package com.microsoft.aad.adal;

import android.net.Uri;
import android.os.Build;
import android.text.TextUtils;
import android.util.Base64;
import com.microsoft.aad.adal.AuthenticationConstants;
import com.org.jose4j.jwk.RsaJsonWebKey;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.SocketTimeoutException;
import java.net.URL;
import java.net.URLEncoder;
import java.util.GregorianCalendar;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.UUID;
import org.apache.cordova.com.ru.andremoniy.sqlbuilder.SqlExpression;
import org.json.JSONException;
import org.json.JSONObject;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes2.dex */
public class Oauth2 {
    private static final String DEFAULT_AUTHORIZE_ENDPOINT = "/oauth2/authorize";
    private static final String DEFAULT_TOKEN_ENDPOINT = "/oauth2/token";
    private static final int DELAY_TIME_PERIOD = 1000;
    private static final String TAG = "Oauth";
    private IJWSBuilder mJWSBuilder;
    private AuthenticationRequest mRequest;
    private boolean mRetryOnce;
    private IWebRequestHandler mWebRequestHandler;

    public Oauth2(AuthenticationRequest authenticationRequest) {
        new JWSBuilder();
        this.mRetryOnce = true;
        this.mRequest = authenticationRequest;
        this.mWebRequestHandler = null;
        this.mJWSBuilder = null;
    }

    public Oauth2(AuthenticationRequest authenticationRequest, IWebRequestHandler iWebRequestHandler) {
        new JWSBuilder();
        this.mRetryOnce = true;
        this.mRequest = authenticationRequest;
        this.mWebRequestHandler = iWebRequestHandler;
        this.mJWSBuilder = null;
    }

    public Oauth2(AuthenticationRequest authenticationRequest, IWebRequestHandler iWebRequestHandler, IJWSBuilder iJWSBuilder) {
        new JWSBuilder();
        this.mRetryOnce = true;
        this.mRequest = authenticationRequest;
        this.mWebRequestHandler = iWebRequestHandler;
        this.mJWSBuilder = iJWSBuilder;
    }

    public static String decodeProtocolState(String str) throws UnsupportedEncodingException {
        if (StringExtensions.isNullOrBlank(str)) {
            return null;
        }
        return new String(Base64.decode(str, 9), "UTF-8");
    }

    private static void extractJsonObjects(Map<String, String> map, String str) throws JSONException {
        JSONObject jSONObject = new JSONObject(str);
        Iterator<String> keys = jSONObject.keys();
        while (keys.hasNext()) {
            String next = keys.next();
            map.put(next, jSONObject.getString(next));
        }
    }

    private Map<String, String> getRequestHeaders() {
        HashMap hashMap = new HashMap();
        hashMap.put("Accept", "application/json");
        return hashMap;
    }

    private AuthenticationResult parseJsonResponse(String str) throws JSONException, AuthenticationException {
        HashMap hashMap = new HashMap();
        extractJsonObjects(hashMap, str);
        return processUIResponseParams(hashMap);
    }

