package com.microsoft.aad.adal;

import com.microsoft.aad.adal.AuthenticationConstants;
import com.microsoft.aad.adal.AuthenticationResult;
import com.microsoft.aad.adal.unity.BrokerOauthError;
import java.io.UnsupportedEncodingException;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes.dex */
public class TokenCacheAccessor {
    private static final String TAG = TokenCacheAccessor.class.getSimpleName();
    private final String mAuthority;
    private final ITokenCacheStore mTokenCacheStore;

    /* JADX INFO: Access modifiers changed from: package-private */
    public TokenCacheAccessor(ITokenCacheStore iTokenCacheStore, String str) {
        if (iTokenCacheStore == null) {
            throw new IllegalArgumentException("tokenCacheStore");
        }
        if (StringExtensions.isNullOrBlank(str)) {
            throw new IllegalArgumentException(AuthenticationConstants.OAuth2.AUTHORITY);
        }
        this.mTokenCacheStore = iTokenCacheStore;
        this.mAuthority = str;
    }

    private List<String> getKeyListToRemoveForFRT(TokenCacheItem tokenCacheItem) {
        ArrayList arrayList = new ArrayList();
        if (tokenCacheItem.getUserInfo() != null) {
            arrayList.add(CacheKey.createCacheKeyForFRT(this.mAuthority, tokenCacheItem.getFamilyClientId(), tokenCacheItem.getUserInfo().getDisplayableId()));
            arrayList.add(CacheKey.createCacheKeyForFRT(this.mAuthority, tokenCacheItem.getFamilyClientId(), tokenCacheItem.getUserInfo().getUserId()));
        }
        return arrayList;
    }

    private List<String> getKeyListToRemoveForMRRT(TokenCacheItem tokenCacheItem) {
        ArrayList arrayList = new ArrayList();
        arrayList.add(CacheKey.createCacheKeyForMRRT(this.mAuthority, tokenCacheItem.getClientId(), null));
        if (tokenCacheItem.getUserInfo() != null) {
            arrayList.add(CacheKey.createCacheKeyForMRRT(this.mAuthority, tokenCacheItem.getClientId(), tokenCacheItem.getUserInfo().getDisplayableId()));
            arrayList.add(CacheKey.createCacheKeyForMRRT(this.mAuthority, tokenCacheItem.getClientId(), tokenCacheItem.getUserInfo().getUserId()));
        }
        return arrayList;
    }

    private List<String> getKeyListToRemoveForRT(TokenCacheItem tokenCacheItem) {
        ArrayList arrayList = new ArrayList();
        arrayList.add(CacheKey.createCacheKeyForRTEntry(this.mAuthority, tokenCacheItem.getResource(), tokenCacheItem.getClientId(), null));
        if (tokenCacheItem.getUserInfo() != null) {
            arrayList.add(CacheKey.createCacheKeyForRTEntry(this.mAuthority, tokenCacheItem.getResource(), tokenCacheItem.getClientId(), tokenCacheItem.getUserInfo().getDisplayableId()));
            arrayList.add(CacheKey.createCacheKeyForRTEntry(this.mAuthority, tokenCacheItem.getResource(), tokenCacheItem.getClientId(), tokenCacheItem.getUserInfo().getUserId()));
        }
        return arrayList;
    }

    private String getTokenHash(String str) {
        try {
            return StringExtensions.createHash(str);
        } catch (UnsupportedEncodingException e) {
            Logger.e(TAG, "Digest error", "", ADALError.ENCODING_IS_NOT_SUPPORTED, e);
            return "";
        } catch (NoSuchAlgorithmException e2) {
            Logger.e(TAG, "Digest error", "", ADALError.DEVICE_NO_SUCH_ALGORITHM, e2);
            return "";
        }
    }

    private boolean isUserMisMatch(String str, TokenCacheItem tokenCacheItem) {
        return (StringExtensions.isNullOrBlank(str) || tokenCacheItem.getUserInfo() == null || str.equalsIgnoreCase(tokenCacheItem.getUserInfo().getDisplayableId()) || str.equalsIgnoreCase(tokenCacheItem.getUserInfo().getUserId())) ? false : true;
    }

