package com.microsoft.onlineid.sts;

import android.content.Context;
import android.content.Intent;
import android.text.TextUtils;
import com.microsoft.onlineid.ISecurityScope;
import com.microsoft.onlineid.SecurityScope;
import com.microsoft.onlineid.Ticket;
import com.microsoft.onlineid.analytics.ClientAnalytics;
import com.microsoft.onlineid.authenticator.Session;
import com.microsoft.onlineid.exception.AccountNotFoundException;
import com.microsoft.onlineid.exception.PromptNeededException;
import com.microsoft.onlineid.internal.ApiRequest;
import com.microsoft.onlineid.internal.Assertion;
import com.microsoft.onlineid.internal.PackageInfoHelper;
import com.microsoft.onlineid.internal.SessionService;
import com.microsoft.onlineid.internal.log.Logger;
import com.microsoft.onlineid.internal.storage.AuthenticatorTypedStorage;
import com.microsoft.onlineid.internal.sts.TicketManager;
import com.microsoft.onlineid.internal.transport.NetworkException;
import com.microsoft.onlineid.notification.GcmRegistrationData;
import com.microsoft.onlineid.notification.GcmRegistrationIntentService;
import com.microsoft.onlineid.notification.NotificationRegistrationManager;
import com.microsoft.onlineid.sts.exception.InvalidResponseException;
import com.microsoft.onlineid.sts.exception.StsException;
import com.microsoft.onlineid.sts.request.ApproveSessionRequest;
import com.microsoft.onlineid.sts.request.NgcRequestFactory;
import com.microsoft.onlineid.sts.request.SessionRequestFactory;
import com.microsoft.onlineid.sts.response.ApproveSessionResponse;
import com.microsoft.onlineid.sts.response.ListSessionsResponse;
import com.microsoft.onlineid.sts.response.ManageApproverResponse;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Date;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;

/* loaded from: classes.dex */
public class SessionManager {
    public static final ISecurityScope LoginProofTokenScope = new SecurityScope("http://Passport.NET/purpose", "PURPOSE_APPROVERREGISTER");
    private final Context _applicationContext;
    private final ClockSkewManager _clockSkewManager;
    private final DeviceIdentityManager _deviceManager;
    private final NgcRequestFactory _ngcSessionRequestFactory;
    private final NotificationRegistrationManager _notificationRegistrationManager;
    private final SessionRequestFactory _sessionRequestFactory;
    private final TicketManager _ticketManager;
    private final AuthenticatorTypedStorage _typedStorage;

    /* loaded from: classes.dex */
    public enum Extras {
        Session,
        RequestType;

        public String getKey() {
            return "com.microsoft.msa.authenticator." + name();
        }
    }

    @Deprecated
    public SessionManager() {
        this._applicationContext = null;
        this._clockSkewManager = null;
        this._deviceManager = null;
        this._notificationRegistrationManager = null;
        this._sessionRequestFactory = null;
        this._ngcSessionRequestFactory = null;
        this._ticketManager = null;
        this._typedStorage = null;
    }

    public SessionManager(Context context) {
        this._applicationContext = context;
        this._clockSkewManager = new ClockSkewManager(context);
        this._deviceManager = new DeviceIdentityManager(context);
        this._notificationRegistrationManager = new NotificationRegistrationManager(context);
        this._sessionRequestFactory = new SessionRequestFactory(context);
        this._ngcSessionRequestFactory = new NgcRequestFactory(context);
        this._ticketManager = new TicketManager(context);
        this._typedStorage = new AuthenticatorTypedStorage(context);
    }

