package com.microsoft.mmx.agents.ypp.authclient.auth;

import Microsoft.Windows.MobilityExperience.BaseActivity;
import android.annotation.SuppressLint;
import androidx.annotation.NonNull;
import androidx.annotation.Nullable;
import androidx.annotation.WorkerThread;
import com.microsoft.appmanager.telemetry.TelemetryUtils;
import com.microsoft.appmanager.telemetry.TraceContext;
import com.microsoft.appmanager.utils.AsyncOperation;
import com.microsoft.mmx.agents.di.AgentScope;
import com.microsoft.mmx.agents.ypp.authclient.auth.AuthManager;
import com.microsoft.mmx.agents.ypp.authclient.auth.IAuthManager;
import com.microsoft.mmx.agents.ypp.authclient.crypto.CryptoManager;
import com.microsoft.mmx.agents.ypp.authclient.crypto.IdentityExpiredException;
import com.microsoft.mmx.agents.ypp.authclient.crypto.KeyRotationOperation;
import com.microsoft.mmx.agents.ypp.authclient.service.IAuthServiceClient;
import com.microsoft.mmx.agents.ypp.authclient.service.InvalidIdentityException;
import com.microsoft.mmx.agents.ypp.authclient.telemetry.AuthManagerTelemetry;
import com.microsoft.mmx.agents.ypp.authclient.trust.ITrustManager;
import com.microsoft.mmx.agents.ypp.authclient.trust.TrustManagerFactory;
import com.microsoft.mmx.agents.ypp.authclient.utils.AuthTelemetryUtils;
import com.microsoft.mmx.agents.ypp.configuration.PlatformConfiguration;
import com.microsoft.mmx.agents.ypp.utils.NetworkState;
import dagger.Lazy;
import java.util.Objects;
import java.util.Set;
import java.util.concurrent.CopyOnWriteArraySet;
import java.util.concurrent.Executor;
import java.util.concurrent.Executors;
import javax.inject.Inject;

@AgentScope
/* loaded from: classes3.dex */
public class AuthManager implements IAuthManager {
    public static final String DEFAULT_SCOPE = "general";
    private final Lazy<IAuthServiceClient> authServiceClient;
    private final IAuthStorage authStorage;
    private final CryptoManager cryptoManager;
    private final KeyRotationOperation keyRotationOperation;
    private final NetworkState networkState;
    private final PlatformConfiguration platformConfiguration;
    private final AuthManagerTelemetry telemetry;

    @Nullable
    private ITrustManager trustManager;
    private final TrustManagerFactory trustManagerFactory;
    private final Executor authExecutor = Executors.newSingleThreadExecutor();
    private final Set<IAuthManager.DeviceIdChangedListener> listeners = new CopyOnWriteArraySet();

    @Inject
    public AuthManager(@NonNull Lazy<IAuthServiceClient> lazy, @NonNull IAuthStorage iAuthStorage, @NonNull TrustManagerFactory trustManagerFactory, @NonNull AuthManagerTelemetry authManagerTelemetry, @NonNull CryptoManager cryptoManager, @NonNull KeyRotationOperation keyRotationOperation, @NonNull PlatformConfiguration platformConfiguration, @NonNull NetworkState networkState) {
        this.authServiceClient = lazy;
        this.authStorage = iAuthStorage;
        this.trustManagerFactory = trustManagerFactory;
        this.telemetry = authManagerTelemetry;
        this.cryptoManager = cryptoManager;
        this.keyRotationOperation = keyRotationOperation;
        this.platformConfiguration = platformConfiguration;
        this.networkState = networkState;
    }

    @WorkerThread
    private synchronized AuthState createNewIdentity(@NonNull TraceContext traceContext) {
        AuthState createNewAuthState;
        TraceContext createChild = traceContext.createChild();
        BaseActivity startEstablishIdentityActivity = this.telemetry.startEstablishIdentityActivity(createChild);
        try {
            AccessToken blockingGet = this.authServiceClient.get().createIdentity(createChild).blockingGet();
            AuthState authState = this.authStorage.getAuthState();
            createNewAuthState = this.authStorage.createNewAuthState(blockingGet.getDeviceId(), blockingGet);
            if (authState != null) {
                notifyListenersOfRemovedDeviceId(authState.getDeviceId(), createChild);
            }
            notifyListenersOfNewDeviceId(createNewAuthState.getDeviceId(), createChild);
            this.telemetry.logActivityEnd(startEstablishIdentityActivity);
        } catch (Exception e2) {
            this.telemetry.logErrorCreatingIdentityException(e2, createChild);
            if (this.networkState.isNetworkConnected()) {
                this.telemetry.logActivityEndExceptional("createNewIdentity", e2, startEstablishIdentityActivity, traceContext);
            } else {
                this.telemetry.logActivityEndWithNetworkUnavailableResult(startEstablishIdentityActivity, e2);
            }
            handleServiceErrors(e2, traceContext);
            throw new AuthManagerException(e2);
        }
        return createNewAuthState;
    }

