package com.microsoft.windowsintune.companyportal.authentication.aad;

import android.app.Activity;
import android.content.Context;
import android.os.Build;
import com.android.volley.VolleyError;
import com.microsoft.aad.adal.ADALError;
import com.microsoft.aad.adal.AuthenticationException;
import com.microsoft.intune.common.domain.IPackagesInfo;
import com.microsoft.intune.common.settings.IDeploymentSettings;
import com.microsoft.intune.common.utils.ActionUtils;
import com.microsoft.intune.common.utils.ExceptionUtils;
import com.microsoft.intune.companyportal.apk.domain.Version;
import com.microsoft.intune.companyportal.common.domain.authentication.IntuneTokenConversionException;
import com.microsoft.windowsintune.companyportal.NavigationService;
import com.microsoft.windowsintune.companyportal.R;
import com.microsoft.windowsintune.companyportal.ServiceLocator;
import com.microsoft.windowsintune.companyportal.exceptions.AadAuthenticationException;
import com.microsoft.windowsintune.companyportal.exceptions.LocationServiceException;
import com.microsoft.windowsintune.companyportal.exceptions.VersionNegotiationException;
import com.microsoft.windowsintune.companyportal.models.ISSPVersionRepository;
import com.microsoft.windowsintune.companyportal.utils.CertUtils;
import com.microsoft.windowsintune.companyportal.utils.CommonDeviceActions;
import com.microsoft.windowsintune.companyportal.utils.Delegate;
import com.microsoft.windowsintune.companyportal.viewmodels.IAadAuthenticationViewModel;
import com.microsoft.windowsintune.companyportal.views.dialogs.SspDialogFactory;
import java.net.ConnectException;
import java.text.MessageFormat;
import java.util.concurrent.ExecutionException;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.json.JSONException;

/* loaded from: classes.dex */
public class AuthenticationErrorDialog {
    static final String ANDROID_SYSTEM_WEB_VIEW = "com.google.android.webview";
    static final String CHROME = "com.android.chrome";
    private static final int HTTP_FORBIDDEN = 403;
    private static final Logger LOGGER = Logger.getLogger(AuthenticationErrorDialog.class.getName());
    private static final int MIN_ANDROID_SYSTEM_WEB_VIEW_VERSION_CODE = 288309100;
    private static final int MIN_CHROME_VERSION_CODE = 288309101;
    private final IAadAuthenticationViewModel.AuthenticationState authState;
    private Context context;
    private final DialogType dialogType;
    private int messageResourceId;
    private final String[] noConnectionErrors = {"Connection is not available", "Error Code:-6", "ENETUNREACH (Network is unreachable)", "Socket is closed", "Connection closed by peer", "Connection reset by peer", "Error Code:-8", "isConnected failed: ETIMEDOUT", "Read timed out", "timeout", "com.android.volley.TimeoutError", "SSL handshake timed", "Status code:503", "Connection timed out", "Error Code:-2", "java.net.UnknownHostException: Unable to resolve host", "Hostname 'login.windows.net' was not verified", "EHOSTUNREACH (No route to host)", "not verified:     certificate", "ERR_NAME_NOT_RESOLVED"};
    private final IPackagesInfo packagesInfo;
    private int titleResourceId;
    private String url;

    /* loaded from: classes.dex */
    private enum DialogType {
        Certificate,
        MessageWithPositiveOk,
        MessageWithHelpAndOk,
        UpdateWebView,
        UpdateCompanyPortal
    }

