package com.microsoft.aad.adal;

import android.content.Context;
import android.content.Intent;
import android.content.pm.PackageManager;
import android.os.Bundle;
import android.os.Handler;
import android.os.Looper;
import android.os.Process;
import android.text.TextUtils;
import android.util.Log;
import com.microsoft.aad.adal.BrokerProxy;
import com.microsoft.aad.adal.TelemetryUtils;
import com.microsoft.identity.common.adal.internal.AuthenticationConstants;
import com.microsoft.identity.common.java.providers.microsoft.MicrosoftAuthorizationErrorResponse;
import com.microsoft.identity.common.java.providers.microsoft.azureactivedirectory.AzureActiveDirectory;
import com.microsoft.identity.common.java.providers.microsoft.azureactivedirectory.AzureActiveDirectoryCloud;
import com.microsoft.intune.mam.client.content.pm.MAMPackageManagement;
import g3.b;
import java.io.Serializable;
import java.io.UnsupportedEncodingException;
import java.net.MalformedURLException;
import java.net.URL;
import java.net.URLEncoder;
import java.util.Date;
import java.util.UUID;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes3.dex */
public class AcquireTokenRequest {
    private static final long AUTHENTICATOR_LLT_VERSION_CODE = 138;
    private static final long CP_LLT_VERSION_CODE = 2950722;
    private static final String TAG = "AcquireTokenRequest";
    private static final ExecutorService THREAD_EXECUTOR = Executors.newSingleThreadExecutor();
    private static Handler sHandler = null;
    private APIEvent mAPIEvent;
    private final AuthenticationContext mAuthContext;
    private final IBrokerProxy mBrokerProxy;
    private final Context mContext;
    private Discovery mDiscovery;
    private TokenCacheAccessor mTokenCacheAccessor;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes3.dex */
    public static class CallbackHandler {
        private AuthenticationCallback<AuthenticationResult> mCallback;
        private Handler mRefHandler;

        CallbackHandler(Handler handler, AuthenticationCallback<AuthenticationResult> authenticationCallback) {
            this.mRefHandler = handler;
            this.mCallback = authenticationCallback;
        }

        AuthenticationCallback<AuthenticationResult> getCallback() {
            return this.mCallback;
        }

        public void onError(final AuthenticationException authenticationException) {
            AuthenticationCallback<AuthenticationResult> authenticationCallback = this.mCallback;
            if (authenticationCallback != null) {
                Handler handler = this.mRefHandler;
                if (handler != null) {
                    handler.post(new Runnable() { // from class: com.microsoft.aad.adal.AcquireTokenRequest.CallbackHandler.1
                        @Override // java.lang.Runnable
                        public void run() {
                            CallbackHandler.this.mCallback.onError(authenticationException);
                        }
                    });
                } else {
                    authenticationCallback.onError(authenticationException);
                }
            }
        }

        public void onSuccess(final AuthenticationResult authenticationResult) {
            AuthenticationCallback<AuthenticationResult> authenticationCallback = this.mCallback;
            if (authenticationCallback != null) {
                Handler handler = this.mRefHandler;
                if (handler != null) {
                    handler.post(new Runnable() { // from class: com.microsoft.aad.adal.AcquireTokenRequest.CallbackHandler.2
                        @Override // java.lang.Runnable
                        public void run() {
                            CallbackHandler.this.mCallback.onSuccess(authenticationResult);
                        }
                    });
                } else {
                    authenticationCallback.onSuccess(authenticationResult);
                }
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public AcquireTokenRequest(Context context, AuthenticationContext authenticationContext, APIEvent aPIEvent) {
        this.mContext = context;
        this.mAuthContext = authenticationContext;
        this.mDiscovery = new Discovery(context);
        if (authenticationContext.getCache() != null && aPIEvent != null) {
            TokenCacheAccessor tokenCacheAccessor = new TokenCacheAccessor(context.getApplicationContext(), authenticationContext.getCache(), authenticationContext.getAuthority(), aPIEvent.getTelemetryRequestId());
            this.mTokenCacheAccessor = tokenCacheAccessor;
            tokenCacheAccessor.setValidateAuthorityHost(authenticationContext.getValidateAuthority());
        }
        this.mBrokerProxy = new BrokerProxy(context);
        this.mAPIEvent = aPIEvent;
    }

    private void acquireTokenInteractiveFlow(CallbackHandler callbackHandler, IWindowComponent iWindowComponent, boolean z10, AuthenticationRequest authenticationRequest) throws AuthenticationException {
        if (iWindowComponent == null && !z10) {
            throw new AuthenticationException(ADALError.AUTH_REFRESH_FAILED_PROMPT_NOT_ALLOWED, authenticationRequest.getLogInfo() + " Cannot launch webview, activity is null.");
        }
        HttpUtil.throwIfNetworkNotAvailable(this.mContext);
        int hashCode = callbackHandler.getCallback().hashCode();
        authenticationRequest.setRequestId(hashCode);
        this.mAuthContext.putWaitingRequest(hashCode, new AuthenticationRequestState(hashCode, authenticationRequest, callbackHandler.getCallback(), this.mAPIEvent));
        BrokerProxy.SwitchToBroker canSwitchToBroker = this.mBrokerProxy.canSwitchToBroker(authenticationRequest.getAuthority());
        if (canSwitchToBroker == BrokerProxy.SwitchToBroker.CANNOT_SWITCH_TO_BROKER || !this.mBrokerProxy.verifyUser(authenticationRequest.getLoginHint(), authenticationRequest.getUserId())) {
            Logger.v(TAG + ":acquireTokenInteractiveFlow", "Starting Authentication Activity for embedded flow. ", " Callback is: " + callbackHandler.getCallback().hashCode(), null);
            new AcquireTokenInteractiveRequest(this.mContext, authenticationRequest, this.mTokenCacheAccessor).acquireToken(iWindowComponent, z10 ? new AuthenticationDialog(getHandler(), this.mContext, this, authenticationRequest) : null);
            return;
        }
        if (canSwitchToBroker == BrokerProxy.SwitchToBroker.NEED_PERMISSIONS_TO_SWITCH_TO_BROKER) {
            throw new UsageAuthenticationException(ADALError.DEVELOPER_BROKER_PERMISSIONS_MISSING, "Broker related permissions are missing for GET_ACCOUNTS");
        }
        Logger.v(TAG + ":acquireTokenInteractiveFlow", "Launch activity for interactive authentication via broker with callback. ", "" + callbackHandler.getCallback().hashCode(), null);
        new AcquireTokenWithBrokerRequest(authenticationRequest, this.mBrokerProxy).acquireTokenWithBrokerInteractively(iWindowComponent);
    }

