package com.microsoft.identity.common.internal.broker;

import android.accounts.Account;
import android.content.Context;
import android.net.Uri;
import android.text.TextUtils;
import android.util.Base64;
import com.google.gson.Gson;
import com.microsoft.identity.client.BrokerOperationParametersUtils;
import com.microsoft.identity.client.BrokerUtils;
import com.microsoft.identity.common.adal.internal.AuthenticationConstants;
import com.microsoft.identity.common.adal.internal.util.StringExtensions;
import com.microsoft.identity.common.exception.ClientException;
import com.microsoft.identity.common.exception.ErrorStrings;
import com.microsoft.identity.common.exception.IntuneAppProtectionPolicyRequiredException;
import com.microsoft.identity.common.exception.ServiceException;
import com.microsoft.identity.common.exception.UiRequiredException;
import com.microsoft.identity.common.internal.authorities.Authority;
import com.microsoft.identity.common.internal.authorities.AzureActiveDirectoryAudience;
import com.microsoft.identity.common.internal.authorities.AzureActiveDirectoryAuthority;
import com.microsoft.identity.common.internal.authscheme.AbstractAuthenticationScheme;
import com.microsoft.identity.common.internal.authscheme.PopAuthenticationSchemeInternal;
import com.microsoft.identity.common.internal.cache.registry.BrokerApplicationRegistryData;
import com.microsoft.identity.common.internal.cache.registry.DefaultBrokerApplicationRegistry;
import com.microsoft.identity.common.internal.commands.parameters.BrokerSilentTokenCommandParameters;
import com.microsoft.identity.common.internal.controllers.ExceptionAdapter;
import com.microsoft.identity.common.internal.eststelemetry.EstsTelemetry;
import com.microsoft.identity.common.internal.logging.DiagnosticContext;
import com.microsoft.identity.common.internal.logging.Logger;
import com.microsoft.identity.common.internal.net.HttpRequest;
import com.microsoft.identity.common.internal.net.HttpResponse;
import com.microsoft.identity.common.internal.platform.Device;
import com.microsoft.identity.common.internal.platform.IDevicePopManager;
import com.microsoft.identity.common.internal.providers.microsoft.microsoftsts.MicrosoftStsTokenResponse;
import com.microsoft.identity.common.internal.providers.oauth2.TokenErrorResponse;
import com.microsoft.identity.common.internal.providers.oauth2.TokenRequest;
import com.microsoft.identity.common.internal.request.SdkType;
import com.microsoft.identity.common.internal.telemetry.CliTelemInfo;
import com.microsoft.identity.common.internal.util.HeaderSerializationUtil;
import com.microsoft.identity.common.internal.util.ObjectUtils;
import com.microsoft.identity.common.internal.util.StringUtil;
import com.microsoft.workaccount.authenticatorservice.KeyHandler;
import com.microsoft.workaccount.workplacejoin.AccountManagerStorageHelper;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.MalformedURLException;
import java.net.SocketTimeoutException;
import java.net.URL;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.SignatureException;
import java.security.cert.CertificateEncodingException;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.TreeMap;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.TimeoutException;
import org.json.JSONException;
import org.json.JSONObject;

/* loaded from: classes3.dex */
public class JoinedAccountRequestHandler {
    public static final int AGE_OF_PRT_BEFORE_REFRESH_IN_HOURS = 4;
    private static final String BROKER_CLIENT_ID = "29d9ed98-a469-4536-ade2-f981bc1d605e";
    private static final String CONTENT_TYPE_FORM_URL_ENCODED = "application/x-www-form-urlencoded";
    private static final String JWT_BEARER_REQUEST = "grant_type=urn%3aietf%3aparams%3aoauth%3agrant-type%3ajwt-bearer&request";
    public static final int MAXIMUM_PRT_LOCK_AQUIRE_ATTEMPTS = 2;
    private static final String MICROSOFT_ENROLLMENT_PARAM = "microsoft_enrollment_id";
    private static final String NONCE_REQUEST_MSG = "grant_type=srv_challenge";
    public static final int PRT_ATTEMPT_SLEEP_TIME_IN_MILLISECONDS = 5000;
    private static final String REQUEST_HEADER_CLIENT_REQUEST_ID = "client-request-id";
    private static final int SECONDS_EXPIRE = 300;
    private static final String TAG = "com.microsoft.identity.common.internal.broker.JoinedAccountRequestHandler";
    private static final String WINDOWS_API_VERSION = "2.0";
    private static final String WINDOWS_API_VERSION_PARAM = "windows_api_version";
    public static final int sPRTSetupTotalTimeInMilliSeconds = 120000;
    private AccountManagerStorageHelper mAccountManagerStorageHelper;
    private Context mContext;
    private KeyHandler mKeyHandler;

    public JoinedAccountRequestHandler(Context context, AccountManagerStorageHelper accountManagerStorageHelper) {
        this.mContext = context;
        this.mAccountManagerStorageHelper = accountManagerStorageHelper;
        this.mKeyHandler = new KeyHandler(this.mContext);
    }

    private void addClientToBrokerAppRegistry(BrokerSilentTokenCommandParameters brokerSilentTokenCommandParameters) {
        DefaultBrokerApplicationRegistry defaultBrokerApplicationRegistry = new DefaultBrokerApplicationRegistry(this.mContext);
        BrokerApplicationRegistryData brokerApplicationRegistryData = new BrokerApplicationRegistryData();
        brokerApplicationRegistryData.setWpjAccountAccessAllowed(true);
        brokerApplicationRegistryData.setClientId(brokerSilentTokenCommandParameters.getClientId());
        brokerApplicationRegistryData.setUid(brokerSilentTokenCommandParameters.getCallerUid());
        String pRTAuthority = this.mAccountManagerStorageHelper.getPRTAuthority(brokerSilentTokenCommandParameters.getAccountManagerAccount());
        if (!TextUtils.isEmpty(pRTAuthority)) {
            brokerApplicationRegistryData.setEnvironment(BrokerUtils.getEnvironmentFromAuthority(pRTAuthority));
        }
        defaultBrokerApplicationRegistry.insert(brokerApplicationRegistryData);
    }

