package com.microsoft.authentication.internal.tokenshare;

import android.content.Context;
import android.os.IBinder;
import android.os.RemoteException;
import com.microsoft.authentication.internal.Logger;
import com.microsoft.authentication.internal.OneAuthAndroidUtils;
import com.microsoft.identity.common.adal.internal.cache.ADALTokenCacheItem;
import com.microsoft.identity.common.adal.internal.tokensharing.ITokenShareResultInternal;
import com.microsoft.identity.common.adal.tokensharing.SSOStateSerializer;
import com.microsoft.identity.common.java.cache.MsalCppOAuth2TokenCache;
import com.microsoft.identity.common.java.dto.Credential;
import com.microsoft.identity.common.java.dto.CredentialType;
import com.microsoft.identity.common.java.dto.IdTokenRecord;
import com.microsoft.identity.common.java.dto.RefreshTokenRecord;
import com.microsoft.identity.common.java.exception.ServiceException;
import com.microsoft.identity.common.java.interfaces.IPlatformComponents;
import com.microsoft.identity.common.java.providers.oauth2.IDToken;
import com.microsoft.tokenshare.AccountInfo;
import com.microsoft.tokenshare.ITokenProvider;
import com.microsoft.tokenshare.RefreshToken;
import defpackage.a5;
import defpackage.g62;
import defpackage.q32;
import defpackage.ud3;
import defpackage.vd3;
import defpackage.z42;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Map;

/* loaded from: classes.dex */
public class MsalTokenProvider implements ITokenProvider {
    public static final String MSA_REALM = "9188040d-6c67-4c5b-b112-36a304b66dad";
    private static final Map<String, String> sClaimRemapper = new HashMap();
    public final Context mApplicationContext;
    public final MsalCppOAuth2TokenCache<?, ?, ?, ?, ?> mTokenCache;

    static {
        applyV1ToV2Mappings();
    }

    public MsalTokenProvider(Context context) {
        this.mApplicationContext = context;
        this.mTokenCache = MsalCppOAuth2TokenCache.create((IPlatformComponents) a5.b(context));
    }

    private static ADALTokenCacheItem adapt(IdTokenRecord idTokenRecord, RefreshTokenRecord refreshTokenRecord) throws ServiceException {
        ADALTokenCacheItem aDALTokenCacheItem = new ADALTokenCacheItem();
        aDALTokenCacheItem.setClientId(refreshTokenRecord.getClientId());
        aDALTokenCacheItem.setRefreshToken(refreshTokenRecord.getSecret());
        aDALTokenCacheItem.setRawIdToken(mintV1IdTokenFromRawV2IdToken(idTokenRecord.getSecret()));
        aDALTokenCacheItem.setFamilyClientId(refreshTokenRecord.getFamilyId());
        aDALTokenCacheItem.setAuthority(isFromHomeTenant(idTokenRecord) ? OneAuthAndroidUtils.getTslAuthorityForEnvironment(refreshTokenRecord.getEnvironment()) : idTokenRecord.getAuthority());
        return aDALTokenCacheItem;
    }

    private static void applyV1ToV2Mappings() {
        sClaimRemapper.put("preferred_username", "upn");
    }

    private String getHomeAccountIdForLocalAccountId(String str) {
        for (com.microsoft.identity.common.java.dto.AccountRecord accountRecord : this.mTokenCache.getAllAccounts()) {
            if (accountRecord.getLocalAccountId().equals(str)) {
                return accountRecord.getHomeAccountId();
            }
        }
        return null;
    }

    private IdTokenRecord getIdTokenForAccount(String str, String str2, String str3) {
        for (Credential credential : this.mTokenCache.getAccountCredentialCache().getCredentialsFilteredBy(str, str2, CredentialType.IdToken, null, str3, null, null)) {
            if (credential instanceof IdTokenRecord) {
                return (IdTokenRecord) credential;
            }
        }
        return null;
    }

    private static boolean isFromHomeTenant(IdTokenRecord idTokenRecord) {
        String homeAccountId = idTokenRecord.getHomeAccountId();
        boolean z = false;
        try {
            String str = (String) IDToken.parseJWT(idTokenRecord.getSecret()).get("oid");
            if (str != null) {
                z = homeAccountId.contains(str);
            } else {
                Logger.logWarning(543765718, "OID claims was missing from token");
            }
        } catch (ServiceException unused) {
            Logger.logWarning(543765719, "Failed to parse IdToken");
        }
        return z;
    }