    private AuthenticationResult acquireTokenSilentFlow(AuthenticationRequest authenticationRequest) throws AuthenticationException {
        boolean verifyBrokerForSilentRequest = this.mBrokerProxy.verifyBrokerForSilentRequest(authenticationRequest);
        if ((authenticationRequest.getForceRefresh() || authenticationRequest.isClaimsChallengePresent()) && verifyBrokerForSilentRequest) {
            return tryAcquireTokenSilentWithBroker(authenticationRequest);
        }
        AuthenticationResult tryAcquireTokenSilentLocally = tryAcquireTokenSilentLocally(authenticationRequest);
        if (isAccessTokenReturned(tryAcquireTokenSilentLocally)) {
            return tryAcquireTokenSilentLocally;
        }
        if (authenticationRequest.getSamlAssertion() != null && authenticationRequest.getAssertionType() != null) {
            AuthenticationResult tryAcquireTokenSilentWithAssertion = tryAcquireTokenSilentWithAssertion(authenticationRequest);
            if (isAccessTokenReturned(tryAcquireTokenSilentWithAssertion)) {
                Logger.v(TAG + ":acquireTokenSilentFlow", "Access token has been acquired using the saml assertion.");
                return tryAcquireTokenSilentWithAssertion;
            }
            Logger.w(TAG + ":acquireTokenSilentFlow", "Failed to acquire tokens using saml assertion.");
        }
        return verifyBrokerForSilentRequest ? tryAcquireTokenSilentWithBroker(authenticationRequest) : tryAcquireTokenSilentLocally;
    }

    private void addHttpInfoToException(AuthenticationResult authenticationResult, AuthenticationException authenticationException) {
        if (authenticationResult == null || authenticationException == null) {
            return;
        }
        if (authenticationResult.getHttpResponseHeaders() != null) {
            authenticationException.setHttpResponseHeaders(authenticationResult.getHttpResponseHeaders());
        }
        if (authenticationResult.getHttpResponseBody() != null) {
            authenticationException.setHttpResponseBody(authenticationResult.getHttpResponseBody());
        }
        authenticationException.setServiceStatusCode(authenticationResult.getServiceStatusCode());
    }

    private boolean checkIfBrokerHasLltChanges() {
        long j10;
        long j11;
        PackageManager packageManager = this.mContext.getPackageManager();
        long j12 = Long.MAX_VALUE;
        try {
            j10 = b.a(MAMPackageManagement.getPackageInfo(packageManager, AuthenticationConstants.Broker.AZURE_AUTHENTICATOR_APP_PACKAGE_NAME, 0));
        } catch (PackageManager.NameNotFoundException unused) {
            j10 = Long.MAX_VALUE;
        }
        try {
            j12 = b.a(MAMPackageManagement.getPackageInfo(packageManager, "com.microsoft.windowsintune.companyportal", 0));
        } catch (PackageManager.NameNotFoundException unused2) {
        }
        try {
            j11 = b.a(MAMPackageManagement.getPackageInfo(packageManager, AuthenticationConstants.Broker.BROKER_HOST_APP_PACKAGE_NAME, 0));
        } catch (PackageManager.NameNotFoundException unused3) {
            j11 = 2147483647L;
        }
        return j10 >= AUTHENTICATOR_LLT_VERSION_CODE && j12 >= CP_LLT_VERSION_CODE && j11 >= CP_LLT_VERSION_CODE;
    }

    private synchronized Handler getHandler() {
        if (sHandler == null) {
            sHandler = new Handler(Looper.getMainLooper());
        }
        return sHandler;
    }

    private boolean isAccessTokenReturned(AuthenticationResult authenticationResult) {
        return (authenticationResult == null || com.microsoft.identity.common.adal.internal.util.StringExtensions.isNullOrBlank(authenticationResult.getAccessToken())) ? false : true;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void performAcquireTokenRequest(CallbackHandler callbackHandler, IWindowComponent iWindowComponent, boolean z10, AuthenticationRequest authenticationRequest) throws AuthenticationException {
        AuthenticationResult tryAcquireTokenSilent = tryAcquireTokenSilent(authenticationRequest);
        if (isAccessTokenReturned(tryAcquireTokenSilent)) {
            this.mAPIEvent.setWasApiCallSuccessful(true, null);
            this.mAPIEvent.setCorrelationId(authenticationRequest.getCorrelationId().toString());
            this.mAPIEvent.setIdToken(tryAcquireTokenSilent.getIdToken());
            this.mAPIEvent.stopTelemetryAndFlush();
            callbackHandler.onSuccess(tryAcquireTokenSilent);
            return;
        }
        Logger.d(TAG + ":performAcquireTokenRequest", "Trying to acquire token interactively.");
        acquireTokenInteractiveFlow(callbackHandler, iWindowComponent, z10, authenticationRequest);
    }