    private ClientException constructClientException(Exception exc) {
        return exc instanceof MalformedURLException ? new ClientException(ErrorStrings.AUTHORITY_URL_NOT_VALID, exc.getMessage()) : exc instanceof SocketTimeoutException ? new ClientException("device_network_not_available", exc.getMessage()) : exc instanceof IOException ? new ClientException("io_error", exc.getMessage()) : ((exc instanceof NoSuchAlgorithmException) || (exc instanceof SignatureException) || (exc instanceof InvalidKeyException)) ? new ClientException(ErrorStrings.SIGNATURE_EXCEPTION, "Signing with device certificate failed, unable to create a valid signed JWT body for PRT request", exc) : exc instanceof CertificateEncodingException ? new ClientException(ErrorStrings.CERTIFICATE_ENCODING_ERROR, "Unable to retrieve encoded certificate to sign the JWT", exc) : new ClientException("unknown_error", "Saw an exception we did not understand how to interpret", exc);
    }

    private static String constructTokenEndpointForAcquiringAT(URL url) {
        return url + "/oauth2/v2.0/token";
    }

    private static String constructTokenEndpointForAcquiringPRT(URL url) {
        return new Uri.Builder().scheme("https").authority(url.getAuthority()).appendPath("common").appendPath("oauth2").appendPath("v2.0").appendPath("token").appendQueryParameter(WINDOWS_API_VERSION_PARAM, "2.0").toString();
    }

    private static String generateJWT(JoinedAccountRequest joinedAccountRequest, JoinedAccountRequest joinedAccountRequest2) throws UnsupportedEncodingException {
        Logger.verbose(TAG, "Generating JWT.");
        return StringExtensions.encodeBase64URLSafeString(new Gson().toJson(joinedAccountRequest).getBytes("UTF-8")) + "." + StringExtensions.encodeBase64URLSafeString(new Gson().toJson(joinedAccountRequest2).getBytes("UTF-8"));
    }

    private Authority getAuthorityForPrtRequest(PrimaryRefreshToken primaryRefreshToken, Account account, Authority authority, String str) {
        if (primaryRefreshToken != null && !TextUtils.isEmpty(primaryRefreshToken.getRefreshToken()) && !TextUtils.isEmpty(primaryRefreshToken.getAuthority())) {
            return Authority.getAuthorityFromAuthorityUrl(primaryRefreshToken.getAuthority());
        }
        String bRTAuthority = this.mAccountManagerStorageHelper.getBRTAuthority(account);
        if (!TextUtils.isEmpty(bRTAuthority)) {
            return Authority.getAuthorityFromAuthorityUrl(bRTAuthority);
        }
        Logger.warn(TAG, "Unable to get either BRT or PRT authority, sending a request to get DRSMetadata");
        try {
            return Authority.getAuthorityFromAuthorityUrl(BrokerUtils.getJoinedAccountAuthority(BrokerOperationParametersUtils.getDRSMetadata(this.mContext, account.name, str).getAuthCodeUrl()));
        } catch (ClientException e) {
            e = e;
            Logger.error(TAG, "Unable to perform DRS discovery ", e);
            Logger.warn(TAG, "No authority found for PRT or BRT or from DRS metadata, using request authority:" + authority);
            return authority;
        } catch (InterruptedException e2) {
            Logger.error(TAG, "Interrupted while DRS discovery ", e2);
            Thread.currentThread().interrupt();
            Logger.warn(TAG, "No authority found for PRT or BRT or from DRS metadata, using request authority:" + authority);
            return authority;
        } catch (TimeoutException e3) {
            e = e3;
            Logger.error(TAG, "Unable to perform DRS discovery ", e);
            Logger.warn(TAG, "No authority found for PRT or BRT or from DRS metadata, using request authority:" + authority);
            return authority;
        }
    }

    private static String getContextStringForHeader(IKeyHandler iKeyHandler) throws UnsupportedEncodingException {
        return new String(Base64.encode(iKeyHandler.getDerivedSessionKey().getCtx(), 3), "UTF-8");
    }

    private static Map<String, String> getJsonResponse(String str) throws JSONException {
        HashMap hashMap = new HashMap();
        JSONObject jSONObject = new JSONObject(str);
        Iterator<String> keys = jSONObject.keys();
        while (keys.hasNext()) {
            String next = keys.next();
            hashMap.put(next, jSONObject.getString(next));
        }
        return hashMap;
    }

    private String getNonce(String str, String str2) throws IOException, JSONException {
        Map<String, String> jsonResponse;
        Logger.info(TAG, "Starting to request for nonce.");
        TreeMap treeMap = new TreeMap();
        treeMap.put("client-request-id", str2);
        treeMap.put("Content-Type", CONTENT_TYPE_FORM_URL_ENCODED);
        String str3 = null;
        HttpResponse sendPost = HttpRequest.sendPost(new URL(str), treeMap, NONCE_REQUEST_MSG.getBytes("UTF-8"), null);
        if (sendPost.getStatusCode() == 200 && (str3 = (jsonResponse = getJsonResponse(sendPost.getBody())).get("nonce")) == null) {
            str3 = jsonResponse.get("Nonce");
        }
        String str4 = TAG + ":getNonce";
        StringBuilder sb = new StringBuilder();
        sb.append("Nonce not null :");
        sb.append(str3 != null);
        sb.append(" response code: ");
        sb.append(sendPost.getStatusCode());
        Logger.info(str4, sb.toString());
        return str3;
    }

