package com.microsoft.workaccount.authenticatorservice;

import android.accounts.AbstractAccountAuthenticator;
import android.accounts.Account;
import android.accounts.AccountAuthenticatorResponse;
import android.accounts.NetworkErrorException;
import android.content.Context;
import android.content.Intent;
import android.os.Binder;
import android.os.Bundle;
import com.microsoft.identity.client.AccountChooserActivity;
import com.microsoft.identity.client.AcquireTokenSilentAuthenticationCallback;
import com.microsoft.identity.client.BrokerClientApplication;
import com.microsoft.identity.client.BrokerOperationParametersUtils;
import com.microsoft.identity.client.BrokerUtils;
import com.microsoft.identity.common.adal.internal.AuthenticationConstants;
import com.microsoft.identity.common.exception.ArgumentException;
import com.microsoft.identity.common.internal.cache.BrokerOAuth2TokenCache;
import com.microsoft.identity.common.internal.commands.parameters.BrokerSilentTokenCommandParameters;
import com.microsoft.identity.common.internal.dto.AccountRecord;
import com.microsoft.identity.common.internal.providers.microsoft.MicrosoftAccount;
import com.microsoft.identity.common.internal.providers.microsoft.MicrosoftRefreshToken;
import com.microsoft.identity.common.internal.providers.microsoft.microsoftsts.MicrosoftStsAuthorizationRequest;
import com.microsoft.identity.common.internal.providers.microsoft.microsoftsts.MicrosoftStsOAuth2Strategy;
import com.microsoft.identity.common.internal.providers.microsoft.microsoftsts.MicrosoftStsTokenResponse;
import com.microsoft.identity.common.internal.result.ILocalAuthenticationResult;
import com.microsoft.identity.common.internal.util.StringUtil;
import com.microsoft.workaccount.R;
import com.microsoft.workaccount.workplacejoin.AccountManagerStorageHelper;
import com.microsoft.workaccount.workplacejoin.Logger;
import com.microsoft.workaccount.workplacejoin.core.InstallCertActivity;
import com.microsoft.workaccount.workplacejoin.core.JoinActivity;
import com.microsoft.workaccount.workplacejoin.core.Util;
import com.microsoft.workaccount.workplacejoin.core.WorkplaceJoinApplication;
import com.microsoft.workaccount.workplacejoin.core.WorkplaceJoinFailure;
import com.samsung.android.knox.container.KnoxContainerManager;
import java.util.List;
import java.util.UUID;

/* loaded from: classes3.dex */
public final class Authenticator extends AbstractAccountAuthenticator {
    private static final String AUTH_TOKEN_LABEL = "AADBroker";
    private static final String TAG = "Authenticator#";
    private AccountManagerStorageHelper mAcctMgrHelper;
    private final Context mContext;
    private UUID mCorrelationId;

    public Authenticator(Context context) {
        super(context);
        Logger.d("Authenticator#constructor", "Authenticator constructor called");
        this.mContext = context;
        this.mAcctMgrHelper = new AccountManagerStorageHelper(context);
    }

    private Bundle addAccountBroker(AccountAuthenticatorResponse accountAuthenticatorResponse, Bundle bundle) {
        Intent intent = new Intent();
        intent.setPackage(this.mContext.getPackageName());
        intent.setClassName(this.mContext.getPackageName(), AccountChooserActivity.class.getName());
        intent.putExtra("accountAuthenticatorResponse", accountAuthenticatorResponse);
        intent.putExtra(AuthenticationConstants.Broker.CALLER_INFO_UID, Binder.getCallingUid());
        intent.putExtras(bundle);
        intent.putExtra("broker.version", "v2");
        Bundle bundle2 = new Bundle();
        bundle2.putParcelable(KnoxContainerManager.INTENT_BUNDLE, intent);
        return bundle2;
    }

    private Bundle addAccountWorkPlaceJoin(AccountAuthenticatorResponse accountAuthenticatorResponse, Bundle bundle) {
        Intent intent = new Intent(this.mContext, (Class<?>) JoinActivity.class);
        intent.putExtra("accountAuthenticatorResponse", accountAuthenticatorResponse);
        intent.putExtras(bundle);
        Bundle bundle2 = new Bundle();
        bundle2.putParcelable(KnoxContainerManager.INTENT_BUNDLE, intent);
        return bundle2;
    }

    private Bundle getCommonErrorResultBundle(String str) {
        return getErrorResultBundle(6, str);
    }

    private UUID getCorrelationId() {
        if (this.mCorrelationId == null) {
            this.mCorrelationId = UUID.randomUUID();
        }
        return this.mCorrelationId;
    }

