package com.microsoft.identity.broker4j.broker.prt.prtv3;

import com.microsoft.identity.broker4j.broker.BrokerUtil;
import com.microsoft.identity.broker4j.broker.MicrosoftStsJweOAuth2Strategy;
import com.microsoft.identity.broker4j.broker.MicrosoftStsNonceUtil;
import com.microsoft.identity.broker4j.broker.platform.components.IBrokerPlatformComponents;
import com.microsoft.identity.broker4j.broker.prt.IAcquirePrtStrategy;
import com.microsoft.identity.broker4j.broker.prt.PRT;
import com.microsoft.identity.broker4j.broker.prt.PrtConstants;
import com.microsoft.identity.broker4j.broker.prt.PrtProtocolVersion;
import com.microsoft.identity.broker4j.broker.prt.PrtUtils;
import com.microsoft.identity.common.java.AuthenticationConstants;
import com.microsoft.identity.common.java.authorities.Authority;
import com.microsoft.identity.common.java.authorities.AzureActiveDirectoryAuthority;
import com.microsoft.identity.common.java.authscheme.AbstractAuthenticationScheme;
import com.microsoft.identity.common.java.authscheme.PopAuthenticationSchemeInternal;
import com.microsoft.identity.common.java.authscheme.PopAuthenticationSchemeWithClientKeyInternal;
import com.microsoft.identity.common.java.commands.parameters.BrokerSilentTokenCommandParameters;
import com.microsoft.identity.common.java.controllers.ExceptionAdapter;
import com.microsoft.identity.common.java.crypto.IDevicePopManager;
import com.microsoft.identity.common.java.exception.BaseException;
import com.microsoft.identity.common.java.exception.ClientException;
import com.microsoft.identity.common.java.exception.ErrorStrings;
import com.microsoft.identity.common.java.jwt.IJweResponseDecryptor;
import com.microsoft.identity.common.java.jwt.IJwtRequestSigner;
import com.microsoft.identity.common.java.jwt.JwtRequestBody;
import com.microsoft.identity.common.java.logging.Logger;
import com.microsoft.identity.common.java.providers.microsoft.microsoftsts.MicrosoftStsOAuth2Configuration;
import com.microsoft.identity.common.java.providers.microsoft.microsoftsts.MicrosoftStsOAuth2Strategy;
import com.microsoft.identity.common.java.providers.microsoft.microsoftsts.MicrosoftStsTokenRequest;
import com.microsoft.identity.common.java.providers.microsoft.microsoftsts.MicrosoftStsTokenResponse;
import com.microsoft.identity.common.java.providers.oauth2.OAuth2StrategyParameters;
import com.microsoft.identity.common.java.providers.oauth2.TokenRequest;
import com.microsoft.identity.common.java.providers.oauth2.TokenResult;
import com.microsoft.identity.common.java.request.SdkType;
import com.microsoft.identity.common.java.util.StringUtil;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.URL;
import java.security.cert.CertificateEncodingException;
import java.util.Date;
import java.util.HashMap;
import java.util.Set;
import java.util.UUID;
import java.util.concurrent.TimeUnit;
import lombok.NonNull;

/* loaded from: classes3.dex */
public class AcquireATAndPrtV3Strategy implements IAcquirePrtStrategy<BrokerSilentTokenCommandParameters> {
    private static final String TAG = "AcquireATAndPrtV3Strategy";

    @NonNull
    private final IBrokerPlatformComponents mBrokerPlatformComponents;

    @NonNull
    private final PRT mCurrentPrt;
    private final boolean mFetchPrtWithAt;

    @NonNull
    private final IJweResponseDecryptor mJweResponseDecryptor;

    @NonNull
    private final IJwtRequestSigner mJwtRequestSigner;
    private MicrosoftStsOAuth2Strategy mOAuth2Strategy;

