package com.microsoft.workaccount.authenticatorservice;

import android.accounts.AbstractAccountAuthenticator;
import android.accounts.Account;
import android.accounts.AccountAuthenticatorResponse;
import android.accounts.NetworkErrorException;
import android.content.Context;
import android.content.Intent;
import android.os.Binder;
import android.os.Bundle;
import android.text.TextUtils;
import android.webkit.CookieManager;
import android.webkit.CookieSyncManager;
import com.microsoft.aad.adal.unity.AccountActivity;
import com.microsoft.aad.adal.unity.AuthenticationConstants;
import com.microsoft.aad.adal.unity.AuthenticationContext;
import com.microsoft.aad.adal.unity.AuthenticationResult;
import com.microsoft.aad.adal.unity.AuthenticationSettings;
import com.microsoft.aad.adal.unity.BrokerClient;
import com.microsoft.aad.adal.unity.BrokerClientException;
import com.microsoft.aad.adal.unity.BrokerOauthError;
import com.microsoft.aad.adal.unity.BrokerRequest;
import com.microsoft.aad.adal.unity.BrokerTokenResult;
import com.microsoft.aad.adal.unity.CacheKey;
import com.microsoft.aad.adal.unity.IKeyHandler;
import com.microsoft.aad.adal.unity.StorageHelper;
import com.microsoft.aad.adal.unity.StringExtensions;
import com.microsoft.aad.adal.unity.TokenCacheItem;
import com.microsoft.aad.adal.unity.UserInfo;
import com.microsoft.workaccount.R;
import com.microsoft.workaccount.workplacejoin.AccountManagerStorageHelper;
import com.microsoft.workaccount.workplacejoin.AcquireTokenWithPrtTask;
import com.microsoft.workaccount.workplacejoin.BrokerContext;
import com.microsoft.workaccount.workplacejoin.Logger;
import com.microsoft.workaccount.workplacejoin.PrtTaskResult;
import com.microsoft.workaccount.workplacejoin.core.InstallCertActivity;
import com.microsoft.workaccount.workplacejoin.core.JoinActivity;
import com.microsoft.workaccount.workplacejoin.core.SessionTransportKey;
import com.microsoft.workaccount.workplacejoin.core.StringHelper;
import com.microsoft.workaccount.workplacejoin.core.Util;
import com.microsoft.workaccount.workplacejoin.core.WorkplaceJoinApplication;
import com.microsoft.workaccount.workplacejoin.core.WorkplaceJoinFailure;
import com.microsoft.workaccount.workplacejoin.core.WorkplaceJoinService;
import java.io.UnsupportedEncodingException;
import java.security.NoSuchAlgorithmException;
import java.util.Map;
import java.util.UUID;

/* loaded from: classes.dex */
public final class Authenticator extends AbstractAccountAuthenticator {
    private static final int ACCOUNT_EXIST = 1;
    private static final String AUTH_TOKEN_LABEL = "AADBroker";
    private static final String TAG = "Authenticator#";
    AccountManagerStorageHelper mAcctMgrHelper;
    CallerInfo mCallerVerifier;
    private final Context mContext;
    UUID mCorrelationId;
    private StorageHelper mCryptoHelper;
    IKeyHandler mKeyHandler;

    public Authenticator(Context context) {
        super(context);
        this.mCryptoHelper = null;
        this.mCallerVerifier = null;
        this.mAcctMgrHelper = null;
        Logger.d("Authenticator#constructor", "Authenticator constructor called");
        this.mContext = context;
        this.mAcctMgrHelper = new AccountManagerStorageHelper(context);
        this.mCryptoHelper = new StorageHelper(context);
        this.mCallerVerifier = new CallerInfo(context, this.mCryptoHelper);
        this.mKeyHandler = new KeyHandler(context);
    }

