package com.microsoft.windowsintune.companyportal.authentication.aad;

import android.app.Activity;
import android.net.Uri;
import android.util.Base64;
import com.microsoft.aad.adal.AuthenticationResult;
import com.microsoft.intune.common.utils.IOUtils;
import com.microsoft.omadm.EnrollmentStateSettings;
import com.microsoft.windowsintune.companyportal.ServiceLocator;
import com.microsoft.windowsintune.companyportal.exceptions.AadAuthenticationException;
import com.microsoft.windowsintune.companyportal.exceptions.IntuneTokenConversionException;
import com.microsoft.windowsintune.companyportal.models.IntuneToken;
import com.microsoft.windowsintune.companyportal.models.rest.ApiVersionNegotiator;
import com.microsoft.windowsintune.companyportal.models.rest.LocationServices;
import com.microsoft.windowsintune.companyportal.models.rest.RestIntuneUISTSResponse;
import com.microsoft.windowsintune.companyportal.models.rest.utils.RestTokenResponse;
import com.microsoft.windowsintune.companyportal.user.UserAccountInfoLookup;
import com.microsoft.windowsintune.companyportal.utils.Delegate;
import com.microsoft.windowsintune.telemetry.IAuthenticationTelemetry;
import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;
import java.util.Date;
import java.util.logging.Logger;
import org.apache.commons.lang3.StringUtils;

/* loaded from: classes.dex */
public class IntuneAccess {
    private static final int MFA_FEATURE_ID = 5013;
    private final String aadEnrollmentResourceId;
    private final String aadIntuneResourceId;
    private final AdalContext adalContext;
    private final Logger logger = Logger.getLogger(IntuneAccess.class.getName());

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public class EnrollmentAadTokenAcquisitionSuccessDelegate extends Delegate.Action1<AuthenticationResult> {
        private final Delegate.Action1<Exception> failureCallback;
        private final Delegate.Action0 successCallback;
        private final String successMessage;

        EnrollmentAadTokenAcquisitionSuccessDelegate(Delegate.Action0 action0, Delegate.Action1<Exception> action1, String str) {
            this.successCallback = action0;
            this.failureCallback = action1;
            this.successMessage = str;
        }

        @Override // com.microsoft.windowsintune.companyportal.utils.Delegate.Action1, com.microsoft.windowsintune.companyportal.utils.Delegate.Action1Throw
        public void exec(AuthenticationResult authenticationResult) {
            IntuneToken intuneToken = (IntuneToken) ServiceLocator.getInstance().get(IntuneToken.class);
            try {
                IntuneAccess.this.logger.info("Updating enrollment token.");
                intuneToken.setEnrollmentToken(Base64.encodeToString(URLEncoder.encode(authenticationResult.getAccessToken(), IOUtils.UTF8_CHARSET_ENCODING).getBytes(), 0), IntuneToken.EnrollmentTokenType.AADToken);
            } catch (UnsupportedEncodingException e) {
                ((IAuthenticationTelemetry) ServiceLocator.getInstance().get(IAuthenticationTelemetry.class)).logUpdateMFAEnrollmentTokenFailure(e);
                this.failureCallback.exec(new AadAuthenticationException("Failed to update enrollment token.", e));
            }
            ((IAuthenticationTelemetry) ServiceLocator.getInstance().get(IAuthenticationTelemetry.class)).logUpdateMFAEnrollmentTokenFinished();
            IntuneAccess.this.logger.info(this.successMessage);
            this.successCallback.exec();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public class IntuneAadTokenAcquisitionSuccessDelegate extends Delegate.Action1<AuthenticationResult> {
        private final Delegate.Action1<Exception> failureCallback;
        private final Delegate.Action1<Uri> successCallback;
        private final String successMessage;

        IntuneAadTokenAcquisitionSuccessDelegate(Delegate.Action1<Uri> action1, Delegate.Action1<Exception> action12, String str) {
            this.successCallback = action1;
            this.failureCallback = action12;
            this.successMessage = str;
        }