    private AuthenticationResult postMessage(String str, Map<String, String> map) throws IOException, AuthenticationException {
        AuthenticationResult authenticationResult;
        String body;
        URL url = StringExtensions.getUrl(getTokenEndpoint());
        if (url == null) {
            throw new AuthenticationException(ADALError.DEVELOPER_AUTHORITY_IS_NOT_VALID_URL);
        }
        try {
            try {
                try {
                    this.mWebRequestHandler.setRequestCorrelationId(this.mRequest.getCorrelationId());
                    ClientMetrics clientMetrics = ClientMetrics.INSTANCE;
                    clientMetrics.beginClientMetricsRecord(url, this.mRequest.getCorrelationId(), map);
                    HttpWebResponse sendPost = this.mWebRequestHandler.sendPost(url, map, str.getBytes("UTF_8"), "application/x-www-form-urlencoded");
                    if (sendPost.getStatusCode() == 401) {
                        if (sendPost.getResponseHeaders() == null || !sendPost.getResponseHeaders().containsKey("WWW-Authenticate")) {
                            Logger.v(TAG, "401 http status code is returned without authorization header");
                        } else {
                            String str2 = sendPost.getResponseHeaders().get("WWW-Authenticate").get(0);
                            Logger.v(TAG, "Device certificate challenge request:" + str2);
                            if (StringExtensions.isNullOrBlank(str2)) {
                                throw new AuthenticationException(ADALError.DEVICE_CERTIFICATE_REQUEST_INVALID, "Challenge header is empty");
                            }
                            if (StringExtensions.hasPrefixInHeader(str2, AuthenticationConstants.Broker.CHALLENGE_RESPONSE_TYPE)) {
                                Logger.v(TAG, "Received pkeyAuth device challenge.");
                                ChallengeResponseBuilder challengeResponseBuilder = new ChallengeResponseBuilder(this.mJWSBuilder);
                                Logger.v(TAG, "Processing device challenge");
                                map.put("Authorization", challengeResponseBuilder.getChallengeResponseFromHeader(str2, url.toString()).getAuthorizationHeaderValue());
                                Logger.v(TAG, "Sending request with challenge response");
                                sendPost = this.mWebRequestHandler.sendPost(url, map, str.getBytes("UTF_8"), "application/x-www-form-urlencoded");
                            }
                        }
                    }
                    boolean isEmpty = TextUtils.isEmpty(sendPost.getBody());
                    if (isEmpty) {
                        authenticationResult = null;
                    } else {
                        Logger.v(TAG, "Token request does not have exception");
                        try {
                            authenticationResult = processTokenResponse(sendPost);
                            clientMetrics.setLastError(null);
                        } catch (ServerRespondingWithRetryableException e) {
                            AuthenticationResult retry = retry(str, map);
                            if (retry != null) {
                                ClientMetrics.INSTANCE.endClientMetricsRecord(ClientMetricsEndpointType.TOKEN, this.mRequest.getCorrelationId());
                                return retry;
                            }
                            if (this.mRequest.getIsExtendedLifetimeEnabled()) {
                                Logger.v(TAG, "WebResponse is not a success due to: " + sendPost.getStatusCode());
                                throw e;
                            }
                            Logger.v(TAG, "WebResponse is not a success due to: " + sendPost.getStatusCode());
                            throw new AuthenticationException(ADALError.SERVER_ERROR, "WebResponse is not a success due to: " + sendPost.getStatusCode());
                        }
                    }
                    if (authenticationResult != null) {
                        clientMetrics.setLastErrorCodes(authenticationResult.getErrorCodes());
                        clientMetrics.endClientMetricsRecord(ClientMetricsEndpointType.TOKEN, this.mRequest.getCorrelationId());
                        return authenticationResult;
                    }
                    if (isEmpty) {
                        body = "Status code:" + sendPost.getStatusCode();
                    } else {
                        body = sendPost.getBody();
                    }
                    ADALError aDALError = ADALError.SERVER_ERROR;
                    Logger.e(TAG, "Server error message", body, aDALError);
                    throw new AuthenticationException(aDALError, body);
                } catch (Throwable th) {
                    ClientMetrics.INSTANCE.endClientMetricsRecord(ClientMetricsEndpointType.TOKEN, this.mRequest.getCorrelationId());
                    throw th;
                }
            } catch (UnsupportedEncodingException e2) {
                ClientMetrics.INSTANCE.setLastError(null);
                Logger.e(TAG, e2.getMessage(), "", ADALError.ENCODING_IS_NOT_SUPPORTED, e2);
                throw e2;
            }
        } catch (SocketTimeoutException e3) {
            AuthenticationResult retry2 = retry(str, map);
            if (retry2 != null) {
                ClientMetrics.INSTANCE.endClientMetricsRecord(ClientMetricsEndpointType.TOKEN, this.mRequest.getCorrelationId());
                return retry2;
            }
            ClientMetrics.INSTANCE.setLastError(null);
            if (this.mRequest.getIsExtendedLifetimeEnabled()) {
                Logger.e(TAG, e3.getMessage(), "", ADALError.SERVER_ERROR, e3);
                throw new ServerRespondingWithRetryableException(e3.getMessage(), e3);
            }
            Logger.e(TAG, e3.getMessage(), "", ADALError.SERVER_ERROR, e3);
            throw e3;
        } catch (IOException e4) {
            ClientMetrics.INSTANCE.setLastError(null);
            Logger.e(TAG, e4.getMessage(), "", ADALError.SERVER_ERROR, e4);
            throw e4;
        }
    }

