package com.microsoft.aad.adal.unity;

import android.net.Uri;
import com.microsoft.aad.adal.unity.AuthenticationResult;
import java.io.UnsupportedEncodingException;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes.dex */
public class TokenCacheAccessor {
    private static final String TAG = "TokenCacheAccessor";
    private String mAuthority;
    private final ITokenCacheStore mTokenCacheStore;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes.dex */
    public interface KeyMakerStrategy {
        boolean isFrt();

        String makeKey(String str, String str2, String str3);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public TokenCacheAccessor(ITokenCacheStore iTokenCacheStore, String str) {
        if (iTokenCacheStore == null) {
            throw new IllegalArgumentException("tokenCacheStore");
        }
        if (StringExtensions.IsNullOrBlank(str)) {
            throw new IllegalArgumentException("authority");
        }
        this.mTokenCacheStore = iTokenCacheStore;
        this.mAuthority = str;
    }

    private void addDeletionKeyForFRTIfRTValueIsStale(List<String> list, TokenCacheItem tokenCacheItem, String str) {
        TokenCacheItem item = this.mTokenCacheStore.getItem(str, true);
        if (item == null || !tokenCacheItem.getRefreshToken().equalsIgnoreCase(item.getRefreshToken())) {
            return;
        }
        list.add(str);
    }

    private void addDeletionKeyForMRRTOrFRTEntry(List<String> list, TokenCacheItem tokenCacheItem, String str, String str2, String str3, KeyMakerStrategy keyMakerStrategy) {
        String makeKey = keyMakerStrategy.makeKey(str, str2, str3);
        if (keyMakerStrategy.isFrt()) {
            addDeletionKeyForFRTIfRTValueIsStale(list, tokenCacheItem, makeKey);
        } else {
            list.add(makeKey);
        }
    }

    private void addDeletionKeysForMRRTOrFRTEntry(String str, TokenCacheItem tokenCacheItem, List<String> list, KeyMakerStrategy keyMakerStrategy) {
        UserInfo userInfo = tokenCacheItem.getUserInfo();
        String clientId = tokenCacheItem.getClientId();
        if (keyMakerStrategy.isFrt()) {
            clientId = tokenCacheItem.getFamilyClientId();
        }
        ArrayList arrayList = new ArrayList();
        arrayList.add(null);
        if (userInfo != null) {
            if (userInfo.getDisplayableId() != null) {
                arrayList.add(userInfo.getDisplayableId());
            }
            if (userInfo.getUserId() != null) {
                arrayList.add(userInfo.getUserId());
            }
        }
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            addDeletionKeyForMRRTOrFRTEntry(list, tokenCacheItem, str, clientId, (String) it.next(), keyMakerStrategy);
        }
    }

    private static void addDeletionKeysForRTEntry(String str, TokenCacheItem tokenCacheItem, List<String> list) {
        String resource = tokenCacheItem.getResource();
        String clientId = tokenCacheItem.getClientId();
        UserInfo userInfo = tokenCacheItem.getUserInfo();
        list.add(CacheKey.createCacheKeyForRTEntry(str, resource, clientId, null));
        if (userInfo != null) {
            if (userInfo.getDisplayableId() != null) {
                list.add(CacheKey.createCacheKeyForRTEntry(str, resource, clientId, userInfo.getDisplayableId()));
            }
            if (userInfo.getUserId() != null) {
                list.add(CacheKey.createCacheKeyForRTEntry(str, resource, clientId, userInfo.getUserId()));
            }
        }
    }

    private String constructAuthorityUrl(String str) throws MalformedURLException {
        URL url = new URL(this.mAuthority);
        return url.getHost().equalsIgnoreCase(str) ? this.mAuthority : Utility.constructAuthorityUrl(url, str).toString();
    }

