package com.azure.authenticator.authentication.mfa;

import android.content.Context;
import android.os.Build;
import android.text.TextUtils;
import com.azure.authenticator.PhoneFactorApplication;
import com.azure.authenticator.accounts.AadAccount;
import com.azure.authenticator.authentication.OtpGenerator;
import com.azure.authenticator.authentication.mfa.protocol.request.AuthenticationRequest;
import com.azure.authenticator.authentication.mfa.protocol.request.AuthenticationResultRequest;
import com.azure.authenticator.authentication.mfa.protocol.request.CheckForAuthenticationRequest;
import com.azure.authenticator.authentication.mfa.protocol.request.PinChangeRequest;
import com.azure.authenticator.authentication.mfa.protocol.request.PinValidationRequest;
import com.azure.authenticator.authentication.mfa.protocol.request.RequestCreationException;
import com.azure.authenticator.authentication.mfa.protocol.response.AuthenticationResponse;
import com.azure.authenticator.authentication.mfa.protocol.response.AuthenticationResultResponse;
import com.azure.authenticator.authentication.mfa.protocol.response.CheckForAuthenticationResponse;
import com.azure.authenticator.authentication.mfa.protocol.response.PinChangeResponse;
import com.azure.authenticator.authentication.mfa.protocol.response.PinValidationResponse;
import com.azure.authenticator.authentication.mfa.protocol.response.ResponseParserException;
import com.azure.authenticator.common.Util;
import com.azure.authenticator.logging.ExternalLogger;
import com.azure.authenticator.storage.Storage;
import com.azure.authenticator.storage.database.AccountsSQLiteDatabase;
import com.azure.authenticator.storage.database.LocalAccounts;
import com.azure.authenticator.telemetry.AppTelemetryConstants;
import com.azure.authenticator.telemetry.MfaAuthenticationTimeTelemetry;
import com.microsoft.authenticator.core.common.Strings;
import java.net.SocketTimeoutException;
import java.util.HashMap;
import java.util.List;

/* loaded from: classes.dex */
public class AuthenticationManager {
    private final PhoneFactorApplication _app;
    private final Context _context;
    private final String _fcmRegistrationId;
    private final PendingAuthentication _pendingAuthentication;
    private final Storage _storage;

    /* loaded from: classes.dex */
    public enum AuthResponseEnum {
        ERROR_COMMUNICATION,
        ERROR_REQUEST_CREATION,
        ERROR_RESPONSE_PARSING,
        AUTH_DENIED,
        AUTH_SUCCESSFUL,
        AUTH_TIMEOUT,
        FRAUD_BLOCKED,
        FRAUD_NOT_BLOCKED,
        NO_PENDING_AUTHENTICATIONS_FOUND,
        ERROR_REQUEST_TIMEOUT,
        ERROR_TIMEOUT,
        ERROR_UNKNOWN_ACCOUNT,
        PIN_CHANGE,
        PIN_ERROR_RETRY,
        PIN_ERROR_ALL_SAME_DIGIT,
        PIN_ERROR_HISTORY_DUPLICATE,
        PIN_ERROR_MINIMUM_LENGTH,
        PIN_ERROR_SEQUENTIAL_DIGITS,
        PIN_ERROR_SUBSET_OF_PHONE,
        PIN_ERROR_CHANGE_FAILURE
    }

    public AuthenticationManager(Context context) {
        this(context, null);
    }

    public AuthenticationManager(Context context, PendingAuthentication pendingAuthentication) {
        this._context = context;
        this._storage = new Storage(context.getApplicationContext());
        this._app = (PhoneFactorApplication) context.getApplicationContext();
        this._fcmRegistrationId = this._storage.readNotificationRegistrationId();
        this._pendingAuthentication = pendingAuthentication;
    }

