package com.microsoft.identity.broker4j.broker.prtv2;

import com.google.gson.Gson;
import com.microsoft.identity.broker4j.broker.crypto.IKeyEntry;
import com.microsoft.identity.broker4j.broker.crypto.keyaccessors.IKeyEntryAccessor;
import com.microsoft.identity.broker4j.broker.joined.JoinedFlowUtil;
import com.microsoft.identity.broker4j.broker.jwt.JwtRequestHeader;
import com.microsoft.identity.broker4j.workplacejoin.WorkplaceJoinFailure;
import com.microsoft.identity.common.java.AuthenticationConstants;
import com.microsoft.identity.common.java.authorities.AzureActiveDirectoryAudience;
import com.microsoft.identity.common.java.crypto.Algorithm;
import com.microsoft.identity.common.java.crypto.CryptoSuite;
import com.microsoft.identity.common.java.crypto.SigningAlgorithm;
import com.microsoft.identity.common.java.crypto.SymmetricAlgorithm;
import com.microsoft.identity.common.java.exception.ClientException;
import com.microsoft.identity.common.java.exception.ErrorStrings;
import com.microsoft.identity.common.java.exception.ServiceException;
import com.microsoft.identity.common.java.logging.Logger;
import com.microsoft.identity.common.java.providers.microsoft.MicrosoftIdToken;
import com.microsoft.identity.common.java.providers.oauth2.IDToken;
import com.microsoft.identity.common.java.util.StringUtil;
import cz.msebera.android.httpclient.client.utils.URIBuilder;
import cz.msebera.android.httpclient.extras.Base64;
import edu.umd.cs.findbugs.annotations.Nullable;
import java.net.URI;
import java.net.URISyntaxException;
import java.nio.charset.Charset;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.util.Date;
import java.util.List;
import java.util.TreeMap;
import java.util.concurrent.TimeUnit;
import lombok.NonNull;

/* loaded from: classes4.dex */
public class PrtV2 {
    public static final int AGE_OF_PRT_BEFORE_REFRESH_IN_HOURS = 4;
    public static final int AGE_OF_SESSION_KEY_BEFORE_REFRESH_IN_DAYS = 60;
    private static final String TAG = "com.microsoft.identity.broker4j.broker.prtv2.PrtV2";
    public static final String WINDOWS_API_VERSION = "2.0";
    public static final String WINDOWS_API_VERSION_PARAM = "windows_api_version";
    public static final boolean sEnablePrtUpdateInAcquireTokenCall = false;
    private final long mAcquisitionTimeMillis;
    private final String mHomeAuthority;

    @NonNull
    private final String mIdToken;

    @NonNull
    private final String mRefreshToken;

    @Nullable
    private String mRequestAuthority;

    @NonNull
    private final IKeyEntry mSessionKey;
    private static final SecureRandom SECURE_RANDOM = new SecureRandom();
    private static final CryptoSuite PRT_SESSION_KEY_SUITE = new CryptoSuite() { // from class: com.microsoft.identity.broker4j.broker.prtv2.PrtV2.1
        @Override // com.microsoft.identity.common.java.crypto.CryptoSuite
        public Algorithm cipher() {
            return SymmetricAlgorithm.Builder.of("AES/GCM/NoPadding");
        }

        @Override // com.microsoft.identity.common.java.crypto.CryptoSuite
        public boolean isAsymmetric() {
            return false;
        }

        @Override // com.microsoft.identity.common.java.crypto.CryptoSuite
        public Class<? extends KeyStore.Entry> keyClass() {
            return KeyStore.SecretKeyEntry.class;
        }

        @Override // com.microsoft.identity.common.java.crypto.CryptoSuite
        public int keySize() {
            return 256;
        }

        @Override // com.microsoft.identity.common.java.crypto.CryptoSuite
        public String macName() {
            return "HmacSHA256";
        }

        @Override // com.microsoft.identity.common.java.crypto.CryptoSuite
        public SigningAlgorithm signingAlgorithm() {
            return null;
        }
    };

    /* loaded from: classes4.dex */
    public static class PrtV2Builder {
        private long acquisitionTimeMillis;
        private String homeAuthority;
        private String idToken;
        private String refreshToken;
        private String requestAuthority;
        private IKeyEntry sessionKey;