    /* JADX WARN: Multi-variable type inference failed */
    private List<Session> getSessionsFromServer(Set<AuthenticatorUserAccount> set, boolean z) throws NetworkException, StsException, InvalidResponseException {
        ListSessionsResponse listSessionsResponse = (ListSessionsResponse) this._sessionRequestFactory.createListSessionsRequest(this._deviceManager.getDeviceIdentity(false), set, z).send();
        if (!listSessionsResponse.succeeded() && listSessionsResponse.getError().isRetryableDeviceDAErrorForDeviceAuth()) {
            Logger.warning("The device DAToken is expired or invalid.");
            listSessionsResponse = (ListSessionsResponse) this._sessionRequestFactory.createListSessionsRequest(this._deviceManager.getDeviceIdentity(true), set, z).send();
        }
        if (listSessionsResponse.succeeded()) {
            return processListSessionsResponse(z, listSessionsResponse);
        }
        throw new StsException("ListSessions request failed.", listSessionsResponse.getError());
    }

    public SessionOperationResult approveOrDenySession(Session session, ApproveSessionRequest.RequestType requestType) {
        try {
            sendApproveSessionRequest(session, requestType);
            return SessionOperationResult.Success;
        } catch (Exception e) {
            ClientAnalytics.get().logException(e);
            return SessionOperationResult.forError(e);
        }
    }

    public ApiRequest createApproveOrDenySessionRequest(Session session, ApproveSessionRequest.RequestType requestType) {
        return new ApiRequest(this._applicationContext, new Intent(this._applicationContext, (Class<?>) SessionService.class).setAction(SessionService.ActionApproveOrDenyDeviceSession).putExtra(Extras.Session.getKey(), session).putExtra(Extras.RequestType.getKey(), requestType)).setAccountPuid(session.getAccountPuid());
    }

    public ApiRequest createDisableSessionApprovalRequest(String str) {
        return new ApiRequest(this._applicationContext, new Intent(this._applicationContext, (Class<?>) SessionService.class).setAction(SessionService.ActionDisableSessionApproval)).setAccountPuid(str);
    }

    public ApiRequest createEnableSessionApprovalRequest(String str) {
        return new ApiRequest(this._applicationContext, new Intent(this._applicationContext, (Class<?>) SessionService.class).setAction(SessionService.ActionEnableSessionApproval)).setAccountPuid(str);
    }

    /* JADX WARN: Multi-variable type inference failed */
    public void disableSessionApproval(String str) throws NetworkException, StsException, InvalidResponseException {
        this._typedStorage.removeAllSessions(str);
        ManageApproverResponse manageApproverResponse = (ManageApproverResponse) this._sessionRequestFactory.createUnregisterApproverRequest(this._deviceManager.getDeviceIdentity(false), str).send();
        if (!manageApproverResponse.succeeded() && manageApproverResponse.getError().isRetryableDeviceDAErrorForDeviceAuth()) {
            Logger.warning("The device DAToken is expired or invalid.");
            manageApproverResponse = (ManageApproverResponse) this._sessionRequestFactory.createUnregisterApproverRequest(this._deviceManager.getDeviceIdentity(true), str).send();
        }
        if (!manageApproverResponse.succeeded()) {
            throw new StsException("Could not unregister session approver.", manageApproverResponse.getError());
        }
        AuthenticatorUserAccount readAccount = this._typedStorage.readAccount(str);
        if (readAccount == null) {
            Logger.warning("Account was deleted before it could be unregistered for session approval.");
            return;
        }
        readAccount.setIsSessionApprover(false);
        this._typedStorage.writeAccount(readAccount);
        Logger.info("Account is unregistered for session approval.");
    }

    public void enableSessionApproval(String str, String str2) throws NetworkException, InvalidResponseException, StsException, AccountNotFoundException, PromptNeededException {
        Ticket ticket = this._ticketManager.getTicket(str, LoginProofTokenScope, str2);
        AuthenticatorUserAccount readAccount = this._typedStorage.readAccount(str);
        if (readAccount == null) {
            throw new AccountNotFoundException("Account was deleted before it could be registered for session approval.");
        }
        String registrationID = this._notificationRegistrationManager.getRegistrationID();
        if (registrationID == null) {
            ClientAnalytics.get().logEvent(ClientAnalytics.SessionApprovalCategory, ClientAnalytics.EnableSessionApprovalWithoutRegistrationID, ClientAnalytics.ViaAddAccountInApp);
            this._applicationContext.startService(new Intent(this._applicationContext, (Class<?>) GcmRegistrationIntentService.class));
        }
        registerWithMsaServer(ticket, registrationID, readAccount);
        ClientAnalytics.get().logEvent(ClientAnalytics.SessionApprovalCategory, ClientAnalytics.EnableSessionApproval, ClientAnalytics.ViaAddAccountInApp);
        int size = readSessionApprovalAccountsFromStorage().size();
        ClientAnalytics.get().logTotalAccountsEvent(ClientAnalytics.TotalSAAccountsCategory, size - 1, size);
    }

