package com.microsoft.omadm.apppolicy.mamservice;

import android.app.PendingIntent;
import android.content.Context;
import android.content.Intent;
import com.microsoft.intune.common.notifications.NotificationBuilder;
import com.microsoft.intune.common.notifications.NotificationChannels;
import com.microsoft.intune.common.notifications.Notifier;
import com.microsoft.intune.common.settings.PreferencesProviderAccess;
import com.microsoft.intune.mam.client.app.startup.auth.AgentMAMServiceTokenResult;
import com.microsoft.intune.mam.client.identity.MAMIdentity;
import com.microsoft.intune.mam.client.identity.MAMIdentityManager;
import com.microsoft.intune.mam.client.telemetry.events.ScenarioEvent;
import com.microsoft.intune.mam.log.MAMLogScrubber;
import com.microsoft.intune.mam.log.MAMLogScrubberImpl;
import com.microsoft.intune.mam.policy.MAMServiceAuthentication;
import com.microsoft.intune.mam.policy.MAMWEError;
import com.microsoft.omadm.R;
import com.microsoft.omadm.Services;
import com.microsoft.omadm.apppolicy.SharedPreferencesEventTimer;
import com.microsoft.omadm.apppolicy.data.MAMServiceEnrollment;
import com.microsoft.omadm.apppolicy.data.MAMUserStatus;
import com.microsoft.omadm.client.notification.NotificationType;
import com.microsoft.omadm.logging.MAMTelemetryLogger;
import com.microsoft.omadm.users.UserManager;
import com.microsoft.omadm.utils.DeviceInfo;
import java.util.Collections;
import java.util.Comparator;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.UUID;
import java.util.concurrent.TimeUnit;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.inject.Inject;
import javax.inject.Singleton;

@Singleton
/* loaded from: classes.dex */
public class MAMServiceTokenManager {
    public static final String AAD_ID_EXTRA = "AAD_ID_EXTRA";
    private static final String LAST_NOTIFICATION_TIME = "LastNotificationTime";
    private static final String MAM_ADAL_AUTHENTICATION_ACTIVITY = "com.microsoft.windowsintune.companyportal.views.MAMAdalAuthenticationActivity";
    private static final int MAM_SIGNIN_REQUEST_CODE = 8;
    static final String MAM_TEST_REFRESH_TOKEN = "MAMTestRefreshToken";
    private static final long NOTIFICATION_THROTTLE_DAYS = 7;
    private static final String PREFS_NAME = "MAMServiceTokenManagerSettings";
    public static final String SESSION_ID = "SESSION_ID";
    public static final String UPN_EXTRA = "UPN_EXTRA";
    private final HashMap<MAMIdentity, CachedToken> mCache = new HashMap<>();
    private final Context mContext;
    private final MAMLogScrubber mLogScrubber;
    private final Notifier mNotifier;
    private final MAMTelemetryLogger mTelemetryLogger;
    private static final Logger LOGGER = Logger.getLogger(MAMServiceTokenManager.class.getName());
    private static final long TOKEN_VALIDITY_MS = TimeUnit.MINUTES.toMillis(30);

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes3.dex */
    public static class CachedToken {
        public long mExpiry;
        public String mToken;

        CachedToken(String str, long j) {
            this.mToken = str;
            this.mExpiry = j;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes3.dex */
    public static class TokenManagerPrefs extends PreferencesProviderAccess {
        TokenManagerPrefs(Context context) {
            super(context, MAMServiceTokenManager.PREFS_NAME);
        }
    }

