package com.microsoft.windowsintune.companyportal.authentication.aad;

import android.app.Activity;
import android.content.Context;
import android.os.Build;
import com.android.volley.VolleyError;
import com.microsoft.aad.adal.ADALError;
import com.microsoft.aad.adal.AuthenticationException;
import com.microsoft.intune.common.settings.IDeploymentSettings;
import com.microsoft.intune.common.utils.ExceptionUtils;
import com.microsoft.omadm.utils.PackageUtils;
import com.microsoft.windowsintune.companyportal.DialogService;
import com.microsoft.windowsintune.companyportal.R;
import com.microsoft.windowsintune.companyportal.ServiceLocator;
import com.microsoft.windowsintune.companyportal.exceptions.AadAuthenticationException;
import com.microsoft.windowsintune.companyportal.exceptions.IntuneTokenConversionException;
import com.microsoft.windowsintune.companyportal.exceptions.VersionNegotiationException;
import com.microsoft.windowsintune.companyportal.utils.AndroidText;
import com.microsoft.windowsintune.companyportal.utils.CertUtils;
import com.microsoft.windowsintune.companyportal.utils.CommonDeviceActions;
import com.microsoft.windowsintune.companyportal.utils.Delegate;
import com.microsoft.windowsintune.companyportal.viewmodels.IAadAuthenticationViewModel;
import com.microsoft.windowsintune.companyportal.views.SspDialogFactory;
import java.net.HttpURLConnection;
import java.net.URL;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertificateException;
import java.text.MessageFormat;
import java.util.logging.Logger;
import javax.net.ssl.SSLHandshakeException;

/* loaded from: classes.dex */
public class AuthenticationErrorDialog {
    private static final int HTTP_FORBIDDEN = 403;
    private static final Logger LOGGER = Logger.getLogger(AuthenticationErrorDialog.class.getName());
    private static final int MIN_ANDROID_SYSTEM_WEB_VIEW_VERSION_CODE = 288309100;
    private static final int MIN_CHROME_VERSION_CODE = 288309101;
    private final IAadAuthenticationViewModel.AuthenticationState authState;
    private final DialogType dialogType;
    private final String[] noConnectionErrors = {"Connection is not available", "Error Code:-6", "ENETUNREACH (Network is unreachable)", "Socket is closed", "Connection closed by peer", "Connection reset by peer", "Error Code:-8", "isConnected failed: ETIMEDOUT", "Read timed out", "timeout", "com.android.volley.TimeoutError", "SSL handshake timed", "Status code:503", "Connection timed out", "Error Code:-2", "java.net.UnknownHostException: Unable to resolve host", "Hostname 'login.windows.net' was not verified", "EHOSTUNREACH (No route to host)", "not verified:     certificate", "ERR_NAME_NOT_RESOLVED"};
    private int resourceId;
    private String url;

    /* loaded from: classes.dex */
    private enum DialogType {
        Certificate,
        MessageWithPositiveOk,
        UpdateWebView
    }