    public Session[] getCachedSessions() {
        Set<Session> readAllSessions = this._typedStorage.readAllSessions();
        HashSet hashSet = new HashSet();
        Date currentServerTime = this._clockSkewManager.getCurrentServerTime();
        Iterator<Session> it = readAllSessions.iterator();
        while (it.hasNext()) {
            Session next = it.next();
            if (next.getExpirationTime().before(currentServerTime)) {
                it.remove();
                hashSet.add(next);
            }
        }
        this._typedStorage.removeSessions(hashSet);
        return (Session[]) readAllSessions.toArray(new Session[readAllSessions.size()]);
    }

    public Session[] getSessions(boolean z) throws NetworkException, StsException, InvalidResponseException {
        Set<AuthenticatorUserAccount> readSessionApprovalAccountsFromStorage = readSessionApprovalAccountsFromStorage();
        List<Session> emptyList = readSessionApprovalAccountsFromStorage.isEmpty() ? Collections.emptyList() : getSessionsFromServer(readSessionApprovalAccountsFromStorage, z);
        this._typedStorage.replaceAllSessions(emptyList);
        return (Session[]) emptyList.toArray(new Session[0]);
    }

    List<Session> processListSessionsResponse(boolean z, ListSessionsResponse listSessionsResponse) {
        ArrayList arrayList = new ArrayList();
        if (z) {
            Iterator<String> it = listSessionsResponse.getNotRegistered().iterator();
            while (it.hasNext()) {
                AuthenticatorUserAccount readAccount = this._typedStorage.readAccount(it.next());
                if (readAccount != null) {
                    readAccount.setIsSessionApprover(false);
                    this._typedStorage.writeAccount(readAccount);
                } else {
                    Logger.warning("Account was deleted.");
                }
            }
        }
        GcmRegistrationData readGcmRegistrationData = this._typedStorage.readGcmRegistrationData();
        String registrationID = (readGcmRegistrationData == null || readGcmRegistrationData.getRegisteredAppVersion() != PackageInfoHelper.getCurrentAppVersionCode(this._applicationContext)) ? null : readGcmRegistrationData.getRegistrationID();
        for (Session session : listSessionsResponse.getSessions()) {
            if (session.getSessionType() != Session.SessionType.Unknown) {
                if (session.getState() == Session.State.Pending) {
                    arrayList.add(session);
                }
                if (this._typedStorage.readSession(session.getAccountPuid(), session.getInternalID()) == null) {
                    AuthenticatorUserAccount readAccount2 = this._typedStorage.readAccount(session.getAccountPuid());
                    String gcmRegistrationID = readAccount2 == null ? null : readAccount2.getGcmRegistrationID();
                    ClientAnalytics.get().logEvent(ClientAnalytics.PerformanceCategory, ClientAnalytics.SessionSeenWithoutNotification, TextUtils.isEmpty(registrationID) ? ClientAnalytics.NoAppGcmID : TextUtils.isEmpty(gcmRegistrationID) ? ClientAnalytics.NoAccountGcmID : !gcmRegistrationID.equals(registrationID) ? ClientAnalytics.GcmIDMismatch : ClientAnalytics.GcmIDInGoodState);
                }
            }
        }
        return arrayList;
    }

    public Set<AuthenticatorUserAccount> readSessionApprovalAccountsFromStorage() {
        HashSet hashSet = new HashSet();
        for (AuthenticatorUserAccount authenticatorUserAccount : this._typedStorage.readAllAccounts()) {
            if (authenticatorUserAccount.isSessionApprover()) {
                Assertion.check(!TextUtils.isEmpty(authenticatorUserAccount.getPuid()));
                hashSet.add(authenticatorUserAccount);
            }
        }
        return hashSet;
    }