    private AuthenticationResult processTokenResponse(HttpWebResponse httpWebResponse) throws AuthenticationException {
        List<String> list;
        String str = (httpWebResponse.getResponseHeaders() == null || !httpWebResponse.getResponseHeaders().containsKey(AuthenticationConstants.AAD.CLIENT_REQUEST_ID) || (list = httpWebResponse.getResponseHeaders().get(AuthenticationConstants.AAD.CLIENT_REQUEST_ID)) == null || list.size() <= 0) ? null : list.get(0);
        int statusCode = httpWebResponse.getStatusCode();
        if (statusCode != 200) {
            if (statusCode != 500) {
                if (statusCode != 400 && statusCode != 401) {
                    if (statusCode != 503 && statusCode != 504) {
                        throw new AuthenticationException(ADALError.SERVER_ERROR, "Unexpected server response " + httpWebResponse.getBody());
                    }
                }
            }
            throw new ServerRespondingWithRetryableException("Unexpected server response " + httpWebResponse.getBody());
        }
        try {
            AuthenticationResult parseJsonResponse = parseJsonResponse(httpWebResponse.getBody());
            if (str != null && !str.isEmpty()) {
                try {
                    if (!UUID.fromString(str).equals(this.mRequest.getCorrelationId())) {
                        Logger.w(TAG, "CorrelationId is not matching", "", ADALError.CORRELATION_ID_NOT_MATCHING_REQUEST_RESPONSE);
                    }
                    Logger.v(TAG, "Response correlationId:" + str);
                } catch (IllegalArgumentException e) {
                    Logger.e(TAG, "Wrong format of the correlation ID:" + str, "", ADALError.CORRELATION_ID_FORMAT, e);
                }
            }
            return parseJsonResponse;
        } catch (JSONException e2) {
            throw new AuthenticationException(ADALError.SERVER_INVALID_JSON_RESPONSE, "Can't parse server response " + httpWebResponse.getBody(), e2);
        }
    }

