package com.microsoft.intune.mam.client.app.startup.auth.adal;

import android.app.Activity;
import android.content.Context;
import android.content.Intent;
import android.content.res.Resources;
import com.microsoft.aad.adal.ADALError;
import com.microsoft.aad.adal.AuthenticationCallback;
import com.microsoft.aad.adal.AuthenticationCancelError;
import com.microsoft.aad.adal.AuthenticationContext;
import com.microsoft.aad.adal.AuthenticationException;
import com.microsoft.aad.adal.AuthenticationResult;
import com.microsoft.aad.adal.AuthenticationSettings;
import com.microsoft.aad.adal.ITokenCacheStore;
import com.microsoft.aad.adal.PromptBehavior;
import com.microsoft.intune.mam.client.MAMInfo;
import com.microsoft.intune.mam.client.app.ADALConnectionDetailsResolver;
import com.microsoft.intune.mam.client.app.startup.ADALConnectionDetails;
import com.microsoft.intune.mam.client.app.startup.auth.UserAuthentication;
import com.microsoft.intune.mam.client.app.startup.auth.UserAuthenticationCallback;
import com.microsoft.intune.mam.client.app.startup.auth.UserAuthenticationError;
import com.microsoft.intune.mam.client.app.startup.auth.UserAuthenticationFailureReason;
import com.microsoft.intune.mam.client.app.startup.auth.UserAuthenticationSuccess;
import com.microsoft.intune.mam.client.identity.MAMIdentity;
import com.microsoft.intune.mam.client.identity.MAMIdentityManager;
import com.microsoft.intune.mam.client.telemetry.TelemetryLogger;
import com.microsoft.intune.mam.client.telemetry.events.TrackedOccurrence;
import com.microsoft.intune.mam.log.MAMLogger;
import com.microsoft.intune.mam.log.MAMLoggerProvider;
import com.microsoft.intune.mam.policy.MAMServiceAuthentication;
import com.microsoft.intune.mam.policy.MAMUserInfoInternal;
import com.microsoft.intune.mam.util.auth.WpjResourceProvider;
import java.security.NoSuchAlgorithmException;
import java.util.UUID;
import java.util.logging.Level;
import javax.crypto.NoSuchPaddingException;

/* loaded from: classes5.dex */
public abstract class ADALUserAuthentication implements UserAuthentication {
    private static final String DEFAULT_MAM_AUTH_EXTRAS = "msafed=0&instance_aware=true";
    public static final String DEVICE_CLAIMS_DEVICEID_ESSENTIAL_STRING = "{\"access_token\":{\"deviceid\":{\"essential\":true}}}";
    private static final String ENABLE_ACCOUNT_CHOOSER_EXTRAS = "msafed=0";
    private static final String INSTANCE_AWARE_EXTRA = "instance_aware=true";
    private static final MAMLogger LOGGER = MAMLoggerProvider.getLogger(ADALUserAuthentication.class);
    private final ADALConnectionDetailsResolver mADALDetailsResolver;
    AuthenticationContext mAuthContext;
    ADALConnectionDetails mConnectionDetails;
    protected final Context mContext;
    private final MAMIdentityManager mIdentityManager;
    private boolean mInitialized = false;
    private final Resources mResources;
    private final TelemetryLogger mTelemetryLogger;
    private final MAMUserInfoInternal mUserInfo;
    boolean mUsingBroker;
    private final WpjResourceProvider mWpjResourceProvider;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: com.microsoft.intune.mam.client.app.startup.auth.adal.ADALUserAuthentication$1, reason: invalid class name */
    /* loaded from: classes5.dex */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$com$microsoft$aad$adal$AuthenticationResult$AuthenticationStatus;