        PrtV2Builder() {
        }

        public PrtV2Builder acquisitionTimeMillis(long j) {
            this.acquisitionTimeMillis = j;
            return this;
        }

        public PrtV2 build() {
            return new PrtV2(this.refreshToken, this.idToken, this.sessionKey, this.homeAuthority, this.acquisitionTimeMillis, this.requestAuthority);
        }

        public PrtV2Builder homeAuthority(String str) {
            this.homeAuthority = str;
            return this;
        }

        public PrtV2Builder idToken(@NonNull String str) {
            if (str == null) {
                throw new NullPointerException("idToken is marked non-null but is null");
            }
            this.idToken = str;
            return this;
        }

        public PrtV2Builder refreshToken(@NonNull String str) {
            if (str == null) {
                throw new NullPointerException("refreshToken is marked non-null but is null");
            }
            this.refreshToken = str;
            return this;
        }

        public PrtV2Builder requestAuthority(@Nullable String str) {
            this.requestAuthority = str;
            return this;
        }

        public PrtV2Builder sessionKey(@NonNull IKeyEntry iKeyEntry) {
            if (iKeyEntry == null) {
                throw new NullPointerException("sessionKey is marked non-null but is null");
            }
            this.sessionKey = iKeyEntry;
            return this;
        }

        public String toString() {
            return "PrtV2.PrtV2Builder(refreshToken=" + this.refreshToken + ", idToken=" + this.idToken + ", sessionKey=" + this.sessionKey + ", homeAuthority=" + this.homeAuthority + ", acquisitionTimeMillis=" + this.acquisitionTimeMillis + ", requestAuthority=" + this.requestAuthority + ")";
        }
    }

    PrtV2(@NonNull String str, @NonNull String str2, @NonNull IKeyEntry iKeyEntry, String str3, long j, @Nullable String str4) {
        if (str == null) {
            throw new NullPointerException("refreshToken is marked non-null but is null");
        }
        if (str2 == null) {
            throw new NullPointerException("idToken is marked non-null but is null");
        }
        if (iKeyEntry == null) {
            throw new NullPointerException("sessionKey is marked non-null but is null");
        }
        this.mRefreshToken = str;
        this.mIdToken = str2;
        this.mSessionKey = iKeyEntry;
        this.mHomeAuthority = str3;
        this.mAcquisitionTimeMillis = j;
        this.mRequestAuthority = str4;
    }

    public static PrtV2Builder builder() {
        return new PrtV2Builder();
    }

    protected boolean canEqual(Object obj) {
        return obj instanceof PrtV2;
    }

    public boolean equals(Object obj) {
        if (obj == this) {
            return true;
        }
        if (!(obj instanceof PrtV2)) {
            return false;
        }
        PrtV2 prtV2 = (PrtV2) obj;
        if (!prtV2.canEqual(this)) {
            return false;
        }
        String refreshToken = getRefreshToken();
        String refreshToken2 = prtV2.getRefreshToken();
        if (refreshToken != null ? !refreshToken.equals(refreshToken2) : refreshToken2 != null) {
            return false;
        }
        String idToken = getIdToken();
        String idToken2 = prtV2.getIdToken();
        if (idToken != null ? !idToken.equals(idToken2) : idToken2 != null) {
            return false;
        }
        IKeyEntry sessionKey = getSessionKey();
        IKeyEntry sessionKey2 = prtV2.getSessionKey();
        if (sessionKey != null ? !sessionKey.equals(sessionKey2) : sessionKey2 != null) {
            return false;
        }
        String homeAuthority = getHomeAuthority();
        String homeAuthority2 = prtV2.getHomeAuthority();
        if (homeAuthority != null ? homeAuthority.equals(homeAuthority2) : homeAuthority2 == null) {
            return getAcquisitionTimeMillis() == prtV2.getAcquisitionTimeMillis();
        }
        return false;
    }

    public long getAcquisitionTimeMillis() {
        return this.mAcquisitionTimeMillis;
    }

    public String getAuthorityForAcquiringToken() throws ClientException {
        try {
            if (StringUtil.isNullOrEmpty(this.mRequestAuthority)) {
                throw new ClientException(ClientException.MISSING_PARAMETER, "Request Authority cannot be null");
            }
            URIBuilder uRIBuilder = new URIBuilder(this.mRequestAuthority);
            List<String> pathSegments = uRIBuilder.getPathSegments();
            if (pathSegments.size() == 0) {
                throw new ClientException(ErrorStrings.AUTHORITY_URL_NOT_VALID, "The URL does not contain path segment.");
            }
            String str = pathSegments.get(0);
            if (StringUtil.isNullOrEmpty(this.mHomeAuthority)) {
                Logger.warn(TAG, "PRT authority is null, using passed in authority " + this.mRequestAuthority);
                return this.mRequestAuthority;
            }
            URI build = uRIBuilder.build();
            if (build.getAuthority().equalsIgnoreCase(new URI(this.mHomeAuthority).getAuthority())) {
                return this.mRequestAuthority;
            }
            if (build.getAuthority().equalsIgnoreCase("login.microsoftonline.com") && (str.equalsIgnoreCase("common") || str.equalsIgnoreCase(AzureActiveDirectoryAudience.ORGANIZATIONS))) {
                return JoinedFlowUtil.convertToDefaultAuthority(this.mHomeAuthority);
            }
            Logger.warn(TAG, "Passed in authority host doesn't match with prt authority, request authority: " + this.mRequestAuthority + " ,prt authority: " + this.mHomeAuthority);
            throw new ClientException(ErrorStrings.AUTHORITY_URL_NOT_VALID, "Authority Url cloud passed in doesn't match with the device joined account cloud.");
        } catch (URISyntaxException e) {
            throw new ClientException("malformed_url", e.getMessage(), e);
        }
    }