    private void performAuthorityValidation(AuthenticationRequest authenticationRequest, URL url) throws AuthenticationException {
        Telemetry.getInstance().startEvent(authenticationRequest.getTelemetryRequestId(), "Microsoft.ADAL.authority_validation");
        APIEvent aPIEvent = new APIEvent("Microsoft.ADAL.authority_validation");
        aPIEvent.setCorrelationId(authenticationRequest.getCorrelationId().toString());
        aPIEvent.setRequestId(authenticationRequest.getTelemetryRequestId());
        if (this.mAuthContext.getValidateAuthority()) {
            try {
                try {
                    validateAuthority(url, authenticationRequest.getUpnSuffix(), authenticationRequest.isSilent(), authenticationRequest.getCorrelationId());
                    aPIEvent.setValidationStatus("yes");
                } catch (AuthenticationException e10) {
                    if (e10.getCode() == null || !(e10.getCode().equals(ADALError.DEVICE_CONNECTION_IS_NOT_AVAILABLE) || e10.getCode().equals(ADALError.NO_NETWORK_CONNECTION_POWER_OPTIMIZATION))) {
                        aPIEvent.setValidationStatus("no");
                    } else {
                        aPIEvent.setValidationStatus("not_done");
                    }
                    throw e10;
                }
            } finally {
                Telemetry.getInstance().stopEvent(authenticationRequest.getTelemetryRequestId(), aPIEvent, "Microsoft.ADAL.authority_validation");
            }
        } else {
            if (!UrlExtensions.isADFSAuthority(url) && !AuthorityValidationMetadataCache.containsAuthorityHost(url)) {
                try {
                    this.mDiscovery.validateAuthority(url);
                } catch (AuthenticationException unused) {
                    AuthorityValidationMetadataCache.updateInstanceDiscoveryMap(url.getHost(), new InstanceDiscoveryMetadata(false));
                    AzureActiveDirectory.putCloud(url.getHost(), new AzureActiveDirectoryCloud(false));
                    Logger.v(TAG + ":performAuthorityValidation", "Fail to get authority validation metadata back. Ignore the failure since authority validation is turned off.");
                }
            }
            aPIEvent.setValidationStatus("not_done");
        }
        InstanceDiscoveryMetadata cachedInstanceDiscoveryMetadata = AuthorityValidationMetadataCache.getCachedInstanceDiscoveryMetadata(url);
        if (cachedInstanceDiscoveryMetadata == null || !cachedInstanceDiscoveryMetadata.isValidated()) {
            return;
        }
        updatePreferredNetworkLocation(url, authenticationRequest, cachedInstanceDiscoveryMetadata);
    }

    private void removeTokensForUser(AuthenticationRequest authenticationRequest) throws AuthenticationException {
        if (this.mTokenCacheAccessor == null) {
            return;
        }
        String userId = !com.microsoft.identity.common.adal.internal.util.StringExtensions.isNullOrBlank(authenticationRequest.getUserId()) ? authenticationRequest.getUserId() : authenticationRequest.getLoginHint();
        try {
            TokenCacheItem fRTItem = this.mTokenCacheAccessor.getFRTItem("1", userId);
            if (fRTItem != null) {
                this.mTokenCacheAccessor.removeTokenCacheItem(fRTItem, authenticationRequest.getResource());
            }
            try {
                TokenCacheItem mRRTItem = this.mTokenCacheAccessor.getMRRTItem(authenticationRequest.getClientId(), userId);
                TokenCacheItem regularRefreshTokenCacheItem = this.mTokenCacheAccessor.getRegularRefreshTokenCacheItem(authenticationRequest.getResource(), authenticationRequest.getClientId(), userId);
                if (mRRTItem != null) {
                    this.mTokenCacheAccessor.removeTokenCacheItem(mRRTItem, authenticationRequest.getResource());
                    return;
                }
                if (regularRefreshTokenCacheItem != null) {
                    this.mTokenCacheAccessor.removeTokenCacheItem(regularRefreshTokenCacheItem, authenticationRequest.getResource());
                    return;
                }
                Logger.v(TAG + ":removeTokensForUser", "No token items need to be deleted for the user.");
            } catch (MalformedURLException e10) {
                throw new AuthenticationException(ADALError.DEVELOPER_AUTHORITY_IS_NOT_VALID_URL, e10.getMessage(), e10);
            }
        } catch (MalformedURLException e11) {
            throw new AuthenticationException(ADALError.DEVELOPER_AUTHORITY_IS_NOT_VALID_URL, e11.getMessage(), e11);
        }
    }

    private boolean shouldTrySilentFlow(AuthenticationRequest authenticationRequest) {
        boolean checkIfBrokerHasLltChanges = authenticationRequest.isClaimsChallengePresent() ? checkIfBrokerHasLltChanges() : true;
        if (authenticationRequest.isSilent()) {
            return true;
        }
        return checkIfBrokerHasLltChanges && authenticationRequest.getPrompt() == PromptBehavior.Auto;
    }

