package com.microsoft.aad.adal;

import android.accounts.Account;
import android.accounts.AccountManager;
import android.accounts.AccountManagerCallback;
import android.accounts.AuthenticatorException;
import android.accounts.OperationCanceledException;
import android.app.Service;
import android.content.Context;
import android.content.Intent;
import android.os.Binder;
import android.os.Bundle;
import android.os.Handler;
import android.os.IBinder;
import android.text.TextUtils;
import android.util.Log;
import com.microsoft.aad.adal.IBrokerAccountService;
import com.microsoft.identity.client.AccountChooserActivity;
import com.microsoft.identity.client.BrokerClientApplication;
import com.microsoft.identity.client.BrokerUtils;
import com.microsoft.identity.common.adal.internal.AuthenticationConstants;
import com.microsoft.identity.common.adal.internal.cache.IWpjTelemetryCallback;
import com.microsoft.identity.common.adal.internal.cache.StorageHelper;
import com.microsoft.identity.common.exception.ClientException;
import com.microsoft.identity.common.exception.ErrorStrings;
import com.microsoft.identity.common.internal.broker.BrokerData;
import com.microsoft.workaccount.authenticatorservice.Authenticator;
import com.microsoft.workaccount.authenticatorservice.BrokerUtility;
import com.microsoft.workaccount.authenticatorservice.LegacySecretKeyStorage;
import com.microsoft.workaccount.workplacejoin.AccountInfo;
import com.microsoft.workaccount.workplacejoin.AccountManagerStorageHelper;
import com.microsoft.workaccount.workplacejoin.core.WorkplaceJoinApplication;
import com.microsoft.workaccount.workplacejoin.telemetry.TelemetryLogger;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.util.Map;
import javax.crypto.SecretKey;

/* loaded from: classes.dex */
public class BrokerAccountService extends Service {
    private static final String AUTHENTICATOR_CANCELS_REQUEST = "Authenticator cancels the request";
    private static final String TAG = BrokerAccountService.class.getSimpleName();
    private final IBrokerAccountService.Stub mBinder = new IBrokerAccountService.Stub() { // from class: com.microsoft.aad.adal.BrokerAccountService.1
        @Override // com.microsoft.aad.adal.IBrokerAccountService
        public synchronized Bundle acquireTokenSilently(Map map) {
            String str = (String) map.get("caller.info.package");
            com.microsoft.identity.common.internal.logging.Logger.info(BrokerAccountService.TAG + ":acquireTokenSilently", "BrokerAccountService starts to process silent request for package : " + str);
            if (!BrokerUtils.isValidCallerPackage(BrokerAccountService.this.getApplicationContext(), str)) {
                return BrokerAccountService.this.createErrorBundle(ErrorStrings.UNKNOWN_CALLER, "Package name sent in the request doesn't match the package name for binder.");
            }
            Account targetAccount = BrokerAccountService.this.getTargetAccount(map, Binder.getCallingUid());
            if (targetAccount == null) {
                com.microsoft.identity.common.internal.logging.Logger.info(BrokerAccountService.TAG + ":acquireTokenSilently", "No matching account exist in the broker, cannot proceed with silent request.");
                return BrokerAccountService.this.createErrorBundle(com.microsoft.identity.common.adal.internal.ADALError.AUTH_REFRESH_FAILED_PROMPT_NOT_ALLOWED.toString(), "Account does not exist in the broker, cannot proceed with silent request");
            }
            try {
                try {
                    Bundle authToken = BrokerAccountService.this.getAuthToken(targetAccount, BrokerAccountService.this.createBundleFromRequestMap(map));
                    com.microsoft.identity.common.internal.logging.Logger.info(BrokerAccountService.TAG, "Returning the result bundle for silent request back to caller.");
                    return authToken;
                } catch (AuthenticatorException e) {
                    return BrokerAccountService.this.createErrorBundle(8, e.getMessage());
                }
            } catch (OperationCanceledException e2) {
                com.microsoft.identity.common.internal.logging.Logger.error(BrokerAccountService.TAG + ":acquireTokenSilently", BrokerAccountService.AUTHENTICATOR_CANCELS_REQUEST + e2.getMessage(), e2);
                return BrokerAccountService.this.createErrorBundle(4, e2.getMessage());
            } catch (IOException e3) {
                com.microsoft.identity.common.internal.logging.Logger.error(BrokerAccountService.TAG, BrokerAccountService.AUTHENTICATOR_CANCELS_REQUEST, e3.getMessage() + '\n' + Log.getStackTraceString(e3), e3);
                return BrokerAccountService.this.createErrorBundle(3, e3.getMessage());
            }
        }

