package com.microsoft.authorization.odb;

import android.accounts.Account;
import android.accounts.AccountManager;
import android.content.Context;
import android.net.Uri;
import android.text.TextUtils;
import androidx.annotation.NonNull;
import com.google.gson.JsonSyntaxException;
import com.microsoft.aad.adal.AuthenticationException;
import com.microsoft.aad.adal.AuthenticationResult;
import com.microsoft.authentication.AuthResult;
import com.microsoft.authorization.AccountHelper;
import com.microsoft.authorization.EmailDisambiguationNetworkTask;
import com.microsoft.authorization.FederationProvider;
import com.microsoft.authorization.OneDriveAccount;
import com.microsoft.authorization.OneDriveAccountType;
import com.microsoft.authorization.SecurityScope;
import com.microsoft.authorization.SecurityToken;
import com.microsoft.authorization.SignInManager;
import com.microsoft.authorization.adal.ADALConfigurationFetcher;
import com.microsoft.authorization.adal.ADALNetworkTasks;
import com.microsoft.authorization.communication.RetrofitFactory;
import com.microsoft.authorization.communication.UnexpectedServerResponseException;
import com.microsoft.authorization.instrumentation.AccountInstrumentationEvent;
import com.microsoft.authorization.instrumentation.EventMetaDataIDs;
import com.microsoft.authorization.instrumentation.InstrumentationIDs;
import com.microsoft.authorization.oneauth.OneAuthAuthenticationException;
import com.microsoft.authorization.oneauth.OneAuthManager;
import com.microsoft.authorization.oneauth.OneAuthNetworkTasks;
import com.microsoft.authorization.oneauth.UnifiedAuthResult;
import com.microsoft.instrumentation.util.BasicNameValuePair;
import com.microsoft.instrumentation.util.ClientAnalyticsSession;
import com.microsoft.odsp.RampManager;
import com.microsoft.odsp.communication.HttpConstants;
import com.microsoft.odsp.io.FileUtils;
import com.microsoft.odsp.io.Log;
import com.microsoft.tokenshare.Callback;
import java.io.IOException;
import java.io.InputStream;
import java.net.HttpURLConnection;
import java.net.URL;
import java.util.Collections;
import java.util.Date;
import java.util.HashSet;
import java.util.Locale;
import java.util.concurrent.CountDownLatch;
import java.util.concurrent.atomic.AtomicReference;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.xpath.XPath;
import javax.xml.xpath.XPathConstants;
import javax.xml.xpath.XPathExpression;
import javax.xml.xpath.XPathExpressionException;
import javax.xml.xpath.XPathFactory;
import okhttp3.Authenticator;
import okhttp3.MediaType;
import okhttp3.OkHttpClient;
import okhttp3.Protocol;
import okhttp3.Request;
import okhttp3.RequestBody;
import okhttp3.Response;
import org.w3c.dom.Document;
import org.xml.sax.SAXException;

/* loaded from: classes2.dex */
public class OdbNetworkTasks extends ADALNetworkTasks {
    public static final String FederationProviderRefreshAllowedRampKey = "FederationProviderRefreshAllowed";
    public static final String FederationProviderRefreshRampKey = "FederationProviderRefresh";
    public static HashSet c;
    public OneAuthNetworkTasks b;

    @Deprecated
    /* loaded from: classes2.dex */
    public static class GetContextWebInformation {
        public static final XPathExpression a;
        public static final XPathExpression b;
        public final Double FormDigestTimeoutSeconds;
        public final String FormDigestValue;

        static {
            XPath newXPath = XPathFactory.newInstance().newXPath();
            try {
                a = newXPath.compile("/GetContextWebInformation/FormDigestValue");
                b = newXPath.compile("/GetContextWebInformation/FormDigestTimeoutSeconds");
            } catch (XPathExpressionException e) {
                throw new ExceptionInInitializerError(e);
            }
        }

        public GetContextWebInformation(Document document) throws XPathExpressionException {
            this.FormDigestValue = (String) a.evaluate(document, XPathConstants.STRING);
            this.FormDigestTimeoutSeconds = (Double) b.evaluate(document, XPathConstants.NUMBER);
        }
    }