    private void logReturnedToken(AuthenticationResult authenticationResult) {
        if (authenticationResult == null || authenticationResult.getAccessToken() == null) {
            return;
        }
        Logger.v(TAG, String.format("Access TokenID %s and Refresh TokenID %s returned.", getTokenHash(authenticationResult.getAccessToken()), getTokenHash(authenticationResult.getRefreshToken())));
    }

    private void setItemToCacheForUser(String str, String str2, AuthenticationResult authenticationResult, String str3) {
        logReturnedToken(authenticationResult);
        Logger.v(TAG, "Save regular token into cache.");
        this.mTokenCacheStore.setItem(CacheKey.createCacheKeyForRTEntry(this.mAuthority, str, str2, str3), TokenCacheItem.createRegularTokenCacheItem(this.mAuthority, str, str2, authenticationResult));
        if (authenticationResult.getIsMultiResourceRefreshToken()) {
            Logger.v(TAG, "Save Multi Resource Refresh token to cache");
            this.mTokenCacheStore.setItem(CacheKey.createCacheKeyForMRRT(this.mAuthority, str2, str3), TokenCacheItem.createMRRTTokenCacheItem(this.mAuthority, str2, authenticationResult));
        }
        if (StringExtensions.isNullOrBlank(authenticationResult.getFamilyClientId()) || StringExtensions.isNullOrBlank(str3)) {
            return;
        }
        Logger.v(TAG, "Save Family Refresh token into cache");
        this.mTokenCacheStore.setItem(CacheKey.createCacheKeyForFRT(this.mAuthority, authenticationResult.getFamilyClientId(), str3), TokenCacheItem.createFRRTTokenCacheItem(this.mAuthority, authenticationResult));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public TokenCacheItem getATFromCache(String str, String str2, String str3) throws AuthenticationException {
        TokenCacheItem regularRefreshTokenCacheItem = getRegularRefreshTokenCacheItem(str, str2, str3);
        if (regularRefreshTokenCacheItem == null) {
            Logger.v(TAG, "No access token exists.");
            return null;
        }
        if (StringExtensions.isNullOrBlank(regularRefreshTokenCacheItem.getAccessToken())) {
            return regularRefreshTokenCacheItem;
        }
        if (TokenCacheItem.isTokenExpired(regularRefreshTokenCacheItem.getExpiresOn())) {
            Logger.v(TAG, "Access token exists, but already expired.");
            return null;
        }
        if (isUserMisMatch(str3, regularRefreshTokenCacheItem)) {
            throw new AuthenticationException(ADALError.AUTH_FAILED_USER_MISMATCH);
        }
        return regularRefreshTokenCacheItem;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public TokenCacheItem getFRTItem(String str, String str2) {
        if (StringExtensions.isNullOrBlank(str2)) {
            return null;
        }
        return this.mTokenCacheStore.getItem(CacheKey.createCacheKeyForFRT(this.mAuthority, str, str2));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public TokenCacheItem getMRRTItem(String str, String str2) {
        return this.mTokenCacheStore.getItem(CacheKey.createCacheKeyForMRRT(this.mAuthority, str, str2));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public TokenCacheItem getRegularRefreshTokenCacheItem(String str, String str2, String str3) {
        return this.mTokenCacheStore.getItem(CacheKey.createCacheKeyForRTEntry(this.mAuthority, str, str2, str3));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public TokenCacheItem getStaleToken(AuthenticationRequest authenticationRequest) {
        TokenCacheItem regularRefreshTokenCacheItem = getRegularRefreshTokenCacheItem(authenticationRequest.getResource(), authenticationRequest.getClientId(), authenticationRequest.getUserFromRequest());
        if (regularRefreshTokenCacheItem.getAccessToken() == null || regularRefreshTokenCacheItem.getExtendedExpiresOn() == null || TokenCacheItem.isTokenExpired(regularRefreshTokenCacheItem.getExtendedExpiresOn())) {
