package com.microsoft.skype.teams.data.proxy;

import com.microsoft.identity.common.internal.authscheme.PopAuthenticationSchemeInternal;
import com.microsoft.skype.teams.models.AuthenticatedUser;
import com.microsoft.skype.teams.models.SkypeChatToken;
import com.microsoft.skype.teams.models.TeamsAuthExperimentKeys;
import com.microsoft.skype.teams.models.auth.TeamsAuthTokenType;
import com.microsoft.skype.teams.services.authorization.IAccountManager;
import com.microsoft.skype.teams.services.diagnostics.StatusCode;
import com.microsoft.skype.teams.services.diagnostics.telemetryschema.ScenarioContext;
import com.microsoft.skype.teams.services.diagnostics.telemetryschema.ScenarioName;
import com.microsoft.skype.teams.services.utilities.JsonUtilities;
import com.microsoft.skype.teams.storage.IExperimentationManager;
import com.microsoft.skype.teams.token.TeamsUserTokenManager;
import com.microsoft.skype.teams.util.CallConstants;
import com.microsoft.skype.teams.utilities.java.StringUtils;
import com.microsoft.teams.core.app.ITeamsApplication;
import com.microsoft.teams.core.services.IScenarioManager;
import com.microsoft.teams.nativecore.logger.ILogger;
import com.microsoft.teams.nativecore.user.ITeamsUser;
import java.io.IOException;
import java.util.Iterator;
import java.util.List;
import okhttp3.Authenticator;
import okhttp3.Request;
import okhttp3.Response;
import okhttp3.Route;

/* loaded from: classes7.dex */
public class GlobalRequestAuthenticator implements Authenticator {
    private static final String TAG = "GlobalRequestAuthenticator";
    private final IAccountManager mAccountManager;
    private final ITeamsApplication mApplication;
    private final TeamsUserTokenManager mTeamsUserTokenManager;

    /* JADX INFO: Access modifiers changed from: package-private */
    public GlobalRequestAuthenticator(IAccountManager iAccountManager, ITeamsApplication iTeamsApplication, TeamsUserTokenManager teamsUserTokenManager) {
        this.mAccountManager = iAccountManager;
        this.mApplication = iTeamsApplication;
        this.mTeamsUserTokenManager = teamsUserTokenManager;
    }

    private boolean handleClaims(Response response, AuthenticatedUser authenticatedUser, ScenarioContext scenarioContext, ILogger iLogger) {
        String parseChallenge = GlobalRequestUtils.parseChallenge(response, GlobalRequestUtils.CLAIMS);
        if (StringUtils.isNullOrEmptyOrWhitespace(parseChallenge)) {
            return false;
        }
        String parseClaimsToken = JsonUtilities.parseClaimsToken(parseChallenge, iLogger);
        iLogger.log(6, TAG, "The server returned a claims challenge", new Object[0]);
        authenticatedUser.claims = parseClaimsToken;
        String httpUrl = response.networkResponse().request().url().toString();
        String authzEndpointServiceUrl = SkypeTokenAuthzProvider.getAuthzEndpointServiceUrl(authenticatedUser);
        this.mTeamsUserTokenManager.clearAllResourceToken(authenticatedUser.getUserObjectId());
        if (!httpUrl.startsWith(authzEndpointServiceUrl)) {
            scenarioContext.addKeyValueTags(CallConstants.JSON_KEY_STEP, "LLTClaims");
            return true;
        }
        scenarioContext.addKeyValueTags(CallConstants.JSON_KEY_STEP, "AuthzClaims");
        authenticatedUser.expireAADToken();
        revokeSkypeToken(authenticatedUser);
        this.mAccountManager.addOrUpdateCachedUser(authenticatedUser);
        return true;
    }

