package com.microsoft.workaccount.workplacejoin.core;

import android.os.Build;
import android.text.TextUtils;
import android.util.Base64;
import com.microsoft.graph.models.extensions.Multipart;
import com.microsoft.identity.broker4j.broker.crypto.IRawAsymmetricKeyEntry;
import com.microsoft.identity.broker4j.broker.platform.components.IBrokerPlatformComponents;
import com.microsoft.identity.broker4j.broker.prtv2.PrtV2Loader;
import com.microsoft.identity.broker4j.workplacejoin.AccountInfo;
import com.microsoft.identity.broker4j.workplacejoin.DRSMetadata;
import com.microsoft.identity.broker4j.workplacejoin.WorkplaceJoinFailure;
import com.microsoft.identity.broker4j.workplacejoin.data.RegSource;
import com.microsoft.identity.broker4j.workplacejoin.exception.WorkplaceJoinException;
import com.microsoft.identity.broker4j.workplacejoin.handlers.DRSDiscoveryRequestHandler;
import com.microsoft.identity.broker4j.workplacejoin.handlers.DeviceRegistrationRequestHandler;
import com.microsoft.identity.broker4j.workplacejoin.requests.DeviceBoundPreAuthorizedDeviceRegistrationRequestFactory;
import com.microsoft.identity.broker4j.workplacejoin.requests.IDeviceRegistrationRequestFactory;
import com.microsoft.identity.broker4j.workplacejoin.requests.PreAuthorizedDeviceRegistrationRequestFactory;
import com.microsoft.identity.broker4j.workplacejoin.requests.UserBasedDeviceRegistrationRequestFactory;
import com.microsoft.identity.common.java.AuthenticationConstants;
import com.microsoft.identity.common.java.broker.IBrokerAccount;
import com.microsoft.identity.common.java.exception.ClientException;
import com.microsoft.identity.common.java.logging.Logger;
import com.microsoft.identity.common.java.util.ResultFuture;
import com.microsoft.identity.common.java.util.StringUtil;
import com.microsoft.workaccount.workplacejoin.PrtSetupRunnable;
import java.nio.charset.Charset;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.util.Objects;
import java.util.UUID;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.TimeoutException;
import java.util.regex.Pattern;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import lombok.NonNull;

/* loaded from: classes5.dex */
public class WPJOperation {
    private static final String TAG = "WPJOperation";
    public static final int WPJ_JOIN_TIMEOUT_MS = 600000;
    private static final ExecutorService sPrtThreadPool = Executors.newSingleThreadExecutor();
    private final IBrokerPlatformComponents mComponents;
    private final UUID mCorrelationId;
    private final DRSDiscoveryRequestHandler mDRSDiscoveryRequestHandler;
    private final DeviceRegistrationRequestHandler mDeviceRegistrationHandler;

    public WPJOperation(@NonNull IBrokerPlatformComponents iBrokerPlatformComponents, UUID uuid) {
        Objects.requireNonNull(iBrokerPlatformComponents, "components is marked non-null but is null");
        this.mComponents = iBrokerPlatformComponents;
        this.mCorrelationId = uuid == null ? UUID.randomUUID() : uuid;
        this.mDRSDiscoveryRequestHandler = new DRSDiscoveryRequestHandler();
        this.mDeviceRegistrationHandler = new DeviceRegistrationRequestHandler();
        if (uuid == null) {
            Logger.info(TAG, "No correlation id is passed, will generate and use a random id");
        }
    }