    @NonNull
    final PrtProtocolVersion mPrtProtocolVersion = PrtProtocolVersion.V3_0;

    public AcquireATAndPrtV3Strategy(@NonNull IBrokerPlatformComponents iBrokerPlatformComponents, @NonNull PRT prt, @NonNull IJweResponseDecryptor iJweResponseDecryptor, @NonNull IJwtRequestSigner iJwtRequestSigner, boolean z) {
        if (iBrokerPlatformComponents == null) {
            throw new NullPointerException("brokerPlatformComponents is marked non-null but is null");
        }
        if (prt == null) {
            throw new NullPointerException("currentPrt is marked non-null but is null");
        }
        if (iJweResponseDecryptor == null) {
            throw new NullPointerException("jweResponseDecryptor is marked non-null but is null");
        }
        if (iJwtRequestSigner == null) {
            throw new NullPointerException("jwtRequestSigner is marked non-null but is null");
        }
        this.mBrokerPlatformComponents = iBrokerPlatformComponents;
        this.mCurrentPrt = prt;
        this.mJweResponseDecryptor = iJweResponseDecryptor;
        this.mJwtRequestSigner = iJwtRequestSigner;
        this.mFetchPrtWithAt = z;
    }

    private MicrosoftStsJweOAuth2Strategy createMicrosoftStsJweOAuth2Strategy(@NonNull MicrosoftStsOAuth2Configuration microsoftStsOAuth2Configuration, @NonNull AbstractAuthenticationScheme abstractAuthenticationScheme) throws ClientException {
        if (microsoftStsOAuth2Configuration == null) {
            throw new NullPointerException("config is marked non-null but is null");
        }
        if (abstractAuthenticationScheme != null) {
            return new MicrosoftStsJweOAuth2Strategy(microsoftStsOAuth2Configuration, OAuth2StrategyParameters.builder().platformComponents(this.mBrokerPlatformComponents).authenticationScheme(abstractAuthenticationScheme).build(), this.mJweResponseDecryptor);
        }
        throw new NullPointerException("authenticationScheme is marked non-null but is null");
    }

    private MicrosoftStsOAuth2Configuration createOAuth2Config(@NonNull BrokerSilentTokenCommandParameters brokerSilentTokenCommandParameters, @NonNull String str) {
        if (brokerSilentTokenCommandParameters == null) {
            throw new NullPointerException("parameters is marked non-null but is null");
        }
        if (str == null) {
            throw new NullPointerException("acquireTokenAuthority is marked non-null but is null");
        }
        MicrosoftStsOAuth2Configuration microsoftStsOAuth2Configuration = new MicrosoftStsOAuth2Configuration();
        Authority authorityFromAuthorityUrl = Authority.getAuthorityFromAuthorityUrl(str);
        microsoftStsOAuth2Configuration.setAuthorityUrl(authorityFromAuthorityUrl.getAuthorityURL());
        microsoftStsOAuth2Configuration.setSlice(brokerSilentTokenCommandParameters.getAuthority().getSlice());
        if (brokerSilentTokenCommandParameters.getFlightInformation() != null) {
            microsoftStsOAuth2Configuration.setFlightParameters(brokerSilentTokenCommandParameters.getFlightInformation());
        }
        if (authorityFromAuthorityUrl instanceof AzureActiveDirectoryAuthority) {
            microsoftStsOAuth2Configuration.setMultipleCloudsSupported(((AzureActiveDirectoryAuthority) authorityFromAuthorityUrl).isMultipleCloudsSupported());
        }
        return microsoftStsOAuth2Configuration;
    }