    private boolean handleMTTokenInvalid(Response response, AuthenticatedUser authenticatedUser, IExperimentationManager iExperimentationManager, ScenarioContext scenarioContext, ILogger iLogger) {
        if (!iExperimentationManager.getEcsSettingAsBoolean(TeamsAuthExperimentKeys.TOKEN_REVOCATION_MT_TOKEN_INVALID, false) || !isMiddleTierEndpoint(response.networkResponse().request().url().toString(), authenticatedUser)) {
            return false;
        }
        iLogger.log(3, TAG, "Received an unauthorized exception from MT service, marking the primary token as invalid.", new Object[0]);
        authenticatedUser.expireAADToken();
        scenarioContext.addKeyValueTags(CallConstants.JSON_KEY_STEP, "RevokePrimaryToken");
        return true;
    }

    private boolean handlePopTokenDiscovery(Response response, AuthenticatedUser authenticatedUser, ScenarioContext scenarioContext, ILogger iLogger) {
        Request request = response.networkResponse().request();
        String header = request.header("Authorization");
        if (StringUtils.isEmpty(header) || !header.startsWith("Pop ")) {
            return false;
        }
        this.mTeamsUserTokenManager.clearResourceToken(authenticatedUser, request.url().toString());
        String parseChallenge = GlobalRequestUtils.parseChallenge(response, "nonce=");
        if (StringUtils.isNotEmpty(parseChallenge)) {
            this.mTeamsUserTokenManager.updateResourceTokenNonce(parseChallenge, response.request().url().toString(), authenticatedUser.getUserObjectId());
        }
        List<String> headers = response.headers("WWW-Authenticate");
        Boolean bool = Boolean.FALSE;
        Iterator<String> it = headers.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            if (it.next().startsWith(PopAuthenticationSchemeInternal.SCHEME_POP)) {
                bool = Boolean.TRUE;
                break;
            }
        }
        if (!bool.booleanValue()) {
            this.mTeamsUserTokenManager.updateResourceTokenType(TeamsAuthTokenType.TOKEN_TYPE_BEARER, response.request().url().toString(), authenticatedUser.getUserObjectId());
            scenarioContext.addKeyValueTags(CallConstants.JSON_KEY_STEP, "UpdateTokenTypeBearer");
        }
        if (response.priorResponse() != null) {
            scenarioContext.addKeyValueTags(CallConstants.JSON_KEY_STEP, "QuitAfterSecondTry");
            iLogger.log(6, TAG, "Quite because of having previous response.", new Object[0]);
            return false;
        }
        scenarioContext.addKeyValueTags(CallConstants.JSON_KEY_STEP, "RetryWithNewToken");
        iLogger.log(6, TAG, "Second try with a new token.", new Object[0]);
        return true;
    }

    private boolean handleSkypeChatResponse(Response response, AuthenticatedUser authenticatedUser, IExperimentationManager iExperimentationManager, ScenarioContext scenarioContext, ILogger iLogger) {
        if (!SkypeChatServiceProvider.isSkypeChatServiceEndpoint(response.networkResponse().request().url().toString())) {
            return false;
        }
        iLogger.log(3, TAG, "Received an unauthorized exception from chat service, marking the registration token as invalid.", new Object[0]);
        if (authenticatedUser.get_isCCMUser()) {
            return true;
        }
        if (authenticatedUser.getIsAnonymous() && !iExperimentationManager.anonymousSkypeTokenRevocationEnabled()) {
            return true;
        }
        scenarioContext.addKeyValueTags(CallConstants.JSON_KEY_STEP, "RevokeSkypeToken");
        revokeSkypeToken(authenticatedUser);
        return true;
    }

    private boolean isMiddleTierEndpoint(String str, ITeamsUser iTeamsUser) {
        return str.startsWith(SkypeTokenAuthzProvider.getAuthzEndpointServiceUrl(iTeamsUser)) || str.startsWith(MiddleTierServiceProvider.getMiddleTierServiceBaseUrl(iTeamsUser.getUserObjectId())) || str.startsWith(MiddleTierServiceProvider.getMtTenantServiceBaseUrl()) || str.startsWith(MiddleTierServiceProvider.getDefaultMiddleTierServiceBaseUrl());
    }

