package com.microsoft.identity.client.internal.controllers;

import android.accounts.Account;
import android.accounts.AccountManager;
import android.accounts.AccountManagerCallback;
import android.accounts.AccountManagerFuture;
import android.accounts.AuthenticatorException;
import android.accounts.OperationCanceledException;
import android.annotation.SuppressLint;
import android.content.Context;
import android.content.Intent;
import android.os.Binder;
import android.os.Build;
import android.os.Bundle;
import android.os.Handler;
import android.os.Looper;
import android.os.RemoteException;
import android.support.annotation.NonNull;
import android.support.annotation.WorkerThread;
import com.google.gson.Gson;
import com.microsoft.identity.common.exception.BaseException;
import com.microsoft.identity.common.exception.ClientException;
import com.microsoft.identity.common.exception.ServiceException;
import com.microsoft.identity.common.internal.broker.BrokerRequest;
import com.microsoft.identity.common.internal.broker.BrokerResult;
import com.microsoft.identity.common.internal.broker.BrokerResultFuture;
import com.microsoft.identity.common.internal.broker.MicrosoftAuthClient;
import com.microsoft.identity.common.internal.cache.MsalOAuth2TokenCache;
import com.microsoft.identity.common.internal.controllers.BaseController;
import com.microsoft.identity.common.internal.dto.AccountRecord;
import com.microsoft.identity.common.internal.dto.IAccountRecord;
import com.microsoft.identity.common.internal.logging.Logger;
import com.microsoft.identity.common.internal.providers.microsoft.MicrosoftRefreshToken;
import com.microsoft.identity.common.internal.providers.microsoft.azureactivedirectory.ClientInfo;
import com.microsoft.identity.common.internal.providers.microsoft.microsoftsts.MicrosoftStsAccount;
import com.microsoft.identity.common.internal.providers.oauth2.IDToken;
import com.microsoft.identity.common.internal.request.AcquireTokenOperationParameters;
import com.microsoft.identity.common.internal.request.AcquireTokenSilentOperationParameters;
import com.microsoft.identity.common.internal.request.MsalBrokerRequestAdapter;
import com.microsoft.identity.common.internal.request.OperationParameters;
import com.microsoft.identity.common.internal.result.AcquireTokenResult;
import com.microsoft.identity.common.internal.result.MsalBrokerResultAdapter;
import com.microsoft.skype.teams.Manifest;
import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.ArrayList;
import java.util.List;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;

/* loaded from: classes2.dex */
public class BrokerMsalController extends BaseController {
    private static final String TAG = "BrokerMsalController";
    private static final ExecutorService sBackgroundExecutor = Executors.newCachedThreadPool();
    private BrokerResultFuture mBrokerResultFuture;

    @SuppressLint({"MissingPermission"})
    private AcquireTokenResult acquireTokenSilentWithAccountManager(AcquireTokenSilentOperationParameters acquireTokenSilentOperationParameters) throws BaseException {
        Bundle result;
        if (acquireTokenSilentOperationParameters.getAccount() != null) {
            try {
                AccountManagerFuture<Bundle> authToken = AccountManager.get(acquireTokenSilentOperationParameters.getAppContext()).getAuthToken(getTargetAccount(acquireTokenSilentOperationParameters.getAppContext(), acquireTokenSilentOperationParameters.getAccount()), "adal.authtoken.type", getSilentBrokerRequestBundle(acquireTokenSilentOperationParameters), false, (AccountManagerCallback<Bundle>) null, getPreferredHandler());
                Logger.verbose(TAG + ":acquireTokenSilentWithAccountManager", "Received result from broker");
                result = authToken.getResult();
            } catch (AuthenticatorException e) {
                Logger.error(TAG + ":acquireTokenSilentWithAccountManager", "Broker request cancelled", "AuthenticatorException thrown when talking to account manager. The broker request cancelled.", e);
                throw new ClientException("Broker request cancelled", "AuthenticatorException thrown when talking to account manager. The broker request cancelled.", e);
            } catch (OperationCanceledException e2) {
                Logger.error(TAG + ":acquireTokenSilentWithAccountManager", "Broker request cancelled", "Exception thrown when talking to account manager. The broker request cancelled.", e2);
                throw new ClientException("Broker request cancelled", "OperationCanceledException thrown when talking to account manager. The broker request cancelled.", e2);
            } catch (IOException e3) {
                Logger.error(TAG + ":acquireTokenSilentWithAccountManager", "Broker request cancelled", "IOException thrown when talking to account manager. The broker request cancelled.", e3);
                throw new ClientException("Broker request cancelled", "IOException thrown when talking to account manager. The broker request cancelled.", e3);
            }
        } else {
            result = null;
        }
        return getAcquireTokenResult(result);
    }

