package com.microsoft.windowsintune.companyportal.authentication.aad;

import android.app.Activity;
import android.content.Context;
import android.content.Intent;
import android.content.pm.PackageInfo;
import android.content.pm.PackageManager;
import android.content.pm.Signature;
import android.util.Base64;
import com.microsoft.aad.adal.ADALError;
import com.microsoft.aad.adal.AuthenticationCallback;
import com.microsoft.aad.adal.AuthenticationContext;
import com.microsoft.aad.adal.AuthenticationException;
import com.microsoft.aad.adal.AuthenticationResult;
import com.microsoft.aad.adal.CrossProfileSerializer;
import com.microsoft.aad.adal.Logger;
import com.microsoft.identity.common.adal.internal.AuthenticationSettings;
import com.microsoft.identity.common.internal.logging.Logger;
import com.microsoft.intune.common.auth.datacomponent.implementation.SessionSettings;
import com.microsoft.intune.common.enrollment.datacomponent.implementation.EnrollmentSettings;
import com.microsoft.intune.common.enrollment.domain.IEnrollmentSettingsRepository;
import com.microsoft.intune.common.settings.DiagnosticSettings;
import com.microsoft.intune.common.settings.IDeploymentSettings;
import com.microsoft.intune.companyportal.common.utils.Consumer;
import com.microsoft.omadm.ShiftWorkerSettings;
import com.microsoft.windowsintune.companyportal.ServiceLocator;
import com.microsoft.windowsintune.companyportal.models.GraphToken;
import com.microsoft.windowsintune.companyportal.utils.AppUtils;
import com.microsoft.windowsintune.companyportal.utils.Delegate;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.spec.InvalidKeySpecException;
import java.text.MessageFormat;
import java.util.UUID;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.lang3.StringUtils;
import org.spongycastle.crypto.signers.PSSSigner;

/* loaded from: classes3.dex */
public class AdalContext {
    private static final int ADAL_CONNECT_TIMEOUT = 300000;
    private static final String AUTH_REDIRECT_WORKAROUND = "nux=1&msafed=0&haschrome=1&instance_aware=true";
    private static final Logger LOGGER = Logger.getLogger(AdalContext.class.getSimpleName());
    private static final int MAX_RETRY_COUNT = 2;
    private static final String PBE_ALGORITHM = "PBEWithSHA256And256BitAES-CBC-BC";
    private static final String REDIRECT_URI = "urn:ietf:wg:oauth:2.0:oob";
    private static final String SECRET_KEY_ALGORITHM = "AES";
    private final Context applicationContext;
    private AuthenticationContext authContext;
    private final String clientId;
    private final IDeploymentSettings deploymentSettings;
    private final Object syncLock = new Object();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes3.dex */
    public class AdalAuthenticationRetryCallback implements AuthenticationCallback<AuthenticationResult> {
        private final String aadUserId;
        private final Activity activity;
        private final String clientId;
        private final int initialTries;
        private final Delegate.Action1<Exception> onFailure;
        private final Delegate.Action1<AuthenticationResult> onSuccess;
        private int remainingRetries;
        private final String resourceId;
        private final String upn;

        AdalAuthenticationRetryCallback(Activity activity, String str, String str2, String str3, String str4, Delegate.Action1<AuthenticationResult> action1, Delegate.Action1<Exception> action12, int i) {
            this.activity = activity;
            this.resourceId = str;
            this.upn = str2;
            this.aadUserId = str3;
            this.clientId = str4;
            this.onSuccess = action1;
            this.onFailure = action12;
            i = StringUtils.isNotEmpty(str3) ? i + 1 : i;
            this.initialTries = i + 1;
            this.remainingRetries = i;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public void doAcquireTokenAsync() {
            AdalContext.LOGGER.info(MessageFormat.format("Acquiring token for resource id ''{0}''; attempt {1} of {2}.", this.resourceId, Integer.valueOf(this.initialTries - this.remainingRetries), Integer.valueOf(this.initialTries)));
            if (StringUtils.isNotEmpty(this.aadUserId) && this.remainingRetries + 1 == this.initialTries) {
                AdalContext.LOGGER.info(MessageFormat.format("Attempting silent token acquisition first for UserID: {0}.", this.aadUserId));
                AdalContext.this.authContext.acquireTokenSilentAsync(this.resourceId, this.clientId, this.aadUserId, this);
            } else {
                AdalContext.LOGGER.info(MessageFormat.format("Attempting interactive token acquisition for UPN: {0}", this.upn));
                AdalContext.this.authContext.acquireToken(this.activity, this.resourceId, this.clientId, "urn:ietf:wg:oauth:2.0:oob", this.upn, AdalContext.this.getWorkAroundString(), this);
            }
        }