    public String getHomeAuthority() {
        return this.mHomeAuthority;
    }

    @NonNull
    public String getIdToken() {
        return this.mIdToken;
    }

    @NonNull
    public String getRefreshToken() {
        return this.mRefreshToken;
    }

    @Nullable
    public String getRequestAuthority() {
        return this.mRequestAuthority;
    }

    @NonNull
    public IKeyEntry getSessionKey() {
        return this.mSessionKey;
    }

    @NonNull
    public String getSsoCookieFormat(@Nullable String str, byte[] bArr, @NonNull IKeyEntryAccessor iKeyEntryAccessor) throws ClientException {
        if (iKeyEntryAccessor == null) {
            throw new NullPointerException("derivedSessionKeyAccessor is marked non-null but is null");
        }
        TreeMap treeMap = new TreeMap();
        treeMap.put("ctx", Base64.encodeToString(bArr, 2));
        treeMap.put("alg", JwtRequestHeader.ALG_VALUE_HS256);
        TreeMap treeMap2 = new TreeMap();
        if (str != null) {
            treeMap2.put("request_nonce", str);
        } else {
            treeMap2.put(MicrosoftIdToken.ISSUED_AT, Long.toString(System.currentTimeMillis() / 1000));
        }
        treeMap2.put("refresh_token", this.mRefreshToken);
        treeMap2.put(MicrosoftIdToken.AUDIENCE, this.mHomeAuthority);
        Gson gson = new Gson();
        StringBuilder sb = new StringBuilder();
        String json = gson.toJson(treeMap);
        Charset charset = AuthenticationConstants.CHARSET_UTF8;
        sb.append(Base64.encodeToString(json.getBytes(charset), 3));
        sb.append(".");
        sb.append(Base64.encodeToString(gson.toJson(treeMap2).getBytes(charset), 3));
        String sb2 = sb.toString();
        return sb2 + "." + Base64.encodeToString(iKeyEntryAccessor.sign(sb2.getBytes(charset)), 3);
    }

    public String getUserEmail() {
        String idToken = getIdToken();
        if (StringUtil.isNullOrEmpty(idToken)) {
            Logger.warn(TAG + "getUserEmail", "Unable to get email from PRT as ID token not returned in prt response." + WorkplaceJoinFailure.INTERNAL.toString());
            return null;
        }
        try {
            IDToken iDToken = new IDToken(idToken);
            if (iDToken.getTokenClaims() == null) {
                return null;
            }
            return (String) iDToken.getTokenClaims().get("email");
        } catch (ServiceException | IllegalArgumentException e) {
            Logger.error(TAG + "getUserEmail", "Failed to create ID Token from raw id token" + WorkplaceJoinFailure.INTERNAL.toString(), e);
            return null;
        }
    }

    public int hashCode() {
        String refreshToken = getRefreshToken();
        int hashCode = refreshToken == null ? 43 : refreshToken.hashCode();
        String idToken = getIdToken();
        int hashCode2 = ((hashCode + 59) * 59) + (idToken == null ? 43 : idToken.hashCode());
        IKeyEntry sessionKey = getSessionKey();
        int hashCode3 = (hashCode2 * 59) + (sessionKey == null ? 43 : sessionKey.hashCode());
        String homeAuthority = getHomeAuthority();
        int i = hashCode3 * 59;
        int hashCode4 = homeAuthority != null ? homeAuthority.hashCode() : 43;
        long acquisitionTimeMillis = getAcquisitionTimeMillis();
        return ((i + hashCode4) * 59) + ((int) ((acquisitionTimeMillis >>> 32) ^ acquisitionTimeMillis));
    }

    public void setRequestAuthority(@Nullable String str) {
        this.mRequestAuthority = str;
    }

    public boolean shouldRefreshPrt() {
        return new Date().getTime() >= this.mAcquisitionTimeMillis + TimeUnit.HOURS.toMillis(4L);
    }
}
