package g;

import android.accounts.Account;
import android.accounts.AccountManager;
import android.accounts.AccountManagerCallback;
import android.accounts.AccountManagerFuture;
import android.accounts.AuthenticatorDescription;
import android.accounts.AuthenticatorException;
import android.accounts.OperationCanceledException;
import android.annotation.SuppressLint;
import android.annotation.TargetApi;
import android.content.Context;
import android.content.Intent;
import android.content.SharedPreferences;
import android.content.pm.PackageInfo;
import android.content.pm.PackageManager;
import android.content.pm.ResolveInfo;
import android.content.pm.Signature;
import android.os.Build;
import android.os.Bundle;
import android.os.Handler;
import android.os.Looper;
import android.text.TextUtils;
import android.util.Base64;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertPathValidator;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Date;
import java.util.GregorianCalendar;
import java.util.List;
import java.util.Set;

@TargetApi(14)
/* loaded from: classes2.dex */
public final class cnr implements coo {
    private Context a;
    private AccountManager b;
    private Handler c;
    private final String d = cno.INSTANCE.c;

    /* JADX WARN: $VALUES field not found */
    /* JADX WARN: Failed to restore enum class, 'enum' modifier and super class removed */
    /* loaded from: classes2.dex */
    public static final class a {
        public static final int a = 1;
        public static final int b = 2;
        public static final int c = 3;
        private static final /* synthetic */ int[] d = {a, b, c};
    }

    public cnr() {
    }

    public cnr(Context context) {
        this.a = context;
        this.b = AccountManager.get(this.a);
        this.c = new Handler(this.a.getMainLooper());
    }

    private static Account a(String str, Account[] accountArr) {
        if (accountArr != null) {
            for (Account account : accountArr) {
                if (account != null && account.name != null && account.name.equalsIgnoreCase(str)) {
                    return account;
                }
            }
        }
        return null;
    }

    private Intent a(Bundle bundle) {
        try {
            return (Intent) this.b.addAccount("com.microsoft.workaccount", "adal.authtoken.type", null, bundle, null, null, this.c).getResult().getParcelable("intent");
        } catch (AuthenticatorException e) {
            cpb.a("BrokerProxy", "Authenticator cancels the request", "", cmy.BROKER_AUTHENTICATOR_NOT_RESPONDING, e);
            return null;
        } catch (OperationCanceledException e2) {
            cpb.a("BrokerProxy", "Authenticator cancels the request", "", cmy.AUTH_FAILED_CANCELLED, e2);
            return null;
        } catch (IOException e3) {
            cpb.a("BrokerProxy", "Authenticator cancels the request", "", cmy.BROKER_AUTHENTICATOR_IO_EXCEPTION, e3);
            return null;
        }
    }

    private Bundle a(cnk cnkVar, Bundle bundle) {
        Bundle bundle2;
        Account c = c(cnkVar);
        if (c == null) {
            cpb.b("BrokerProxy", "Target account is not found");
            return null;
        }
        try {
            AccountManagerFuture<Bundle> authToken = this.b.getAuthToken(c, "adal.authtoken.type", bundle, false, (AccountManagerCallback<Bundle>) null, this.c);
            cpb.b("BrokerProxy", "Received result from broker");
            bundle2 = authToken.getResult();
        } catch (AuthenticatorException e) {
            cpb.b("BrokerProxy", "Authenticator cancels the request", "", cmy.BROKER_AUTHENTICATOR_NOT_RESPONDING);
            if (e.getMessage() != null && e.getMessage().contains(cmy.DEVICE_CONNECTION_IS_NOT_AVAILABLE.bb)) {
                throw new cnj(cmy.DEVICE_CONNECTION_IS_NOT_AVAILABLE, "Received error from broker, errorCode: " + e.getMessage());
            }
            bundle2 = null;
        } catch (OperationCanceledException e2) {
            cpb.a("BrokerProxy", "Authenticator cancels the request", "", cmy.AUTH_FAILED_CANCELLED, e2);
            bundle2 = null;
        } catch (IOException e3) {
            cpb.b("BrokerProxy", "Authenticator cancels the request", "", cmy.BROKER_AUTHENTICATOR_IO_EXCEPTION);
            bundle2 = null;
        }
        cpb.b("BrokerProxy", "Returning result from broker");
        return bundle2;
    }

