package com.blackberry.auth.spnego;

import android.accounts.AbstractAccountAuthenticator;
import android.accounts.Account;
import android.accounts.AccountAuthenticatorResponse;
import android.accounts.AccountManager;
import android.app.Notification;
import android.app.NotificationManager;
import android.app.PendingIntent;
import android.content.Context;
import android.content.Intent;
import android.os.Bundle;
import android.util.Log;
import com.blackberry.auth.spnego.GssApiClient;
import com.blackberry.auth.spnego.exceptions.CredentialsException;
import com.blackberry.auth.spnego.exceptions.ExpiredPasswordException;
import com.blackberry.auth.spnego.exceptions.InternalException;
import com.blackberry.auth.spnego.exceptions.InvalidPasswordException;
import com.blackberry.auth.spnego.exceptions.NetworkException;
import com.blackberry.auth.spnego.exceptions.UnknownErrorException;
import com.blackberry.auth.spnego.exceptions.UsernameException;
import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.UnrecoverableEntryException;
import java.security.cert.CertificateException;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;

/* compiled from: Authenticator.java */
/* loaded from: classes.dex */
public class b extends AbstractAccountAuthenticator {
    private static final int ERROR_INTERNAL = 5;
    private static final int ERROR_NETWORK = 4;
    private static final String TAG = "SSOAuthenticator";
    private static final String nd = "SPNEGO:HOSTBASED:";
    private static final String ne = "com.android.chrome";
    private static final String ng = "complete";
    private static final int nh = 1;
    private static final int ni = 2;
    private static final int nj = 3;
    private static final int nk = 6;
    private Context mContext;
    private AccountManager mT;
    private Map<String, GssApiClient> nl;

    public b(Context context) {
        super(context);
        this.nl = null;
        Log.d(TAG, "Authenticator started...");
        this.mContext = context;
        this.nl = new HashMap();
        this.mT = AccountManager.get(context);
    }

    private boolean B(String str) {
        if (str == null) {
            return false;
        }
        String[] bd = h.I(this.mContext).bd();
        if (str.compareToIgnoreCase(ne) == 0) {
            return true;
        }
        for (String str2 : bd) {
            if (str.matches(str2)) {
                return true;
            }
        }
        return false;
    }

    private static boolean C(String str) {
        if (str == null) {
            return true;
        }
        return str.startsWith("SPNEGO:HOSTBASED:");
    }

    private static Bundle a(Account account, int i, String str) {
        int i2 = 3;
        Bundle bundle = new Bundle();
        Log.d(TAG, "createErrorResult Code = " + Integer.toString(i) + ", msg = " + str);
        bundle.putString("authAccount", account.name);
        bundle.putString("accountType", account.type);
        bundle.putBoolean("complete", true);
        switch (i) {
            case 1:
                i2 = 6;
                break;
            case 2:
            case 3:
            case 5:
                break;
            case 4:
                i2 = 1;
                break;
            case 6:
                i2 = 7;
                break;
            default:
                i2 = 8;
                break;
        }
        bundle.putInt(f.nE, i2);
        return bundle;
    }

    private Bundle a(Account account, String str, String str2) {
        GssApiClient gssApiClient;
        String str3 = account.name + "$" + str;
        Log.i(TAG, " mClientMap Size = " + Integer.toString(this.nl.size()));
        if (str2 != null) {
            Log.i(TAG, "Retrieving existing context...");
            GssApiClient gssApiClient2 = this.nl.get(str3);
            if (gssApiClient2 == null) {
                Log.e(TAG, "Existing context not found");
                return a(account, 3, "Existing context not found");
            }
            gssApiClient = gssApiClient2;
        } else {
            Log.d(TAG, "Challenge: null");
            try {
                Log.i(TAG, "Creating context...");
                gssApiClient = new GssApiClient(account.name, str);
                GssApiClient put = this.nl.put(str3, gssApiClient);
                if (put != null) {
                    Log.i(TAG, "Cleanup old client");
                    put.close();
                }
            } catch (InternalException e) {
                Log.e(TAG, "Failed to create context - " + e.getMessage());
                return a(account, 5, "Failed to create context");
            } catch (IllegalArgumentException e2) {
                Log.e(TAG, "Invalid service name - " + e2.getMessage());
                return a(account, 1, "Invalid service name");
            }
        }
        try {
            Log.i(TAG, "Authenticating...");
            GssApiClient.Result authenticate = gssApiClient.authenticate(str2);
            Log.d(TAG, "Complete: " + authenticate.complete);
            Bundle bundle = new Bundle();
            if (!authenticate.complete) {
                Bundle bundle2 = new Bundle();
                bundle2.putParcelable("context", gssApiClient);
                bundle.putBundle(f.nC, bundle2);
            }
            bundle.putString("authAccount", account.name);
            bundle.putString("accountType", account.type);
            bundle.putString("authtoken", authenticate.response);
            bundle.putInt(f.nE, 0);
            bundle.putBoolean("complete", authenticate.complete);
            return bundle;
        } catch (InternalException e3) {
            Log.e(TAG, "Failed to authenticate - " + e3.getMessage());
            return a(account, 5, "Failed to authenticate");
        } catch (IllegalArgumentException e4) {
            Log.e(TAG, "Invalid challenge - " + e4.getMessage());
            return a(account, 2, "Invalid challenge");
        }
    }