    private AuthResponseEnum handleAuthResultResponse(AuthRequestDetails authRequestDetails, AuthenticationResultRequest.AuthenticationResultRequestEnum authenticationResultRequestEnum, AuthenticationResultResponse authenticationResultResponse) {
        this._pendingAuthentication.getMfaAuthenticationTimeTelemetry().logRequestEnd(MfaAuthenticationTimeTelemetry.MfaRequest.AUTH_RESULT);
        if (!authenticationResultResponse.getResult()) {
            ExternalLogger.i("Auth result response.getResult() = false; denied");
            return AuthResponseEnum.AUTH_DENIED;
        }
        switch (authenticationResultRequestEnum) {
            case AUTHENTICATE:
                ExternalLogger.i("Approved");
                return AuthResponseEnum.AUTH_SUCCESSFUL;
            case DENY:
                ExternalLogger.i("Denied");
                return AuthResponseEnum.AUTH_DENIED;
            case FRAUD:
                if (authRequestDetails.getFraudBlock()) {
                    ExternalLogger.i("Fraud: blocked");
                    return AuthResponseEnum.FRAUD_BLOCKED;
                }
                ExternalLogger.i("Fraud: not blocked");
                return AuthResponseEnum.FRAUD_NOT_BLOCKED;
            case PIN_NOT_CHANGED:
                ExternalLogger.i("PIN not changed");
                return AuthResponseEnum.AUTH_DENIED;
            default:
                ExternalLogger.e("Unexpected result: " + authenticationResultRequestEnum);
                return AuthResponseEnum.AUTH_DENIED;
        }
    }

    private GetAuthRequestResult handleGetAuthRequestResponse(AuthenticationResponse authenticationResponse) {
        boolean z;
        this._pendingAuthentication.getMfaAuthenticationTimeTelemetry().setTenantId(authenticationResponse.getTenantId());
        this._pendingAuthentication.getMfaAuthenticationTimeTelemetry().logRequestEnd(MfaAuthenticationTimeTelemetry.MfaRequest.AUTH);
        if (authenticationResponse.getDosPreventer().length() > 0) {
            ExternalLogger.i("Updating dosPreventer");
            this._storage.writeDosPreventer(authenticationResponse.getDosPreventer());
            this._storage.writeInvalidDosPreventer(false);
        }
        String pushNotificationDeviceToken = authenticationResponse.getPushNotificationDeviceToken();
        String readActivatedNotificationRegistrationId = this._storage.readActivatedNotificationRegistrationId();
        ExternalLogger.i("Current FCM registration ID:     " + Strings.getTrimmedStringForLogging(this._fcmRegistrationId));
        ExternalLogger.i("Activated FCM registration ID:   " + Strings.getTrimmedStringForLogging(readActivatedNotificationRegistrationId));
        ExternalLogger.i("FCM registration ID in response: " + Strings.getTrimmedStringForLogging(pushNotificationDeviceToken));
        if (TextUtils.isEmpty(pushNotificationDeviceToken) || TextUtils.isEmpty(this._fcmRegistrationId) || this._fcmRegistrationId.equals(pushNotificationDeviceToken) || TextUtils.isEmpty(this._storage.readDosPreventer()) || TextUtils.isEmpty(readActivatedNotificationRegistrationId)) {
            z = false;
        } else {
            ExternalLogger.i("forceDeviceTokenChange = true");
            this._storage.writeActivatedNotificationRegistrationId(pushNotificationDeviceToken);
            z = true;
        }
        String groupKey = authenticationResponse.getGroupKey();
        String username = authenticationResponse.getUsername();
        ExternalLogger.i("authResponse.getGroupKey(): " + groupKey);
        ExternalLogger.i("authResponse.getUsername(): " + username);
        StringBuilder sb = new StringBuilder();
        sb.append("authResponse.getOathCode(): ");
        sb.append(TextUtils.isEmpty(this._pendingAuthentication.getOathCode()) ? "empty" : "not empty");
        ExternalLogger.i(sb.toString());
        if (TextUtils.isEmpty(groupKey) || TextUtils.isEmpty(username)) {
            if (this._pendingAuthentication.getOathCode().length() > 0) {
                ExternalLogger.e("No pending auth found");
                return new GetAuthRequestResult(AuthResponseEnum.NO_PENDING_AUTHENTICATIONS_FOUND);
            }
            ExternalLogger.e("Error timeout");
            return new GetAuthRequestResult(AuthResponseEnum.ERROR_TIMEOUT);
        }
        AadAccount aadMfaAccount = LocalAccounts.getAadMfaAccount(this._context, groupKey, username);
        if (aadMfaAccount != null) {
            LocalAccounts.updateAadMfaAccount(this._context, aadMfaAccount, authenticationResponse.getAccountName(), authenticationResponse.getObjectId(), authenticationResponse.getTenantId(), authenticationResponse.getOathTokenEnabled());
            return new GetAuthRequestResult(new AuthRequestDetails(authenticationResponse, z));
        }
        ExternalLogger.e("Auth for unknown account");
        GetAuthRequestResult migrateGroupKeyIfNecessary = migrateGroupKeyIfNecessary(username, authenticationResponse.getOathCounter(), z);
        if (migrateGroupKeyIfNecessary.getError() != AuthResponseEnum.ERROR_UNKNOWN_ACCOUNT) {
            return migrateGroupKeyIfNecessary;
        }
        HashMap hashMap = new HashMap();
        List<AadAccount> aadMfaAccountsWithUsername = LocalAccounts.getAadMfaAccountsWithUsername(this._context, username);
        if (aadMfaAccountsWithUsername.size() > 0) {
            hashMap.put(AppTelemetryConstants.Properties.MfaUsernameFound, String.valueOf(true));
            hashMap.put(AppTelemetryConstants.Properties.MfaDefaultGroupKey, String.valueOf(AccountsSQLiteDatabase.DEFAULT_GROUP_KEY_TEXT.equals(aadMfaAccountsWithUsername.get(0).getGroupKey())));
            hashMap.put(AppTelemetryConstants.Properties.MfaEmptySecretKey, String.valueOf(TextUtils.isEmpty(aadMfaAccountsWithUsername.get(0).getSecretKey())));
        } else {
            hashMap.put(AppTelemetryConstants.Properties.MfaUsernameFound, String.valueOf(false));
        }
        this._pendingAuthentication.getMfaAuthenticationTimeTelemetry().logCustomEvent(AppTelemetryConstants.Events.MfaRequestUnknownAccount, hashMap);
        return new GetAuthRequestResult(AuthResponseEnum.ERROR_UNKNOWN_ACCOUNT);
    }