    @NonNull
    private IBrokerAccount addAccount(@NonNull String str, String str2, AccountInfo accountInfo, boolean z) {
        Objects.requireNonNull(str, "registeredOwnerUPN is marked non-null but is null");
        if (!StringUtil.isNullOrEmpty(str2)) {
            str = str2;
        }
        IBrokerAccount createAccount = this.mComponents.getBrokerAccountDataStorage().createAccount(str, "com.microsoft.workaccount");
        if (accountInfo != null && !z) {
            Logger.verbose(TAG + "addAccount", "Adding joined account info to AccountManager.");
            String tenantId = accountInfo.getTenantId();
            if (!TextUtils.isEmpty(tenantId)) {
                this.mComponents.getBrokerAccountDataStorage().setAccountHomeTenantId(createAccount, tenantId);
            }
            String uniqueId = accountInfo.getUniqueId();
            if (!TextUtils.isEmpty(uniqueId)) {
                if (uniqueId.endsWith("$")) {
                    uniqueId = uniqueId.substring(0, uniqueId.length() - 1);
                }
                if (uniqueId.split(Pattern.quote(".")).length == 1 && !TextUtils.isEmpty(tenantId)) {
                    uniqueId = uniqueId + "." + tenantId;
                }
                this.mComponents.getBrokerAccountDataStorage().setAccountUserIdList(createAccount, uniqueId);
            }
            String homeAccountId = accountInfo.getHomeAccountId();
            if (!TextUtils.isEmpty(homeAccountId)) {
                if (homeAccountId.split(Pattern.quote(".")).length == 1 && !TextUtils.isEmpty(tenantId)) {
                    homeAccountId = homeAccountId + "." + tenantId;
                }
                this.mComponents.getBrokerAccountDataStorage().setAccountHomeAccountId(createAccount, homeAccountId);
            }
            if (!TextUtils.isEmpty(accountInfo.getGivenName())) {
                this.mComponents.getBrokerAccountDataStorage().setAccountGivenName(createAccount, accountInfo.getGivenName());
            }
            if (!TextUtils.isEmpty(accountInfo.getFamilyName())) {
                this.mComponents.getBrokerAccountDataStorage().setAccountFamilyName(createAccount, accountInfo.getFamilyName());
            }
            if (!TextUtils.isEmpty(accountInfo.getIdentityProvider())) {
                this.mComponents.getBrokerAccountDataStorage().setAccountIdp(createAccount, accountInfo.getIdentityProvider());
            }
            if (!TextUtils.isEmpty(accountInfo.getDisplayableId())) {
                this.mComponents.getBrokerAccountDataStorage().setAccountDisplayableUserId(createAccount, accountInfo.getDisplayableId());
            }
        }
        new PrtV2Loader(this.mComponents.getBrokerAccountDataStorage()).deletePrtV2(createAccount);
        return createAccount;
    }

    @NonNull
    private DeviceRegistrationRequestHandler.IOnDeviceRegisteredCallback createUserBasedDeviceRegistrationCallbackForPreAuthorizedJoin(@NonNull final ResultFuture<IBrokerAccount> resultFuture) {
        Objects.requireNonNull(resultFuture, "future is marked non-null but is null");
        return new DeviceRegistrationRequestHandler.IOnDeviceRegisteredCallback() { // from class: com.microsoft.workaccount.workplacejoin.core.WPJOperation.1
            @Override // com.microsoft.identity.broker4j.workplacejoin.handlers.DeviceRegistrationRequestHandler.IOnDeviceRegisteredCallback
            public void onDeviceRegistered() {
                WPJOperation.this.setRegistrationSuccessful(resultFuture);
            }

            @Override // com.microsoft.identity.broker4j.workplacejoin.handlers.DeviceRegistrationRequestHandler.IOnDeviceRegisteredCallback
            public void onError(Exception exc) {
                resultFuture.setException(new WorkplaceJoinException("Error during device registration.", WorkplaceJoinFailure.INTERNAL));
            }
        };
    }