    private Bundle getErrorResultBundle(int i, String str) {
        Logger.e("Authenticator#:getErrorResultBundle", "accountManagerErrorCode: " + i, "Error message: " + str, WorkplaceJoinFailure.INTERNAL);
        Bundle bundle = new Bundle();
        bundle.putInt("errorCode", i);
        bundle.putString("errorMessage", str);
        return bundle;
    }

    private boolean isAccountRemovalRequest(Bundle bundle) {
        return "account.remove.tokens.value".equalsIgnoreCase(bundle.getString("account.remove.tokens"));
    }

    private Bundle removeAccountsFromAccountManager(AccountAuthenticatorResponse accountAuthenticatorResponse, Account account, Bundle bundle) {
        int size;
        int i = bundle.getInt("callerUid");
        String string = bundle.getString("account.clientid.key");
        String string2 = bundle.getString(AuthenticationConstants.Broker.ACCOUNT_HOME_ACCOUNT_ID);
        String string3 = bundle.getString("environment");
        if (StringUtil.isEmpty(string)) {
            com.microsoft.identity.common.internal.logging.Logger.info("Authenticator#:removeAccountsFromAccountManager", "invalid_request", "The client ID is blank. Unable to remove the accounts from broker.");
            accountAuthenticatorResponse.onResult(getErrorResultBundle(8, "The client ID is blank. Unable to remove the accounts from broker."));
            return null;
        }
        if (StringUtil.isEmpty(string3)) {
            com.microsoft.identity.common.internal.logging.Logger.info("Authenticator#:removeAccountsFromAccountManager", "invalid_request", "The environment is blank. Unable to remove the accounts from broker.");
            accountAuthenticatorResponse.onResult(getErrorResultBundle(8, "The environment is blank. Unable to remove the accounts from broker."));
            return null;
        }
        BrokerOAuth2TokenCache<MicrosoftStsOAuth2Strategy, MicrosoftStsAuthorizationRequest, MicrosoftStsTokenResponse, MicrosoftAccount, MicrosoftRefreshToken> brokerCache = BrokerUtils.getBrokerCache(this.mContext, i);
        List<AccountRecord> accounts = brokerCache.getAccounts(string3, string);
        com.microsoft.identity.common.internal.logging.Logger.info("Authenticator#:removeAccountsFromAccountManager", "Found [" + accounts.size() + "] account records for this clientID and environment.");
        int i2 = 0;
        if (accounts.size() > 0) {
            for (AccountRecord accountRecord : accounts) {
                if (!StringUtil.isEmpty(account.name) && account.name.equalsIgnoreCase(accountRecord.getUsername()) && !StringUtil.isEmpty(string2) && string2.equalsIgnoreCase(accountRecord.getHomeAccountId())) {
                    size = brokerCache.removeAccount(string3, string, accountRecord.getHomeAccountId(), accountRecord.getRealm()).size();
                } else if (StringUtil.isEmpty(account.name)) {
                    size = brokerCache.removeAccount(string3, string, accountRecord.getHomeAccountId(), accountRecord.getRealm()).size();
                }
                i2 += size;
            }
        }
        com.microsoft.identity.common.internal.logging.Logger.info("Authenticator#:removeAccountsFromAccountManager", "Removed [" + i2 + "] account(s) from Broker cache");
        Bundle bundle2 = new Bundle();
        bundle2.putString("authAccount", Util.obtainDomainFromUPN(account.name));
        bundle2.putString("accountType", account.type);
        bundle2.putBoolean("account.initial.request", true);
        return bundle2;
    }

    /* JADX WARN: Can't fix incorrect switch cases order, some code will duplicate */
    /* JADX WARN: Code restructure failed: missing block: B:6:0x0067, code lost:
    
        if (r11.equals("com.microsoft.workaccount.account.name") != false) goto L35;
     */
    @Override // android.accounts.AbstractAccountAuthenticator
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public android.os.Bundle addAccount(android.accounts.AccountAuthenticatorResponse r8, java.lang.String r9, java.lang.String r10, java.lang.String[] r11, android.os.Bundle r12) {
        /*
            Method dump skipped, instructions count: 526
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.microsoft.workaccount.authenticatorservice.Authenticator.addAccount(android.accounts.AccountAuthenticatorResponse, java.lang.String, java.lang.String, java.lang.String[], android.os.Bundle):android.os.Bundle");
    }

    @Override // android.accounts.AbstractAccountAuthenticator
    public Bundle confirmCredentials(AccountAuthenticatorResponse accountAuthenticatorResponse, Account account, Bundle bundle) {
        Logger.v("Authenticator#confirmCredentials", "confirmCredentials called, returning not supported error message");
        return getCommonErrorResultBundle(this.mContext.getResources().getString(R.string.default_not_supported_msg));
    }

