package com.acompli.accore.util;

import android.app.Activity;
import android.content.Context;
import android.os.StrictMode;
import android.preference.PreferenceManager;
import android.text.TextUtils;
import android.util.Base64;
import androidx.annotation.NonNull;
import androidx.annotation.Nullable;
import androidx.annotation.VisibleForTesting;
import androidx.annotation.WorkerThread;
import com.acompli.accore.ACAccountManager;
import com.acompli.accore.ACCore;
import com.acompli.accore.features.FeatureManager;
import com.acompli.accore.model.ACMailAccount;
import com.acompli.acompli.utils.GroupUtils;
import com.acompli.libcircle.metrics.EventLogger;
import com.acompli.libcircle.metrics.TelemetrySource;
import com.microsoft.aad.adal.ADALError;
import com.microsoft.aad.adal.AuthenticationCallback;
import com.microsoft.aad.adal.AuthenticationContext;
import com.microsoft.aad.adal.AuthenticationException;
import com.microsoft.aad.adal.AuthenticationResult;
import com.microsoft.aad.adal.AuthenticationSettings;
import com.microsoft.aad.adal.IDispatcher;
import com.microsoft.aad.adal.PromptBehavior;
import com.microsoft.aad.adal.Telemetry;
import com.microsoft.identity.common.adal.internal.AuthenticationConstants;
import com.microsoft.identity.common.internal.providers.microsoft.MicrosoftIdToken;
import com.microsoft.identity.common.internal.providers.microsoft.microsoftsts.MicrosoftStsIdToken;
import com.microsoft.mats.AdalAction;
import com.microsoft.mats.AdalAuthOutcome;
import com.microsoft.mats.ErrorSource;
import com.microsoft.mats.MATS;
import com.microsoft.office.outlook.auth.AuthenticationType;
import com.microsoft.office.outlook.cloudenvironment.CloudEnvironment;
import com.microsoft.office.outlook.job.AccountTokenRefreshJob;
import com.microsoft.office.outlook.logger.Logger;
import com.microsoft.office.outlook.logger.Loggers;
import com.microsoft.office.outlook.mats.MATSWrapper;
import com.microsoft.office.outlook.profiling.StrictModeProfiler;
import com.microsoft.office.outlook.util.DogfoodNudgeUtil;
import com.microsoft.outlook.telemetry.generated.OTADALMismatchType;
import com.microsoft.outlook.telemetry.generated.OTADALSmartSessionEventType;
import com.microsoft.outlook.telemetry.generated.OTComponentName;
import java.io.UnsupportedEncodingException;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.security.NoSuchAlgorithmException;
import java.security.spec.InvalidKeySpecException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Map;
import java.util.Random;
import java.util.UUID;
import java.util.concurrent.CountDownLatch;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.TimeoutException;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import org.json.JSONException;
import org.json.JSONObject;

/* loaded from: classes.dex */
public final class ADALUtil {
    public static final String AUTHORITY_PE = "https://login.windows.net/common/oauth2/token";
    public static final String CAPABILITY_LONG_LIVED_TOKEN = "CP1";
    public static final String CLIENTID = "27922004-5251-4030-b22d-91ecd9a37ea4";
    public static final String DEFAULT_ODC_HOST = "odc.officeapps.live.com";
    public static final String RESOURCE_AAD_CORTANA = "https://cortana.ai";
    public static final String RESOURCE_ACTIONABLE_MESSAGES = "https://outlook.office365.com/connectors";
    public static final String RESOURCE_AUG_LOOP = "https://augloop.office.com/v2";
    public static final String RESOURCE_BING_AT_WORK = "9ea1ad79-fdb6-4f9a-8bc3-2b70f96e34c7";
    public static final String RESOURCE_EXCHANGE = "https://outlook.office365.com/";
    public static final String RESOURCE_GRAPHAPI = "https://graph.windows.net";
    public static final String RESOURCE_GRAPH_DRIVE_BUSINESS = "https://graph.microsoft.com";
    public static final String RESOURCE_LINKEDIN = "urn:microsoft:purpose:LIBind";
    public static final String RESOURCE_LOKI = "394866fc-eedb-4f01-8536-3ff84b16be2a";
    public static final String RESOURCE_MSA_CORTANA = "https://cortana.ai/BingCortana-Internal.ReadWrite";
    public static final String RESOURCE_MSA_SUBSTRATE_TODO = "https://substrate.office.com/Todo-Internal.ReadWrite";
    public static final String RESOURCE_OFFICE_APPS_SERVICE_DISCOVERY = "https://officeapps.live.com";
    public static final String RESOURCE_ONENOTE = "https://onenote.com/";
    public static final String RESOURCE_ROAMING_SETTINGS = "https://clients.config.office.net/";
    public static final String RESOURCE_SMART_COMPOSE = "https://fe-26.qas.bing.net/compose";
    public static final String RESOURCE_SUBSTRATE = "https://substrate.office.com";
    public static final String RESOURCE_SUBSTRATE3SANSWER = "https://substrate.office.com/search";
    private static byte[] b;
    private static BaseAnalyticsProvider c;
    private static final Logger a = Loggers.getInstance().getAccountLogger().withTag("ADALUtil");
    private static boolean d = false;
    private static boolean e = false;
    private static String f = "sharepoint.com";
    private static String g = "sharepoint-df.com";

