, String str, OperationParameters operationParameters) throws ServiceException {
        ClientInfo clientInfo = new ClientInfo(microsoftStsTokenResponse.getClientInfo());
        IdTokenRecord idTokenRecord = new IdTokenRecord();
        idTokenRecord.setHomeAccountId(SchemaUtil.getHomeAccountId(clientInfo));
        idTokenRecord.setRealm(str);
        idTokenRecord.setCredentialType(SchemaUtil.getCredentialTypeFromVersion(microsoftStsTokenResponse.getIdToken()));
        idTokenRecord.setClientId(operationParameters.getClientId());
        idTokenRecord.setSecret(microsoftStsTokenResponse.getIdToken());
        setCredentialEnvironment(idTokenRecord, operationParameters.getAuthority(), microsoftStsTokenResponse);
        return idTokenRecord;
    }
}