    @NonNull
    private DeviceRegistrationRequestHandler.IOnDeviceRegisteredCallback createUserBasedDeviceRegistrationCallbackForWpjJoinWithTokens(@NonNull final String str, final String str2, final String str3, final AccountInfo accountInfo, @NonNull final DRSDiscoveryRequestHandler.DRSDiscoveryResult dRSDiscoveryResult, @NonNull final ResultFuture<IBrokerAccount> resultFuture, final boolean z) {
        Objects.requireNonNull(str, "registeredOwnerUPN is marked non-null but is null");
        Objects.requireNonNull(dRSDiscoveryResult, "drsDiscoveryResult is marked non-null but is null");
        Objects.requireNonNull(resultFuture, "future is marked non-null but is null");
        return new DeviceRegistrationRequestHandler.IOnDeviceRegisteredCallback() { // from class: com.microsoft.workaccount.workplacejoin.core.WPJOperation.2
            @Override // com.microsoft.identity.broker4j.workplacejoin.handlers.DeviceRegistrationRequestHandler.IOnDeviceRegisteredCallback
            public void onDeviceRegistered() {
                WPJOperation.this.onUserBasedDeviceRegistrationSuccess(str, str2, str3, accountInfo, dRSDiscoveryResult, z);
                WPJOperation.this.setRegistrationSuccessful(resultFuture);
            }

            @Override // com.microsoft.identity.broker4j.workplacejoin.handlers.DeviceRegistrationRequestHandler.IOnDeviceRegisteredCallback
            public void onError(Exception exc) {
                String message = TextUtils.isEmpty(exc.getMessage()) ? "Device registration request failed." : exc.getMessage();
                Logger.error(WPJOperation.TAG + "createIOnDeviceRegistrationCallback", "Device registration request failed.", exc);
                Logger.errorPII(WPJOperation.TAG + "createIOnDeviceRegistrationCallback", message, exc);
                resultFuture.setException(exc);
            }
        };
    }

    @NonNull
    private String decryptDeviceBoundPreAuthorizedJoinChallenge(@NonNull String str, @NonNull String str2) throws WorkplaceJoinException {
        Objects.requireNonNull(str, "deviceBoundPreAuthorizedChallenge is marked non-null but is null");
        Objects.requireNonNull(str2, "tenantId is marked non-null but is null");
        String str3 = TAG + "decryptDeviceBoundPreAuthorizedJoinChallenge";
        String str4 = "correlationId: " + this.mCorrelationId;
        Logger.info(str3, "Decrypting the device bound preAuthorized challenge (JWE) with device key. " + str4);
        try {
            String[] split = str.split("\\.");
            if (split.length != 5) {
                throw new WorkplaceJoinException("Invalid device bound preAuthorized challenge (JWE).", WorkplaceJoinFailure.USER);
            }
            byte[] bytes = split[0].getBytes(Charset.forName(Multipart.MULTIPART_ENCODING));
            byte[] decode = Base64.decode(split[1], 8);
            byte[] bArr = new byte[12];
            byte[] decode2 = Base64.decode(split[3], 8);
            byte[] decode3 = Base64.decode(split[4], 8);
            Logger.info(str3, "Successfully parsed JWE, getting device key from WPJ store. " + str4);
            PrivateKey privateKey = ((IRawAsymmetricKeyEntry) this.mComponents.getWpjController().getDeviceKeyData(str2)).getKeyPair().getPrivate();
            Logger.info(str3, "Decrypting encrypted symmetric key in JWE using device's private key. " + str4);
            Cipher cipher = Cipher.getInstance("RSA/ECB/OAEPPadding");
            cipher.init(2, privateKey);
            byte[] doFinal = cipher.doFinal(decode);
            Logger.info(str3, "Getting preauthorized challenge using decrypted symmetric key from JWE. " + str4);
            Cipher cipher2 = Cipher.getInstance("AES/GCM/NoPadding");
            if (Build.VERSION.SDK_INT < 19) {
                throw new WorkplaceJoinException("UnSupported Android API version", WorkplaceJoinFailure.USER);
            }
            cipher2.init(2, new SecretKeySpec(doFinal, "AES"), new GCMParameterSpec(decode3.length * 8, bArr));
            cipher2.updateAAD(bytes);
            cipher2.update(decode2);
            return new String(cipher2.doFinal(decode3), AuthenticationConstants.CHARSET_UTF8);
        } catch (ClientException | IllegalArgumentException | InvalidAlgorithmParameterException | InvalidKeyException | NoSuchAlgorithmException | BadPaddingException | IllegalBlockSizeException | NoSuchPaddingException e) {
            Logger.error(str3, "Failed to decrypt device bound preauthorized challenge. " + str4, e);
            throw new WorkplaceJoinException("Failed to decrypt device bound preauthorized challenge: " + e.getClass().getName() + ":" + e.getMessage(), WorkplaceJoinFailure.INTERNAL);
        }
    }

