package com.microsoft.authentication.internal.tokenshare;

import android.content.Context;
import android.os.IBinder;
import android.os.RemoteException;
import com.google.gson.JsonParseException;
import com.microsoft.authentication.internal.Logger;
import com.microsoft.authentication.internal.OneAuthAndroidUtils;
import com.microsoft.identity.common.AndroidPlatformComponents;
import com.microsoft.identity.common.adal.internal.cache.ADALTokenCacheItem;
import com.microsoft.identity.common.adal.internal.tokensharing.ITokenShareResultInternal;
import com.microsoft.identity.common.adal.tokensharing.SSOStateSerializer;
import com.microsoft.identity.common.java.cache.CacheKeyValueDelegate;
import com.microsoft.identity.common.java.cache.SharedPreferencesAccountCredentialCache;
import com.microsoft.identity.common.java.dto.Credential;
import com.microsoft.identity.common.java.dto.CredentialType;
import com.microsoft.identity.common.java.dto.IdTokenRecord;
import com.microsoft.identity.common.java.dto.RefreshTokenRecord;
import com.microsoft.identity.common.java.exception.ServiceException;
import com.microsoft.identity.common.java.interfaces.INameValueStorage;
import com.microsoft.identity.common.java.providers.oauth2.IDToken;
import com.microsoft.identity.common.java.util.StringUtil;
import com.microsoft.tokenshare.AccountInfo;
import com.microsoft.tokenshare.e;
import com.nimbusds.jose.j;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import st.c;

/* loaded from: classes3.dex */
public class MsalTokenProvider implements e {
    public static final String MSA_REALM = "9188040d-6c67-4c5b-b112-36a304b66dad";
    private static final int TTL_CREDS_MS = 10000;
    private static final Map<String, String> sClaimRemapper = new HashMap();
    private long lastChecked;
    private List<com.microsoft.identity.common.java.dto.AccountRecord> mAccountRecords;
    private final int mCacheTimeout;
    private List<RefreshTokenRecord> mFamilyRefreshTokenRecords;
    private List<IdTokenRecord> mIdTokenRecords;
    private INameValueStorage<String> mSharedPreferencesFileManager;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes3.dex */
    public class CacheResult {
        private final List<com.microsoft.identity.common.java.dto.AccountRecord> accountRecords;
        private final List<RefreshTokenRecord> familyRefreshTokenRecords;
        private final List<IdTokenRecord> idTokenRecords;

        public CacheResult(List<com.microsoft.identity.common.java.dto.AccountRecord> list, List<RefreshTokenRecord> list2, List<IdTokenRecord> list3) {
            this.accountRecords = list;
            this.familyRefreshTokenRecords = list2;
            this.idTokenRecords = list3;
        }

        public List<com.microsoft.identity.common.java.dto.AccountRecord> getAccountRecords() {
            return this.accountRecords;
        }

        public List<RefreshTokenRecord> getFamilyRefreshTokenRecords() {
            return this.familyRefreshTokenRecords;
        }

        public List<IdTokenRecord> getIdTokenRecords() {
            return this.idTokenRecords;
        }
    }

    static {
        applyV1ToV2Mappings();
    }

    public MsalTokenProvider(Context context) {
        this(context, TTL_CREDS_MS);
    }

    public MsalTokenProvider(Context context, int i10) {
        this.lastChecked = 0L;
        try {
            AndroidPlatformComponents createFromContext = AndroidPlatformComponents.createFromContext(context);
            this.mSharedPreferencesFileManager = createFromContext.getEncryptedNameValueStore(SharedPreferencesAccountCredentialCache.DEFAULT_ACCOUNT_CREDENTIAL_SHARED_PREFERENCES, createFromContext.getStorageEncryptionManager(), String.class);
        } catch (Exception e10) {
            Logger.logException(509696001, "Exception thrown while initializing token provider", e10);
            this.mSharedPreferencesFileManager = null;
        }
        this.mCacheTimeout = i10;
        this.mFamilyRefreshTokenRecords = new ArrayList();
        this.mIdTokenRecords = new ArrayList();
        this.mAccountRecords = new ArrayList();
    }

    private static ADALTokenCacheItem adapt(IdTokenRecord idTokenRecord, RefreshTokenRecord refreshTokenRecord) throws ServiceException {
        ADALTokenCacheItem aDALTokenCacheItem = new ADALTokenCacheItem();
        aDALTokenCacheItem.setClientId(refreshTokenRecord.getClientId());
        aDALTokenCacheItem.setRefreshToken(refreshTokenRecord.getSecret());
        aDALTokenCacheItem.setRawIdToken(mintV1IdTokenFromRawV2IdToken(idTokenRecord.getSecret()));
        aDALTokenCacheItem.setFamilyClientId(refreshTokenRecord.getFamilyId());
        aDALTokenCacheItem.setAuthority(isFromHomeTenant(idTokenRecord) ? OneAuthAndroidUtils.getTslAuthorityForEnvironment(refreshTokenRecord.getEnvironment()) : idTokenRecord.getAuthority());
        return aDALTokenCacheItem;
    }