    private AcquireTokenResult acquireTokenSilentWithAuthService(AcquireTokenSilentOperationParameters acquireTokenSilentOperationParameters) throws BaseException {
        MicrosoftAuthClient microsoftAuthClient = new MicrosoftAuthClient(acquireTokenSilentOperationParameters.getAppContext());
        try {
            try {
                try {
                    return getAcquireTokenResult(microsoftAuthClient.connect().get().acquireTokenSilently(getSilentBrokerRequestBundle(acquireTokenSilentOperationParameters)));
                } catch (RemoteException e) {
                    throw new ClientException("Failed to bind the service in broker app", "Exception occurred while attempting to invoke remote service", e);
                }
            } finally {
                microsoftAuthClient.disconnect();
            }
        } catch (Exception e2) {
            throw new RuntimeException("Exception occurred while awaiting (get) return of MicrosoftAuthService", e2);
        }
    }

    private AccountRecord getAccountRecordFromUserInfo(@NonNull Bundle bundle) {
        if (bundle == null) {
            return null;
        }
        AccountRecord accountRecord = new AccountRecord();
        accountRecord.setHomeAccountId(bundle.getString("account.userinfo.userid"));
        accountRecord.setUsername(bundle.getString("authAccount"));
        accountRecord.setFirstName(bundle.getString("account.userinfo.given.name"));
        accountRecord.setFamilyName(bundle.getString("account.userinfo.family.name"));
        accountRecord.setName(bundle.getString("account.userinfo.userid.displayable"));
        try {
            accountRecord.setEnvironment(new URL(bundle.getString("account.userinfo.identity.provider")).getHost());
        } catch (MalformedURLException e) {
            Logger.error(TAG, "The user info identity provider is malformed.", e);
        }
        accountRecord.setRealm(bundle.getString("account.userinfo.tenantid"));
        return accountRecord;
    }

    private AcquireTokenResult getAcquireTokenResult(@NonNull Bundle bundle) throws BaseException {
        MsalBrokerResultAdapter msalBrokerResultAdapter = new MsalBrokerResultAdapter();
        if (!bundle.getBoolean("broker_request_v2_success")) {
            Logger.warn(TAG, "Exception returned from broker, retrieving exception details ");
            throw msalBrokerResultAdapter.baseExceptionFromBundle(bundle);
        }
        Logger.verbose(TAG, "Successful result from the broker ");
        AcquireTokenResult acquireTokenResult = new AcquireTokenResult();
        acquireTokenResult.setLocalAuthenticationResult(msalBrokerResultAdapter.authenticationResultFromBundle(bundle));
        return acquireTokenResult;
    }

    @WorkerThread
    @SuppressLint({"MissingPermission"})
    private List<AccountRecord> getBrokerAccountsFromAccountManager(@NonNull OperationParameters operationParameters) throws OperationCanceledException, IOException, AuthenticatorException {
        Account[] accountsByType = AccountManager.get(operationParameters.getAppContext()).getAccountsByType("com.microsoft.workaccount");
        ArrayList arrayList = new ArrayList();
        Logger.verbose(TAG + ":getBrokerAccountsFromAccountManager", "Retrieve all the accounts from account manager with broker account type, and the account length is: " + accountsByType.length);
        if (accountsByType == null || accountsByType.length == 0) {
            return arrayList;
        }
        Bundle bundle = new Bundle();
        bundle.putBoolean("com.microsoft.workaccount.user.info", true);
        for (Account account : accountsByType) {
            arrayList.add(getAccountRecordFromUserInfo(AccountManager.get(operationParameters.getAppContext()).updateCredentials(account, "adal.authtoken.type", bundle, null, null, null).getResult()));
        }
        return arrayList;
    }

