package com.microsoft.aad.adal;

import android.accounts.Account;
import android.accounts.AccountManager;
import android.accounts.AccountManagerCallback;
import android.accounts.AccountManagerFuture;
import android.accounts.AuthenticatorDescription;
import android.accounts.AuthenticatorException;
import android.accounts.OperationCanceledException;
import android.annotation.TargetApi;
import android.content.Context;
import android.content.Intent;
import android.content.SharedPreferences;
import android.content.pm.PackageInfo;
import android.content.pm.PackageManager;
import android.content.pm.Signature;
import android.os.Bundle;
import android.os.Handler;
import android.os.Looper;
import android.util.Base64;
import com.microsoft.aad.adal.AuthenticationConstants;
import com.microsoft.services.odata.impl.BuildConfig;
import java.io.IOException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;

/* JADX INFO: Access modifiers changed from: package-private */
@TargetApi(14)
/* loaded from: input_file:classes.jar:com/microsoft/aad/adal/BrokerProxy.class */
public class BrokerProxy implements IBrokerProxy {
    private static final String TAG = "BrokerProxy";
    private Context mContext;
    private AccountManager mAcctManager;
    private Handler mHandler;
    private final String mBrokerTag = AuthenticationSettings.INSTANCE.getBrokerSignature();
    private static final String KEY_ACCOUNT_LIST_DELIM = "|";
    private static final String KEY_SHARED_PREF_ACCOUNT_LIST = "com.microsoft.aad.adal.account.list";
    private static final String KEY_APP_ACCOUNTS_FOR_TOKEN_REMOVAL = "AppAccountsForTokenRemoval";
    private static final int ACCOUNT_MANAGER_ERROR_CODE_BAD_AUTHENTICATION = 9;

    public BrokerProxy() {
    }

    public BrokerProxy(Context context) {
        this.mContext = context;
        this.mAcctManager = AccountManager.get(this.mContext);
        this.mHandler = new Handler(this.mContext.getMainLooper());
    }

    @Override // com.microsoft.aad.adal.IBrokerProxy
    public boolean canSwitchToBroker() {
        return !AuthenticationSettings.INSTANCE.getSkipBroker() && verifyManifestPermissions() && !this.mContext.getPackageName().equalsIgnoreCase(AuthenticationSettings.INSTANCE.getBrokerPackageName()) && verifyAuthenticator(this.mAcctManager) && verifyAccount();
    }

    @Override // com.microsoft.aad.adal.IBrokerProxy
    public boolean canUseLocalCache() {
        if (!canSwitchToBroker()) {
            Logger.v(TAG, "It does not use broker");
            return true;
        }
        if (!verifySignature(this.mContext.getPackageName())) {
            return false;
        }
        Logger.v(TAG, "Broker installer can use local cache");
        return true;
    }

    private boolean verifyAccount() {
        Logger.v(TAG, "Verify account count");
        Account[] accountsByType = this.mAcctManager.getAccountsByType(AuthenticationConstants.Broker.BROKER_ACCOUNT_TYPE);
        return accountsByType != null && accountsByType.length > 0;
    }

    private boolean verifyManifestPermissions() {
        PackageManager packageManager = this.mContext.getPackageManager();
        boolean z = 0 == packageManager.checkPermission("android.permission.GET_ACCOUNTS", this.mContext.getPackageName()) && 0 == packageManager.checkPermission("android.permission.MANAGE_ACCOUNTS", this.mContext.getPackageName()) && 0 == packageManager.checkPermission("android.permission.USE_CREDENTIALS", this.mContext.getPackageName());
        if (!z) {
            Logger.w(TAG, "Broker related permissions are missing for GET_ACCOUNTS, MANAGE_ACCOUNTS, USE_CREDENTIALS", BuildConfig.FLAVOR, ADALError.DEVELOPER_BROKER_PERMISSIONS_MISSING);
        }
        return z;
    }

    private void verifyNotOnMainThread() {
        Looper myLooper = Looper.myLooper();
        if (myLooper == null || myLooper != this.mContext.getMainLooper()) {
            return;
        }
        IllegalStateException illegalStateException = new IllegalStateException("calling this from your main thread can lead to deadlock");
        Logger.e(TAG, "calling this from your main thread can lead to deadlock and/or ANRs", BuildConfig.FLAVOR, ADALError.DEVELOPER_CALLING_ON_MAIN_THREAD, illegalStateException);
        if (this.mContext.getApplicationInfo().targetSdkVersion >= 8) {
            throw illegalStateException;
        }
    }

