package com.microsoft.aad.adal;

import android.accounts.Account;
import android.accounts.AccountManager;
import android.accounts.AccountManagerCallback;
import android.accounts.AccountManagerFuture;
import android.accounts.AuthenticatorDescription;
import android.accounts.AuthenticatorException;
import android.accounts.OperationCanceledException;
import android.annotation.TargetApi;
import android.content.Context;
import android.content.Intent;
import android.content.pm.PackageInfo;
import android.content.pm.PackageManager;
import android.content.pm.ResolveInfo;
import android.os.Build;
import android.os.Bundle;
import android.os.Handler;
import android.os.Looper;
import android.text.TextUtils;
import com.microsoft.aad.adal.TelemetryUtils;
import com.microsoft.identity.common.adal.internal.AuthenticationConstants;
import com.microsoft.identity.common.internal.broker.BrokerValidator;
import com.microsoft.identity.common.internal.cache.SharedPreferencesFileManager;
import com.microsoft.intune.mam.client.content.pm.MAMPackageManagement;
import com.microsoft.skydrive.upload.SyncContract;
import java.io.IOException;
import java.io.Serializable;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.Date;
import java.util.GregorianCalendar;
import java.util.HashMap;
import java.util.List;

/* JADX INFO: Access modifiers changed from: package-private */
@TargetApi(14)
/* loaded from: classes3.dex */
public class BrokerProxy implements IBrokerProxy {
    private static final int ACCOUNT_MANAGER_ERROR_CODE_BAD_AUTHENTICATION = 9;
    private static final String AUTHENTICATOR_CANCELS_REQUEST = "Authenticator cancels the request";
    public static final String DATA_USER_INFO = "com.microsoft.workaccount.user.info";
    private static final String KEY_ACCOUNT_LIST_DELIM = "|";
    private static final String KEY_APP_ACCOUNTS_FOR_TOKEN_REMOVAL = "AppAccountsForTokenRemoval";
    private static final String KEY_SHARED_PREF_ACCOUNT_LIST = "com.microsoft.aad.adal.account.list";
    private static final String TAG = "BrokerProxy";
    private AccountManager mAcctManager;
    private BrokerValidator mBrokerValidator;
    private Context mContext;
    private Handler mHandler;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes3.dex */
    public enum SwitchToBroker {
        CAN_SWITCH_TO_BROKER,
        CANNOT_SWITCH_TO_BROKER,
        NEED_PERMISSIONS_TO_SWITCH_TO_BROKER
    }

    BrokerProxy() {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public BrokerProxy(Context context) {
        this.mContext = context;
        this.mAcctManager = AccountManager.get(context);
        this.mHandler = new Handler(this.mContext.getMainLooper());
        this.mBrokerValidator = new BrokerValidator(context);
    }

    private boolean checkAccount(AccountManager accountManager, String str, String str2) {
        for (AuthenticatorDescription authenticatorDescription : accountManager.getAuthenticatorTypes()) {
            if (authenticatorDescription.type.equals("com.microsoft.workaccount")) {
                Account[] accountsByType = this.mAcctManager.getAccountsByType("com.microsoft.workaccount");
                if (new BrokerValidator(this.mContext).isValidBrokerPackage(authenticatorDescription.packageName) || authenticatorDescription.packageName.equalsIgnoreCase(AuthenticationSettings.INSTANCE.getBrokerPackageName())) {
                    if (hasSupportToAddUserThroughBroker(authenticatorDescription.packageName)) {
                        return true;
                    }
                    if (accountsByType.length > 0) {
                        return verifyAccount(accountsByType, str, str2);
                    }
                }
            }
        }
        return false;
    }

    private String checkPermission(String str) {
        if (MAMPackageManagement.checkPermission(this.mContext.getPackageManager(), str, this.mContext.getPackageName()) == 0) {
            return "";
        }
        Logger.w(TAG, "Broker related permissions are missing for " + str, "", ADALError.DEVELOPER_BROKER_PERMISSIONS_MISSING);
        return str + ' ';
    }

    private Account findAccount(String str, Account[] accountArr) {
        String str2;
        if (accountArr == null) {
            return null;
        }
        for (Account account : accountArr) {
            if (account != null && (str2 = account.name) != null && str2.equalsIgnoreCase(str)) {
                return account;
            }
        }
        return null;
    }

    private UserInfo findUserInfo(String str, UserInfo[] userInfoArr) {
        if (userInfoArr == null) {
            return null;
        }
        for (UserInfo userInfo : userInfoArr) {
            if (userInfo != null && !TextUtils.isEmpty(userInfo.getUserId()) && userInfo.getUserId().equalsIgnoreCase(str)) {
                return userInfo;
            }
        }
        return null;
    }