    private static void applyV1ToV2Mappings() {
        sClaimRemapper.put("preferred_username", "upn");
    }

    private void fetchAccountRecords(SharedPreferencesAccountCredentialCache sharedPreferencesAccountCredentialCache) {
        try {
            this.mAccountRecords = sharedPreferencesAccountCredentialCache.getAccounts();
        } catch (Exception e10) {
            Logger.logException(509695971, "Exception thrown when trying to read accounts for TSL", e10);
        }
    }

    private void fetchTokens(SharedPreferencesAccountCredentialCache sharedPreferencesAccountCredentialCache) {
        this.mFamilyRefreshTokenRecords = new ArrayList();
        this.mIdTokenRecords = new ArrayList();
        try {
            for (Credential credential : sharedPreferencesAccountCredentialCache.getCredentials()) {
                if (StringUtil.equalsIgnoreCaseTrimBoth(CredentialType.RefreshToken.name(), credential.getCredentialType()) && (credential instanceof RefreshTokenRecord)) {
                    RefreshTokenRecord refreshTokenRecord = (RefreshTokenRecord) credential;
                    if (!StringUtil.isNullOrEmpty(refreshTokenRecord.getFamilyId())) {
                        this.mFamilyRefreshTokenRecords.add(refreshTokenRecord);
                    }
                } else if (StringUtil.equalsIgnoreCaseTrimBoth(CredentialType.IdToken.name(), credential.getCredentialType())) {
                    this.mIdTokenRecords.add((IdTokenRecord) credential);
                }
            }
        } catch (Exception e10) {
            Logger.logException(509696000, "Exception thrown when trying to read credentials for TSL", e10);
        }
    }

    private static List<AccountInfo> getAccountsFromRecords(List<com.microsoft.identity.common.java.dto.AccountRecord> list, List<RefreshTokenRecord> list2) {
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        for (com.microsoft.identity.common.java.dto.AccountRecord accountRecord : list) {
            RefreshTokenRecord familyRefreshTokenForAccount = getFamilyRefreshTokenForAccount(accountRecord.getHomeAccountId(), list2);
            if (familyRefreshTokenForAccount != null) {
                arrayList2.add(new AccountRecordInfo(accountRecord, new Date(Long.valueOf(familyRefreshTokenForAccount.getCachedAt()).longValue() * 1000)));
            }
        }
        if (arrayList2.size() > 0) {
            arrayList.addAll(CacheRecordParsingUtils.getListOfAccountInfo(arrayList2));
        }
        return arrayList;
    }

    private static RefreshTokenRecord getFamilyRefreshTokenForAccount(String str, List<RefreshTokenRecord> list) {
        for (RefreshTokenRecord refreshTokenRecord : list) {
            if (StringUtil.equalsIgnoreCaseTrimBoth(str, refreshTokenRecord.getHomeAccountId())) {
                return refreshTokenRecord;
            }
        }
        return null;
    }

    private static String getHomeAccountIdForLocalAccountId(String str, List<com.microsoft.identity.common.java.dto.AccountRecord> list) {
        for (com.microsoft.identity.common.java.dto.AccountRecord accountRecord : list) {
            if (accountRecord.getLocalAccountId().equals(str)) {
                return accountRecord.getHomeAccountId();
            }
        }
        return null;
    }

    private static IdTokenRecord getIdTokenForHomeAccountId(String str, List<IdTokenRecord> list) {
        for (IdTokenRecord idTokenRecord : list) {
            if (StringUtil.equalsIgnoreCaseTrimBoth(str, idTokenRecord.getHomeAccountId())) {
                return idTokenRecord;
            }
        }
        return null;
    }

    private static boolean isFromHomeTenant(IdTokenRecord idTokenRecord) {
        String homeAccountId = idTokenRecord.getHomeAccountId();
        boolean z10 = false;
        try {
            String str = (String) IDToken.parseJWT(idTokenRecord.getSecret()).get("oid");
            if (str != null) {
                z10 = homeAccountId.contains(str);
            } else {
                Logger.logWarning(543765718, "OID claims was missing from token");
            }
        } catch (ServiceException unused) {
            Logger.logWarning(543765719, "Failed to parse IdToken");
        }
        return z10;
    }

