package com.microsoft.intune.mam.client.app.startup;

import android.annotation.TargetApi;
import android.app.Activity;
import android.app.AlertDialog;
import android.app.Dialog;
import android.app.Fragment;
import android.content.Context;
import android.content.DialogInterface;
import android.content.Intent;
import android.content.res.Resources;
import android.net.Uri;
import android.os.Build;
import com.microsoft.aad.adal.ADALError;
import com.microsoft.aad.adal.AuthenticationCallback;
import com.microsoft.aad.adal.AuthenticationCancelError;
import com.microsoft.aad.adal.AuthenticationContext;
import com.microsoft.aad.adal.AuthenticationException;
import com.microsoft.aad.adal.AuthenticationResult;
import com.microsoft.aad.adal.AuthenticationSettings;
import com.microsoft.aad.adal.MemoryTokenCacheStore;
import com.microsoft.aad.adal.PromptBehavior;
import com.microsoft.aad.adal.UserInfo;
import com.microsoft.intune.mam.client.MAMInfo;
import com.microsoft.intune.mam.client.app.ADALConnectionDetailsResolver;
import com.microsoft.intune.mam.client.app.startup.PermissionManager;
import com.microsoft.intune.mam.client.ipcclient.MAMClientImpl;
import com.microsoft.intune.mam.internal.R;
import com.microsoft.intune.mam.log.MAMLogger;
import com.microsoft.intune.mam.log.MAMLoggerProvider;
import java.security.NoSuchAlgorithmException;
import java.util.UUID;
import java.util.logging.Level;
import javax.crypto.NoSuchPaddingException;

/* loaded from: classes.dex */
public class ADALUserAuthentication {
    private static final String AUTH_EXTRAS = "msafed=0";
    private static final MAMLogger LOGGER = MAMLoggerProvider.getLogger((Class<?>) ADALUserAuthentication.class);
    private final ADALConnectionDetailsResolver mADALDetailsResolver;
    AuthenticationContext mAuthContext;
    private final MAMClientImpl mClient;
    ADALConnectionDetails mConnectionDetails;
    private final Context mContext;
    private boolean mInitialized = false;
    private boolean mRequireSpecificUser = true;
    private final Resources mResources;
    boolean mUsingBroker;

    /* loaded from: classes.dex */
    public interface Callback {
        void onAuthenticationFailure(FailureReason failureReason);

        void onAuthenticationSuccess(AuthenticationResult authenticationResult);
    }

    /* loaded from: classes.dex */
    public enum FailureReason {
        UNKNOWN_ERROR,
        CANCELED,
        WRONG_USER,
        NO_CONNECTION,
        NOT_NEEDED
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public static class UserAuthenticationCallback implements AuthenticationCallback<AuthenticationResult> {
        private final Callback mCallback;
        private final String mTag;
        private final String mUpn;

        public UserAuthenticationCallback(Callback callback, String str, String str2) {
            this.mCallback = callback;
            this.mUpn = str;
            this.mTag = str2;
        }

        private void onPossibleAuthenticationSuccess(AuthenticationResult authenticationResult) {
            if (authenticationResult.getAccessToken() == null || authenticationResult.getAccessToken().isEmpty()) {
                ADALUserAuthentication.LOGGER.warning("ADAL reported success but did not return an access token.");
            }
            UserInfo userInfo = authenticationResult.getUserInfo();
            if (userInfo == null || !(this.mUpn == null || this.mUpn.equalsIgnoreCase(userInfo.getDisplayableId()))) {
                this.mCallback.onAuthenticationFailure(FailureReason.WRONG_USER);
            } else {
                this.mCallback.onAuthenticationSuccess(authenticationResult);
            }
        }

        public boolean equals(Object obj) {
            if (this == obj) {
                return true;
            }
            if (obj != null && getClass() == obj.getClass()) {
                UserAuthenticationCallback userAuthenticationCallback = (UserAuthenticationCallback) obj;
                return this.mTag == null ? userAuthenticationCallback.mTag == null : this.mTag.equals(userAuthenticationCallback.mTag);
            }
            return false;
        }

        public int hashCode() {
            return (this.mTag == null ? 0 : this.mTag.hashCode()) + 31;
        }

        @Override // com.microsoft.aad.adal.AuthenticationCallback
        public void onError(Exception exc) {
            ADALUserAuthentication.LOGGER.log(Level.SEVERE, "ADAL failed to authenticate", (Throwable) exc);
            if (exc instanceof AuthenticationException) {
                ADALError code = ((AuthenticationException) exc).getCode();
                if (code == ADALError.AUTH_FAILED_USER_MISMATCH) {
                    this.mCallback.onAuthenticationFailure(FailureReason.WRONG_USER);
                    return;
                } else if (code == ADALError.DEVICE_CONNECTION_IS_NOT_AVAILABLE) {
                    this.mCallback.onAuthenticationFailure(FailureReason.NO_CONNECTION);
                    return;
                }
            }
            if (!(exc instanceof AuthenticationCancelError)) {
                this.mCallback.onAuthenticationFailure(FailureReason.UNKNOWN_ERROR);
            } else {
                ADALUserAuthentication.LOGGER.log(Level.WARNING, "ADALError on AuthenticationCancellError is " + ((AuthenticationCancelError) exc).getCode().name());
                this.mCallback.onAuthenticationFailure(FailureReason.CANCELED);
            }
        }