    private String getSignedJwt(@NonNull BrokerSilentTokenCommandParameters brokerSilentTokenCommandParameters, @NonNull URL url) throws ClientException {
        if (brokerSilentTokenCommandParameters == null) {
            throw new NullPointerException("parameters is marked non-null but is null");
        }
        if (url == null) {
            throw new NullPointerException("tokenEndpointUrl is marked non-null but is null");
        }
        String str = TAG + ":getSignedJwt";
        JwtRequestBody jwtRequestBody = new JwtRequestBody();
        jwtRequestBody.setIssuer("29d9ed98-a469-4536-ade2-f981bc1d605e");
        jwtRequestBody.setGrantType("refresh_token");
        jwtRequestBody.setRefreshToken(this.mCurrentPrt.getRefreshToken());
        Set<String> scopes = brokerSilentTokenCommandParameters.getScopes();
        scopes.addAll(AuthenticationConstants.DEFAULT_SCOPES);
        if (this.mFetchPrtWithAt) {
            Logger.info(str, "Adding 'aza' scope to request new PRT along with AT.");
            scopes.add("aza");
        }
        jwtRequestBody.setJwtScope(StringUtil.join(" ", scopes));
        jwtRequestBody.setClientId(brokerSilentTokenCommandParameters.getClientId());
        jwtRequestBody.setRedirectUri(brokerSilentTokenCommandParameters.getRedirectUri());
        jwtRequestBody.setAudience(url.toString());
        long seconds = TimeUnit.MILLISECONDS.toSeconds(System.currentTimeMillis());
        jwtRequestBody.setIat(seconds);
        jwtRequestBody.setNBF(seconds);
        jwtRequestBody.setExp(seconds, 300L);
        jwtRequestBody.setNonce(MicrosoftStsNonceUtil.getNonce(url, brokerSilentTokenCommandParameters.getCorrelationId()));
        try {
            return this.mJwtRequestSigner.getSignedJwt(jwtRequestBody);
        } catch (CertificateEncodingException e) {
            throw new ClientException(ErrorStrings.CERTIFICATE_ENCODING_ERROR, "Unable to retrieve encoded certificate to sign the JWT", e);
        }
    }

    @Override // com.microsoft.identity.common.java.providers.microsoft.microsoftsts.IAcquireMicrosoftStsTokenStrategy
    public TokenResult acquireToken(@NonNull MicrosoftStsTokenRequest microsoftStsTokenRequest) throws ClientException {
        if (microsoftStsTokenRequest == null) {
            throw new NullPointerException("tokenRequest is marked non-null but is null");
        }
        try {
            return this.mOAuth2Strategy.requestToken(microsoftStsTokenRequest);
        } catch (IOException e) {
            throw ExceptionAdapter.clientExceptionFromException(e);
        }
    }