        static {
            int[] iArr = new int[AuthenticationResult.AuthenticationStatus.values().length];
            $SwitchMap$com$microsoft$aad$adal$AuthenticationResult$AuthenticationStatus = iArr;
            try {
                iArr[AuthenticationResult.AuthenticationStatus.Succeeded.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                $SwitchMap$com$microsoft$aad$adal$AuthenticationResult$AuthenticationStatus[AuthenticationResult.AuthenticationStatus.Cancelled.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            try {
                $SwitchMap$com$microsoft$aad$adal$AuthenticationResult$AuthenticationStatus[AuthenticationResult.AuthenticationStatus.Failed.ordinal()] = 3;
            } catch (NoSuchFieldError unused3) {
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes5.dex */
    public static class ADALUserAuthenticationCallback implements AuthenticationCallback<AuthenticationResult> {
        private final UserAuthenticationCallback mCallback;
        private final MAMIdentity mIdentity;
        private final MAMIdentityManager mIdentityManager;
        private final String mTag;

        public ADALUserAuthenticationCallback(UserAuthenticationCallback userAuthenticationCallback, MAMIdentity mAMIdentity, MAMIdentityManager mAMIdentityManager, String str) {
            this.mCallback = userAuthenticationCallback;
            this.mIdentity = mAMIdentity;
            this.mIdentityManager = mAMIdentityManager;
            this.mTag = str;
        }

        private boolean didCorrectUserAuthenticate(UserAuthenticationSuccess userAuthenticationSuccess) {
            if (this.mIdentity == null) {
                return true;
            }
            String upn = userAuthenticationSuccess.getUpn();
            String aadId = userAuthenticationSuccess.getAadId();
            if (upn == null || aadId == null) {
                ADALUserAuthentication.LOGGER.warning("Auth result did not contain upn or AAD id; can't authenticate user.", new Object[0]);
                return false;
            }
            boolean equals = this.mIdentity.equals(this.mIdentityManager.create(upn, aadId));
            if (!equals && this.mIdentity.aadId() == null) {
                ADALUserAuthentication.LOGGER.warning("Primary user's AAD id is not known; can't authenticate user with mismatched UPN.", new Object[0]);
            }
            return equals;
        }

        private void onPossibleAuthenticationSuccess(UserAuthenticationSuccess userAuthenticationSuccess) {
            if (userAuthenticationSuccess.getAccessTokenSource().needsValidAppAcquiredToken()) {
                ADALUserAuthentication.LOGGER.warning("ADAL reported success but did not return an access token.", new Object[0]);
            }
            if (didCorrectUserAuthenticate(userAuthenticationSuccess)) {
                this.mCallback.onAuthenticationSuccess(userAuthenticationSuccess);
            } else {
                this.mCallback.onAuthenticationFailure(UserAuthenticationFailureReason.WRONG_USER, null);
            }
        }

        public boolean equals(Object obj) {
            if (this == obj) {
                return true;
            }
            if (obj == null || getClass() != obj.getClass()) {
                return false;
            }
            ADALUserAuthenticationCallback aDALUserAuthenticationCallback = (ADALUserAuthenticationCallback) obj;
            String str = this.mTag;
            if (str == null) {
                if (aDALUserAuthenticationCallback.mTag != null) {
                    return false;
                }
            } else if (!str.equals(aDALUserAuthenticationCallback.mTag)) {
                return false;
            }
            return true;
        }

        public int hashCode() {
            String str = this.mTag;
            return (str == null ? 0 : str.hashCode()) + 31;
        }

        @Override // com.microsoft.aad.adal.AuthenticationCallback
        public void onError(Exception exc) {
            ADALUserAuthentication.LOGGER.log(Level.WARNING, "ADAL failed to authenticate", exc);
            if (exc instanceof AuthenticationCancelError) {
                ADALUserAuthentication.LOGGER.log(Level.WARNING, "ADALError on AuthenticationCancelError is " + ((AuthenticationCancelError) exc).getCode().name());
                this.mCallback.onAuthenticationFailure(UserAuthenticationFailureReason.CANCELED, null);
                return;
            }
            if (!(exc instanceof AuthenticationException)) {
                this.mCallback.onAuthenticationFailure(UserAuthenticationFailureReason.UNKNOWN_ERROR, null);
                return;
            }
            ADALError code = ((AuthenticationException) exc).getCode();
            if (code == ADALError.AUTH_FAILED_USER_MISMATCH) {
                this.mCallback.onAuthenticationFailure(UserAuthenticationFailureReason.WRONG_USER, null);
            } else if (code == ADALError.DEVICE_CONNECTION_IS_NOT_AVAILABLE) {
                this.mCallback.onAuthenticationFailure(UserAuthenticationFailureReason.NO_CONNECTION, null);
            } else {
                this.mCallback.onAuthenticationFailure(UserAuthenticationFailureReason.UNKNOWN_ERROR, UserAuthenticationError.INSTANCE.fromADALError(code));
            }
        }