    @Override // com.microsoft.aad.adal.IBrokerProxy
    public AuthenticationResult getAuthTokenInBackground(AuthenticationRequest authenticationRequest) {
        AuthenticationResult authenticationResult = null;
        verifyNotOnMainThread();
        Account[] accountsByType = this.mAcctManager.getAccountsByType(AuthenticationConstants.Broker.BROKER_ACCOUNT_TYPE);
        if (accountsByType == null || accountsByType.length != 1) {
            throw new AuthenticationException(ADALError.BROKER_AUTHENTICATOR_BAD_ARGUMENTS);
        }
        Account account = accountsByType[0];
        if (account == null) {
            return null;
        }
        try {
            AccountManagerFuture<Bundle> authToken = this.mAcctManager.getAuthToken(account, AuthenticationConstants.Broker.AUTHTOKEN_TYPE, getBrokerOptions(authenticationRequest), false, (AccountManagerCallback<Bundle>) null, this.mHandler);
            Logger.v(TAG, "Received result from Authenticator");
            authenticationResult = getResultFromBrokerResponse(authToken.getResult());
        } catch (AuthenticatorException e) {
            Logger.e(TAG, "Authenticator cancels the request", BuildConfig.FLAVOR, ADALError.BROKER_AUTHENTICATOR_NOT_RESPONDING);
        } catch (OperationCanceledException e2) {
            Logger.e(TAG, "Authenticator cancels the request", BuildConfig.FLAVOR, ADALError.AUTH_FAILED_CANCELLED, e2);
        } catch (IOException e3) {
            Logger.e(TAG, "Authenticator cancels the request", BuildConfig.FLAVOR, ADALError.BROKER_AUTHENTICATOR_IO_EXCEPTION);
        }
        Logger.v(TAG, "Returning result from Authenticator");
        return authenticationResult;
    }

    private AuthenticationResult getResultFromBrokerResponse(Bundle bundle) {
        if (bundle == null) {
            throw new IllegalArgumentException("bundleResult");
        }
        int i = bundle.getInt("errorCode");
        String string = bundle.getString("errorMessage");
        if (StringExtensions.IsNullOrBlank(string)) {
            if (bundle.getBoolean(AuthenticationConstants.Broker.ACCOUNT_INITIAL_REQUEST)) {
                return AuthenticationResult.createResultForInitialRequest();
            }
            return new AuthenticationResult(bundle.getString("authtoken"), BuildConfig.FLAVOR, null, false, UserInfo.getUserInfoFromBrokerResult(bundle), BuildConfig.FLAVOR, BuildConfig.FLAVOR);
        }
        ADALError aDALError = ADALError.BROKER_AUTHENTICATOR_ERROR_GETAUTHTOKEN;
        switch (i) {
            case 6:
                aDALError = ADALError.BROKER_AUTHENTICATOR_UNSUPPORTED_OPERATION;
                break;
            case 7:
                aDALError = ADALError.BROKER_AUTHENTICATOR_BAD_ARGUMENTS;
                break;
            case ACCOUNT_MANAGER_ERROR_CODE_BAD_AUTHENTICATION /* 9 */:
                aDALError = ADALError.BROKER_AUTHENTICATOR_BAD_AUTHENTICATION;
                break;
        }
        throw new AuthenticationException(aDALError, string);
    }

    @Override // com.microsoft.aad.adal.IBrokerProxy
    public void saveAccount(String str) {
        if (str == null || str.isEmpty()) {
            return;
        }
        SharedPreferences sharedPreferences = this.mContext.getSharedPreferences(KEY_SHARED_PREF_ACCOUNT_LIST, 0);
        String string = sharedPreferences.getString(KEY_APP_ACCOUNTS_FOR_TOKEN_REMOVAL, BuildConfig.FLAVOR);
        if (string.contains("|" + str)) {
            return;
        }
        String str2 = string + "|" + str;
        SharedPreferences.Editor edit = sharedPreferences.edit();
        edit.putString(KEY_APP_ACCOUNTS_FOR_TOKEN_REMOVAL, str2);
        edit.apply();
    }

    @Override // com.microsoft.aad.adal.IBrokerProxy
    public void removeAccounts() {
        new Thread(new Runnable() { // from class: com.microsoft.aad.adal.BrokerProxy.1
            @Override // java.lang.Runnable
            public void run() {
                Logger.v(BrokerProxy.TAG, "removeAccounts:");
                Account[] accountsByType = BrokerProxy.this.mAcctManager.getAccountsByType(AuthenticationConstants.Broker.BROKER_ACCOUNT_TYPE);
                if (accountsByType == null || accountsByType.length != 1) {
                    return;
                }
                Account account = accountsByType[0];
                Logger.v(BrokerProxy.TAG, "remove tokens for:" + account.name);
                if (account != null) {
                    Bundle bundle = new Bundle();
                    bundle.putString(AuthenticationConstants.Broker.ACCOUNT_REMOVE_TOKENS, AuthenticationConstants.Broker.ACCOUNT_REMOVE_TOKENS_VALUE);
                    BrokerProxy.this.mAcctManager.getAuthToken(account, AuthenticationConstants.Broker.AUTHTOKEN_TYPE, bundle, false, (AccountManagerCallback<Bundle>) null, BrokerProxy.this.mHandler);
                }
            }
        }).start();
    }