    private static cpr a(String str, cpr[] cprVarArr) {
        if (cprVarArr != null) {
            for (cpr cprVar : cprVarArr) {
                if (cprVar != null && !TextUtils.isEmpty(cprVar.a) && cprVar.a.equalsIgnoreCase(str)) {
                    return cprVar;
                }
            }
        }
        return null;
    }

    private boolean a(AccountManager accountManager) {
        for (AuthenticatorDescription authenticatorDescription : accountManager.getAuthenticatorTypes()) {
            if (authenticatorDescription.type.equals("com.microsoft.workaccount") && e(authenticatorDescription.packageName)) {
                return true;
            }
        }
        return false;
    }

    private boolean a(AccountManager accountManager, String str, String str2) {
        for (AuthenticatorDescription authenticatorDescription : accountManager.getAuthenticatorTypes()) {
            if (authenticatorDescription.type.equals("com.microsoft.workaccount")) {
                Account[] accountsByType = this.b.getAccountsByType("com.microsoft.workaccount");
                if (authenticatorDescription.packageName.equalsIgnoreCase("com.azure.authenticator") || authenticatorDescription.packageName.equalsIgnoreCase("com.microsoft.windowsintune.companyportal") || authenticatorDescription.packageName.equalsIgnoreCase(cno.INSTANCE.b)) {
                    String str3 = authenticatorDescription.packageName;
                    Intent intent = new Intent();
                    intent.setPackage(str3);
                    intent.setClassName(str3, str3 + ".ui.AccountChooserActivity");
                    if (this.a.getPackageManager().queryIntentActivities(intent, 0).size() > 0) {
                        return true;
                    }
                    if (accountsByType.length > 0) {
                        return a(accountsByType, str, str2);
                    }
                }
            }
        }
        return false;
    }

    private boolean a(Account[] accountArr, String str, String str2) {
        if (!cpj.a(str)) {
            return str.equalsIgnoreCase(accountArr[0].name);
        }
        if (cpj.a(str2)) {
            return true;
        }
        try {
            return a(str2, c()) != null;
        } catch (AuthenticatorException | OperationCanceledException | IOException e) {
            cpb.a("BrokerProxy", "VerifyAccount:" + e.getMessage(), "", cmy.BROKER_AUTHENTICATOR_EXCEPTION, e);
            cpb.b("BrokerProxy", "It could not check the uniqueid from broker. It is not using broker");
            return false;
        }
    }

    private boolean b() {
        List<ResolveInfo> queryIntentServices;
        Intent c = cnq.c(this.a);
        return (c == null || (queryIntentServices = this.a.getPackageManager().queryIntentServices(c, 0)) == null || queryIntentServices.size() <= 0) ? false : true;
    }

    private Account c(cnk cnkVar) {
        Account[] accountsByType = this.b.getAccountsByType("com.microsoft.workaccount");
        if (!TextUtils.isEmpty(cnkVar.h)) {
            return a(cnkVar.h, accountsByType);
        }
        try {
            cpr a2 = a(cnkVar.f718g, c());
            if (a2 != null) {
                return a(a2.b, accountsByType);
            }
            return null;
        } catch (AuthenticatorException | OperationCanceledException | IOException e) {
            cpb.a("BrokerProxy", e.getMessage(), "", cmy.BROKER_AUTHENTICATOR_IO_EXCEPTION, e);
            return null;
        }
    }

    private cpr[] c() {
        if (Looper.myLooper() == Looper.getMainLooper()) {
            throw new IllegalArgumentException("Calling getBrokerUsers on main thread");
        }
        return b() ? cnq.a().a(this.a) : d();
    }