    public static AuthenticationResult processUIResponseParams(Map<String, String> map) throws AuthenticationException {
        UserInfo userInfo;
        String str;
        String str2;
        if (map.containsKey("error")) {
            String str3 = map.get(AuthenticationConstants.AAD.CORRELATION_ID);
            if (!StringExtensions.isNullOrBlank(str3)) {
                try {
                    Logger.setCorrelationId(UUID.fromString(str3));
                } catch (IllegalArgumentException unused) {
                    Logger.e(TAG, "CorrelationId is malformed: " + str3, "", ADALError.CORRELATION_ID_FORMAT);
                }
            }
            Logger.v(TAG, "OAuth2 error:" + map.get("error") + " Description:" + map.get(AuthenticationConstants.OAuth2.ERROR_DESCRIPTION));
            return new AuthenticationResult(map.get("error"), map.get(AuthenticationConstants.OAuth2.ERROR_DESCRIPTION), map.get(AuthenticationConstants.OAuth2.ERROR_CODES));
        }
        if (map.containsKey(AuthenticationConstants.OAuth2.CODE)) {
            return new AuthenticationResult(map.get(AuthenticationConstants.OAuth2.CODE));
        }
        if (!map.containsKey(AuthenticationConstants.OAuth2.ACCESS_TOKEN)) {
            return null;
        }
        String str4 = map.get(AuthenticationConstants.OAuth2.EXPIRES_IN);
        GregorianCalendar gregorianCalendar = new GregorianCalendar();
        int i = AuthenticationConstants.DEFAULT_EXPIRATION_TIME_SEC;
        gregorianCalendar.add(13, (str4 == null || str4.isEmpty()) ? 3600 : Integer.parseInt(str4));
        String str5 = map.get(AuthenticationConstants.OAuth2.REFRESH_TOKEN);
        boolean z = map.containsKey(AuthenticationConstants.AAD.RESOURCE) && !StringExtensions.isNullOrBlank(str5);
        if (map.containsKey("id_token")) {
            String str6 = map.get("id_token");
            if (StringExtensions.isNullOrBlank(str6)) {
                Logger.v(TAG, "IdToken was not returned from token request.");
                str2 = str6;
                userInfo = null;
                str = null;
            } else {
                Logger.v(TAG, "Id token was returned, parsing id token.");
                IdToken idToken = new IdToken(str6);
                str2 = str6;
                str = idToken.getTenantId();
                userInfo = new UserInfo(idToken);
            }
        } else {
            userInfo = null;
            str = null;
            str2 = null;
        }
        String str7 = map.containsKey("foci") ? map.get("foci") : null;
        AuthenticationResult authenticationResult = new AuthenticationResult(map.get(AuthenticationConstants.OAuth2.ACCESS_TOKEN), str5, gregorianCalendar.getTime(), z, userInfo, str, str2, null);
        if (map.containsKey("ext_expires_in")) {
            String str8 = map.get("ext_expires_in");
            GregorianCalendar gregorianCalendar2 = new GregorianCalendar();
            if (!StringExtensions.isNullOrBlank(str8)) {
                i = Integer.parseInt(str8);
            }
            gregorianCalendar2.add(13, i);
            authenticationResult.setExtendedExpiresOn(gregorianCalendar2.getTime());
        }
        authenticationResult.setFamilyClientId(str7);
        return authenticationResult;
    }

    private AuthenticationResult retry(String str, Map<String, String> map) throws IOException, AuthenticationException {
        if (!this.mRetryOnce) {
            return null;
        }
        this.mRetryOnce = false;
        try {
            Thread.sleep(1000L);
        } catch (InterruptedException e) {
            Logger.v(TAG, "The thread is interrupted while it is sleeping. " + e);
        }
        Logger.v(TAG, "Try again...");
        return postMessage(str, map);
    }

    public String buildRefreshTokenRequestMessage(String str) throws UnsupportedEncodingException {
        Logger.v(TAG, "Building request message for redeeming token with refresh token.");
        String format = String.format("%s=%s&%s=%s&%s=%s", AuthenticationConstants.OAuth2.GRANT_TYPE, StringExtensions.urlFormEncode(AuthenticationConstants.OAuth2.REFRESH_TOKEN), AuthenticationConstants.OAuth2.REFRESH_TOKEN, StringExtensions.urlFormEncode(str), AuthenticationConstants.OAuth2.CLIENT_ID, StringExtensions.urlFormEncode(this.mRequest.getClientId()));
        return !StringExtensions.isNullOrBlank(this.mRequest.getResource()) ? String.format("%s&%s=%s", format, AuthenticationConstants.AAD.RESOURCE, StringExtensions.urlFormEncode(this.mRequest.getResource())) : format;
    }

    public String buildTokenRequestMessage(String str) throws UnsupportedEncodingException {
        Logger.v(TAG, "Building request message for redeeming token with auth code.");
        return String.format("%s=%s&%s=%s&%s=%s&%s=%s", AuthenticationConstants.OAuth2.GRANT_TYPE, StringExtensions.urlFormEncode(AuthenticationConstants.OAuth2.AUTHORIZATION_CODE), AuthenticationConstants.OAuth2.CODE, StringExtensions.urlFormEncode(str), AuthenticationConstants.OAuth2.CLIENT_ID, StringExtensions.urlFormEncode(this.mRequest.getClientId()), AuthenticationConstants.OAuth2.REDIRECT_URI, StringExtensions.urlFormEncode(this.mRequest.getRedirectUri()));
    }