        @Override // com.microsoft.aad.adal.AuthenticationCallback
        public void onError(Exception exc) {
            if (this.remainingRetries <= 0 || !AdalContext.isErrorRetryable(exc)) {
                this.onFailure.exec(exc);
            } else {
                this.remainingRetries--;
                doAcquireTokenAsync();
            }
        }

        @Override // com.microsoft.aad.adal.AuthenticationCallback
        public void onSuccess(AuthenticationResult authenticationResult) {
            this.onSuccess.exec(authenticationResult);
        }
    }

    public AdalContext(Context context, IDeploymentSettings iDeploymentSettings, EnrollmentSettings enrollmentSettings, DiagnosticSettings diagnosticSettings, SessionSettings sessionSettings, String str) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeySpecException {
        this.applicationContext = context;
        this.deploymentSettings = iDeploymentSettings;
        byte[] bArr = {-80, PSSSigner.TRAILER_IMPLICIT, 73, -83, -49, -37, 93, 81};
        byte[] byteArray = enrollmentSettings.getByteArray(EnrollmentSettings.AAD_SECRET_KEY_ENCODED, null);
        if (byteArray == null) {
            String string = enrollmentSettings.getString(EnrollmentSettings.AAD_SECRET_KEY_PASSWORD, "");
            if (StringUtils.isEmpty(string)) {
                string = UUID.randomUUID().toString();
            } else {
                enrollmentSettings.remove(EnrollmentSettings.AAD_SECRET_KEY_PASSWORD);
            }
            byteArray = new SecretKeySpec(SecretKeyFactory.getInstance(PBE_ALGORITHM).generateSecret(new PBEKeySpec(string.toCharArray(), bArr, 100, 256)).getEncoded(), "AES").getEncoded();
            enrollmentSettings.setByteArray(EnrollmentSettings.AAD_SECRET_KEY_ENCODED, byteArray);
            enrollmentSettings.commit();
        }
        if (!AppUtils.isProcess(context, AppUtils.BROKER_AUTH_PROCESS_NAME)) {
            AuthenticationSettings.INSTANCE.setSecretKey(byteArray);
        }
        String companyPortalSignature = getCompanyPortalSignature(context);
        if (StringUtils.equals(companyPortalSignature, iDeploymentSettings.getApkSigningCertificateSignature())) {
            companyPortalSignature = iDeploymentSettings.getApkSigningCertificateSignature();
        } else {
            LOGGER.warning("Initializing ADAL Context with Test Signatures. Broker auth to the Company Portal will probably fail.");
        }
        AuthenticationSettings.INSTANCE.setBrokerSignature(companyPortalSignature);
        AuthenticationSettings.INSTANCE.setBrokerPackageName(context.getPackageName());
        AuthenticationSettings.INSTANCE.setBrokerSignature(companyPortalSignature);
        AuthenticationSettings.INSTANCE.setBrokerPackageName(context.getPackageName());
        AuthenticationSettings.INSTANCE.setConnectTimeOut(ADAL_CONNECT_TIMEOUT);
        com.microsoft.aad.adal.Logger.getInstance().setExternalLogger(AppUtils.isProcess(context, AppUtils.OMADM_PROCESS_NAME) ? new AdalLoggerCallback(Level.INFO) : new AdalLoggerCallback());
        com.microsoft.identity.common.internal.logging.Logger.getInstance().setExternalLogger(new MSALCommonLoggerCallback(Logger.getLogger(MSALCommonLoggerCallback.class.getSimpleName())));
        boolean verboseLoggingEnabled = diagnosticSettings.getVerboseLoggingEnabled();
        if (iDeploymentSettings.isProductionBuild().booleanValue() || !verboseLoggingEnabled) {
            com.microsoft.aad.adal.Logger.getInstance().setLogLevel(Logger.LogLevel.Info);
            com.microsoft.identity.common.internal.logging.Logger.getInstance().setLogLevel(Logger.LogLevel.INFO);
        } else {
            com.microsoft.aad.adal.Logger.getInstance().setLogLevel(Logger.LogLevel.Verbose);
            com.microsoft.identity.common.internal.logging.Logger.getInstance().setLogLevel(Logger.LogLevel.VERBOSE);
        }
        com.microsoft.aad.adal.Logger.getInstance().setEnablePII(verboseLoggingEnabled);
        if (iDeploymentSettings.isProductionBuild().booleanValue()) {
            com.microsoft.aad.adal.Logger.getInstance().setAndroidLogEnabled(false);
            com.microsoft.identity.common.internal.logging.Logger.setAllowLogcat(false);
        } else {
            com.microsoft.aad.adal.Logger.getInstance().setAndroidLogEnabled(true);
            com.microsoft.identity.common.internal.logging.Logger.setAllowLogcat(true);
        }
        if (StringUtils.isNotBlank(str)) {
            LOGGER.info(MessageFormat.format("Configuring LoginAuthority with runtime value: {0}", str));
        } else if (StringUtils.isNotBlank(sessionSettings.getString(SessionSettings.AAD_LOGIN_AUTHORITY, ""))) {
            str = sessionSettings.getString(SessionSettings.AAD_LOGIN_AUTHORITY, "");
            LOGGER.info(MessageFormat.format("Configuring LoginAuthority with logged in user settings: {0}", str));
        } else {
            str = iDeploymentSettings.getAadAuthority();
        }
        this.authContext = new AuthenticationContext(context, str, iDeploymentSettings.getAadValidateAuthority().booleanValue());
        this.clientId = iDeploymentSettings.getAadClientId();
    }