    @WorkerThread
    private List<AccountRecord> getBrokerAccountsWithAuthService(@NonNull OperationParameters operationParameters) throws ClientException, InterruptedException, ExecutionException, RemoteException {
        MicrosoftAuthClient microsoftAuthClient = new MicrosoftAuthClient(operationParameters.getAppContext());
        try {
            try {
                return MsalBrokerResultAdapter.getAccountRecordListFromBundle(microsoftAuthClient.connect().get().getAccounts(getRequestBundleForGetAccounts(operationParameters)));
            } catch (RemoteException | ClientException | InterruptedException | ExecutionException e) {
                Logger.error(TAG + ":getBrokerAccountsWithAuthService", "Exception is thrown when trying to get account from Broker, returning empty list." + e.getMessage(), "io_error", e);
                throw e;
            }
        } finally {
            microsoftAuthClient.disconnect();
        }
    }

    private Intent getBrokerAuthorizationIntent(@NonNull AcquireTokenOperationParameters acquireTokenOperationParameters) throws ClientException {
        if (!isMicrosoftAuthServiceSupported(acquireTokenOperationParameters.getAppContext())) {
            Logger.verbose(TAG + ":getBrokerAuthorizationIntent", "Is microsoft auth service supported? [no]");
            Logger.verbose(TAG + ":getBrokerAuthorizationIntent", "Get the broker authorization intent from Account Manager.");
            return getBrokerAuthorizationIntentFromAccountManager(acquireTokenOperationParameters);
        }
        Logger.verbose(TAG + ":getBrokerAuthorizationIntent", "Is microsoft auth service supported? [yes]");
        Logger.verbose(TAG + ":getBrokerAuthorizationIntent", "Get the broker authorization intent from auth service.");
        Intent brokerAuthorizationIntentFromAuthService = getBrokerAuthorizationIntentFromAuthService(acquireTokenOperationParameters);
        brokerAuthorizationIntentFromAuthService.putExtra("broker_request_v2", new Gson().toJson(new MsalBrokerRequestAdapter().brokerRequestFromAcquireTokenParameters(acquireTokenOperationParameters), BrokerRequest.class));
        brokerAuthorizationIntentFromAuthService.putExtra("account.name", acquireTokenOperationParameters.getLoginHint());
        return brokerAuthorizationIntentFromAuthService;
    }

    @SuppressLint({"MissingPermission"})
    private Intent getBrokerAuthorizationIntentFromAccountManager(@NonNull AcquireTokenOperationParameters acquireTokenOperationParameters) throws ClientException {
        try {
            MsalBrokerRequestAdapter msalBrokerRequestAdapter = new MsalBrokerRequestAdapter();
            Bundle bundle = new Bundle();
            bundle.putString("broker_request_v2", new Gson().toJson(msalBrokerRequestAdapter.brokerRequestFromAcquireTokenParameters(acquireTokenOperationParameters), BrokerRequest.class));
            Intent intent = (Intent) AccountManager.get(acquireTokenOperationParameters.getAppContext()).addAccount("com.microsoft.workaccount", "adal.authtoken.type", null, bundle, null, null, getPreferredHandler()).getResult().getParcelable("intent");
            intent.putExtra("caller.info.uid", Binder.getCallingUid());
            return intent;
        } catch (AuthenticatorException e) {
            Logger.error(TAG + ":getBrokerAuthorizationIntentFromAccountManager", "Broker request cancelled", "AuthenticatorException thrown when talking to account manager. The broker request cancelled.", e);
            throw new ClientException("Broker request cancelled", "AuthenticatorException thrown when talking to account manager. The broker request cancelled.", e);
        } catch (OperationCanceledException e2) {
            Logger.error(TAG + ":getBrokerAuthorizationIntentFromAccountManager", "Broker request cancelled", "Exception thrown when talking to account manager. The broker request cancelled.", e2);
            throw new ClientException("Broker request cancelled", "OperationCanceledException thrown when talking to account manager. The broker request cancelled.", e2);
        } catch (IOException e3) {
            Logger.error(TAG + ":getBrokerAuthorizationIntentFromAccountManager", "Broker request cancelled", "IOException thrown when talking to account manager. The broker request cancelled.", e3);
            throw new ClientException("Broker request cancelled", "IOException thrown when talking to account manager. The broker request cancelled.", e3);
        }
    }