    private AuthenticationResult tryAcquireTokenSilent(AuthenticationRequest authenticationRequest) throws AuthenticationException {
        String str;
        if (!shouldTrySilentFlow(authenticationRequest)) {
            return null;
        }
        StringBuilder sb2 = new StringBuilder();
        String str2 = TAG;
        sb2.append(str2);
        sb2.append(":tryAcquireTokenSilent");
        Logger.v(sb2.toString(), "Try to acquire token silently, return valid AT or use RT in the cache.");
        AuthenticationResult acquireTokenSilentFlow = acquireTokenSilentFlow(authenticationRequest);
        boolean isAccessTokenReturned = isAccessTokenReturned(acquireTokenSilentFlow);
        if (isAccessTokenReturned || !authenticationRequest.isSilent()) {
            if (!isAccessTokenReturned) {
                return acquireTokenSilentFlow;
            }
            Logger.v(str2 + ":tryAcquireTokenSilent", "Token is successfully returned from silent flow. ");
            return acquireTokenSilentFlow;
        }
        if (acquireTokenSilentFlow == null) {
            str = "No result returned from acquireTokenSilent";
        } else {
            str = " ErrorCode:" + acquireTokenSilentFlow.getErrorCode();
        }
        String logInfo = authenticationRequest.getLogInfo();
        ADALError aDALError = ADALError.AUTH_REFRESH_FAILED_PROMPT_NOT_ALLOWED;
        Logger.e(str2 + ":tryAcquireTokenSilent", "Prompt is not allowed and failed to get token. " + str, logInfo, aDALError);
        AuthenticationException authenticationException = new AuthenticationException(aDALError, authenticationRequest.getLogInfo() + " " + str);
        addHttpInfoToException(acquireTokenSilentFlow, authenticationException);
        throw authenticationException;
    }

    private AuthenticationResult tryAcquireTokenSilentLocally(AuthenticationRequest authenticationRequest) throws AuthenticationException {
        Logger.v(TAG + ":tryAcquireTokenSilentLocally", "Try to silently get token from local cache.");
        return new AcquireTokenSilentHandler(this.mContext, authenticationRequest, this.mTokenCacheAccessor).getAccessToken();
    }

    private AuthenticationResult tryAcquireTokenSilentWithAssertion(AuthenticationRequest authenticationRequest) throws AuthenticationException {
        Logger.v(TAG + ":tryAcquireTokenSilentWithAssertion", "Try to silently get token using SAML Assertion.");
        return new AcquireTokenSilentHandler(this.mContext, authenticationRequest, this.mTokenCacheAccessor).getAccessTokenUsingAssertion();
    }

    private AuthenticationResult tryAcquireTokenSilentWithBroker(AuthenticationRequest authenticationRequest) throws AuthenticationException {
        Logger.d(TAG + ":tryAcquireTokenSilentWithBroker", "Either could not get tokens from local cache or is force refresh request, switch to Broker for auth, clear tokens from local cache for the user.");
        removeTokensForUser(authenticationRequest);
        return new AcquireTokenWithBrokerRequest(authenticationRequest, this.mBrokerProxy).acquireTokenWithBrokerSilent();
    }

    private void updatePreferredNetworkLocation(URL url, AuthenticationRequest authenticationRequest, InstanceDiscoveryMetadata instanceDiscoveryMetadata) throws AuthenticationException {
        if (instanceDiscoveryMetadata == null || !instanceDiscoveryMetadata.isValidated() || instanceDiscoveryMetadata.getPreferredNetwork() == null || url.getHost().equalsIgnoreCase(instanceDiscoveryMetadata.getPreferredNetwork())) {
            return;
        }
        try {
            authenticationRequest.setAuthority(Discovery.constructAuthorityUrl(url, instanceDiscoveryMetadata.getPreferredNetwork()).toString());
        } catch (MalformedURLException unused) {
            Logger.i(TAG, "preferred network is invalid", "use exactly the same authority url that is passed");
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void validateAcquireTokenRequest(AuthenticationRequest authenticationRequest) throws AuthenticationException {
        URL url = com.microsoft.identity.common.adal.internal.util.StringExtensions.getUrl(authenticationRequest.getAuthority());
        if (url == null) {
            throw new AuthenticationException(ADALError.DEVELOPER_AUTHORITY_IS_NOT_VALID_URL);
        }
        performAuthorityValidation(authenticationRequest, url);
        BrokerProxy.SwitchToBroker canSwitchToBroker = this.mBrokerProxy.canSwitchToBroker(authenticationRequest.getAuthority());
        if (canSwitchToBroker == BrokerProxy.SwitchToBroker.CANNOT_SWITCH_TO_BROKER || !this.mBrokerProxy.verifyUser(authenticationRequest.getLoginHint(), authenticationRequest.getUserId()) || authenticationRequest.isSilent()) {
            return;
        }
        if (canSwitchToBroker == BrokerProxy.SwitchToBroker.NEED_PERMISSIONS_TO_SWITCH_TO_BROKER) {
            throw new UsageAuthenticationException(ADALError.DEVELOPER_BROKER_PERMISSIONS_MISSING, "Broker related permissions are missing for GET_ACCOUNTS.");
        }
        verifyBrokerRedirectUri(authenticationRequest);
    }

    private void validateAuthority(URL url, String str, boolean z10, UUID uuid) throws AuthenticationException {
        boolean isADFSAuthority = UrlExtensions.isADFSAuthority(url);
        if (AuthorityValidationMetadataCache.isAuthorityValidated(url)) {
            return;
        }
        if (isADFSAuthority && this.mAuthContext.getIsAuthorityValidated()) {
            return;
        }
        StringBuilder sb2 = new StringBuilder();
        String str2 = TAG;
        sb2.append(str2);
        sb2.append(":validateAuthority");
        Logger.v(sb2.toString(), "Start validating authority");
        this.mDiscovery.setCorrelationId(uuid);
        Discovery.verifyAuthorityValidInstance(url);
        if (z10 || !isADFSAuthority || str == null) {
            if (z10 && UrlExtensions.isADFSAuthority(url)) {
                Logger.v(str2 + ":validateAuthority", "Silent request. Skipping AD FS authority validation");
            }
            this.mDiscovery.validateAuthority(url);
        } else {
            this.mDiscovery.validateAuthorityADFS(url, str);
        }
        Logger.v(str2 + ":validateAuthority", "The passed in authority is valid.");
        this.mAuthContext.setIsAuthorityValidated(true);
    }

