package com.microsoft.aad.adal;

import android.content.Context;
import com.microsoft.aad.adal.AuthenticationResult;
import e.a.a.a.a;
import java.io.IOException;
import java.net.MalformedURLException;
import java.util.ArrayList;
import java.util.Iterator;

/* loaded from: classes2.dex */
public class AcquireTokenSilentHandler {
    public static final String TAG = "AcquireTokenSilentHandler";
    public boolean mAttemptedWithMRRT = false;
    public final AuthenticationRequest mAuthRequest;
    public final Context mContext;
    public TokenCacheItem mMrrtTokenCacheItem;
    public final TokenCacheAccessor mTokenCacheAccessor;
    public IWebRequestHandler mWebRequestHandler;

    public AcquireTokenSilentHandler(Context context, AuthenticationRequest authenticationRequest, TokenCacheAccessor tokenCacheAccessor) {
        this.mWebRequestHandler = null;
        if (context == null) {
            throw new IllegalArgumentException("context");
        }
        if (authenticationRequest == null) {
            throw new IllegalArgumentException("authRequest");
        }
        this.mContext = context;
        this.mAuthRequest = authenticationRequest;
        this.mTokenCacheAccessor = tokenCacheAccessor;
        this.mWebRequestHandler = new WebRequestHandler();
    }

    private AuthenticationResult acquireTokenWithCachedItem(TokenCacheItem tokenCacheItem) throws AuthenticationException {
        if (StringExtensions.f(tokenCacheItem.getRefreshToken())) {
            Logger.v(TAG, "Token cache item contains empty refresh token, cannot continue refresh token request", this.mAuthRequest.getLogInfo(), null);
            return null;
        }
        AuthenticationResult a = a(tokenCacheItem.getRefreshToken());
        if (a != null && !a.isExtendedLifeTimeToken()) {
            TokenCacheAccessor tokenCacheAccessor = this.mTokenCacheAccessor;
            String resource = this.mAuthRequest.getResource();
            String clientId = this.mAuthRequest.getClientId();
            if (tokenCacheAccessor == null) {
                throw null;
            }
            if (a.getStatus() == AuthenticationResult.AuthenticationStatus.Succeeded) {
                Logger.v(TokenCacheAccessor.TAG, "Save returned AuthenticationResult into cache.");
                if (tokenCacheItem.getUserInfo() != null && a.getUserInfo() == null) {
                    a.setUserInfo(tokenCacheItem.getUserInfo());
                    a.setIdToken(tokenCacheItem.getRawIdToken());
                    a.setTenantId(tokenCacheItem.getTenantId());
                }
                try {
                    tokenCacheAccessor.i(resource, clientId, a);
                } catch (MalformedURLException e2) {
                    throw new AuthenticationException(ADALError.DEVELOPER_AUTHORITY_IS_NOT_VALID_URL, e2.getMessage(), e2);
                }
            } else if ("invalid_grant".equalsIgnoreCase(a.getErrorCode())) {
                Logger.v(TokenCacheAccessor.TAG, "Received INVALID_GRANT error code, remove existing cache entry.");
                tokenCacheAccessor.h(tokenCacheItem, resource);
            }
        }
        return a;
    }

    private boolean isMRRTEntryExisted() throws AuthenticationException {
        try {
            TokenCacheItem d = this.mTokenCacheAccessor.d(this.mAuthRequest.getClientId(), this.mAuthRequest.getUserFromRequest());
            return (d == null || StringExtensions.f(d.getRefreshToken())) ? false : true;
        } catch (MalformedURLException e2) {
            throw new AuthenticationException(ADALError.DEVELOPER_AUTHORITY_IS_NOT_VALID_URL, e2.getMessage(), e2);
        }
    }

    private boolean isTokenRequestFailed(AuthenticationResult authenticationResult) {
        return (authenticationResult == null || StringExtensions.f(authenticationResult.getErrorCode())) ? false : true;
    }