    public AuthenticationErrorDialog(AadAuthenticationException aadAuthenticationException, Context context, IPackagesInfo iPackagesInfo) {
        this.packagesInfo = iPackagesInfo;
        if (aadAuthenticationException == null || context == null) {
            LOGGER.warning(MessageFormat.format("Falling back to default error dialog due to null parameter. Exception {0}. Context {1}", aadAuthenticationException, context));
            this.authState = IAadAuthenticationViewModel.AuthenticationState.FailedToAcquireTokens;
            this.messageResourceId = R.string.LoginFailed;
            this.dialogType = DialogType.MessageWithPositiveOk;
            return;
        }
        this.context = context;
        if ((aadAuthenticationException.getCause() instanceof AuthenticationException) && ((AuthenticationException) aadAuthenticationException.getCause()).getCode() == ADALError.DEVICE_CONNECTION_IS_NOT_AVAILABLE) {
            LOGGER.severe("Authentication failed. Adal detects there is no network connection.");
            this.authState = IAadAuthenticationViewModel.AuthenticationState.FailedToAcquireTokens;
            this.messageResourceId = R.string.ConnectionErrorMessage;
            this.dialogType = DialogType.MessageWithPositiveOk;
            return;
        }
        if (!CommonDeviceActions.isNetworkConnected(context)) {
            LOGGER.severe("Authentication failed. There is no network connection.");
            this.authState = IAadAuthenticationViewModel.AuthenticationState.FailedToAcquireTokens;
            this.messageResourceId = R.string.ConnectionErrorMessage;
            this.dialogType = DialogType.MessageWithPositiveOk;
            return;
        }
        if (ExceptionUtils.anyExceptionInstanceOf(aadAuthenticationException, ConnectException.class)) {
            LOGGER.severe("Socket connection failed, this is usually due to denied network permission on Redmi devices.");
            this.authState = IAadAuthenticationViewModel.AuthenticationState.FailedToAcquireTokens;
            this.messageResourceId = R.string.ConnectionErrorRedmiPermissionMessage;
            this.dialogType = DialogType.MessageWithPositiveOk;
            return;
        }
        if (!CertUtils.isBaltimoreCertificateTrusted(true) && isBaltimoreCertRequiredByAuthorityServer()) {
            LOGGER.severe("Authentication failed. Baltimore certificate is not trusted on the device.");
            this.authState = IAadAuthenticationViewModel.AuthenticationState.FailedToAcquireTokens;
            this.url = ((IDeploymentSettings) ServiceLocator.getInstance().get(IDeploymentSettings.class)).getBaltimoreCertificateMissingHelpUrl();
            this.dialogType = DialogType.Certificate;
            return;
        }
        if (ExceptionUtils.anyMessageContains(aadAuthenticationException, "Code:-11 primary error: 3") || ExceptionUtils.anyMessageContains(aadAuthenticationException, "java.security.cert.CertPathValidatorException: Trust anchor for certification path not found")) {
            LOGGER.severe("Authentication failed. The device does not recognize a root authority.");
            this.authState = IAadAuthenticationViewModel.AuthenticationState.FailedToAcquireTokens;
            this.url = ((IDeploymentSettings) ServiceLocator.getInstance().get(IDeploymentSettings.class)).getGenericCertificateMissingHelpUrl();
            this.dialogType = DialogType.Certificate;
            return;
        }
        if (ExceptionUtils.anyMessageContains(aadAuthenticationException, "Code:-11 primary error: 4")) {
            LOGGER.severe("Authentication failed. Invalid certificate date.");
            this.authState = IAadAuthenticationViewModel.AuthenticationState.FailedToAcquireTokens;
            this.messageResourceId = R.string.CertificateDateInvalid;
            this.dialogType = DialogType.MessageWithPositiveOk;
            return;
        }
        if (ExceptionUtils.anyMessageContains(aadAuthenticationException, "Connection refused")) {
            LOGGER.severe("Authentication failed. The connection was refused.");
            this.authState = IAadAuthenticationViewModel.AuthenticationState.FailedToAcquireTokens;
            this.messageResourceId = R.string.ConnectionRefused;
            this.dialogType = DialogType.MessageWithPositiveOk;
            return;
        }
        if (ExceptionUtils.anyMessageContains(aadAuthenticationException, "Error Code:-5 net::ERR_PROXY_CONNECTION_FAILED") || ExceptionUtils.anyMessageContains(aadAuthenticationException, "Code:-11 primary error: 2")) {
            LOGGER.severe("Authentication failed. A proxy caused a connection failure.");
            this.authState = IAadAuthenticationViewModel.AuthenticationState.FailedToAcquireTokens;
            this.messageResourceId = R.string.ProxyConnectionFailed;
            this.dialogType = DialogType.MessageWithPositiveOk;
            return;
        }
        if (ExceptionUtils.anyMessageContains(aadAuthenticationException, "Code:-11 primary error: 5")) {
            if (Build.VERSION.SDK_INT < 24 || !this.packagesInfo.isAppInstalled(CHROME)) {
