package com.microsoft.identity.common.adal.internal.tokensharing;

import com.microsoft.authentication.internal.OneAuthAndroidUtils;
import com.microsoft.identity.common.adal.internal.cache.ADALTokenCacheItem;
import com.microsoft.identity.common.adal.internal.tokensharing.ITokenShareResultInternal;
import com.microsoft.identity.common.adal.tokensharing.SSOStateSerializer;
import com.microsoft.identity.common.internal.migration.AdalMigrationAdapter;
import com.microsoft.identity.common.internal.migration.TokenCacheItemMigrationAdapter;
import com.microsoft.identity.common.java.authscheme.BearerAuthenticationSchemeInternal;
import com.microsoft.identity.common.java.cache.ICacheRecord;
import com.microsoft.identity.common.java.cache.MsalOAuth2TokenCache;
import com.microsoft.identity.common.java.dto.AccountRecord;
import com.microsoft.identity.common.java.dto.IdTokenRecord;
import com.microsoft.identity.common.java.dto.RefreshTokenRecord;
import com.microsoft.identity.common.java.exception.BaseException;
import com.microsoft.identity.common.java.exception.ClientException;
import com.microsoft.identity.common.java.exception.ServiceException;
import com.microsoft.identity.common.java.providers.microsoft.MicrosoftAccount;
import com.microsoft.identity.common.java.providers.microsoft.MicrosoftRefreshToken;
import com.microsoft.identity.common.java.providers.oauth2.IDToken;
import com.microsoft.identity.common.logging.Logger;
import defpackage.gg2;
import defpackage.qh2;
import defpackage.xt3;
import defpackage.yt3;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.concurrent.Callable;

/* loaded from: classes2.dex */
public class TokenShareUtility implements ITokenShareInternal {
    private static final String CONSUMERS_ENDPOINT = "https://login.microsoftonline.com/consumers";
    private static final String TAG = "TokenShareUtility";
    private static final Map<String, String> sClaimRemapper = new HashMap();
    private final String mClientId;
    private final String mRedirectUri;
    private final MsalOAuth2TokenCache mTokenCache;

    /* loaded from: classes2.dex */
    public enum Environment {
        WORLDWIDE("https://login.windows.net/common"),
        GALLATIN("https://login.partner.microsoftonline.cn/common"),
        BLACKFOREST("https://login.microsoftonline.de/common"),
        ITAR("https://login.microsoftonline.us/common");

        private String mCommonEndpoint;

        Environment(String str) {
            this.mCommonEndpoint = str;
        }

        public static Environment toEnvironment(String str) throws ClientException {
            String str2 = TokenShareUtility.TAG + ":toEnvironment";
            str.hashCode();
            char c = 65535;
            switch (str.hashCode()) {
                case -1941479101:
                    if (str.equals(OneAuthAndroidUtils.ENVIRONMENT_GALLATIN)) {
                        c = 0;
                        break;
                    }
                    break;
                case -1355864205:
                    if (str.equals(OneAuthAndroidUtils.ENVIRONMENT_BLACKFOREST)) {
                        c = 1;
                        break;
                    }
                    break;
                case -1355863664:
                    if (str.equals(OneAuthAndroidUtils.ENVIRONMENT_ITAR)) {
                        c = 2;
                        break;
                    }
                    break;
                case -1343031818:
                    if (str.equals("sts.windows.net")) {
                        c = 3;
                        break;
                    }
                    break;
                case -714411332:
                    if (str.equals("login.microsoft.com")) {
                        c = 4;
                        break;
                    }
                    break;
                case -226751315:
                    if (str.equals("login.windows.net")) {
                        c = 5;
                        break;
                    }
                    break;
                case 917882063:
                    if (str.equals(OneAuthAndroidUtils.ENVIRONMENT_GLOBAL)) {
                        c = 6;
                        break;
                    }
                    break;
                case 1021584738:
                    if (str.equals("login.chinacloudapi.cn")) {
                        c = 7;
                        break;
                    }
                    break;
                case 2076004831:
                    if (str.equals("login.usgovcloudapi.net")) {
                        c = '\b';
                        break;
                    }
                    break;
            }
            switch (c) {
                case 0:
                case 7:
                    return GALLATIN;
                case 1:
                    return BLACKFOREST;
                case 2:
                case '\b':
                    return ITAR;
                case 3:
                case 4:
                case 5:
                case 6:
                    return WORLDWIDE;
                default:
                    Logger.warn(str2, "Unable to map provided env to enum: " + str);
                    throw new ClientException("Unrecognized environment");
            }
        }

        public String getCommonEndpoint() {
            return this.mCommonEndpoint;
        }
    }

