package com.microsoft.intune.mam.policy;

import android.content.Context;
import android.os.ConditionVariable;
import com.microsoft.aad.adal.AuthenticationCallback;
import com.microsoft.aad.adal.AuthenticationContext;
import com.microsoft.aad.adal.AuthenticationResult;
import com.microsoft.aad.adal.DefaultTokenCacheStore;
import com.microsoft.aad.adal.ITokenCacheStore;
import com.microsoft.aad.adal.TokenCacheItem;
import com.microsoft.aad.adal.UserInfo;
import com.microsoft.intune.mam.client.app.startup.ADALConnectionDetails;
import com.microsoft.intune.mam.client.identity.MAMIdentityManager;
import com.microsoft.intune.mam.log.MAMLogPIIFactory;
import com.microsoft.intune.mam.log.MAMLogger;
import com.microsoft.intune.mam.log.MAMLoggerProvider;
import java.util.Iterator;
import java.util.UUID;
import java.util.logging.Level;

/* loaded from: classes.dex */
public final class MAMServiceAuthentication {
    public static final String APIV2_AUTH_USED = "MAMServiceAuthentication.ApiV2AuthUsed";
    public static final String BROKER_NEEDED = "MAMServiceAuthentication.BrokerNeeded";
    private static final MAMLogger LOGGER = MAMLoggerProvider.getLogger((Class<?>) MAMServiceAuthentication.class);
    public static final String MAMSERVICE_RESOURCE_ID = "https://msmamservice.api.application";
    private static final long TOKEN_ACQUIRE_TIMEOUT_MS = 30000;

    /* loaded from: classes.dex */
    final class AuthCallback implements AuthenticationCallback<AuthenticationResult> {
        private final ConditionVariable mDone;
        private Exception mError = null;
        private AuthenticationResult mResult = null;

        public AuthCallback(ConditionVariable conditionVariable) {
            this.mDone = conditionVariable;
        }

        private void updateResult(AuthenticationResult authenticationResult, Exception exc) {
            this.mResult = authenticationResult;
            this.mError = exc;
            this.mDone.open();
        }

        @Override // com.microsoft.aad.adal.AuthenticationCallback
        public void onError(Exception exc) {
            updateResult(null, exc);
        }

        @Override // com.microsoft.aad.adal.AuthenticationCallback
        public void onSuccess(AuthenticationResult authenticationResult) {
            if (authenticationResult == null) {
                MAMServiceAuthentication.LOGGER.warning("ADAL authentication Failed: null result");
                updateResult(null, null);
            } else if (authenticationResult.getStatus() == AuthenticationResult.AuthenticationStatus.Succeeded) {
                updateResult(authenticationResult, null);
            } else {
                MAMServiceAuthentication.LOGGER.warning("ADAL authentication Failed: " + authenticationResult.getErrorLogInfo());
                updateResult(null, null);
            }
        }
    }

    private MAMServiceAuthentication() {
    }

    public static AuthenticationResult acquireToken(Context context, ADALConnectionDetails aDALConnectionDetails, String str, String str2, MAMIdentityManager mAMIdentityManager, MAMLogPIIFactory mAMLogPIIFactory) {
        UUID randomUUID = UUID.randomUUID();
        LOGGER.info("Requesting auth token for MAM Service;  Correlation ID = " + randomUUID.toString());
        try {
            AuthenticationContext authenticationContext = new AuthenticationContext(context, aDALConnectionDetails.getAuthority(), false);
            authenticationContext.setRequestCorrelationId(randomUUID);
            if (str2 == null) {
                str2 = findADALUserId(authenticationContext, str, aDALConnectionDetails.getSkipBroker(), mAMLogPIIFactory);
            }
            AuthenticationResult validateResult = validateResult(str2 != null ? authenticationContext.acquireTokenSilentSync(MAMSERVICE_RESOURCE_ID, aDALConnectionDetails.getClientId(), str2) : null, str);
            trackIdentityInformationFromResult(validateResult, str, mAMIdentityManager);
            return validateResult;
        } catch (Exception e) {
            LOGGER.log(Level.SEVERE, "Failed to acquire MAMService token;  Correlation ID = " + randomUUID.toString(), (Throwable) e);
            return null;
        }
    }

    public static String authHeaderFromToken(String str) {
        return "Bearer " + str;
    }