    /* JADX INFO: Access modifiers changed from: private */
    @NonNull
    @WorkerThread
    /* renamed from: getAuthState, reason: merged with bridge method [inline-methods] */
    public synchronized AuthState e(@NonNull TraceContext traceContext) {
        AuthState authState = this.authStorage.getAuthState();
        if (authState == null) {
            this.telemetry.creatingIdentity();
            return createNewIdentity(traceContext);
        }
        if (!isDeviceIdExpired(authState)) {
            this.telemetry.existingIdentityReturned();
            return authState;
        }
        this.telemetry.replacingExpiredIdentity();
        return createNewIdentity(traceContext);
    }

    private void handleServiceErrors(@NonNull Exception exc, @NonNull TraceContext traceContext) {
        if ((exc instanceof IdentityExpiredException) || (exc instanceof InvalidIdentityException)) {
            this.telemetry.logServiceErrorAnomaly(exc, traceContext);
            clear(traceContext);
        }
    }

    private boolean isAccessTokenExpired(@NonNull AccessToken accessToken) {
        return accessToken.getExpirationTime().minus(this.platformConfiguration.getTokenExpirationLeewayTime()).isBeforeNow();
    }

    private boolean isDeviceIdExpired(@NonNull AuthState authState) {
        return authState.b().plus(this.platformConfiguration.getIdentityExpirationTime()).isBeforeNow();
    }

    private void notifyListenersOfNewDeviceId(@NonNull final String str, @NonNull TraceContext traceContext) {
        this.telemetry.notifyNewDeviceId(this.listeners.size());
        final TraceContext createChildScenario = traceContext.createChildScenario("DeviceIdProvisioned");
        if (this.trustManager != null) {
            AsyncOperation.runAsync(new Runnable() { // from class: b.e.d.a.z3.c.a.d
                @Override // java.lang.Runnable
                public final void run() {
                    AuthManager.this.f(str, createChildScenario);
                }
            });
        }
        for (final IAuthManager.DeviceIdChangedListener deviceIdChangedListener : this.listeners) {
            AsyncOperation.runAsync(new Runnable() { // from class: b.e.d.a.z3.c.a.b
                @Override // java.lang.Runnable
                public final void run() {
                    IAuthManager.DeviceIdChangedListener.this.onDeviceIdProvisioned(str);
                }
            });
        }
    }

    @SuppressLint({"CheckResult"})
    private void notifyListenersOfRemovedDeviceId(@NonNull final String str, @NonNull TraceContext traceContext) {
        this.telemetry.notifyDeviceIdRemoved(this.listeners.size());
        TraceContext createChildScenario = traceContext.createChildScenario("DeviceIdDeprovisioned");
        ITrustManager iTrustManager = this.trustManager;
        if (iTrustManager != null) {
            iTrustManager.deviceIdDeprovisioned(str, createChildScenario);
        }
        for (final IAuthManager.DeviceIdChangedListener deviceIdChangedListener : this.listeners) {
            AsyncOperation.runAsync(new Runnable() { // from class: b.e.d.a.z3.c.a.g
                @Override // java.lang.Runnable
                public final void run() {
                    IAuthManager.DeviceIdChangedListener.this.onDeviceIdDeprovisioned(str);
                }
            });
        }
    }

    @WorkerThread
    private synchronized AccessToken refreshAccessToken(@NonNull AuthState authState, @NonNull AuthManagerTelemetry.RefreshType refreshType, @NonNull String str, @NonNull TraceContext traceContext) {
        AccessToken blockingGet;
        TraceContext createChild = traceContext.createChild();
        BaseActivity startRefreshTokenActivity = this.telemetry.startRefreshTokenActivity(refreshType, createChild);
        try {
            blockingGet = this.authServiceClient.get().signIn(authState.getDeviceId(), str, createChild).blockingGet();
            this.authStorage.updateToken(authState.getDeviceId(), blockingGet);
            this.telemetry.logActivityEnd(startRefreshTokenActivity);
        } catch (Exception e2) {
            this.telemetry.logErrorRefreshingTokenException(e2, createChild);
            if (this.networkState.isNetworkConnected()) {
                this.telemetry.logActivityEndExceptional("refreshAccessToken", e2, startRefreshTokenActivity, traceContext);
            } else {
                this.telemetry.logActivityEndWithNetworkUnavailableResult(startRefreshTokenActivity, e2);
            }
            handleServiceErrors(e2, traceContext);
            throw new AuthManagerException(e2);
        }
        return blockingGet;
    }