        @Override // com.microsoft.aad.adal.IBrokerAccountService.Stub, android.os.IInterface
        public IBinder asBinder() {
            return null;
        }

        @Override // com.microsoft.aad.adal.IBrokerAccountService
        public synchronized Bundle getBrokerUsers() {
            Bundle bundle;
            bundle = new Bundle();
            com.microsoft.identity.common.internal.logging.Logger.info(BrokerAccountService.TAG + ":getBrokerUsers", "BrokerAccountService starts to getBrokerUsers called for package name: " + BrokerUtils.getCallingPackageName(BrokerAccountService.this.getApplicationContext()));
            for (AccountInfo accountInfo : BrokerClientApplication.getInstance(BrokerAccountService.this.getApplicationContext()).getAccounts(BrokerAccountService.this.getApplicationContext())) {
                bundle.putBundle(accountInfo.getAccountName(), BrokerAccountService.this.getBundleFromAccountInfo(accountInfo));
            }
            return bundle;
        }

        @Override // com.microsoft.aad.adal.IBrokerAccountService
        public Bundle getInactiveBrokerKey(Bundle bundle) {
            BrokerAccountService.this.logFlowStart(":getInactiveBrokerKey", AuthenticationConstants.TelemetryEvents.KEY_DISTRIBUTION_START);
            String str = (String) bundle.get("caller.info.package");
            try {
                BrokerData callingBrokerData = BrokerAccountService.this.getCallingBrokerData(str);
                com.microsoft.identity.common.adal.internal.cache.StorageHelper storageHelper = new com.microsoft.identity.common.adal.internal.cache.StorageHelper(BrokerAccountService.this.getApplicationContext(), new IWpjTelemetryCallback() { // from class: com.microsoft.aad.adal.BrokerAccountService.1.2
                    @Override // com.microsoft.identity.common.adal.internal.cache.IWpjTelemetryCallback
                    public void logEvent(Context context, String str2, Boolean bool, String str3) {
                        TelemetryLogger.logEvent(context, str2, bool, str3);
                    }
                });
                try {
                    SecretKey loadSecretKey = storageHelper.loadSecretKey(StorageHelper.KeyType.KEYSTORE_ENCRYPTED_KEY);
                    if (loadSecretKey == null) {
                        BrokerAccountService.this.logFlowError(":getInactiveBrokerKey", AuthenticationConstants.TelemetryEvents.KEY_DISTRIBUTION_END, "Secret key doesn't exist CallingBroker packageName:" + callingBrokerData.packageName + " SignatureHash:" + callingBrokerData.signatureHash, null);
                        return BrokerAccountService.this.createErrorBundle(ErrorStrings.KEY_NOT_FOUND, "Secret key doesn't exist");
                    }
                    Bundle bundle2 = new Bundle();
                    bundle2.putString(AuthenticationConstants.Broker.BROKER_KEYSTORE_SYMMETRIC_KEY, storageHelper.serializeSecretKey(loadSecretKey));
                    BrokerAccountService.this.logFlowSuccess(":getInactiveBrokerKey", AuthenticationConstants.TelemetryEvents.KEY_DISTRIBUTION_END, "Key deserialized. Sending key back to the caller. CallingBroker packageName:" + callingBrokerData.packageName + " SignatureHash:" + callingBrokerData.signatureHash);
                    return bundle2;
                } catch (IOException | GeneralSecurityException e) {
                    BrokerAccountService.this.logFlowError(":getInactiveBrokerKey", AuthenticationConstants.TelemetryEvents.KEY_DISTRIBUTION_END, "Error obtaining Secret Key. CallingBroker packageName:" + callingBrokerData.packageName + " SignatureHash:" + callingBrokerData.signatureHash, null);
                    return BrokerAccountService.this.createErrorBundle("unknown_error", "Error obtaining Secret Key.:" + e.getMessage());
                }
            } catch (ClientException e2) {
                BrokerAccountService.this.logFlowError(":getInactiveBrokerKey", AuthenticationConstants.TelemetryEvents.KEY_DISTRIBUTION_END, "BrokerAccountService is invoked by non-broker package. CallingBroker packageName:" + str + e2.getMessage(), e2);
                return BrokerAccountService.this.createErrorBundle("unknown_error", "BrokerAccountService is invoked by non-broker package.");
            }
        }