    private Bundle getAuthTokenFromAccountManager(AuthenticationRequest authenticationRequest, Bundle bundle) throws AuthenticationException {
        Account targetAccount = getTargetAccount(authenticationRequest);
        if (targetAccount == null) {
            Logger.v("BrokerProxy:getAuthTokenFromAccountManager", "Target account is not found");
            return null;
        }
        try {
            AccountManagerFuture<Bundle> authToken = this.mAcctManager.getAuthToken(targetAccount, "adal.authtoken.type", bundle, false, (AccountManagerCallback<Bundle>) null, this.mHandler);
            Logger.v("BrokerProxy:getAuthTokenFromAccountManager", "Received result from broker");
            Bundle result = authToken.getResult();
            Logger.v("BrokerProxy:getAuthTokenFromAccountManager", "Returning result from broker");
            return result;
        } catch (AuthenticatorException e) {
            if (com.microsoft.identity.common.adal.internal.util.StringExtensions.isNullOrBlank(e.getMessage()) || !e.getMessage().contains(AuthenticationConstants.OAuth2ErrorCode.INVALID_GRANT)) {
                Logger.e("BrokerProxy:getAuthTokenFromAccountManager", AUTHENTICATOR_CANCELS_REQUEST, "", ADALError.BROKER_AUTHENTICATOR_ERROR_GETAUTHTOKEN);
                throw new AuthenticationException(ADALError.BROKER_AUTHENTICATOR_ERROR_GETAUTHTOKEN, e.getMessage());
            }
            Logger.e("BrokerProxy:getAuthTokenFromAccountManager", AUTHENTICATOR_CANCELS_REQUEST, "Acquire token failed with 'invalid grant' error, cannot proceed with silent request.", ADALError.AUTH_REFRESH_FAILED_PROMPT_NOT_ALLOWED);
            throw new AuthenticationException(ADALError.AUTH_REFRESH_FAILED_PROMPT_NOT_ALLOWED, e.getMessage());
        } catch (OperationCanceledException e2) {
            Logger.e("BrokerProxy:getAuthTokenFromAccountManager", AUTHENTICATOR_CANCELS_REQUEST, "", ADALError.AUTH_FAILED_CANCELLED, e2);
            throw new AuthenticationException(ADALError.AUTH_FAILED_CANCELLED, e2.getMessage(), e2);
        } catch (IOException e3) {
            Logger.e("BrokerProxy:getAuthTokenFromAccountManager", AUTHENTICATOR_CANCELS_REQUEST, "", ADALError.BROKER_AUTHENTICATOR_IO_EXCEPTION);
            if (e3.getMessage() != null && e3.getMessage().contains(ADALError.DEVICE_CONNECTION_IS_NOT_AVAILABLE.getDescription())) {
                throw new AuthenticationException(ADALError.DEVICE_CONNECTION_IS_NOT_AVAILABLE, "Received error from broker, errorCode: " + e3.getMessage());
            }
            if (e3.getMessage() == null || !e3.getMessage().contains(ADALError.NO_NETWORK_CONNECTION_POWER_OPTIMIZATION.getDescription())) {
                throw new AuthenticationException(ADALError.BROKER_AUTHENTICATOR_IO_EXCEPTION, e3.getMessage(), e3);
            }
            throw new AuthenticationException(ADALError.NO_NETWORK_CONNECTION_POWER_OPTIMIZATION, "Received error from broker, errorCode: " + e3.getMessage());
        }
    }