        @Override // com.microsoft.windowsintune.companyportal.utils.Delegate.Action1, com.microsoft.windowsintune.companyportal.utils.Delegate.Action1Throw
        public void exec(AuthenticationResult authenticationResult) {
            try {
                AuthenticationResultProcessor.updateIntuneTokenWithResult(authenticationResult);
                IntuneAccess.this.logger.info(this.successMessage);
                ((IAuthenticationTelemetry) ServiceLocator.getInstance().get(IAuthenticationTelemetry.class)).logAcquireIntuneTokenSuccess();
                AuthenticationUtils.recordTenantId(authenticationResult.getTenantId());
                AuthenticationUtils.logAuthenticationMethods(authenticationResult.getIdToken(), IAuthenticationTelemetry.TokenType.INTUNE);
                IntuneAccess.this.convertAccessTokenToIntuneTokenAsync(authenticationResult, new Delegate.Action1<Uri>() { // from class: com.microsoft.windowsintune.companyportal.authentication.aad.IntuneAccess.IntuneAadTokenAcquisitionSuccessDelegate.1
                    @Override // com.microsoft.windowsintune.companyportal.utils.Delegate.Action1, com.microsoft.windowsintune.companyportal.utils.Delegate.Action1Throw
                    public void exec(Uri uri) {
                        IntuneAccess.this.logger.info("Successfully initialized Intune tokens.");
                        IntuneAadTokenAcquisitionSuccessDelegate.this.successCallback.exec(uri);
                    }
                }, this.failureCallback);
            } catch (AadAuthenticationException e) {
                this.failureCallback.exec(e);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public class IntuneTokenFailureDelegate extends Delegate.Action1<Exception> {
        private final Delegate.Action1<Exception> failureCallback;

        IntuneTokenFailureDelegate(Delegate.Action1<Exception> action1) {
            this.failureCallback = action1;
        }

        @Override // com.microsoft.windowsintune.companyportal.utils.Delegate.Action1, com.microsoft.windowsintune.companyportal.utils.Delegate.Action1Throw
        public void exec(Exception exc) {
            ((IAuthenticationTelemetry) ServiceLocator.getInstance().get(IAuthenticationTelemetry.class)).logAcquireIntuneTokenFailure(exc, IntuneAccess.this.adalContext.getCorrelationId());
            this.failureCallback.exec(exc);
        }
    }