    /* JADX WARN: Multi-variable type inference failed */
    protected void registerWithMsaServer(Ticket ticket, String str, AuthenticatorUserAccount authenticatorUserAccount) throws NetworkException, InvalidResponseException, StsException, AccountNotFoundException {
        DeviceIdentity deviceIdentity = this._deviceManager.getDeviceIdentity(false);
        ManageApproverResponse manageApproverResponse = (ManageApproverResponse) (authenticatorUserAccount.hasNgcRegistrationSucceeded() ? this._ngcSessionRequestFactory.createRegisterApproverRequest(ticket, deviceIdentity, str, authenticatorUserAccount.getServerKeyIdentifier()) : this._sessionRequestFactory.createRegisterApproverRequest(ticket, deviceIdentity, str)).send();
        if (!manageApproverResponse.succeeded()) {
            throw new StsException("Could not register session approver.", manageApproverResponse.getError());
        }
        AuthenticatorUserAccount readAccount = this._typedStorage.readAccount(authenticatorUserAccount.getPuid());
        if (readAccount == null) {
            throw new AccountNotFoundException("Account was deleted before it could be registered for session approval.");
        }
        readAccount.setTotpKey(manageApproverResponse.getTotpKey());
        readAccount.setIsSessionApprover(true);
        readAccount.setIsSessionApproverRegistrationNeeded(false);
        readAccount.setGcmRegistrationID(str);
        this._typedStorage.writeAccount(readAccount);
        Logger.info("Account is registered for session approval.");
    }

    /* JADX WARN: Multi-variable type inference failed */
    public void sendApproveSessionRequest(Session session, ApproveSessionRequest.RequestType requestType) throws NetworkException, InvalidResponseException, StsException {
        ApproveSessionResponse approveSessionResponse = (ApproveSessionResponse) this._sessionRequestFactory.createApproveSessionRequest(this._deviceManager.getDeviceIdentity(false), session, requestType).send();
        if (!approveSessionResponse.succeeded() && approveSessionResponse.getError().isRetryableDeviceDAErrorForDeviceAuth()) {
            Logger.warning("The device DAToken is expired or invalid.");
            approveSessionResponse = (ApproveSessionResponse) this._sessionRequestFactory.createApproveSessionRequest(this._deviceManager.getDeviceIdentity(true), session, requestType).send();
        }
        if (approveSessionResponse.succeeded() || approveSessionResponse.getError().isInvalidSessionError()) {
            this._typedStorage.removeSession(session.getAccountPuid(), session.getInternalID());
        }
        if (!approveSessionResponse.succeeded()) {
            throw new StsException("Could not approve session.", approveSessionResponse.getError());
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    public void updateRegistrationWithMsaServer(AuthenticatorUserAccount authenticatorUserAccount, String str) throws NetworkException, StsException, InvalidResponseException {
        ManageApproverResponse manageApproverResponse = (ManageApproverResponse) this._sessionRequestFactory.createUpdateApproverRequest(this._deviceManager.getDeviceIdentity(false), authenticatorUserAccount.getPuid(), str).send();
        if (!manageApproverResponse.succeeded() && manageApproverResponse.getError().isRetryableDeviceDAErrorForDeviceAuth()) {
            Logger.warning("The device DAToken is expired or invalid.");
            manageApproverResponse = (ManageApproverResponse) this._sessionRequestFactory.createUpdateApproverRequest(this._deviceManager.getDeviceIdentity(true), authenticatorUserAccount.getPuid(), str).send();
        }
        if (!manageApproverResponse.succeeded()) {
            throw new StsException("Could not update session approval registration.", manageApproverResponse.getError());
        }
        AuthenticatorUserAccount readAccount = this._typedStorage.readAccount(authenticatorUserAccount.getPuid());
        if (readAccount == null) {
            Logger.warning("Account was deleted before it could be updated with GCM registration ID.");
            return;
        }
        readAccount.setGcmRegistrationID(str);
        this._typedStorage.writeAccount(readAccount);
        Logger.info("Account was updated with GCM registration Id.");
    }
}
