package com.microsoft.workaccount.authenticatorservice;

import android.net.Uri;
import android.os.Bundle;
import android.util.Base64;
import com.microsoft.identity.common.adal.internal.AuthenticationConstants;
import com.microsoft.identity.common.adal.internal.util.StringExtensions;
import com.microsoft.identity.common.internal.broker.JoinedAccountRequest;
import com.microsoft.identity.common.internal.broker.JoinedAccountRequestHandler;
import com.microsoft.identity.common.internal.net.HttpConstants;
import com.microsoft.identity.common.internal.net.HttpRequest;
import com.microsoft.identity.common.internal.net.HttpResponse;
import com.microsoft.identity.common.internal.platform.Device;
import com.microsoft.identity.common.internal.providers.oauth2.ResponseType;
import com.microsoft.identity.common.internal.result.ResultFuture;
import com.microsoft.workaccount.workplacejoin.Logger;
import com.microsoft.workaccount.workplacejoin.WorkplaceJoinData;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertificateEncodingException;
import java.util.Map;
import java.util.TreeMap;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import org.json.JSONException;

/* loaded from: classes2.dex */
public class DeviceTokenRequestHandler {
    public static final String CONTENT_TYPE_FORM_URL_ENCODED = "application/x-www-form-urlencoded";
    public static final String DEVICE_TOKEN_GRANT_TYPE = "device_token";
    public static final String DEVICE_TOKEN_ISSUER = "aad:brokerplugin";
    public static final String DEVICE_TOKEN_REDIRECT_URL = "msauth://Microsoft.AAD.BrokerPlugin/";
    public static final String JWS_ALGORITHM = "SHA256withRSA";
    public static final String JWT_BEARER_REQUEST = "grant_type=urn%3aietf%3aparams%3aoauth%3agrant-type%3ajwt-bearer&request";
    public static final String NONCE_REQUEST_MSG = "grant_type=srv_challenge";
    public static final String REQUEST_HEADER_CLIENT_REQUEST_ID = "client-request-id";
    public static final String TAG = "com.microsoft.workaccount.authenticatorservice.DeviceTokenRequestHandler";
    public static final String WINDOWS_API_VERSION = "2.0";
    public static final String WINDOWS_API_VERSION_PARAM = "windows_api_version";
    public static ExecutorService sExecutorService = Executors.newCachedThreadPool();

    private URL constructTokenEndpointForAcquiringNonceAndDeviceToken(String str) throws MalformedURLException {
        return new URL(Uri.parse(str).buildUpon().appendPath("oauth2").appendPath(ResponseType.TOKEN).appendQueryParameter("windows_api_version", "2.0").toString());
    }

    /* JADX INFO: Access modifiers changed from: private */
    public byte[] getMessageByteStream(String str) {
        return str.getBytes("UTF-8");
    }

    private String getNonce(URL url, String str) throws IOException, JSONException {
        Map<String, String> jsonResponse;
        Logger.i(TAG, "Starting to request for nonce");
        TreeMap treeMap = new TreeMap();
        treeMap.put("client-request-id", str);
        treeMap.put(HttpConstants.HeaderField.CONTENT_TYPE, "application/x-www-form-urlencoded");
        String str2 = null;
        HttpResponse sendPost = HttpRequest.sendPost(url, treeMap, "grant_type=srv_challenge".getBytes("UTF-8"), null);
        if (sendPost.getStatusCode() == 200 && (str2 = (jsonResponse = JoinedAccountRequestHandler.getJsonResponse(sendPost.getBody())).get("nonce")) == null) {
            str2 = jsonResponse.get("Nonce");
        }
        String str3 = TAG + ":getNonce";
        StringBuilder sb = new StringBuilder();
        sb.append("Nonce not null :");
        sb.append(str2 != null);
        sb.append(" response code: ");
        sb.append(sendPost.getStatusCode());
        Logger.i(str3, sb.toString());
        return str2;
    }