    private String constructAuthorityWithTenantID(TokenCacheItem tokenCacheItem) {
        if (tokenCacheItem == null || tokenCacheItem.getTenantId() == null || tokenCacheItem.getAuthority() == null) {
            return null;
        }
        Uri parse = Uri.parse(tokenCacheItem.getAuthority());
        return new Uri.Builder().scheme(parse.getScheme()).authority(parse.getAuthority()).path(tokenCacheItem.getTenantId()).build().toString();
    }

    private String getCacheKey(String str, String str2, String str3, String str4, String str5, TokenEntryType tokenEntryType) {
        switch (tokenEntryType) {
            case REGULAR_TOKEN_ENTRY:
                return CacheKey.createCacheKeyForRTEntry(str, str2, str3, str4);
            case MRRT_TOKEN_ENTRY:
                return CacheKey.createCacheKeyForMRRT(str, str3, str4);
            case FRT_TOKEN_ENTRY:
                return CacheKey.createCacheKeyForFRT(str, str5, str4);
            default:
                return null;
        }
    }

    private InstanceDiscoveryMetadata getInstanceDiscoveryMetadata() throws MalformedURLException {
        return AuthorityValidationMetadataCache.getCachedInstanceDiscoveryMetadata(new URL(this.mAuthority));
    }

    private List<String> getKeyListToRemoveForFRT(TokenCacheItem tokenCacheItem) {
        ArrayList arrayList = new ArrayList();
        KeyMakerStrategy keyMakerStrategy = new KeyMakerStrategy() { // from class: com.microsoft.aad.adal.unity.TokenCacheAccessor.2
            @Override // com.microsoft.aad.adal.unity.TokenCacheAccessor.KeyMakerStrategy
            public boolean isFrt() {
                return true;
            }

            @Override // com.microsoft.aad.adal.unity.TokenCacheAccessor.KeyMakerStrategy
            public String makeKey(String str, String str2, String str3) {
                return CacheKey.createCacheKeyForFRT(str, str2, str3);
            }
        };
        try {
            String authorityUrlWithPreferredCache = getAuthorityUrlWithPreferredCache();
            if (authorityUrlWithPreferredCache != null) {
                addDeletionKeysForMRRTOrFRTEntry(authorityUrlWithPreferredCache, tokenCacheItem, arrayList, keyMakerStrategy);
            }
        } catch (MalformedURLException unused) {
            Logger.v(TAG, "The URL is malformed.");
        }
        if (tokenCacheItem.getTenantId() != null) {
            addDeletionKeysForMRRTOrFRTEntry(constructAuthorityWithTenantID(tokenCacheItem), tokenCacheItem, arrayList, keyMakerStrategy);
        }
        addDeletionKeysForMRRTOrFRTEntry(this.mAuthority, tokenCacheItem, arrayList, keyMakerStrategy);
        if (!this.mAuthority.equalsIgnoreCase(tokenCacheItem.getAuthority()) && tokenCacheItem.getUserInfo() != null) {
            addDeletionKeysForMRRTOrFRTEntry(tokenCacheItem.getAuthority(), tokenCacheItem, arrayList, keyMakerStrategy);
        }
        return arrayList;
    }

    private List<String> getKeyListToRemoveForMRRT(TokenCacheItem tokenCacheItem) {
        ArrayList arrayList = new ArrayList();
        KeyMakerStrategy keyMakerStrategy = new KeyMakerStrategy() { // from class: com.microsoft.aad.adal.unity.TokenCacheAccessor.1
            @Override // com.microsoft.aad.adal.unity.TokenCacheAccessor.KeyMakerStrategy
            public boolean isFrt() {
                return false;
            }