    @Override // android.accounts.AbstractAccountAuthenticator
    public Bundle editProperties(AccountAuthenticatorResponse accountAuthenticatorResponse, String str) {
        Logger.v("Authenticator#editProperties", "editProperties called, returning not supported error message");
        return getCommonErrorResultBundle(this.mContext.getResources().getString(R.string.default_not_supported_msg));
    }

    public AccountManagerStorageHelper getAccountManagerHelper() {
        return this.mAcctMgrHelper;
    }

    @Override // android.accounts.AbstractAccountAuthenticator
    public Bundle getAccountRemovalAllowed(AccountAuthenticatorResponse accountAuthenticatorResponse, Account account) throws NetworkErrorException {
        new AuthenticatorAPIHelper(this.mContext, getCorrelationId()).removeAccountData(null, account, false);
        return super.getAccountRemovalAllowed(accountAuthenticatorResponse, account);
    }

    @Override // android.accounts.AbstractAccountAuthenticator
    public Bundle getAuthToken(final AccountAuthenticatorResponse accountAuthenticatorResponse, final Account account, String str, Bundle bundle) {
        BrokerUtils.reEncryptDataIfNeeded(":getAuthToken", this.mContext);
        if (str == null || bundle == null) {
            com.microsoft.identity.common.internal.logging.Logger.error("Authenticator#:getAuthToken", "Invalid authtoken type or request bundle", null);
            accountAuthenticatorResponse.onResult(getCommonErrorResultBundle(this.mContext.getResources().getString(R.string.default_not_supported_msg)));
            return null;
        }
        if (isAccountRemovalRequest(bundle)) {
            com.microsoft.identity.common.internal.logging.Logger.info("Authenticator#:getAuthToken", "getAuthToken called. Start removing account(s)...");
            return removeAccountsFromAccountManager(accountAuthenticatorResponse, account, bundle);
        }
        BrokerSilentTokenCommandParameters silentOperationParameters = BrokerOperationParametersUtils.getSilentOperationParameters(this.mContext, bundle, account);
        try {
            silentOperationParameters.validate();
            com.microsoft.identity.common.internal.logging.Logger.info("Authenticator#:getAuthToken", "getAuthToken called.package:" + this.mContext.getPackageName() + " Binder uid:" + Binder.getCallingUid() + " Caller uid:" + silentOperationParameters.getCallerUid() + " Caller package:" + silentOperationParameters.getCallerPackageName());
            BrokerClientApplication.getInstance(this.mContext).acquireTokenSilent(silentOperationParameters, new AcquireTokenSilentAuthenticationCallback(account, silentOperationParameters, new AcquireTokenSilentAuthenticationCallback.OnGetResultCallback() { // from class: com.microsoft.workaccount.authenticatorservice.Authenticator.1
                @Override // com.microsoft.identity.client.AcquireTokenSilentAuthenticationCallback.OnGetResultCallback
                public void onError(Bundle bundle2) {
                    bundle2.putString("authAccount", account.name);
                    bundle2.putString("accountType", account.type);
                    bundle2.putString("authtoken", "");
                    accountAuthenticatorResponse.onResult(bundle2);
                }

                @Override // com.microsoft.identity.client.AcquireTokenSilentAuthenticationCallback.OnGetResultCallback
                public void onSucceeded(Bundle bundle2, ILocalAuthenticationResult iLocalAuthenticationResult) {
                    bundle2.putString("authAccount", account.name);
                    bundle2.putString("accountType", account.type);
                    bundle2.putString("authtoken", iLocalAuthenticationResult.getAccessToken());
                    accountAuthenticatorResponse.onResult(bundle2);
                }
            }));
            return null;
        } catch (ArgumentException e) {
            accountAuthenticatorResponse.onResult(getErrorResultBundle(8, e.getMessage()));
            return null;
        }
    }

    @Override // android.accounts.AbstractAccountAuthenticator
    public String getAuthTokenLabel(String str) {
        return AUTH_TOKEN_LABEL;
    }

    @Override // android.accounts.AbstractAccountAuthenticator
    public Bundle hasFeatures(AccountAuthenticatorResponse accountAuthenticatorResponse, Account account, String[] strArr) {
        Logger.v("Authenticator#hasFeatures", "hasFeatures called, returning not supported error message");
        return getCommonErrorResultBundle(this.mContext.getResources().getString(R.string.default_not_supported_msg));
    }