    /* loaded from: classes2.dex */
    public class a implements Callback {
        public final /* synthetic */ AtomicReference a;
        public final /* synthetic */ CountDownLatch b;

        public a(AtomicReference atomicReference, CountDownLatch countDownLatch) {
            this.a = atomicReference;
            this.b = countDownLatch;
        }

        @Override // com.microsoft.tokenshare.Callback
        /* renamed from: a, reason: merged with bridge method [inline-methods] */
        public void onSuccess(FederationProvider federationProvider) {
            this.a.set(federationProvider);
            this.b.countDown();
        }

        @Override // com.microsoft.tokenshare.Callback
        public void onError(Throwable th) {
            this.b.countDown();
        }
    }

    static {
        HashSet hashSet = new HashSet(2);
        c = hashSet;
        hashSet.add(com.microsoft.authorization.Constants.ONENOTE_RESOURCE_ID);
        c.add(com.microsoft.authorization.Constants.O365_DISCOVERY_RESOURCE_ID);
        c.add("https://clients.config.office.net/");
    }

    public OdbNetworkTasks(Context context, ADALConfigurationFetcher.ADALConfiguration aDALConfiguration) {
        super(context, aDALConfiguration.getADALAuthorityUrl());
        if (OneAuthManager.isAADEnabled(context)) {
            this.b = new OneAuthNetworkTasks(this.mContext);
        }
    }

    public static String a(String str, String str2) {
        if (TextUtils.isEmpty(str) || TextUtils.isEmpty(str2)) {
            return null;
        }
        HttpURLConnection httpURLConnection = (HttpURLConnection) new URL("https", str2, "_api/SP.OAuth.NativeClient/Authenticate").openConnection();
        try {
            httpURLConnection.setRequestProperty("Authorization", String.format(Locale.ROOT, HttpConstants.Values.AUTHORIZATION_TOKEN_BEARER_FORMAT, str));
            if (com.microsoft.authorization.Constants.SP_CLIENT_ID.equals(com.microsoft.authorization.adal.Constants.getClientId())) {
                httpURLConnection.setRequestProperty("X-FeatureVersion", "2");
            }
            httpURLConnection.setRequestMethod("POST");
            if (httpURLConnection.getResponseCode() != 200) {
                httpURLConnection.disconnect();
                return null;
            }
            String headerField = httpURLConnection.getHeaderField("Set-Cookie");
            httpURLConnection.disconnect();
            return headerField;
        } catch (Throwable th) {
            httpURLConnection.disconnect();
            throw th;
        }
    }

    public static SecurityToken acquireFormDigest(String str, SecurityScope securityScope, String str2, Uri uri, Authenticator authenticator) throws IOException {
        return acquireFormDigest(str, securityScope, str2, uri, authenticator, false);
    }