    @NonNull
    private IDeviceRegistrationRequestFactory getPreAuthorizedDeviceRegistrationRequestFactory(@NonNull String str, @NonNull String str2, boolean z) throws WorkplaceJoinException {
        Objects.requireNonNull(str, "preAuthorizedJoinChallenge is marked non-null but is null");
        Objects.requireNonNull(str2, "tenantId is marked non-null but is null");
        return z ? new DeviceBoundPreAuthorizedDeviceRegistrationRequestFactory(decryptDeviceBoundPreAuthorizedJoinChallenge(str, str2)) : new PreAuthorizedDeviceRegistrationRequestFactory(str);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static /* synthetic */ void lambda$setupPrtIfNeeded$2(String str, boolean z) {
        Logger.info(str, "PRT setup status: " + z);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public /* synthetic */ void lambda$wpjJoinWithPreAuthorizedJoinChallenge$0(IDeviceRegistrationRequestFactory iDeviceRegistrationRequestFactory, boolean z, RegSource regSource, ResultFuture resultFuture, DRSDiscoveryRequestHandler.DRSDiscoveryResult dRSDiscoveryResult) {
        this.mDeviceRegistrationHandler.requestDeviceRegistration(iDeviceRegistrationRequestFactory, this.mComponents, this.mCorrelationId, dRSDiscoveryResult, z, regSource, createUserBasedDeviceRegistrationCallbackForPreAuthorizedJoin(resultFuture));
    }

    /* JADX INFO: Access modifiers changed from: private */
    public /* synthetic */ void lambda$wpjJoinWithTokens$1(String str, String str2, ResultFuture resultFuture, String str3, boolean z, RegSource regSource, String str4, String str5, AccountInfo accountInfo, DRSDiscoveryRequestHandler.DRSDiscoveryResult dRSDiscoveryResult) {
        try {
            DRSMetadata dRSMetadata = dRSDiscoveryResult.getDRSMetadata();
            if (dRSMetadata != null) {
                if (this.mComponents.getWpjController().migrateMatchingEntry(dRSMetadata.getTenantId(), str2)) {
                    setRegistrationSuccessful(resultFuture);
                    return;
                } else {
                    this.mDeviceRegistrationHandler.requestDeviceRegistration(new UserBasedDeviceRegistrationRequestFactory(str3), this.mComponents, this.mCorrelationId, dRSDiscoveryResult, z, regSource, createUserBasedDeviceRegistrationCallbackForWpjJoinWithTokens(str2, str4, str5, accountInfo, dRSDiscoveryResult, resultFuture, z));
                    return;
                }
            }
            Exception dRSException = dRSDiscoveryResult.getDRSException();
            Logger.error(str, "DRS Discovery failed. " + dRSException.getMessage(), dRSException);
            throw new WorkplaceJoinException("DRS Discovery failed. ", WorkplaceJoinFailure.DRS, dRSException);
        } catch (WorkplaceJoinException e) {
            resultFuture.setException(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void onUserBasedDeviceRegistrationSuccess(@NonNull String str, String str2, String str3, AccountInfo accountInfo, @NonNull DRSDiscoveryRequestHandler.DRSDiscoveryResult dRSDiscoveryResult, boolean z) {
        Objects.requireNonNull(str, "registeredOwnerUPN is marked non-null but is null");
        Objects.requireNonNull(dRSDiscoveryResult, "drsDiscoveryResult is marked non-null but is null");
        setupPrtIfNeeded(addAccount(str, str2, accountInfo, z), str3, z, dRSDiscoveryResult.getDRSMetadata());
        Logger.info(TAG + "onUserBasedDeviceRegistrationSuccess", "Device registration succeeds");
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void setRegistrationSuccessful(@NonNull ResultFuture<IBrokerAccount> resultFuture) {
        IBrokerAccount account;
        Objects.requireNonNull(resultFuture, "future is marked non-null but is null");
        Logger.info(TAG + ":setRegistrationSuccessful", "Device successfully registered. correlationid: " + this.mCorrelationId);
        String accountNameForWPJAPI = this.mComponents.getWpjController().getAccountNameForWPJAPI();
        if (accountNameForWPJAPI == null || (account = this.mComponents.getBrokerAccountDataStorage().getAccount(accountNameForWPJAPI, "com.microsoft.workaccount")) == null) {
            resultFuture.setException(new WorkplaceJoinException("Cannot retrieve WPJ account.", WorkplaceJoinFailure.INTERNAL));
        } else {
            resultFuture.setResult(account);
        }
    }

