package com.microsoft.aad.adal;

import android.net.Uri;
import android.os.Build;
import android.text.TextUtils;
import android.util.Base64;
import com.microsoft.tokenshare.BuildConfig;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.URL;
import java.net.URLEncoder;
import java.util.GregorianCalendar;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.UUID;
import org.json.JSONException;
import org.json.JSONObject;

/* loaded from: classes.dex */
class cn {
    private al a;
    private ce b;
    private cd c;

    /* JADX INFO: Access modifiers changed from: package-private */
    public cn(al alVar) {
        this.c = new ch();
        this.a = alVar;
        this.b = null;
        this.c = null;
    }

    public cn(al alVar, ce ceVar) {
        this.c = new ch();
        this.a = alVar;
        this.b = ceVar;
        this.c = null;
    }

    public cn(al alVar, ce ceVar, cd cdVar) {
        this.c = new ch();
        this.a = alVar;
        this.b = ceVar;
        this.c = cdVar;
    }

    private AuthenticationResult a(bz bzVar) {
        List<String> list;
        String str = (bzVar.b() == null || !bzVar.b().containsKey("client-request-id") || (list = bzVar.b().get("client-request-id")) == null || list.size() <= 0) ? null : list.get(0);
        switch (bzVar.a()) {
            case 200:
            case 400:
            case 401:
                try {
                    AuthenticationResult g = g(bzVar.c());
                    if (str != null && !str.isEmpty()) {
                        try {
                            if (!UUID.fromString(str).equals(this.a.f())) {
                                ck.f("Oauth", "CorrelationId is not matching", "", a.CORRELATION_ID_NOT_MATCHING_REQUEST_RESPONSE);
                            }
                            ck.c("Oauth", "Response correlationId:" + str);
                        } catch (IllegalArgumentException e) {
                            ck.b("Oauth", "Wrong format of the correlation ID:" + str, "", a.CORRELATION_ID_FORMAT, e);
                        }
                    }
                    return g;
                } catch (JSONException e2) {
                    throw new ak(a.SERVER_INVALID_JSON_RESPONSE, "Can't parse server response " + bzVar.c(), e2);
                }
            default:
                throw new ak(a.SERVER_ERROR, "Unexpected server response " + bzVar.c());
        }
    }

    private AuthenticationResult a(String str, HashMap<String, String> hashMap) {
        AuthenticationResult authenticationResult;
        bz bzVar;
        URL e = cz.e(b());
        try {
            if (e == null) {
                throw new ak(a.DEVELOPER_AUTHORITY_IS_NOT_VALID_URL);
            }
            try {
                this.b.a(this.a.f());
                bi.INSTANCE.a(e, this.a.f(), hashMap);
                bz a = this.b.a(e, hashMap, str.getBytes("UTF_8"), "application/x-www-form-urlencoded");
                if (a.a() == 401) {
                    if (a.b() == null || !a.b().containsKey("WWW-Authenticate")) {
                        ck.c("Oauth", "401 http status code is returned without authorization header");
                    } else {
                        String str2 = a.b().get("WWW-Authenticate").get(0);
                        ck.c("Oauth", "Device certificate challenge request:" + str2);
                        if (cz.a(str2)) {
                            throw new ak(a.DEVICE_CERTIFICATE_REQUEST_INVALID, "Challenge header is empty");
                        }
                        if (cz.b(str2, "PKeyAuth")) {
                            ck.c("Oauth", "Challenge is related to device certificate");
                            az azVar = new az(this.c);
                            ck.c("Oauth", "Processing device challenge");
                            hashMap.put("Authorization", azVar.a(str2, e.toString()).b);
                            ck.c("Oauth", "Sending request with challenge response");
                            bzVar = this.b.a(e, hashMap, str.getBytes("UTF_8"), "application/x-www-form-urlencoded");
                        } else {
                            bzVar = a;
                        }
                        a = bzVar;
                    }
                }
                boolean isEmpty = TextUtils.isEmpty(a.c());
                if (isEmpty) {
                    authenticationResult = null;
                } else {
                    ck.c("Oauth", "Token request does not have exception");
                    authenticationResult = a(a);
                    bi.INSTANCE.a((String) null);
                }
                if (authenticationResult != null) {
                    bi.INSTANCE.a(authenticationResult.n());
                    return authenticationResult;
                }
                String c = isEmpty ? "Status code:" + a.a() : a.c();
                ck.g("Oauth", "Server error message", c, a.SERVER_ERROR);
                throw new ak(a.SERVER_ERROR, c);
            } catch (UnsupportedEncodingException e2) {
                bi.INSTANCE.a((String) null);
                ck.b("Oauth", e2.getMessage(), "", a.ENCODING_IS_NOT_SUPPORTED, e2);
                throw e2;
            } catch (IOException e3) {
                bi.INSTANCE.a((String) null);
                ck.b("Oauth", e3.getMessage(), "", a.SERVER_ERROR, e3);
                throw e3;
            }
        } finally {
            bi.INSTANCE.a("token", this.a.f());
        }
    }