        @Override // com.microsoft.aad.adal.AuthenticationCallback
        public void onSuccess(AuthenticationResult authenticationResult) {
            ADALUserAuthentication.LOGGER.fine("UserAuthenticationCallback.onSuccess " + authenticationResult, new Object[0]);
            if (authenticationResult == null || authenticationResult.getStatus() == null) {
                this.mCallback.onAuthenticationFailure(UserAuthenticationFailureReason.UNKNOWN_ERROR, null);
                return;
            }
            ADALUserAuthentication.LOGGER.fine("UserAuthenticationCallback.onSuccess with status " + authenticationResult.getStatus(), new Object[0]);
            int i = AnonymousClass1.$SwitchMap$com$microsoft$aad$adal$AuthenticationResult$AuthenticationStatus[authenticationResult.getStatus().ordinal()];
            if (i == 1) {
                onPossibleAuthenticationSuccess(UserAuthenticationSuccess.INSTANCE.fromAdalAuthResult(authenticationResult));
            } else if (i != 2) {
                this.mCallback.onAuthenticationFailure(UserAuthenticationFailureReason.UNKNOWN_ERROR, null);
            } else {
                this.mCallback.onAuthenticationFailure(UserAuthenticationFailureReason.CANCELED, null);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ADALUserAuthentication(Context context, Resources resources, MAMUserInfoInternal mAMUserInfoInternal, ADALConnectionDetailsResolver aDALConnectionDetailsResolver, MAMIdentityManager mAMIdentityManager, TelemetryLogger telemetryLogger, WpjResourceProvider wpjResourceProvider) {
        this.mContext = context;
        this.mResources = resources;
        this.mUserInfo = mAMUserInfoInternal;
        this.mADALDetailsResolver = aDALConnectionDetailsResolver;
        this.mIdentityManager = mAMIdentityManager;
        this.mTelemetryLogger = telemetryLogger;
        this.mWpjResourceProvider = wpjResourceProvider;
    }

    private AuthenticationContext createAuthContext() throws NoSuchPaddingException, NoSuchAlgorithmException {
        try {
            this.mUsingBroker = false;
            return new AuthenticationContext(this.mContext, this.mConnectionDetails.getAuthority(), false, getTokenCacheStore());
        } catch (UnsupportedOperationException unused) {
            LOGGER.info("Caught exception initializing AuthenticationContext for non-broker use.  Trying again for broker.", new Object[0]);
            this.mUsingBroker = true;
            return new AuthenticationContext(this.mContext, this.mConnectionDetails.getAuthority(), false);
        }
    }

    private static UUID getCorrelationId(Context context) {
        return UUID.nameUUIDFromBytes(context.getPackageName().getBytes());
    }

    private MAMIdentity getPrimaryIdentity() {
        MAMIdentity primaryIdentity = this.mUserInfo.getPrimaryIdentity();
        if (primaryIdentity != null) {
            return primaryIdentity;
        }
        throw new AssertionError("UPN must not be null");
    }

    private void makeAuthCall(UserAuthenticationCallback userAuthenticationCallback, MAMIdentity mAMIdentity, Activity activity, String str, String str2, PromptBehavior promptBehavior, String str3, String str4) {
        this.mAuthContext.acquireToken(activity, str2, this.mConnectionDetails.getClientId(), getRedirectUri(), mAMIdentity == null ? null : mAMIdentity.rawUPN(), promptBehavior, str3, str4, new ADALUserAuthenticationCallback(userAuthenticationCallback, mAMIdentity, this.mIdentityManager, str));
    }

    private String startAuthentication(Activity activity, UserAuthenticationCallback userAuthenticationCallback, MAMIdentity mAMIdentity, String str, PromptBehavior promptBehavior, String str2, String str3) {
        String uuid = UUID.randomUUID().toString();
        makeAuthCall(userAuthenticationCallback, mAMIdentity, activity, uuid, str, promptBehavior, str2, str3);
        return uuid;
    }