            @Override // com.microsoft.aad.adal.unity.TokenCacheAccessor.KeyMakerStrategy
            public String makeKey(String str, String str2, String str3) {
                return CacheKey.createCacheKeyForMRRT(str, str2, str3);
            }
        };
        try {
            String authorityUrlWithPreferredCache = getAuthorityUrlWithPreferredCache();
            if (authorityUrlWithPreferredCache != null) {
                addDeletionKeysForMRRTOrFRTEntry(authorityUrlWithPreferredCache, tokenCacheItem, arrayList, keyMakerStrategy);
            }
        } catch (MalformedURLException unused) {
            Logger.v(TAG, "The URL is malformed.");
        }
        if (tokenCacheItem.getTenantId() != null) {
            addDeletionKeysForMRRTOrFRTEntry(constructAuthorityWithTenantID(tokenCacheItem), tokenCacheItem, arrayList, keyMakerStrategy);
        }
        addDeletionKeysForMRRTOrFRTEntry(this.mAuthority, tokenCacheItem, arrayList, keyMakerStrategy);
        if (!this.mAuthority.equalsIgnoreCase(tokenCacheItem.getAuthority())) {
            addDeletionKeysForMRRTOrFRTEntry(tokenCacheItem.getAuthority(), tokenCacheItem, arrayList, keyMakerStrategy);
        }
        return arrayList;
    }

    private List<String> getKeyListToRemoveForRT(TokenCacheItem tokenCacheItem) {
        ArrayList arrayList = new ArrayList();
        try {
            String authorityUrlWithPreferredCache = getAuthorityUrlWithPreferredCache();
            if (authorityUrlWithPreferredCache != null) {
                addDeletionKeysForRTEntry(authorityUrlWithPreferredCache, tokenCacheItem, arrayList);
            }
        } catch (MalformedURLException unused) {
            Logger.v(TAG, "The URL is malformed.");
        }
        if (tokenCacheItem.getTenantId() != null) {
            addDeletionKeysForRTEntry(constructAuthorityWithTenantID(tokenCacheItem), tokenCacheItem, arrayList);
        }
        addDeletionKeysForRTEntry(this.mAuthority, tokenCacheItem, arrayList);
        if (!this.mAuthority.equalsIgnoreCase(tokenCacheItem.getAuthority())) {
            addDeletionKeysForRTEntry(tokenCacheItem.getAuthority(), tokenCacheItem, arrayList);
        }
        return arrayList;
    }

    private TokenCacheItem getTokenCacheItemFromAliasedHost(String str, String str2, String str3, String str4, TokenEntryType tokenEntryType) throws MalformedURLException {
        ITokenCacheStore iTokenCacheStore;
        boolean z;
        InstanceDiscoveryMetadata instanceDiscoveryMetadata = getInstanceDiscoveryMetadata();
        if (instanceDiscoveryMetadata == null) {
            Logger.v(TAG + ":getTokenCacheItemFromAliasedHost", "instanceDiscoveryMetadata was null.");
            return null;
        }
        Iterator<String> it = instanceDiscoveryMetadata.getAliases().iterator();
        while (it.hasNext()) {
            String constructAuthorityUrl = constructAuthorityUrl(it.next());
            if (!constructAuthorityUrl.equalsIgnoreCase(this.mAuthority) && !constructAuthorityUrl.equalsIgnoreCase(getAuthorityUrlWithPreferredCache())) {
                String cacheKey = getCacheKey(constructAuthorityUrl, str, str2, str4, str3, tokenEntryType);
                if (StringExtensions.IsNullOrBlank(str3)) {
                    iTokenCacheStore = this.mTokenCacheStore;
                    z = false;
                } else {
                    iTokenCacheStore = this.mTokenCacheStore;
                    z = true;
                }
                TokenCacheItem item = iTokenCacheStore.getItem(cacheKey, z);
                if (item != null) {
                    return item;
                }
            }
        }
        return null;
    }

    private TokenCacheItem getTokenCacheItemFromPassedInAuthority(String str, String str2, String str3, String str4, TokenEntryType tokenEntryType) throws MalformedURLException {
        if (getAuthorityUrlWithPreferredCache().equalsIgnoreCase(this.mAuthority)) {
            return null;
        }
        String cacheKey = getCacheKey(this.mAuthority, str, str2, str4, str3, tokenEntryType);
        return !StringExtensions.IsNullOrBlank(str3) ? this.mTokenCacheStore.getItem(cacheKey, true) : this.mTokenCacheStore.getItem(cacheKey, false);
    }