    private void verifyBrokerRedirectUri(AuthenticationRequest authenticationRequest) throws UsageAuthenticationException {
        String redirectUri = authenticationRequest.getRedirectUri();
        String redirectUriForBroker = this.mAuthContext.getRedirectUriForBroker();
        if (com.microsoft.identity.common.adal.internal.util.StringExtensions.isNullOrBlank(redirectUri)) {
            String str = TAG + ":verifyBrokerRedirectUri";
            String str2 = "The redirect uri is expected to be:" + redirectUriForBroker;
            ADALError aDALError = ADALError.DEVELOPER_REDIRECTURI_INVALID;
            Logger.e(str, "The redirectUri is null or blank. ", str2, aDALError);
            throw new UsageAuthenticationException(aDALError, "The redirectUri is null or blank.");
        }
        if (redirectUri.equalsIgnoreCase("urn:ietf:wg:oauth:2.0:oob")) {
            com.microsoft.identity.common.internal.logging.Logger.info(TAG + ":verifyBrokerRedirectUri", "This is a broker redirectUri. Bypass the check.");
            return;
        }
        if (!redirectUri.startsWith("msauth://")) {
            String str3 = " The valid broker redirect URI prefix: msauth so the redirect uri is expected to be: " + redirectUriForBroker;
            String str4 = TAG + ":verifyBrokerRedirectUri";
            ADALError aDALError2 = ADALError.DEVELOPER_REDIRECTURI_INVALID;
            Logger.e(str4, "The prefix of the redirect uri does not match the expected value. ", str3, aDALError2);
            throw new UsageAuthenticationException(aDALError2, "The prefix of the redirect uri does not match the expected value.");
        }
        PackageHelper packageHelper = new PackageHelper(this.mContext);
        try {
            String encode = URLEncoder.encode(this.mContext.getPackageName(), "UTF-8");
            String encode2 = URLEncoder.encode(packageHelper.getSha1SignatureForPackage(this.mContext.getPackageName()), "UTF-8");
            if (!redirectUri.startsWith("msauth://" + encode + "/")) {
                String str5 = "This apps package name is: " + encode + " so the redirect uri is expected to be: " + redirectUriForBroker;
                String str6 = TAG + ":verifyBrokerRedirectUri";
                ADALError aDALError3 = ADALError.DEVELOPER_REDIRECTURI_INVALID;
                Logger.e(str6, "The base64 url encoded package name component of the redirect uri does not match the expected value. ", str5, aDALError3);
                throw new UsageAuthenticationException(aDALError3, "The base64 url encoded package name component of the redirect uri does not match the expected value. ");
            }
            if (redirectUri.equalsIgnoreCase(redirectUriForBroker)) {
                Logger.v(TAG + ":verifyBrokerRedirectUri", "The broker redirect URI is valid.");
                return;
            }
            String str7 = "This apps signature is: " + encode2 + " so the redirect uri is expected to be: " + redirectUriForBroker;
            String str8 = TAG + ":verifyBrokerRedirectUri";
            ADALError aDALError4 = ADALError.DEVELOPER_REDIRECTURI_INVALID;
            Logger.e(str8, "The base64 url encoded signature component of the redirect uri does not match the expected value. ", str7, aDALError4);
            throw new UsageAuthenticationException(aDALError4, "The base64 url encoded signature component of the redirect uri does not match the expected value.");
        } catch (UnsupportedEncodingException e10) {
            String str9 = TAG + ":verifyBrokerRedirectUri";
            ADALError aDALError5 = ADALError.ENCODING_IS_NOT_SUPPORTED;
            Logger.e(str9, aDALError5.getDescription(), e10.getMessage(), aDALError5, e10);
            throw new UsageAuthenticationException(aDALError5, "The verifying BrokerRedirectUri process failed because the base64 url encoding is not supported.", e10);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void waitingRequestOnError(CallbackHandler callbackHandler, AuthenticationRequestState authenticationRequestState, int i10, AuthenticationException authenticationException) {
        if (authenticationRequestState != null) {
            try {
                if (authenticationRequestState.getDelegate() != null) {
                    Logger.v(TAG + ":waitingRequestOnError", "Sending error to callback" + this.mAuthContext.getCorrelationInfoFromWaitingRequest(authenticationRequestState));
                    authenticationRequestState.getAPIEvent().setWasApiCallSuccessful(false, authenticationException);
                    authenticationRequestState.getAPIEvent().setCorrelationId(authenticationRequestState.getRequest().getCorrelationId().toString());
                    authenticationRequestState.getAPIEvent().stopTelemetryAndFlush();
                    if (callbackHandler != null) {
                        callbackHandler.onError(authenticationException);
                    } else {
                        authenticationRequestState.getDelegate().onError(authenticationException);
                    }
                }
            } finally {
                if (authenticationException != null) {
                    this.mAuthContext.removeWaitingRequest(i10);
                }
            }
        }
    }