    private static Bundle d(cnk cnkVar) {
        Bundle bundle = new Bundle();
        bundle.putInt("com.microsoft.aad.adal:RequestId", cnkVar.a);
        bundle.putString("account.authority", cnkVar.b);
        bundle.putString("account.resource", cnkVar.d);
        bundle.putString("account.redirect", cnkVar.c);
        bundle.putString("account.clientid.key", cnkVar.e);
        bundle.putString("adal.version.key", cnkVar.m);
        bundle.putString("account.userinfo.userid", cnkVar.f718g);
        bundle.putString("account.extra.query.param", cnkVar.j);
        if (cnkVar.i != null) {
            bundle.putString("account.correlationid", cnkVar.i.toString());
        }
        String str = cnkVar.h;
        if (cpj.a(str)) {
            str = cnkVar.f;
        }
        bundle.putString("account.login.hint", str);
        bundle.putString("account.name", str);
        if (cnkVar.k != null) {
            bundle.putString("account.prompt", cnkVar.k.name());
        }
        return bundle;
    }

    private cpr[] d() {
        Account[] accountsByType = this.b.getAccountsByType("com.microsoft.workaccount");
        Bundle bundle = new Bundle();
        bundle.putBoolean("com.microsoft.workaccount.user.info", true);
        cpb.b("BrokerProxy", "Retrieve all the accounts from account manager with broker account type, and the account length is: " + accountsByType.length);
        cpr[] cprVarArr = new cpr[accountsByType.length];
        int i = 0;
        while (true) {
            int i2 = i;
            if (i2 >= accountsByType.length) {
                return cprVarArr;
            }
            AccountManagerFuture<Bundle> updateCredentials = this.b.updateCredentials(accountsByType[i2], "adal.authtoken.type", bundle, null, null, null);
            cpb.b("BrokerProxy", "Waiting for userinfo retrieval result from Broker.");
            Bundle result = updateCredentials.getResult();
            cprVarArr[i2] = new cpr(result.getString("account.userinfo.userid"), result.getString("account.userinfo.given.name"), result.getString("account.userinfo.family.name"), result.getString("account.userinfo.identity.provider"), result.getString("account.userinfo.userid.displayable"));
            i = i2 + 1;
        }
    }

    private boolean e(String str) {
        int i;
        X509Certificate x509Certificate = null;
        try {
            List<X509Certificate> f = f(str);
            for (X509Certificate x509Certificate2 : f) {
                MessageDigest messageDigest = MessageDigest.getInstance("SHA");
                messageDigest.update(x509Certificate2.getEncoded());
                String encodeToString = Base64.encodeToString(messageDigest.digest(), 2);
                if (this.d.equals(encodeToString) || "ho040S3ffZkmxqtQrSwpTVOn9r0=".equals(encodeToString)) {
                    if (f.size() > 1) {
                        int i2 = 0;
                        for (X509Certificate x509Certificate3 : f) {
                            if (x509Certificate3.getSubjectDN().equals(x509Certificate3.getIssuerDN())) {
                                i = i2 + 1;
                            } else {
                                x509Certificate3 = x509Certificate;
                                i = i2;
                            }
                            i2 = i;
                            x509Certificate = x509Certificate3;
                        }
                        if (i2 > 1 || x509Certificate == null) {
                            throw new cnj(cmy.BROKER_APP_VERIFICATION_FAILED, "Multiple self signed certs found or no self signed cert existed.");
                        }
                        PKIXParameters pKIXParameters = new PKIXParameters((Set<TrustAnchor>) Collections.singleton(new TrustAnchor(x509Certificate, null)));
                        pKIXParameters.setRevocationEnabled(false);
                        CertPathValidator.getInstance("PKIX").validate(CertificateFactory.getInstance("X.509").generateCertPath(f), pKIXParameters);
                    }
                    return true;
                }
            }
            throw new cnj(cmy.BROKER_APP_VERIFICATION_FAILED);
        } catch (PackageManager.NameNotFoundException e) {
            cpb.b("BrokerProxy", "Broker related package does not exist", "", cmy.BROKER_PACKAGE_NAME_NOT_FOUND);
            return false;
        } catch (cnj e2) {
            e = e2;
            cpb.a("BrokerProxy", e.getMessage(), "", cmy.BROKER_VERIFICATION_FAILED, e);
            return false;
        } catch (IOException e3) {
            e = e3;
            cpb.a("BrokerProxy", e.getMessage(), "", cmy.BROKER_VERIFICATION_FAILED, e);
            return false;
        } catch (NoSuchAlgorithmException e4) {
            cpb.b("BrokerProxy", "Digest SHA algorithm does not exists", "", cmy.DEVICE_NO_SUCH_ALGORITHM);
            return false;
        } catch (GeneralSecurityException e5) {
            e = e5;
            cpb.a("BrokerProxy", e.getMessage(), "", cmy.BROKER_VERIFICATION_FAILED, e);
            return false;
        }
    }