    private String getTokenHash(String str) {
        try {
            return StringExtensions.createHash(str);
        } catch (UnsupportedEncodingException e) {
            Logger.e(TAG, "Digest error", "", ADALError.ENCODING_IS_NOT_SUPPORTED, e);
            return "";
        } catch (NoSuchAlgorithmException e2) {
            Logger.e(TAG, "Digest error", "", ADALError.DEVICE_NO_SUCH_ALGORITHM, e2);
            return "";
        }
    }

    private boolean isUserMisMatch(String str, TokenCacheItem tokenCacheItem) {
        if (!StringExtensions.IsNullOrBlank(str) && tokenCacheItem.getUserInfo() != null) {
            return (str.equalsIgnoreCase(tokenCacheItem.getUserInfo().getDisplayableId()) || str.equalsIgnoreCase(tokenCacheItem.getUserInfo().getUserId())) ? false : true;
        }
        Logger.v(TAG + ":isUserMisMatch", "User (or UserInfo) was null.");
        return false;
    }

    private void logAuthenticationResultTokens(AuthenticationResult authenticationResult) {
        if (authenticationResult == null || authenticationResult.getAccessToken() == null) {
            return;
        }
        Logger.v(TAG, String.format("Access TokenID %s and Refresh TokenID %s returned.", getTokenHash(authenticationResult.getAccessToken()), getTokenHash(authenticationResult.getRefreshToken())));
    }

    private TokenCacheItem performAdditionalCacheLookup(String str, String str2, String str3, String str4, TokenEntryType tokenEntryType) throws MalformedURLException {
        TokenCacheItem tokenCacheItemFromPassedInAuthority = getTokenCacheItemFromPassedInAuthority(str, str2, str3, str4, tokenEntryType);
        return tokenCacheItemFromPassedInAuthority == null ? getTokenCacheItemFromAliasedHost(str, str2, str3, str4, tokenEntryType) : tokenCacheItemFromPassedInAuthority;
    }

    private void setItemToCache(String str, String str2, String str3, AuthenticationResult authenticationResult, String str4) throws MalformedURLException {
        Logger.v(TAG, "Save Regular Resource Refresh token to cache.");
        this.mTokenCacheStore.setItem(CacheKey.createCacheKeyForRTEntry(str, str2, str3, str4), TokenCacheItem.createRegularTokenCacheItem(str, str2, str3, authenticationResult), false);
        if (authenticationResult.getIsMultiResourceRefreshToken()) {
            Logger.v(TAG + ":setItemToCache", "Save Multi Resource Refresh token to cache");
            this.mTokenCacheStore.setItem(CacheKey.createCacheKeyForMRRT(str, str3, str4), TokenCacheItem.createMRRTTokenCacheItem(str, str3, authenticationResult), false);
        }
        if (StringExtensions.IsNullOrBlank(authenticationResult.getFamilyClientId())) {
            return;
        }
        Logger.v(TAG + ":setItemToCache", "Save Family Refresh token into cache");
        this.mTokenCacheStore.setItem(CacheKey.createCacheKeyForFRT(str, authenticationResult.getFamilyClientId(), str4), TokenCacheItem.createFRRTTokenCacheItem(str, authenticationResult), true);
    }