    private Intent getBrokerAuthorizationIntentFromAuthService(@NonNull AcquireTokenOperationParameters acquireTokenOperationParameters) throws ClientException {
        MicrosoftAuthClient microsoftAuthClient = new MicrosoftAuthClient(acquireTokenOperationParameters.getAppContext());
        try {
            try {
                return microsoftAuthClient.connect().get().getIntentForInteractiveRequest();
            } catch (RemoteException e) {
                throw new ClientException("Failed to bind the service in broker app", "Exception occurred while attempting to invoke remote service", e);
            } catch (Exception e2) {
                throw new ClientException("Failed to bind the service in broker app", "Exception occurred while awaiting (get) return of MicrosoftAuthService", e2);
            }
        } finally {
            microsoftAuthClient.disconnect();
        }
    }

    private Handler getPreferredHandler() {
        return (Looper.myLooper() == null || Looper.getMainLooper() == Looper.myLooper()) ? new Handler(Looper.getMainLooper()) : new Handler(Looper.myLooper());
    }

    private Bundle getRequestBundleForGetAccounts(@NonNull OperationParameters operationParameters) {
        Bundle bundle = new Bundle();
        bundle.putString("account.clientid.key", operationParameters.getClientId());
        bundle.putString("account.redirect", operationParameters.getRedirectUri());
        return bundle;
    }

    private Bundle getRequestBundleForRemoveAccount(@NonNull OperationParameters operationParameters) {
        Bundle bundle = new Bundle();
        bundle.putString("account.clientid.key", operationParameters.getClientId());
        if (operationParameters.getAccount() != null) {
            bundle.putString("environment", operationParameters.getAccount().getEnvironment());
            bundle.putString("account.home.account.id", operationParameters.getAccount().getHomeAccountId());
        }
        return bundle;
    }

    private Bundle getSilentBrokerRequestBundle(AcquireTokenSilentOperationParameters acquireTokenSilentOperationParameters) {
        MsalBrokerRequestAdapter msalBrokerRequestAdapter = new MsalBrokerRequestAdapter();
        Bundle bundle = new Bundle();
        bundle.putString("broker_request_v2", new Gson().toJson(msalBrokerRequestAdapter.brokerRequestFromSilentOperationParameters(acquireTokenSilentOperationParameters), BrokerRequest.class));
        bundle.putInt("caller.info.uid", Binder.getCallingUid());
        return bundle;
    }

    @SuppressLint({"MissingPermission"})
    private Account getTargetAccount(Context context, IAccountRecord iAccountRecord) {
        Account[] accountsByType = AccountManager.get(context).getAccountsByType("com.microsoft.workaccount");
        Account account = null;
        if (accountsByType != null) {
            for (Account account2 : accountsByType) {
                if (account2 != null && account2.name != null && account2.name.equalsIgnoreCase(iAccountRecord.getUsername())) {
                    account = account2;
                }
            }
        }
        return account;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean isAccountManagerPermissionsGranted(@NonNull Context context) {
        return Build.VERSION.SDK_INT >= 23 ? isPermissionGranted(context, Manifest.permission.GET_ACCOUNTS) : isPermissionGranted(context, Manifest.permission.GET_ACCOUNTS) && isPermissionGranted(context, "android.permission.MANAGE_ACCOUNTS") && isPermissionGranted(context, "android.permission.USE_CREDENTIALS");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean isMicrosoftAuthServiceSupported(@NonNull Context context) {
        return new MicrosoftAuthClient(context).getIntentForAuthService(context) != null;
    }

    private static boolean isPermissionGranted(@NonNull Context context, @NonNull String str) {
        boolean z = context.getPackageManager().checkPermission(str, context.getPackageName()) == 0;
        Logger.verbose(TAG + ":isPermissionGranted", "is " + str + " granted? [" + z + "]");
        return z;
    }

