package com.microsoft.identity.common.adal.internal.tokensharing;

import android.net.Uri;
import android.util.Pair;
import androidx.annotation.NonNull;
import androidx.annotation.Nullable;
import com.microsoft.identity.common.BaseAccount;
import com.microsoft.identity.common.exception.BaseException;
import com.microsoft.identity.common.exception.ClientException;
import com.microsoft.identity.common.exception.ServiceException;
import com.microsoft.identity.common.internal.cache.ADALTokenCacheItem;
import com.microsoft.identity.common.internal.cache.ICacheRecord;
import com.microsoft.identity.common.internal.cache.MsalOAuth2TokenCache;
import com.microsoft.identity.common.internal.dto.AccountRecord;
import com.microsoft.identity.common.internal.dto.IdTokenRecord;
import com.microsoft.identity.common.internal.dto.RefreshTokenRecord;
import com.microsoft.identity.common.internal.logging.Logger;
import com.microsoft.identity.common.internal.migration.AdalMigrationAdapter;
import com.microsoft.identity.common.internal.migration.TokenCacheItemMigrationAdapter;
import com.microsoft.identity.common.internal.providers.microsoft.MicrosoftAccount;
import com.microsoft.identity.common.internal.providers.microsoft.MicrosoftRefreshToken;
import com.microsoft.identity.common.internal.providers.oauth2.IDToken;
import com.microsoft.identity.common.internal.providers.oauth2.RefreshToken;
import com.nimbusds.jose.JOSEObjectType;
import com.nimbusds.jose.PlainHeader;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.PlainJWT;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.concurrent.Callable;

/* loaded from: classes14.dex */
public class TokenShareUtility implements ITokenShareInternal {

    /* renamed from: e, reason: collision with root package name */
    private static final String f80375e = "TokenShareUtility";

    /* renamed from: f, reason: collision with root package name */
    private static final Map<String, String> f80376f = new HashMap();

    /* renamed from: a, reason: collision with root package name */
    private final String f80377a;

    /* renamed from: b, reason: collision with root package name */
    private final String f80378b;

    /* renamed from: c, reason: collision with root package name */
    private final String f80379c;

    /* renamed from: d, reason: collision with root package name */
    private final MsalOAuth2TokenCache f80380d;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes14.dex */
    public class a implements Callable<Pair<MicrosoftAccount, MicrosoftRefreshToken>> {

        /* renamed from: a, reason: collision with root package name */
        final /* synthetic */ String f80381a;

        a(String str) {
            this.f80381a = str;
        }

        @Override // java.util.concurrent.Callable
        /* renamed from: a, reason: merged with bridge method [inline-methods] */
        public Pair<MicrosoftAccount, MicrosoftRefreshToken> call() throws ClientException {
            ADALTokenCacheItem a5 = SSOStateSerializer.a(this.f80381a);
            a5.setClientId(TokenShareUtility.this.f80377a);
            a5.setResource(null);
            if (AdalMigrationAdapter.loadCloudDiscoveryMetadata()) {
                return TokenCacheItemMigrationAdapter.renewToken(TokenShareUtility.this.f80378b, a5);
            }
            Logger.warn(TokenShareUtility.f80375e + "saveOrgIdFamilyRefreshToken", "Failed to load cloud metadata, aborting.");
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes14.dex */
    public class b implements Callable<Pair<MicrosoftAccount, MicrosoftRefreshToken>> {

        /* renamed from: a, reason: collision with root package name */
        final /* synthetic */ String f80383a;

        b(String str) {
            this.f80383a = str;
        }

        @Override // java.util.concurrent.Callable
        /* renamed from: a, reason: merged with bridge method [inline-methods] */
        public Pair<MicrosoftAccount, MicrosoftRefreshToken> call() throws ClientException {
            String path = Uri.parse(TokenShareUtility.this.f80379c).getPath();
            ADALTokenCacheItem h5 = TokenShareUtility.this.h(this.f80383a, path != null ? TokenShareUtility.this.f80379c.replace(path, "/consumers") : TokenShareUtility.this.f80379c);
            if (AdalMigrationAdapter.loadCloudDiscoveryMetadata()) {
                return TokenCacheItemMigrationAdapter.renewToken(TokenShareUtility.this.f80378b, h5);
            }
            Logger.warn(TokenShareUtility.f80375e + "saveMsaFamilyRefreshToken", "Failed to load cloud metadata, aborting.");
            return null;
        }
    }

    static {
        g();
    }

    public TokenShareUtility(@NonNull String str, @NonNull String str2, @NonNull String str3, @NonNull MsalOAuth2TokenCache msalOAuth2TokenCache) {
        this.f80377a = str;
        this.f80378b = str2;
        this.f80379c = str3;
        this.f80380d = msalOAuth2TokenCache;
    }

