package com.microsoft.identity.broker4j.broker.prt.prtv3;

import com.microsoft.identity.broker4j.broker.MicrosoftStsNonceUtil;
import com.microsoft.identity.broker4j.broker.platform.components.IBrokerPlatformComponents;
import com.microsoft.identity.broker4j.broker.prt.IAcquirePrtStrategy;
import com.microsoft.identity.broker4j.broker.prt.PRT;
import com.microsoft.identity.broker4j.broker.prt.PrtConstants;
import com.microsoft.identity.broker4j.broker.prt.PrtProtocolVersion;
import com.microsoft.identity.broker4j.broker.prt.SessionKeyUtil;
import com.microsoft.identity.broker4j.opentelemetry.AttributeName;
import com.microsoft.identity.broker4j.workplacejoin.data.WorkplaceJoinData;
import com.microsoft.identity.broker4j.workplacejoin.exception.WorkplaceJoinException;
import com.microsoft.identity.common.java.authorities.Authority;
import com.microsoft.identity.common.java.authscheme.BearerAuthenticationSchemeInternal;
import com.microsoft.identity.common.java.commands.parameters.BrokerSilentTokenCommandParameters;
import com.microsoft.identity.common.java.controllers.ExceptionAdapter;
import com.microsoft.identity.common.java.exception.BaseException;
import com.microsoft.identity.common.java.exception.ClientException;
import com.microsoft.identity.common.java.exception.ErrorStrings;
import com.microsoft.identity.common.java.jwt.IJwtRequestSigner;
import com.microsoft.identity.common.java.jwt.JwtRequestBody;
import com.microsoft.identity.common.java.logging.Logger;
import com.microsoft.identity.common.java.opentelemetry.SpanExtension;
import com.microsoft.identity.common.java.providers.microsoft.microsoftsts.MicrosoftStsOAuth2Strategy;
import com.microsoft.identity.common.java.providers.microsoft.microsoftsts.MicrosoftStsTokenRequest;
import com.microsoft.identity.common.java.providers.microsoft.microsoftsts.MicrosoftStsTokenResponse;
import com.microsoft.identity.common.java.providers.oauth2.OAuth2StrategyParameters;
import com.microsoft.identity.common.java.providers.oauth2.TokenRequest;
import com.microsoft.identity.common.java.providers.oauth2.TokenResult;
import com.microsoft.identity.common.java.request.SdkType;
import com.microsoft.identity.common.java.util.StringUtil;
import io.opentelemetry.api.trace.Span;
import java.io.IOException;
import java.security.cert.CertificateEncodingException;
import java.util.Date;
import java.util.HashMap;
import java.util.UUID;
import lombok.NonNull;

/* loaded from: classes3.dex */
public abstract class AbstractRegisteredDevicePrtV3Strategy implements IAcquirePrtStrategy<BrokerSilentTokenCommandParameters> {
    public static final String TAG = "AbstractRegisteredDevicePrtV3Strategy";

    @NonNull
    protected final IBrokerPlatformComponents mBrokerPlatformComponents;

    @NonNull
    private final IJwtRequestSigner mJwtRequestSigner;
    private MicrosoftStsOAuth2Strategy mOAuth2Strategy;

    @NonNull
    private final PrtProtocolVersion mPrtProtocolVersion = PrtProtocolVersion.V3_0;

    @NonNull
    private final WorkplaceJoinData mWpjData;

    public AbstractRegisteredDevicePrtV3Strategy(@NonNull IBrokerPlatformComponents iBrokerPlatformComponents, @NonNull IJwtRequestSigner iJwtRequestSigner, @NonNull WorkplaceJoinData workplaceJoinData) {
        if (iBrokerPlatformComponents == null) {
            throw new NullPointerException("brokerPlatformComponents is marked non-null but is null");
        }
        if (iJwtRequestSigner == null) {
            throw new NullPointerException("jwtRequestSigner is marked non-null but is null");
        }
        if (workplaceJoinData == null) {
            throw new NullPointerException("wpjData is marked non-null but is null");
        }
        this.mBrokerPlatformComponents = iBrokerPlatformComponents;
        this.mJwtRequestSigner = iJwtRequestSigner;
        this.mWpjData = workplaceJoinData;
    }

    private JwtRequestBody getJwtBody(@NonNull String str) throws ClientException {
        if (str == null) {
            throw new NullPointerException("correlationId is marked non-null but is null");
        }
        JwtRequestBody jwtRequestBody = new JwtRequestBody();
        jwtRequestBody.setClientId("29d9ed98-a469-4536-ade2-f981bc1d605e");
        jwtRequestBody.setJwtScope(PrtConstants.PRT_UPDATE_SCOPES);
        jwtRequestBody.setIssuer("29d9ed98-a469-4536-ade2-f981bc1d605e");
        jwtRequestBody.setGrantType("refresh_token");
        jwtRequestBody.setRefreshToken(getRefreshTokenClaim(str));
        jwtRequestBody.setAudience(getHomeAuthority().getAuthorityURL().toString());
        jwtRequestBody.setNonce(MicrosoftStsNonceUtil.getNonce(getHomeAuthority().getAuthorityURL().toString(), str));
        return jwtRequestBody;
    }