            Logger.i(TAG, "The stale access token is not found.", "");
            return null;
        }
        Logger.i(TAG, "The stale access token is returned.", "");
        return regularRefreshTokenCacheItem;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void removeTokenCacheItem(TokenCacheItem tokenCacheItem, String str) throws AuthenticationException {
        List<String> keyListToRemoveForFRT;
        switch (tokenCacheItem.getTokenEntryType()) {
            case REGULAR_TOKEN_ENTRY:
                Logger.v(TAG, "Regular RT was used to get access token, remove entries for regular RT entries.");
                keyListToRemoveForFRT = getKeyListToRemoveForRT(tokenCacheItem);
                break;
            case MRRT_TOKEN_ENTRY:
                Logger.v(TAG, "MRRT was used to get access token, remove entries for both MRRT entries and regular RT entries.");
                keyListToRemoveForFRT = getKeyListToRemoveForMRRT(tokenCacheItem);
                TokenCacheItem tokenCacheItem2 = new TokenCacheItem(tokenCacheItem);
                tokenCacheItem2.setResource(str);
                keyListToRemoveForFRT.addAll(getKeyListToRemoveForRT(tokenCacheItem2));
                break;
            case FRT_TOKEN_ENTRY:
                Logger.v(TAG, "FRT was used to get access token, remove entries for FRT entries.");
                keyListToRemoveForFRT = getKeyListToRemoveForFRT(tokenCacheItem);
                break;
            default:
                throw new AuthenticationException(ADALError.INVALID_TOKEN_CACHE_ITEM);
        }
        Iterator<String> it = keyListToRemoveForFRT.iterator();
        while (it.hasNext()) {
            this.mTokenCacheStore.removeItem(it.next());
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void updateCachedItemWithResult(String str, String str2, AuthenticationResult authenticationResult, TokenCacheItem tokenCacheItem) throws AuthenticationException {
        if (authenticationResult == null) {
            Logger.v(TAG, "AuthenticationResult is null, cannot update cache.");
            throw new IllegalArgumentException("result");
        }
        if (authenticationResult.getStatus() != AuthenticationResult.AuthenticationStatus.Succeeded) {
            if (BrokerOauthError.INVALID_GRANT.equalsIgnoreCase(authenticationResult.getErrorCode())) {
                Logger.v(TAG, "Received INVALID_GRANT error code, remove existing cache entry.");
                removeTokenCacheItem(tokenCacheItem, str);
                return;
            }
            return;
        }
        Logger.v(TAG, "Save returned AuthenticationResult into cache.");
        if (tokenCacheItem != null && tokenCacheItem.getUserInfo() != null && authenticationResult.getUserInfo() == null) {
            authenticationResult.setUserInfo(tokenCacheItem.getUserInfo());
            authenticationResult.setIdToken(tokenCacheItem.getRawIdToken());
            authenticationResult.setTenantId(tokenCacheItem.getTenantId());
        }
        updateTokenCache(str, str2, authenticationResult);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void updateTokenCache(String str, String str2, AuthenticationResult authenticationResult) {
        if (authenticationResult == null || StringExtensions.isNullOrBlank(authenticationResult.getAccessToken())) {
            return;
        }
        if (authenticationResult.getUserInfo() != null) {
            if (!StringExtensions.isNullOrBlank(authenticationResult.getUserInfo().getDisplayableId())) {
                setItemToCacheForUser(str, str2, authenticationResult, authenticationResult.getUserInfo().getDisplayableId());
            }
            if (!StringExtensions.isNullOrBlank(authenticationResult.getUserInfo().getUserId())) {
                setItemToCacheForUser(str, str2, authenticationResult, authenticationResult.getUserInfo().getUserId());
            }
        }
        setItemToCacheForUser(str, str2, authenticationResult, null);
    }
}