    @SuppressLint({"MissingPermission"})
    private boolean removeBrokerAccountFromAccountManager(@NonNull OperationParameters operationParameters) {
        Logger.verbose(TAG + ":removeBrokerAccountFromAccountManager", "Try to remove account from account manager.");
        Account[] accountsByType = AccountManager.get(operationParameters.getAppContext()).getAccountsByType("com.microsoft.workaccount");
        if (accountsByType == null || accountsByType.length <= 0) {
            return true;
        }
        for (Account account : accountsByType) {
            if (operationParameters.getAccount() == null || account.name.equalsIgnoreCase(operationParameters.getAccount().getUsername())) {
                Bundle bundle = new Bundle();
                bundle.putString("account.clientid.key", operationParameters.getClientId());
                bundle.putString("environment", operationParameters.getAccount().getEnvironment());
                bundle.putString("account.home.account.id", operationParameters.getAccount().getHomeAccountId());
                bundle.putString("account.remove.tokens", "account.remove.tokens.value");
                AccountManager.get(operationParameters.getAppContext()).getAuthToken(account, "adal.authtoken.type", bundle, false, (AccountManagerCallback<Bundle>) null, getPreferredHandler());
            }
        }
        return true;
    }

    private boolean removeBrokerAccountWithAuthService(@NonNull OperationParameters operationParameters) throws BaseException, InterruptedException, ExecutionException, RemoteException {
        MicrosoftAuthClient microsoftAuthClient = new MicrosoftAuthClient(operationParameters.getAppContext());
        try {
            try {
                microsoftAuthClient.connect().get().removeAccount(getRequestBundleForRemoveAccount(operationParameters));
                return true;
            } catch (RemoteException | BaseException | InterruptedException | ExecutionException e) {
                Logger.error(TAG + ":removeBrokerAccountWithAuthService", "Exception is thrown when trying to get target account." + e.getMessage(), "io_error", e);
                throw e;
            }
        } finally {
            microsoftAuthClient.disconnect();
        }
    }

    private void saveMsaAccountToCache(@NonNull Bundle bundle, @NonNull MsalOAuth2TokenCache msalOAuth2TokenCache) throws ClientException {
        BrokerResult brokerResult = (BrokerResult) new Gson().fromJson(bundle.getString("broker_result_v2"), BrokerResult.class);
        if (bundle.getBoolean("broker_request_v2_success") && brokerResult != null && "9188040d-6c67-4c5b-b112-36a304b66dad".equalsIgnoreCase(brokerResult.getTenantId())) {
            Logger.info(TAG + ":saveMsaAccountToCache", "Result returned for MSA Account, saving to cache");
            try {
                ClientInfo clientInfo = new ClientInfo(brokerResult.getClientInfo());
                MicrosoftStsAccount microsoftStsAccount = new MicrosoftStsAccount(new IDToken(brokerResult.getIdToken()), clientInfo);
                microsoftStsAccount.setEnvironment(brokerResult.getEnvironment());
                msalOAuth2TokenCache.setSingleSignOnState(microsoftStsAccount, new MicrosoftRefreshToken(brokerResult.getRefreshToken(), clientInfo, brokerResult.getScope(), brokerResult.getClientId(), brokerResult.getEnvironment(), brokerResult.getFamilyId()));
            } catch (ServiceException e) {
                Logger.errorPII(TAG + ":saveMsaAccountToCache", "Exception while creating Idtoken or ClientInfo, cannot save MSA account tokens", e);
                throw new ClientException("invalid_jwt", e.getMessage(), e);
            }
        }
    }