        @Override // com.microsoft.aad.adal.IBrokerAccountService
        public Intent getIntentForInteractiveRequest() {
            Context applicationContext = BrokerAccountService.this.getApplicationContext();
            com.microsoft.identity.common.internal.logging.Logger.info(BrokerAccountService.TAG + ":getIntentForInteractiveRequest", "BrokerAccountService starts to get intent to interactively acquire token called for package name: " + BrokerUtils.getCallingPackageName(BrokerAccountService.this.getApplicationContext()));
            BrokerUtils.reEncryptDataIfNeeded(":getIntentForInteractiveRequest", applicationContext);
            Intent intent = new Intent();
            intent.setPackage(applicationContext.getPackageName());
            intent.setClassName(applicationContext.getPackageName(), AccountChooserActivity.class.getName());
            intent.putExtra("broker.version", "v2");
            intent.putExtra(AuthenticationConstants.Broker.CALLER_INFO_UID, Binder.getCallingUid());
            BrokerUtility.initializeDeviceCertProxy(new Authenticator(applicationContext).getAccountManagerHelper());
            com.microsoft.identity.common.internal.logging.Logger.info(BrokerAccountService.TAG, "Returning the intent for launching interactive request from BrokerAccountService.");
            return intent;
        }

        @Override // com.microsoft.aad.adal.IBrokerAccountService
        public void removeAccounts() {
            com.microsoft.identity.common.internal.logging.Logger.info(BrokerAccountService.TAG + ":removeAccounts", "Removing accounts from broker for package name: " + BrokerUtils.getCallingPackageName(BrokerAccountService.this.getApplicationContext()));
            Account[] allWorkAccounts = BrokerUtils.getAllWorkAccounts(BrokerAccountService.this.getApplicationContext());
            if (allWorkAccounts.length == 0) {
                com.microsoft.identity.common.internal.logging.Logger.info(BrokerAccountService.TAG, "No account exists in broker.");
                return;
            }
            for (Account account : allWorkAccounts) {
                BrokerClientApplication.getInstance(BrokerAccountService.this.getApplicationContext()).removeAccount(BrokerAccountService.this.getApplicationContext(), account.name, new BrokerClientApplication.OnAccountRemoveCallback() { // from class: com.microsoft.aad.adal.BrokerAccountService.1.1
                    @Override // com.microsoft.identity.client.BrokerClientApplication.OnAccountRemoveCallback
                    public void onException(Exception exc) {
                    }

                    @Override // com.microsoft.identity.client.BrokerClientApplication.OnAccountRemoveCallback
                    public void onSuccess(boolean z) {
                    }
                });
            }
        }
    };