    /* JADX WARN: Removed duplicated region for block: B:15:0x0070  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private com.microsoft.aad.adal.AuthenticationException getAuthenticationExceptionForResult(java.lang.String r8, java.lang.String r9, android.os.Bundle r10) {
        /*
            r7 = this;
            r0 = 2
            java.lang.Object[] r0 = new java.lang.Object[r0]
            r1 = 0
            r0[r1] = r8
            r8 = 1
            r0[r8] = r9
            java.lang.String r8 = "Received error from broker, errorCode: %s; ErrorDescription: %s"
            java.lang.String r8 = java.lang.String.format(r8, r0)
            java.lang.String r9 = "response_body"
            java.io.Serializable r9 = r10.getSerializable(r9)
            com.microsoft.aad.adal.TelemetryUtils$CliTelemInfo r0 = r7.getCliTelemInfoFromBundle(r10)
            if (r9 == 0) goto L6d
            boolean r1 = r9 instanceof java.util.HashMap
            if (r1 == 0) goto L6d
            java.util.HashMap r9 = (java.util.HashMap) r9
            java.lang.String r1 = "error"
            java.lang.Object r1 = r9.get(r1)
            java.lang.String r1 = (java.lang.String) r1
            java.lang.String r2 = "suberror"
            java.lang.Object r9 = r9.get(r2)
            java.lang.String r9 = (java.lang.String) r9
            boolean r2 = com.microsoft.identity.common.adal.internal.util.StringExtensions.isNullOrBlank(r1)
            if (r2 != 0) goto L6d
            boolean r2 = com.microsoft.identity.common.adal.internal.util.StringExtensions.isNullOrBlank(r9)
            if (r2 != 0) goto L6d
            java.lang.String r2 = "unauthorized_client"
            int r1 = r2.compareTo(r1)
            if (r1 != 0) goto L6d
            java.lang.String r1 = "protection_policy_required"
            int r9 = r1.compareTo(r9)
            if (r9 != 0) goto L6d
            java.lang.String r9 = "account.name"
            java.lang.String r3 = r10.getString(r9)
            java.lang.String r9 = "account.userinfo.userid"
            java.lang.String r4 = r10.getString(r9)
            java.lang.String r9 = "account.userinfo.tenantid"
            java.lang.String r5 = r10.getString(r9)
            java.lang.String r9 = "account.authority"
            java.lang.String r6 = r10.getString(r9)
            com.microsoft.aad.adal.IntuneAppProtectionPolicyRequiredException r9 = new com.microsoft.aad.adal.IntuneAppProtectionPolicyRequiredException
            r1 = r9
            r2 = r8
            r1.<init>(r2, r3, r4, r5, r6)
            goto L6e
        L6d:
            r9 = 0
        L6e:
            if (r9 != 0) goto L77
            com.microsoft.aad.adal.AuthenticationException r9 = new com.microsoft.aad.adal.AuthenticationException
            com.microsoft.aad.adal.ADALError r10 = com.microsoft.aad.adal.ADALError.AUTH_REFRESH_FAILED_PROMPT_NOT_ALLOWED
            r9.<init>(r10, r8)
        L77:
            java.lang.String r8 = r0.getSpeRing()
            r9.setSpeRing(r8)
            java.lang.String r8 = r0.getRefreshTokenAge()
            r9.setRefreshTokenAge(r8)
            java.lang.String r8 = r0.getServerErrorCode()
            r9.setCliTelemErrorCode(r8)
            java.lang.String r8 = r0.getServerSubErrorCode()
            r9.setCliTelemSubErrorCode(r8)
            return r9
        */
        throw new UnsupportedOperationException("Method not decompiled: com.microsoft.aad.adal.BrokerProxy.getAuthenticationExceptionForResult(java.lang.String, java.lang.String, android.os.Bundle):com.microsoft.aad.adal.AuthenticationException");
    }

    private Bundle getBrokerOptions(AuthenticationRequest authenticationRequest) {
        Bundle bundle = new Bundle();
        bundle.putInt("com.microsoft.aad.adal:RequestId", authenticationRequest.getRequestId());
        bundle.putInt("expiration.buffer", AuthenticationSettings.INSTANCE.getExpirationBuffer());
        bundle.putString("account.authority", authenticationRequest.getAuthority());
        bundle.putString("account.resource", authenticationRequest.getResource());
        bundle.putString("account.redirect", authenticationRequest.getRedirectUri());
        bundle.putString("account.clientid.key", authenticationRequest.getClientId());
        bundle.putString("adal.version.key", authenticationRequest.getVersion());
        bundle.putString("account.userinfo.userid", authenticationRequest.getUserId());
        bundle.putString("account.extra.query.param", authenticationRequest.getExtraQueryParamsAuthentication());
        if (authenticationRequest.getCorrelationId() != null) {
            bundle.putString("account.correlationid", authenticationRequest.getCorrelationId().toString());
        }
        String brokerAccountName = authenticationRequest.getBrokerAccountName();
        if (com.microsoft.identity.common.adal.internal.util.StringExtensions.isNullOrBlank(brokerAccountName)) {
            brokerAccountName = authenticationRequest.getLoginHint();
        }
        bundle.putString("account.login.hint", brokerAccountName);
        bundle.putString("account.name", brokerAccountName);
        if (authenticationRequest.getPrompt() != null) {
            bundle.putString("account.prompt", authenticationRequest.getPrompt().name());
        }
        if (authenticationRequest.isClaimsChallengePresent() || authenticationRequest.getClientCapabilities() != null) {
            bundle.putString("account.claims", AuthenticationContext.mergeClaimsWithClientCapabilities(authenticationRequest.getClaimsChallenge(), authenticationRequest.getClientCapabilities()));
        }
        if (authenticationRequest.getForceRefresh() || authenticationRequest.isClaimsChallengePresent()) {
            bundle.putString(AuthenticationConstants.Broker.BROKER_FORCE_REFRESH, Boolean.toString(true));
        }
        bundle.putString("x-app-ver", authenticationRequest.getAppVersion());
        bundle.putString("x-app-name", authenticationRequest.getAppName());
        return bundle;
    }