    private String getPrtAuthorityForHomeTenant(String str, Account account) throws ClientException {
        String pRTAuthority = this.mAccountManagerStorageHelper.getPRTAuthority(account);
        Uri parse = Uri.parse(str);
        String str2 = parse.getPathSegments().get(0);
        if (TextUtils.isEmpty(pRTAuthority)) {
            Logger.warn(TAG, "PRT authority is null, using passed in authority " + str);
            return str;
        }
        if (parse.getAuthority().equalsIgnoreCase(Uri.parse(pRTAuthority).getAuthority())) {
            return str;
        }
        if (parse.getAuthority().equalsIgnoreCase("login.microsoftonline.com") && (str2.equalsIgnoreCase("common") || str2.equalsIgnoreCase(AzureActiveDirectoryAudience.ORGANIZATIONS))) {
            return pRTAuthority;
        }
        Logger.warn(TAG, "Passed in authority host doesn't match with prt authority, request authority: " + str + " ,prt authority: " + pRTAuthority);
        throw new ClientException(ErrorStrings.AUTHORITY_URL_NOT_VALID, "Authority Url cloud passed  in doesn't match with the device joined account cloud.");
    }

    private String getPrtRequestBody(IKeyHandler iKeyHandler, String str) throws IOException, NoSuchAlgorithmException, InvalidKeyException, SignatureException, CertificateEncodingException {
        Logger.info(TAG, "Building request for acquiring PRT with RT.");
        JoinedAccountRequest joinedAccountRequest = new JoinedAccountRequest();
        joinedAccountRequest.setType();
        joinedAccountRequest.setAlg(JoinedAccountRequest.ALG_VALUE_RS256);
        joinedAccountRequest.setCert(iKeyHandler.getDeviceCertX5c());
        JoinedAccountRequest joinedAccountRequest2 = new JoinedAccountRequest();
        joinedAccountRequest2.setRefreshToken(str);
        joinedAccountRequest2.setClientId("29d9ed98-a469-4536-ade2-f981bc1d605e");
        joinedAccountRequest2.setJwtScope("aza openid email");
        joinedAccountRequest2.setGrantType("refresh_token");
        String generateJWT = generateJWT(joinedAccountRequest, joinedAccountRequest2);
        return "grant_type=urn%3aietf%3aparams%3aoauth%3agrant-type%3ajwt-bearer&request=" + (generateJWT + "." + iKeyHandler.signWithDeviceKey(generateJWT));
    }

    private String getPrtRequestBodyWithPrt(IKeyHandler iKeyHandler, String str, String str2, Authority authority) throws IOException, NoSuchAlgorithmException, InvalidKeyException, SignatureException, CertificateEncodingException, ClientException, JSONException {
        Logger.info(TAG, "Building request for acquiring PRT with PRT.");
        JoinedAccountRequest joinedAccountRequest = new JoinedAccountRequest();
        joinedAccountRequest.setType();
        joinedAccountRequest.setAlg(JoinedAccountRequest.ALG_VALUE_HS256);
        joinedAccountRequest.setCtx(getContextStringForHeader(this.mKeyHandler));
        JoinedAccountRequest joinedAccountRequest2 = new JoinedAccountRequest();
        joinedAccountRequest2.setIssuer("29d9ed98-a469-4536-ade2-f981bc1d605e");
        long seconds = TimeUnit.MILLISECONDS.toSeconds(System.currentTimeMillis());
        joinedAccountRequest2.setIat(seconds);
        joinedAccountRequest2.setNBF(seconds);
        joinedAccountRequest2.setExp(seconds, 300L);
        joinedAccountRequest2.setJwtScope("aza openid email");
        joinedAccountRequest2.setGrantType("refresh_token");
        joinedAccountRequest2.setClientId("29d9ed98-a469-4536-ade2-f981bc1d605e");
        joinedAccountRequest2.setNonce(getNonce(constructTokenEndpointForAcquiringPRT(authority.getAuthorityURL()), str2));
        joinedAccountRequest2.setRefreshToken(str);
        String generateJWT = generateJWT(joinedAccountRequest, joinedAccountRequest2);
        return "grant_type=urn%3aietf%3aparams%3aoauth%3agrant-type%3ajwt-bearer&request=" + (generateJWT + "." + iKeyHandler.signWithDerivedSessionKey(generateJWT));
    }

    private String getPrtRequestMessage(Account account, Authority authority, String str, PrimaryRefreshToken primaryRefreshToken) throws IOException, NoSuchAlgorithmException, InvalidKeyException, SignatureException, CertificateEncodingException, ClientException, JSONException, UiRequiredException {
        String str2 = TAG + ":getPrtRequestMessage";
        if (!TextUtils.isEmpty(primaryRefreshToken.getRefreshToken())) {
            Logger.info(str2, str, "Have an existing PRT, attempting to use it to refresh PRT.");
            return getPrtRequestBodyWithPrt(this.mKeyHandler, primaryRefreshToken.getRefreshToken(), str, authority);
        }
        Logger.info(str2, str, "PRT doesn't exist in AccountManager, checking for Broker RT");
        String brt = this.mAccountManagerStorageHelper.getBRT(account);
        if (TextUtils.isEmpty(brt)) {
            Logger.error(str2, str, "Broker RT is null or empty", null);
            throw new UiRequiredException(ErrorStrings.INVALID_BROKER_REFRESH_TOKEN, "Broker RT is null or empty");
        }
        Logger.info(str2, str, "Broker Rt available, Requesting PRT with Broker RT");
        return getPrtRequestBody(this.mKeyHandler, brt);
    }