    private void revokeSkypeToken(AuthenticatedUser authenticatedUser) {
        SkypeChatToken skypeChatToken = authenticatedUser.registrationToken;
        if (skypeChatToken != null) {
            skypeChatToken.isValidOnServer = false;
        }
        if (authenticatedUser.skypeToken != null) {
            authenticatedUser.expireSkypeToken();
            authenticatedUser.skypeToken.isRevokedOnServer = true;
        }
        this.mAccountManager.addOrUpdateCachedUser(authenticatedUser);
    }

    @Override // okhttp3.Authenticator
    public Request authenticate(Route route, Response response) throws IOException {
        Request request = response.networkResponse().request();
        AuthenticatedUser user = GlobalRequestUtils.getUser(request, this.mAccountManager);
        String userObjectId = user == null ? null : user.getUserObjectId();
        ILogger logger = this.mApplication.getLogger(userObjectId);
        IScenarioManager scenarioManager = this.mApplication.getScenarioManager(userObjectId);
        ScenarioContext startScenario = scenarioManager.startScenario(ScenarioName.TOKEN_MANAGER_HANDLE_UNAUTHORIZED_RESPONSE, new String[0]);
        if (user == null) {
            logger.log(5, TAG, "Quit because user is null!", new Object[0]);
            scenarioManager.endScenarioOnCancel(startScenario, StatusCode.USER_IS_NULL, "No active user", new String[0]);
            return null;
        }
        if (handleClaims(response, user, startScenario, logger)) {
            logger.log(5, TAG, "AAD revocation flow triggered!", new Object[0]);
            scenarioManager.endScenarioOnSuccessWithStatusCode(startScenario, StatusCode.AuthStatusCode.UNAUTHORIZED_RESPONSE_PRIMARY_TOKEN_REVOCATION, new String[0]);
            return null;
        }
        if (handlePopTokenDiscovery(response, user, startScenario, logger)) {
            logger.log(5, TAG, "Token discover flow triggered!", new Object[0]);
            scenarioManager.endScenarioOnSuccessWithStatusCode(startScenario, StatusCode.AuthStatusCode.UNAUTHORIZED_RESPONSE_POP_DISCOVERY, new String[0]);
            return response.request();
        }
        IExperimentationManager experimentationManager = this.mApplication.getExperimentationManager(userObjectId);
        if (handleSkypeChatResponse(response, user, experimentationManager, startScenario, logger)) {
            logger.log(5, TAG, "Skype token revocation flow triggered!", new Object[0]);
            scenarioManager.endScenarioOnSuccessWithStatusCode(startScenario, StatusCode.AuthStatusCode.UNAUTHORIZED_RESPONSE_SKYPE_TOKEN_REVOCATION, new String[0]);
            return null;
        }
        if (handleMTTokenInvalid(response, user, experimentationManager, startScenario, logger)) {
            logger.log(5, TAG, "Primary token revocation flow triggered!", new Object[0]);
            scenarioManager.endScenarioOnSuccessWithStatusCode(startScenario, StatusCode.AuthStatusCode.UNAUTHORIZED_RESPONSE_PRIMARY_TOKEN_INVALID, new String[0]);
            return null;
        }
        this.mTeamsUserTokenManager.clearResourceToken(user, request.url().toString());
        logger.log(5, TAG, "Resource token cleared!", new Object[0]);
        startScenario.addKeyValueTags(CallConstants.JSON_KEY_STEP, "RevokeResourceToken");
        scenarioManager.endScenarioOnSuccessWithStatusCode(startScenario, StatusCode.AuthStatusCode.UNAUTHORIZED_RESPONSE_RESOURCE_TOKEN_REVOCATION, new String[0]);
        return null;
    }
}