                if (this.packagesInfo.packageVersion(ANDROID_SYSTEM_WEB_VIEW).intValue() < MIN_ANDROID_SYSTEM_WEB_VIEW_VERSION_CODE) {
                    LOGGER.severe("Authentication failed. The Android System Web View needs to be updated.");
                    this.authState = IAadAuthenticationViewModel.AuthenticationState.FailedToAcquireTokens;
                    this.messageResourceId = R.string.UpdateSystemWebView;
                    this.url = ((IDeploymentSettings) ServiceLocator.getInstance().get(IDeploymentSettings.class)).getUpdateSystemWebViewUrl();
                    this.dialogType = DialogType.UpdateWebView;
                    return;
                }
            } else if (this.packagesInfo.packageVersion(CHROME).intValue() < MIN_CHROME_VERSION_CODE) {
                LOGGER.severe("Authentication failed. Chrome needs to be updated.");
                this.authState = IAadAuthenticationViewModel.AuthenticationState.FailedToAcquireTokens;
                this.messageResourceId = R.string.UpdateChrome;
                this.url = ((IDeploymentSettings) ServiceLocator.getInstance().get(IDeploymentSettings.class)).getUpdateChromeUrl();
                this.dialogType = DialogType.UpdateWebView;
                return;
            }
        }
        if (aadAuthenticationException.getCause() instanceof IntuneTokenConversionException) {
            IntuneTokenConversionException intuneTokenConversionException = (IntuneTokenConversionException) aadAuthenticationException.getCause();
            if (intuneTokenConversionException.get_errorCause() == IntuneTokenConversionException.ErrorCauseHint.AccountDisabled || intuneTokenConversionException.get_errorCause() == IntuneTokenConversionException.ErrorCauseHint.UserDisabled) {
                this.authState = IAadAuthenticationViewModel.AuthenticationState.STSAccountDisabled;
                this.messageResourceId = R.string.IntuneUserOrAccountDisabledError;
                this.dialogType = DialogType.MessageWithPositiveOk;
                return;
            }
            if (intuneTokenConversionException.get_errorCause() == IntuneTokenConversionException.ErrorCauseHint.AccountInMaintenance) {
                this.authState = IAadAuthenticationViewModel.AuthenticationState.AccountInMaintenance;
                this.messageResourceId = R.string.IntuneServiceMaintenanceError;
                this.dialogType = DialogType.MessageWithPositiveOk;
                return;
            } else {
                if (intuneTokenConversionException.get_errorCause() == IntuneTokenConversionException.ErrorCauseHint.UserUnknown) {
                    this.authState = IAadAuthenticationViewModel.AuthenticationState.STSUserUnknown;
                    this.titleResourceId = R.string.IntuneUserUnknownErrorTitle;
                    this.messageResourceId = R.string.IntuneUserUnknownErrorMessage;
                    this.dialogType = DialogType.MessageWithHelpAndOk;
                    return;
                }
                if (intuneTokenConversionException.getCause() instanceof VolleyError) {
                    VolleyError volleyError = (VolleyError) intuneTokenConversionException.getCause();
                    if (volleyError.networkResponse != null && volleyError.networkResponse.statusCode == HTTP_FORBIDDEN) {
                        this.authState = IAadAuthenticationViewModel.AuthenticationState.STSUserUnknown;
                        this.titleResourceId = R.string.IntuneUserUnknownErrorTitle;
                        this.messageResourceId = R.string.IntuneUserUnknownErrorMessage;
                        this.dialogType = DialogType.MessageWithHelpAndOk;
                        return;
                    }
                }
            }
        }
        if (isNetworkError(aadAuthenticationException)) {
            LOGGER.severe("Authentication failed. The error is a network error.");
            this.authState = IAadAuthenticationViewModel.AuthenticationState.FailedToAcquireTokens;
            this.messageResourceId = R.string.ConnectionErrorMessage;
            this.dialogType = DialogType.MessageWithPositiveOk;
            return;
        }
        if (aadAuthenticationException.getCause() instanceof VersionNegotiationException) {
            this.authState = IAadAuthenticationViewModel.AuthenticationState.FailedToNegotiateVersions;
            this.messageResourceId = R.string.LoginFailed;
            this.dialogType = DialogType.MessageWithPositiveOk;
        } else if (isCurrentVersionLessThanRecommended()) {
            this.authState = IAadAuthenticationViewModel.AuthenticationState.FailedToAcquireTokens;
            this.messageResourceId = R.string.UpdateCompanyPortalText;
            this.dialogType = DialogType.UpdateCompanyPortal;
        } else {
            this.authState = IAadAuthenticationViewModel.AuthenticationState.FailedToAcquireTokens;
            this.messageResourceId = R.string.LoginFailed;
            this.dialogType = DialogType.MessageWithPositiveOk;
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:14:0x00a0, code lost:
    