    private String getRequestBodyForTokenRequest(String str, BrokerSilentTokenCommandParameters brokerSilentTokenCommandParameters, URL url) throws IOException, JSONException, ClientException {
        JoinedAccountRequest joinedAccountRequest = new JoinedAccountRequest();
        joinedAccountRequest.setType();
        joinedAccountRequest.setAlg(JoinedAccountRequest.ALG_VALUE_HS256);
        joinedAccountRequest.setCtx(getContextStringForHeader(this.mKeyHandler));
        JoinedAccountRequest joinedAccountRequest2 = new JoinedAccountRequest();
        joinedAccountRequest2.setAudience(url.toString());
        joinedAccountRequest2.setIssuer("29d9ed98-a469-4536-ade2-f981bc1d605e");
        Logger.info(TAG, brokerSilentTokenCommandParameters.getCorrelationId(), "Token request with PRT, constructing redirect with calling app package name and signature.is : " + brokerSilentTokenCommandParameters.getRedirectUri());
        long seconds = TimeUnit.MILLISECONDS.toSeconds(System.currentTimeMillis());
        joinedAccountRequest2.setIat(seconds);
        joinedAccountRequest2.setNBF(seconds);
        joinedAccountRequest2.setExp(seconds, 300L);
        joinedAccountRequest2.setJwtScope(TextUtils.join(" ", brokerSilentTokenCommandParameters.getScopes()));
        joinedAccountRequest2.setGrantType("refresh_token");
        joinedAccountRequest2.setClientId(brokerSilentTokenCommandParameters.getClientId());
        joinedAccountRequest2.setNonce(getNonce(constructTokenEndpointForAcquiringAT(url), brokerSilentTokenCommandParameters.getCorrelationId()));
        joinedAccountRequest2.setRefreshToken(str);
        String generateJWT = generateJWT(joinedAccountRequest, joinedAccountRequest2);
        String str2 = generateJWT + "." + this.mKeyHandler.signWithDerivedSessionKey(generateJWT);
        Uri.Builder builder = new Uri.Builder();
        builder.appendQueryParameter(WINDOWS_API_VERSION_PARAM, "2.0");
        builder.appendQueryParameter("redirect_uri", brokerSilentTokenCommandParameters.getRedirectUri());
        builder.appendQueryParameter("client_info", "1");
        builder.appendQueryParameter("client_id", brokerSilentTokenCommandParameters.getClientId());
        builder.appendQueryParameter(JWT_BEARER_REQUEST, str2);
        if (!TextUtils.isEmpty(brokerSilentTokenCommandParameters.getClaimsRequestJson())) {
            builder.appendQueryParameter("claims", brokerSilentTokenCommandParameters.getClaimsRequestJson());
        }
        if (brokerSilentTokenCommandParameters.getSdkType() == SdkType.ADAL) {
            builder.appendQueryParameter("itver", "1");
        }
        if (!TextUtils.isEmpty(brokerSilentTokenCommandParameters.getCallerPackageName())) {
            builder.appendQueryParameter("x-app-name", brokerSilentTokenCommandParameters.getCallerPackageName());
        }
        if (!TextUtils.isEmpty(brokerSilentTokenCommandParameters.getCallerAppVersion())) {
            builder.appendQueryParameter("x-app-ver", brokerSilentTokenCommandParameters.getCallerAppVersion());
        }
        String microsoftEnrollmentId = BrokerUtils.getMicrosoftEnrollmentId(brokerSilentTokenCommandParameters);
        if (!TextUtils.isEmpty(microsoftEnrollmentId)) {
            builder.appendQueryParameter("microsoft_enrollment_id", microsoftEnrollmentId);
        }
        AbstractAuthenticationScheme authenticationScheme = brokerSilentTokenCommandParameters.getAuthenticationScheme();
        if (authenticationScheme != null && PopAuthenticationSchemeInternal.SCHEME_POP.equalsIgnoreCase(authenticationScheme.getName())) {
            builder.appendQueryParameter("token_type", TokenRequest.TokenType.POP);
            IDevicePopManager devicePoPManagerInstance = Device.getDevicePoPManagerInstance();
            if (!devicePoPManagerInstance.asymmetricKeyExists()) {
                String generateAsymmetricKey = devicePoPManagerInstance.generateAsymmetricKey(brokerSilentTokenCommandParameters.getAndroidApplicationContext());
                Logger.verbosePII(TAG, "Generated new PoP asymmetric key with thumbprint: " + generateAsymmetricKey);
            }
            builder.appendQueryParameter("req_cnf", devicePoPManagerInstance.getRequestConfirmation());
        }
        return builder.build().getQuery();
    }

    public static String getResolveInterruptRefreshCredential(Account account, IKeyHandler iKeyHandler, Authority authority) throws ClientException {
        Logger.info(TAG, "Generating the the refresh credential to resolve interrupt.");
        try {
            PrimaryRefreshToken prt = iKeyHandler.getPRT(account, constructTokenEndpointForAcquiringPRT(authority.getAuthorityURL()));
            if (TextUtils.isEmpty(prt.getRefreshToken())) {
                return "";
            }
            JoinedAccountRequest joinedAccountRequest = new JoinedAccountRequest();
            joinedAccountRequest.setType();
            joinedAccountRequest.setAlg(JoinedAccountRequest.ALG_VALUE_HS256);
            joinedAccountRequest.setKId("session");
            joinedAccountRequest.setCtx(getContextStringForHeader(iKeyHandler));
            JoinedAccountRequest joinedAccountRequest2 = new JoinedAccountRequest();
            long seconds = TimeUnit.MILLISECONDS.toSeconds(System.currentTimeMillis());
            joinedAccountRequest2.setIat(seconds);
            joinedAccountRequest2.setNBF(seconds);
            joinedAccountRequest2.setExp(seconds, 300L);
            joinedAccountRequest2.setJwtScope(AuthenticationConstants.OAuth2Scopes.OFFLINE_ACCESS_SCOPE + " openid profile " + AuthenticationConstants.OAuth2Scopes.AZA_SCOPE);
            joinedAccountRequest2.setRefreshToken(prt.getRefreshToken());
            String generateJWT = generateJWT(joinedAccountRequest, joinedAccountRequest2);
            return generateJWT + "." + iKeyHandler.signWithDerivedSessionKey(generateJWT);
        } catch (UnsupportedEncodingException e) {
            throw new ClientException("unsupported_encoding", e.getMessage());
        }
    }