    @Override // android.accounts.AbstractAccountAuthenticator
    public Bundle updateCredentials(AccountAuthenticatorResponse accountAuthenticatorResponse, Account account, String str, Bundle bundle) {
        BrokerUtils.reEncryptDataIfNeeded(":updateCredentials", this.mContext);
        Logger.d("Authenticator#:updateCredentials", "updateCredentials is called");
        if (bundle == null) {
            Logger.w("Authenticator#:updateCredentials", "updateCredentials called without a bundle passed, incorrect if caller is WorkplaceJoin API", WorkplaceJoinFailure.USER);
        } else {
            AuthenticatorAPIHelper authenticatorAPIHelper = new AuthenticatorAPIHelper(this.mContext, getCorrelationId());
            boolean z = bundle.getBoolean(WorkplaceJoinApplication.CAN_RETURN_ERROR_VIA_ON_RESULT_BUNDLE, false);
            if (bundle.containsKey(WorkplaceJoinApplication.DATA_DELETE)) {
                Logger.i("Authenticator#:updateCredentials", "updateCredentials called with delete flag and true value, deleting certificate");
                authenticatorAPIHelper.removeAccountData(accountAuthenticatorResponse, account, z);
                return null;
            }
            if (bundle.containsKey(WorkplaceJoinApplication.DATA_UPN)) {
                Logger.i("Authenticator#:updateCredentials", "updateCredentials called with upn flag and true value, getting upn");
                return authenticatorAPIHelper.getUPN(account);
            }
            if (bundle.containsKey(WorkplaceJoinApplication.DATA_VERSION)) {
                Logger.i("Authenticator#:updateCredentials", "updateCredentials called with version flag and true value, getting protocol version");
                return authenticatorAPIHelper.getVersion(account);
            }
            if (bundle.containsKey(WorkplaceJoinApplication.DATA_DEVICE_ID)) {
                Logger.i("Authenticator#:updateCredentials", "updateCredentials called with deviceid flag and true value, getting deviceid");
                return authenticatorAPIHelper.getDeviceId(account);
            }
            if (bundle.containsKey(WorkplaceJoinApplication.DATA_ONPREM_VERIFY)) {
                Logger.i("Authenticator#:updateCredentials", "updateCredentials called with onprem verify flag and true value, getting onprem status");
                return authenticatorAPIHelper.getOnPremStatus(account);
            }
            if (bundle.containsKey("com.microsoft.workaccount.user.info")) {
                Logger.i("Authenticator#:updateCredentials", "updateCredentials called with user info flag and true value, getting user details");
                return authenticatorAPIHelper.getUserInfo(account);
            }
            if (bundle.containsKey(WorkplaceJoinApplication.DATA_CERT_INSTALLED)) {
                Logger.i("Authenticator#:updateCredentials", "updateCredentials is called with data_cert_installed flag, checking cert install status");
                return authenticatorAPIHelper.getCertInstalledStatus(account);
            }
            if (bundle.containsKey(WorkplaceJoinApplication.DATA_INSTALL_CERT_ACTIVITY)) {
                Logger.i("Authenticator#:updateCredentials", "updateCredentials is called with data_install_cert flag, installing cert");
                Intent intent = new Intent(this.mContext, (Class<?>) InstallCertActivity.class);
                intent.putExtra("accountAuthenticatorResponse", accountAuthenticatorResponse);
                intent.putExtra(WorkplaceJoinApplication.INSTALL_ACTIVITY_FROM_BROKER, Boolean.toString(true));
                intent.putExtras(authenticatorAPIHelper.getInstallCertActivityIntent(account));
                Bundle bundle2 = new Bundle();
                bundle2.putParcelable(KnoxContainerManager.INTENT_BUNDLE, intent);
                return bundle2;
            }
            if (bundle.containsKey(WorkplaceJoinApplication.DATA_INSTALL_CERT_ACTIVITY_VIA_DEVICE_POLICY_MANAGER)) {
                Logger.i("Authenticator#:updateCredentials", "updateCredentials is called with data_install_cert flag, installing cert");
                return authenticatorAPIHelper.installCertSilently();
            }
            if (bundle.containsKey(WorkplaceJoinApplication.DATA_DRS_DEVICE_STATE)) {
                Logger.i("Authenticator#:updateCredentials", "updateCredentials is called with data_drs_device_state flag, querying device cert");
                authenticatorAPIHelper.getDeviceState(accountAuthenticatorResponse, account, z);
                return null;
            }
            if (bundle.containsKey(WorkplaceJoinApplication.DATA_IS_SHARED_DEVICE)) {
                Logger.v("Authenticator#:updateCredentials", "updateCredentials is called with DATA_IS_SHARED_DEVICE flag, getting is device shared state");
                authenticatorAPIHelper.getIsSharedDevice(accountAuthenticatorResponse, account, z);
                return null;
            }
        }
        Logger.w("Authenticator#:updateCredentials", "updateCredentials called with a bundle passed but no recognized flag passed, incorrect if caller is WorkplaceJoin API", WorkplaceJoinFailure.USER);
        return getCommonErrorResultBundle(this.mContext.getResources().getString(R.string.default_not_supported_msg));
    }
}