    private void acquireTokenUsingPRT(final Account account, final BrokerRequest brokerRequest, final String str, final AccountManagerCache accountManagerCache, final String str2, final AccountAuthenticatorResponse accountAuthenticatorResponse) {
        if (!isSTKmissing()) {
            Logger.v("Authenticator#acquireTokenUsingPRT", "STK exists, starting to get token with prt. ");
            setupPRTAndAcquireToken(brokerRequest, account, str, accountManagerCache, str2, accountAuthenticatorResponse);
        } else {
            this.mAcctMgrHelper.restoreWPJAccount();
            Logger.v("Authenticator#acquireTokenUsingPRT", "Joined but stk is null, start doing stk patching");
            WorkplaceJoinService.updateDeviceRegistrationEnrollment(this.mContext, this.mAcctMgrHelper.getWpjDeviceId(), str2, brokerRequest.getCorrelationId(), this.mAcctMgrHelper.getWpjPKCS12Certificate(), new WorkplaceJoinService.OnUpdateDeviceListener() { // from class: com.microsoft.workaccount.authenticatorservice.Authenticator.1
                @Override // com.microsoft.workaccount.workplacejoin.core.WorkplaceJoinService.OnUpdateDeviceListener
                public void onComplete(boolean z, Exception exc) {
                    if (z) {
                        Logger.v("Authenticator#acquireTokenUsingPRT", "STK patching succeeds, will start setting up prt, and get token with prt.");
                        Authenticator.this.setupPRTAndAcquireToken(brokerRequest, account, str, accountManagerCache, str2, accountAuthenticatorResponse);
                    } else if (exc != null) {
                        Logger.e("Authenticator#acquireTokenUsingPRT", exc.getMessage(), WorkplaceJoinFailure.INTERNAL, exc);
                        accountAuthenticatorResponse.onError(8, exc.getMessage());
                    } else {
                        Logger.e("Authenticator#acquireTokenUsingPRT", "Failed to do stk patching, Cannot continue with prt acquistion.", WorkplaceJoinFailure.INTERNAL);
                        accountAuthenticatorResponse.onError(8, "Failed to do stk patching, Cannot continue with prt acquistion.");
                    }
                }
            });
        }
    }

    private Bundle addAccountBroker(AccountAuthenticatorResponse accountAuthenticatorResponse, Bundle bundle) {
        Intent intent = new Intent();
        intent.setPackage(this.mContext.getPackageName());
        intent.setClassName(this.mContext.getPackageName(), this.mContext.getPackageName() + ".ui.AccountChooserActivity");
        intent.putExtra("accountAuthenticatorResponse", accountAuthenticatorResponse);
        intent.putExtras(bundle);
        intent.putExtra("broker.version", "v2");
        Bundle bundle2 = new Bundle();
        bundle2.putParcelable("intent", intent);
        return bundle2;
    }

    private Bundle addAccountWorkPlaceJoin(AccountAuthenticatorResponse accountAuthenticatorResponse, Bundle bundle) {
        Intent intent = new Intent(this.mContext, (Class<?>) JoinActivity.class);
        intent.putExtra("accountAuthenticatorResponse", accountAuthenticatorResponse);
        if (bundle == null || !bundle.containsKey(WorkplaceJoinApplication.DATA_UPN)) {
            Logger.v("Authenticator#addAccountWorkPlaceJoin", "UPN not provided");
        } else {
            String string = bundle.getString(WorkplaceJoinApplication.DATA_UPN, null);
            Logger.v("Authenticator#addAccountWorkPlaceJoin", "UPN = " + string);
            if (string != null) {
                intent.putExtra(WorkplaceJoinApplication.DATA_UPN, string);
            } else {
                Logger.d("Authenticator#addAccountWorkPlaceJoin", "UPN = null");
            }
        }
        if (bundle == null || !bundle.containsKey(WorkplaceJoinApplication.DATA_TOKEN)) {
            Logger.v("Authenticator#addAccountWorkPlaceJoin", "DATA_TOKEN = null");
        } else {
            String string2 = bundle.getString(WorkplaceJoinApplication.DATA_TOKEN, null);
            Logger.v("Authenticator#addAccountWorkPlaceJoin", "DATA_TOKEN was provided");
            intent.putExtra(WorkplaceJoinApplication.DATA_TOKEN, string2);
        }
        if (bundle == null || !bundle.containsKey(WorkplaceJoinApplication.DATA_DISPLAYABLE_ID)) {
            Logger.v("Authenticator#addAccountWorkPlaceJoin", "DATA_DISPLAYABLE_ID = null");
        } else {
            String string3 = bundle.getString(WorkplaceJoinApplication.DATA_DISPLAYABLE_ID, null);
            Logger.v("Authenticator#addAccountWorkPlaceJoin", "DATA_DISPLAYABLE_ID was provided");
            intent.putExtra(WorkplaceJoinApplication.DATA_DISPLAYABLE_ID, string3);
        }
        intent.putExtras(bundle);
        if (bundle != null && bundle.containsKey(WorkplaceJoinApplication.DATA_REFRESH_TOKEN)) {
            String string4 = bundle.getString(WorkplaceJoinApplication.DATA_REFRESH_TOKEN, null);
            Logger.v("Authenticator#addAccountWorkPlaceJoin", "Refresh Token key is inside the options");
            if (string4 != null) {
                intent.putExtra(WorkplaceJoinApplication.DATA_REFRESH_TOKEN, string4);
            } else {
                Logger.i("Authenticator#addAccountWorkPlaceJoin", "Refresh Token key is null");
            }
        }
        if (bundle != null && bundle.containsKey(WorkplaceJoinApplication.DATA_IDTOKEN)) {
            String string5 = bundle.getString(WorkplaceJoinApplication.DATA_IDTOKEN, null);
            Logger.v("Authenticator#addAccountWorkPlaceJoin", "Id Token key is inside the options");
            if (string5 != null) {
                intent.putExtra(WorkplaceJoinApplication.DATA_IDTOKEN, string5);
            } else {
                Logger.i("Authenticator#addAccountWorkPlaceJoin", "Id Token key is null");
            }
        }
        if (bundle == null || !bundle.containsKey(WorkplaceJoinApplication.DATA_DISCOVERY)) {
            Logger.v("Authenticator#addAccountWorkPlaceJoin", "DiscoveryFlag not provided");
        } else {
            String string6 = bundle.getString(WorkplaceJoinApplication.DATA_DISCOVERY, null);
            Logger.v("Authenticator#addAccountWorkPlaceJoin", "DiscoveryFlag = " + string6);
            if (string6 != null) {
                intent.putExtra(WorkplaceJoinApplication.DATA_DISCOVERY, string6);
            } else {
                Logger.d("Authenticator#addAccountWorkPlaceJoin", "DiscoveryFlag = null");
            }
        }
        Bundle bundle2 = new Bundle();
        bundle2.putParcelable("intent", intent);
        return bundle2;
    }