    private static boolean isIntunePolicyRequiredError(TokenErrorResponse tokenErrorResponse) {
        return !TextUtils.isEmpty(tokenErrorResponse.getError()) && !TextUtils.isEmpty(tokenErrorResponse.getSubError()) && tokenErrorResponse.getError().equalsIgnoreCase("unauthorized_client") && tokenErrorResponse.getSubError().equalsIgnoreCase(AuthenticationConstants.OAuth2SubErrorCode.PROTECTION_POLICY_REQUIRED);
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r11v13, types: [com.microsoft.identity.common.exception.ServiceException] */
    /* JADX WARN: Type inference failed for: r11v3, types: [com.microsoft.identity.common.exception.ServiceException] */
    /* JADX WARN: Type inference failed for: r11v7, types: [com.microsoft.identity.common.exception.ServiceException] */
    private ServiceException parseAndConstructException(String str, String str2, String str3, BrokerSilentTokenCommandParameters brokerSilentTokenCommandParameters, HttpResponse httpResponse) {
        IntuneAppProtectionPolicyRequiredException intuneAppProtectionPolicyRequiredException;
        List<String> list;
        try {
            if (TextUtils.isEmpty(httpResponse.getBody())) {
                Logger.warn(TAG + ":parseAndThrowException", str3, "Json Parse error: Http Request body null or empty");
                intuneAppProtectionPolicyRequiredException = new ServiceException("json_parse_failure", "Http Request body null or empty", httpResponse.getStatusCode(), null);
            } else {
                Map<String, String> jsonResponse = getJsonResponse(httpResponse.getBody());
                String valueOf = TextUtils.isEmpty(jsonResponse.get("error")) ? String.valueOf(httpResponse.getStatusCode()) : jsonResponse.get("error");
                String str4 = jsonResponse.get(AuthenticationConstants.OAuth2.SUBERROR);
                String str5 = TextUtils.isEmpty(jsonResponse.get("error_description")) ? str : jsonResponse.get("error_description");
                Logger.warn(TAG + ":parseAndThrowException", str3, "Error from the server ." + str + ", " + str2 + ", " + httpResponse.getStatusCode());
                TokenErrorResponse tokenErrorResponse = new TokenErrorResponse();
                tokenErrorResponse.setError(valueOf);
                tokenErrorResponse.setSubError(str4);
                tokenErrorResponse.setErrorDescription(str5);
                tokenErrorResponse.setStatusCode(httpResponse.getStatusCode());
                tokenErrorResponse.setResponseBody(httpResponse.getBody());
                tokenErrorResponse.setResponseHeadersJson(HeaderSerializationUtil.toJson(httpResponse.getHeaders()));
                if (!isIntunePolicyRequiredError(tokenErrorResponse) || brokerSilentTokenCommandParameters == null) {
                    intuneAppProtectionPolicyRequiredException = ExceptionAdapter.getExceptionFromTokenErrorResponse(tokenErrorResponse);
                } else {
                    IntuneAppProtectionPolicyRequiredException intuneAppProtectionPolicyRequiredException2 = new IntuneAppProtectionPolicyRequiredException(tokenErrorResponse.getError(), tokenErrorResponse.getErrorDescription());
                    intuneAppProtectionPolicyRequiredException2.setOauthSubErrorCode(tokenErrorResponse.getSubError());
                    intuneAppProtectionPolicyRequiredException2.setHttpResponse(httpResponse);
                    setIntuneExceptionProperties(intuneAppProtectionPolicyRequiredException2, brokerSilentTokenCommandParameters);
                    addClientToBrokerAppRegistry(brokerSilentTokenCommandParameters);
                    intuneAppProtectionPolicyRequiredException = intuneAppProtectionPolicyRequiredException2;
                }
            }
        } catch (JSONException e) {
            Logger.error(TAG + ":parseAndThrowException", str3, "Json Parse error: Unable to parse Request body", e);
            intuneAppProtectionPolicyRequiredException = new ServiceException("json_parse_failure", "Unable to parse Request body ", httpResponse.getStatusCode(), e);
        }
        if (httpResponse.getHeaders() != null && (list = httpResponse.getHeaders().get(AuthenticationConstants.HeaderField.X_MS_CLITELEM)) != null && !list.isEmpty()) {
            ExceptionAdapter.applyCliTelemInfo(CliTelemInfo.fromXMsCliTelemHeader(list.get(0)), intuneAppProtectionPolicyRequiredException);
        }
        intuneAppProtectionPolicyRequiredException.setCorrelationId(str3);
        return intuneAppProtectionPolicyRequiredException;
    }

    private PrimaryRefreshToken parsePrtResponse(Map<String, String> map, Authority authority) {
        PrimaryRefreshToken primaryRefreshToken = new PrimaryRefreshToken();
        primaryRefreshToken.setIdToken(map.get("id_token"));
        primaryRefreshToken.setSessionKeyJwe(map.get(AuthenticationConstants.OAuth2.SESSION_KEY_JWE));
        primaryRefreshToken.setRefreshToken(map.get("refresh_token"));
        String str = map.get("cloud_instance_host_name");
        if (StringExtensions.isNullOrBlank(str)) {
            primaryRefreshToken.setAuthority(authority.getAuthorityURL().toString());
        } else {
            primaryRefreshToken.setAuthority(new Uri.Builder().scheme("https").authority(str).path(authority.getAuthorityURL().getPath()).build().toString().toLowerCase(Locale.US));
        }
        String str2 = map.get("expires_in");
        if (str2 != null) {
            primaryRefreshToken.setExpiresIn(Integer.parseInt(str2));
        }
        return primaryRefreshToken;
    }

    private PrimaryRefreshToken sendRequestToGetPrt(String str, Authority authority, String str2) throws JSONException, IOException, ServiceException {
        Logger.info(TAG, "Sending request to get PRT with broker RT.");
        TreeMap treeMap = new TreeMap();
        treeMap.put("client-request-id", str2);
        treeMap.putAll(Device.getPlatformIdParameters());
        treeMap.put("x-client-SKU", DiagnosticContext.getRequestContext().get("x-client-SKU"));
        treeMap.put("x-client-Ver", Device.getProductVersion());
        treeMap.put("x-client-brkrver", "3.3.9");
        treeMap.put("Content-Type", CONTENT_TYPE_FORM_URL_ENCODED);
        HttpResponse sendPost = HttpRequest.sendPost(new URL(constructTokenEndpointForAcquiringPRT(authority.getAuthorityURL())), treeMap, str.getBytes("UTF-8"), null);
        if (sendPost.getStatusCode() == 200) {
            return parsePrtResponse(getJsonResponse(sendPost.getBody()), authority);
        }
        throw parseAndConstructException(ErrorStrings.BROKER_PRT_REFRESH_FAILED, "Request to refresh PRT with BRT failed", str2, null, sendPost);
    }

