package com.microsoft.authentication.internal.tokenshare;

import android.content.Context;
import android.os.IBinder;
import android.os.RemoteException;
import com.google.gson.JsonParseException;
import com.microsoft.authentication.internal.Logger;
import com.microsoft.authentication.internal.OneAuthAndroidUtils;
import com.microsoft.identity.common.AndroidPlatformComponents;
import com.microsoft.identity.common.adal.internal.cache.ADALTokenCacheItem;
import com.microsoft.identity.common.adal.tokensharing.SSOStateSerializer;
import com.microsoft.identity.common.java.cache.CacheKeyValueDelegate;
import com.microsoft.identity.common.java.cache.SharedPreferencesAccountCredentialCache;
import com.microsoft.identity.common.java.dto.Credential;
import com.microsoft.identity.common.java.dto.CredentialType;
import com.microsoft.identity.common.java.dto.IdTokenRecord;
import com.microsoft.identity.common.java.dto.RefreshTokenRecord;
import com.microsoft.identity.common.java.exception.ServiceException;
import com.microsoft.identity.common.java.interfaces.INameValueStorage;
import com.microsoft.identity.common.java.providers.oauth2.IDToken;
import com.microsoft.identity.common.java.util.StringUtil;
import com.microsoft.tokenshare.AccountInfo;
import com.microsoft.tokenshare.ITokenProvider;
import com.microsoft.tokenshare.RefreshToken;
import com.nimbusds.jose.JOSEObjectType;
import com.nimbusds.jose.PlainHeader;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.PlainJWT;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Map;

/* loaded from: classes2.dex */
public class MsalTokenProvider implements ITokenProvider {
    public static final String MSA_REALM = "9188040d-6c67-4c5b-b112-36a304b66dad";
    private static final int TTL_CREDS_MS = 10000;
    private static final Map<String, String> sClaimRemapper = new HashMap();
    private long lastChecked;
    private List<com.microsoft.identity.common.java.dto.AccountRecord> mAccountRecords;
    private final int mCacheTimeout;
    private List<RefreshTokenRecord> mFamilyRefreshTokenRecords;
    private List<IdTokenRecord> mIdTokenRecords;
    private INameValueStorage<String> mSharedPreferencesFileManager;

    static {
        applyV1ToV2Mappings();
    }

    public MsalTokenProvider(Context context) {
        this(context, 10000);
    }

    public MsalTokenProvider(Context context, int i) {
        this.lastChecked = 0L;
        try {
            AndroidPlatformComponents createFromContext = AndroidPlatformComponents.createFromContext(context);
            this.mSharedPreferencesFileManager = createFromContext.getEncryptedNameValueStore(SharedPreferencesAccountCredentialCache.DEFAULT_ACCOUNT_CREDENTIAL_SHARED_PREFERENCES, createFromContext.getStorageEncryptionManager(), String.class);
        } catch (Exception e) {
            Logger.logException(509696001, "Exception thrown while initializing token provider", e);
            this.mSharedPreferencesFileManager = null;
        }
        this.mCacheTimeout = i;
        this.mFamilyRefreshTokenRecords = new ArrayList();
        this.mIdTokenRecords = new ArrayList();
        this.mAccountRecords = new ArrayList();
    }

    private static ADALTokenCacheItem adapt(IdTokenRecord idTokenRecord, RefreshTokenRecord refreshTokenRecord) throws ServiceException {
        ADALTokenCacheItem aDALTokenCacheItem = new ADALTokenCacheItem();
        aDALTokenCacheItem.setClientId(refreshTokenRecord.getClientId());
        aDALTokenCacheItem.setRefreshToken(refreshTokenRecord.getSecret());
        aDALTokenCacheItem.setRawIdToken(mintV1IdTokenFromRawV2IdToken(idTokenRecord.getSecret()));
        aDALTokenCacheItem.setFamilyClientId(refreshTokenRecord.getFamilyId());
        aDALTokenCacheItem.setAuthority(isFromHomeTenant(idTokenRecord) ? OneAuthAndroidUtils.getTslAuthorityForEnvironment(refreshTokenRecord.getEnvironment()) : idTokenRecord.getAuthority());
        return aDALTokenCacheItem;
    }