    public String encodeProtocolState() throws UnsupportedEncodingException {
        return Base64.encodeToString(String.format("a=%s&r=%s", this.mRequest.getAuthority(), this.mRequest.getResource()).getBytes("UTF-8"), 9);
    }

    public String getAuthorizationEndpoint() {
        return this.mRequest.getAuthority() + DEFAULT_AUTHORIZE_ENDPOINT;
    }

    public String getAuthorizationEndpointQueryParameters() throws UnsupportedEncodingException {
        Uri.Builder builder = new Uri.Builder();
        builder.appendQueryParameter(AuthenticationConstants.OAuth2.RESPONSE_TYPE, AuthenticationConstants.OAuth2.CODE).appendQueryParameter(AuthenticationConstants.OAuth2.CLIENT_ID, URLEncoder.encode(this.mRequest.getClientId(), "UTF_8")).appendQueryParameter(AuthenticationConstants.AAD.RESOURCE, URLEncoder.encode(this.mRequest.getResource(), "UTF_8")).appendQueryParameter(AuthenticationConstants.OAuth2.REDIRECT_URI, URLEncoder.encode(this.mRequest.getRedirectUri(), "UTF_8")).appendQueryParameter(AuthenticationConstants.OAuth2.STATE, encodeProtocolState());
        if (!StringExtensions.isNullOrBlank(this.mRequest.getLoginHint())) {
            builder.appendQueryParameter(AuthenticationConstants.AAD.LOGIN_HINT, URLEncoder.encode(this.mRequest.getLoginHint(), "UTF_8"));
        }
        builder.appendQueryParameter(AuthenticationConstants.AAD.ADAL_ID_PLATFORM, AuthenticationConstants.AAD.ADAL_ID_PLATFORM_VALUE).appendQueryParameter(AuthenticationConstants.AAD.ADAL_ID_VERSION, URLEncoder.encode(AuthenticationContext.getVersionName(), "UTF_8")).appendQueryParameter(AuthenticationConstants.AAD.ADAL_ID_OS_VER, URLEncoder.encode(String.valueOf(Build.VERSION.SDK_INT), "UTF_8")).appendQueryParameter(AuthenticationConstants.AAD.ADAL_ID_DM, URLEncoder.encode(Build.MODEL, "UTF_8"));
        if (this.mRequest.getCorrelationId() != null) {
            builder.appendQueryParameter(AuthenticationConstants.AAD.CLIENT_REQUEST_ID, URLEncoder.encode(this.mRequest.getCorrelationId().toString(), "UTF_8"));
        }
        if (this.mRequest.getPrompt() == PromptBehavior.Always) {
            builder.appendQueryParameter(AuthenticationConstants.AAD.QUERY_PROMPT, URLEncoder.encode(AuthenticationConstants.AAD.QUERY_PROMPT_VALUE, "UTF_8"));
        } else if (this.mRequest.getPrompt() == PromptBehavior.REFRESH_SESSION) {
            builder.appendQueryParameter(AuthenticationConstants.AAD.QUERY_PROMPT, URLEncoder.encode(AuthenticationConstants.AAD.QUERY_PROMPT_REFRESH_SESSION_VALUE, "UTF_8"));
        }
        String extraQueryParamsAuthentication = this.mRequest.getExtraQueryParamsAuthentication();
        if (StringExtensions.isNullOrBlank(extraQueryParamsAuthentication) || !extraQueryParamsAuthentication.contains("haschrome")) {
            builder.appendQueryParameter("haschrome", AuthenticationConstants.MS_FAMILY_ID);
        }
        String query = builder.build().getQuery();
        if (StringExtensions.isNullOrBlank(extraQueryParamsAuthentication)) {
            return query;
        }
        if (!extraQueryParamsAuthentication.startsWith(SqlExpression.SqlOperatorBitwiseAnd)) {
            extraQueryParamsAuthentication = SqlExpression.SqlOperatorBitwiseAnd + extraQueryParamsAuthentication;
        }
        return query + extraQueryParamsAuthentication;
    }