        if (r4 == null) goto L31;
     */
    /* JADX WARN: Code restructure failed: missing block: B:32:0x0093, code lost:
    
        if (r4 != null) goto L27;
     */
    /* JADX WARN: Code restructure failed: missing block: B:4:0x0047, code lost:
    
        if (r4 != null) goto L27;
     */
    /* JADX WARN: Code restructure failed: missing block: B:5:0x00a3, code lost:
    
        return false;
     */
    /* JADX WARN: Code restructure failed: missing block: B:7:0x0095, code lost:
    
        r4.close();
     */
    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private boolean isBaltimoreCertRequiredByAuthorityServer() {
        /*
            r7 = this;
            com.microsoft.windowsintune.companyportal.ServiceLocator r0 = com.microsoft.windowsintune.companyportal.ServiceLocator.getInstance()
            java.lang.Class<com.microsoft.intune.common.settings.IDeploymentSettings> r1 = com.microsoft.intune.common.settings.IDeploymentSettings.class
            java.lang.Object r0 = r0.get(r1)
            com.microsoft.intune.common.settings.IDeploymentSettings r0 = (com.microsoft.intune.common.settings.IDeploymentSettings) r0
            java.lang.String r0 = r0.getAadAuthority()
            okhttp3.Request$Builder r1 = new okhttp3.Request$Builder
            r1.<init>()
            okhttp3.Request$Builder r1 = r1.url(r0)
            okhttp3.Request r1 = r1.build()
            r2 = 1
            r3 = 0
            r4 = 0
            com.microsoft.intune.common.http.AbstractHttpClientFactory r0 = com.microsoft.intune.common.http.AbstractHttpClientFactory.createByUri(r0)     // Catch: java.lang.Throwable -> L4a java.io.IOException -> L4c com.microsoft.intune.common.exception.MdmException -> L99
            okhttp3.OkHttpClient r0 = r0.create()     // Catch: java.lang.Throwable -> L4a java.io.IOException -> L4c com.microsoft.intune.common.exception.MdmException -> L99
            okhttp3.Call r0 = r0.newCall(r1)     // Catch: java.lang.Throwable -> L4a java.io.IOException -> L4c com.microsoft.intune.common.exception.MdmException -> L99
            okhttp3.Response r4 = r0.execute()     // Catch: java.lang.Throwable -> L4a java.io.IOException -> L4c com.microsoft.intune.common.exception.MdmException -> L99
            java.util.logging.Logger r0 = com.microsoft.windowsintune.companyportal.authentication.aad.AuthenticationErrorDialog.LOGGER     // Catch: java.lang.Throwable -> L4a java.io.IOException -> L4c com.microsoft.intune.common.exception.MdmException -> L99
            java.lang.String r1 = "Connected to authority server and got response status code: {0}."
            java.lang.Object[] r5 = new java.lang.Object[r2]     // Catch: java.lang.Throwable -> L4a java.io.IOException -> L4c com.microsoft.intune.common.exception.MdmException -> L99
            int r6 = r4.code()     // Catch: java.lang.Throwable -> L4a java.io.IOException -> L4c com.microsoft.intune.common.exception.MdmException -> L99
            java.lang.Integer r6 = java.lang.Integer.valueOf(r6)     // Catch: java.lang.Throwable -> L4a java.io.IOException -> L4c com.microsoft.intune.common.exception.MdmException -> L99
            r5[r3] = r6     // Catch: java.lang.Throwable -> L4a java.io.IOException -> L4c com.microsoft.intune.common.exception.MdmException -> L99
