package com.microsoft.intune.mam.client.app.startup;

import android.app.Activity;
import android.app.AlertDialog;
import android.app.Dialog;
import android.app.Fragment;
import android.content.Context;
import android.content.DialogInterface;
import android.content.Intent;
import android.content.res.Resources;
import android.net.Uri;
import android.os.Build;
import com.microsoft.aad.adal.ADALError;
import com.microsoft.aad.adal.AuthenticationCallback;
import com.microsoft.aad.adal.AuthenticationCancelError;
import com.microsoft.aad.adal.AuthenticationContext;
import com.microsoft.aad.adal.AuthenticationException;
import com.microsoft.aad.adal.AuthenticationResult;
import com.microsoft.aad.adal.AuthenticationSettings;
import com.microsoft.aad.adal.ITokenCacheStore;
import com.microsoft.aad.adal.PromptBehavior;
import com.microsoft.aad.adal.UserInfo;
import com.microsoft.intune.mam.client.MAMInfo;
import com.microsoft.intune.mam.client.app.ADALConnectionDetailsResolver;
import com.microsoft.intune.mam.client.app.startup.ADALUserAuthentication;
import com.microsoft.intune.mam.client.app.startup.PermissionManager;
import com.microsoft.intune.mam.client.identity.MAMIdentity;
import com.microsoft.intune.mam.client.identity.MAMIdentityManager;
import com.microsoft.intune.mam.client.telemetry.TelemetryLogger;
import com.microsoft.intune.mam.client.telemetry.events.TrackedOccurrence;
import com.microsoft.intune.mam.internal.R;
import com.microsoft.intune.mam.log.MAMLogger;
import com.microsoft.intune.mam.log.MAMLoggerProvider;
import com.microsoft.intune.mam.policy.MAMUserInfoInternal;
import java.security.NoSuchAlgorithmException;
import java.util.UUID;
import java.util.logging.Level;
import javax.crypto.NoSuchPaddingException;

/* loaded from: classes2.dex */
public abstract class ADALUserAuthentication {
    private static final String DEFAULT_MAM_AUTH_EXTRAS = "msafed=0&instance_aware=true";
    public static final String DEVICE_CLAIMS_DEVICEID_ESSENTIAL_STRING = "{\"access_token\":{\"deviceid\":{\"essential\":true}}}";
    public static final String DEVICE_CLAIMS_RESOURCE = "https://graph.windows.net";
    private static final String ENABLE_ACCOUNT_CHOOSER_EXTRAS = "msafed=0";
    private static final String INSTANCE_AWARE_EXTRA = "instance_aware=true";
    private static final MAMLogger LOGGER = MAMLoggerProvider.getLogger((Class<?>) ADALUserAuthentication.class);
    private final ADALConnectionDetailsResolver mADALDetailsResolver;
    AuthenticationContext mAuthContext;
    ADALConnectionDetails mConnectionDetails;
    protected final Context mContext;
    private final MAMIdentityManager mIdentityManager;
    private boolean mInitialized = false;
    private final Resources mResources;
    private final TelemetryLogger mTelemetryLogger;
    private final MAMUserInfoInternal mUserInfo;
    boolean mUsingBroker;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: com.microsoft.intune.mam.client.app.startup.ADALUserAuthentication$1, reason: invalid class name */
    /* loaded from: classes2.dex */
    public class AnonymousClass1 implements PermissionManager.Callback {
        final /* synthetic */ Activity val$activity;
        final /* synthetic */ String val$authExtras;
        final /* synthetic */ Callback val$authenticationCallback;
        final /* synthetic */ String val$claims;
        final /* synthetic */ MAMIdentity val$identity;
        final /* synthetic */ PromptBehavior val$promptBehavior;
        final /* synthetic */ String val$resource;
        final /* synthetic */ String val$tag;

        AnonymousClass1(Callback callback, MAMIdentity mAMIdentity, Activity activity, String str, String str2, PromptBehavior promptBehavior, String str3, String str4) {
            this.val$authenticationCallback = callback;
            this.val$identity = mAMIdentity;
            this.val$activity = activity;
            this.val$tag = str;
            this.val$resource = str2;
            this.val$promptBehavior = promptBehavior;
            this.val$authExtras = str3;
            this.val$claims = str4;
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public static /* synthetic */ void lambda$onPermissionPermanentlyDenied$1(Activity activity, DialogInterface dialogInterface, int i) {
            Intent intent = new Intent();
            intent.setAction("android.settings.APPLICATION_DETAILS_SETTINGS");
            intent.setData(Uri.fromParts("package", activity.getPackageName(), null));
            intent.addFlags(268435456);
            intent.addFlags(1073741824);
            intent.addFlags(8388608);
            activity.startActivity(intent);
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public static /* synthetic */ void lambda$setDismissListenerAndShow$3(Activity activity, DialogInterface dialogInterface) {
            if (activity.isFinishing()) {
                return;
            }
            activity.finish();
        }