    @Inject
    public MAMServiceTokenManager(Context context, MAMIdentityManager mAMIdentityManager, MAMTelemetryLogger mAMTelemetryLogger, Notifier notifier) {
        this.mContext = context;
        this.mTelemetryLogger = mAMTelemetryLogger;
        this.mNotifier = notifier;
        this.mLogScrubber = new MAMLogScrubberImpl(mAMIdentityManager, !Services.get().getIDeploymentSettings().isProductionBuild().booleanValue());
    }

    public static void cancelSignInNotification(Context context, Notifier notifier) {
        try {
            notifier.cancel(context, NotificationType.MAM_REQUIRES_SIGNIN_TAG, 0);
        } catch (Exception e) {
            LOGGER.log(Level.INFO, "Failed to cancel MAM Sign-In notification", (Throwable) e);
        }
    }

    private String getCachedToken(MAMIdentity mAMIdentity) {
        synchronized (this.mCache) {
            CachedToken cachedToken = this.mCache.get(mAMIdentity);
            if (cachedToken == null) {
                return null;
            }
            if (cachedToken.mExpiry < System.currentTimeMillis()) {
                this.mCache.remove(mAMIdentity);
                return null;
            }
            LOGGER.info("Using cached MAMService token instead of requesting a new one");
            return cachedToken.mToken;
        }
    }

    private List<MAMServiceEnrollment> getEnrollmentsByTokenPriority() {
        List<MAMServiceEnrollment> enabled = MAMServiceUtils.getEnabled();
        Collections.sort(enabled, new Comparator<MAMServiceEnrollment>() { // from class: com.microsoft.omadm.apppolicy.mamservice.MAMServiceTokenManager.1
            @Override // java.util.Comparator
            public int compare(MAMServiceEnrollment mAMServiceEnrollment, MAMServiceEnrollment mAMServiceEnrollment2) {
                int refreshTokenRank = MAMServiceTokenManager.getRefreshTokenRank(mAMServiceEnrollment.refreshToken);
                int refreshTokenRank2 = MAMServiceTokenManager.getRefreshTokenRank(mAMServiceEnrollment2.refreshToken);
                if (refreshTokenRank == refreshTokenRank2) {
                    return 0;
                }
                return refreshTokenRank < refreshTokenRank2 ? -1 : 1;
            }
        });
        return enabled;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static int getRefreshTokenRank(String str) {
        if (MAMServiceAuthentication.APIV2_AUTH_USED.equals(str)) {
            return 1;
        }
        if (MAMServiceAuthentication.BROKER_NEEDED.equals(str)) {
            return 2;
        }
        return str != null ? 3 : 4;
    }

    private String getTokenFromApps(MAMIdentity mAMIdentity, String str, String str2) {
        if (str == null) {
            return getTokenFromEnrolledApps(mAMIdentity);
        }
        MAMServiceEnrollment mAMServiceEnrollment = (MAMServiceEnrollment) Services.get().getTableRepository().get(new MAMServiceEnrollment.Key(str));
        if (mAMServiceEnrollment != null) {
            return getTokenFromEnrollmentForIdentity(mAMServiceEnrollment, mAMIdentity);
        }
        LOGGER.info("Trying to get token from app " + str + " which does not have an enrollment record.");
        if (str2 != null) {
            return acquireMAMServiceTokenFromApp(str, str2, mAMIdentity);
        }
        LOGGER.warning("Cannot get token from " + str + " which has neither an enrollment record nor a refresh token known");
        return null;
    }

    private String getTokenFromEnrolledApps(MAMIdentity mAMIdentity) {
        Iterator<MAMServiceEnrollment> it = getEnrollmentsByTokenPriority().iterator();
        while (it.hasNext()) {
            String tokenFromEnrollmentForIdentity = getTokenFromEnrollmentForIdentity(it.next(), mAMIdentity);
            if (tokenFromEnrollmentForIdentity != null) {
                return tokenFromEnrollmentForIdentity;
            }
        }
        return null;
    }