    public static void a(Context context, Intent intent, String str, String str2) {
        PendingIntent activity = PendingIntent.getActivity(context, 0, intent, 134217728);
        if (str == null) {
            str = "";
        }
        if (str2 == null) {
            str2 = "";
        }
        ((NotificationManager) context.getSystemService("notification")).notify(42, new Notification.Builder(context).setContentTitle(str).setContentText(str2).setSmallIcon(context.getResources().getIdentifier("sso_ic_launcher_mono", "drawable", context.getPackageName())).setContentIntent(activity).setPriority(1).setDefaults(-1).setAutoCancel(false).build());
    }

    @Override // android.accounts.AbstractAccountAuthenticator
    public Bundle addAccount(AccountAuthenticatorResponse accountAuthenticatorResponse, String str, String str2, String[] strArr, Bundle bundle) {
        Bundle bundle2 = new Bundle();
        Log.i(TAG, "accountType = " + str);
        Log.i(TAG, "authTokenType =" + str2);
        if (!C(str2)) {
            throw new com.blackberry.auth.spnego.exceptions.a("Invalid Auth Token Type");
        }
        bundle2.putParcelable(com.blackberry.hybridagent.b.cen, AccountSetupActivity.a(this.mContext, accountAuthenticatorResponse, str, str2, strArr, bundle));
        return bundle2;
    }

    public void close() {
        Iterator<GssApiClient> it = this.nl.values().iterator();
        while (it.hasNext()) {
            it.next().close();
        }
        this.nl.clear();
    }

    @Override // android.accounts.AbstractAccountAuthenticator
    public Bundle confirmCredentials(AccountAuthenticatorResponse accountAuthenticatorResponse, Account account, Bundle bundle) {
        return null;
    }

    @Override // android.accounts.AbstractAccountAuthenticator
    public Bundle editProperties(AccountAuthenticatorResponse accountAuthenticatorResponse, String str) {
        throw new UnsupportedOperationException();
    }

    @Override // android.accounts.AbstractAccountAuthenticator
    public Bundle getAccountRemovalAllowed(AccountAuthenticatorResponse accountAuthenticatorResponse, Account account) {
        try {
            KerberosUtil.D(account.name);
        } catch (InternalException e) {
            Log.e(TAG, "Failed to delete credentials - " + e.getMessage());
        } catch (IOException e2) {
            e = e2;
            e.printStackTrace();
        } catch (IllegalArgumentException e3) {
            Log.e(TAG, "IllegalArgumentException - " + e3.getMessage());
        } catch (InvalidAlgorithmParameterException e4) {
            e = e4;
            e.printStackTrace();
        } catch (KeyStoreException e5) {
            e = e5;
            e.printStackTrace();
        } catch (NoSuchAlgorithmException e6) {
            e = e6;
            e.printStackTrace();
        } catch (NoSuchProviderException e7) {
            e = e7;
            e.printStackTrace();
        } catch (UnrecoverableEntryException e8) {
            e = e8;
            e.printStackTrace();
        } catch (CertificateException e9) {
            e = e9;
            e.printStackTrace();
        }
        Bundle bundle = new Bundle();
        bundle.putBoolean("booleanResult", true);
        return bundle;
    }