    private AuthResponseEnum handlePinAuthResponse(AuthRequestDetails authRequestDetails, PinValidationResponse pinValidationResponse) {
        this._pendingAuthentication.getMfaAuthenticationTimeTelemetry().logRequestEnd(MfaAuthenticationTimeTelemetry.MfaRequest.PIN_VALIDATION);
        switch (pinValidationResponse.getResult()) {
            case PIN_VALID:
                if (!authRequestDetails.getPinChangeRequired()) {
                    return performAuthResultRequest(authRequestDetails, AuthenticationResultRequest.AuthenticationResultRequestEnum.AUTHENTICATE);
                }
                ExternalLogger.i("PIN change required");
                return authRequestDetails.getUserCanChangePin() ? AuthResponseEnum.PIN_CHANGE : performAuthResultRequest(authRequestDetails, AuthenticationResultRequest.AuthenticationResultRequestEnum.PIN_NOT_CHANGED);
            case PIN_INVALID:
                ExternalLogger.i("Invalid PIN; retries = " + authRequestDetails.getPinRetries());
                if (authRequestDetails.getPinRetries() <= 0) {
                    return performAuthResultRequest(authRequestDetails, AuthenticationResultRequest.AuthenticationResultRequestEnum.INVALID_PIN);
                }
                authRequestDetails.setPinRetries(authRequestDetails.getPinRetries() - 1);
                return AuthResponseEnum.PIN_ERROR_RETRY;
            case AUTH_NOT_IN_PROGRESS:
                ExternalLogger.i("Auth not in progress");
                return AuthResponseEnum.AUTH_TIMEOUT;
            case ACCOUNT_LOCKED:
                ExternalLogger.i("Account locked");
                break;
            case NO_MORE_PIN_ATTEMPTS:
                break;
            default:
                ExternalLogger.e("Unknown result: " + pinValidationResponse.getResult().name());
                return AuthResponseEnum.AUTH_DENIED;
        }
        ExternalLogger.i("No more PIN attempts");
        return AuthResponseEnum.AUTH_DENIED;
    }