    private void waitingRequestOnError(AuthenticationRequestState authenticationRequestState, int i10, AuthenticationException authenticationException) {
        waitingRequestOnError(null, authenticationRequestState, i10, authenticationException);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void acquireToken(final IWindowComponent iWindowComponent, final boolean z10, final AuthenticationRequest authenticationRequest, AuthenticationCallback<AuthenticationResult> authenticationCallback) {
        final CallbackHandler callbackHandler = new CallbackHandler(getHandler(), authenticationCallback);
        Logger.setCorrelationId(authenticationRequest.getCorrelationId());
        Logger.v(TAG + ":acquireToken", "Sending async task from thread:" + Process.myTid());
        THREAD_EXECUTOR.execute(new Runnable() { // from class: com.microsoft.aad.adal.AcquireTokenRequest.1
            @Override // java.lang.Runnable
            public void run() {
                Logger.setCorrelationId(authenticationRequest.getCorrelationId());
                Logger.v(AcquireTokenRequest.TAG + ":acquireToken", "Running task in thread:" + Process.myTid());
                try {
                    AcquireTokenRequest.this.validateAcquireTokenRequest(authenticationRequest);
                    AcquireTokenRequest.this.performAcquireTokenRequest(callbackHandler, iWindowComponent, z10, authenticationRequest);
                } catch (AuthenticationException e10) {
                    AcquireTokenRequest.this.mAPIEvent.setSpeRing(e10.getSpeRing());
                    AcquireTokenRequest.this.mAPIEvent.setRefreshTokenAge(e10.getRefreshTokenAge());
                    AcquireTokenRequest.this.mAPIEvent.setServerErrorCode(e10.getCliTelemErrorCode());
                    AcquireTokenRequest.this.mAPIEvent.setServerSubErrorCode(e10.getCliTelemSubErrorCode());
                    AcquireTokenRequest.this.mAPIEvent.setWasApiCallSuccessful(false, e10);
                    AcquireTokenRequest.this.mAPIEvent.setCorrelationId(authenticationRequest.getCorrelationId().toString());
                    AcquireTokenRequest.this.mAPIEvent.stopTelemetryAndFlush();
                    callbackHandler.onError(e10);
                }
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void onActivityResult(int i10, int i11, Intent intent) {
        if (i10 == 1001) {
            getHandler();
            if (intent == null || intent.getExtras() == null) {
                Logger.e(TAG + ":onActivityResult", "BROWSER_FLOW data is null.", "", ADALError.ON_ACTIVITY_RESULT_INTENT_NULL);
                return;
            }
            Bundle extras = intent.getExtras();
            final int i12 = extras.getInt("com.microsoft.aad.adal:RequestId");
            try {
                final AuthenticationRequestState waitingRequest = this.mAuthContext.getWaitingRequest(i12);
                this.mAuthContext.removeWaitingRequest(i12);
                StringBuilder sb2 = new StringBuilder();
                String str = TAG;
                sb2.append(str);
                sb2.append(":onActivityResult");
                Logger.v(sb2.toString(), "Waiting request found. RequestId:" + i12);
                String correlationInfoFromWaitingRequest = this.mAuthContext.getCorrelationInfoFromWaitingRequest(waitingRequest);
                if (i11 == 2004) {
                    String stringExtra = intent.getStringExtra("account.access.token");
                    this.mBrokerProxy.saveAccount(intent.getStringExtra("account.name"));
                    Date date = new Date(intent.getLongExtra("account.expiredate", 0L));
                    String stringExtra2 = intent.getStringExtra("account.idtoken");
                    String stringExtra3 = intent.getStringExtra("account.userinfo.tenantid");
                    UserInfo userInfoFromBrokerResult = UserInfo.getUserInfoFromBrokerResult(intent.getExtras());
                    String stringExtra4 = intent.getStringExtra("cliteleminfo.server_error");
                    String stringExtra5 = intent.getStringExtra("cliteleminfo.server_suberror");
                    String stringExtra6 = intent.getStringExtra("cliteleminfo.rt_age");
                    String stringExtra7 = intent.getStringExtra("cliteleminfo.spe_ring");
                    AuthenticationRequest request = waitingRequest.getRequest();
                    AuthenticationResult authenticationResult = new AuthenticationResult(stringExtra, null, date, false, userInfoFromBrokerResult, stringExtra3, stringExtra2, null, request != null ? request.getClientId() : null);
                    authenticationResult.setAuthority(intent.getStringExtra("account.authority"));
                    TelemetryUtils.CliTelemInfo cliTelemInfo = new TelemetryUtils.CliTelemInfo();
                    cliTelemInfo._setServerErrorCode(stringExtra4);
                    cliTelemInfo._setServerSubErrorCode(stringExtra5);
                    cliTelemInfo._setRefreshTokenAge(stringExtra6);
                    cliTelemInfo._setSpeRing(stringExtra7);
                    authenticationResult.setCliTelemInfo(cliTelemInfo);
                    if (authenticationResult.getAccessToken() != null) {
                        waitingRequest.getAPIEvent().setWasApiCallSuccessful(true, null);
                        waitingRequest.getAPIEvent().setCorrelationId(waitingRequest.getRequest().getCorrelationId().toString());
                        waitingRequest.getAPIEvent().setIdToken(authenticationResult.getIdToken());
                        waitingRequest.getAPIEvent().setServerErrorCode(cliTelemInfo.getServerErrorCode());
                        waitingRequest.getAPIEvent().setServerSubErrorCode(cliTelemInfo.getServerSubErrorCode());
                        waitingRequest.getAPIEvent().setRefreshTokenAge(cliTelemInfo.getRefreshTokenAge());
                        waitingRequest.getAPIEvent().setSpeRing(cliTelemInfo.getSpeRing());
                        waitingRequest.getAPIEvent().stopTelemetryAndFlush();
                        waitingRequest.getDelegate().onSuccess(authenticationResult);
                        return;
                    }
                    return;
                }
                if (i11 == 2001) {