    private static String mintV1IdTokenFromRawV2IdToken(String str) throws ServiceException {
        Map<String, ?> parseJWT = IDToken.parseJWT(str);
        z42.b bVar = new z42.b();
        for (Map.Entry<String, ?> entry : parseJWT.entrySet()) {
            String key = entry.getKey();
            Object value = entry.getValue();
            if ("ver".equals(key)) {
                value = "1";
            }
            bVar.d(remap(key), value);
        }
        return new vd3(new ud3(q32.h, null, null, null, null), bVar.c()).serialize();
    }

    private static String remap(String str) {
        String str2 = sClaimRemapper.get(str);
        return str2 == null ? str : str2;
    }

    @Override // android.os.IInterface
    public IBinder asBinder() {
        return null;
    }

    @Override // com.microsoft.tokenshare.ITokenProvider
    public List<AccountInfo> getAccounts() {
        ArrayList arrayList = new ArrayList();
        try {
            ArrayList arrayList2 = new ArrayList();
            for (com.microsoft.identity.common.java.dto.AccountRecord accountRecord : this.mTokenCache.getAllAccounts()) {
                RefreshTokenRecord familyRefreshTokenForHomeAccountId = this.mTokenCache.getFamilyRefreshTokenForHomeAccountId(accountRecord.getHomeAccountId());
                if (familyRefreshTokenForHomeAccountId != null) {
                    arrayList2.add(new AccountRecordInfo(accountRecord, new Date(Long.valueOf(familyRefreshTokenForHomeAccountId.getCachedAt()).longValue() * 1000)));
                }
            }
            if (arrayList2.size() > 0) {
                arrayList.addAll(CacheRecordParsingUtils.getListOfAccountInfo(arrayList2));
            }
        } catch (Exception e) {
            Logger.logWarning(559462533, "Error retrieving accounts. " + Logger.pii(e.getMessage()));
        }
        return arrayList;
    }

    @Override // com.microsoft.tokenshare.ITokenProvider
    public String getSharedDeviceId() {
        return null;
    }

    @Override // com.microsoft.tokenshare.ITokenProvider
    public RefreshToken getToken(AccountInfo accountInfo) throws RemoteException {
        IdTokenRecord idTokenForAccount;
        String accountId = accountInfo.getAccountId();
        AccountInfo.AccountType accountType = accountInfo.getAccountType();
        AccountInfo.AccountType accountType2 = AccountInfo.AccountType.MSA;
        if (accountType == accountType2) {
            accountId = CacheRecordParsingUtils.convertCidToGuidString(accountId);
        }
        String homeAccountIdForLocalAccountId = getHomeAccountIdForLocalAccountId(accountId);
        if (homeAccountIdForLocalAccountId == null) {
            Logger.logInfo(554562334, "Could not find account in cache");
            return null;
        }
        RefreshTokenRecord familyRefreshTokenForHomeAccountId = this.mTokenCache.getFamilyRefreshTokenForHomeAccountId(homeAccountIdForLocalAccountId);
        if (familyRefreshTokenForHomeAccountId == null) {
            Logger.logInfo(539849605, "Found account in cache, but refreshTokenRecord null");
            return null;
        }
        if (accountInfo.getAccountType() == accountType2) {
            return new RefreshToken(familyRefreshTokenForHomeAccountId.getSecret(), familyRefreshTokenForHomeAccountId.getClientId());
        }
        if (accountInfo.getAccountType() != AccountInfo.AccountType.ORGID || (idTokenForAccount = getIdTokenForAccount(homeAccountIdForLocalAccountId, null, null)) == null) {
            return null;
        }
        try {
            return new RefreshToken(SSOStateSerializer.serialize(adapt(idTokenForAccount, familyRefreshTokenForHomeAccountId)), ITokenShareResultInternal.TokenShareExportFormatInternal.SSO_STATE_SERIALIZER_BLOB);
        } catch (ServiceException e) {
            Logger.logException(529391764, "ServiceException while serializing token", e);
            return null;
        } catch (g62 e2) {
            Logger.logException(529391765, "JsonParseException while serializing token", e2);
            return null;
        } catch (NullPointerException e3) {
            Logger.logException(529391766, "NullPointerException while serializing token", e3);
            return null;
        } catch (Exception e4) {
            Logger.logException(529391767, "Generic Exception while serializing token", e4);
            return null;
        }
    }
}