    private TelemetryUtils.CliTelemInfo getCliTelemInfoFromBundle(Bundle bundle) {
        TelemetryUtils.CliTelemInfo cliTelemInfo = new TelemetryUtils.CliTelemInfo();
        cliTelemInfo._setServerErrorCode(bundle.getString("cliteleminfo.server_error"));
        cliTelemInfo._setServerSubErrorCode(bundle.getString("cliteleminfo.server_suberror"));
        cliTelemInfo._setRefreshTokenAge(bundle.getString("cliteleminfo.rt_age"));
        cliTelemInfo._setSpeRing(bundle.getString("cliteleminfo.spe_ring"));
        return cliTelemInfo;
    }

    private Intent getIntentForBrokerActivityFromAccountManager(Bundle bundle) {
        try {
            return (Intent) this.mAcctManager.addAccount("com.microsoft.workaccount", "adal.authtoken.type", null, bundle, null, null, this.mHandler).getResult().getParcelable("intent");
        } catch (AuthenticatorException e) {
            Logger.e("BrokerProxy:getIntentForBrokerActivityFromAccountManager", AUTHENTICATOR_CANCELS_REQUEST, "", ADALError.BROKER_AUTHENTICATOR_NOT_RESPONDING, e);
            return null;
        } catch (OperationCanceledException e2) {
            Logger.e("BrokerProxy:getIntentForBrokerActivityFromAccountManager", AUTHENTICATOR_CANCELS_REQUEST, "", ADALError.AUTH_FAILED_CANCELLED, e2);
            return null;
        } catch (IOException e3) {
            Logger.e("BrokerProxy:getIntentForBrokerActivityFromAccountManager", AUTHENTICATOR_CANCELS_REQUEST, "", ADALError.BROKER_AUTHENTICATOR_IO_EXCEPTION, e3);
            return null;
        }
    }

    private AuthenticationResult getResultFromBrokerResponse(Bundle bundle, AuthenticationRequest authenticationRequest) throws AuthenticationException {
        Date date;
        if (bundle == null) {
            throw new IllegalArgumentException("bundleResult");
        }
        int i = bundle.getInt(SyncContract.StateColumns.ERROR_CODE);
        String string = bundle.getString("errorMessage");
        String string2 = bundle.getString("error");
        String string3 = bundle.getString("error_description");
        TelemetryUtils.CliTelemInfo cliTelemInfoFromBundle = getCliTelemInfoFromBundle(bundle);
        if (!com.microsoft.identity.common.adal.internal.util.StringExtensions.isNullOrBlank(string)) {
            AuthenticationException authenticationException = new AuthenticationException(i != 3 ? i != 4 ? i != 6 ? i != 7 ? i != 9 ? ADALError.BROKER_AUTHENTICATOR_ERROR_GETAUTHTOKEN : ADALError.BROKER_AUTHENTICATOR_BAD_AUTHENTICATION : ADALError.BROKER_AUTHENTICATOR_BAD_ARGUMENTS : ADALError.BROKER_AUTHENTICATOR_UNSUPPORTED_OPERATION : ADALError.AUTH_FAILED_CANCELLED : !string.contains(ADALError.NO_NETWORK_CONNECTION_POWER_OPTIMIZATION.getDescription()) ? string.contains(ADALError.DEVICE_CONNECTION_IS_NOT_AVAILABLE.getDescription()) ? ADALError.DEVICE_CONNECTION_IS_NOT_AVAILABLE : ADALError.BROKER_AUTHENTICATOR_IO_EXCEPTION : ADALError.NO_NETWORK_CONNECTION_POWER_OPTIMIZATION, string);
            authenticationException.setSpeRing(cliTelemInfoFromBundle.getSpeRing());
            authenticationException.setRefreshTokenAge(cliTelemInfoFromBundle.getRefreshTokenAge());
            authenticationException.setCliTelemErrorCode(cliTelemInfoFromBundle.getServerErrorCode());
            authenticationException.setCliTelemSubErrorCode(cliTelemInfoFromBundle.getServerSubErrorCode());
            throw authenticationException;
        }
        if (!com.microsoft.identity.common.adal.internal.util.StringExtensions.isNullOrBlank(string2) && authenticationRequest.isSilent()) {
            AuthenticationException authenticationExceptionForResult = getAuthenticationExceptionForResult(string2, string3, bundle);
            Serializable serializable = bundle.getSerializable("response_body");
            Serializable serializable2 = bundle.getSerializable("response_headers");
            if (serializable != null && (serializable instanceof HashMap)) {
                authenticationExceptionForResult.setHttpResponseBody((HashMap) serializable);
            }
            if (serializable2 != null && (serializable2 instanceof HashMap)) {
                authenticationExceptionForResult.setHttpResponseHeaders((HashMap) serializable2);
            }
            authenticationExceptionForResult.setServiceStatusCode(bundle.getInt("status_code"));
            throw authenticationExceptionForResult;
        }
        if (bundle.getBoolean("account.initial.request")) {
            return AuthenticationResult.createResultForInitialRequest(authenticationRequest.getClientId());
        }
        UserInfo userInfoFromBrokerResult = UserInfo.getUserInfoFromBrokerResult(bundle);
        String string4 = bundle.getString("account.userinfo.tenantid", "");
        String string5 = bundle.getString("account.idtoken", "");
        if (bundle.getLong("account.expiredate") == 0) {
            Logger.v("BrokerProxy:getResultFromBrokerResponse", "Broker doesn't return expire date, set it current date plus one hour");
            GregorianCalendar gregorianCalendar = new GregorianCalendar();
            gregorianCalendar.add(13, 3600);
            date = gregorianCalendar.getTime();
        } else {
            date = new Date(bundle.getLong("account.expiredate"));
        }
        AuthenticationResult authenticationResult = new AuthenticationResult(bundle.getString("authtoken"), "", date, false, userInfoFromBrokerResult, string4, string5, null, authenticationRequest.getClientId());
        authenticationResult.setCliTelemInfo(cliTelemInfoFromBundle);
        return authenticationResult;
    }