    @Override // android.accounts.AbstractAccountAuthenticator
    public Bundle getAuthToken(AccountAuthenticatorResponse accountAuthenticatorResponse, Account account, String str, Bundle bundle) {
        for (String str2 : bundle.keySet()) {
            Log.i(TAG, str2 + " is a key in the bundle ");
            Log.i(TAG, bundle.get(str2).toString());
        }
        String nameForUid = this.mContext.getPackageManager().getNameForUid(bundle.getInt("callerUid"));
        Log.i(TAG, "Caller Name: " + nameForUid);
        Log.d(TAG, "Token type: " + str);
        if (!C(str)) {
            Log.e(TAG, "Invalid prefix for token type");
            return a(account, 1, "Invalid prefix");
        }
        if (!a.G(this.mContext)) {
            return a(account, 5, "Spnego Not Licensed.");
        }
        if (!KerberosUtil.aS()) {
            return a(account, 5, "Kerberos Not Configured.");
        }
        if (!B(nameForUid)) {
            Log.i(TAG, "Caller: " + nameForUid + " does not have permission to access SSO.");
            return a(account, 5, "Permission denied.");
        }
        String substring = str.substring("SPNEGO:HOSTBASED:".length());
        Log.d(TAG, "Service: " + substring);
        String string = bundle.getString("authtoken", null);
        if (string == null && bundle.containsKey(f.nC)) {
            string = bundle.getString(f.nB);
        }
        try {
            return a(account, substring, string);
        } catch (CredentialsException e) {
            e.printStackTrace();
            try {
                String password = this.mT.getPassword(account);
                if (password != null && !password.isEmpty()) {
                    KerberosUtil.c(this.mContext, account.name, this.mT.getPassword(account));
                    try {
                        return a(account, substring, string);
                    } catch (CredentialsException e2) {
                        Log.e(TAG, "Failed to renew credentials - " + e.getMessage());
                        return a(account, 5, "Failed to renew credentials");
                    }
                }
                Bundle bundle2 = new Bundle();
                Log.d(TAG, "getAuthToken(): Asking for credentials confirmation");
                Intent a2 = AccountPasswordPromptActivity.a(this.mContext, account.name, accountAuthenticatorResponse);
                a2.putExtra("url", substring.split("@")[1]);
                if (nameForUid.compareTo(ne) != 0) {
                    Log.d(TAG, "Adding error code to results.");
                    bundle2.putString("authAccount", account.name);
                    bundle2.putString("accountType", account.type);
                    bundle2.putBoolean("complete", true);
                    bundle2.putInt(f.nE, 5);
                    Context context = this.mContext;
                    String string2 = this.mContext.getString(R.string.notification_title);
                    String string3 = this.mContext.getString(R.string.notification_content);
                    PendingIntent activity = PendingIntent.getActivity(context, 0, a2, 134217728);
                    if (string2 == null) {
                        string2 = "";
                    }
                    if (string3 == null) {
                        string3 = "";
                    }
                    ((NotificationManager) context.getSystemService("notification")).notify(42, new Notification.Builder(context).setContentTitle(string2).setContentText(string3).setSmallIcon(context.getResources().getIdentifier("sso_ic_launcher_mono", "drawable", context.getPackageName())).setContentIntent(activity).setPriority(1).setDefaults(-1).setAutoCancel(false).build());
                } else {
                    bundle2.putParcelable(com.blackberry.hybridagent.b.cen, a2);
                    bundle2.putBoolean("complete", true);
                }
                return bundle2;
            } catch (ExpiredPasswordException e3) {
                Log.e(TAG, "Expired password - " + e.getMessage());
                return a(account, 5, "Expired password");
            } catch (InternalException e4) {
                Log.e(TAG, "Failed to renew credentials - " + e.getMessage());
                return a(account, 5, "Failed to renew credentials");
            } catch (InvalidPasswordException e5) {
                Log.e(TAG, "Invalid password - " + e.getMessage());
                return a(account, 5, "Invalid password");
            } catch (NetworkException e6) {
                Log.e(TAG, "Failed to connect to KDC - " + e.getMessage());
                return a(account, 4, "Failed to connect to KDC");
            } catch (UnknownErrorException e7) {
                Log.e(TAG, "Unknown error - " + e.getMessage());
                return a(account, 5, "Unknown error");
            } catch (UsernameException e8) {
                Log.e(TAG, "Invalid username or realm - " + e.getMessage());
                return a(account, 6, "Invalid username or realm");
            } catch (IllegalArgumentException e9) {
                Log.e(TAG, "Invalid cached credentials - " + e.getMessage());
                return a(account, 5, "Invalid credentials");
            }
        }
    }

    @Override // android.accounts.AbstractAccountAuthenticator
    public String getAuthTokenLabel(String str) {
        throw new UnsupportedOperationException();
    }

    @Override // android.accounts.AbstractAccountAuthenticator
    public Bundle hasFeatures(AccountAuthenticatorResponse accountAuthenticatorResponse, Account account, String[] strArr) {
        boolean z = false;
        if (strArr.length == 0 || (strArr.length == 1 && strArr[0].equals(f.nF))) {
            z = true;
        }
        Bundle bundle = new Bundle();
        bundle.putBoolean("booleanResult", z);
        return bundle;
    }

    @Override // android.accounts.AbstractAccountAuthenticator
    public Bundle updateCredentials(AccountAuthenticatorResponse accountAuthenticatorResponse, Account account, String str, Bundle bundle) {
        throw new UnsupportedOperationException();
    }
}