    private static void applyV1ToV2Mappings() {
        sClaimRemapper.put("preferred_username", "upn");
    }

    private void fetchAccountRecords(SharedPreferencesAccountCredentialCache sharedPreferencesAccountCredentialCache) {
        try {
            this.mAccountRecords = sharedPreferencesAccountCredentialCache.getAccounts();
        } catch (Exception e) {
            Logger.logException(509695971, "Exception thrown when trying to read accounts for TSL", e);
        }
    }

    private void fetchTokens(SharedPreferencesAccountCredentialCache sharedPreferencesAccountCredentialCache) {
        this.mFamilyRefreshTokenRecords.clear();
        this.mIdTokenRecords.clear();
        try {
            for (Credential credential : sharedPreferencesAccountCredentialCache.getCredentials()) {
                if (StringUtil.equalsIgnoreCaseTrimBoth(CredentialType.RefreshToken.name(), credential.getCredentialType()) && (credential instanceof RefreshTokenRecord)) {
                    RefreshTokenRecord refreshTokenRecord = (RefreshTokenRecord) credential;
                    if (!StringUtil.isNullOrEmpty(refreshTokenRecord.getFamilyId())) {
                        this.mFamilyRefreshTokenRecords.add(refreshTokenRecord);
                    }
                } else if (StringUtil.equalsIgnoreCaseTrimBoth(CredentialType.IdToken.name(), credential.getCredentialType())) {
                    this.mIdTokenRecords.add((IdTokenRecord) credential);
                }
            }
        } catch (Exception e) {
            Logger.logException(509696000, "Exception thrown when trying to read credentials for TSL", e);
        }
    }

    private List<AccountInfo> getAccountsFromRecords() {
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        for (com.microsoft.identity.common.java.dto.AccountRecord accountRecord : this.mAccountRecords) {
            RefreshTokenRecord familyRefreshTokenForAccount = getFamilyRefreshTokenForAccount(accountRecord.getHomeAccountId());
            if (familyRefreshTokenForAccount != null) {
                arrayList2.add(new AccountRecordInfo(accountRecord, new Date(Long.valueOf(familyRefreshTokenForAccount.getCachedAt()).longValue() * 1000)));
            }
        }
        if (arrayList2.size() > 0) {
            arrayList.addAll(CacheRecordParsingUtils.getListOfAccountInfo(arrayList2));
        }
        return arrayList;
    }

    private RefreshTokenRecord getFamilyRefreshTokenForAccount(String str) {
        for (RefreshTokenRecord refreshTokenRecord : this.mFamilyRefreshTokenRecords) {
            if (StringUtil.equalsIgnoreCaseTrimBoth(str, refreshTokenRecord.getHomeAccountId())) {
                return refreshTokenRecord;
            }
        }
        return null;
    }

    private String getHomeAccountIdForLocalAccountId(String str) {
        for (com.microsoft.identity.common.java.dto.AccountRecord accountRecord : this.mAccountRecords) {
            if (accountRecord.getLocalAccountId().equals(str)) {
                return accountRecord.getHomeAccountId();
            }
        }
        return null;
    }

    private IdTokenRecord getIdTokenForHomeAccountId(String str) {
        for (IdTokenRecord idTokenRecord : this.mIdTokenRecords) {
            if (StringUtil.equalsIgnoreCaseTrimBoth(str, idTokenRecord.getHomeAccountId())) {
                return idTokenRecord;
            }
        }
        return null;
    }

    private static boolean isFromHomeTenant(IdTokenRecord idTokenRecord) {
        String homeAccountId = idTokenRecord.getHomeAccountId();
        boolean z = false;
        try {
            String str = (String) IDToken.parseJWT(idTokenRecord.getSecret()).get("oid");
            if (str != null) {
                z = homeAccountId.contains(str);
            } else {
                Logger.logWarning(543765718, "OID claims was missing from token");
            }
        } catch (ServiceException unused) {
            Logger.logWarning(543765719, "Failed to parse IdToken");
        }
        return z;
    }