    private Account getTargetAccount(AuthenticationRequest authenticationRequest) {
        Account[] accountsByType = this.mAcctManager.getAccountsByType("com.microsoft.workaccount");
        if (!TextUtils.isEmpty(authenticationRequest.getBrokerAccountName())) {
            return findAccount(authenticationRequest.getBrokerAccountName(), accountsByType);
        }
        try {
            UserInfo findUserInfo = findUserInfo(authenticationRequest.getUserId(), getBrokerUsers());
            if (findUserInfo != null) {
                return findAccount(findUserInfo.getDisplayableId(), accountsByType);
            }
            return null;
        } catch (AuthenticatorException | OperationCanceledException | IOException e) {
            Logger.e("BrokerProxy:getTargetAccount", "Exception is thrown when trying to get target account.", e.getMessage(), ADALError.BROKER_AUTHENTICATOR_IO_EXCEPTION, e);
            return null;
        }
    }

    private UserInfo[] getUserInfoFromAccountManager() throws OperationCanceledException, AuthenticatorException, IOException {
        Account[] accountsByType = this.mAcctManager.getAccountsByType("com.microsoft.workaccount");
        Bundle bundle = new Bundle();
        bundle.putBoolean(DATA_USER_INFO, true);
        Logger.v("BrokerProxy:getUserInfoFromAccountManager", "Retrieve all the accounts from account manager with broker account type, and the account length is: " + accountsByType.length);
        UserInfo[] userInfoArr = new UserInfo[accountsByType.length];
        for (int i = 0; i < accountsByType.length; i++) {
            AccountManagerFuture<Bundle> updateCredentials = this.mAcctManager.updateCredentials(accountsByType[i], "adal.authtoken.type", bundle, null, null, null);
            Logger.v("BrokerProxy:getUserInfoFromAccountManager", "Waiting for userinfo retrieval result from Broker.");
            Bundle result = updateCredentials.getResult();
            userInfoArr[i] = new UserInfo(result.getString("account.userinfo.userid"), result.getString("account.userinfo.given.name"), result.getString("account.userinfo.family.name"), result.getString("account.userinfo.identity.provider"), result.getString("account.userinfo.userid.displayable"));
        }
        return userInfoArr;
    }

    private boolean hasSupportToAddUserThroughBroker(String str) {
        Intent intent = new Intent();
        intent.setPackage(str);
        intent.setClassName(str, str + ".ui.AccountChooserActivity");
        return MAMPackageManagement.queryIntentActivities(this.mContext.getPackageManager(), intent, 0).size() > 0;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public boolean isBrokerAccountServiceSupported() {
        return isServiceSupported(this.mContext, BrokerAccountServiceHandler.getIntentForBrokerAccountService(this.mContext));
    }

