package com.microsoft.aad.msal4j;

import j$.util.concurrent.ConcurrentHashMap;
import java.net.URL;
import java.util.Arrays;
import java.util.Collections;
import java.util.Comparator;
import java.util.Iterator;
import java.util.Set;
import java.util.TreeSet;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes5.dex */
public class AadInstanceDiscoveryProvider {
    private static final String AUTHORIZE_ENDPOINT_TEMPLATE = "https://{host}/{tenant}/oauth2/v2.0/authorize";
    private static final String DEFAULT_TRUSTED_HOST = "login.microsoftonline.com";
    private static final String INSTANCE_DISCOVERY_ENDPOINT_TEMPLATE = "https://{host}/common/discovery/instance";
    private static final String INSTANCE_DISCOVERY_REQUEST_PARAMETERS_TEMPLATE = "?api-version=1.1&authorization_endpoint={authorizeEndpoint}";
    static final TreeSet<String> TRUSTED_HOSTS_SET;
    static ConcurrentHashMap<String, InstanceDiscoveryMetadataEntry> cache;

    static {
        TreeSet<String> treeSet = new TreeSet<>((Comparator<? super String>) String.CASE_INSENSITIVE_ORDER);
        TRUSTED_HOSTS_SET = treeSet;
        cache = new ConcurrentHashMap();
        treeSet.addAll(Arrays.asList("login.windows.net", "login.chinacloudapi.cn", "login-us.microsoftonline.com", "login.microsoftonline.de", DEFAULT_TRUSTED_HOST, "login.microsoftonline.us"));
    }

    AadInstanceDiscoveryProvider() {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void cacheInstanceDiscoveryMetadata(String str, AadInstanceDiscoveryResponse aadInstanceDiscoveryResponse) {
        if (aadInstanceDiscoveryResponse != null && aadInstanceDiscoveryResponse.metadata() != null) {
            for (InstanceDiscoveryMetadataEntry instanceDiscoveryMetadataEntry : aadInstanceDiscoveryResponse.metadata()) {
                Iterator<String> it = instanceDiscoveryMetadataEntry.aliases().iterator();
                while (it.hasNext()) {
                    cache.put(it.next(), instanceDiscoveryMetadataEntry);
                }
            }
        }
        cache.putIfAbsent(str, InstanceDiscoveryMetadataEntry.builder().preferredCache(str).preferredNetwork(str).aliases(Collections.singleton(str)).build());
    }

    private static void doInstanceDiscoveryAndCache(URL url, boolean z, MsalRequest msalRequest, ServiceBundle serviceBundle) {
        AadInstanceDiscoveryResponse aadInstanceDiscoveryResponse;
        if (msalRequest.application().authenticationAuthority.authorityType.equals(AuthorityType.AAD)) {
            aadInstanceDiscoveryResponse = sendInstanceDiscoveryRequest(url, msalRequest, serviceBundle);
            if (z) {
                validate(aadInstanceDiscoveryResponse);
            }
        } else {
            aadInstanceDiscoveryResponse = null;
        }
        cacheInstanceDiscoveryMetadata(url.getAuthority(), aadInstanceDiscoveryResponse);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Set<String> getAliases(String str) {
        return cache.containsKey(str) ? ((InstanceDiscoveryMetadataEntry) cache.get(str)).aliases() : Collections.singleton(str);
    }

    private static String getAuthorizeEndpoint(String str, String str2) {
        return AUTHORIZE_ENDPOINT_TEMPLATE.replace("{host}", str).replace("{tenant}", str2);
    }

    private static String getInstanceDiscoveryEndpoint(String str) {
        if (!TRUSTED_HOSTS_SET.contains(str)) {
            str = DEFAULT_TRUSTED_HOST;
        }
        return INSTANCE_DISCOVERY_ENDPOINT_TEMPLATE.replace("{host}", str);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static InstanceDiscoveryMetadataEntry getMetadataEntry(URL url, boolean z, MsalRequest msalRequest, ServiceBundle serviceBundle) {
        if (((InstanceDiscoveryMetadataEntry) cache.get(url.getAuthority())) == null) {
            doInstanceDiscoveryAndCache(url, z, msalRequest, serviceBundle);
        }
        return (InstanceDiscoveryMetadataEntry) cache.get(url.getAuthority());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static AadInstanceDiscoveryResponse parseInstanceDiscoveryMetadata(String str) {
        try {
            return (AadInstanceDiscoveryResponse) JsonHelper.convertJsonToObject(str, AadInstanceDiscoveryResponse.class);
        } catch (Exception unused) {
            throw new MsalClientException("Error parsing instance discovery response. Data must be in valid JSON format. For more information, see https://aka.ms/msal4j-instance-discovery", AuthenticationErrorCode.INVALID_INSTANCE_DISCOVERY_METADATA);
        }
    }

    private static AadInstanceDiscoveryResponse sendInstanceDiscoveryRequest(URL url, MsalRequest msalRequest, ServiceBundle serviceBundle) {
        return (AadInstanceDiscoveryResponse) JsonHelper.convertJsonToObject(HttpHelper.executeHttpRequest(new HttpRequest(HttpMethod.GET, getInstanceDiscoveryEndpoint(url.getAuthority()) + INSTANCE_DISCOVERY_REQUEST_PARAMETERS_TEMPLATE.replace("{authorizeEndpoint}", getAuthorizeEndpoint(url.getAuthority(), Authority.getTenant(url, Authority.detectAuthorityType(url)))), msalRequest.headers().getReadonlyHeaderMap()), msalRequest.requestContext(), serviceBundle).body(), AadInstanceDiscoveryResponse.class);
    }

    private static void validate(AadInstanceDiscoveryResponse aadInstanceDiscoveryResponse) {
        if (StringHelper.isBlank(aadInstanceDiscoveryResponse.tenantDiscoveryEndpoint())) {
            throw new MsalServiceException(aadInstanceDiscoveryResponse);
        }
    }
}