            java.lang.String r1 = java.text.MessageFormat.format(r1, r5)     // Catch: java.lang.Throwable -> L4a java.io.IOException -> L4c com.microsoft.intune.common.exception.MdmException -> L99
            r0.info(r1)     // Catch: java.lang.Throwable -> L4a java.io.IOException -> L4c com.microsoft.intune.common.exception.MdmException -> L99
            if (r4 == 0) goto La3
            goto L95
        L4a:
            r0 = move-exception
            goto La4
        L4c:
            r0 = move-exception
            boolean r1 = r0 instanceof javax.net.ssl.SSLHandshakeException     // Catch: java.lang.Throwable -> L4a
            if (r1 == 0) goto L93
            java.lang.Throwable r1 = r0.getCause()     // Catch: java.lang.Throwable -> L4a
            boolean r1 = r1 instanceof java.security.cert.CertificateException     // Catch: java.lang.Throwable -> L4a
            if (r1 == 0) goto L93
            java.lang.Throwable r1 = r0.getCause()     // Catch: java.lang.Throwable -> L4a
            java.lang.Throwable r1 = r1.getCause()     // Catch: java.lang.Throwable -> L4a
            boolean r1 = r1 instanceof java.security.cert.CertPathValidatorException     // Catch: java.lang.Throwable -> L4a
            if (r1 == 0) goto L93
            java.lang.Throwable r0 = r0.getCause()     // Catch: java.lang.Throwable -> L4a
            java.lang.Throwable r0 = r0.getCause()     // Catch: java.lang.Throwable -> L4a
            java.security.cert.CertPathValidatorException r0 = (java.security.cert.CertPathValidatorException) r0     // Catch: java.lang.Throwable -> L4a
            java.security.cert.CertPath r0 = r0.getCertPath()     // Catch: java.lang.Throwable -> L4a
            if (r0 == 0) goto L8c
            java.lang.String r1 = r0.toString()     // Catch: java.lang.Throwable -> L4a
            boolean r1 = r1.isEmpty()     // Catch: java.lang.Throwable -> L4a
            if (r1 != 0) goto L8c
            java.lang.String r0 = r0.toString()     // Catch: java.lang.Throwable -> L4a
            java.lang.String r1 = "CN=Baltimore CyberTrust Root"
            boolean r0 = r0.contains(r1)     // Catch: java.lang.Throwable -> L4a
            if (r0 == 0) goto L8c
            goto L8d
        L8c:
            r2 = 0
        L8d:
            if (r4 == 0) goto L92
            r4.close()
        L92:
            return r2
        L93:
            if (r4 == 0) goto La3
        L95:
            r4.close()
            goto La3
        L99:
            java.util.logging.Logger r0 = com.microsoft.windowsintune.companyportal.authentication.aad.AuthenticationErrorDialog.LOGGER     // Catch: java.lang.Throwable -> L4a
            java.lang.String r1 = "Could not create an HTTP client, assuming Baltimore is not required"
            r0.warning(r1)     // Catch: java.lang.Throwable -> L4a
            if (r4 == 0) goto La3
            goto L95
        La3:
            return r3
        La4:
            if (r4 == 0) goto La9
            r4.close()
        La9:
            throw r0
            return
        */
        throw new UnsupportedOperationException("Method not decompiled: com.microsoft.windowsintune.companyportal.authentication.aad.AuthenticationErrorDialog.isBaltimoreCertRequiredByAuthorityServer():boolean");
    }