    private AuthResponseEnum handlePinChangeResponse(AuthRequestDetails authRequestDetails, PinChangeResponse pinChangeResponse) {
        this._pendingAuthentication.getMfaAuthenticationTimeTelemetry().logRequestEnd(MfaAuthenticationTimeTelemetry.MfaRequest.CHANGE_PIN);
        switch (pinChangeResponse.getResult()) {
            case PIN_CHANGED:
                ExternalLogger.i("PIN changed");
                return performAuthResultRequest(authRequestDetails, AuthenticationResultRequest.AuthenticationResultRequestEnum.AUTHENTICATE);
            case ALL_SAME_DIGIT:
                ExternalLogger.i("All same digit");
                return AuthResponseEnum.PIN_ERROR_ALL_SAME_DIGIT;
            case HISTORY_DUPLICATE:
                ExternalLogger.i("History duplicate");
                return AuthResponseEnum.PIN_ERROR_HISTORY_DUPLICATE;
            case MINIMUM_LENGTH:
                ExternalLogger.i("Minimum length");
                return AuthResponseEnum.PIN_ERROR_MINIMUM_LENGTH;
            case SEQUENTIAL_DIGITS:
                ExternalLogger.i("Sequential digits");
                return AuthResponseEnum.PIN_ERROR_SEQUENTIAL_DIGITS;
            case SUBSET_OF_PHONE:
                ExternalLogger.i("Subset of phone");
                return AuthResponseEnum.PIN_ERROR_SUBSET_OF_PHONE;
            default:
                ExternalLogger.i("Unknown result: " + pinChangeResponse.getResult().name());
                return AuthResponseEnum.PIN_ERROR_CHANGE_FAILURE;
        }
    }

    private GetAuthRequestResult migrateGroupKeyIfNecessary(String str, long j, boolean z) {
        ExternalLogger.i("Checking for group key migration for " + str);
        HashMap hashMap = new HashMap();
        try {
            for (AadAccount aadAccount : LocalAccounts.getAadMfaAccountsWithUsername(this._context, str)) {
                AuthenticationResponse performGetAuthRequestForGroupKeyMigration = performGetAuthRequestForGroupKeyMigration(OtpGenerator.generateValidationCode(aadAccount.getSecretKey(), j));
                String groupKey = performGetAuthRequestForGroupKeyMigration.getGroupKey();
                if (!TextUtils.isEmpty(groupKey)) {
                    hashMap.put(AppTelemetryConstants.Properties.MfaUsernameFound, String.valueOf(true));
                    LocalAccounts.updateAadMfaAccountGroupKey(this._context, str, aadAccount.getGroupKey(), groupKey);
                    this._pendingAuthentication.getMfaAuthenticationTimeTelemetry().logCustomEvent(AppTelemetryConstants.Events.MfaRequestGroupKeyMigrated, hashMap);
                    return new GetAuthRequestResult(new AuthRequestDetails(performGetAuthRequestForGroupKeyMigration, z));
                }
            }
            return new GetAuthRequestResult(AuthResponseEnum.ERROR_UNKNOWN_ACCOUNT);
        } catch (Exception e) {
            ExternalLogger.e("Error in handling auth request response for group key migration", e);
            this._pendingAuthentication.getMfaAuthenticationTimeTelemetry().logException(e);
            return e instanceof PopCommunicationException ? new GetAuthRequestResult(AuthResponseEnum.ERROR_COMMUNICATION) : e instanceof RequestCreationException ? new GetAuthRequestResult(AuthResponseEnum.ERROR_REQUEST_CREATION) : this._pendingAuthentication.getOathCode().length() > 0 ? new GetAuthRequestResult(AuthResponseEnum.NO_PENDING_AUTHENTICATIONS_FOUND) : new GetAuthRequestResult(AuthResponseEnum.ERROR_RESPONSE_PARSING);
        }
    }

    private AuthenticationResponse performGetAuthRequestForGroupKeyMigration(String str) throws PopCommunicationException, RequestCreationException, ResponseParserException, SocketTimeoutException {
        ExternalLogger.i("Starting get auth request for group key migration");
        boolean isEmpty = TextUtils.isEmpty(this._storage.readDosPreventer());
        ExternalLogger.i("isDosPreventerEmpty: " + isEmpty);
        return (AuthenticationResponse) new AuthenticationRequest(this._pendingAuthentication.getPadRequestUrl(), "", str, isEmpty, this._fcmRegistrationId, PhoneFactorApplication.getAppVersionName(this._app), Build.VERSION.RELEASE).sendRequest();
    }

