package com.microsoft.skype.teams.data.proxy;

import com.microsoft.identity.common.internal.authscheme.PopAuthenticationSchemeInternal;
import com.microsoft.skype.teams.models.AuthenticatedUser;
import com.microsoft.skype.teams.models.auth.TeamsAuthTokenType;
import com.microsoft.skype.teams.services.authorization.IAccountManager;
import com.microsoft.skype.teams.services.authorization.helpers.CoreAuthorizationUtilities;
import com.microsoft.skype.teams.services.utilities.JsonUtilities;
import com.microsoft.skype.teams.storage.IExperimentationManager;
import com.microsoft.skype.teams.token.TeamsUserTokenManager;
import com.microsoft.skype.teams.utilities.java.StringUtils;
import com.microsoft.teams.core.app.ITeamsApplication;
import com.microsoft.teams.nativecore.logger.ILogger;
import java.io.IOException;
import okhttp3.Authenticator;
import okhttp3.Request;
import okhttp3.Response;
import okhttp3.Route;

/* loaded from: classes9.dex */
public class GlobalRequestAuthenticator implements Authenticator {
    private static final String TAG = "GlobalRequestAuthenticator";
    private final IAccountManager mAccountManager;
    private final ITeamsApplication mApplication;
    private final TeamsUserTokenManager mTeamsUserTokenManager;

    /* JADX INFO: Access modifiers changed from: package-private */
    public GlobalRequestAuthenticator(IAccountManager iAccountManager, ITeamsApplication iTeamsApplication, TeamsUserTokenManager teamsUserTokenManager) {
        this.mAccountManager = iAccountManager;
        this.mApplication = iTeamsApplication;
        this.mTeamsUserTokenManager = teamsUserTokenManager;
    }

    private void handleLLTRevocation(String str, AuthenticatedUser authenticatedUser, ILogger iLogger, Response response) {
        if (str.startsWith(SkypeTokenAuthzProvider.getAuthzEndpointServiceUrl(authenticatedUser != null ? authenticatedUser.getUserPrincipalName() : "", this.mAccountManager))) {
            return;
        }
        String parseChallenge = GlobalRequestUtils.parseChallenge(response, null, "claims=");
        if (StringUtils.isNullOrEmptyOrWhitespace(parseChallenge)) {
            return;
        }
        String parseClaimsToken = JsonUtilities.parseClaimsToken(parseChallenge, iLogger);
        iLogger.log(6, TAG, "The server returned a claims challenge", new Object[0]);
        if (authenticatedUser != null) {
            authenticatedUser.clearResourceTokens();
            authenticatedUser.claims = parseClaimsToken;
            this.mAccountManager.addOrUpdateCachedUser(authenticatedUser);
            CoreAuthorizationUtilities.logNullMri(iLogger, this.mAccountManager.getUser(), authenticatedUser, "handleLLTRevocation");
        }
    }

    private boolean handlePopTokenDiscovery(Response response, String str) {
        if (response.priorResponse() != null) {
            return false;
        }
        for (String str2 : response.headers("WWW-Authenticate")) {
            if (str2.startsWith(PopAuthenticationSchemeInternal.SCHEME_POP)) {
                this.mTeamsUserTokenManager.updateResourceTokenType(TeamsAuthTokenType.TOKEN_TYPE_POP, response.request().url().toString(), str);
                return true;
            }
            if (str2.startsWith("Bearer")) {
                this.mTeamsUserTokenManager.updateResourceTokenType(TeamsAuthTokenType.TOKEN_TYPE_BEARER, response.request().url().toString(), str);
                return true;
            }
        }
        return false;
    }

    @Override // okhttp3.Authenticator
    public Request authenticate(Route route, Response response) throws IOException {
        Request request = response.request();
        AuthenticatedUser user = GlobalRequestUtils.getUser(request, this.mAccountManager);
        String userObjectId = user == null ? null : user.getUserObjectId();
        IExperimentationManager experimentationManager = this.mApplication.getExperimentationManager(userObjectId);
        ILogger logger = this.mApplication.getLogger(userObjectId);
        String httpUrl = request.url().toString();
        if (handlePopTokenDiscovery(response, userObjectId)) {
            logger.log(5, TAG, "Token discover flow triggered!", new Object[0]);
            return request;
        }
        if (experimentationManager.isLLTEnabled()) {
            handleLLTRevocation(httpUrl, user, logger, response);
        }
        return null;
    }
}