    private void setClientTelemetryToBrokerTokenResponse(MicrosoftStsTokenResponse microsoftStsTokenResponse, HttpResponse httpResponse) {
        List<String> list;
        CliTelemInfo fromXMsCliTelemHeader;
        if (httpResponse.getHeaders() == null || (list = httpResponse.getHeaders().get(AuthenticationConstants.HeaderField.X_MS_CLITELEM)) == null || list.isEmpty() || (fromXMsCliTelemHeader = CliTelemInfo.fromXMsCliTelemHeader(list.get(0))) == null) {
            return;
        }
        microsoftStsTokenResponse.setSpeRing(fromXMsCliTelemHeader.getSpeRing());
        microsoftStsTokenResponse.setRefreshTokenAge(fromXMsCliTelemHeader.getRefreshTokenAge());
        microsoftStsTokenResponse.setCliTelemErrorCode(fromXMsCliTelemHeader.getServerErrorCode());
        microsoftStsTokenResponse.setCliTelemSubErrorCode(fromXMsCliTelemHeader.getServerSubErrorCode());
    }

    private void setIntuneExceptionProperties(IntuneAppProtectionPolicyRequiredException intuneAppProtectionPolicyRequiredException, BrokerSilentTokenCommandParameters brokerSilentTokenCommandParameters) {
        Logger.info(TAG, "Setting propeties to IntuneAppProtectionPolicyRequiredException ");
        intuneAppProtectionPolicyRequiredException.setAccountUpn(brokerSilentTokenCommandParameters.getAccountManagerAccount() != null ? brokerSilentTokenCommandParameters.getAccountManagerAccount().name : brokerSilentTokenCommandParameters.getLoginHint());
        String localAccountId = brokerSilentTokenCommandParameters.getLocalAccountId();
        if (TextUtils.isEmpty(localAccountId)) {
            Logger.info(TAG, "Local account id is empty, attempting get user id from home account id");
            localAccountId = BrokerOperationParametersUtils.getUIdFromHomeAccountId(brokerSilentTokenCommandParameters.getHomeAccountId());
        }
        intuneAppProtectionPolicyRequiredException.setAccountUserId(localAccountId);
        Authority authority = brokerSilentTokenCommandParameters.getAuthority();
        intuneAppProtectionPolicyRequiredException.setAuthorityUrl(authority.getAuthorityURL().toString());
        String homeAccountId = brokerSilentTokenCommandParameters.getHomeAccountId();
        String str = homeAccountId != null ? (String) StringUtil.getTenantInfo(homeAccountId).second : null;
        if (TextUtils.isEmpty(str) && (authority instanceof AzureActiveDirectoryAuthority)) {
            str = ((AzureActiveDirectoryAuthority) authority).mAudience.getTenantId();
        }
        intuneAppProtectionPolicyRequiredException.setTenantId(str);
    }