    public AuthResponseEnum performAuthResultRequest(AuthRequestDetails authRequestDetails, AuthenticationResultRequest.AuthenticationResultRequestEnum authenticationResultRequestEnum) {
        ExternalLogger.i("Starting auth result request; result = " + authenticationResultRequestEnum);
        AuthenticationResultRequest authenticationResultRequest = new AuthenticationResultRequest(this._pendingAuthentication.getPadRequestUrl(), authRequestDetails.getResponseGuid(), this._fcmRegistrationId, PhoneFactorApplication.getAppVersionName(this._app), Build.VERSION.RELEASE, authenticationResultRequestEnum.getValue(), this._storage.readNotificationRegistrationId(), "gcm", (System.currentTimeMillis() / 1000) / 30);
        this._pendingAuthentication.getMfaAuthenticationTimeTelemetry().logRequestStart(MfaAuthenticationTimeTelemetry.MfaRequest.AUTH_RESULT);
        try {
            return handleAuthResultResponse(authRequestDetails, authenticationResultRequestEnum, (AuthenticationResultResponse) authenticationResultRequest.sendRequest());
        } catch (Exception e) {
            ExternalLogger.e("Error auth result response", e);
            this._pendingAuthentication.getMfaAuthenticationTimeTelemetry().logException(e);
            return e instanceof PopCommunicationException ? AuthResponseEnum.ERROR_COMMUNICATION : e instanceof RequestCreationException ? AuthResponseEnum.ERROR_REQUEST_CREATION : AuthResponseEnum.ERROR_RESPONSE_PARSING;
        }
    }

    public CheckForAuthenticationResponse performCheckForAuthenticationRequest() {
        String readDosPreventer = this._storage.readDosPreventer();
        if (TextUtils.isEmpty(readDosPreventer)) {
            ExternalLogger.e("DOS preventer not found.");
            return null;
        }
        if (TextUtils.isEmpty(this._fcmRegistrationId)) {
            ExternalLogger.e("FCM not registered.");
            return null;
        }
        String str = "";
        String readActivatedNotificationRegistrationId = this._storage.readActivatedNotificationRegistrationId();
        String readPreviousActivatedNotificationRegistrationId = this._storage.readPreviousActivatedNotificationRegistrationId();
        if (!this._fcmRegistrationId.equals(readActivatedNotificationRegistrationId)) {
            str = readActivatedNotificationRegistrationId;
        } else if (!TextUtils.isEmpty(readPreviousActivatedNotificationRegistrationId) && !readPreviousActivatedNotificationRegistrationId.equals(this._fcmRegistrationId)) {
            str = readPreviousActivatedNotificationRegistrationId;
        }
        if (str == null) {
            str = "";
        }
        String str2 = str;
        PhoneFactorApplication.printDeviceTokens(this._storage);
        try {
            return (CheckForAuthenticationResponse) new CheckForAuthenticationRequest(Util.mfaTargetEnvironment.getPadUrl(), readDosPreventer, this._fcmRegistrationId, str2, PhoneFactorApplication.getAppVersionName(this._context), Build.VERSION.RELEASE).sendRequest();
        } catch (Exception e) {
            ExternalLogger.e("Error checking for pending authentications.", e);
            PhoneFactorApplication.telemetry.trackEvent(AppTelemetryConstants.Events.MfaCheckForAuthenticationFailed, e);
            return null;
        }
    }