        @Override // com.microsoft.aad.adal.AuthenticationCallback
        public void onSuccess(AuthenticationResult authenticationResult) {
            ADALUserAuthentication.LOGGER.fine("UserAuthenticationCallback.onSuccess " + authenticationResult);
            if (authenticationResult == null || authenticationResult.getStatus() == null) {
                this.mCallback.onAuthenticationFailure(FailureReason.UNKNOWN_ERROR);
                return;
            }
            ADALUserAuthentication.LOGGER.fine("UserAuthenticationCallback.onSuccess with status " + authenticationResult.getStatus());
            switch (authenticationResult.getStatus()) {
                case Succeeded:
                    onPossibleAuthenticationSuccess(authenticationResult);
                    return;
                case Cancelled:
                    this.mCallback.onAuthenticationFailure(FailureReason.CANCELED);
                    return;
                default:
                    this.mCallback.onAuthenticationFailure(FailureReason.UNKNOWN_ERROR);
                    return;
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ADALUserAuthentication(Context context, Resources resources, MAMClientImpl mAMClientImpl, ADALConnectionDetailsResolver aDALConnectionDetailsResolver) {
        this.mContext = context;
        this.mResources = resources;
        this.mClient = mAMClientImpl;
        this.mADALDetailsResolver = aDALConnectionDetailsResolver;
    }

    @TargetApi(23)
    private boolean brokerPermissionIsNeeded() {
        return this.mContext.checkSelfPermission(PermissionManager.PERMISSION_GET_ACCOUNTS) == -1;
    }

    private AuthenticationContext createAuthContext() throws NoSuchPaddingException, NoSuchAlgorithmException {
        try {
            this.mUsingBroker = false;
            return new AuthenticationContext(this.mContext, this.mConnectionDetails.getAuthority(), false, new MemoryTokenCacheStore());
        } catch (UnsupportedOperationException e) {
            LOGGER.info("Caught exception initializing AuthenticationContext for non-broker use.  Trying again for broker.");
            this.mUsingBroker = true;
            return new AuthenticationContext(this.mContext, this.mConnectionDetails.getAuthority(), false);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public String formatMessageWithAppName(int i) {
        int i2 = this.mContext.getApplicationInfo().labelRes;
        return this.mResources.getString(i, i2 != 0 ? this.mContext.getString(i2) : "this app");
    }

    private static UUID getCorrelationId(Context context) {
        return UUID.nameUUIDFromBytes(context.getPackageName().getBytes());
    }

    private String getPrimaryUPN() {
        String primaryUser = this.mClient.getPrimaryUser();
        if (primaryUser == null) {
            throw new AssertionError("UPN must not be null");
        }
        return primaryUser;
    }

    private String getRedirectUri() {
        return !this.mUsingBroker ? this.mConnectionDetails.getNonBrokerRedirectUri() : this.mAuthContext.getRedirectUriForBroker();
    }

    @TargetApi(23)
    private void handleGetAccountsPermissionRequest(final Activity activity, final Callback callback, final String str, final String str2, final String str3) {
        LOGGER.info("App is not skipping the broker and it is installed and API is >= 23, obtaining broker permission at runtime.");
        Fragment findStartupUIFragment = MAMStartupUIBehaviorImpl.findStartupUIFragment(activity);
        if (findStartupUIFragment == null) {
            LOGGER.severe("Unable to obtain startup fragment from start up activity, we can't request permission so we will proceed with authentication.");
            makeAuthCall(callback, str, activity, str2, str3);
        } else {
            PermissionManager.registerPermissionCallback(new PermissionManager.Callback() { // from class: com.microsoft.intune.mam.client.app.startup.ADALUserAuthentication.1
                private void setDismissListenerAndShow(Dialog dialog) {
                    dialog.setOnDismissListener(new DialogInterface.OnDismissListener() { // from class: com.microsoft.intune.mam.client.app.startup.ADALUserAuthentication.1.4
                        @Override // android.content.DialogInterface.OnDismissListener
                        public void onDismiss(DialogInterface dialogInterface) {
                            if (activity.isFinishing()) {
                                return;
                            }
                            activity.finish();
                        }
                    });
                    dialog.show();
                }

                @Override // com.microsoft.intune.mam.client.app.startup.PermissionManager.Callback
                public void onPermissionDenied() {
                    ADALUserAuthentication.LOGGER.warning("Get accounts permission denied, preventing authentication attempt.");
                    setDismissListenerAndShow(new AlertDialog.Builder(activity).setTitle(ADALUserAuthentication.this.mResources.getText(R.string.wg_permission_denied_title)).setMessage(ADALUserAuthentication.this.formatMessageWithAppName(R.string.wg_get_accounts_permission_denied_text)).setPositiveButton(ADALUserAuthentication.this.mResources.getString(R.string.wg_ok), new DialogInterface.OnClickListener() { // from class: com.microsoft.intune.mam.client.app.startup.ADALUserAuthentication.1.1
                        @Override // android.content.DialogInterface.OnClickListener
                        public void onClick(DialogInterface dialogInterface, int i) {
                            dialogInterface.dismiss();
                        }
                    }).create());
                }