                    Logger.v(str + ":onActivityResult", "User cancelled the flow. RequestId:" + i12 + " " + correlationInfoFromWaitingRequest);
                    StringBuilder sb3 = new StringBuilder();
                    sb3.append("User cancelled the flow RequestId:");
                    sb3.append(i12);
                    sb3.append(correlationInfoFromWaitingRequest);
                    waitingRequestOnError(waitingRequest, i12, new AuthenticationCancelError(sb3.toString()));
                    return;
                }
                if (i11 == 2006) {
                    Logger.v(str + ":onActivityResult", "Device needs to have broker installed, we expect the apps to call usback when the broker is installed");
                    waitingRequestOnError(waitingRequest, i12, new AuthenticationException(ADALError.BROKER_APP_INSTALLATION_STARTED));
                    return;
                }
                if (i11 == 2009) {
                    Logger.v(str + ":onActivityResult", "Device needs to be managed, we expect the apps to call usback when the device is managed");
                    waitingRequestOnError(waitingRequest, i12, new AuthenticationException(ADALError.MDM_REQUIRED));
                    return;
                }
                if (i11 == 2005) {
                    Serializable serializable = extras.getSerializable("com.microsoft.aad.adal:AuthenticationException");
                    if (serializable == null || !(serializable instanceof AuthenticationException)) {
                        waitingRequestOnError(waitingRequest, i12, new AuthenticationException(ADALError.WEBVIEW_RETURNED_INVALID_AUTHENTICATION_EXCEPTION, correlationInfoFromWaitingRequest));
                        return;
                    }
                    AuthenticationException authenticationException = (AuthenticationException) serializable;
                    Logger.w(str + ":onActivityResult", "Webview returned exception.", authenticationException.getMessage(), ADALError.WEBVIEW_RETURNED_AUTHENTICATION_EXCEPTION);
                    waitingRequestOnError(waitingRequest, i12, authenticationException);
                    return;
                }
                if (i11 != 2002) {
                    if (i11 == 2003) {
                        AuthenticationRequest authenticationRequest = (AuthenticationRequest) extras.getSerializable("com.microsoft.aad.adal:BrowserRequestInfo");
                        final String string = extras.getString("com.microsoft.aad.adal:BrowserFinalUrl", "");
                        if (!string.isEmpty()) {
                            final CallbackHandler callbackHandler = new CallbackHandler(getHandler(), waitingRequest.getDelegate());
                            THREAD_EXECUTOR.execute(new Runnable() { // from class: com.microsoft.aad.adal.AcquireTokenRequest.3
                                @Override // java.lang.Runnable
                                public void run() {
                                    try {
                                        AuthenticationResult acquireTokenWithAuthCode = new AcquireTokenInteractiveRequest(AcquireTokenRequest.this.mContext, waitingRequest.getRequest(), AcquireTokenRequest.this.mTokenCacheAccessor).acquireTokenWithAuthCode(string);
                                        waitingRequest.getAPIEvent().setWasApiCallSuccessful(true, null);
                                        waitingRequest.getAPIEvent().setCorrelationId(waitingRequest.getRequest().getCorrelationId().toString());
                                        waitingRequest.getAPIEvent().setIdToken(acquireTokenWithAuthCode.getIdToken());
                                        waitingRequest.getAPIEvent().stopTelemetryAndFlush();
                                        if (waitingRequest.getDelegate() != null) {
                                            Logger.v(AcquireTokenRequest.TAG + ":onActivityResult", "Sending result to callback. ", waitingRequest.getRequest().getLogInfo(), null);
                                            callbackHandler.onSuccess(acquireTokenWithAuthCode);
                                        }
                                    } catch (AuthenticationException e10) {
                                        StringBuilder sb4 = new StringBuilder(e10.getMessage());
                                        if (e10.getCause() != null) {
                                            sb4.append(e10.getCause().getMessage());
                                        }
                                        String str2 = AcquireTokenRequest.TAG + ":onActivityResult";
                                        Logger.e(str2, (e10.getCode() == null ? ADALError.AUTHORIZATION_CODE_NOT_EXCHANGED_FOR_TOKEN : e10.getCode()).getDescription(), sb4.toString() + ' ' + ExceptionExtensions.getExceptionMessage(e10) + ' ' + Log.getStackTraceString(e10), ADALError.AUTHORIZATION_CODE_NOT_EXCHANGED_FOR_TOKEN, null);
                                        AcquireTokenRequest.this.waitingRequestOnError(callbackHandler, waitingRequest, i12, e10);
                                    }
                                }
                            });
                            return;
                        }
                        StringBuilder sb4 = new StringBuilder("Webview did not reach the redirectUrl. ");
                        if (authenticationRequest != null) {
                            sb4.append(authenticationRequest.getLogInfo());
                        }
                        sb4.append(correlationInfoFromWaitingRequest);
                        AuthenticationException authenticationException2 = new AuthenticationException(ADALError.WEBVIEW_RETURNED_EMPTY_REDIRECT_URL, sb4.toString());
                        Logger.e(str + ":onActivityResult", "", authenticationException2.getMessage(), authenticationException2.getCode());
                        waitingRequestOnError(waitingRequest, i12, authenticationException2);
                        return;
                    }
                    return;
                }
                String string2 = extras.getString("com.microsoft.aad.adal:BrowserErrorCode");
                String string3 = extras.getString("com.microsoft.aad.adal:BrowserErrorMessage");