    private void clearCookies() {
        CookieSyncManager.createInstance(this.mContext);
        CookieManager.getInstance().removeAllCookie();
        CookieSyncManager.getInstance().sync();
    }

    private Bundle createResultBundleWithTokenCacheItem(Account account, TokenCacheItem tokenCacheItem, String str) {
        Bundle bundle = new Bundle();
        if (tokenCacheItem != null) {
            bundle.putString("authAccount", account.name);
            bundle.putString("accountType", account.type);
            bundle.putString("authtoken", tokenCacheItem.getAccessToken());
            if (tokenCacheItem.getExpiresOn() != null) {
                bundle.putLong("account.expiredate", tokenCacheItem.getExpiresOn().getTime());
            }
            Logger.v("Authenticator#setResultBundleWithTokenCacheItem", "Account name to return:" + account.name + " Upn:" + str);
            bundle.putString("account.login.hint", str);
            bundle.putString("account.userinfo.userid", str);
            bundle.putString("account.userinfo.userid.displayable", str);
            if (StringHelper.IsNullOrBlank(tokenCacheItem.getTenantId())) {
                Logger.v("Authenticator#setResultBundleWithTokenCacheItem", "Tenant Id does not exist");
            } else {
                bundle.putString("account.userinfo.tenantid", tokenCacheItem.getTenantId());
            }
            setResultInfoOnBundle(bundle, tokenCacheItem.getUserInfo());
            if (StringHelper.IsNullOrBlank(tokenCacheItem.getRawIdToken())) {
                Logger.v("Authenticator#setResultBundleWithTokenCacheItem", "Id token does not exist.");
            } else {
                bundle.putString("account.idtoken", tokenCacheItem.getRawIdToken());
            }
        }
        return bundle;
    }

    private void getAccessTokenForJoinedAccount(AccountAuthenticatorResponse accountAuthenticatorResponse, AccountManagerCache accountManagerCache, Account account, String str, String str2, String str3, UUID uuid, String str4, String str5) {
        TokenCacheItem item = accountManagerCache.getItem(CacheKey.createCacheKeyForRTEntry(str, str2, str3, null), false);
        if (item == null || StringHelper.IsNullOrBlank(item.getAccessToken()) || TokenCacheItem.isTokenExpired(item.getExpiresOn())) {
            Logger.v(TAG, "Joined account, access token does not exist, try with PRT.");
            acquireTokenUsingPRT(account, new BrokerRequest(str, str2, str3, "", uuid), str5, accountManagerCache, str4, accountAuthenticatorResponse);
        } else {
            Logger.v("Authenticator#getAccessTokenForJoinedAccount", "Joined account, return access token from cache.");
            accountAuthenticatorResponse.onResult(createResultBundleWithTokenCacheItem(account, item, str4));
        }
    }

    private void getAccessTokenForNonJoinedAccount(AccountAuthenticatorResponse accountAuthenticatorResponse, AccountManagerCache accountManagerCache, String str, String str2, String str3, String str4, UUID uuid, Account account, String str5) {
        AuthenticationSettings.INSTANCE.setSkipBroker(true);
        AuthenticationContext authenticationContext = new AuthenticationContext(this.mContext, str, false, accountManagerCache);
        authenticationContext.setRequestCorrelationId(uuid);
        AuthenticationResult acquireTokenSilentSync = authenticationContext.acquireTokenSilentSync(str3, str4, null, BrokerClient.getBrokerRedirectUri(this.mContext, str2));
        if (acquireTokenSilentSync == null || StringHelper.IsNullOrBlank(acquireTokenSilentSync.getAccessToken())) {
            Logger.v("Authenticator#getAccessTokenForNonJoinedAccount", "Access token is not returned, return back the error.");
            accountAuthenticatorResponse.onError(8, "Token is not available");
        } else {
            Logger.v("Authenticator#getAccessTokenForNonJoinedAccount", "Return access token via AuthenticatorResponse.");
            accountAuthenticatorResponse.onResult(setResultToBundle(account, acquireTokenSilentSync, str5));
        }
    }