        private void setDismissListenerAndShow(Dialog dialog) {
            final Activity activity = this.val$activity;
            dialog.setOnDismissListener(new DialogInterface.OnDismissListener() { // from class: com.microsoft.intune.mam.client.app.startup.-$$Lambda$ADALUserAuthentication$1$XiFYz7aO2Fev8-iOZxGtUwPUoCE
                @Override // android.content.DialogInterface.OnDismissListener
                public final void onDismiss(DialogInterface dialogInterface) {
                    ADALUserAuthentication.AnonymousClass1.lambda$setDismissListenerAndShow$3(activity, dialogInterface);
                }
            });
            dialog.show();
        }

        @Override // com.microsoft.intune.mam.client.app.startup.PermissionManager.Callback
        public void onPermissionDenied() {
            ADALUserAuthentication.LOGGER.warning("Get accounts permission denied, preventing authentication attempt.");
            ADALUserAuthentication.this.mTelemetryLogger.logTrackedOccurrence(ADALUserAuthentication.this.mContext.getPackageName(), TrackedOccurrence.ACCESS_BLOCKED_PERMISSIONS_DENIED, "");
            setDismissListenerAndShow(new AlertDialog.Builder(this.val$activity).setTitle(ADALUserAuthentication.this.mResources.getText(R.string.wg_permission_denied_title)).setMessage(ADALUserAuthentication.this.formatMessageWithAppName(R.string.wg_get_accounts_permission_denied_text)).setPositiveButton(ADALUserAuthentication.this.mResources.getString(R.string.wg_ok), new DialogInterface.OnClickListener() { // from class: com.microsoft.intune.mam.client.app.startup.-$$Lambda$ADALUserAuthentication$1$H8uru5xOkQ0NHGKE4LZtCYi-ge4
                @Override // android.content.DialogInterface.OnClickListener
                public final void onClick(DialogInterface dialogInterface, int i) {
                    dialogInterface.dismiss();
                }
            }).create());
        }

        @Override // com.microsoft.intune.mam.client.app.startup.PermissionManager.Callback
        public void onPermissionGranted() {
            ADALUserAuthentication.LOGGER.info("Get accounts permission granted.");
            ADALUserAuthentication.this.makeAuthCall(this.val$authenticationCallback, this.val$identity, this.val$activity, this.val$tag, this.val$resource, this.val$promptBehavior, this.val$authExtras, this.val$claims);
        }

        @Override // com.microsoft.intune.mam.client.app.startup.PermissionManager.Callback
        public void onPermissionPermanentlyDenied() {
            ADALUserAuthentication.LOGGER.warning("Get accounts permission denied permanently, preventing auth attempt.");
            ADALUserAuthentication.this.mTelemetryLogger.logTrackedOccurrence(ADALUserAuthentication.this.mContext.getPackageName(), TrackedOccurrence.ACCESS_BLOCKED_PERMISSIONS_DENIED, "Permanently denied.");
            AlertDialog.Builder message = new AlertDialog.Builder(this.val$activity).setTitle(ADALUserAuthentication.this.mResources.getText(R.string.wg_permission_denied_title)).setMessage(ADALUserAuthentication.this.mResources.getText(R.string.wg_get_accounts_permission_denied_permanently_text));
            String string = ADALUserAuthentication.this.mResources.getString(R.string.wg_go_to_settings);
            final Activity activity = this.val$activity;
            setDismissListenerAndShow(message.setPositiveButton(string, new DialogInterface.OnClickListener() { // from class: com.microsoft.intune.mam.client.app.startup.-$$Lambda$ADALUserAuthentication$1$-j9B5kxV77f3DStNTpR7TuHgFTw
                @Override // android.content.DialogInterface.OnClickListener
                public final void onClick(DialogInterface dialogInterface, int i) {
                    ADALUserAuthentication.AnonymousClass1.lambda$onPermissionPermanentlyDenied$1(activity, dialogInterface, i);
                }
            }).setNegativeButton(ADALUserAuthentication.this.mResources.getString(R.string.wg_cancel), new DialogInterface.OnClickListener() { // from class: com.microsoft.intune.mam.client.app.startup.-$$Lambda$ADALUserAuthentication$1$dTrfDi1JftymcE4ccxQEL-jvSWE
                @Override // android.content.DialogInterface.OnClickListener
                public final void onClick(DialogInterface dialogInterface, int i) {
                    dialogInterface.dismiss();
                }
            }).create());
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: com.microsoft.intune.mam.client.app.startup.ADALUserAuthentication$2, reason: invalid class name */
    /* loaded from: classes2.dex */
    public static /* synthetic */ class AnonymousClass2 {
        static final /* synthetic */ int[] $SwitchMap$com$microsoft$aad$adal$AuthenticationResult$AuthenticationStatus = new int[AuthenticationResult.AuthenticationStatus.values().length];