                Logger.v(str + ":onActivityResult", "Error info:" + string2 + " for requestId: " + i12 + " " + correlationInfoFromWaitingRequest, string3, null);
                String format = String.format("%s %s %s", string2, string3, correlationInfoFromWaitingRequest);
                if (!com.microsoft.identity.common.adal.internal.util.StringExtensions.isNullOrBlank(string2) && ADALError.AUTH_FAILED_INTUNE_POLICY_REQUIRED.name().compareTo(string2) == 0) {
                    waitingRequestOnError(waitingRequest, i12, new IntuneAppProtectionPolicyRequiredException(format, extras.getString("account.name"), extras.getString("account.userinfo.userid"), extras.getString("account.userinfo.tenantid"), extras.getString("account.authority")));
                    return;
                }
                if (!MicrosoftAuthorizationErrorResponse.DEVICE_NEEDS_TO_BE_MANAGED.equalsIgnoreCase(string2)) {
                    waitingRequestOnError(waitingRequest, i12, new AuthenticationException(ADALError.SERVER_INVALID_REQUEST, format));
                    return;
                }
                Logger.v(str + ":onActivityResult", "Device needs to be managed, we expect the apps to call usback when the device is managed");
                waitingRequestOnError(waitingRequest, i12, new AuthenticationException(ADALError.MDM_REQUIRED));
            } catch (AuthenticationException unused) {
                Logger.e(TAG + ":onActivityResult", "Failed to find waiting request. RequestId:" + i12, "", ADALError.ON_ACTIVITY_RESULT_INTENT_NULL);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void refreshTokenWithoutCache(final String str, final AuthenticationRequest authenticationRequest, AuthenticationCallback<AuthenticationResult> authenticationCallback) {
        Logger.setCorrelationId(authenticationRequest.getCorrelationId());
        Logger.v(TAG + ":refreshTokenWithoutCache", "Refresh token without cache");
        final CallbackHandler callbackHandler = new CallbackHandler(getHandler(), authenticationCallback);
        THREAD_EXECUTOR.execute(new Runnable() { // from class: com.microsoft.aad.adal.AcquireTokenRequest.2
            @Override // java.lang.Runnable
            public void run() {
                AuthenticationResult acquireTokenWithRefreshToken;
                String format;
                try {
                    try {
                        AcquireTokenRequest.this.validateAcquireTokenRequest(authenticationRequest);
                        acquireTokenWithRefreshToken = new AcquireTokenSilentHandler(AcquireTokenRequest.this.mContext, authenticationRequest, AcquireTokenRequest.this.mTokenCacheAccessor).acquireTokenWithRefreshToken(str);
                        format = String.format(" CorrelationId: %s", authenticationRequest.getCorrelationId().toString());
                    } catch (AuthenticationException e10) {
                        AcquireTokenRequest.this.mAPIEvent.setWasApiCallSuccessful(false, e10);
                        callbackHandler.onError(e10);
                    }
                    if (acquireTokenWithRefreshToken == null) {
                        String str2 = AcquireTokenRequest.TAG + ":refreshTokenWithoutCache";
                        String str3 = "Returned result with exchanging refresh token for access token is null" + format;
                        ADALError aDALError = ADALError.AUTH_REFRESH_FAILED;
                        Logger.e(str2, str3, "", aDALError);
                        throw new AuthenticationException(aDALError, "No result received from refresh token request.");
                    }
                    if (!com.microsoft.identity.common.adal.internal.util.StringExtensions.isNullOrBlank(acquireTokenWithRefreshToken.getErrorCode())) {
                        String str4 = AcquireTokenRequest.TAG + ":refreshTokenWithoutCache";
                        String str5 = " ErrorCode:" + acquireTokenWithRefreshToken.getErrorCode();
                        String str6 = " ErrorDescription:" + acquireTokenWithRefreshToken.getErrorDescription();
                        ADALError aDALError2 = ADALError.AUTH_REFRESH_FAILED;
                        Logger.e(str4, str5, str6, aDALError2);
                        throw new AuthenticationException(aDALError2, " ErrorCode:" + acquireTokenWithRefreshToken.getErrorCode());
                    }
                    if (com.microsoft.identity.common.adal.internal.util.StringExtensions.isNullOrBlank(acquireTokenWithRefreshToken.getAccessToken())) {
                        String str7 = AcquireTokenRequest.TAG + ":refreshTokenWithoutCache";
                        ADALError aDALError3 = ADALError.AUTH_FAILED_NO_TOKEN;
                        Logger.e(str7, "Access Token not returned from server", "", aDALError3);
                        throw new AuthenticationException(aDALError3, " Access Token not returned from server ");
                    }
                    String idToken = acquireTokenWithRefreshToken.getIdToken();
                    if (!TextUtils.isEmpty(idToken) && !TextUtils.isEmpty(authenticationRequest.getResource())) {
                        IdToken idToken2 = new IdToken(idToken);
                        UserInfo userInfo = new UserInfo(idToken2);
                        TokenCacheItem tokenCacheItem = new TokenCacheItem();
                        tokenCacheItem.setRawIdToken(idToken);
                        tokenCacheItem.setUserInfo(userInfo);
                        tokenCacheItem.setTenantId(idToken2.getTenantId());
                        AcquireTokenRequest.this.mTokenCacheAccessor.updateCachedItemWithResult(authenticationRequest, acquireTokenWithRefreshToken, tokenCacheItem);
                    }
                    AcquireTokenRequest.this.mAPIEvent.setWasApiCallSuccessful(true, null);
                    AcquireTokenRequest.this.mAPIEvent.setIdToken(acquireTokenWithRefreshToken.getIdToken());
                    callbackHandler.onSuccess(acquireTokenWithRefreshToken);
                } finally {
                    AcquireTokenRequest.this.mAPIEvent.setCorrelationId(authenticationRequest.getCorrelationId().toString());
                    AcquireTokenRequest.this.mAPIEvent.stopTelemetryAndFlush();
                }
            }
        });
    }
}