    private Bundle getCommonErrorResultBundle(String str) {
        return getErrorResultBundle(6, str);
    }

    private UUID getCorrelationId() {
        if (this.mCorrelationId == null) {
            this.mCorrelationId = UUID.randomUUID();
        }
        return this.mCorrelationId;
    }

    private Bundle getErrorResultBundle(int i, String str) {
        Logger.e("Authenticator#getErrorResultBundle", "accountManagerErrorCode: " + i + ", msg: " + str, WorkplaceJoinFailure.INTERNAL);
        Bundle bundle = new Bundle();
        bundle.putInt("errorCode", i);
        bundle.putString("errorMessage", str);
        return bundle;
    }

    private boolean isSTKmissing() {
        Logger.v("Authenticator#isSTKmissing", "Joined, check the existence of stk.");
        return new SessionTransportKey(this.mContext).getSessionTransportKey() == null;
    }

    private boolean needTokenRemoval(Bundle bundle) {
        return "account.remove.tokens.value".equalsIgnoreCase(bundle.getString("account.remove.tokens"));
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void processTokenResult(Account account, BrokerRequest brokerRequest, BrokerClient brokerClient, BrokerTokenResult brokerTokenResult, AccountManagerCache accountManagerCache, String str, AccountAuthenticatorResponse accountAuthenticatorResponse) {
        if (!TextUtils.isEmpty(brokerTokenResult.getAccessToken())) {
            Logger.v("Authenticator#processTokenResult", "Access token is returned, store it into cache.");
            brokerClient.saveTokenIntoCache(accountManagerCache, brokerTokenResult);
            this.mAcctMgrHelper.setAccountData(account, AccountActivity.ACCOUNT_INTERACTION_HEADER_REQUIRED, "");
        } else if (brokerTokenResult.getError() != null) {
            Logger.v("Authenticator#processTokenResult", "Token result contains error.");
            BrokerOauthError error = brokerTokenResult.getError();
            if (error.isInteractionRequired()) {
                Logger.v("Authenticator#processTokenResult", "Returned token error is interaction_required.");
                try {
                    this.mAcctMgrHelper.setAccountData(account, AccountActivity.ACCOUNT_INTERACTION_HEADER_REQUIRED, brokerClient.getResolveInterruptRefreshCredential(account, this.mKeyHandler));
                } catch (BrokerClientException e) {
                    Logger.e("Authenticator#processTokenResult", "Exception happens when trying to resolve interrupt refresh credential " + e.getMessage(), WorkplaceJoinFailure.ADAL, e);
                    accountAuthenticatorResponse.onError(8, e.getMessage());
                }
            } else if (error.isInvalidGrant()) {
                Logger.v("Authenticator#processTokenResult", "Received invalid_grant. Clear PRT and broker RT.");
                this.mKeyHandler.deletePRT();
                try {
                    this.mAcctMgrHelper.setAccountData(account, StringExtensions.createHash(AuthenticationConstants.Broker.USERDATA_BROKER_RT + account.name), "");
                } catch (UnsupportedEncodingException | NoSuchAlgorithmException e2) {
                    Logger.e(TAG, "Fail to create hash for broker RT", WorkplaceJoinFailure.INTERNAL, e2);
                }
            }
        }
        accountAuthenticatorResponse.onResult(setResultToBundle(account, brokerTokenResult, str));
    }

    private Bundle returnEmptyResult(Account account) {
        Bundle bundle = new Bundle();
        bundle.putString("authAccount", Util.obtainDomainFromUPN(account.name));
        bundle.putString("accountType", account.type);
        bundle.putBoolean("account.initial.request", true);
        return bundle;
    }

    private void setResultInfoOnBundle(Bundle bundle, UserInfo userInfo) {
        if (userInfo == null) {
            Logger.v("Authenticator#setResultInfoOnBundle", "User info is not available.");
            return;
        }
        Logger.v("Authenticator#setResultInfoOnBundle", "Result contains UserInfo, setting it onto result bundle.");
        bundle.putString("account.userinfo.given.name", userInfo.getGivenName());
        bundle.putString("account.userinfo.family.name", userInfo.getFamilyName());
        bundle.putString("account.userinfo.identity.provider", userInfo.getIdentityProvider());
        if (!StringHelper.IsNullOrBlank(userInfo.getUserId())) {
            bundle.putString("account.userinfo.userid", userInfo.getUserId());
        }
        if (StringHelper.IsNullOrBlank(userInfo.getDisplayableId())) {
            return;
        }
        bundle.putString("account.userinfo.userid.displayable", userInfo.getDisplayableId());
        bundle.putString("account.login.hint", userInfo.getDisplayableId());
    }