    @SuppressLint({"PackageManagerGetSignatures"})
    private List<X509Certificate> f(String str) {
        PackageInfo packageInfo = this.a.getPackageManager().getPackageInfo(str, 64);
        if (packageInfo == null) {
            throw new cnj(cmy.APP_PACKAGE_NAME_NOT_FOUND, "No broker package existed.");
        }
        if (packageInfo.signatures == null || packageInfo.signatures.length == 0) {
            throw new cnj(cmy.BROKER_APP_VERIFICATION_FAILED, "No signature associated with the broker package.");
        }
        ArrayList arrayList = new ArrayList(packageInfo.signatures.length);
        for (Signature signature : packageInfo.signatures) {
            try {
                arrayList.add((X509Certificate) CertificateFactory.getInstance("X509").generateCertificate(new ByteArrayInputStream(signature.toByteArray())));
            } catch (CertificateException e) {
                throw new cnj(cmy.BROKER_APP_VERIFICATION_FAILED);
            }
        }
        return arrayList;
    }

    @Override // g.coo
    public final int a(String str) {
        try {
            URL url = new URL(str);
            String packageName = this.a.getPackageName();
            if (!((!cno.INSTANCE.h || packageName.equalsIgnoreCase(cno.INSTANCE.b) || packageName.equalsIgnoreCase("com.azure.authenticator") || !a(this.b) || cpp.a(url)) ? false : true)) {
                cpb.b("BrokerProxy", "Broker auth is turned off or no valid broker is available on the device, cannot switch to broker.");
                return a.b;
            }
            if (!b()) {
                if (!(a(this.b, "", ""))) {
                    cpb.b("BrokerProxy", "No valid account existed in broker, cannot switch to broker for auth.");
                    return a.b;
                }
                try {
                    StringBuilder sb = new StringBuilder();
                    if (Build.VERSION.SDK_INT >= 23) {
                        sb.append(b("android.permission.GET_ACCOUNTS"));
                        if (sb.length() != 0) {
                            throw new cpq(cmy.DEVELOPER_BROKER_PERMISSIONS_MISSING, "Broker related permissions are missing for " + sb.toString());
                        }
                    } else {
                        cpb.b("BrokerProxy", "Device is lower than 23, skip the GET_ACCOUNTS permission check.");
                    }
                } catch (cpq e) {
                    cpb.b("BrokerProxy", "Missing GET_ACCOUNTS permission, cannot switch to broker.");
                    return a.c;
                }
            }
            return a.a;
        } catch (MalformedURLException e2) {
            throw new IllegalArgumentException(cmy.DEVELOPER_AUTHORITY_IS_NOT_VALID_URL.name());
        }
    }