    private boolean isBrokerWithPRTSupport(Intent intent) {
        if (intent != null) {
            return "v2".equalsIgnoreCase(intent.getStringExtra("broker.version"));
        }
        throw new IllegalArgumentException("intent");
    }

    private boolean isServiceSupported(Context context, Intent intent) {
        List<ResolveInfo> queryIntentServices;
        return (intent == null || (queryIntentServices = MAMPackageManagement.queryIntentServices(context.getPackageManager(), intent, 0)) == null || queryIntentServices.size() <= 0) ? false : true;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void removeAccountFromAccountManager() {
        Logger.v("BrokerProxy:removeAccountFromAccountManager", "Try to remove account from account manager.");
        Account[] accountsByType = this.mAcctManager.getAccountsByType("com.microsoft.workaccount");
        if (accountsByType.length != 0) {
            for (Account account : accountsByType) {
                Logger.v("BrokerProxy:removeAccountFromAccountManager", "Remove tokens for account. ", "Account: " + account.name, null);
                Bundle bundle = new Bundle();
                bundle.putString("account.remove.tokens", "account.remove.tokens.value");
                this.mAcctManager.getAuthToken(account, "adal.authtoken.type", bundle, false, (AccountManagerCallback<Bundle>) null, this.mHandler);
            }
        }
    }

    private boolean verifyAccount(Account[] accountArr, String str, String str2) {
        if (!com.microsoft.identity.common.adal.internal.util.StringExtensions.isNullOrBlank(str)) {
            return str.equalsIgnoreCase(accountArr[0].name);
        }
        if (com.microsoft.identity.common.adal.internal.util.StringExtensions.isNullOrBlank(str2)) {
            return true;
        }
        try {
            return findUserInfo(str2, getBrokerUsers()) != null;
        } catch (AuthenticatorException | OperationCanceledException | IOException e) {
            Logger.e("BrokerProxy:verifyAccount", "Exception thrown when verifying accounts in broker. ", e.getMessage(), ADALError.BROKER_AUTHENTICATOR_EXCEPTION, e);
            Logger.v("BrokerProxy:verifyAccount", "It could not check the uniqueid from broker. It is not using broker");
            return false;
        }
    }

    private boolean verifyAuthenticator(AccountManager accountManager) {
        for (AuthenticatorDescription authenticatorDescription : accountManager.getAuthenticatorTypes()) {
            if (authenticatorDescription.type.equals("com.microsoft.workaccount") && this.mBrokerValidator.verifySignature(authenticatorDescription.packageName)) {
                return true;
            }
        }
        return false;
    }

    private void verifyNotOnMainThread() {
        Looper myLooper = Looper.myLooper();
        if (myLooper == null || myLooper != this.mContext.getMainLooper()) {
            return;
        }
        IllegalStateException illegalStateException = new IllegalStateException("calling this from your main thread can lead to deadlock");
        Logger.e(TAG, "calling this from your main thread can lead to deadlock and/or ANRs", "", ADALError.DEVELOPER_CALLING_ON_MAIN_THREAD, illegalStateException);
        if (this.mContext.getApplicationInfo().targetSdkVersion >= 8) {
            throw illegalStateException;
        }
    }

    @Override // com.microsoft.aad.adal.IBrokerProxy
    public SwitchToBroker canSwitchToBroker(String str) {
        try {
            boolean z = AuthenticationSettings.INSTANCE.getUseBroker() && verifyAuthenticator(this.mAcctManager) && !UrlExtensions.isADFSAuthority(new URL(str));
            if (!z) {
                Logger.v("BrokerProxy:canSwitchToBroker", "Broker auth is turned off or no valid broker is available on the device, cannot switch to broker.");
                return SwitchToBroker.CANNOT_SWITCH_TO_BROKER;
            }
            if (!isBrokerAccountServiceSupported()) {
                if (!(z && checkAccount(this.mAcctManager, "", ""))) {
                    Logger.v("BrokerProxy:canSwitchToBroker", "No valid account existed in broker, cannot switch to broker for auth.");
                    return SwitchToBroker.CANNOT_SWITCH_TO_BROKER;
                }
                try {
                    verifyBrokerPermissionsAPI23AndHigher();
                } catch (UsageAuthenticationException unused) {
                    Logger.v("BrokerProxy:canSwitchToBroker", "Missing GET_ACCOUNTS permission, cannot switch to broker.");
                    return SwitchToBroker.NEED_PERMISSIONS_TO_SWITCH_TO_BROKER;
                }
            }
            return SwitchToBroker.CAN_SWITCH_TO_BROKER;
        } catch (MalformedURLException unused2) {
            throw new IllegalArgumentException(ADALError.DEVELOPER_AUTHORITY_IS_NOT_VALID_URL.name());
        }
    }