    public static AuthenticationResult a(HashMap<String, String> hashMap) {
        String str;
        String str2;
        UserInfo userInfo;
        if (hashMap.containsKey("error")) {
            String str3 = hashMap.get("correlation_id");
            if (!cz.a(str3)) {
                try {
                    ck.a(UUID.fromString(str3));
                } catch (IllegalArgumentException e) {
                    ck.g("Oauth", "CorrelationId is malformed: " + str3, "", a.CORRELATION_ID_FORMAT);
                }
            }
            ck.c("Oauth", "OAuth2 error:" + hashMap.get("error") + " Description:" + hashMap.get("error_description"));
            return new AuthenticationResult(hashMap.get("error"), hashMap.get("error_description"), hashMap.get("error_codes"));
        }
        if (hashMap.containsKey("code")) {
            return new AuthenticationResult(hashMap.get("code"));
        }
        if (!hashMap.containsKey("access_token")) {
            return null;
        }
        String str4 = hashMap.get("expires_in");
        GregorianCalendar gregorianCalendar = new GregorianCalendar();
        gregorianCalendar.add(13, (str4 == null || str4.isEmpty()) ? 3600 : Integer.parseInt(str4));
        boolean z = hashMap.containsKey("resource");
        if (hashMap.containsKey("id_token")) {
            String str5 = hashMap.get("id_token");
            if (cz.a(str5)) {
                ck.c("Oauth", "IdToken is not provided");
                str = str5;
                str2 = null;
                userInfo = null;
            } else {
                IdToken idToken = new IdToken(str5);
                str2 = idToken.b();
                userInfo = new UserInfo(idToken);
                str = str5;
            }
        } else {
            str = null;
            str2 = null;
            userInfo = null;
        }
        String str6 = hashMap.containsKey("foci") ? hashMap.get("foci") : null;
        AuthenticationResult authenticationResult = new AuthenticationResult(hashMap.get("access_token"), hashMap.get("refresh_token"), gregorianCalendar.getTime(), z, userInfo, str2, str);
        authenticationResult.d(str6);
        return authenticationResult;
    }

    private static void a(HashMap<String, String> hashMap, String str) {
        JSONObject jSONObject = new JSONObject(str);
        Iterator<String> keys = jSONObject.keys();
        while (keys.hasNext()) {
            String next = keys.next();
            hashMap.put(next, jSONObject.getString(next));
        }
    }

    public static String f(String str) {
        if (cz.a(str)) {
            return null;
        }
        return new String(Base64.decode(str, 9));
    }

    private HashMap<String, String> f() {
        HashMap<String, String> hashMap = new HashMap<>();
        hashMap.put("Accept", "application/json");
        return hashMap;
    }

    private AuthenticationResult g(String str) {
        HashMap hashMap = new HashMap();
        a((HashMap<String, String>) hashMap, str);
        return a((HashMap<String, String>) hashMap);
    }

    public String a() {
        return this.a.a() + "/oauth2/authorize";
    }

    public String a(String str) {
        return String.format("%s=%s&%s=%s&%s=%s&%s=%s", "grant_type", cz.c("authorization_code"), "code", cz.c(str), "client_id", cz.c(this.a.d()), "redirect_uri", cz.c(this.a.b()));
    }