    static {
        applyV1ToV2Mappings();
    }

    public TokenShareUtility(String str, String str2, MsalOAuth2TokenCache msalOAuth2TokenCache) {
        this.mClientId = str;
        this.mRedirectUri = str2;
        this.mTokenCache = msalOAuth2TokenCache;
    }

    private static ADALTokenCacheItem adapt(IdTokenRecord idTokenRecord, RefreshTokenRecord refreshTokenRecord) throws BaseException {
        ADALTokenCacheItem aDALTokenCacheItem = new ADALTokenCacheItem();
        aDALTokenCacheItem.setClientId(refreshTokenRecord.getClientId());
        aDALTokenCacheItem.setRefreshToken(refreshTokenRecord.getSecret());
        aDALTokenCacheItem.setRawIdToken(mintV1IdTokenFromRawV2IdToken(idTokenRecord.getSecret()));
        aDALTokenCacheItem.setFamilyClientId(refreshTokenRecord.getFamilyId());
        aDALTokenCacheItem.setAuthority(isFromHomeTenant(idTokenRecord) ? Environment.toEnvironment(refreshTokenRecord.getEnvironment()).getCommonEndpoint() : idTokenRecord.getAuthority());
        return aDALTokenCacheItem;
    }

    private static void applyV1ToV2Mappings() {
        sClaimRemapper.put("preferred_username", "upn");
    }

    /* JADX INFO: Access modifiers changed from: private */
    public ADALTokenCacheItem createTokenCacheItem(String str, String str2) {
        ADALTokenCacheItem aDALTokenCacheItem = new ADALTokenCacheItem();
        aDALTokenCacheItem.setAuthority(str2);
        aDALTokenCacheItem.setClientId(this.mClientId);
        aDALTokenCacheItem.setRefreshToken(str);
        return aDALTokenCacheItem;
    }

    private AccountRecord getAccountRecordForIdentifier(String str) throws ClientException {
        AccountRecord accountByLocalAccountId = this.mTokenCache.getAccountByLocalAccountId(null, this.mClientId, str);
        if (accountByLocalAccountId == null) {
            List<AccountRecord> accountsByUsername = this.mTokenCache.getAccountsByUsername(null, this.mClientId, str);
            if (!accountsByUsername.isEmpty()) {
                accountByLocalAccountId = accountsByUsername.get(0);
            }
        }
        if (accountByLocalAccountId != null) {
            return accountByLocalAccountId;
        }
        throw new ClientException(ClientException.TOKEN_CACHE_ITEM_NOT_FOUND);
    }

    private ICacheRecord getCacheRecordForIdentifier(String str) throws ClientException {
        return this.mTokenCache.load(this.mClientId, null, null, null, getAccountRecordForIdentifier(str), new BearerAuthenticationSchemeInternal());
    }

    private static boolean isFromHomeTenant(IdTokenRecord idTokenRecord) {
        String str = TAG + ":isFromHomeTenant";
        String homeAccountId = idTokenRecord.getHomeAccountId();
        boolean z = false;
        try {
            String str2 = (String) IDToken.parseJWT(idTokenRecord.getSecret()).get("oid");
            if (str2 != null) {
                z = homeAccountId.contains(str2);
            } else {
                Logger.warn(str, "OID claims was missing from token.");
            }
        } catch (ServiceException unused) {
            Logger.warn(str, "Failed to parse IdToken.");
        }
        return z;
    }

    private static String mintV1IdTokenFromRawV2IdToken(String str) throws ServiceException {
        Map<String, ?> parseJWT = IDToken.parseJWT(str);
        qh2.b bVar = new qh2.b();
        for (Map.Entry<String, ?> entry : parseJWT.entrySet()) {
            String key = entry.getKey();
            Object value = entry.getValue();
            if ("ver".equals(key)) {
                value = "1";
            }
            bVar.d(remap(key), value);
        }
        return new yt3(new xt3(gg2.j, null, null, null, null), bVar.c()).serialize();
    }

    private static String remap(String str) {
        String str2 = sClaimRemapper.get(str);
        return str2 == null ? str : str2;
    }

    private void saveResult(Map.Entry<MicrosoftAccount, MicrosoftRefreshToken> entry) throws ClientException {
        if (entry != null) {
            this.mTokenCache.setSingleSignOnState(entry.getKey(), entry.getValue());
        }
    }

    private void throwIfCacheRecordIncomplete(String str, ICacheRecord iCacheRecord) throws ClientException {
        if (iCacheRecord.getRefreshToken() == null || iCacheRecord.getIdToken() == null) {
            Logger.warn(TAG + ":throwIfCacheRecordIncomplete", "That's strange, we had an AccountRecord for identifier: " + str + " but couldn't find tokens for them.");
            throw new ClientException(ClientException.TOKEN_CACHE_ITEM_NOT_FOUND);
        }
    }