    private void setupPrtIfNeeded(@NonNull IBrokerAccount iBrokerAccount, String str, boolean z, @NonNull DRSMetadata dRSMetadata) {
        Objects.requireNonNull(iBrokerAccount, "account is marked non-null but is null");
        Objects.requireNonNull(dRSMetadata, "drsMetadata is marked non-null but is null");
        final String str2 = TAG + ":setupPrtIfNeeded";
        String uuid = this.mCorrelationId.toString();
        if (z) {
            Logger.info(str2, uuid, "Device is registered in shared mode. Do not acquire PRT.");
        } else if (StringUtil.isNullOrEmpty(str)) {
            Logger.info(str2, uuid, "No BRT is passed. PRT acquisition will be skipped.");
        } else {
            Logger.info(str2, uuid, "Starting a task to acquire PRT.");
            sPrtThreadPool.execute(new PrtSetupRunnable(this.mComponents, iBrokerAccount, str, dRSMetadata, this.mCorrelationId, new PrtSetupRunnable.OnPrtSetupListener() { // from class: com.microsoft.workaccount.workplacejoin.core.WPJOperation$$ExternalSyntheticLambda2
                @Override // com.microsoft.workaccount.workplacejoin.PrtSetupRunnable.OnPrtSetupListener
                public final void onResult(boolean z2) {
                    WPJOperation.lambda$setupPrtIfNeeded$2(str2, z2);
                }
            }));
        }
    }