    private void setItemToCacheForUser(String str, String str2, AuthenticationResult authenticationResult, String str3) throws MalformedURLException {
        logAuthenticationResultTokens(authenticationResult);
        if (!StringExtensions.IsNullOrBlank(authenticationResult.getAuthority())) {
            this.mAuthority = authenticationResult.getAuthority();
        }
        String authorityUrlWithPreferredCache = getAuthorityUrlWithPreferredCache();
        setItemToCache(authorityUrlWithPreferredCache, str, str2, authenticationResult, str3);
        if (authenticationResult.getTenantId() == null) {
            Logger.v(TAG, "The result tenantID is null.");
        } else {
            Uri parse = Uri.parse(authorityUrlWithPreferredCache);
            setItemToCache(new Uri.Builder().scheme(parse.getScheme()).authority(parse.getAuthority()).path(authenticationResult.getTenantId()).build().toString(), str, str2, authenticationResult, str3);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public TokenCacheItem getATFromCache(String str, String str2, String str3) throws AuthenticationException {
        try {
            TokenCacheItem regularRefreshTokenCacheItem = getRegularRefreshTokenCacheItem(str, str2, str3);
            if (regularRefreshTokenCacheItem == null) {
                Logger.v(TAG + ":getATFromCache", "No TokenCacheItem exists.");
                return null;
            }
            if (!StringExtensions.IsNullOrBlank(regularRefreshTokenCacheItem.getAccessToken())) {
                if (TokenCacheItem.isTokenExpired(regularRefreshTokenCacheItem.getExpiresOn())) {
                    Logger.v(TAG + ":getATFromCache", "Access token exists, but already expired.");
                    return null;
                }
                if (isUserMisMatch(str3, regularRefreshTokenCacheItem)) {
                    throw new AuthenticationException(ADALError.AUTH_FAILED_USER_MISMATCH);
                }
            }
            return regularRefreshTokenCacheItem;
        } catch (MalformedURLException e) {
            throw new AuthenticationException(ADALError.DEVELOPER_AUTHORITY_IS_NOT_VALID_URL, e.getMessage(), e);
        }
    }

    String getAuthorityUrlWithPreferredCache() throws MalformedURLException {
        InstanceDiscoveryMetadata instanceDiscoveryMetadata = getInstanceDiscoveryMetadata();
        return (instanceDiscoveryMetadata == null || !instanceDiscoveryMetadata.isValidated()) ? this.mAuthority : constructAuthorityUrl(instanceDiscoveryMetadata.getPreferredCache());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public TokenCacheItem getFRTItem(String str, String str2) throws MalformedURLException {
        TokenCacheItem item = this.mTokenCacheStore.getItem(CacheKey.createCacheKeyForFRT(getAuthorityUrlWithPreferredCache(), str, str2), true);
        if (item != null) {
            return item;
        }
        Logger.v(TAG + ":getFRTItem", "TokenCacheItem was null. Performing additional cache lookup");
        return performAdditionalCacheLookup(null, null, str, str2, TokenEntryType.FRT_TOKEN_ENTRY);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public TokenCacheItem getMRRTItem(String str, String str2) throws MalformedURLException {
        TokenCacheItem item = this.mTokenCacheStore.getItem(CacheKey.createCacheKeyForMRRT(getAuthorityUrlWithPreferredCache(), str, str2), false);
        if (item != null) {
            return item;
        }
        Logger.v(TAG + ":getMRRTItem", "TokenCacheItem was null. Performing additional cache lookup");
        return performAdditionalCacheLookup(null, str, null, str2, TokenEntryType.MRRT_TOKEN_ENTRY);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public TokenCacheItem getRegularRefreshTokenCacheItem(String str, String str2, String str3) throws MalformedURLException {
        TokenCacheItem item = this.mTokenCacheStore.getItem(CacheKey.createCacheKeyForRTEntry(getAuthorityUrlWithPreferredCache(), str, str2, str3), false);
        return item == null ? performAdditionalCacheLookup(str, str2, null, str3, TokenEntryType.REGULAR_TOKEN_ENTRY) : item;
    }

