package com.azure.authenticator.authentication.aad.task;

import android.text.TextUtils;
import com.azure.authenticator.PhoneFactorApplication;
import com.azure.authenticator.R;
import com.azure.authenticator.accounts.AadAccount;
import com.azure.authenticator.authentication.SessionResult;
import com.azure.authenticator.authentication.aad.AadTokenRefreshManager;
import com.azure.authenticator.authentication.aad.task.AbstractNgcSessionTask;
import com.azure.authenticator.logging.ExternalLogger;
import com.azure.authenticator.storage.database.LocalAccounts;
import com.azure.authenticator.telemetry.AppTelemetryConstants;
import com.azure.authenticator.ui.authentication.AadRemoteNgcSessionActivity;
import com.azure.workaccount.Broker;
import com.microsoft.aad.adal.unity.ADALError;
import com.microsoft.aad.adal.unity.AuthenticationException;
import com.microsoft.aad.adal.unity.AuthenticationResult;
import com.microsoft.authenticator.core.common.Assertion;
import com.microsoft.authenticator.core.telemetry.TelemetryConstants;
import com.microsoft.ngc.aad.NgcSession;
import com.microsoft.ngc.aad.RemoteAuthenticationManager;
import com.microsoft.ngc.aad.protocol.exception.AadServiceException;
import com.microsoft.ngc.aad.protocol.exception.MissingMetadataException;

/* loaded from: classes.dex */
public class DenyNgcSessionTask extends AbstractNgcSessionTask {
    private AadTokenRefreshManager _aadTokenRefreshManager;
    private String _accessToken;
    private AadAccount _account;
    private RemoteAuthenticationManager _remoteAuthenticationManager;

    public DenyNgcSessionTask(AadRemoteNgcSessionActivity aadRemoteNgcSessionActivity, NgcSession ngcSession, AbstractNgcSessionTask.INgcSessionResultCallback iNgcSessionResultCallback, AadAccount aadAccount) {
        this(aadRemoteNgcSessionActivity, ngcSession, iNgcSessionResultCallback, aadAccount, null);
    }

    public DenyNgcSessionTask(AadRemoteNgcSessionActivity aadRemoteNgcSessionActivity, NgcSession ngcSession, AbstractNgcSessionTask.INgcSessionResultCallback iNgcSessionResultCallback, AadAccount aadAccount, String str) {
        super(aadRemoteNgcSessionActivity, ngcSession, iNgcSessionResultCallback);
        Assertion.assertObjectNotNull(aadAccount, "aadAccount is null.");
        this._account = aadAccount;
        this._accessToken = str;
        this._aadTokenRefreshManager = new AadTokenRefreshManager(aadRemoteNgcSessionActivity.getApplicationContext());
        this._remoteAuthenticationManager = new RemoteAuthenticationManager(aadRemoteNgcSessionActivity.getApplicationContext(), Broker.getCloudEnvironment(), this._ngcSession.getTelemetry());
    }

    private SessionResult denySession() {
        Assertion.assertStringNotNullOrEmpty(this._accessToken, "AccessToken is empty.");
        try {
            this._remoteAuthenticationManager.denyNgcSession(this._account.getUsername(), this._account.getObjectId(), this._ngcSession, this._accessToken);
            return SessionResult.SUCCESS;
        } catch (AadServiceException e) {
            if (e.getUserFacingErrorMessageResourceId() == R.string.aad_remote_ngc_error_with_code) {
                this._userFacingErrorMessage = String.format(this._weakParentActivity.get().getString(e.getUserFacingErrorMessageResourceId()), e.getErrorCode());
            } else {
                this._userFacingErrorMessage = this._weakParentActivity.get().getString(e.getUserFacingErrorMessageResourceId());
            }
            ExternalLogger.e("Error in deny session request.", e);
            this._ngcSession.getTelemetry().logFailureResult(e);
            return SessionResult.FAILURE;
        } catch (MissingMetadataException e2) {
            ExternalLogger.i("Missing metadata in cache.");
            PhoneFactorApplication.telemetry.trackEvent(AppTelemetryConstants.Events.AadDiscoveryMetadataMissing, e2);
            this._userFacingErrorMessage = this._weakParentActivity.get().getString(e2.getUserFacingErrorMessageResourceId());
            return SessionResult.FAILURE;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // android.os.AsyncTask
    public SessionResult doInBackground(Void... voidArr) {
        if (this._weakParentActivity.get() != null) {
            if (this._accessToken != null) {
                return denySession();
            }
            try {
                AuthenticationResult tokenSilently = this._aadTokenRefreshManager.getTokenSilently(this._account.getUsername(), this._account.getObjectId(), AadTokenRefreshManager.ESTS_RESOURCE_ID);
                if (tokenSilently != null && tokenSilently.getAccessToken() != null && tokenSilently.getStatus() == AuthenticationResult.AuthenticationStatus.Succeeded) {
                    this._accessToken = tokenSilently.getAccessToken();
                    if (TextUtils.isEmpty(tokenSilently.getTenantId()) && isActivityContextValid()) {
                        this._account.setTenantId(tokenSilently.getTenantId());
                        LocalAccounts.updateTenantIdForAadAccount(this._weakParentActivity.get(), this._account.getId(), tokenSilently.getTenantId());
                    }
                    return denySession();
                }
            } catch (AuthenticationException e) {
                if (e.getCode() == ADALError.AUTH_REFRESH_FAILED_PROMPT_NOT_ALLOWED) {
                    return SessionResult.TOKEN_REQUIRED;
                }
            } catch (MissingMetadataException e2) {
                ExternalLogger.i("Missing metadata in cache.");
                PhoneFactorApplication.telemetry.trackEvent(AppTelemetryConstants.Events.AadDiscoveryMetadataMissing, e2);
                return SessionResult.TOKEN_REQUIRED;
            }
        }
        this._ngcSession.getTelemetry().logFailureResult(TelemetryConstants.Properties.Unexpected);
        return SessionResult.FAILURE;
    }
}