    public AuthenticationErrorDialog(AadAuthenticationException aadAuthenticationException, Context context) {
        if (aadAuthenticationException == null || context == null) {
            LOGGER.warning(MessageFormat.format("Falling back to default error dialog due to null parameter. Exception {0}. Context {1}", aadAuthenticationException, context));
            this.authState = IAadAuthenticationViewModel.AuthenticationState.FailedToAcquireTokens;
            this.resourceId = R.string.LoginFailed;
            this.dialogType = DialogType.MessageWithPositiveOk;
            return;
        }
        if ((aadAuthenticationException.getCause() instanceof AuthenticationException) && ((AuthenticationException) aadAuthenticationException.getCause()).getCode() == ADALError.DEVICE_CONNECTION_IS_NOT_AVAILABLE) {
            LOGGER.severe("Authentication failed. Adal detects there is no network connection.");
            this.authState = IAadAuthenticationViewModel.AuthenticationState.FailedToAcquireTokens;
            this.resourceId = R.string.ConnectionErrorMessage;
            this.dialogType = DialogType.MessageWithPositiveOk;
            return;
        }
        if (!CommonDeviceActions.isNetworkConnected(context)) {
            LOGGER.severe("Authentication failed. There is no network connection.");
            this.authState = IAadAuthenticationViewModel.AuthenticationState.FailedToAcquireTokens;
            this.resourceId = R.string.ConnectionErrorMessage;
            this.dialogType = DialogType.MessageWithPositiveOk;
            return;
        }
        if (!CertUtils.isBaltimoreCertificateTrusted(true) && isBaltimoreCertRequiredByAuthorityServer()) {
            LOGGER.severe("Authentication failed. Baltimore certificate is not trusted on the device.");
            this.authState = IAadAuthenticationViewModel.AuthenticationState.FailedToAcquireTokens;
            this.url = ((IDeploymentSettings) ServiceLocator.getInstance().get(IDeploymentSettings.class)).getBaltimoreCertificateMissingHelpUrl();
            this.dialogType = DialogType.Certificate;
            return;
        }
        if (ExceptionUtils.anyMessageContains(aadAuthenticationException, "Code:-11 primary error: 3") || ExceptionUtils.anyMessageContains(aadAuthenticationException, "java.security.cert.CertPathValidatorException: Trust anchor for certification path not found")) {
            LOGGER.severe("Authentication failed. The device does not recognize a root authority.");
            this.authState = IAadAuthenticationViewModel.AuthenticationState.FailedToAcquireTokens;
            this.url = ((IDeploymentSettings) ServiceLocator.getInstance().get(IDeploymentSettings.class)).getGenericCertificateMissingHelpUrl();
            this.dialogType = DialogType.Certificate;
            return;
        }
        if (ExceptionUtils.anyMessageContains(aadAuthenticationException, "Code:-11 primary error: 4")) {
            LOGGER.severe("Authentication failed. Invalid certificate date.");
            this.authState = IAadAuthenticationViewModel.AuthenticationState.FailedToAcquireTokens;
            this.resourceId = R.string.CertificateDateInvalid;
            this.dialogType = DialogType.MessageWithPositiveOk;
            return;
        }
        if (ExceptionUtils.anyMessageContains(aadAuthenticationException, "Connection refused")) {
            LOGGER.severe("Authentication failed. The connection was refused.");
            this.authState = IAadAuthenticationViewModel.AuthenticationState.FailedToAcquireTokens;
            this.resourceId = R.string.ConnectionRefused;
            this.dialogType = DialogType.MessageWithPositiveOk;
            return;
        }
        if (ExceptionUtils.anyMessageContains(aadAuthenticationException, "Error Code:-5 net::ERR_PROXY_CONNECTION_FAILED") || ExceptionUtils.anyMessageContains(aadAuthenticationException, "Code:-11 primary error: 2")) {
            LOGGER.severe("Authentication failed. A proxy caused a connection failure.");
            this.authState = IAadAuthenticationViewModel.AuthenticationState.FailedToAcquireTokens;
            this.resourceId = R.string.ProxyConnectionFailed;
            this.dialogType = DialogType.MessageWithPositiveOk;
            return;
        }
        if (ExceptionUtils.anyMessageContains(aadAuthenticationException, "Code:-11 primary error: 5")) {
            if (Build.VERSION.SDK_INT < 24 || !PackageUtils.isPackageInstalled(context, PackageUtils.CHROME)) {
                if (PackageUtils.getPackageVersion(context, PackageUtils.ANDROID_SYSTEM_WEB_VIEW).intValue() < MIN_ANDROID_SYSTEM_WEB_VIEW_VERSION_CODE) {
                    LOGGER.severe("Authentication failed. The Android System Web View needs to be updated.");
                    this.authState = IAadAuthenticationViewModel.AuthenticationState.FailedToAcquireTokens;
                    this.resourceId = R.string.UpdateSystemWebView;
                    this.url = ((IDeploymentSettings) ServiceLocator.getInstance().get(IDeploymentSettings.class)).getUpdateSystemWebViewUrl();
                    this.dialogType = DialogType.UpdateWebView;
                    return;
                }
            } else if (PackageUtils.getPackageVersion(context, PackageUtils.CHROME).intValue() < MIN_CHROME_VERSION_CODE) {
                LOGGER.severe("Authentication failed. Chrome needs to be updated.");
                this.authState = IAadAuthenticationViewModel.AuthenticationState.FailedToAcquireTokens;
                this.resourceId = R.string.UpdateChrome;
                this.url = ((IDeploymentSettings) ServiceLocator.getInstance().get(IDeploymentSettings.class)).getUpdateChromeUrl();
                this.dialogType = DialogType.UpdateWebView;
                return;
            }
        }
        if (aadAuthenticationException.getCause() instanceof IntuneTokenConversionException) {
            IntuneTokenConversionException intuneTokenConversionException = (IntuneTokenConversionException) aadAuthenticationException.getCause();
            if (intuneTokenConversionException.getErrorCause() == IntuneTokenConversionException.ErrorCauseHint.AccountDisabled || intuneTokenConversionException.getErrorCause() == IntuneTokenConversionException.ErrorCauseHint.UserDisabled) {
                this.authState = IAadAuthenticationViewModel.AuthenticationState.STSAccountDisabled;
                this.resourceId = R.string.IntuneUserOrAccountDisabledError;
                this.dialogType = DialogType.MessageWithPositiveOk;
                return;
            }
            if (intuneTokenConversionException.getErrorCause() == IntuneTokenConversionException.ErrorCauseHint.AccountInMaintenance) {
                this.authState = IAadAuthenticationViewModel.AuthenticationState.AccountInMaintenance;
                this.resourceId = R.string.IntuneServiceMaintenanceError;
                this.dialogType = DialogType.MessageWithPositiveOk;
                return;
            } else if (intuneTokenConversionException.getErrorCause() == IntuneTokenConversionException.ErrorCauseHint.UserUnknown) {
                this.authState = IAadAuthenticationViewModel.AuthenticationState.STSUserUnknown;
                this.resourceId = R.string.IntuneUserUnknownError;
                this.dialogType = DialogType.MessageWithPositiveOk;
                return;
            } else if (intuneTokenConversionException.getCause() instanceof VolleyError) {
                VolleyError volleyError = (VolleyError) intuneTokenConversionException.getCause();
                if (volleyError.networkResponse != null && volleyError.networkResponse.statusCode == HTTP_FORBIDDEN) {
                    this.authState = IAadAuthenticationViewModel.AuthenticationState.STSUserUnknown;
                    this.resourceId = R.string.IntuneUserUnknownError;
                    this.dialogType = DialogType.MessageWithPositiveOk;
                    return;
                }
            }
        }
        if (isNetworkError(aadAuthenticationException)) {
            LOGGER.severe("Authentication failed. The error is a network error.");
            this.authState = IAadAuthenticationViewModel.AuthenticationState.FailedToAcquireTokens;
            this.resourceId = R.string.ConnectionErrorMessage;
            this.dialogType = DialogType.MessageWithPositiveOk;
            return;
        }
        if (aadAuthenticationException.getCause() instanceof VersionNegotiationException) {
            this.authState = IAadAuthenticationViewModel.AuthenticationState.FailedToNegotiateVersions;
            this.resourceId = R.string.LoginFailed;
            this.dialogType = DialogType.MessageWithPositiveOk;
        } else {
            this.authState = IAadAuthenticationViewModel.AuthenticationState.FailedToAcquireTokens;
            this.resourceId = R.string.LoginFailed;
            this.dialogType = DialogType.MessageWithPositiveOk;
        }
    }