    @Override // g.coo
    public final cnm a(cnk cnkVar) {
        Date date;
        cmy cmyVar;
        Looper myLooper = Looper.myLooper();
        if (myLooper != null && myLooper == this.a.getMainLooper()) {
            IllegalStateException illegalStateException = new IllegalStateException("calling this from your main thread can lead to deadlock");
            cpb.a("BrokerProxy", "calling this from your main thread can lead to deadlock and/or ANRs", "", cmy.DEVELOPER_CALLING_ON_MAIN_THREAD, illegalStateException);
            if (this.a.getApplicationInfo().targetSdkVersion >= 8) {
                throw illegalStateException;
            }
        }
        Bundle d = d(cnkVar);
        Bundle a2 = b() ? cnq.a().a(this.a, d) : a(cnkVar, d);
        if (a2 == null) {
            cpb.b("BrokerProxy", "No bundle result returned from broker for silent request.");
            return null;
        }
        if (a2 == null) {
            throw new IllegalArgumentException("bundleResult");
        }
        int i = a2.getInt("errorCode");
        String string = a2.getString("errorMessage");
        String string2 = a2.getString("error");
        String string3 = a2.getString("error_description");
        if (!cpj.a(string)) {
            switch (i) {
                case 3:
                    cmyVar = cmy.DEVICE_CONNECTION_IS_NOT_AVAILABLE;
                    break;
                case 4:
                case 5:
                case 8:
                default:
                    cmyVar = cmy.BROKER_AUTHENTICATOR_ERROR_GETAUTHTOKEN;
                    break;
                case 6:
                    cmyVar = cmy.BROKER_AUTHENTICATOR_UNSUPPORTED_OPERATION;
                    break;
                case 7:
                    cmyVar = cmy.BROKER_AUTHENTICATOR_BAD_ARGUMENTS;
                    break;
                case 9:
                    cmyVar = cmy.BROKER_AUTHENTICATOR_BAD_AUTHENTICATION;
                    break;
            }
            throw new cnj(cmyVar, string);
        }
        if (!cpj.a(string2) && cnkVar.l) {
            throw new cnj(cmy.AUTH_REFRESH_FAILED_PROMPT_NOT_ALLOWED, "Received error from broker, errorCode: " + string2 + "; ErrorDescription: " + string3);
        }
        if (a2.getBoolean("account.initial.request")) {
            return cnm.a();
        }
        cpr a3 = cpr.a(a2);
        String string4 = a2.getString("account.userinfo.tenantid", "");
        if (a2.getLong("account.expiredate") == 0) {
            cpb.b("BrokerProxy", "Broker doesn't return expire date, set it current date plus one hour");
            GregorianCalendar gregorianCalendar = new GregorianCalendar();
            gregorianCalendar.add(13, 3600);
            date = gregorianCalendar.getTime();
        } else {
            date = new Date(a2.getLong("account.expiredate"));
        }
        return new cnm(a2.getString("authtoken"), "", date, false, a3, string4, "", null);
    }

    @Override // g.coo
    public final String a() {
        for (AuthenticatorDescription authenticatorDescription : this.b.getAuthenticatorTypes()) {
            if (authenticatorDescription.type.equals("com.microsoft.workaccount")) {
                return authenticatorDescription.packageName;
            }
        }
        return null;
    }

    @Override // g.coo
    public final boolean a(String str, String str2) {
        if (b()) {
            return true;
        }
        return a(this.b, str, str2);
    }

    @Override // g.coo
    public final Intent b(cnk cnkVar) {
        Intent a2;
        Bundle d = d(cnkVar);
        if (b()) {
            a2 = cnq.a().b(this.a);
            a2.putExtras(d);
        } else {
            a2 = a(d);
        }
        if (a2 != null) {
            a2.putExtra("com.microsoft.aadbroker.adal.broker.request", "com.microsoft.aadbroker.adal.broker.request");
            if (a2 == null) {
                throw new IllegalArgumentException("intent");
            }
            if (!"v2".equalsIgnoreCase(a2.getStringExtra("broker.version")) && cpf.FORCE_PROMPT == cnkVar.k) {
                cpb.b("BrokerProxy", "FORCE_PROMPT is set for broker auth via old version of broker app, reset to ALWAYS.");
                a2.putExtra("account.prompt", cpf.Always.name());
            }
        }
        return a2;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public final String b(String str) {
        if (this.a.getPackageManager().checkPermission(str, this.a.getPackageName()) == 0) {
            return "";
        }
        cpb.a("BrokerProxy", "Broker related permissions are missing for " + str, "", cmy.DEVELOPER_BROKER_PERMISSIONS_MISSING);
        return str + ' ';
    }

    @Override // g.coo
    public final void c(String str) {
        if (str == null || str.isEmpty()) {
            return;
        }
        SharedPreferences sharedPreferences = this.a.getSharedPreferences("com.microsoft.aad.adal.account.list", 0);
        String string = sharedPreferences.getString("AppAccountsForTokenRemoval", "");
        if (string.contains("|" + str)) {
            return;
        }
        SharedPreferences.Editor edit = sharedPreferences.edit();
        edit.putString("AppAccountsForTokenRemoval", string + "|" + str);
        edit.apply();
    }

    @Override // g.coo
    public final String d(String str) {
        PackageInfo packageInfo = this.a.getPackageManager().getPackageInfo(str, 0);
        return "VersionName=" + packageInfo.versionName + ";VersonCode=" + packageInfo.versionCode + ".";
    }
}