    private String getAadUserId() {
        String userId = ((GraphToken) ServiceLocator.getInstance().get(GraphToken.class)).getUserId();
        if (StringUtils.isNotBlank(userId)) {
            return userId;
        }
        String string = ((SessionSettings) ServiceLocator.getInstance().get(SessionSettings.class)).getString(SessionSettings.AAD_USER_UNIQUE_ID, "");
        return StringUtils.isNotBlank(string) ? string : "";
    }

    private static String getCompanyPortalSignature(Context context) {
        try {
            PackageInfo packageInfo = context.getPackageManager().getPackageInfo(context.getPackageName(), 64);
            if (packageInfo == null || packageInfo.signatures == null || packageInfo.signatures.length != 1) {
                return null;
            }
            Signature signature = packageInfo.signatures[0];
            MessageDigest messageDigest = MessageDigest.getInstance("SHA");
            messageDigest.update(signature.toByteArray());
            return Base64.encodeToString(messageDigest.digest(), 2);
        } catch (PackageManager.NameNotFoundException unused) {
            LOGGER.severe("Company Portal could not find its Signature");
            return null;
        } catch (NoSuchAlgorithmException unused2) {
            LOGGER.severe("Company Portal doesn't have algorithm to calculate its own signature");
            return null;
        }
    }

    private String getUserPrincipalNameHint() {
        String displayId = ((GraphToken) ServiceLocator.getInstance().get(GraphToken.class)).getDisplayId();
        if (StringUtils.isNotBlank(displayId)) {
            return displayId;
        }
        String string = ((SessionSettings) ServiceLocator.getInstance().get(SessionSettings.class)).getString(SessionSettings.AAD_USER_PRINCIPAL_NAME, "");
        return StringUtils.isNotBlank(string) ? string : "";
    }

    /* JADX INFO: Access modifiers changed from: private */
    public String getWorkAroundString() {
        ServiceLocator serviceLocator = ServiceLocator.getInstance();
        ShiftWorkerSettings shiftWorkerSettings = (ShiftWorkerSettings) serviceLocator.get(ShiftWorkerSettings.class);
        if (IDeploymentSettings.DataPlugin.SERVICE_SIMULATOR == this.deploymentSettings.getDataPlugin() && shiftWorkerSettings.isShiftWorkerModeEnabled()) {
            return "nux=1&msafed=0&haschrome=1&instance_aware=true&multiuser=true";
        }
        if (!((IEnrollmentSettingsRepository) serviceLocator.get(IEnrollmentSettingsRepository.class)).getEnrollOnIpPhone()) {
            return AUTH_REDIRECT_WORKAROUND;
        }
        return "nux=1&msafed=0&haschrome=1&instance_aware=true&cobrandid=" + this.deploymentSettings.getIpPhoneCoBrandId();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static boolean isErrorRetryable(Exception exc) {
        if (!(exc instanceof AuthenticationException)) {
            LOGGER.log(Level.WARNING, "A non-retryable error occurred while trying to acquire tokens from AAD.", (Throwable) exc);
            return false;
        }
        AuthenticationException authenticationException = (AuthenticationException) exc;
        boolean z = authenticationException.getCode() == ADALError.IO_EXCEPTION || authenticationException.getCode() == ADALError.SERVER_ERROR || authenticationException.getCode() == ADALError.AUTH_REFRESH_FAILED_PROMPT_NOT_ALLOWED;
        java.util.logging.Logger logger = LOGGER;
        Object[] objArr = new Object[2];
        objArr[0] = z ? "" : "non-";
        objArr[1] = authenticationException.getCode();
        logger.warning(MessageFormat.format("A {0}retryable error occurred while trying to acquire tokens from AAD. Error code: {1}.", objArr));
        return z;
    }