    private String getTokenFromEnrollmentForIdentity(MAMServiceEnrollment mAMServiceEnrollment, MAMIdentity mAMIdentity) {
        if (!mAMServiceEnrollment.identity().equals(mAMIdentity)) {
            LOGGER.warning(String.format("Getting a token for identity %s from other apps, but found enrollment for identity %s. This should never happen.", this.mLogScrubber.scrubUPN(mAMIdentity.rawUPN()), this.mLogScrubber.scrubUPN(mAMServiceEnrollment.identity().rawUPN())));
            return null;
        }
        if (mAMServiceEnrollment.refreshToken == null) {
            if (!mAMServiceEnrollment.getIsAutoEnrollment()) {
                LOGGER.info("Enrollment for package " + mAMServiceEnrollment.packageName + " has no refresh token designation and is not auto-enrolled.");
            }
            return null;
        }
        String acquireMAMServiceTokenFromApp = acquireMAMServiceTokenFromApp(mAMServiceEnrollment.packageName, mAMServiceEnrollment.refreshToken, mAMServiceEnrollment.identity());
        if (acquireMAMServiceTokenFromApp != null) {
            return acquireMAMServiceTokenFromApp;
        }
        LOGGER.info("Unable to acquire MAM Service Token from app " + mAMServiceEnrollment.packageName + " for auto-enrollments.");
        return null;
    }

    private UserManager.MAMServiceTokenResult getTokenFromUserManager(MAMIdentity mAMIdentity) {
        UserManager.MAMServiceTokenResult mAMServiceToken = Services.get().getUserManager().getMAMServiceToken(mAMIdentity.aadId(), mAMIdentity.authority());
        if (mAMServiceToken.getToken() == null) {
            LOGGER.info("Could not acquire MAMService token silently from auth lib in Company Portal.");
        } else {
            LOGGER.info("Successfully acquired MAMService token silently from auth lib in Company Portal.");
            cacheToken(mAMServiceToken.getToken(), mAMIdentity);
        }
        return mAMServiceToken;
    }

    private void postSignInNotification(MAMIdentity mAMIdentity, String str) {
        synchronized (this) {
            if (str == null) {
                str = UUID.randomUUID().toString();
            }
            String str2 = str;
            this.mTelemetryLogger.logMAMScenarioStart(ScenarioEvent.Scenario.FOREGROUND_ACQUIRE_TOKEN, this.mContext.getPackageName(), str2);
            SharedPreferencesEventTimer sharedPreferencesEventTimer = new SharedPreferencesEventTimer(new TokenManagerPrefs(this.mContext), LAST_NOTIFICATION_TIME);
            if (!sharedPreferencesEventTimer.hasTimePassed(7L, TimeUnit.DAYS)) {
                LOGGER.warning("postSignInNotification is being called unexpectedly often. Dropping request.");
                this.mTelemetryLogger.logMAMScenarioStop(ScenarioEvent.Scenario.FOREGROUND_ACQUIRE_TOKEN, ScenarioEvent.ResultCode.THROTTLED_NO_OP, MAMWEError.NONE_KNOWN, this.mContext.getPackageName(), str2, mAMIdentity.tenantId());
                return;
            }
            sharedPreferencesEventTimer.restartTimer();
            Intent intent = new Intent();
            intent.setClassName(this.mContext.getPackageName(), MAM_ADAL_AUTHENTICATION_ACTIVITY);
            intent.setFlags(268468224);
            intent.putExtra(UPN_EXTRA, mAMIdentity.canonicalUPN());
            intent.putExtra(AAD_ID_EXTRA, mAMIdentity.aadId());
            intent.putExtra(SESSION_ID, str2);
            this.mNotifier.notifyIfNotPosted(this.mContext, NotificationType.MAM_REQUIRES_SIGNIN_TAG, 0, new NotificationBuilder(this.mContext, NotificationChannels.IMPORTANT).setAutoCancel(true).setSmallIcon(R.drawable.ic_widget_main).setContentTitle(this.mContext.getString(R.string.notification_companyportal_sign_in_title)).setContentText(this.mContext.getString(R.string.notification_companyportal_sign_in_text)).setContentIntent(PendingIntent.getActivity(this.mContext, 8, intent, 201326592)).build());
        }
    }