    public static SecurityToken acquireFormDigest(String str, SecurityScope securityScope, String str2, Uri uri, Authenticator authenticator, boolean z) throws IOException {
        InputStream inputStream = null;
        if (TextUtils.isEmpty(securityScope.Domain)) {
            return null;
        }
        Request.Builder method = new Request.Builder().url(Uri.parse(uri.getScheme() + "://" + securityScope.Domain).buildUpon().appendPath("_api").appendPath("contextinfo").build().toString()).method("POST", RequestBody.create((MediaType) null, new byte[0]));
        method.header("Cookie", str);
        OkHttpClient.Builder newBuilder = RetrofitFactory.getDefaultOkHttpClient().newBuilder();
        if (authenticator != null) {
            newBuilder.authenticator(authenticator);
        }
        if (z) {
            newBuilder.protocols(Collections.singletonList(Protocol.HTTP_1_1));
        }
        Response execute = newBuilder.build().newCall(method.build()).execute();
        if (execute.isSuccessful()) {
            try {
                if (execute.body() != null) {
                    try {
                        inputStream = execute.body().byteStream();
                        GetContextWebInformation getContextWebInformation = new GetContextWebInformation(DocumentBuilderFactory.newInstance().newDocumentBuilder().parse(inputStream));
                        Double d = getContextWebInformation.FormDigestTimeoutSeconds;
                        SecurityToken securityToken = new SecurityToken(getContextWebInformation.FormDigestValue, new Date(System.currentTimeMillis() + ((d != null ? d.longValue() : 0L) * 1000)), null, securityScope, str2);
                        FileUtils.closeQuietly(inputStream);
                        return securityToken;
                    } catch (ParserConfigurationException | XPathExpressionException | SAXException unused) {
                        throw new IOException(execute.code() + com.microsoft.office.lens.lenscloudconnector.Constants.ERROR_MESSAGE_DELIMITER + execute.message());
                    }
                }
            } catch (Throwable th) {
                FileUtils.closeQuietly(inputStream);
                throw th;
            }
        }
        throw new UnexpectedServerResponseException(execute.message());
    }

    public static String b(String str) {
        int indexOf;
        if (!TextUtils.isEmpty(str) && (indexOf = str.indexOf(" ")) > 0) {
            return str.substring(0, indexOf);
        }
        return null;
    }

    public boolean c(FederationProvider federationProvider) {
        if (federationProvider == null) {
            Log.ePiiFree("OdbNetworkTasks", "isRefreshFederationProviderAllowed - FederationProvider value is null.");
            return false;
        }
        if (!Boolean.parseBoolean(getRampState(FederationProviderRefreshRampKey))) {
            Log.ePiiFree("OdbNetworkTasks", "isRefreshFederationProviderAllowed - ramp is off.");
            return false;
        }
        String rampState = getRampState(FederationProviderRefreshAllowedRampKey);
        if (TextUtils.isEmpty(rampState)) {
            Log.ePiiFree("OdbNetworkTasks", "isRefreshFederationProviderAllowed - Allowed list empty.");
            return false;
        }
        for (String str : rampState.split(";")) {
            if (FederationProvider.parse(str) == federationProvider) {
                return true;
            }
        }
        Log.ePiiFree("OdbNetworkTasks", "isRefreshFederationProviderAllowed - not in allowed list: " + federationProvider.toString());
        return false;
    }