    /* JADX INFO: Access modifiers changed from: private */
    public Bundle createBundleFromRequestMap(Map<String, String> map) {
        Bundle bundle = new Bundle();
        for (Map.Entry<String, String> entry : map.entrySet()) {
            if ("com.microsoft.aad.adal:RequestId".equals(entry.getKey()) || "expiration.buffer".equals(entry.getKey())) {
                bundle.putInt(entry.getKey(), Integer.valueOf(entry.getValue()).intValue());
            } else {
                bundle.putString(entry.getKey(), entry.getValue());
            }
        }
        bundle.putInt(AuthenticationConstants.Broker.CALLER_INFO_UID, Binder.getCallingUid());
        return bundle;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Bundle createErrorBundle(int i, String str) {
        Bundle bundle = new Bundle();
        bundle.putInt("errorCode", i);
        bundle.putString("errorMessage", str);
        return bundle;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Bundle createErrorBundle(String str, String str2) {
        Bundle bundle = new Bundle();
        bundle.putString("error", str);
        bundle.putString("error_description", str2);
        return bundle;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Bundle getAuthToken(Account account, Bundle bundle) throws OperationCanceledException, AuthenticatorException, IOException {
        Handler handler = new Handler(getApplicationContext().getMainLooper());
        com.microsoft.identity.common.internal.logging.Logger.info(TAG, "Calling account manager getAuthToken for silent request.");
        return AccountManager.get(getApplicationContext()).getAuthToken(account, "adal.authtoken.type", bundle, false, (AccountManagerCallback<Bundle>) null, handler).getResult();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Bundle getBundleFromAccountInfo(AccountInfo accountInfo) {
        Bundle bundle = new Bundle();
        bundle.putString("account.userinfo.userid", accountInfo.getUniqueId());
        bundle.putString("account.userinfo.given.name", accountInfo.getGivenName());
        bundle.putString("account.userinfo.family.name", accountInfo.getFamilyName());
        bundle.putString("account.userinfo.identity.provider", accountInfo.getIdentityProvider());
        bundle.putString("account.userinfo.userid.displayable", accountInfo.getDisplayableId());
        bundle.putBoolean(WorkplaceJoinApplication.DATA_IS_JOINED, accountInfo.isWPJ());
        bundle.putBoolean(WorkplaceJoinApplication.DATA_IS_NGC, accountInfo.isNGC());
        return bundle;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public BrokerData getCallingBrokerData(String str) throws ClientException {
        if (BrokerUtils.isValidCallerPackage(getApplicationContext(), str)) {
            return BrokerData.getBrokerDataForBrokerApp(getApplicationContext(), str);
        }
        throw new ClientException("Package name sent in the request doesn't match the package name for binder.");
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Account getTargetAccount(Map map, int i) {
        AccountManagerStorageHelper accountManagerStorageHelper = new AccountManagerStorageHelper(getApplicationContext());
        String str = (String) map.get("account.name");
        String str2 = (String) map.get("account.userinfo.userid");
        String str3 = (String) map.get("account.clientid.key");
        if (TextUtils.isEmpty(str)) {
            com.microsoft.identity.common.internal.logging.Logger.infoPII(TAG, "Username is not passed in by the caller, trying to get user name using uid: " + str2);
            str = BrokerUtils.getAccountUpnFromCache(getApplicationContext(), accountManagerStorageHelper, str2, str3, i);
        }
        return accountManagerStorageHelper.getAccount(str, "com.microsoft.workaccount");
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void logFlowError(String str, String str2, String str3, Exception exc) {
        com.microsoft.identity.common.internal.logging.Logger.error(TAG + str, str2 + " failed: " + str3, exc);
        TelemetryLogger.logEvent(getApplicationContext(), str2, true, str3);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void logFlowStart(String str, String str2) {
        com.microsoft.identity.common.internal.logging.Logger.info(TAG + str, str2 + " started.");
        TelemetryLogger.logEvent(getApplicationContext(), str2, false);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void logFlowSuccess(String str, String str2, String str3) {
        com.microsoft.identity.common.internal.logging.Logger.info(TAG + str, str2 + " successfully finished: " + str3);
        TelemetryLogger.logEvent(getApplicationContext(), str2, false, str3);
    }

    @Override // android.app.Service
    public IBinder onBind(Intent intent) {
        LegacySecretKeyStorage.loadKeys();
        return this.mBinder;
    }
}