    ADALConnectionDetails getAppConnectionDetails() {
        return this.mADALDetailsResolver.getADALConnectionDetails(this.mUserInfo.getPrimaryIdentity());
    }

    protected String getRedirectUri() {
        if (this.mUsingBroker) {
            return this.mAuthContext.getRedirectUriForBroker();
        }
        String nonBrokerRedirectUri = this.mConnectionDetails.getNonBrokerRedirectUri();
        if ("urn:ietf:wg:oauth:2.0:oob".equals(nonBrokerRedirectUri)) {
            this.mTelemetryLogger.logTrackedOccurrence(this.mContext.getPackageName(), TrackedOccurrence.DEFAULT_REDIRECT_URI_IN_USE, "");
        }
        return nonBrokerRedirectUri;
    }

    protected abstract ITokenCacheStore getTokenCacheStore();

    @Override // com.microsoft.intune.mam.client.app.startup.auth.UserAuthentication
    public boolean initialized() {
        boolean z;
        synchronized (this) {
            z = this.mInitialized;
        }
        return z;
    }

    @Override // com.microsoft.intune.mam.client.app.startup.auth.UserAuthentication
    public void onActivityResult(int i, int i2, Intent intent) {
        this.mAuthContext.onActivityResult(i, i2, intent);
    }

    @Override // com.microsoft.intune.mam.client.app.startup.auth.UserAuthentication
    public void setup() {
        synchronized (this) {
            if (this.mInitialized) {
                return;
            }
            this.mConnectionDetails = getAppConnectionDetails();
            LOGGER.fine("Authority: " + this.mConnectionDetails.getAuthority(), new Object[0]);
            AuthenticationSettings.INSTANCE.setActivityPackageName(MAMInfo.getPackageName());
            try {
                AuthenticationContext createAuthContext = createAuthContext();
                this.mAuthContext = createAuthContext;
                createAuthContext.setRequestCorrelationId(getCorrelationId(this.mContext));
                this.mInitialized = true;
            } catch (SecurityException | NoSuchAlgorithmException | NoSuchPaddingException e) {
                throw new AssertionError(e);
            }
        }
    }

    @Override // com.microsoft.intune.mam.client.app.startup.auth.UserAuthentication
    public String startAuthenticationForMAM(Activity activity, UserAuthenticationCallback userAuthenticationCallback, MAMIdentity mAMIdentity, boolean z) {
        return startAuthentication(activity, userAuthenticationCallback, mAMIdentity, MAMServiceAuthentication.MAMSERVICE_RESOURCE_ID, z ? PromptBehavior.FORCE_PROMPT : PromptBehavior.Auto, DEFAULT_MAM_AUTH_EXTRAS, null);
    }

    @Override // com.microsoft.intune.mam.client.app.startup.auth.UserAuthentication
    public String startAuthenticationForMAM(Activity activity, UserAuthenticationCallback userAuthenticationCallback, boolean z) {
        return startAuthenticationForMAM(activity, userAuthenticationCallback, getPrimaryIdentity(), z);
    }

    @Override // com.microsoft.intune.mam.client.app.startup.auth.UserAuthentication
    public String startAuthenticationForWPJ(Activity activity, UserAuthenticationCallback userAuthenticationCallback) {
        return startAuthentication(activity, userAuthenticationCallback, getPrimaryIdentity(), this.mWpjResourceProvider.get(), PromptBehavior.Always, null, "{\"access_token\":{\"deviceid\":{\"essential\":true}}}");
    }
}