    public String acquireMAMServiceToken(String str, boolean z, String str2, MAMIdentity mAMIdentity, String str3) {
        if (mAMIdentity == null) {
            LOGGER.severe("Trying to acquire a MAM Service Token without providing an identity.");
            return null;
        }
        String cachedToken = getCachedToken(mAMIdentity);
        if (cachedToken != null) {
            return cachedToken;
        }
        UserManager.MAMServiceTokenResult tokenFromUserManager = getTokenFromUserManager(mAMIdentity);
        boolean isDeviceOffline = tokenFromUserManager.isDeviceOffline();
        String token = tokenFromUserManager.getToken();
        if (token != null) {
            cancelSignInNotification(this.mContext, this.mNotifier);
            return token;
        }
        String tokenFromApps = getTokenFromApps(mAMIdentity, str2, str3);
        if (tokenFromApps != null) {
            return tokenFromApps;
        }
        if (!z) {
            LOGGER.info("Unable to acquire MAMService and prompt is not allowed. Not creating sign-in notification.");
            return null;
        }
        if (!isDeviceOffline) {
            isDeviceOffline = !DeviceInfo.isNetworkConnected(this.mContext);
        }
        if (isDeviceOffline) {
            LOGGER.info("Unable to acquire MAMService token because network is not connected. Not creating sign-in notification.");
        } else {
            LOGGER.info("Unable to acquire MAMService token from any source. Creating Sign-In notification for Company Portal.");
            postSignInNotification(mAMIdentity, str);
        }
        return null;
    }

    String acquireMAMServiceTokenFromApp(String str, String str2, MAMIdentity mAMIdentity) {
        if (MAM_TEST_REFRESH_TOKEN.equals(str2)) {
            return MAM_TEST_REFRESH_TOKEN;
        }
        if (str2 == null) {
            LOGGER.severe("acquireMAMServiceTokenFromApp passed null refresh token. This should not occur");
            return null;
        }
        if (!MAMServiceAuthentication.APIV2_AUTH_USED.equals(str2)) {
            LOGGER.warning("App is using removed v1 enrollment APIs. We no longer support MAM service token acquisition for such apps.");
            return null;
        }
        LOGGER.info("Calling app-registered auth callback to acquire MAM Service token for " + str);
        String mAMServiceTokenFromCallback = Services.get().getAppPolicyNotifier().getMAMServiceTokenFromCallback(str, mAMIdentity.rawUPN(), mAMIdentity.aadId());
        cacheToken(mAMServiceTokenFromCallback, mAMIdentity);
        return mAMServiceTokenFromCallback;
    }

    public void cacheToken(String str, MAMIdentity mAMIdentity) {
        if (str == null) {
            return;
        }
        synchronized (this.mCache) {
            CachedToken cachedToken = this.mCache.get(mAMIdentity);
            if (cachedToken == null || !str.equals(cachedToken.mToken)) {
                this.mCache.put(mAMIdentity, new CachedToken(str, System.currentTimeMillis() + TOKEN_VALIDITY_MS));
                LOGGER.info("Cached MAMService token for " + this.mLogScrubber.scrubUPN(mAMIdentity.rawUPN()));
                MAMUserStatus.updateUserStatusToken(str, mAMIdentity);
            }
        }
    }

    public UserManager.MAMServiceTokenResult getMAMServiceTokenFromAgent(MAMIdentity mAMIdentity) {
        if (mAMIdentity == null) {
            LOGGER.severe("Trying to acquire a MAM Service Token without providing an identity.");
            return new UserManager.MAMServiceTokenResult(null, false);
        }
        String cachedToken = getCachedToken(mAMIdentity);
        return cachedToken != null ? new UserManager.MAMServiceTokenResult(cachedToken, false) : getTokenFromUserManager(mAMIdentity);
    }

    public AgentMAMServiceTokenResult hasValidMAMServiceToken(MAMIdentity mAMIdentity) {
        UserManager.MAMServiceTokenResult mAMServiceTokenFromAgent = getMAMServiceTokenFromAgent(mAMIdentity);
        return mAMServiceTokenFromAgent.getToken() == null ? new AgentMAMServiceTokenResult(false, mAMServiceTokenFromAgent.isDeviceOffline()) : new AgentMAMServiceTokenResult(true, false);
    }
}