    private static String mintV1IdTokenFromRawV2IdToken(String str) throws ServiceException {
        Map<String, ?> parseJWT = IDToken.parseJWT(str);
        c.b bVar = new c.b();
        for (Map.Entry<String, ?> entry : parseJWT.entrySet()) {
            String key = entry.getKey();
            Object value = entry.getValue();
            if ("ver".equals(key)) {
                value = "1";
            }
            bVar.d(remap(key), value);
        }
        return new st.e(new j(ht.e.f32638f, null, null, null, null), bVar.c()).serialize();
    }

    private static String remap(String str) {
        String str2 = sClaimRemapper.get(str);
        return str2 == null ? str : str2;
    }

    private CacheResult updateCacheIfNeeded() {
        synchronized (this) {
            long currentTimeMillis = System.currentTimeMillis();
            if (currentTimeMillis - this.lastChecked < this.mCacheTimeout || this.mSharedPreferencesFileManager == null) {
                return new CacheResult(this.mAccountRecords, this.mFamilyRefreshTokenRecords, this.mIdTokenRecords);
            }
            try {
                SharedPreferencesAccountCredentialCache sharedPreferencesAccountCredentialCache = new SharedPreferencesAccountCredentialCache(new CacheKeyValueDelegate(), this.mSharedPreferencesFileManager);
                fetchTokens(sharedPreferencesAccountCredentialCache);
                fetchAccountRecords(sharedPreferencesAccountCredentialCache);
            } catch (Exception e10) {
                Logger.logException(509641422, "Exception thrown when trying to create update cache", e10);
            }
            this.lastChecked = currentTimeMillis;
            return new CacheResult(this.mAccountRecords, this.mFamilyRefreshTokenRecords, this.mIdTokenRecords);
        }
    }

    @Override // android.os.IInterface
    public IBinder asBinder() {
        return null;
    }

    @Override // com.microsoft.tokenshare.e
    public List<AccountInfo> getAccounts() {
        CacheResult updateCacheIfNeeded = updateCacheIfNeeded();
        return getAccountsFromRecords(updateCacheIfNeeded.getAccountRecords(), updateCacheIfNeeded.getFamilyRefreshTokenRecords());
    }

    @Override // com.microsoft.tokenshare.e
    public String getSharedDeviceId() {
        return null;
    }

    @Override // com.microsoft.tokenshare.e
    public com.microsoft.tokenshare.j getToken(AccountInfo accountInfo) throws RemoteException {
        IdTokenRecord idTokenForHomeAccountId;
        CacheResult updateCacheIfNeeded = updateCacheIfNeeded();
        String accountId = accountInfo.getAccountId();
        AccountInfo.AccountType accountType = accountInfo.getAccountType();
        AccountInfo.AccountType accountType2 = AccountInfo.AccountType.MSA;
        if (accountType == accountType2) {
            accountId = CacheRecordParsingUtils.convertCidToGuidString(accountId);
        }
        String homeAccountIdForLocalAccountId = getHomeAccountIdForLocalAccountId(accountId, updateCacheIfNeeded.getAccountRecords());
        if (homeAccountIdForLocalAccountId == null) {
            Logger.logInfo(554562334, "Could not find account in cache");
            return null;
        }
        RefreshTokenRecord familyRefreshTokenForAccount = getFamilyRefreshTokenForAccount(homeAccountIdForLocalAccountId, updateCacheIfNeeded.getFamilyRefreshTokenRecords());
        if (familyRefreshTokenForAccount == null) {
            Logger.logInfo(539849605, "Found account in cache, but refreshTokenRecord null");
            return null;
        }
        if (accountInfo.getAccountType() == accountType2) {
            return new com.microsoft.tokenshare.j(familyRefreshTokenForAccount.getSecret(), familyRefreshTokenForAccount.getClientId());
        }
        if (accountInfo.getAccountType() != AccountInfo.AccountType.ORGID || (idTokenForHomeAccountId = getIdTokenForHomeAccountId(homeAccountIdForLocalAccountId, updateCacheIfNeeded.getIdTokenRecords())) == null) {
            return null;
        }
        try {
            return new com.microsoft.tokenshare.j(SSOStateSerializer.serialize(adapt(idTokenForHomeAccountId, familyRefreshTokenForAccount)), ITokenShareResultInternal.TokenShareExportFormatInternal.SSO_STATE_SERIALIZER_BLOB);
        } catch (JsonParseException e10) {
            Logger.logException(529391765, "JsonParseException while serializing token", e10);
            return null;
        } catch (ServiceException e11) {
            Logger.logException(529391764, "ServiceException while serializing token", e11);
            return null;
        } catch (NullPointerException e12) {
            Logger.logException(529391766, "NullPointerException while serializing token", e12);
            return null;
        } catch (Exception e13) {
            Logger.logException(529391767, "Generic Exception while serializing token", e13);
            return null;
        }
    }
}