        static {
            try {
                $SwitchMap$com$microsoft$aad$adal$AuthenticationResult$AuthenticationStatus[AuthenticationResult.AuthenticationStatus.Succeeded.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                $SwitchMap$com$microsoft$aad$adal$AuthenticationResult$AuthenticationStatus[AuthenticationResult.AuthenticationStatus.Cancelled.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            try {
                $SwitchMap$com$microsoft$aad$adal$AuthenticationResult$AuthenticationStatus[AuthenticationResult.AuthenticationStatus.Failed.ordinal()] = 3;
            } catch (NoSuchFieldError unused3) {
            }
        }
    }

    /* loaded from: classes2.dex */
    public interface Callback {
        void onAuthenticationFailure(FailureReason failureReason);

        void onAuthenticationSuccess(AuthenticationResult authenticationResult);
    }

    /* loaded from: classes2.dex */
    public enum FailureReason {
        UNKNOWN_ERROR,
        CANCELED,
        WRONG_USER,
        NO_CONNECTION,
        NOT_NEEDED
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes2.dex */
    public static class UserAuthenticationCallback implements AuthenticationCallback<AuthenticationResult> {
        private final Callback mCallback;
        private final MAMIdentity mIdentity;
        private final MAMIdentityManager mIdentityManager;
        private final String mTag;

        public UserAuthenticationCallback(Callback callback, MAMIdentity mAMIdentity, MAMIdentityManager mAMIdentityManager, String str) {
            this.mCallback = callback;
            this.mIdentity = mAMIdentity;
            this.mIdentityManager = mAMIdentityManager;
            this.mTag = str;
        }

        private boolean didCorrectUserAuthenticate(AuthenticationResult authenticationResult) {
            if (this.mIdentity == null) {
                return true;
            }
            UserInfo userInfo = authenticationResult.getUserInfo();
            if (userInfo == null) {
                ADALUserAuthentication.LOGGER.warning("ADAL did not return UserInfo with the AuthenticationResult; can't authenticate user.");
                return false;
            }
            boolean equals = this.mIdentity.equals(this.mIdentityManager.create(userInfo.getDisplayableId(), userInfo.getUserId()));
            if (!equals && this.mIdentity.aadId() == null) {
                ADALUserAuthentication.LOGGER.warning("Primary user's AAD id is not known; can't authenticate user with mismatched UPN.");
            }
            return equals;
        }

        private void onPossibleAuthenticationSuccess(AuthenticationResult authenticationResult) {
            if (authenticationResult.getAccessToken() == null || authenticationResult.getAccessToken().isEmpty()) {
                ADALUserAuthentication.LOGGER.warning("ADAL reported success but did not return an access token.");
            }
            if (didCorrectUserAuthenticate(authenticationResult)) {
                this.mCallback.onAuthenticationSuccess(authenticationResult);
            } else {
                this.mCallback.onAuthenticationFailure(FailureReason.WRONG_USER);
            }
        }

        public boolean equals(Object obj) {
            if (this == obj) {
                return true;
            }
            if (obj == null || getClass() != obj.getClass()) {
                return false;
            }
            UserAuthenticationCallback userAuthenticationCallback = (UserAuthenticationCallback) obj;
            String str = this.mTag;
            if (str == null) {
                if (userAuthenticationCallback.mTag != null) {
                    return false;
                }
            } else if (!str.equals(userAuthenticationCallback.mTag)) {
                return false;
            }
            return true;
        }

        public int hashCode() {
            String str = this.mTag;
            return 31 + (str == null ? 0 : str.hashCode());
        }