    @NonNull
    private static ADALTokenCacheItem f(@NonNull IdTokenRecord idTokenRecord, @NonNull RefreshTokenRecord refreshTokenRecord) throws ServiceException {
        ADALTokenCacheItem aDALTokenCacheItem = new ADALTokenCacheItem();
        aDALTokenCacheItem.setClientId(refreshTokenRecord.getClientId());
        aDALTokenCacheItem.setRefreshToken(refreshTokenRecord.getSecret());
        aDALTokenCacheItem.setRawIdToken(l(idTokenRecord.getSecret()));
        aDALTokenCacheItem.setFamilyClientId(refreshTokenRecord.getFamilyId());
        aDALTokenCacheItem.setAuthority(k(idTokenRecord) ? "https://login.windows.net/common" : idTokenRecord.getAuthority());
        return aDALTokenCacheItem;
    }

    private static void g() {
        f80376f.put("preferred_username", "upn");
    }

    /* JADX INFO: Access modifiers changed from: private */
    public ADALTokenCacheItem h(@NonNull String str, @NonNull String str2) {
        ADALTokenCacheItem aDALTokenCacheItem = new ADALTokenCacheItem();
        aDALTokenCacheItem.setAuthority(str2);
        aDALTokenCacheItem.setClientId(this.f80377a);
        aDALTokenCacheItem.setRefreshToken(str);
        return aDALTokenCacheItem;
    }

    private AccountRecord i(@NonNull String str) throws ClientException {
        AccountRecord accountByLocalAccountId = this.f80380d.getAccountByLocalAccountId(null, this.f80377a, str);
        if (accountByLocalAccountId == null) {
            List<AccountRecord> accountsByUsername = this.f80380d.getAccountsByUsername(null, this.f80377a, str);
            if (!accountsByUsername.isEmpty()) {
                accountByLocalAccountId = accountsByUsername.get(0);
            }
        }
        if (accountByLocalAccountId != null) {
            return accountByLocalAccountId;
        }
        throw new ClientException(ClientException.TOKEN_CACHE_ITEM_NOT_FOUND);
    }

    private ICacheRecord j(@NonNull String str) throws ClientException {
        return this.f80380d.load(this.f80377a, null, i(str));
    }

    private static boolean k(@NonNull IdTokenRecord idTokenRecord) {
        String homeAccountId = idTokenRecord.getHomeAccountId();
        boolean z4 = false;
        try {
            String str = (String) IDToken.parseJWT(idTokenRecord.getSecret()).get("oid");
            if (str != null) {
                z4 = homeAccountId.contains(str);
            } else {
                Logger.warn(f80375e + ":isFromHomeTenant", "OID claims was missing from token.");
            }
        } catch (ServiceException unused) {
            Logger.warn(f80375e + ":isFromHomeTenant", "Failed to parse IdToken.");
        }
        return z4;
    }

    @NonNull
    private static String l(@NonNull String str) throws ServiceException {
        Map<String, ?> parseJWT = IDToken.parseJWT(str);
        JWTClaimsSet.Builder builder = new JWTClaimsSet.Builder();
        for (Map.Entry<String, ?> entry : parseJWT.entrySet()) {
            String key = entry.getKey();
            Object value = entry.getValue();
            if ("ver".equals(key)) {
                value = "1";
            }
            builder.claim(m(key), value);
        }
        return new PlainJWT(new PlainHeader(JOSEObjectType.JWT, null, null, null, null), builder.build()).serialize();
    }

    @NonNull
    private static String m(@NonNull String str) {
        String str2 = f80376f.get(str);
        return str2 == null ? str : str2;
    }

    private void n(@Nullable Pair<MicrosoftAccount, MicrosoftRefreshToken> pair) throws ClientException {
        if (pair != null) {
            this.f80380d.setSingleSignOnState((BaseAccount) pair.first, (RefreshToken) pair.second);
        }
    }

    private void o(@NonNull String str, @NonNull ICacheRecord iCacheRecord) throws ClientException {
        if (iCacheRecord.getRefreshToken() == null || iCacheRecord.getIdToken() == null) {
            Logger.warn(f80375e + ":throwIfCacheRecordIncomplete", "That's strange, we had an AccountRecord for identifier: " + str + " but couldn't find tokens for them.");
            throw new ClientException(ClientException.TOKEN_CACHE_ITEM_NOT_FOUND);
        }
    }

    @Override // com.microsoft.identity.common.adal.internal.tokensharing.ITokenShareInternal
    public String getMsaFamilyRefreshToken(@NonNull String str) throws Exception {
        ICacheRecord j5 = j(str);
        o(str, j5);
        return j5.getRefreshToken().getSecret();
    }

    @Override // com.microsoft.identity.common.adal.internal.tokensharing.ITokenShareInternal
    @NonNull
    public String getOrgIdFamilyRefreshToken(@NonNull String str) throws BaseException {
        ICacheRecord j5 = j(str);
        o(str, j5);
        return SSOStateSerializer.f(f(j5.getIdToken(), j5.getRefreshToken()));
    }

    @Override // com.microsoft.identity.common.adal.internal.tokensharing.ITokenShareInternal
    public void saveMsaFamilyRefreshToken(@NonNull String str) throws Exception {
        n((Pair) TokenCacheItemMigrationAdapter.sBackgroundExecutor.submit(new b(str)).get());
    }

    @Override // com.microsoft.identity.common.adal.internal.tokensharing.ITokenShareInternal
    public void saveOrgIdFamilyRefreshToken(@NonNull String str) throws Exception {
        n((Pair) TokenCacheItemMigrationAdapter.sBackgroundExecutor.submit(new a(str)).get());
    }
}