    private synchronized void rotateKeysIfNecessary(@NonNull String str, @NonNull TraceContext traceContext) {
        if (this.cryptoManager.isKeyRotationNecessary(str, traceContext)) {
            this.telemetry.startKeyRotation(str);
            TraceContext createChild = traceContext.createChild();
            BaseActivity startKeyRotationActivity = this.telemetry.startKeyRotationActivity(createChild);
            Throwable blockingGet = this.keyRotationOperation.performKeyRotation(str, createChild).blockingGet();
            if (blockingGet == null) {
                this.telemetry.keyRotationSuccess(str);
                this.telemetry.logActivityEnd(startKeyRotationActivity);
            } else if ((blockingGet instanceof Exception) && !this.networkState.isNetworkConnected()) {
                this.telemetry.logActivityEndWithNetworkUnavailableResult(startKeyRotationActivity, (Exception) TelemetryUtils.extractException(blockingGet));
            } else if (blockingGet instanceof Exception) {
                this.telemetry.logKeyRotationErrorException(str, (Exception) blockingGet, createChild);
                this.telemetry.logActivityEndExceptional("rotateKeysIfNecessary", (Exception) blockingGet, startKeyRotationActivity, traceContext);
            }
        }
    }

    public /* synthetic */ void a(AuthState authState, TraceContext traceContext) {
        rotateKeysIfNecessary(authState.getDeviceId(), traceContext);
    }

    @Override // com.microsoft.mmx.agents.ypp.authclient.auth.IAuthManager
    public void addDeviceIdChangedListener(@NonNull IAuthManager.DeviceIdChangedListener deviceIdChangedListener) {
        this.listeners.add(deviceIdChangedListener);
        this.telemetry.listenerAdded();
    }

    public /* synthetic */ String b(final TraceContext traceContext, String str, String str2, AccessTokenRetrievalPolicy accessTokenRetrievalPolicy) {
        final AuthState e2 = e(traceContext);
        if (str != null && !Objects.equals(str, e2.getDeviceId())) {
            IllegalArgumentException illegalArgumentException = new IllegalArgumentException("DeviceId does not match established identity");
            this.telemetry.logIllegalDeviceIdArgumentAnomalyEvent(illegalArgumentException, traceContext);
            throw illegalArgumentException;
        }
        String lowerCase = str2 != null ? str2.toLowerCase() : DEFAULT_SCOPE;
        AccessToken accessToken = e2.a().get(lowerCase);
        this.authExecutor.execute(new Runnable() { // from class: b.e.d.a.z3.c.a.c
            @Override // java.lang.Runnable
            public final void run() {
                AuthManager.this.a(e2, traceContext);
            }
        });
        if (accessToken == null) {
            this.telemetry.refreshingAccessToken(accessTokenRetrievalPolicy, lowerCase);
            return refreshAccessToken(e2, AuthManagerTelemetry.RefreshType.NEW_TOKEN, lowerCase, traceContext).getToken();
        }
        if (accessTokenRetrievalPolicy == AccessTokenRetrievalPolicy.FORCE_REFRESH) {
            this.telemetry.refreshingAccessToken(accessTokenRetrievalPolicy, lowerCase);
            return refreshAccessToken(e2, AuthManagerTelemetry.RefreshType.FORCE_REFRESH, lowerCase, traceContext).getToken();
        }
        if (!isAccessTokenExpired(accessToken)) {
            return accessToken.getToken();
        }
        this.telemetry.refreshingAccessToken(accessTokenRetrievalPolicy, lowerCase);
        return refreshAccessToken(e2, AuthManagerTelemetry.RefreshType.EXPIRED, lowerCase, traceContext).getToken();
    }

    public /* synthetic */ String c(TraceContext traceContext) {
        return e(traceContext).getDeviceId();
    }