        @Override // com.microsoft.aad.adal.AuthenticationCallback
        public void onError(Exception exc) {
            ADALUserAuthentication.LOGGER.log(Level.WARNING, "ADAL failed to authenticate", (Throwable) exc);
            if (exc instanceof AuthenticationException) {
                ADALError code = ((AuthenticationException) exc).getCode();
                if (code == ADALError.AUTH_FAILED_USER_MISMATCH) {
                    this.mCallback.onAuthenticationFailure(FailureReason.WRONG_USER);
                    return;
                } else if (code == ADALError.DEVICE_CONNECTION_IS_NOT_AVAILABLE) {
                    this.mCallback.onAuthenticationFailure(FailureReason.NO_CONNECTION);
                    return;
                }
            }
            if (!(exc instanceof AuthenticationCancelError)) {
                this.mCallback.onAuthenticationFailure(FailureReason.UNKNOWN_ERROR);
                return;
            }
            ADALUserAuthentication.LOGGER.log(Level.WARNING, "ADALError on AuthenticationCancellError is " + ((AuthenticationCancelError) exc).getCode().name());
            this.mCallback.onAuthenticationFailure(FailureReason.CANCELED);
        }

        @Override // com.microsoft.aad.adal.AuthenticationCallback
        public void onSuccess(AuthenticationResult authenticationResult) {
            ADALUserAuthentication.LOGGER.fine("UserAuthenticationCallback.onSuccess " + authenticationResult);
            if (authenticationResult == null || authenticationResult.getStatus() == null) {
                this.mCallback.onAuthenticationFailure(FailureReason.UNKNOWN_ERROR);
                return;
            }
            ADALUserAuthentication.LOGGER.fine("UserAuthenticationCallback.onSuccess with status " + authenticationResult.getStatus());
            int i = AnonymousClass2.$SwitchMap$com$microsoft$aad$adal$AuthenticationResult$AuthenticationStatus[authenticationResult.getStatus().ordinal()];
            if (i == 1) {
                onPossibleAuthenticationSuccess(authenticationResult);
            } else if (i != 2) {
                this.mCallback.onAuthenticationFailure(FailureReason.UNKNOWN_ERROR);
            } else {
                this.mCallback.onAuthenticationFailure(FailureReason.CANCELED);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ADALUserAuthentication(Context context, Resources resources, MAMUserInfoInternal mAMUserInfoInternal, ADALConnectionDetailsResolver aDALConnectionDetailsResolver, MAMIdentityManager mAMIdentityManager, TelemetryLogger telemetryLogger) {
        this.mContext = context;
        this.mResources = resources;
        this.mUserInfo = mAMUserInfoInternal;
        this.mADALDetailsResolver = aDALConnectionDetailsResolver;
        this.mIdentityManager = mAMIdentityManager;
        this.mTelemetryLogger = telemetryLogger;
    }

    private boolean brokerPermissionIsNeeded() {
        return this.mContext.checkSelfPermission(PermissionManager.PERMISSION_GET_ACCOUNTS) == -1;
    }

    private AuthenticationContext createAuthContext() throws NoSuchPaddingException, NoSuchAlgorithmException {
        try {
            this.mUsingBroker = false;
            return new AuthenticationContext(this.mContext, this.mConnectionDetails.getAuthority(), false, getTokenCacheStore());
        } catch (UnsupportedOperationException unused) {
            LOGGER.info("Caught exception initializing AuthenticationContext for non-broker use.  Trying again for broker.");
            this.mUsingBroker = true;
            return new AuthenticationContext(this.mContext, this.mConnectionDetails.getAuthority(), false);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public String formatMessageWithAppName(int i) {
        int i2 = this.mContext.getApplicationInfo().labelRes;
        return this.mResources.getString(i, i2 != 0 ? this.mContext.getString(i2) : "this app");
    }

    private static UUID getCorrelationId(Context context) {
        return UUID.nameUUIDFromBytes(context.getPackageName().getBytes());
    }

    private MAMIdentity getPrimaryIdentity() {
        MAMIdentity primaryIdentity = this.mUserInfo.getPrimaryIdentity();
        if (primaryIdentity != null) {
            return primaryIdentity;
        }
        throw new AssertionError("UPN must not be null");
    }