    void removeTokenCacheItem(TokenCacheItem tokenCacheItem, String str) throws AuthenticationException {
        List<String> keyListToRemoveForRT;
        switch (tokenCacheItem.getTokenEntryType()) {
            case REGULAR_TOKEN_ENTRY:
                Logger.v(TAG, "Regular RT was used to get access token, remove entries for regular RT entries.");
                keyListToRemoveForRT = getKeyListToRemoveForRT(tokenCacheItem);
                break;
            case MRRT_TOKEN_ENTRY:
                Logger.v(TAG, "MRRT was used to get access token, remove entries for both MRRT entries and regular RT entries.");
                List<String> keyListToRemoveForMRRT = getKeyListToRemoveForMRRT(tokenCacheItem);
                TokenCacheItem tokenCacheItem2 = new TokenCacheItem(tokenCacheItem);
                tokenCacheItem2.setResource(str);
                keyListToRemoveForMRRT.addAll(getKeyListToRemoveForRT(tokenCacheItem2));
                keyListToRemoveForRT = keyListToRemoveForMRRT;
                break;
            case FRT_TOKEN_ENTRY:
                Logger.v(TAG, "FRT was used to get access token, remove entries for FRT entries.");
                keyListToRemoveForRT = getKeyListToRemoveForFRT(tokenCacheItem);
                break;
            default:
                throw new AuthenticationException(ADALError.INVALID_TOKEN_CACHE_ITEM);
        }
        Iterator<String> it = keyListToRemoveForRT.iterator();
        while (it.hasNext()) {
            this.mTokenCacheStore.removeItem(it.next());
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void updateCachedItemWithResult(String str, String str2, AuthenticationResult authenticationResult, TokenCacheItem tokenCacheItem) throws AuthenticationException {
        if (authenticationResult == null) {
            Logger.v(TAG + ":updateCachedItemWithResult", "AuthenticationResult is null, cannot update cache.");
            throw new IllegalArgumentException("result");
        }
        if (authenticationResult.getStatus() != AuthenticationResult.AuthenticationStatus.Succeeded) {
            if (BrokerOauthError.INVALID_GRANT.equalsIgnoreCase(authenticationResult.getErrorCode())) {
                Logger.v(TAG + ":updateCachedItemWithResult", "Received INVALID_GRANT error code, remove existing cache entry.");
                removeTokenCacheItem(tokenCacheItem, str);
                return;
            }
            return;
        }
        Logger.v(TAG + ":updateCachedItemWithResult", "Save returned AuthenticationResult into cache.");
        if (tokenCacheItem == null || tokenCacheItem.getUserInfo() == null || authenticationResult.getUserInfo() != null) {
            Logger.v(TAG + ":updateCachedItemWithResult", "Skipping result update. Values were null.");
        } else {
            authenticationResult.setUserInfo(tokenCacheItem.getUserInfo());
            authenticationResult.setIdToken(tokenCacheItem.getRawIdToken());
            authenticationResult.setTenantId(tokenCacheItem.getTenantId());
        }
        try {
            Logger.v(TAG + ":updateCachedItemWithResult", "Trying to update the TokenCache");
            updateTokenCache(str, str2, authenticationResult);
        } catch (MalformedURLException e) {
            throw new AuthenticationException(ADALError.DEVELOPER_AUTHORITY_IS_NOT_VALID_URL, e.getMessage(), e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void updateTokenCache(String str, String str2, AuthenticationResult authenticationResult) throws MalformedURLException {
        if (authenticationResult == null || StringExtensions.IsNullOrBlank(authenticationResult.getAccessToken())) {
            Logger.v(TAG + ":updateTokenCache", "Result or accessToken was null. Skipping.");
            return;
        }
        if (authenticationResult.getUserInfo() != null) {
            if (StringExtensions.IsNullOrBlank(authenticationResult.getUserInfo().getDisplayableId())) {
                Logger.v(TAG + ":updateTokenCache", "DisplayableId was null or blank");
            } else {
                Logger.v(TAG + ":updateTokenCache", "Setting cache item");
                setItemToCacheForUser(str, str2, authenticationResult, authenticationResult.getUserInfo().getDisplayableId());
            }
            if (StringExtensions.IsNullOrBlank(authenticationResult.getUserInfo().getUserId())) {
                Logger.v(TAG + ":updateTokenCache", "UserId was null or blank");
            } else {
                setItemToCacheForUser(str, str2, authenticationResult, authenticationResult.getUserInfo().getUserId());
            }
        } else {
            Logger.v(TAG + ":updateTokenCache", "UserInfo was null");
        }
        setItemToCacheForUser(str, str2, authenticationResult, null);
    }
}