    @Override // com.microsoft.identity.common.java.providers.microsoft.microsoftsts.IAcquireMicrosoftStsTokenStrategy
    public TokenResult acquireToken(@NonNull MicrosoftStsTokenRequest microsoftStsTokenRequest) throws ClientException {
        if (microsoftStsTokenRequest == null) {
            throw new NullPointerException("tokenRequest is marked non-null but is null");
        }
        try {
            return this.mOAuth2Strategy.requestToken(microsoftStsTokenRequest);
        } catch (IOException e) {
            throw ExceptionAdapter.clientExceptionFromException(e);
        }
    }

    @Override // com.microsoft.identity.common.java.providers.microsoft.microsoftsts.IAcquireMicrosoftStsTokenStrategy
    public MicrosoftStsTokenRequest createTokenRequest(@NonNull BrokerSilentTokenCommandParameters brokerSilentTokenCommandParameters) throws BaseException {
        if (brokerSilentTokenCommandParameters == null) {
            throw new NullPointerException("parameters is marked non-null but is null");
        }
        String str = TAG + ":createTokenRequest";
        MicrosoftStsTokenRequest microsoftStsTokenRequest = new MicrosoftStsTokenRequest();
        microsoftStsTokenRequest.setGrantType(TokenRequest.GrantTypes.JWT_BEARER);
        microsoftStsTokenRequest.setPKeyAuthHeaderAllowed(brokerSilentTokenCommandParameters.isPKeyAuthHeaderAllowed());
        microsoftStsTokenRequest.setBrokerVersion(brokerSilentTokenCommandParameters.getBrokerVersion());
        microsoftStsTokenRequest.setClientAppVersion(brokerSilentTokenCommandParameters.getApplicationVersion());
        microsoftStsTokenRequest.setClientAppName(brokerSilentTokenCommandParameters.getApplicationName());
        microsoftStsTokenRequest.setCorrelationId(UUID.fromString(brokerSilentTokenCommandParameters.getCorrelationId()));
        microsoftStsTokenRequest.setScope(PrtConstants.PRT_UPDATE_SCOPES);
        if (brokerSilentTokenCommandParameters.getSdkType() == SdkType.ADAL) {
            microsoftStsTokenRequest.setIdTokenVersion("1");
        }
        try {
            String signedJwt = this.mJwtRequestSigner.getSignedJwt(getJwtBody(brokerSilentTokenCommandParameters.getCorrelationId()));
            HashMap hashMap = new HashMap();
            hashMap.put(PrtConstants.REQUEST_JWT_KEY, signedJwt);
            hashMap.put("prt_protocol_version", this.mPrtProtocolVersion.getValue());
            microsoftStsTokenRequest.setExtraParameters(hashMap.entrySet());
            OAuth2StrategyParameters build = OAuth2StrategyParameters.builder().platformComponents(this.mBrokerPlatformComponents).authenticationScheme(new BearerAuthenticationSchemeInternal()).build();
            Authority homeAuthority = getHomeAuthority();
            homeAuthority.setSlice(brokerSilentTokenCommandParameters.getAuthority().getSlice());
            this.mOAuth2Strategy = (MicrosoftStsOAuth2Strategy) homeAuthority.createOAuth2Strategy(build);
            return microsoftStsTokenRequest;
        } catch (CertificateEncodingException e) {
            Logger.info(str, "Unable to retrieve encoded certificate to sign the JWT");
            throw new ClientException(ErrorStrings.CERTIFICATE_ENCODING_ERROR, "Unable to retrieve encoded certificate to sign the JWT", e);
        }
    }

    @Override // com.microsoft.identity.broker4j.broker.prt.IAcquirePrtStrategy
    public PRT extractPrtFromTokenResponse(@NonNull MicrosoftStsTokenResponse microsoftStsTokenResponse) throws ClientException {
        if (microsoftStsTokenResponse == null) {
            throw new NullPointerException("prtTokenResponse is marked non-null but is null");
        }
        String str = TAG + ":createPrt";
        String idToken = microsoftStsTokenResponse.getIdToken();
        String refreshToken = microsoftStsTokenResponse.getRefreshToken();
        String sessionKeyJwe = microsoftStsTokenResponse.getSessionKeyJwe();
        Span current = SpanExtension.current();
        current.setAttribute(AttributeName.prt_response_rt_present.name(), !StringUtil.isNullOrEmpty(refreshToken));
        current.setAttribute(AttributeName.prt_response_id_present.name(), !StringUtil.isNullOrEmpty(idToken));
        current.setAttribute(AttributeName.prt_response_session_key_jwe_present.name(), !StringUtil.isNullOrEmpty(sessionKeyJwe));
        try {
            return PRT.builder().refreshToken(refreshToken).sessionKey(this.mBrokerPlatformComponents.getBrokerKeyFactory().getSessionKeyLoader().generateSessionKey(SessionKeyUtil.extractRawSessionKey(sessionKeyJwe), this.mWpjData.getCertificateData().getSessionTransportKey())).idToken(idToken).acquisitionTimeMillis(new Date().getTime()).homeAuthority(microsoftStsTokenResponse.getAuthority()).clientInfo(microsoftStsTokenResponse.getClientInfo()).isRegisteredDevicePrt(true).deviceId(this.mWpjData.getDeviceId()).prtProtocolVersion(this.mPrtProtocolVersion.getValue()).build();
        } catch (WorkplaceJoinException e) {
            Logger.info(str, "Unable to get device id from WPJ data: " + e.getMessage());
            throw new ClientException("unknown_error", e.getMessage());
        }
    }

    protected abstract Authority getHomeAuthority();

    protected abstract String getRefreshTokenClaim(@NonNull String str) throws ClientException;
}