    /* JADX WARN: Removed duplicated region for block: B:11:0x0085  */
    /* JADX WARN: Removed duplicated region for block: B:13:0x009c  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private com.microsoft.identity.common.internal.broker.PrimaryRefreshToken tryAcquireOrRefreshPrt(android.accounts.Account r6, com.microsoft.identity.common.internal.authorities.Authority r7, java.lang.String r8, int r9, com.microsoft.identity.common.internal.broker.PrimaryRefreshToken r10) throws com.microsoft.identity.common.exception.ClientException, com.microsoft.identity.common.exception.ServiceException {
        /*
            r5 = this;
            java.lang.String r0 = "Received exception while attempting to refresh a PRT "
            java.lang.StringBuilder r1 = new java.lang.StringBuilder
            r1.<init>()
            java.lang.String r2 = com.microsoft.identity.common.internal.broker.JoinedAccountRequestHandler.TAG
            r1.append(r2)
            java.lang.String r2 = ":tryAcquireOrRefreshPrt"
            r1.append(r2)
            java.lang.String r1 = r1.toString()
            com.microsoft.identity.common.internal.authorities.Authority r7 = r5.getAuthorityForPrtRequest(r10, r6, r7, r8)     // Catch: org.json.JSONException -> L54 java.security.cert.CertificateEncodingException -> L7a java.security.InvalidKeyException -> L7c java.security.SignatureException -> L7e java.security.NoSuchAlgorithmException -> L80 java.io.IOException -> L82
            java.lang.String r2 = com.microsoft.identity.common.internal.broker.JoinedAccountRequestHandler.TAG     // Catch: org.json.JSONException -> L54 java.security.cert.CertificateEncodingException -> L7a java.security.InvalidKeyException -> L7c java.security.SignatureException -> L7e java.security.NoSuchAlgorithmException -> L80 java.io.IOException -> L82
            java.lang.StringBuilder r3 = new java.lang.StringBuilder     // Catch: org.json.JSONException -> L54 java.security.cert.CertificateEncodingException -> L7a java.security.InvalidKeyException -> L7c java.security.SignatureException -> L7e java.security.NoSuchAlgorithmException -> L80 java.io.IOException -> L82
            r3.<init>()     // Catch: org.json.JSONException -> L54 java.security.cert.CertificateEncodingException -> L7a java.security.InvalidKeyException -> L7c java.security.SignatureException -> L7e java.security.NoSuchAlgorithmException -> L80 java.io.IOException -> L82
            java.lang.String r4 = "Authority used to refresh prt :"
            r3.append(r4)     // Catch: org.json.JSONException -> L54 java.security.cert.CertificateEncodingException -> L7a java.security.InvalidKeyException -> L7c java.security.SignatureException -> L7e java.security.NoSuchAlgorithmException -> L80 java.io.IOException -> L82
            java.net.URL r4 = r7.getAuthorityURL()     // Catch: org.json.JSONException -> L54 java.security.cert.CertificateEncodingException -> L7a java.security.InvalidKeyException -> L7c java.security.SignatureException -> L7e java.security.NoSuchAlgorithmException -> L80 java.io.IOException -> L82
            java.lang.String r4 = r4.toString()     // Catch: org.json.JSONException -> L54 java.security.cert.CertificateEncodingException -> L7a java.security.InvalidKeyException -> L7c java.security.SignatureException -> L7e java.security.NoSuchAlgorithmException -> L80 java.io.IOException -> L82
            r3.append(r4)     // Catch: org.json.JSONException -> L54 java.security.cert.CertificateEncodingException -> L7a java.security.InvalidKeyException -> L7c java.security.SignatureException -> L7e java.security.NoSuchAlgorithmException -> L80 java.io.IOException -> L82
            java.lang.String r3 = r3.toString()     // Catch: org.json.JSONException -> L54 java.security.cert.CertificateEncodingException -> L7a java.security.InvalidKeyException -> L7c java.security.SignatureException -> L7e java.security.NoSuchAlgorithmException -> L80 java.io.IOException -> L82
            com.microsoft.identity.common.internal.logging.Logger.info(r2, r3)     // Catch: org.json.JSONException -> L54 java.security.cert.CertificateEncodingException -> L7a java.security.InvalidKeyException -> L7c java.security.SignatureException -> L7e java.security.NoSuchAlgorithmException -> L80 java.io.IOException -> L82
            java.lang.String r2 = r5.getPrtRequestMessage(r6, r7, r8, r10)     // Catch: org.json.JSONException -> L54 java.security.cert.CertificateEncodingException -> L7a java.security.InvalidKeyException -> L7c java.security.SignatureException -> L7e java.security.NoSuchAlgorithmException -> L80 java.io.IOException -> L82
            java.lang.String r3 = "Failed to sleep before PRT acquisition"
            com.microsoft.identity.common.internal.util.ThreadUtils.sleepSafely(r9, r1, r3)     // Catch: org.json.JSONException -> L54 java.security.cert.CertificateEncodingException -> L7a java.security.InvalidKeyException -> L7c java.security.SignatureException -> L7e java.security.NoSuchAlgorithmException -> L80 java.io.IOException -> L82
            com.microsoft.identity.common.internal.broker.PrimaryRefreshToken r7 = r5.sendRequestToGetPrt(r2, r7, r8)     // Catch: org.json.JSONException -> L54 java.security.cert.CertificateEncodingException -> L7a java.security.InvalidKeyException -> L7c java.security.SignatureException -> L7e java.security.NoSuchAlgorithmException -> L80 java.io.IOException -> L82
            java.lang.String r9 = r7.getRefreshToken()     // Catch: org.json.JSONException -> L54 java.security.cert.CertificateEncodingException -> L7a java.security.InvalidKeyException -> L7c java.security.SignatureException -> L7e java.security.NoSuchAlgorithmException -> L80 java.io.IOException -> L82
            boolean r9 = android.text.TextUtils.isEmpty(r9)     // Catch: org.json.JSONException -> L54 java.security.cert.CertificateEncodingException -> L7a java.security.InvalidKeyException -> L7c java.security.SignatureException -> L7e java.security.NoSuchAlgorithmException -> L80 java.io.IOException -> L82
            if (r9 != 0) goto L53
            com.microsoft.workaccount.authenticatorservice.KeyHandler r9 = r5.mKeyHandler     // Catch: org.json.JSONException -> L54 java.security.cert.CertificateEncodingException -> L7a java.security.InvalidKeyException -> L7c java.security.SignatureException -> L7e java.security.NoSuchAlgorithmException -> L80 java.io.IOException -> L82
            r9.savePRT(r6, r7)     // Catch: org.json.JSONException -> L54 java.security.cert.CertificateEncodingException -> L7a java.security.InvalidKeyException -> L7c java.security.SignatureException -> L7e java.security.NoSuchAlgorithmException -> L80 java.io.IOException -> L82
        L53:
            return r7
        L54:
            r6 = move-exception
            if (r10 == 0) goto L6e
            java.lang.StringBuilder r7 = new java.lang.StringBuilder
            r7.<init>()
            r7.append(r0)
            java.lang.String r6 = r6.getMessage()
            r7.append(r6)
            java.lang.String r6 = r7.toString()
            com.microsoft.identity.common.internal.logging.Logger.info(r1, r8, r6)
            return r10
        L6e:
            com.microsoft.identity.common.exception.ServiceException r7 = new com.microsoft.identity.common.exception.ServiceException
            java.lang.String r8 = r6.getMessage()
            java.lang.String r9 = "invalid_jwt"
            r7.<init>(r9, r8, r6)
            throw r7
        L7a:
            r6 = move-exception
            goto L83
        L7c:
            r6 = move-exception
            goto L83
        L7e:
            r6 = move-exception
            goto L83
        L80:
            r6 = move-exception
            goto L83
        L82:
            r6 = move-exception
        L83:
            if (r10 == 0) goto L9c
            java.lang.StringBuilder r7 = new java.lang.StringBuilder
            r7.<init>()
            r7.append(r0)
            java.lang.String r6 = r6.getMessage()
            r7.append(r6)
            java.lang.String r6 = r7.toString()
            com.microsoft.identity.common.internal.logging.Logger.info(r1, r8, r6)
            return r10
        L9c:
            com.microsoft.identity.common.exception.ClientException r6 = r5.constructClientException(r6)
            throw r6
        */
        throw new UnsupportedOperationException("Method not decompiled: com.microsoft.identity.common.internal.broker.JoinedAccountRequestHandler.tryAcquireOrRefreshPrt(android.accounts.Account, com.microsoft.identity.common.internal.authorities.Authority, java.lang.String, int, com.microsoft.identity.common.internal.broker.PrimaryRefreshToken):com.microsoft.identity.common.internal.broker.PrimaryRefreshToken");
    }

    private void updateAuthorityWithCloudInstanceHostName(MicrosoftStsTokenResponse microsoftStsTokenResponse, Authority authority) {
        String cloudInstanceHostName = microsoftStsTokenResponse.getCloudInstanceHostName();
        if (TextUtils.isEmpty(cloudInstanceHostName)) {
            return;
        }
        microsoftStsTokenResponse.setAuthority(new Uri.Builder().scheme("https").authority(cloudInstanceHostName).path(authority.getAuthorityURL().getPath()).build().toString().toLowerCase(Locale.US));
    }