    @Override // com.microsoft.identity.common.java.providers.microsoft.microsoftsts.IAcquireMicrosoftStsTokenStrategy
    public MicrosoftStsTokenRequest createTokenRequest(@NonNull BrokerSilentTokenCommandParameters brokerSilentTokenCommandParameters) throws BaseException {
        if (brokerSilentTokenCommandParameters == null) {
            throw new NullPointerException("parameters is marked non-null but is null");
        }
        String str = TAG + ":createTokenRequest";
        MicrosoftStsTokenRequest microsoftStsTokenRequest = new MicrosoftStsTokenRequest();
        microsoftStsTokenRequest.setGrantType(TokenRequest.GrantTypes.JWT_BEARER);
        microsoftStsTokenRequest.setClientAppName(brokerSilentTokenCommandParameters.getCallerPackageName());
        microsoftStsTokenRequest.setClientAppVersion(brokerSilentTokenCommandParameters.getCallerAppVersion());
        microsoftStsTokenRequest.setBrokerVersion(brokerSilentTokenCommandParameters.getBrokerVersion());
        microsoftStsTokenRequest.setCorrelationId(UUID.fromString(brokerSilentTokenCommandParameters.getCorrelationId()));
        microsoftStsTokenRequest.setClaims(brokerSilentTokenCommandParameters.getClaimsRequestJson());
        microsoftStsTokenRequest.setPKeyAuthHeaderAllowed(brokerSilentTokenCommandParameters.isPKeyAuthHeaderAllowed());
        microsoftStsTokenRequest.setRedirectUri(brokerSilentTokenCommandParameters.getRedirectUri());
        if (brokerSilentTokenCommandParameters.getSdkType() == SdkType.ADAL) {
            microsoftStsTokenRequest.setIdTokenVersion("1");
        }
        if (brokerSilentTokenCommandParameters.getAuthenticationScheme() instanceof PopAuthenticationSchemeInternal) {
            microsoftStsTokenRequest.setTokenType(TokenRequest.TokenType.POP);
            IDevicePopManager defaultDevicePopManager = this.mBrokerPlatformComponents.getDefaultDevicePopManager();
            if (!defaultDevicePopManager.asymmetricKeyExists()) {
                defaultDevicePopManager.generateAsymmetricKey();
            }
            microsoftStsTokenRequest.setRequestConfirmation(defaultDevicePopManager.getRequestConfirmation());
        } else if (brokerSilentTokenCommandParameters.getAuthenticationScheme() instanceof PopAuthenticationSchemeWithClientKeyInternal) {
            microsoftStsTokenRequest.setTokenType(TokenRequest.TokenType.POP);
            microsoftStsTokenRequest.setRequestConfirmation(((PopAuthenticationSchemeWithClientKeyInternal) brokerSilentTokenCommandParameters.getAuthenticationScheme()).getRequestConfirmation());
        }
        if (!StringUtil.isNullOrEmpty(brokerSilentTokenCommandParameters.getMamEnrollmentId())) {
            microsoftStsTokenRequest.setMicrosoftEnrollmentId(brokerSilentTokenCommandParameters.getMamEnrollmentId());
        } else if (!StringUtil.isNullOrEmpty(brokerSilentTokenCommandParameters.getCallerPackageName())) {
            try {
                String microsoftEnrollmentId = BrokerUtil.getMicrosoftEnrollmentId(brokerSilentTokenCommandParameters.getLocalAccountId(), brokerSilentTokenCommandParameters.getHomeAccountId(), brokerSilentTokenCommandParameters.getPlatformComponents(), brokerSilentTokenCommandParameters.getCallerPackageName());
                if (!StringUtil.isNullOrEmpty(microsoftEnrollmentId)) {
                    microsoftStsTokenRequest.setMicrosoftEnrollmentId(microsoftEnrollmentId);
                }
            } catch (UnsupportedEncodingException e) {
                Logger.info(str, "Unable to fetch enrollment Id");
                throw new ClientException("unsupported_encoding", "Unable to fetch enrollment Id. " + e.getMessage());
            }
        }
        MicrosoftStsOAuth2Configuration createOAuth2Config = createOAuth2Config(brokerSilentTokenCommandParameters, PrtUtils.getAuthorityForAcquiringToken(brokerSilentTokenCommandParameters.getAuthority().getAuthorityURL().toString(), this.mCurrentPrt.getHomeAuthority()));
        String signedJwt = getSignedJwt(brokerSilentTokenCommandParameters, createOAuth2Config.getTokenEndpoint());
        HashMap hashMap = new HashMap();
        hashMap.put(PrtConstants.REQUEST_JWT_KEY, signedJwt);
        hashMap.put("prt_protocol_version", this.mPrtProtocolVersion.getValue());
        microsoftStsTokenRequest.setExtraParameters(hashMap.entrySet());
        this.mOAuth2Strategy = createMicrosoftStsJweOAuth2Strategy(createOAuth2Config, brokerSilentTokenCommandParameters.getAuthenticationScheme());
        return microsoftStsTokenRequest;
    }

    @Override // com.microsoft.identity.broker4j.broker.prt.IAcquirePrtStrategy
    public PRT extractPrtFromTokenResponse(@NonNull MicrosoftStsTokenResponse microsoftStsTokenResponse) throws ClientException {
        if (microsoftStsTokenResponse == null) {
            throw new NullPointerException("tokenResponse is marked non-null but is null");
        }
        if (!this.mFetchPrtWithAt) {
            throw new IllegalStateException("We did not acquire PRT. Can't proceed with extracting PRT from response");
        }
        String idToken = microsoftStsTokenResponse.getIdToken();
        String refreshToken = microsoftStsTokenResponse.getRefreshToken();
        return PRT.builder().refreshToken(refreshToken).sessionKey(this.mCurrentPrt.getSessionKey()).idToken(idToken).acquisitionTimeMillis(new Date().getTime()).homeAuthority(microsoftStsTokenResponse.getAuthority()).isRegisteredDevicePrt(this.mCurrentPrt.isRegisteredDevicePrt()).clientInfo(microsoftStsTokenResponse.getClientInfo()).deviceId(this.mCurrentPrt.getDeviceId()).prtProtocolVersion(this.mPrtProtocolVersion.getValue()).build();
    }
}