    private String signWithDeviceKey(String str, WorkplaceJoinData workplaceJoinData) throws NoSuchAlgorithmException, InvalidKeyException, UnsupportedEncodingException, SignatureException {
        Logger.i(TAG + "signWithDeviceKey", "Attempting to sign with Device key");
        Signature signature = Signature.getInstance("SHA256withRSA");
        signature.initSign(workplaceJoinData.getCertificateData().getDevicePrivateKey());
        signature.update(str.getBytes("UTF-8"));
        return StringExtensions.encodeBase64URLSafeString(signature.sign());
    }

    public String getDeviceTokenRequestBody(WorkplaceJoinData workplaceJoinData, Bundle bundle, String str) throws CertificateEncodingException, IOException, NoSuchAlgorithmException, InvalidKeyException, SignatureException, JSONException {
        Logger.v(TAG + "getDeviceTokenRequestBody", "Constructing device token request Body.");
        JoinedAccountRequest joinedAccountRequest = new JoinedAccountRequest();
        joinedAccountRequest.setType();
        joinedAccountRequest.setAlg("RS256");
        joinedAccountRequest.setCert(new String(Base64.encode(workplaceJoinData.getCertificateData().getX509Cert().getEncoded(), 2), "UTF-8"));
        JoinedAccountRequest joinedAccountRequest2 = new JoinedAccountRequest();
        joinedAccountRequest2.setClientId("29d9ed98-a469-4536-ade2-f981bc1d605e");
        joinedAccountRequest2.setNonce(getNonce(constructTokenEndpointForAcquiringNonceAndDeviceToken(str), bundle.getString("correlation_id")));
        joinedAccountRequest2.setResource(bundle.getString(AuthenticationConstants.AAD.RESOURCE));
        joinedAccountRequest2.setRedirectUri(DEVICE_TOKEN_REDIRECT_URL);
        joinedAccountRequest2.setIssuer(DEVICE_TOKEN_ISSUER);
        if (bundle.containsKey("scope")) {
            joinedAccountRequest2.setJwtScope(bundle.getString("scope"));
        }
        joinedAccountRequest2.setGrantType(DEVICE_TOKEN_GRANT_TYPE);
        String generateJWT = JoinedAccountRequestHandler.generateJWT(joinedAccountRequest, joinedAccountRequest2);
        return "grant_type=urn%3aietf%3aparams%3aoauth%3agrant-type%3ajwt-bearer&request=" + (generateJWT + BrokerUtility.VERSION_DELIMITER + signWithDeviceKey(generateJWT, workplaceJoinData));
    }

    public ResultFuture<HttpResponse> requestDeviceToken(final String str, Bundle bundle, String str2) throws MalformedURLException {
        final TreeMap treeMap = new TreeMap();
        treeMap.put("client-request-id", bundle.getString("correlation_id"));
        treeMap.putAll(Device.getPlatformIdParameters());
        treeMap.put("x-client-brkrver", "3.4.1");
        treeMap.put(HttpConstants.HeaderField.CONTENT_TYPE, "application/x-www-form-urlencoded");
        final ResultFuture<HttpResponse> resultFuture = new ResultFuture<>();
        final URL constructTokenEndpointForAcquiringNonceAndDeviceToken = constructTokenEndpointForAcquiringNonceAndDeviceToken(str2);
        sExecutorService.execute(new Runnable() { // from class: com.microsoft.workaccount.authenticatorservice.DeviceTokenRequestHandler.1
            @Override // java.lang.Runnable
            public void run() {
                try {
                    resultFuture.setResult(HttpRequest.sendPost(constructTokenEndpointForAcquiringNonceAndDeviceToken, treeMap, DeviceTokenRequestHandler.this.getMessageByteStream(str), null));
                } catch (Throwable th) {
                    resultFuture.setException(th instanceof Exception ? th : new Exception(th));
                }
            }
        });
        return resultFuture;
    }
}