    public final boolean d(AccountManager accountManager, Account account) {
        FederationProvider parse = FederationProvider.parse(accountManager.getUserData(account, com.microsoft.authorization.Constants.FEDERATION_PROVIDER));
        if (!c(parse)) {
            Log.dPiiFree("OdbNetworkTasks", "refreshFederationProviderAsNeeded - No need to refresh federation provider.");
            return false;
        }
        Log.iPiiFree("OdbNetworkTasks", "refreshFederationProviderAsNeeded - start");
        EmailDisambiguationNetworkTask emailDisambiguationNetworkTask = new EmailDisambiguationNetworkTask();
        AtomicReference atomicReference = new AtomicReference();
        String b = b(account.name);
        CountDownLatch countDownLatch = new CountDownLatch(1);
        if (TextUtils.isEmpty(b)) {
            Log.ePiiFree("OdbNetworkTasks", "refreshFederationProviderAsNeeded - account email is not available.");
            return false;
        }
        emailDisambiguationNetworkTask.getFederationProvider(b, false, new a(atomicReference, countDownLatch));
        try {
            countDownLatch.await();
        } catch (InterruptedException e) {
            Log.ePiiFree("OdbNetworkTasks", "refreshFederationProviderAsNeeded - InterruptedException received", e);
        }
        FederationProvider federationProvider = (FederationProvider) atomicReference.get();
        if (federationProvider != null && federationProvider != parse) {
            try {
                Log.iPiiFree("OdbNetworkTasks", "refreshFederationProviderAsNeeded - getADALConfigurationSync");
                ADALConfigurationFetcher.ADALConfiguration aDALConfigurationSync = new ADALConfigurationFetcher().getADALConfigurationSync(federationProvider, false);
                accountManager.setUserData(account, com.microsoft.authorization.Constants.FEDERATION_PROVIDER, federationProvider.toString());
                accountManager.setUserData(account, com.microsoft.authorization.Constants.ADAL_AUTHORITY_URL, aDALConfigurationSync.getADALAuthorityUrl());
                resetAuthContext(aDALConfigurationSync.getADALAuthorityUrl());
                Log.iPiiFree("OdbNetworkTasks", "refreshFederationProviderAsNeeded - updated account federation provider from " + parse + " to " + federationProvider);
                OneDriveAccount accountById = SignInManager.getInstance().getAccountById(this.mContext, account.name);
                new BasicNameValuePair(InstrumentationIDs.FEDERATION_PROVIDER_OLD, parse.toString());
                ClientAnalyticsSession.getInstance().logEvent(new AccountInstrumentationEvent(this.mContext, EventMetaDataIDs.ODB_ACCOUNT_FEDERATION_PROVIDER_CHANGED, new BasicNameValuePair[]{new BasicNameValuePair(InstrumentationIDs.FEDERATION_PROVIDER_OLD, parse.toString()), new BasicNameValuePair(InstrumentationIDs.FEDERATION_PROVIDER_NEW, federationProvider.toString())}, (BasicNameValuePair[]) null, accountById));
                return true;
            } catch (IOException | XPathExpressionException e2) {
                Log.ePiiFree("OdbNetworkTasks", "refreshFederationProviderAsNeeded - failed to fetch adal configuration for " + federationProvider, e2);
            }
        }
        return false;
    }

    public final UnifiedAuthResult e(String str, String str2, String str3) {
        if (!OneAuthManager.isAADEnabled(this.mContext)) {
            AuthenticationResult refreshAccessToken = refreshAccessToken(str2, str, str3);
            if (refreshAccessToken != null) {
                return new UnifiedAuthResult(refreshAccessToken);
            }
            return null;
        }
        AuthResult accessToken = this.b.getAccessToken(str, OneDriveAccountType.BUSINESS, str2, str3);
        if (accessToken == null) {
            Log.ePiiFree("OdbNetworkTasks", "Could not execute token refresh for userId" + str + "; No account found for given userId");
            return null;
        }
        UnifiedAuthResult unifiedAuthResult = new UnifiedAuthResult(accessToken);
        Log.d(OneAuthManager.USERID_TAG, "(UnifiedTokenRefresh result) called for userId:" + str + " returned getUserId:" + unifiedAuthResult.getUserId() + " getDisplayableId:" + unifiedAuthResult.getDisplayableId());
        if (accessToken.getCredential() == null || accessToken.getAccount() == null) {
            Log.d(OneAuthManager.USERID_TAG, "(UnifiedTokenRefresh result) oneAuthResult.getCredentials() or account was null");
        } else {
            Log.d(OneAuthManager.USERID_TAG, "(UnifiedTokenRefresh result) oneAuthResult.getCredentials().getAccountId(): " + accessToken.getCredential().getAccountId() + "oneAuthResult.getAccount().getId():" + accessToken.getAccount().getId() + " oneAuthResult.getAccount().getProviderId(): " + accessToken.getAccount().getProviderId());
        }
        if (accessToken.getError() == null) {
            return unifiedAuthResult;
        }
        Log.e("OdbNetworkTasks", "Tokenrefresh with oneAuth returned with error: " + accessToken.getError().getStatus() + " and substatus: " + accessToken.getError().getSubStatus());
        throw new OneAuthAuthenticationException(accessToken.getError());
    }