    private boolean isBaltimoreCertRequiredByAuthorityServer() {
        HttpURLConnection httpURLConnection = null;
        try {
            try {
                httpURLConnection = (HttpURLConnection) new URL(((IDeploymentSettings) ServiceLocator.getInstance().get(IDeploymentSettings.class)).getAadAuthority()).openConnection();
                LOGGER.info(MessageFormat.format("Connected to authority server and got response status code: {0}.", Integer.valueOf(httpURLConnection.getResponseCode())));
                if (httpURLConnection == null) {
                    return false;
                }
                httpURLConnection.disconnect();
                return false;
            } catch (Exception e) {
                if (!(e instanceof SSLHandshakeException) || !(e.getCause() instanceof CertificateException) || !(e.getCause().getCause() instanceof CertPathValidatorException)) {
                    if (httpURLConnection == null) {
                        return false;
                    }
                    httpURLConnection.disconnect();
                    return false;
                }
                CertPath certPath = ((CertPathValidatorException) e.getCause().getCause()).getCertPath();
                boolean z = (certPath == null || certPath.toString().isEmpty() || !certPath.toString().contains(CertUtils.BALTIMORE_ISSUER_COMMON_NAME)) ? false : true;
                if (httpURLConnection != null) {
                    httpURLConnection.disconnect();
                }
                return z;
            }
        } catch (Throwable th) {
            if (httpURLConnection != null) {
                httpURLConnection.disconnect();
            }
            throw th;
        }
    }

    private boolean isNetworkError(Throwable th) {
        for (String str : this.noConnectionErrors) {
            if (ExceptionUtils.anyMessageContains(th, str)) {
                return true;
            }
        }
        return false;
    }

    public void display(Activity activity, Delegate.Action0 action0) {
        switch (this.dialogType) {
            case Certificate:
                SspDialogFactory.showCertificateMissingErrorDialog(activity, this.url, action0);
                return;
            case UpdateWebView:
                SspDialogFactory.showWebViewUpdateDialog(activity, this.resourceId, this.url, action0);
                return;
            default:
                DialogService.showErrorDialog(activity, R.string.DialogTitleError, new AndroidText(this.resourceId), action0);
                return;
        }
    }

    public IAadAuthenticationViewModel.AuthenticationState getState() {
        return this.authState;
    }
}