    private boolean isCurrentVersionLessThanRecommended() {
        try {
            return new Version(this.packagesInfo.packageVersionName(this.context.getPackageName())).isLessThan(new Version(((ISSPVersionRepository) ServiceLocator.getInstance().get(ISSPVersionRepository.class)).getRecommendedSSPVersionSync().getRecommendedSSPVersion()));
        } catch (LocationServiceException e) {
            LOGGER.log(Level.SEVERE, "Location service could not find the URL for IWS.", (Throwable) e);
            return false;
        } catch (VersionNegotiationException e2) {
            LOGGER.log(Level.SEVERE, "IWS API version could not be resolved", (Throwable) e2);
            return false;
        } catch (InterruptedException e3) {
            e = e3;
            LOGGER.log(Level.SEVERE, "The call to IWS failed or the response could not be received.", e);
            return false;
        } catch (NumberFormatException e4) {
            LOGGER.log(Level.SEVERE, "Invalid version.", (Throwable) e4);
            return false;
        } catch (ExecutionException e5) {
            e = e5;
            LOGGER.log(Level.SEVERE, "The call to IWS failed or the response could not be received.", e);
            return false;
        } catch (JSONException e6) {
            LOGGER.log(Level.SEVERE, "The response JSON object could not be deserialized.", (Throwable) e6);
            return false;
        } catch (Exception e7) {
            LOGGER.log(Level.SEVERE, "Unknown exception occurred while trying to get the recommended SSP Version.", (Throwable) e7);
            return false;
        }
    }

    private boolean isNetworkError(Throwable th) {
        for (String str : this.noConnectionErrors) {
            if (ExceptionUtils.anyMessageContains(th, str)) {
                return true;
            }
        }
        return false;
    }

    public void display(final Activity activity, Delegate.Action0 action0) {
        switch (this.dialogType) {
            case Certificate:
                SspDialogFactory.showCertificateMissingErrorDialog(activity, this.url, action0);
                return;
            case UpdateWebView:
                SspDialogFactory.showWebViewUpdateDialog(activity, this.messageResourceId, this.url, action0);
                return;
            case UpdateCompanyPortal:
                SspDialogFactory.showCompanyPortalUpdateDialog(activity, this.messageResourceId, new Delegate.Action0() { // from class: com.microsoft.windowsintune.companyportal.authentication.aad.AuthenticationErrorDialog.1
                    @Override // com.microsoft.windowsintune.companyportal.utils.Delegate.Action0
                    public void exec() {
                        NavigationService.displayWelcome(true);
                        Activity activity2 = activity;
                        ActionUtils.displayPlayStoreAppDetail(activity2, activity2.getPackageName(), false);
                    }
                });
                return;
            case MessageWithHelpAndOk:
                SspDialogFactory.showGenericGetHelpAndOkErrorDialog(activity, this.titleResourceId, this.messageResourceId, action0, new Delegate.Action0() { // from class: com.microsoft.windowsintune.companyportal.authentication.aad.AuthenticationErrorDialog.2
                    @Override // com.microsoft.windowsintune.companyportal.utils.Delegate.Action0
                    public void exec() {
                        NavigationService.displayWelcome(true);
                    }
                });
                return;
            default:
                SspDialogFactory.showGenericAuthenticationErrorDialog(activity, this.messageResourceId, action0);
                return;
        }
    }

    public IAadAuthenticationViewModel.AuthenticationState getState() {
        return this.authState;
    }
}