    public PrimaryRefreshToken getPrimaryRefreshToken(Account account, Authority authority, String str, int i) throws ClientException, ServiceException {
        String str2 = TAG + ":getPrimaryRefreshToken";
        int i2 = 2;
        while (true) {
            int i3 = i2 - 1;
            if (i2 <= 0) {
                throw new ClientException("Failed to fetch PRT after 2 attempts.");
            }
            PrimaryRefreshToken prt = this.mKeyHandler.getPRT(account, constructTokenEndpointForAcquiringPRT(authority.getAuthorityURL()));
            if (!TextUtils.isEmpty(prt.getRefreshToken()) && prt.getAcquisitionTimeEpochMillis() + TimeUnit.HOURS.toMillis(4L) > System.currentTimeMillis()) {
                Logger.info(str2, str, " PRT exists in AccountManager and is less than 4 hours old");
                return prt;
            }
            String encodedSessionKey = this.mAccountManagerStorageHelper.getEncodedSessionKey(account);
            this.mKeyHandler.getPrtLock().writeLock().lock();
            try {
                if (ObjectUtils.equals(encodedSessionKey, this.mAccountManagerStorageHelper.getEncodedSessionKey(account))) {
                    return tryAcquireOrRefreshPrt(account, authority, str, i, prt);
                }
                Logger.info(str2, str, "Intervening update to PRT session detected, restarting fetch");
                this.mKeyHandler.getPrtLock().writeLock().unlock();
                i2 = i3;
            } finally {
                this.mKeyHandler.getPrtLock().writeLock().unlock();
            }
        }
    }

    public MicrosoftStsTokenResponse requestAccessTokenWithPrt(PrimaryRefreshToken primaryRefreshToken, BrokerSilentTokenCommandParameters brokerSilentTokenCommandParameters) throws ClientException, ServiceException {
        Logger.info(TAG, ":requestAccessTokenWithPrt Sending request to get access token using PRT");
        if (TextUtils.isEmpty(primaryRefreshToken.getRefreshToken())) {
            Logger.error(TAG, ":requestAccessTokenWithPrt PRT is null or empty", null);
            throw new ClientException(ErrorStrings.NO_TOKENS_FOUND, "PRT is null or empty");
        }
        try {
            TreeMap treeMap = new TreeMap();
            treeMap.put("client-request-id", brokerSilentTokenCommandParameters.getCorrelationId());
            treeMap.putAll(Device.getPlatformIdParameters());
            treeMap.put("x-client-SKU", DiagnosticContext.getRequestContext().get("x-client-SKU"));
            treeMap.put("x-client-Ver", Device.getProductVersion());
            treeMap.put("x-client-brkrver", "3.3.9");
            treeMap.put("x-app-name", brokerSilentTokenCommandParameters.getCallerPackageName());
            treeMap.put("x-app-ver", brokerSilentTokenCommandParameters.getCallerAppVersion());
            String prtAuthorityForHomeTenant = getPrtAuthorityForHomeTenant(brokerSilentTokenCommandParameters.getAuthority().getAuthorityURL().toString(), brokerSilentTokenCommandParameters.getAccountManagerAccount());
            URL url = new URL(prtAuthorityForHomeTenant);
            String requestBodyForTokenRequest = getRequestBodyForTokenRequest(primaryRefreshToken.getRefreshToken(), brokerSilentTokenCommandParameters, url);
            treeMap.putAll(EstsTelemetry.getInstance().getTelemetryHeaders());
            treeMap.put("Content-Type", CONTENT_TYPE_FORM_URL_ENCODED);
            HttpResponse sendPost = HttpRequest.sendPost(new URL(constructTokenEndpointForAcquiringAT(url)), treeMap, requestBodyForTokenRequest.getBytes("UTF-8"), null);
            if (sendPost.getStatusCode() != 200) {
                Logger.info(TAG + ":requestAccessTokenWithPrt", brokerSilentTokenCommandParameters.getCorrelationId(), "Server Http error, Received refresh_token with PRT response with status code " + sendPost.getStatusCode());
                throw parseAndConstructException(ErrorStrings.AUTH_REFRESH_FAILED, "Refresh Token request with PRT failed", brokerSilentTokenCommandParameters.getCorrelationId(), brokerSilentTokenCommandParameters, sendPost);
            }
            Logger.info(TAG + ":requestAccessTokenWithPrt", "Successful response for from Token endpoint for refresh_token using PRT ");
            MicrosoftStsTokenResponse microsoftStsTokenResponse = (MicrosoftStsTokenResponse) new Gson().fromJson(this.mKeyHandler.decryptTokenResponse(sendPost.getBody()), MicrosoftStsTokenResponse.class);
            updateAuthorityWithCloudInstanceHostName(microsoftStsTokenResponse, brokerSilentTokenCommandParameters.getAuthority());
            if (TextUtils.isEmpty(microsoftStsTokenResponse.getAuthority())) {
                microsoftStsTokenResponse.setAuthority(prtAuthorityForHomeTenant);
            }
            if (TextUtils.isEmpty(microsoftStsTokenResponse.getIdToken()) && !TextUtils.isEmpty(primaryRefreshToken.getIdToken())) {
                microsoftStsTokenResponse.setIdToken(primaryRefreshToken.getIdToken());
            }
            setClientTelemetryToBrokerTokenResponse(microsoftStsTokenResponse, sendPost);
            return microsoftStsTokenResponse;
        } catch (UnsupportedEncodingException e) {
            throw new ClientException("unsupported_encoding", e.getMessage());
        } catch (MalformedURLException e2) {
            throw new ClientException(ErrorStrings.AUTHORITY_URL_NOT_VALID, e2.getMessage());
        } catch (SocketTimeoutException e3) {
            throw new ClientException("device_network_not_available", e3.getMessage());
        } catch (IOException e4) {
            throw new ClientException("io_error", e4.getMessage());
        } catch (JSONException e5) {
            throw new ServiceException("invalid_jwt", e5.getMessage(), e5);
        }
    }
}