    public static AuthenticationResult authenticateWithRefreshToken(Context context, ADALConnectionDetails aDALConnectionDetails, String str) {
        if (str == null || str.isEmpty()) {
            LOGGER.warning("Refresh token was null or empty, unable to authenticate with refresh token");
            return null;
        }
        if (aDALConnectionDetails == null) {
            LOGGER.warning("ADAL Details were null, unable to authenticate with refresh token");
            return null;
        }
        UUID randomUUID = UUID.randomUUID();
        LOGGER.info("Requesting auth token from refresh token for MAM Service;  Correlation ID = " + randomUUID.toString());
        try {
            AuthenticationContext authenticationContext = new AuthenticationContext(context, aDALConnectionDetails.getAuthority(), false);
            authenticationContext.setRequestCorrelationId(randomUUID);
            ConditionVariable conditionVariable = new ConditionVariable();
            AuthCallback authCallback = new AuthCallback(conditionVariable);
            authenticationContext.acquireTokenByRefreshToken(str, aDALConnectionDetails.getClientId(), MAMSERVICE_RESOURCE_ID, authCallback);
            if (conditionVariable.block(TOKEN_ACQUIRE_TIMEOUT_MS)) {
                if (authCallback.mError != null) {
                    throw authCallback.mError;
                }
                return validateResult(authCallback.mResult, null);
            }
            LOGGER.warning("Failed to retrieve token for MAM Service: timeout;  Correlation ID = " + randomUUID.toString());
            authenticationContext.cancelAuthenticationActivity(authCallback.hashCode());
            return null;
        } catch (Exception e) {
            LOGGER.log(Level.SEVERE, "Failed to retrieve token for MAM Service. Correlation ID = " + randomUUID.toString(), (Throwable) e);
            return null;
        }
    }

    private static String findADALUserId(AuthenticationContext authenticationContext, String str, boolean z, MAMLogPIIFactory mAMLogPIIFactory) {
        UserInfo[] userInfoArr;
        if (!z) {
            try {
                userInfoArr = authenticationContext.getBrokerUsers();
            } catch (Exception e) {
                LOGGER.log(Level.WARNING, "Unable to get cached users from broker.", (Throwable) e);
                userInfoArr = null;
            }
            if (userInfoArr != null) {
                for (UserInfo userInfo : userInfoArr) {
                    if (userInfo.getDisplayableId().equalsIgnoreCase(str)) {
                        String userId = userInfo.getUserId();
                        LOGGER.info("found user {0} from the broker with id {1}", new Object[]{mAMLogPIIFactory.getPIIUPN(str), userId});
                        return userId;
                    }
                }
            }
        }
        ITokenCacheStore cache = authenticationContext.getCache();
        if (!(cache instanceof DefaultTokenCacheStore)) {
            LOGGER.severe("Found unexpected type for ADAL ITokenCacheStore; unable to get the UserId from the cache for user {0}", mAMLogPIIFactory.getPIIUPN(str));
            return null;
        }
        Iterator<TokenCacheItem> all = ((DefaultTokenCacheStore) cache).getAll();
        while (all.hasNext()) {
            UserInfo userInfo2 = all.next().getUserInfo();
            if (userInfo2 != null && userInfo2.getDisplayableId().equalsIgnoreCase(str)) {
                String userId2 = userInfo2.getUserId();
                LOGGER.info("found user {0} from the ADAL cache with id {1}", new Object[]{mAMLogPIIFactory.getPIIUPN(str), userId2});
                return userId2;
            }
        }
        LOGGER.warning("No entry in ADAL cache for user {0}", mAMLogPIIFactory.getPIIUPN(str));
        return null;
    }

    private static void trackIdentityInformationFromResult(AuthenticationResult authenticationResult, String str, MAMIdentityManager mAMIdentityManager) {
        if (authenticationResult == null || mAMIdentityManager == null) {
            return;
        }
        mAMIdentityManager.updateTenantAadId(mAMIdentityManager.create(str, authenticationResult.getUserInfo() != null ? authenticationResult.getUserInfo().getUserId() : null), authenticationResult.getTenantId());
    }

    private static AuthenticationResult validateResult(AuthenticationResult authenticationResult, String str) {
        if (authenticationResult == null) {
            LOGGER.warning("Failed to acquire MAMService token.");
            return null;
        }
        if (authenticationResult.getStatus() != AuthenticationResult.AuthenticationStatus.Succeeded) {
            LOGGER.warning("ADAL authentication Failed: " + authenticationResult.getErrorLogInfo());
            return null;
        }
        if (str == null || authenticationResult.getUserInfo().getDisplayableId().equalsIgnoreCase(str)) {
            LOGGER.info("MAMService token acquired successfully.");
            return authenticationResult;
        }
        LOGGER.warning("Failed to acquire MAMService token: wrong user id.");
        return null;
    }
}