    @Override // com.microsoft.mmx.agents.ypp.authclient.auth.IAuthManager
    public void clear(TraceContext traceContext) {
        this.telemetry.clearCalled();
        AuthState authState = this.authStorage.getAuthState();
        this.authStorage.clear();
        if (authState != null) {
            Throwable blockingGet = this.cryptoManager.removeKeyPair(authState.getDeviceId(), traceContext).blockingGet();
            if (blockingGet != null) {
                this.telemetry.failedRemovingKeyPairException(authState.getDeviceId(), blockingGet, traceContext);
            } else {
                this.telemetry.removedKeyPair(authState.getDeviceId());
            }
            notifyListenersOfRemovedDeviceId(authState.getDeviceId(), traceContext);
        }
    }

    public /* synthetic */ ITrustManager d(String str) {
        if (this.trustManager == null) {
            this.trustManager = this.trustManagerFactory.getForDeviceId(str);
        }
        return this.trustManager;
    }

    public /* synthetic */ void f(String str, TraceContext traceContext) {
        this.trustManager.deviceIdProvisioned(str, traceContext);
    }

    @Override // com.microsoft.mmx.agents.ypp.authclient.auth.IAuthManager
    @NonNull
    public AsyncOperation<String> getAccessToken(@NonNull AccessTokenRetrievalPolicy accessTokenRetrievalPolicy, @Nullable String str, @NonNull TraceContext traceContext) {
        return getAccessToken(accessTokenRetrievalPolicy, str, null, traceContext);
    }

    @Override // com.microsoft.mmx.agents.ypp.authclient.auth.IAuthManager
    @NonNull
    public AsyncOperation<String> getAccessToken(@NonNull final AccessTokenRetrievalPolicy accessTokenRetrievalPolicy, @Nullable final String str, @Nullable final String str2, @NonNull final TraceContext traceContext) {
        return AsyncOperation.supplyAsync(new AsyncOperation.Supplier() { // from class: b.e.d.a.z3.c.a.f
            @Override // com.microsoft.appmanager.utils.AsyncOperation.Supplier
            public final Object get() {
                return AuthManager.this.b(traceContext, str2, str, accessTokenRetrievalPolicy);
            }
        }, this.authExecutor);
    }

    @Override // com.microsoft.mmx.agents.ypp.authclient.auth.IAuthManager
    @NonNull
    public AsyncOperation<String> getDeviceId(@NonNull final TraceContext traceContext) {
        return AsyncOperation.supplyAsync(new AsyncOperation.Supplier() { // from class: b.e.d.a.z3.c.a.a
            @Override // com.microsoft.appmanager.utils.AsyncOperation.Supplier
            public final Object get() {
                return AuthManager.this.c(traceContext);
            }
        }, this.authExecutor);
    }

    @Override // com.microsoft.mmx.agents.ypp.authclient.auth.IAuthManager
    @NonNull
    public AsyncOperation<ITrustManager> getTrustManager(@NonNull TraceContext traceContext) {
        return getDeviceId(traceContext).thenApplyAsync(new AsyncOperation.ResultFunction() { // from class: b.e.d.a.z3.c.a.h
            @Override // com.microsoft.appmanager.utils.AsyncOperation.ResultFunction
            public final Object apply(Object obj) {
                return AuthManager.this.d((String) obj);
            }
        }, this.authExecutor);
    }

    @Override // com.microsoft.mmx.agents.ypp.authclient.auth.IAuthManager
    public boolean hasActiveIdentity() {
        if (this.authStorage.getAuthState() == null) {
            return false;
        }
        return !isDeviceIdExpired(r0);
    }

    @Override // com.microsoft.mmx.agents.ypp.authclient.auth.IAuthManager
    @NonNull
    public AsyncOperation<Void> init() {
        return init(TelemetryUtils.createNewTraceContext(AuthTelemetryUtils.UNKNOWN_AUTH, AuthTelemetryUtils.AUTH_MANAGER_INIT_TRIGGER));
    }

    @Override // com.microsoft.mmx.agents.ypp.authclient.auth.IAuthManager
    @NonNull
    public AsyncOperation<Void> init(@NonNull final TraceContext traceContext) {
        return AsyncOperation.runAsync(new Runnable() { // from class: b.e.d.a.z3.c.a.e
            @Override // java.lang.Runnable
            public final void run() {
                AuthManager.this.e(traceContext);
            }
        }, this.authExecutor);
    }

    @Override // com.microsoft.mmx.agents.ypp.authclient.auth.IAuthManager
    public boolean removeDcgAuthToken() {
        AuthState authState = this.authStorage.getAuthState();
        if (authState == null) {
            return false;
        }
        this.authStorage.removeAllTokens(authState.getDeviceId());
        return true;
    }

    @Override // com.microsoft.mmx.agents.ypp.authclient.auth.IAuthManager
    public void removeDeviceIdChangedListener(@NonNull IAuthManager.DeviceIdChangedListener deviceIdChangedListener) {
        this.listeners.remove(deviceIdChangedListener);
        this.telemetry.listenerRemoved();
    }
}