    @Override // com.microsoft.aad.adal.IBrokerProxy
    public Intent getIntentForBrokerActivity(AuthenticationRequest authenticationRequest) {
        Intent intent = null;
        try {
            intent = (Intent) this.mAcctManager.addAccount(AuthenticationConstants.Broker.BROKER_ACCOUNT_TYPE, AuthenticationConstants.Broker.AUTHTOKEN_TYPE, null, getBrokerOptions(authenticationRequest), null, null, this.mHandler).getResult().getParcelable("intent");
            if (intent != null) {
                intent.putExtra(AuthenticationConstants.Broker.BROKER_REQUEST, AuthenticationConstants.Broker.BROKER_REQUEST);
            }
        } catch (AuthenticatorException e) {
            Logger.e(TAG, "Authenticator cancels the request", BuildConfig.FLAVOR, ADALError.BROKER_AUTHENTICATOR_NOT_RESPONDING);
        } catch (OperationCanceledException e2) {
            Logger.e(TAG, "Authenticator cancels the request", BuildConfig.FLAVOR, ADALError.AUTH_FAILED_CANCELLED, e2);
        } catch (IOException e3) {
            Logger.e(TAG, "Authenticator cancels the request", BuildConfig.FLAVOR, ADALError.BROKER_AUTHENTICATOR_IO_EXCEPTION);
        }
        return intent;
    }

    private Bundle getBrokerOptions(AuthenticationRequest authenticationRequest) {
        Bundle bundle = new Bundle();
        bundle.putInt(AuthenticationConstants.Browser.REQUEST_ID, authenticationRequest.getRequestId());
        bundle.putString(AuthenticationConstants.Broker.ACCOUNT_AUTHORITY, authenticationRequest.getAuthority());
        bundle.putString(AuthenticationConstants.Broker.ACCOUNT_RESOURCE, authenticationRequest.getResource());
        bundle.putString(AuthenticationConstants.Broker.ACCOUNT_REDIRECT, authenticationRequest.getRedirectUri());
        bundle.putString(AuthenticationConstants.Broker.ACCOUNT_CLIENTID_KEY, authenticationRequest.getClientId());
        bundle.putString(AuthenticationConstants.Broker.ADAL_VERSION_KEY, authenticationRequest.getVersion());
        bundle.putString(AuthenticationConstants.Broker.ACCOUNT_LOGIN_HINT, getCurrentUser());
        bundle.putString(AuthenticationConstants.Broker.ACCOUNT_NAME, getCurrentUser());
        bundle.putString(AuthenticationConstants.Broker.ACCOUNT_PROMPT, authenticationRequest.getPrompt().name());
        return bundle;
    }

    @Override // com.microsoft.aad.adal.IBrokerProxy
    public String getCurrentUser() {
        Account[] accountsByType = this.mAcctManager.getAccountsByType(AuthenticationConstants.Broker.BROKER_ACCOUNT_TYPE);
        if (accountsByType == null || accountsByType.length <= 0) {
            return null;
        }
        return accountsByType[0].name;
    }

    private boolean verifySignature(String str) {
        try {
            PackageInfo packageInfo = this.mContext.getPackageManager().getPackageInfo(str, 64);
            if (packageInfo != null && packageInfo.signatures != null) {
                for (Signature signature : packageInfo.signatures) {
                    MessageDigest messageDigest = MessageDigest.getInstance("SHA");
                    messageDigest.update(signature.toByteArray());
                    if (Base64.encodeToString(messageDigest.digest(), 2).equals(this.mBrokerTag)) {
                        return true;
                    }
                }
            }
            return false;
        } catch (PackageManager.NameNotFoundException e) {
            Logger.e(TAG, "Broker related package does not exist", BuildConfig.FLAVOR, ADALError.BROKER_PACKAGE_NAME_NOT_FOUND);
            return false;
        } catch (NoSuchAlgorithmException e2) {
            Logger.e(TAG, "Digest SHA algorithm does not exists", BuildConfig.FLAVOR, ADALError.DEVICE_NO_SUCH_ALGORITHM);
            return false;
        } catch (Exception e3) {
            Logger.e(TAG, "Error in verifying signature", BuildConfig.FLAVOR, ADALError.BROKER_VERIFICATION_FAILED, e3);
            return false;
        }
    }

    private boolean verifyAuthenticator(AccountManager accountManager) {
        for (AuthenticatorDescription authenticatorDescription : accountManager.getAuthenticatorTypes()) {
            if (authenticatorDescription.type.equals(AuthenticationConstants.Broker.BROKER_ACCOUNT_TYPE) && verifySignature(authenticatorDescription.packageName)) {
                return true;
            }
        }
        return false;
    }
}