    @Override // com.microsoft.aad.adal.IBrokerProxy
    public boolean canUseLocalCache(String str) {
        if (canSwitchToBroker(str) == SwitchToBroker.CANNOT_SWITCH_TO_BROKER) {
            Logger.v("BrokerProxy:canUseLocalCache", "It does not use broker");
            return true;
        }
        if (!this.mBrokerValidator.verifySignature(this.mContext.getPackageName())) {
            return false;
        }
        Logger.v("BrokerProxy:canUseLocalCache", "Broker installer can use local cache");
        return true;
    }

    @Override // com.microsoft.aad.adal.IBrokerProxy
    public AuthenticationResult getAuthTokenInBackground(AuthenticationRequest authenticationRequest, BrokerEvent brokerEvent) throws AuthenticationException {
        verifyNotOnMainThread();
        Bundle brokerOptions = getBrokerOptions(authenticationRequest);
        Bundle authToken = isBrokerAccountServiceSupported() ? BrokerAccountServiceHandler.getInstance().getAuthToken(this.mContext, brokerOptions, brokerEvent) : getAuthTokenFromAccountManager(authenticationRequest, brokerOptions);
        if (authToken != null) {
            return getResultFromBrokerResponse(authToken, authenticationRequest);
        }
        Logger.v(TAG, "No bundle result returned from broker for silent request.");
        return null;
    }

    @Override // com.microsoft.aad.adal.IBrokerProxy
    public String getBrokerAppVersion(String str) throws PackageManager.NameNotFoundException {
        PackageInfo packageInfo = MAMPackageManagement.getPackageInfo(this.mContext.getPackageManager(), str, 0);
        return "VersionName=" + packageInfo.versionName + ";VersonCode=" + packageInfo.versionCode + ".";
    }

    @Override // com.microsoft.aad.adal.IBrokerProxy
    public UserInfo[] getBrokerUsers() throws OperationCanceledException, AuthenticatorException, IOException {
        if (Looper.myLooper() != Looper.getMainLooper()) {
            return isBrokerAccountServiceSupported() ? BrokerAccountServiceHandler.getInstance().getBrokerUsers(this.mContext) : getUserInfoFromAccountManager();
        }
        throw new IllegalArgumentException("Calling getBrokerUsers on main thread");
    }

    @Override // com.microsoft.aad.adal.IBrokerProxy
    public String getCurrentActiveBrokerPackageName() {
        for (AuthenticatorDescription authenticatorDescription : this.mAcctManager.getAuthenticatorTypes()) {
            if (authenticatorDescription.type.equals("com.microsoft.workaccount")) {
                return authenticatorDescription.packageName;
            }
        }
        return null;
    }

    @Override // com.microsoft.aad.adal.IBrokerProxy
    public String getCurrentUser() {
        if (!isBrokerAccountServiceSupported()) {
            Account[] accountsByType = this.mAcctManager.getAccountsByType("com.microsoft.workaccount");
            if (accountsByType.length > 0) {
                return accountsByType[0].name;
            }
            return null;
        }
        verifyNotOnMainThread();
        try {
            UserInfo[] brokerUsers = BrokerAccountServiceHandler.getInstance().getBrokerUsers(this.mContext);
            if (brokerUsers.length == 0) {
                return null;
            }
            return brokerUsers[0].getDisplayableId();
        } catch (IOException e) {
            Logger.e("BrokerProxy:getCurrentUser", "No current user could be retrieved.", "", null, e);
            return null;
        }
    }

    @Override // com.microsoft.aad.adal.IBrokerProxy
    public Intent getIntentForBrokerActivity(AuthenticationRequest authenticationRequest, BrokerEvent brokerEvent) throws AuthenticationException {
        Intent intentForBrokerActivityFromAccountManager;
        Bundle brokerOptions = getBrokerOptions(authenticationRequest);
        if (isBrokerAccountServiceSupported()) {
            intentForBrokerActivityFromAccountManager = BrokerAccountServiceHandler.getInstance().getIntentForInteractiveRequest(this.mContext, brokerEvent);
            if (intentForBrokerActivityFromAccountManager == null) {
                Logger.e(TAG, "Received null intent from broker interactive request.", null, ADALError.BROKER_AUTHENTICATOR_NOT_RESPONDING);
                throw new AuthenticationException(ADALError.BROKER_AUTHENTICATOR_NOT_RESPONDING, "Received null intent from broker interactive request.");
            }
            intentForBrokerActivityFromAccountManager.putExtras(brokerOptions);
        } else {
            intentForBrokerActivityFromAccountManager = getIntentForBrokerActivityFromAccountManager(brokerOptions);
        }
        if (intentForBrokerActivityFromAccountManager != null) {
            intentForBrokerActivityFromAccountManager.putExtra("com.microsoft.aadbroker.adal.broker.request", "com.microsoft.aadbroker.adal.broker.request");
            if (!isBrokerWithPRTSupport(intentForBrokerActivityFromAccountManager) && PromptBehavior.FORCE_PROMPT == authenticationRequest.getPrompt()) {
                Logger.v("BrokerProxy:getIntentForBrokerActivity", "FORCE_PROMPT is set for broker auth via old version of broker app, reset to ALWAYS.");
                intentForBrokerActivityFromAccountManager.putExtra("account.prompt", PromptBehavior.Always.name());
            }
        }
        return intentForBrokerActivityFromAccountManager;
    }