    private AuthenticationResult tryFRT(String str, AuthenticationResult authenticationResult) throws AuthenticationException {
        AuthenticationResult useMRRT;
        try {
            TokenCacheItem c = this.mTokenCacheAccessor.c(str, this.mAuthRequest.getUserFromRequest());
            if (c != null) {
                Logger.v(TAG, "Send request to use FRT for new AT.");
                AuthenticationResult acquireTokenWithCachedItem = acquireTokenWithCachedItem(c);
                return (!isTokenRequestFailed(acquireTokenWithCachedItem) || this.mAttemptedWithMRRT || (useMRRT = useMRRT()) == null) ? acquireTokenWithCachedItem : useMRRT;
            }
            if (this.mAttemptedWithMRRT) {
                return authenticationResult;
            }
            Logger.v(TAG, "FRT cache item does not exist, fall back to try MRRT.");
            return useMRRT();
        } catch (MalformedURLException e2) {
            throw new AuthenticationException(ADALError.DEVELOPER_AUTHORITY_IS_NOT_VALID_URL, e2.getMessage(), e2);
        }
    }

    private AuthenticationResult tryMRRT() throws AuthenticationException {
        try {
            TokenCacheItem d = this.mTokenCacheAccessor.d(this.mAuthRequest.getClientId(), this.mAuthRequest.getUserFromRequest());
            this.mMrrtTokenCacheItem = d;
            if (d == null) {
                Logger.v(TAG, "MRRT token does not exist, try with FRT");
                return tryFRT("1", null);
            }
            if (d.isFamilyToken()) {
                Logger.v(TAG, "MRRT item exists but it's also a FRT, try with FRT.");
                return tryFRT(this.mMrrtTokenCacheItem.getFamilyClientId(), null);
            }
            AuthenticationResult useMRRT = useMRRT();
            if (isTokenRequestFailed(useMRRT)) {
                useMRRT = tryFRT(StringExtensions.f(this.mMrrtTokenCacheItem.getFamilyClientId()) ? "1" : this.mMrrtTokenCacheItem.getFamilyClientId(), useMRRT);
            }
            if (StringExtensions.f(this.mAuthRequest.getUserFromRequest())) {
                TokenCacheAccessor tokenCacheAccessor = this.mTokenCacheAccessor;
                String clientId = this.mAuthRequest.getClientId();
                Iterator<TokenCacheItem> all = tokenCacheAccessor.mTokenCacheStore.getAll();
                ArrayList arrayList = new ArrayList();
                while (all.hasNext()) {
                    TokenCacheItem next = all.next();
                    if (next.getAuthority().equalsIgnoreCase(tokenCacheAccessor.mAuthority) && next.getClientId().equalsIgnoreCase(clientId) && (next.getIsMultiResourceRefreshToken() || StringExtensions.f(next.getResource()))) {
                        arrayList.add(next);
                    }
                }
                if (arrayList.size() > 1) {
                    throw new AuthenticationException(ADALError.AUTH_FAILED_USER_MISMATCH, "No User provided and multiple MRRTs exist for the given client id");
                }
            }
            return useMRRT;
        } catch (MalformedURLException e2) {
            throw new AuthenticationException(ADALError.DEVELOPER_AUTHORITY_IS_NOT_VALID_URL, e2.getMessage(), e2);
        }
    }

    private AuthenticationResult tryRT() throws AuthenticationException {
        try {
            TokenCacheItem e2 = this.mTokenCacheAccessor.e(this.mAuthRequest.getResource(), this.mAuthRequest.getClientId(), this.mAuthRequest.getUserFromRequest());
            if (e2 == null) {
                Logger.v(TAG, "Regular token cache entry does not exist, try with MRRT.");
                return tryMRRT();
            }
            if (e2.getIsMultiResourceRefreshToken() || isMRRTEntryExisted()) {
                Logger.v(TAG, e2.getIsMultiResourceRefreshToken() ? "Found RT and it's also a MRRT, retry with MRRT" : "RT is found and there is a MRRT entry existed, try with MRRT");
                return tryMRRT();
            }
            if (StringExtensions.f(this.mAuthRequest.getUserFromRequest()) && this.mTokenCacheAccessor.g(this.mAuthRequest.getClientId(), this.mAuthRequest.getResource())) {
                throw new AuthenticationException(ADALError.AUTH_FAILED_USER_MISMATCH, "Multiple refresh tokens exists for the given client id and resource");
            }
            Logger.v(TAG, "Send request to use regular RT for new AT.");
            return acquireTokenWithCachedItem(e2);
        } catch (MalformedURLException e3) {
            throw new AuthenticationException(ADALError.DEVELOPER_AUTHORITY_IS_NOT_VALID_URL, e3.getMessage(), e3);
        }
    }