    private Bundle setResultToBundle(Account account, AuthenticationResult authenticationResult, String str) {
        Bundle bundle = new Bundle();
        if (authenticationResult != null) {
            Logger.v("Authenticator#setResultToBundle", "Silent request succeed, setting the result onto bundle and returning back to calling app.");
            bundle.putString("authAccount", account.name);
            bundle.putString("accountType", account.type);
            bundle.putString("authtoken", authenticationResult.getAccessToken());
            if (authenticationResult.getExpiresOn() != null) {
                bundle.putLong("account.expiredate", authenticationResult.getExpiresOn().getTime());
            }
            Logger.v("Authenticator#setResultToBundle", "Account name to return:" + account.name + " Upn:" + str);
            bundle.putString("account.login.hint", str);
            bundle.putString("account.userinfo.userid", str);
            bundle.putString("account.userinfo.userid.displayable", str);
            if (StringHelper.IsNullOrBlank(authenticationResult.getTenantId())) {
                Logger.v("Authenticator#setResultToBundle", "Tenant Id does not exist");
            } else {
                bundle.putString("account.userinfo.tenantid", authenticationResult.getTenantId());
            }
            setResultInfoOnBundle(bundle, authenticationResult.getUserInfo());
            if (StringHelper.IsNullOrBlank(authenticationResult.getIdToken())) {
                Logger.v("Authenticator#setResultToBundle", "Id token is not returned.");
            } else {
                bundle.putString("account.idtoken", authenticationResult.getIdToken());
            }
        }
        return bundle;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public final void setupPRTAndAcquireToken(final BrokerRequest brokerRequest, final Account account, String str, final AccountManagerCache accountManagerCache, final String str2, final AccountAuthenticatorResponse accountAuthenticatorResponse) {
        try {
            final BrokerClient brokerClient = new BrokerClient(this.mContext, brokerRequest, str);
            new AcquireTokenWithPrtTask(this.mContext, brokerRequest, account, str, new BrokerContext.OnPrtRequestListener() { // from class: com.microsoft.workaccount.authenticatorservice.Authenticator.2
                @Override // com.microsoft.workaccount.workplacejoin.BrokerContext.OnPrtRequestListener
                public void onResult(PrtTaskResult prtTaskResult) {
                    if (prtTaskResult.exception != null) {
                        Logger.e("Authenticator#setupPRTAndAcquireToken", "AcquireTokenWithPrtTask returns with exception " + prtTaskResult.exception.getMessage(), WorkplaceJoinFailure.INTERNAL);
                        accountAuthenticatorResponse.onError(8, prtTaskResult.exception.getMessage());
                    } else {
                        Logger.v("Authenticator#setupPRTAndAcquireToken", "AcquireTokenWithPrtTask returns without exception, starting to process the result.");
                        Authenticator.this.processTokenResult(account, brokerRequest, brokerClient, prtTaskResult.result, accountManagerCache, str2, accountAuthenticatorResponse);
                    }
                }
            }).execute(new String[0]);
        } catch (Exception e) {
            Logger.e("Authenticator#setupPRTAndAcquireToken", "Authenticator returning error", WorkplaceJoinFailure.ADAL, e);
            accountAuthenticatorResponse.onError(8, e.getMessage());
        }
    }

    @Override // android.accounts.AbstractAccountAuthenticator
    public final Bundle addAccount(AccountAuthenticatorResponse accountAuthenticatorResponse, String str, String str2, String[] strArr, Bundle bundle) {
        Logger.v("Authenticator#addAccount", "addAccount called with arguments accountType:" + str + " package:" + this.mContext.getPackageName() + " pid:" + Binder.getCallingPid() + " uid:" + Binder.getCallingUid());
        Map<String, byte[]> secretKeys = AuthenticationSettings.INSTANCE.getSecretKeys();
        if (secretKeys == null || secretKeys.isEmpty()) {
            Logger.v("Authenticator#addAccount", "Secret keys don't exist.");
            return getErrorResultBundle(WorkplaceJoinFailure.INTERNAL.getCode(), "No secret keys exist");
        }
        if (str == null || !str.equals("com.microsoft.workaccount")) {
            if (str == null) {
                Logger.e("Authenticator#addAccount", "Argument account type is null", WorkplaceJoinFailure.ADAL);
            } else {
                Logger.e("Authenticator#addAccount", "Invalid argument value '" + str + "' for account type", WorkplaceJoinFailure.ADAL);
            }
            return getCommonErrorResultBundle(this.mContext.getResources().getString(R.string.default_not_supported_msg));
        }
        if (str2 == null || !str2.equals("adal.authtoken.type") || bundle == null) {
            Logger.v("Authenticator#addAccount", "WPJ account type call");
            return addAccountWorkPlaceJoin(accountAuthenticatorResponse, bundle);
        }
        Logger.v("Authenticator#addAccount", "Broker account type call");
        return addAccountBroker(accountAuthenticatorResponse, bundle);
    }