    @Override // com.microsoft.identity.common.internal.controllers.BaseController
    public AcquireTokenResult acquireToken(AcquireTokenOperationParameters acquireTokenOperationParameters) throws InterruptedException, BaseException {
        this.mBrokerResultFuture = new BrokerResultFuture();
        Intent brokerAuthorizationIntent = getBrokerAuthorizationIntent(acquireTokenOperationParameters);
        Intent intent = new Intent(acquireTokenOperationParameters.getAppContext(), (Class<?>) BrokerActivity.class);
        intent.putExtra("broker_intent", brokerAuthorizationIntent);
        acquireTokenOperationParameters.getActivity().startActivity(intent);
        Bundle bundle = this.mBrokerResultFuture.get();
        saveMsaAccountToCache(bundle, (MsalOAuth2TokenCache) acquireTokenOperationParameters.getTokenCache());
        return getAcquireTokenResult(bundle);
    }

    @Override // com.microsoft.identity.common.internal.controllers.BaseController
    public AcquireTokenResult acquireTokenSilent(AcquireTokenSilentOperationParameters acquireTokenSilentOperationParameters) throws BaseException {
        if (isMicrosoftAuthServiceSupported(acquireTokenSilentOperationParameters.getAppContext())) {
            Logger.verbose(TAG + ":acquireTokenSilent", "Is microsoft auth service supported? [yes]");
            Logger.verbose(TAG + ":acquireTokenSilent", "Get the broker authorization intent from auth service.");
            return acquireTokenSilentWithAuthService(acquireTokenSilentOperationParameters);
        }
        Logger.verbose(TAG + ":acquireTokenSilent", "Is microsoft auth service supported? [no]");
        Logger.verbose(TAG + ":acquireTokenSilent", "Get the broker authorization intent from Account Manager.");
        return acquireTokenSilentWithAccountManager(acquireTokenSilentOperationParameters);
    }

    @Override // com.microsoft.identity.common.internal.controllers.BaseController
    public void completeAcquireToken(int i, int i2, Intent intent) {
        this.mBrokerResultFuture.setResultBundle(intent.getExtras());
    }

    @Override // com.microsoft.identity.common.internal.controllers.BaseController
    public List<AccountRecord> getAccounts(@NonNull OperationParameters operationParameters) throws ClientException, InterruptedException, ExecutionException, RemoteException, OperationCanceledException, IOException, AuthenticatorException {
        if (isMicrosoftAuthServiceSupported(operationParameters.getAppContext())) {
            Logger.verbose(TAG + ":getBrokerAccounts", "Is microsoft auth service supported? [yes]");
            Logger.verbose(TAG + ":getBrokerAccounts", "Get the broker accounts from auth service.");
            return getBrokerAccountsWithAuthService(operationParameters);
        }
        Logger.verbose(TAG + ":getBrokerAccounts", "Is microsoft auth service supported? [no]");
        Logger.verbose(TAG + ":getBrokerAccounts", "Get the broker accounts from Account Manager.");
        return getBrokerAccountsFromAccountManager(operationParameters);
    }

    @Override // com.microsoft.identity.common.internal.controllers.BaseController
    @WorkerThread
    public boolean removeAccount(@NonNull OperationParameters operationParameters) throws BaseException, InterruptedException, ExecutionException, RemoteException {
        if (isMicrosoftAuthServiceSupported(operationParameters.getAppContext())) {
            Logger.verbose(TAG + ":removeBrokerAccount", "Is microsoft auth service supported? [yes]");
            Logger.verbose(TAG + ":removeBrokerAccount", "Remove the account(s) from auth service.");
            return removeBrokerAccountWithAuthService(operationParameters);
        }
        Logger.verbose(TAG + ":removeBrokerAccount", "Is microsoft auth service supported? [no]");
        Logger.verbose(TAG + ":removeBrokerAccount", "Remove the account(s) from Account Manager.");
        return removeBrokerAccountFromAccountManager(operationParameters);
    }
}