    public GetAuthRequestResult performGetAuthRequest(boolean z) {
        ExternalLogger.i("Starting get auth request");
        boolean isEmpty = TextUtils.isEmpty(this._storage.readDosPreventer());
        ExternalLogger.i("isDosPreventerEmpty: " + isEmpty);
        AuthenticationRequest authenticationRequest = new AuthenticationRequest(this._pendingAuthentication.getPadRequestUrl(), this._pendingAuthentication.getGuid(), this._pendingAuthentication.getOathCode(), isEmpty, this._fcmRegistrationId, PhoneFactorApplication.getAppVersionName(this._app), Build.VERSION.RELEASE);
        this._pendingAuthentication.getMfaAuthenticationTimeTelemetry().logRequestStart(MfaAuthenticationTimeTelemetry.MfaRequest.AUTH);
        if (z) {
            try {
                authenticationRequest.setConnectionTimeoutMilliseconds(4500);
                authenticationRequest.setReadTimeOutMilliseconds(4500);
            } catch (Exception e) {
                ExternalLogger.e("Error in auth response", e);
                this._pendingAuthentication.getMfaAuthenticationTimeTelemetry().logException(e);
                return e instanceof SocketTimeoutException ? z ? new GetAuthRequestResult(AuthResponseEnum.ERROR_REQUEST_TIMEOUT) : new GetAuthRequestResult(AuthResponseEnum.ERROR_COMMUNICATION) : e instanceof PopCommunicationException ? new GetAuthRequestResult(AuthResponseEnum.ERROR_COMMUNICATION) : e instanceof RequestCreationException ? new GetAuthRequestResult(AuthResponseEnum.ERROR_REQUEST_CREATION) : this._pendingAuthentication.getOathCode().length() > 0 ? new GetAuthRequestResult(AuthResponseEnum.NO_PENDING_AUTHENTICATIONS_FOUND) : new GetAuthRequestResult(AuthResponseEnum.ERROR_RESPONSE_PARSING);
            }
        }
        PhoneFactorApplication.telemetry.trackEventTime("Before call to sendRequest()");
        return handleGetAuthRequestResponse((AuthenticationResponse) authenticationRequest.sendRequest());
    }

    public AuthResponseEnum performPinAuthRequest(AuthRequestDetails authRequestDetails, String str, boolean z) {
        ExternalLogger.i("Starting PIN auth request; useCachedPin = " + z);
        PinValidationRequest pinValidationRequest = new PinValidationRequest(this._pendingAuthentication.getPadRequestUrl(), authRequestDetails.getResponseGuid(), this._fcmRegistrationId, PhoneFactorApplication.getAppVersionName(this._app), Build.VERSION.RELEASE, str, z);
        this._pendingAuthentication.getMfaAuthenticationTimeTelemetry().logRequestStart(MfaAuthenticationTimeTelemetry.MfaRequest.PIN_VALIDATION);
        try {
            return handlePinAuthResponse(authRequestDetails, (PinValidationResponse) pinValidationRequest.sendRequest());
        } catch (Exception e) {
            ExternalLogger.e("Error pin auth response", e);
            this._pendingAuthentication.getMfaAuthenticationTimeTelemetry().logException(e);
            return e instanceof PopCommunicationException ? AuthResponseEnum.ERROR_COMMUNICATION : e instanceof RequestCreationException ? AuthResponseEnum.ERROR_REQUEST_CREATION : AuthResponseEnum.ERROR_RESPONSE_PARSING;
        }
    }

    public AuthResponseEnum performPinChange(AuthRequestDetails authRequestDetails, String str) {
        ExternalLogger.i("Starting PIN change request");
        PinChangeRequest pinChangeRequest = new PinChangeRequest(this._pendingAuthentication.getPadRequestUrl(), authRequestDetails.getResponseGuid(), this._fcmRegistrationId, PhoneFactorApplication.getAppVersionName(this._app), Build.VERSION.RELEASE, str);
        this._pendingAuthentication.getMfaAuthenticationTimeTelemetry().logRequestStart(MfaAuthenticationTimeTelemetry.MfaRequest.CHANGE_PIN);
        try {
            return handlePinChangeResponse(authRequestDetails, (PinChangeResponse) pinChangeRequest.sendRequest());
        } catch (Exception e) {
            ExternalLogger.e("Error pin change response", e);
            this._pendingAuthentication.getMfaAuthenticationTimeTelemetry().logException(e);
            return e instanceof PopCommunicationException ? AuthResponseEnum.ERROR_COMMUNICATION : e instanceof RequestCreationException ? AuthResponseEnum.ERROR_REQUEST_CREATION : AuthResponseEnum.ERROR_RESPONSE_PARSING;
        }
    }
}