    private void handleGetAccountsPermissionRequest(Activity activity, Callback callback, MAMIdentity mAMIdentity, String str, String str2, PromptBehavior promptBehavior, String str3, String str4) {
        LOGGER.info("App is not skipping the broker and it is installed and API is >= 23, obtaining broker permission at runtime.");
        Fragment findStartupUIFragment = MAMStartupUIBehaviorImpl.findStartupUIFragment(activity);
        if (findStartupUIFragment == null) {
            LOGGER.severe("Unable to obtain startup fragment from start up activity, we can't request permission so we will proceed with authentication.");
            makeAuthCall(callback, mAMIdentity, activity, str, str2, promptBehavior, str3, str4);
        } else {
            PermissionManager.registerPermissionCallback(new AnonymousClass1(callback, mAMIdentity, activity, str, str2, promptBehavior, str3, str4), PermissionManager.PERMISSION_GET_ACCOUNTS);
            findStartupUIFragment.requestPermissions(new String[]{PermissionManager.PERMISSION_GET_ACCOUNTS}, PermissionManager.PERMISSION_GET_ACCOUNTS.hashCode());
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void makeAuthCall(Callback callback, MAMIdentity mAMIdentity, Activity activity, String str, String str2, PromptBehavior promptBehavior, String str3, String str4) {
        this.mAuthContext.acquireToken(activity, str2, this.mConnectionDetails.getClientId(), getRedirectUri(), mAMIdentity == null ? null : mAMIdentity.rawUPN(), promptBehavior, str3, str4, new UserAuthenticationCallback(callback, mAMIdentity, this.mIdentityManager, str));
    }

    private String startAuthentication(Activity activity, Callback callback, MAMIdentity mAMIdentity, String str, PromptBehavior promptBehavior, String str2, String str3) {
        String uuid = UUID.randomUUID().toString();
        if (Build.VERSION.SDK_INT >= 23 && AuthenticationSettings.INSTANCE.getUseBroker() && brokerPermissionIsNeeded()) {
            handleGetAccountsPermissionRequest(activity, callback, mAMIdentity, uuid, str, promptBehavior, str2, str3);
        } else {
            makeAuthCall(callback, mAMIdentity, activity, uuid, str, promptBehavior, str2, str3);
        }
        return uuid;
    }

    ADALConnectionDetails getAppConnectionDetails() {
        return this.mADALDetailsResolver.getADALConnectionDetails(this.mUserInfo.getPrimaryIdentity());
    }

    protected String getRedirectUri() {
        if (this.mUsingBroker) {
            return this.mAuthContext.getRedirectUriForBroker();
        }
        String nonBrokerRedirectUri = this.mConnectionDetails.getNonBrokerRedirectUri();
        if ("urn:ietf:wg:oauth:2.0:oob".equals(nonBrokerRedirectUri)) {
            this.mTelemetryLogger.logTrackedOccurrence(this.mContext.getPackageName(), TrackedOccurrence.DEFAULT_REDIRECT_URI_IN_USE, "");
        }
        return nonBrokerRedirectUri;
    }

    protected abstract ITokenCacheStore getTokenCacheStore();

    public synchronized boolean initialized() {
        return this.mInitialized;
    }

    public void onActivityResult(int i, int i2, Intent intent) {
        this.mAuthContext.onActivityResult(i, i2, intent);
    }

    public synchronized boolean setup() {
        if (this.mInitialized) {
            return true;
        }
        this.mConnectionDetails = getAppConnectionDetails();
        if (this.mConnectionDetails == null) {
            return false;
        }
        LOGGER.fine("Authority: " + this.mConnectionDetails.getAuthority());
        AuthenticationSettings.INSTANCE.setActivityPackageName(MAMInfo.getPackageName());
        try {
            this.mAuthContext = createAuthContext();
            this.mAuthContext.setRequestCorrelationId(getCorrelationId(this.mContext));
            this.mInitialized = true;
            return true;
        } catch (SecurityException | NoSuchAlgorithmException | NoSuchPaddingException e) {
            throw new AssertionError(e);
        }
    }

    public String startAuthenticationForMAM(Activity activity, Callback callback, MAMIdentity mAMIdentity, String str) {
        return startAuthentication(activity, callback, mAMIdentity, str, PromptBehavior.FORCE_PROMPT, DEFAULT_MAM_AUTH_EXTRAS, null);
    }

    public String startAuthenticationForMAM(Activity activity, Callback callback, String str) {
        return startAuthenticationForMAM(activity, callback, getPrimaryIdentity(), str);
    }

    public String startAuthenticationForWPJ(Activity activity, Callback callback) {
        return startAuthentication(activity, callback, getPrimaryIdentity(), "https://graph.windows.net", PromptBehavior.Auto, null, DEVICE_CLAIMS_DEVICEID_ESSENTIAL_STRING);
    }
}