    public IntuneAccess(AdalContext adalContext, String str, String str2) {
        this.adalContext = adalContext;
        this.aadIntuneResourceId = str;
        this.aadEnrollmentResourceId = str2;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void convertAccessTokenToIntuneTokenAsync(AuthenticationResult authenticationResult, final Delegate.Action1<Uri> action1, final Delegate.Action1<Exception> action12) {
        this.logger.info("Attempting to convert Intune access token into Intune user token; calling Intune UISTS.");
        RestAadToIntuneTokenConverter.getIntuneUserTokenAsync(authenticationResult.getAccessToken(), new Delegate.Action1<RestTokenResponse>() { // from class: com.microsoft.windowsintune.companyportal.authentication.aad.IntuneAccess.4
            @Override // com.microsoft.windowsintune.companyportal.utils.Delegate.Action1, com.microsoft.windowsintune.companyportal.utils.Delegate.Action1Throw
            public void exec(RestTokenResponse restTokenResponse) {
                if (StringUtils.isNotEmpty(restTokenResponse.getError()) && !restTokenResponse.getError().equalsIgnoreCase("null")) {
                    AadAuthenticationException aadAuthenticationException = new AadAuthenticationException("Failed to convert Intune access token to Intune user token.", new IntuneTokenConversionException(restTokenResponse.getError()));
                    ((IAuthenticationTelemetry) ServiceLocator.getInstance().get(IAuthenticationTelemetry.class)).logConvertIntuneTokenFailure(aadAuthenticationException);
                    action12.exec(aadAuthenticationException);
                    return;
                }
                IntuneAccess.this.logger.info("Successfully converted Intune user token.");
                try {
                    IntuneAccess.this.updateIntuneToken(restTokenResponse);
                    ((IAuthenticationTelemetry) ServiceLocator.getInstance().get(IAuthenticationTelemetry.class)).logConvertIntuneTokenSuccess();
                    if (restTokenResponse instanceof RestIntuneUISTSResponse) {
                        action1.exec(((RestIntuneUISTSResponse) restTokenResponse).getLocationServiceUri());
                    } else {
                        action1.exec(null);
                    }
                } catch (AadAuthenticationException e) {
                    action12.exec(e);
                }
            }
        }, new Delegate.Action1<Exception>() { // from class: com.microsoft.windowsintune.companyportal.authentication.aad.IntuneAccess.5
            @Override // com.microsoft.windowsintune.companyportal.utils.Delegate.Action1, com.microsoft.windowsintune.companyportal.utils.Delegate.Action1Throw
            public void exec(Exception exc) {
                ((IAuthenticationTelemetry) ServiceLocator.getInstance().get(IAuthenticationTelemetry.class)).logConvertIntuneTokenFailure(exc);
                action12.exec(exc);
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void updateIntuneToken(RestTokenResponse restTokenResponse) throws AadAuthenticationException {
        IntuneToken intuneToken = (IntuneToken) ServiceLocator.getInstance().get(IntuneToken.class);
        intuneToken.setEncodedTokenValue(restTokenResponse.getToken());
        intuneToken.setTokenExpirySeconds(restTokenResponse.getTokenExpirySeconds());
        intuneToken.setTokenIssuedUtc(new Date());
        try {
            intuneToken.setEnrollmentToken(Base64.encodeToString(URLEncoder.encode(restTokenResponse.getToken(), IOUtils.UTF8_CHARSET_ENCODING).getBytes(), 0), IntuneToken.EnrollmentTokenType.IntuneToken);
        } catch (UnsupportedEncodingException e) {
            throw new AadAuthenticationException("Failed to encode enrollment token.", e);
        }
    }

    public void acquireTokenSilentAsync(Delegate.Action1<Uri> action1, Delegate.Action1<Exception> action12) {
        IntuneTokenFailureDelegate intuneTokenFailureDelegate = new IntuneTokenFailureDelegate(action12);
        try {
            AuthenticationResult acquireTokenSilent = this.adalContext.acquireTokenSilent(this.aadIntuneResourceId);
            if (AuthenticationResult.AuthenticationStatus.Succeeded != acquireTokenSilent.getStatus()) {
                intuneTokenFailureDelegate.exec((IntuneTokenFailureDelegate) new AadAuthenticationException("Failed to acquire Intune Token from AAD."));
            } else {
                new IntuneAadTokenAcquisitionSuccessDelegate(action1, intuneTokenFailureDelegate, "Successfully, silently acquired Intune access token from AAD.").exec(acquireTokenSilent);
            }
        } catch (Exception e) {
            intuneTokenFailureDelegate.exec((IntuneTokenFailureDelegate) new AadAuthenticationException("Acquiring token from AAD threw an exception.", e));
        }
    }

    public void initializeIntuneLocationServiceAsync(Uri uri, final Delegate.Action0 action0, final Delegate.Action1<Exception> action1) {
        LocationServices locationServices = (LocationServices) ServiceLocator.getInstance().get(LocationServices.class);
        if (locationServices.isGraphLocationService()) {
            this.logger.info("Graph location service contains all service endpoint URLs; skipping service endpoint URL initialization from Intune.");
            ((ApiVersionNegotiator) ServiceLocator.getInstance().get(ApiVersionNegotiator.class)).negotiateApiVersionsAsync(action0, action1);
        } else if (uri != null) {
            locationServices.initializeServiceAddresses(LocationServices.LocationServiceType.Intune, uri.toString(), new Delegate.Action0() { // from class: com.microsoft.windowsintune.companyportal.authentication.aad.IntuneAccess.1
                @Override // com.microsoft.windowsintune.companyportal.utils.Delegate.Action0
                public void exec() {
                    IntuneAccess.this.logger.info("Successfully initialized service endpoint URLs from Intune location service.");
                    ((ApiVersionNegotiator) ServiceLocator.getInstance().get(ApiVersionNegotiator.class)).negotiateApiVersionsAsync(action0, action1);
                }
            }, action1);
        } else {
            action1.exec(new AadAuthenticationException("locationServiceUri is null when using IntuneLocationService"));
        }
    }