    @Override // android.accounts.AbstractAccountAuthenticator
    public final Bundle confirmCredentials(AccountAuthenticatorResponse accountAuthenticatorResponse, Account account, Bundle bundle) {
        Logger.v("Authenticator#confirmCredentials", "confirmCredentials called, returning not supported error message");
        return getCommonErrorResultBundle(this.mContext.getResources().getString(R.string.default_not_supported_msg));
    }

    @Override // android.accounts.AbstractAccountAuthenticator
    public final Bundle editProperties(AccountAuthenticatorResponse accountAuthenticatorResponse, String str) {
        Logger.d("Authenticator#editProperties", "Authenticator properties");
        Bundle bundle = new Bundle();
        bundle.putBoolean(AuthenticationConstants.Broker.BROKER_FEATURE_MULTI_USER, true);
        bundle.putString(WorkplaceJoinApplication.DATA_JOIN_ACCOUNT_NAME, this.mAcctMgrHelper.getWpjUPN());
        bundle.putString(WorkplaceJoinApplication.DATA_VERSION, WorkplaceJoinApplication.PROTOCOL_VERSION_CODE + "");
        return bundle;
    }

    public AccountManagerStorageHelper getAccountManagerHelper() {
        return this.mAcctMgrHelper;
    }

    @Override // android.accounts.AbstractAccountAuthenticator
    public final Bundle getAccountRemovalAllowed(AccountAuthenticatorResponse accountAuthenticatorResponse, Account account) throws NetworkErrorException {
        Logger.v("Authenticator#getAccountRemovalAllowed", "Account removal check for account:" + account.name);
        clearCookies();
        Logger.v("Authenticator#getAccountRemovalAllowed", "Removed cookies from webview hosted at authenticator process");
        if (StringHelper.IsNullOrBlank(this.mAcctMgrHelper.getDeviceIdForExistingAccount(account))) {
            Logger.v("Authenticator#getAccountRemovalAllowed", "Account is not work place joined");
        } else {
            Logger.v("Authenticator#getAccountRemovalAllowed", "Account is work place joined. Deleting certifcate objects.");
            this.mAcctMgrHelper.updateCertInstalledStatus(false);
            this.mAcctMgrHelper.restoreWPJAccount();
            if (!TextUtils.isEmpty(this.mAcctMgrHelper.getWpjUPN())) {
                WorkplaceJoinService.deleteCertificateObjects(this.mContext, (Bundle) null, (AccountAuthenticatorResponse) null, (Boolean) true, UUID.randomUUID());
            }
        }
        return super.getAccountRemovalAllowed(accountAuthenticatorResponse, account);
    }