    private AuthenticationResult useMRRT() throws AuthenticationException {
        Logger.v(TAG, "Send request to use MRRT for new AT.");
        this.mAttemptedWithMRRT = true;
        TokenCacheItem tokenCacheItem = this.mMrrtTokenCacheItem;
        if (tokenCacheItem != null) {
            return acquireTokenWithCachedItem(tokenCacheItem);
        }
        Logger.v(TAG, "MRRT does not exist, cannot proceed with MRRT for new AT.");
        return null;
    }

    public AuthenticationResult a(String str) throws AuthenticationException {
        Logger.v(TAG, "Try to get new access token with the found refresh token.", this.mAuthRequest.getLogInfo(), null);
        HttpWebRequest.a(this.mContext);
        try {
            AuthenticationResult refreshToken = new Oauth2(this.mAuthRequest, this.mWebRequestHandler, new JWSBuilder()).refreshToken(str);
            if (refreshToken != null && StringExtensions.f(refreshToken.getRefreshToken())) {
                Logger.i(TAG, "Refresh token is not returned or empty", "");
                refreshToken.setRefreshToken(str);
            }
            return refreshToken;
        } catch (ServerRespondingWithRetryableException e2) {
            String str2 = TAG;
            StringBuilder a0 = a.a0("The server is not responding after the retry with error code: ");
            a0.append(e2.getCode());
            Logger.i(str2, a0.toString(), "");
            TokenCacheItem f2 = this.mTokenCacheAccessor.f(this.mAuthRequest);
            if (f2 != null) {
                AuthenticationResult createExtendedLifeTimeResult = AuthenticationResult.createExtendedLifeTimeResult(f2);
                Logger.i(TAG, "The result with stale access token is returned.", "");
                return createExtendedLifeTimeResult;
            }
            String str3 = TAG;
            StringBuilder a02 = a.a0("Error in refresh token for request:");
            a02.append(this.mAuthRequest.getLogInfo());
            Logger.e(str3, a02.toString(), ExceptionExtensions.a(e2), ADALError.AUTH_FAILED_NO_TOKEN, new AuthenticationException(ADALError.SERVER_ERROR, e2.getMessage()));
            throw new AuthenticationException(ADALError.AUTH_FAILED_NO_TOKEN, ExceptionExtensions.a(e2), new AuthenticationException(ADALError.SERVER_ERROR, e2.getMessage()));
        } catch (AuthenticationException e3) {
            e = e3;
            String str4 = TAG;
            StringBuilder a03 = a.a0("Error in refresh token for request:");
            a03.append(this.mAuthRequest.getLogInfo());
            Logger.e(str4, a03.toString(), ExceptionExtensions.a(e), ADALError.AUTH_FAILED_NO_TOKEN, new AuthenticationException(ADALError.SERVER_ERROR, e.getMessage()));
            throw new AuthenticationException(ADALError.AUTH_FAILED_NO_TOKEN, ExceptionExtensions.a(e), new AuthenticationException(ADALError.SERVER_ERROR, e.getMessage()));
        } catch (IOException e4) {
            e = e4;
            String str42 = TAG;
            StringBuilder a032 = a.a0("Error in refresh token for request:");
            a032.append(this.mAuthRequest.getLogInfo());
            Logger.e(str42, a032.toString(), ExceptionExtensions.a(e), ADALError.AUTH_FAILED_NO_TOKEN, new AuthenticationException(ADALError.SERVER_ERROR, e.getMessage()));
            throw new AuthenticationException(ADALError.AUTH_FAILED_NO_TOKEN, ExceptionExtensions.a(e), new AuthenticationException(ADALError.SERVER_ERROR, e.getMessage()));
        }
    }

    public AuthenticationResult b() throws AuthenticationException {
        TokenCacheAccessor tokenCacheAccessor = this.mTokenCacheAccessor;
        if (tokenCacheAccessor == null) {
            return null;
        }
        TokenCacheItem a = tokenCacheAccessor.a(this.mAuthRequest.getResource(), this.mAuthRequest.getClientId(), this.mAuthRequest.getUserFromRequest());
        if (a == null) {
            Logger.v(TAG, "No valid access token exists, try with refresh token.");
            return tryRT();
        }
        Logger.v(TAG, "Return AT from cache.");
        return AuthenticationResult.createResult(a);
    }
}