    public String getCodeRequestUrl() throws UnsupportedEncodingException {
        return String.format("%s?%s", getAuthorizationEndpoint(), getAuthorizationEndpointQueryParameters());
    }

    public AuthenticationResult getToken(String str) throws IOException, AuthenticationException {
        if (StringExtensions.isNullOrBlank(str)) {
            throw new IllegalArgumentException("authorizationUrl");
        }
        HashMap<String, String> urlParameters = StringExtensions.getUrlParameters(str);
        String decodeProtocolState = decodeProtocolState(urlParameters.get(AuthenticationConstants.OAuth2.STATE));
        if (StringExtensions.isNullOrBlank(decodeProtocolState)) {
            throw new AuthenticationException(ADALError.AUTH_FAILED_NO_STATE);
        }
        Uri parse = Uri.parse("http://state/path?" + decodeProtocolState);
        String queryParameter = parse.getQueryParameter("a");
        String queryParameter2 = parse.getQueryParameter(RsaJsonWebKey.PRIME_FACTOR_OTHER_MEMBER_NAME);
        if (StringExtensions.isNullOrBlank(queryParameter) || StringExtensions.isNullOrBlank(queryParameter2) || !queryParameter2.equalsIgnoreCase(this.mRequest.getResource())) {
            throw new AuthenticationException(ADALError.AUTH_FAILED_BAD_STATE);
        }
        AuthenticationResult processUIResponseParams = processUIResponseParams(urlParameters);
        return (processUIResponseParams == null || processUIResponseParams.getCode() == null || processUIResponseParams.getCode().isEmpty()) ? processUIResponseParams : getTokenForCode(processUIResponseParams.getCode());
    }

    public String getTokenEndpoint() {
        return this.mRequest.getAuthority() + DEFAULT_TOKEN_ENDPOINT;
    }

    public AuthenticationResult getTokenForCode(String str) throws IOException, AuthenticationException {
        if (this.mWebRequestHandler == null) {
            throw new IllegalArgumentException("webRequestHandler");
        }
        try {
            String buildTokenRequestMessage = buildTokenRequestMessage(str);
            Map<String, String> requestHeaders = getRequestHeaders();
            Logger.v(TAG, "Sending request to redeem token with auth code.");
            return postMessage(buildTokenRequestMessage, requestHeaders);
        } catch (UnsupportedEncodingException e) {
            Logger.e(TAG, e.getMessage(), "", ADALError.ENCODING_IS_NOT_SUPPORTED, e);
            return null;
        }
    }

    public AuthenticationResult refreshToken(String str) throws IOException, AuthenticationException {
        if (this.mWebRequestHandler == null) {
            Logger.v(TAG, "Web request is not set correctly");
            throw new IllegalArgumentException("webRequestHandler is null.");
        }
        try {
            String buildRefreshTokenRequestMessage = buildRefreshTokenRequestMessage(str);
            Map<String, String> requestHeaders = getRequestHeaders();
            requestHeaders.put(AuthenticationConstants.Broker.CHALLENGE_TLS_INCAPABLE, AuthenticationConstants.Broker.CHALLENGE_TLS_INCAPABLE_VERSION);
            Logger.v(TAG, "Sending request to redeem token with refresh token.");
            return postMessage(buildRefreshTokenRequestMessage, requestHeaders);
        } catch (UnsupportedEncodingException e) {
            Logger.e(TAG, e.getMessage(), "", ADALError.ENCODING_IS_NOT_SUPPORTED, e);
            return null;
        }
    }
}