    private void setNewCorrelationId() {
        this.authContext.setRequestCorrelationId(UUID.randomUUID());
    }

    public void acquireTokenAsync(String str, Activity activity, Delegate.Action1<AuthenticationResult> action1, Delegate.Action1<Exception> action12) {
        acquireTokenAsync(str, activity, action1, action12, getUserPrincipalNameHint());
    }

    public void acquireTokenAsync(String str, Activity activity, Delegate.Action1<AuthenticationResult> action1, Delegate.Action1<Exception> action12, String str2) {
        acquireTokenAsync(str, activity, action1, action12, str2, this.clientId);
    }

    public void acquireTokenAsync(String str, Activity activity, Delegate.Action1<AuthenticationResult> action1, Delegate.Action1<Exception> action12, String str2, String str3) {
        setNewCorrelationId();
        LOGGER.info(MessageFormat.format("Calling acquireToken for resource [{0}] using client id [{1}].", str, str3));
        new AdalAuthenticationRetryCallback(activity, str, str2, getAadUserId(), str3, action1, action12, 2).doAcquireTokenAsync();
    }

    public void acquireTokenSilentAsync(String str, Consumer<AuthenticationResult> consumer, Consumer<Exception> consumer2) {
        acquireTokenSilentAsync(str, getAadUserId(), consumer, consumer2);
    }

    public void acquireTokenSilentAsync(String str, String str2, final Consumer<AuthenticationResult> consumer, final Consumer<Exception> consumer2) {
        this.authContext.acquireTokenSilentAsync(str, this.clientId, str2, new AuthenticationCallback<AuthenticationResult>() { // from class: com.microsoft.windowsintune.companyportal.authentication.aad.AdalContext.1
            @Override // com.microsoft.aad.adal.AuthenticationCallback
            public void onError(Exception exc) {
                consumer2.accept(exc);
            }

            @Override // com.microsoft.aad.adal.AuthenticationCallback
            public void onSuccess(AuthenticationResult authenticationResult) {
                consumer.accept(authenticationResult);
            }
        });
    }

    public void clearCache() {
        this.authContext.getCache().removeAll();
    }

    public void deserializeFoCIAuthState(String str) {
        try {
            CrossProfileSerializer.deserialize(this.authContext, str);
        } catch (AuthenticationException e) {
            LOGGER.log(Level.SEVERE, "Deserialize threw an exception.", (Throwable) e);
        }
    }

    public String getCorrelationId() {
        return this.authContext.getRequestCorrelationId().toString();
    }

    public String getLoginAuthority() {
        AuthenticationContext authenticationContext = this.authContext;
        if (authenticationContext != null) {
            return authenticationContext.getAuthority();
        }
        return null;
    }

    public void onActivityResult(int i, int i2, Intent intent) {
        this.authContext.onActivityResult(i, i2, intent);
    }

    public String serializeFoCIAuthState(String str) {
        try {
            return CrossProfileSerializer.serialize(this.authContext, str);
        } catch (AuthenticationException e) {
            LOGGER.log(Level.SEVERE, "FoCI Token serialize threw an exception", (Throwable) e);
            return "";
        }
    }

    public void setLoginAuthority(String str) {
        synchronized (this.syncLock) {
            LOGGER.info(MessageFormat.format("Updating ADAL Login Authority to: {0}", str));
            this.authContext = new AuthenticationContext(this.applicationContext, str, this.deploymentSettings.getAadValidateAuthority().booleanValue());
        }
    }
}