    @Override // com.microsoft.identity.common.adal.internal.tokensharing.ITokenShareInternal
    public String getMsaFamilyRefreshToken(String str) throws Exception {
        return getMsaFamilyRefreshTokenWithMetadata(str).getRefreshToken();
    }

    @Override // com.microsoft.identity.common.adal.internal.tokensharing.ITokenShareInternal
    public ITokenShareResultInternal getMsaFamilyRefreshTokenWithMetadata(String str) throws Exception {
        ICacheRecord cacheRecordForIdentifier = getCacheRecordForIdentifier(str);
        throwIfCacheRecordIncomplete(str, cacheRecordForIdentifier);
        return new TokenShareResultInternal(cacheRecordForIdentifier, cacheRecordForIdentifier.getRefreshToken().getSecret(), ITokenShareResultInternal.TokenShareExportFormatInternal.RAW);
    }

    @Override // com.microsoft.identity.common.adal.internal.tokensharing.ITokenShareInternal
    public String getOrgIdFamilyRefreshToken(String str) throws BaseException {
        return getOrgIdFamilyRefreshTokenWithMetadata(str).getRefreshToken();
    }

    @Override // com.microsoft.identity.common.adal.internal.tokensharing.ITokenShareInternal
    public ITokenShareResultInternal getOrgIdFamilyRefreshTokenWithMetadata(String str) throws BaseException {
        ICacheRecord cacheRecordForIdentifier = getCacheRecordForIdentifier(str);
        throwIfCacheRecordIncomplete(str, cacheRecordForIdentifier);
        return new TokenShareResultInternal(cacheRecordForIdentifier, SSOStateSerializer.serialize(adapt(cacheRecordForIdentifier.getIdToken(), cacheRecordForIdentifier.getRefreshToken())), ITokenShareResultInternal.TokenShareExportFormatInternal.SSO_STATE_SERIALIZER_BLOB);
    }

    @Override // com.microsoft.identity.common.adal.internal.tokensharing.ITokenShareInternal
    public void saveMsaFamilyRefreshToken(final String str) throws Exception {
        final String str2 = TAG + ":saveMsaFamilyRefreshToken";
        saveResult((Map.Entry) TokenCacheItemMigrationAdapter.sBackgroundExecutor.submit(new Callable<Map.Entry<MicrosoftAccount, MicrosoftRefreshToken>>() { // from class: com.microsoft.identity.common.adal.internal.tokensharing.TokenShareUtility.2
            @Override // java.util.concurrent.Callable
            public Map.Entry<MicrosoftAccount, MicrosoftRefreshToken> call() throws ClientException {
                ADALTokenCacheItem createTokenCacheItem = TokenShareUtility.this.createTokenCacheItem(str, TokenShareUtility.CONSUMERS_ENDPOINT);
                if (AdalMigrationAdapter.loadCloudDiscoveryMetadata()) {
                    return TokenCacheItemMigrationAdapter.renewToken(TokenShareUtility.this.mRedirectUri, createTokenCacheItem);
                }
                Logger.warn(str2, "Failed to load cloud metadata, aborting.");
                return null;
            }
        }).get());
    }

    @Override // com.microsoft.identity.common.adal.internal.tokensharing.ITokenShareInternal
    public void saveOrgIdFamilyRefreshToken(final String str) throws Exception {
        final String str2 = TAG + ":saveOrgIdFamilyRefreshToken";
        saveResult((Map.Entry) TokenCacheItemMigrationAdapter.sBackgroundExecutor.submit(new Callable<Map.Entry<MicrosoftAccount, MicrosoftRefreshToken>>() { // from class: com.microsoft.identity.common.adal.internal.tokensharing.TokenShareUtility.1
            @Override // java.util.concurrent.Callable
            public Map.Entry<MicrosoftAccount, MicrosoftRefreshToken> call() throws ClientException {
                ADALTokenCacheItem deserialize = SSOStateSerializer.deserialize(str);
                deserialize.setClientId(TokenShareUtility.this.mClientId);
                deserialize.setResource(null);
                if (AdalMigrationAdapter.loadCloudDiscoveryMetadata()) {
                    return TokenCacheItemMigrationAdapter.renewToken(TokenShareUtility.this.mRedirectUri, deserialize);
                }
                Logger.warn(str2, "Failed to load cloud metadata, aborting.");
                return null;
            }
        }).get());
    }
}