                @Override // com.microsoft.intune.mam.client.app.startup.PermissionManager.Callback
                public void onPermissionGranted() {
                    ADALUserAuthentication.LOGGER.info("Get accounts permission granted.");
                    ADALUserAuthentication.this.makeAuthCall(callback, str, activity, str2, str3);
                }

                @Override // com.microsoft.intune.mam.client.app.startup.PermissionManager.Callback
                public void onPermissionPermanentlyDenied() {
                    ADALUserAuthentication.LOGGER.warning("Get accounts permission denied permanently, preventing auth attempt.");
                    setDismissListenerAndShow(new AlertDialog.Builder(activity).setTitle(ADALUserAuthentication.this.mResources.getText(R.string.wg_permission_denied_title)).setMessage(ADALUserAuthentication.this.mResources.getText(R.string.wg_get_accounts_permission_denied_permanently_text)).setPositiveButton(ADALUserAuthentication.this.mResources.getString(R.string.wg_go_to_settings), new DialogInterface.OnClickListener() { // from class: com.microsoft.intune.mam.client.app.startup.ADALUserAuthentication.1.3
                        @Override // android.content.DialogInterface.OnClickListener
                        public void onClick(DialogInterface dialogInterface, int i) {
                            Intent intent = new Intent();
                            intent.setAction("android.settings.APPLICATION_DETAILS_SETTINGS");
                            intent.setData(Uri.fromParts("package", activity.getPackageName(), null));
                            intent.addFlags(268435456);
                            intent.addFlags(1073741824);
                            intent.addFlags(8388608);
                            activity.startActivity(intent);
                        }
                    }).setNegativeButton(ADALUserAuthentication.this.mResources.getString(R.string.wg_cancel), new DialogInterface.OnClickListener() { // from class: com.microsoft.intune.mam.client.app.startup.ADALUserAuthentication.1.2
                        @Override // android.content.DialogInterface.OnClickListener
                        public void onClick(DialogInterface dialogInterface, int i) {
                            dialogInterface.dismiss();
                        }
                    }).create());
                }
            }, PermissionManager.PERMISSION_GET_ACCOUNTS);
            findStartupUIFragment.requestPermissions(new String[]{PermissionManager.PERMISSION_GET_ACCOUNTS}, PermissionManager.PERMISSION_GET_ACCOUNTS.hashCode());
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void makeAuthCall(Callback callback, String str, Activity activity, String str2, String str3) {
        this.mAuthContext.acquireToken(activity, str3, this.mConnectionDetails.getClientId(), getRedirectUri(), str, PromptBehavior.FORCE_PROMPT, AUTH_EXTRAS, new UserAuthenticationCallback(callback, this.mRequireSpecificUser ? str : null, str2));
    }

    ADALConnectionDetails getAppConnectionDetails() {
        return this.mADALDetailsResolver.getADALConnectionDetails(this.mClient.getPrimaryIdentity());
    }

    public synchronized boolean initialized() {
        return this.mInitialized;
    }

    public void onActivityResult(int i, int i2, Intent intent) {
        this.mAuthContext.onActivityResult(i, i2, intent);
    }

    public void setRequireSpecificUser(boolean z) {
        this.mRequireSpecificUser = z;
    }

    public synchronized boolean setup() {
        Throwable th;
        boolean z = true;
        synchronized (this) {
            if (!this.mInitialized) {
                this.mConnectionDetails = getAppConnectionDetails();
                if (this.mConnectionDetails == null) {
                    z = false;
                } else {
                    LOGGER.fine("Authority: " + this.mConnectionDetails.getAuthority());
                    AuthenticationSettings.INSTANCE.setActivityPackageName(MAMInfo.getPackageName());
                    try {
                        this.mAuthContext = createAuthContext();
                        this.mAuthContext.setRequestCorrelationId(getCorrelationId(this.mContext));
                        this.mInitialized = true;
                    } catch (SecurityException e) {
                        th = e;
                        throw new AssertionError(th);
                    } catch (NoSuchAlgorithmException e2) {
                        th = e2;
                        throw new AssertionError(th);
                    } catch (NoSuchPaddingException e3) {
                        th = e3;
                        throw new AssertionError(th);
                    }
                }
            }
        }
        return z;
    }

    public String startAuthentication(Activity activity, Callback callback, String str) {
        return startAuthentication(activity, callback, getPrimaryUPN(), str);
    }

    public String startAuthentication(Activity activity, Callback callback, String str, String str2) {
        String uuid = UUID.randomUUID().toString();
        if (Build.VERSION.SDK_INT >= 23 && AuthenticationSettings.INSTANCE.getUseBroker() && brokerPermissionIsNeeded()) {
            handleGetAccountsPermissionRequest(activity, callback, str, uuid, str2);
        } else {
            makeAuthCall(callback, str, activity, uuid, str2);
        }
        return uuid;
    }
}