    @Override // android.accounts.AbstractAccountAuthenticator
    public final Bundle getAuthToken(AccountAuthenticatorResponse accountAuthenticatorResponse, Account account, String str, Bundle bundle) throws NetworkErrorException {
        if (str == null || bundle == null) {
            Logger.e("Authenticator#getAuthToken", "Invalid authtoken type or request bundle", WorkplaceJoinFailure.USER);
            return getCommonErrorResultBundle(this.mContext.getResources().getString(R.string.default_not_supported_msg));
        }
        if (this.mCryptoHelper == null) {
            Logger.e("Authenticator#getAuthToken", "Device does not support encryption", WorkplaceJoinFailure.INTERNAL);
            return getCommonErrorResultBundle(this.mContext.getResources().getString(R.string.encryption_not_supported));
        }
        int i = bundle.getInt("callerUid");
        String string = bundle.getString("androidPackageName");
        Logger.v("Authenticator#getAuthToken", "getAuthToken called package:" + this.mContext.getPackageName() + " Binder uid:" + Binder.getCallingUid() + " Caller uid:" + i + " Caller package:" + string);
        Map<String, byte[]> secretKeys = AuthenticationSettings.INSTANCE.getSecretKeys();
        if (secretKeys == null || secretKeys.isEmpty()) {
            Logger.v("Authenticator#getAuthToken", "Secret keys don't exist.");
            return getErrorResultBundle(WorkplaceJoinFailure.INTERNAL.getCode(), "No secret keys exist");
        }
        try {
            AccountManagerCache accountManagerCache = new AccountManagerCache(account, i, this.mContext);
            if (needTokenRemoval(bundle)) {
                Logger.d("Authenticator#getAuthToken", "Removing tokens...");
                accountManagerCache.removeAll();
                return returnEmptyResult(account);
            }
            String string2 = bundle.getString("account.authority");
            String string3 = bundle.getString("account.resource");
            String string4 = bundle.getString("account.clientid.key");
            String string5 = bundle.getString("account.correlationid");
            UUID randomUUID = UUID.randomUUID();
            if (!TextUtils.isEmpty(string5)) {
                randomUUID = UUID.fromString(string5);
            }
            if (string2 == null || string3 == null || string4 == null) {
                Logger.e("Authenticator#getAuthToken", "Authentication request is invalid: authority, resource or clientid could be null", WorkplaceJoinFailure.ADAL);
                return getErrorResultBundle(8, this.mContext.getResources().getString(R.string.broker_authentication_request_is_invalid));
            }
            boolean z = !StringHelper.IsNullOrBlank(this.mAcctMgrHelper.getDeviceIdForExistingAccount(account));
            String accountUpn = this.mAcctMgrHelper.getAccountUpn(account);
            Logger.v("Authenticator#getAuthToken", "Request authority: " + string2 + "; resource: " + string3 + "; clientId: " + string4 + ".");
            if (z) {
                getAccessTokenForJoinedAccount(accountAuthenticatorResponse, accountManagerCache, account, string2, string3, string4, randomUUID, accountUpn, string);
            } else {
                getAccessTokenForNonJoinedAccount(accountAuthenticatorResponse, accountManagerCache, string2, string, string3, string4, randomUUID, account, accountUpn);
            }
            return null;
        } catch (Exception e) {
            Logger.e("Authenticator#getAuthToken", e.getMessage(), WorkplaceJoinFailure.INTERNAL, e);
            return getErrorResultBundle(8, e.getMessage());
        }
    }

    @Override // android.accounts.AbstractAccountAuthenticator
    public final String getAuthTokenLabel(String str) {
        return AUTH_TOKEN_LABEL;
    }

    @Override // android.accounts.AbstractAccountAuthenticator
    public final Bundle hasFeatures(AccountAuthenticatorResponse accountAuthenticatorResponse, Account account, String[] strArr) {
        Logger.v("Authenticator#hasFeatures", "hasFeatures called, returning not supported error message");
        return getCommonErrorResultBundle(this.mContext.getResources().getString(R.string.default_not_supported_msg));
    }