    @Override // com.microsoft.aad.adal.IBrokerProxy
    public void removeAccounts() {
        new Thread(new Runnable() { // from class: com.microsoft.aad.adal.BrokerProxy.1
            @Override // java.lang.Runnable
            public void run() {
                if (BrokerProxy.this.isBrokerAccountServiceSupported()) {
                    BrokerAccountServiceHandler.getInstance().removeAccounts(BrokerProxy.this.mContext);
                } else {
                    BrokerProxy.this.removeAccountFromAccountManager();
                }
            }
        }).start();
    }

    @Override // com.microsoft.aad.adal.IBrokerProxy
    public void saveAccount(String str) {
        if (str == null || str.isEmpty()) {
            return;
        }
        SharedPreferencesFileManager sharedPreferencesFileManager = new SharedPreferencesFileManager(this.mContext, KEY_SHARED_PREF_ACCOUNT_LIST);
        String string = sharedPreferencesFileManager.getString(KEY_APP_ACCOUNTS_FOR_TOKEN_REMOVAL);
        if (string == null) {
            string = "";
        }
        if (string.contains("|" + str)) {
            return;
        }
        sharedPreferencesFileManager.putString(KEY_APP_ACCOUNTS_FOR_TOKEN_REMOVAL, string + "|" + str);
    }

    @Override // com.microsoft.aad.adal.IBrokerProxy
    public boolean verifyBrokerForSilentRequest(AuthenticationRequest authenticationRequest) throws AuthenticationException {
        SwitchToBroker canSwitchToBroker = canSwitchToBroker(authenticationRequest.getAuthority());
        if (canSwitchToBroker == SwitchToBroker.CAN_SWITCH_TO_BROKER) {
            return verifyUser(authenticationRequest.getLoginHint(), authenticationRequest.getUserId());
        }
        if (canSwitchToBroker != SwitchToBroker.NEED_PERMISSIONS_TO_SWITCH_TO_BROKER) {
            return false;
        }
        throw new UsageAuthenticationException(ADALError.DEVELOPER_BROKER_PERMISSIONS_MISSING, "Broker related permissions are missing for GET_ACCOUNTS");
    }

    public boolean verifyBrokerPermissionsAPI22AndLess() throws UsageAuthenticationException {
        StringBuilder sb = new StringBuilder();
        if (Build.VERSION.SDK_INT >= 23) {
            Logger.v(TAG, "Device runs on 23 and above, skip the check for 22 and below.");
            return true;
        }
        sb.append(checkPermission("android.permission.GET_ACCOUNTS"));
        sb.append(checkPermission("android.permission.MANAGE_ACCOUNTS"));
        sb.append(checkPermission("android.permission.USE_CREDENTIALS"));
        if (sb.length() == 0) {
            return true;
        }
        throw new UsageAuthenticationException(ADALError.DEVELOPER_BROKER_PERMISSIONS_MISSING, "Broker related permissions are missing for " + sb.toString());
    }

    @TargetApi(23)
    public boolean verifyBrokerPermissionsAPI23AndHigher() throws UsageAuthenticationException {
        StringBuilder sb = new StringBuilder();
        if (Build.VERSION.SDK_INT < 23) {
            Logger.v(TAG, "Device is lower than 23, skip the GET_ACCOUNTS permission check.");
            return true;
        }
        sb.append(checkPermission("android.permission.GET_ACCOUNTS"));
        if (sb.length() == 0) {
            return true;
        }
        throw new UsageAuthenticationException(ADALError.DEVELOPER_BROKER_PERMISSIONS_MISSING, "Broker related permissions are missing for " + sb.toString());
    }

    @Override // com.microsoft.aad.adal.IBrokerProxy
    public boolean verifyUser(String str, String str2) {
        if (isBrokerAccountServiceSupported()) {
            return true;
        }
        return checkAccount(this.mAcctManager, str, str2);
    }
}