    public String b() {
        return this.a.a() + "/oauth2/token";
    }

    public String b(String str) {
        String format = String.format("%s=%s&%s=%s&%s=%s", "grant_type", cz.c("refresh_token"), "refresh_token", cz.c(str), "client_id", cz.c(this.a.d()));
        return !cz.a(this.a.c()) ? String.format("%s&%s=%s", format, "resource", cz.c(this.a.c())) : format;
    }

    public AuthenticationResult c(String str) {
        if (this.b == null) {
            ck.c("Oauth", "Web request is not set correctly");
            throw new IllegalArgumentException("webRequestHandler is null.");
        }
        try {
            String b = b(str);
            HashMap<String, String> f = f();
            f.put("x-ms-PKeyAuth", BuildConfig.VERSION_NAME);
            return a(b, f);
        } catch (UnsupportedEncodingException e) {
            ck.b("Oauth", e.getMessage(), "", a.ENCODING_IS_NOT_SUPPORTED, e);
            return null;
        }
    }

    public String c() {
        String format = String.format("response_type=%s&client_id=%s&resource=%s&redirect_uri=%s&state=%s", "code", URLEncoder.encode(this.a.d(), "UTF_8"), URLEncoder.encode(this.a.c(), "UTF_8"), URLEncoder.encode(this.a.b(), "UTF_8"), e());
        if (this.a.e() != null && !this.a.e().isEmpty()) {
            format = String.format("%s&%s=%s", format, "login_hint", URLEncoder.encode(this.a.e(), "UTF_8"));
        }
        String format2 = String.format("%s&%s=%s", String.format("%s&%s=%s", String.format("%s&%s=%s", String.format("%s&%s=%s", format, "x-client-SKU", "Android"), "x-client-Ver", URLEncoder.encode(AuthenticationContext.e(), "UTF_8")), "x-client-OS", URLEncoder.encode("" + Build.VERSION.SDK_INT, "UTF_8")), "x-client-DM", URLEncoder.encode("" + Build.MODEL, "UTF_8"));
        if (this.a.f() != null) {
            format2 = String.format("%s&%s=%s", format2, "client-request-id", URLEncoder.encode(this.a.f().toString(), "UTF_8"));
        }
        if (this.a.i() == cs.Always) {
            format2 = String.format("%s&%s=%s", format2, "prompt", URLEncoder.encode("login", "UTF_8"));
        } else if (this.a.i() == cs.REFRESH_SESSION) {
            format2 = String.format("%s&%s=%s", format2, "prompt", URLEncoder.encode("refresh_session", "UTF_8"));
        }
        if (cz.a(this.a.g())) {
            return format2;
        }
        String g = this.a.g();
        if (!g.startsWith("&")) {
            g = "&" + g;
        }
        return format2 + g;
    }

    public AuthenticationResult d(String str) {
        if (cz.a(str)) {
            throw new IllegalArgumentException("authorizationUrl");
        }
        HashMap<String, String> f = cz.f(str);
        String f2 = f(f.get("state"));
        if (cz.a(f2)) {
            throw new ak(a.AUTH_FAILED_NO_STATE);
        }
        Uri parse = Uri.parse("http://state/path?" + f2);
        String queryParameter = parse.getQueryParameter("a");
        String queryParameter2 = parse.getQueryParameter("r");
        if (cz.a(queryParameter) || cz.a(queryParameter2) || !queryParameter2.equalsIgnoreCase(this.a.c())) {
            throw new ak(a.AUTH_FAILED_BAD_STATE);
        }
        AuthenticationResult a = a(f);
        return (a == null || a.j() == null || a.j().isEmpty()) ? a : e(a.j());
    }

    public String d() {
        return String.format("%s?%s", a(), c());
    }

    public AuthenticationResult e(String str) {
        if (this.b == null) {
            throw new IllegalArgumentException("webRequestHandler");
        }
        try {
            return a(a(str), f());
        } catch (UnsupportedEncodingException e) {
            ck.b("Oauth", e.getMessage(), "", a.ENCODING_IS_NOT_SUPPORTED, e);
            return null;
        }
    }

    public String e() {
        return Base64.encodeToString(String.format("a=%s&r=%s", this.a.a(), this.a.c()).getBytes(), 9);
    }
}