    private static String mintV1IdTokenFromRawV2IdToken(String str) throws ServiceException {
        Map<String, ?> parseJWT = IDToken.parseJWT(str);
        JWTClaimsSet.Builder builder = new JWTClaimsSet.Builder();
        for (Map.Entry<String, ?> entry : parseJWT.entrySet()) {
            String key = entry.getKey();
            Object value = entry.getValue();
            if ("ver".equals(key)) {
                value = "1";
            }
            builder.claim(remap(key), value);
        }
        return new PlainJWT(new PlainHeader(JOSEObjectType.JWT, null, null, null, null), builder.build()).serialize();
    }

    private static String remap(String str) {
        String str2 = sClaimRemapper.get(str);
        return str2 == null ? str : str2;
    }

    private void updateCacheIfNeeded() {
        long currentTimeMillis = System.currentTimeMillis();
        if (currentTimeMillis - this.lastChecked < this.mCacheTimeout) {
            return;
        }
        this.lastChecked = currentTimeMillis;
        if (this.mSharedPreferencesFileManager == null) {
            return;
        }
        try {
            SharedPreferencesAccountCredentialCache sharedPreferencesAccountCredentialCache = new SharedPreferencesAccountCredentialCache(new CacheKeyValueDelegate(), this.mSharedPreferencesFileManager);
            fetchTokens(sharedPreferencesAccountCredentialCache);
            fetchAccountRecords(sharedPreferencesAccountCredentialCache);
        } catch (Exception e) {
            Logger.logException(509641422, "Exception thrown when trying to create update cache", e);
        }
    }

    @Override // android.os.IInterface
    public IBinder asBinder() {
        return null;
    }

    @Override // com.microsoft.tokenshare.ITokenProvider
    public List<AccountInfo> getAccounts() {
        updateCacheIfNeeded();
        return getAccountsFromRecords();
    }

    public String getSharedDeviceId() {
        return null;
    }

    @Override // com.microsoft.tokenshare.ITokenProvider
    public RefreshToken getToken(AccountInfo accountInfo) throws RemoteException {
        IdTokenRecord idTokenForHomeAccountId;
        updateCacheIfNeeded();
        String accountId = accountInfo.getAccountId();
        AccountInfo.AccountType accountType = accountInfo.getAccountType();
        AccountInfo.AccountType accountType2 = AccountInfo.AccountType.MSA;
        if (accountType == accountType2) {
            accountId = CacheRecordParsingUtils.convertCidToGuidString(accountId);
        }
        String homeAccountIdForLocalAccountId = getHomeAccountIdForLocalAccountId(accountId);
        if (homeAccountIdForLocalAccountId == null) {
            Logger.logInfo(554562334, "Could not find account in cache");
            return null;
        }
        RefreshTokenRecord familyRefreshTokenForAccount = getFamilyRefreshTokenForAccount(homeAccountIdForLocalAccountId);
        if (familyRefreshTokenForAccount == null) {
            Logger.logInfo(539849605, "Found account in cache, but refreshTokenRecord null");
            return null;
        }
        if (accountInfo.getAccountType() == accountType2) {
            return new RefreshToken(familyRefreshTokenForAccount.getSecret(), familyRefreshTokenForAccount.getClientId());
        }
        if (accountInfo.getAccountType() != AccountInfo.AccountType.ORGID || (idTokenForHomeAccountId = getIdTokenForHomeAccountId(homeAccountIdForLocalAccountId)) == null) {
            return null;
        }
        try {
            return new RefreshToken(SSOStateSerializer.serialize(adapt(idTokenForHomeAccountId, familyRefreshTokenForAccount)), "SSO_STATE_SERIALIZER_BLOB");
        } catch (JsonParseException e) {
            Logger.logException(529391765, "JsonParseException while serializing token", e);
            return null;
        } catch (ServiceException e2) {
            Logger.logException(529391764, "ServiceException while serializing token", e2);
            return null;
        } catch (NullPointerException e3) {
            Logger.logException(529391766, "NullPointerException while serializing token", e3);
            return null;
        } catch (Exception e4) {
            Logger.logException(529391767, "Generic Exception while serializing token", e4);
            return null;
        }
    }
}