    public IBrokerAccount wpjJoinWithPreAuthorizedJoinChallenge(@NonNull String str, @NonNull String str2, @NonNull final RegSource regSource, boolean z, final boolean z2) throws WorkplaceJoinException {
        Objects.requireNonNull(str, "tenantId is marked non-null but is null");
        Objects.requireNonNull(str2, "preAuthorizedJoinChallenge is marked non-null but is null");
        Objects.requireNonNull(regSource, "regSource is marked non-null but is null");
        String str3 = TAG + "wpjJoinWithPreAuthorizedJoinChallenge";
        Logger.info(str3, "Starting join with preauthorized challenge for tenantid: " + str + " isPreAuthorizedJoinChallengeDeviceBound: " + z + " isSharedDevice: " + z2 + " correlationid: " + this.mCorrelationId);
        final IDeviceRegistrationRequestFactory preAuthorizedDeviceRegistrationRequestFactory = getPreAuthorizedDeviceRegistrationRequestFactory(str2, str, z);
        final ResultFuture resultFuture = new ResultFuture();
        this.mDRSDiscoveryRequestHandler.requestDeviceRegistrationDiscovery(this.mComponents, str, this.mCorrelationId, new DRSDiscoveryRequestHandler.IOnDeviceRegistrationDiscovery() { // from class: com.microsoft.workaccount.workplacejoin.core.WPJOperation$$ExternalSyntheticLambda0
            @Override // com.microsoft.identity.broker4j.workplacejoin.handlers.DRSDiscoveryRequestHandler.IOnDeviceRegistrationDiscovery
            public final void onEndpointsDiscovery(DRSDiscoveryRequestHandler.DRSDiscoveryResult dRSDiscoveryResult) {
                WPJOperation.this.lambda$wpjJoinWithPreAuthorizedJoinChallenge$0(preAuthorizedDeviceRegistrationRequestFactory, z2, regSource, resultFuture, dRSDiscoveryResult);
            }
        });
        try {
            return (IBrokerAccount) resultFuture.get(600000L, TimeUnit.MILLISECONDS);
        } catch (InterruptedException | ExecutionException | TimeoutException e) {
            Logger.error(str3, e.getMessage(), e);
            throw new WorkplaceJoinException("Failed to join with preauthorized challenge.", WorkplaceJoinFailure.INTERNAL, e);
        }
    }

    public IBrokerAccount wpjJoinWithTokens(@NonNull final String str, @NonNull final String str2, @NonNull final String str3, @NonNull final String str4, final AccountInfo accountInfo, @NonNull final RegSource regSource, final boolean z) throws WorkplaceJoinException {
        Objects.requireNonNull(str, "upn is marked non-null but is null");
        Objects.requireNonNull(str2, "displayableId is marked non-null but is null");
        Objects.requireNonNull(str3, "accessToken is marked non-null but is null");
        Objects.requireNonNull(str4, "refreshToken is marked non-null but is null");
        Objects.requireNonNull(regSource, "regSource is marked non-null but is null");
        final String str5 = TAG + "wpjJoinWithTokens";
        Logger.info(str5, "Starting join with Tokens for displayableId: " + str2 + "isSharedDevice: " + z + "correlationid: " + this.mCorrelationId);
        final ResultFuture resultFuture = new ResultFuture();
        this.mDRSDiscoveryRequestHandler.requestDeviceRegistrationDiscovery(this.mComponents, str, this.mCorrelationId, new DRSDiscoveryRequestHandler.IOnDeviceRegistrationDiscovery() { // from class: com.microsoft.workaccount.workplacejoin.core.WPJOperation$$ExternalSyntheticLambda1
            @Override // com.microsoft.identity.broker4j.workplacejoin.handlers.DRSDiscoveryRequestHandler.IOnDeviceRegistrationDiscovery
            public final void onEndpointsDiscovery(DRSDiscoveryRequestHandler.DRSDiscoveryResult dRSDiscoveryResult) {
                WPJOperation.this.lambda$wpjJoinWithTokens$1(str5, str, resultFuture, str3, z, regSource, str2, str4, accountInfo, dRSDiscoveryResult);
            }
        });
        try {
            return (IBrokerAccount) resultFuture.get(600000L, TimeUnit.MILLISECONDS);
        } catch (InterruptedException | ExecutionException | TimeoutException e) {
            Logger.error(str5, "Failed to join with tokens.", e);
            if (e.getCause() == null) {
                throw new WorkplaceJoinException("Failed to join with tokens.", WorkplaceJoinFailure.INTERNAL, e);
            }
            if (e.getCause() instanceof WorkplaceJoinException) {
                throw ((WorkplaceJoinException) e.getCause());
            }
            throw new WorkplaceJoinException(e.getCause().getMessage(), WorkplaceJoinFailure.INTERNAL, e.getCause());
        }
    }
}