    public void initializeTokenAsync(Activity activity, Delegate.Action1<Uri> action1, Delegate.Action1<Exception> action12) {
        this.logger.info("Attempting to acquire Intune token from AAD.");
        IntuneTokenFailureDelegate intuneTokenFailureDelegate = new IntuneTokenFailureDelegate(action12);
        this.adalContext.acquireTokenAsync(this.aadIntuneResourceId, activity, new IntuneAadTokenAcquisitionSuccessDelegate(action1, intuneTokenFailureDelegate, "Successfully acquired Intune access token from AAD."), intuneTokenFailureDelegate);
    }

    public void updateMFAEnrollmentTokenAsync(final Activity activity, final Delegate.Action0 action0, final Delegate.Action1<Exception> action1) {
        if (((EnrollmentStateSettings) ServiceLocator.getInstance().get(EnrollmentStateSettings.class)).getCurrentState().isEnrolled()) {
            action0.exec();
        } else {
            ((IAuthenticationTelemetry) ServiceLocator.getInstance().get(IAuthenticationTelemetry.class)).logQueryMFAEnrollmentEnabledStarted();
            ((UserAccountInfoLookup) ServiceLocator.getInstance().get(UserAccountInfoLookup.class)).isFeatureEnabled(MFA_FEATURE_ID, new Delegate.Action1<Boolean>() { // from class: com.microsoft.windowsintune.companyportal.authentication.aad.IntuneAccess.2
                @Override // com.microsoft.windowsintune.companyportal.utils.Delegate.Action1, com.microsoft.windowsintune.companyportal.utils.Delegate.Action1Throw
                public void exec(Boolean bool) {
                    ((IAuthenticationTelemetry) ServiceLocator.getInstance().get(IAuthenticationTelemetry.class)).logQueryMFAEnrollmentEnabledFinished();
                    if (bool == null || !bool.booleanValue()) {
                        IntuneAccess.this.logger.info("The enrollment MFA is not enabled for this user.");
                        action0.exec();
                    } else {
                        ((IAuthenticationTelemetry) ServiceLocator.getInstance().get(IAuthenticationTelemetry.class)).logUpdateMFAEnrollmentTokenStarted();
                        IntuneAccess.this.adalContext.acquireTokenAsync(IntuneAccess.this.aadEnrollmentResourceId, activity, new EnrollmentAadTokenAcquisitionSuccessDelegate(action0, action1, "Successfully acquired MFA enrollment token from AAD."), new Delegate.Action1<Exception>() { // from class: com.microsoft.windowsintune.companyportal.authentication.aad.IntuneAccess.2.1
                            @Override // com.microsoft.windowsintune.companyportal.utils.Delegate.Action1, com.microsoft.windowsintune.companyportal.utils.Delegate.Action1Throw
                            public void exec(Exception exc) {
                                ((IAuthenticationTelemetry) ServiceLocator.getInstance().get(IAuthenticationTelemetry.class)).logUpdateMFAEnrollmentTokenFailure(exc);
                                IntuneAccess.this.logger.severe("Failed to acquire MFA enrollment token.");
                                action1.exec(exc);
                            }
                        });
                    }
                }
            }, new Delegate.Action1<Exception>() { // from class: com.microsoft.windowsintune.companyportal.authentication.aad.IntuneAccess.3
                @Override // com.microsoft.windowsintune.companyportal.utils.Delegate.Action1, com.microsoft.windowsintune.companyportal.utils.Delegate.Action1Throw
                public void exec(Exception exc) {
                    ((IAuthenticationTelemetry) ServiceLocator.getInstance().get(IAuthenticationTelemetry.class)).logQueryMFAEnrollmentEnabledFinished();
                    IntuneAccess.this.logger.info("The FeatureEnabledForUser API failed, we fall back to use Intune token to enroll.");
                    action0.exec();
                }
            });
        }
    }
}