    public String getRampState(@NonNull String str) {
        return RampManager.getAllRampStates().get(str);
    }

    public SecurityToken refreshSecurityToken(AccountManager accountManager, Account account, SecurityScope securityScope, String str) throws IOException, JsonSyntaxException, AuthenticationException, OneAuthAuthenticationException {
        String str2;
        UnifiedAuthResult e;
        String a2;
        String userData = accountManager.getUserData(account, com.microsoft.authorization.Constants.USER_CID);
        Log.d("OdbNetworkTasks", "(refreshSecurityToken) account.name:" + account.name + " attempting to find account using USER_CID:" + userData);
        if (TextUtils.isEmpty(userData)) {
            return null;
        }
        if (!Constants.SCOPE_ODB_ACCESSTOKEN.equalsIgnoreCase(securityScope.Policy) && !Constants.SCOPE_ODB_ACCESSTOKEN_BY_GUID.equalsIgnoreCase(securityScope.Policy)) {
            if (!Constants.SCOPE_ODB_COOKIE.equalsIgnoreCase(securityScope.Policy)) {
                if (!Constants.SCOPE_ODB_FORM_DIGEST.equalsIgnoreCase(securityScope.Policy)) {
                    return null;
                }
                SecurityToken refreshSecurityToken = refreshSecurityToken(accountManager, account, SecurityScope.getSecurityScope(OneDriveAccountType.BUSINESS, Uri.parse("https://" + securityScope.Domain), Constants.SCOPE_ODB_COOKIE), null);
                return acquireFormDigest(refreshSecurityToken != null ? refreshSecurityToken.getAccessToken() : "", securityScope, userData, AccountHelper.getSharePointApiEndpoint(this.mContext, account), null);
            }
            UnifiedAuthResult e2 = e(userData, new Uri.Builder().scheme("https").authority(securityScope.Domain).build().toString(), str);
            if (e2 == null || e2.getStatus() != AuthenticationResult.AuthenticationStatus.Succeeded || (a2 = a(e2.getAccessToken(), securityScope.Domain)) == null) {
                return null;
            }
            Date expiresOn = e2.getExpiresOn();
            if (com.microsoft.authorization.Constants.SP_CLIENT_ID.equals(com.microsoft.authorization.adal.Constants.getClientId())) {
                expiresOn = new Date(System.currentTimeMillis() + 432000000);
            }
            return new SecurityToken(a2, expiresOn, null, securityScope, userData);
        }
        if (Constants.SCOPE_ODB_ACCESSTOKEN_BY_GUID.equalsIgnoreCase(securityScope.Policy) || (Constants.SCOPE_ODB_ACCESSTOKEN.equalsIgnoreCase(securityScope.Policy) && c.contains(securityScope.Domain))) {
            str2 = securityScope.Domain;
        } else {
            str2 = Uri.parse("https://" + securityScope.Domain).toString();
        }
        try {
            e = e(userData, str2, str);
            StringBuilder sb = new StringBuilder();
            sb.append("refreshSecurityToken -- result: ");
            sb.append(e != null ? e.getStatus().toString() : null);
            Log.iPiiFree("OdbNetworkTasks", sb.toString());
        } catch (AuthenticationException e3) {
            if (!d(accountManager, account)) {
                throw e3;
            }
            e = e(userData, str2, str);
        }
        UnifiedAuthResult unifiedAuthResult = e;
        if (unifiedAuthResult == null || unifiedAuthResult.getStatus() != AuthenticationResult.AuthenticationStatus.Succeeded) {
            return null;
        }
        SecurityToken securityToken = new SecurityToken(unifiedAuthResult.getAccessToken(), unifiedAuthResult.getExpiresOn(), unifiedAuthResult.getRefreshToken(), securityScope, userData);
        securityToken.setAuthLibrary(unifiedAuthResult.getAuthLibrary());
        return securityToken;
    }
}