    @Override // android.accounts.AbstractAccountAuthenticator
    public final Bundle updateCredentials(AccountAuthenticatorResponse accountAuthenticatorResponse, Account account, String str, Bundle bundle) {
        Logger.d("Authenticator#updateCredentials", "updateCredentials is called");
        if (bundle == null) {
            Logger.w("Authenticator#updateCredentials", "updateCredentials called without a bundle passed, incorrect if caller is WorkplaceJoin API", WorkplaceJoinFailure.USER);
        } else {
            AuthenticatorAPIHelper authenticatorAPIHelper = new AuthenticatorAPIHelper(this.mContext, getCorrelationId());
            if (bundle.containsKey(WorkplaceJoinApplication.DATA_DELETE)) {
                if (bundle.getBoolean(WorkplaceJoinApplication.DATA_DELETE)) {
                    Logger.i("Authenticator#updateCredentials", "updateCredentials called with delete flag and true value, deleting certificate");
                    authenticatorAPIHelper.removeAccount(accountAuthenticatorResponse, account);
                    return null;
                }
                Logger.w("Authenticator#updateCredentials", "updateCredentials called with delete flag passed but value false, incorrect if caller is WorkplaceJoin API", WorkplaceJoinFailure.USER);
            } else if (bundle.containsKey(WorkplaceJoinApplication.DATA_UPN)) {
                if (bundle.getBoolean(WorkplaceJoinApplication.DATA_UPN)) {
                    Logger.i("Authenticator#updateCredentials", "updateCredentials called with upn flag and true value, getting upn");
                    return authenticatorAPIHelper.getUPN(accountAuthenticatorResponse, account);
                }
                Logger.w("Authenticator#updateCredentials", "updateCredentials called with upn flag passed but value false, incorrect if caller is WorkplaceJoin API", WorkplaceJoinFailure.USER);
            } else if (bundle.containsKey(WorkplaceJoinApplication.DATA_VERSION)) {
                if (bundle.getBoolean(WorkplaceJoinApplication.DATA_VERSION)) {
                    Logger.i("Authenticator#updateCredentials", "updateCredentials called with version flag and true value, getting version");
                    return authenticatorAPIHelper.getVersion(accountAuthenticatorResponse, account);
                }
                Logger.w("Authenticator#updateCredentials", "updateCredentials called with version flag passed but value false, incorrect if caller is WorkplaceJoin API", WorkplaceJoinFailure.INTERNAL);
            } else if (bundle.containsKey(WorkplaceJoinApplication.DATA_DEVICE_ID)) {
                if (bundle.getBoolean(WorkplaceJoinApplication.DATA_DEVICE_ID)) {
                    Logger.i("Authenticator#updateCredentials", "updateCredentials called with deviceid flag and true value, getting deviceid");
                    return authenticatorAPIHelper.getDeviceId(accountAuthenticatorResponse, account);
                }
                Logger.w("Authenticator#updateCredentials", "updateCredentials called with deviceid flag passed but value false, incorrect if caller is WorkplaceJoin API", WorkplaceJoinFailure.INTERNAL);
            } else if (bundle.containsKey(WorkplaceJoinApplication.DATA_ONPREM_VERIFY)) {
                if (bundle.getBoolean(WorkplaceJoinApplication.DATA_ONPREM_VERIFY)) {
                    Logger.i("Authenticator#updateCredentials", "updateCredentials called with onprem verify flag and true value, getting onprem status");
                    return authenticatorAPIHelper.getOnPremStatus(account);
                }
                Logger.w("Authenticator#updateCredentials", "updateCredentials called with onprem verify flag passed but value false, incorrect if caller is WorkplaceJoin API", WorkplaceJoinFailure.INTERNAL);
            } else if (bundle.containsKey("com.microsoft.workaccount.user.info")) {
                if (bundle.getBoolean("com.microsoft.workaccount.user.info")) {
                    Logger.i("Authenticator#updateCredentials", "updateCredentials called with user info flag and true value, getting user details");
                    return authenticatorAPIHelper.getUserInfo(account);
                }
                Logger.w("Authenticator#updateCredentials", "updateCredentials called with user info flag passed but value false, incorrect if caller is WorkplaceJoin API", WorkplaceJoinFailure.INTERNAL);
            } else if (bundle.containsKey(WorkplaceJoinApplication.DATA_CERT_INSTALLED)) {
                if (bundle.getBoolean(WorkplaceJoinApplication.DATA_CERT_INSTALLED)) {
                    Logger.i("Authenticator#updateCredentials", "updateCredentials is called with data_cert_installed flag, checking cert install status");
                    return authenticatorAPIHelper.getCertInstalledStatus(account);
                }
                Logger.w("Authenticator#updateCredentials", "updateCredentials is called with data_cert_installed flag passed but the value is false, incorrect if caller is WorkplaceJoin API", WorkplaceJoinFailure.INTERNAL);
            } else if (bundle.containsKey(WorkplaceJoinApplication.DATA_INSTALL_CERT_ACTIVITY)) {
                if (bundle.getBoolean(WorkplaceJoinApplication.DATA_INSTALL_CERT_ACTIVITY)) {
                    Logger.i("Authenticator#updateCredentials", "updateCredentials is called with data_install_cert flag, installing cert");
                    Intent intent = new Intent(this.mContext, (Class<?>) InstallCertActivity.class);
                    intent.putExtra("accountAuthenticatorResponse", accountAuthenticatorResponse);
                    intent.putExtra(WorkplaceJoinApplication.INSTALL_ACTIVITY_FROM_BROKER, Boolean.toString(true));
                    intent.putExtras(authenticatorAPIHelper.getInstallCertActivityIntent(account));
                    Bundle bundle2 = new Bundle();
                    bundle2.putParcelable("intent", intent);
                    return bundle2;
                }
                Logger.w("Authenticator#updateCredentials", "updateCredentials is called with data_install_cert_activity flag, but the value is false", WorkplaceJoinFailure.INTERNAL);
            } else if (!bundle.containsKey(WorkplaceJoinApplication.DATA_DEVICE_CERT_STATE)) {
                Logger.w("Authenticator#updateCredentials", "updateCredentials called with a bundle passed but no recognized flag passed, incorrect if caller is WorkplaceJoin API", WorkplaceJoinFailure.USER);
            } else {
                if (bundle.getBoolean(WorkplaceJoinApplication.DATA_DEVICE_CERT_STATE)) {
                    Logger.i("Authenticator#updateCredentials", "updateCredentials is called with data_device_cert_state flag, querying device cert");
                    authenticatorAPIHelper.getDeviceState(accountAuthenticatorResponse, account);
                    return null;
                }
                Logger.w("Authenticator#updateCredentials", "updateCredentials is called with data_device_cert_state flag, but the value is false", WorkplaceJoinFailure.INTERNAL);
            }
        }
        return getCommonErrorResultBundle(this.mContext.getResources().getString(R.string.default_not_supported_msg));
    }
}