    /* loaded from: classes.dex */
    public enum AADTokenProperty {
        AUD(MicrosoftIdToken.AUDIENCE),
        ISS(MicrosoftIdToken.ISSUER),
        IAT(MicrosoftIdToken.ISSUED_AT),
        NBF(MicrosoftIdToken.NOT_BEFORE),
        EXP(MicrosoftStsIdToken.EXPIRATION_TIME),
        ACR("acr"),
        AIO(MicrosoftStsIdToken.AIO),
        OID("oid"),
        SCP("scp"),
        SUB("sub"),
        TID("tid"),
        UPN("upn"),
        PUID(ACMailAccount.COLUMN_PUID),
        NAME("name"),
        VERSION("ver"),
        APP_ID("appid"),
        EXPIRY("e_exp"),
        PLATFORM("platf"),
        IN_CORP("in_corp"),
        IP_ADDRESS("ipaddr"),
        APP_ID_ACR("appidacr"),
        ONPREM_SID("onprem_sid"),
        GIVEN_NAME("given_name"),
        FAMILY_NAME("family_name"),
        UNIQUE_NAME("unique_name"),
        XMS_CC("xmc_cc"),
        XMS_SIP("xms_sip");

        public final String key;

        AADTokenProperty(String str) {
            this.key = str;
        }

        public static String all() {
            return TextUtils.join(",", values());
        }

        public String getKey() {
            return this.key;
        }

        @Override // java.lang.Enum
        public String toString() {
            return name();
        }
    }

    /* loaded from: classes.dex */
    public static class AuthenticationCallbackWrapper implements AuthenticationCallback<AuthenticationResult> {
        private final MATSWrapper a;
        private final AdalAction b;

        @Nullable
        private final AuthenticationCallback<AuthenticationResult> c;

        AuthenticationCallbackWrapper(MATSWrapper mATSWrapper, AdalAction adalAction, @Nullable AuthenticationCallback<AuthenticationResult> authenticationCallback) {
            this.a = mATSWrapper;
            this.b = adalAction;
            this.c = authenticationCallback;
        }

        void a() {
            this.a.endAdalAction(this.b, AdalAuthOutcome.CANCELLED, ErrorSource.CLIENT, "TIME_OUT", "");
        }

        @Override // com.microsoft.aad.adal.AuthenticationCallback
        public void onError(Exception exc) {
            ADALUtil.h(exc, this.b, this.a);
            AuthenticationCallback<AuthenticationResult> authenticationCallback = this.c;
            if (authenticationCallback != null) {
                authenticationCallback.onError(exc);
            }
        }

        @Override // com.microsoft.aad.adal.AuthenticationCallback
        public void onSuccess(AuthenticationResult authenticationResult) {
            this.a.endAdalAction(this.b, AdalAuthOutcome.SUCCEEDED, ErrorSource.NONE, "", "");
            AuthenticationCallback<AuthenticationResult> authenticationCallback = this.c;
            if (authenticationCallback != null) {
                authenticationCallback.onSuccess(authenticationResult);
            }
        }
    }

    @Retention(RetentionPolicy.SOURCE)
    /* loaded from: classes.dex */
    public @interface Resource {
    }

    /* loaded from: classes.dex */
    public interface TokenRefreshedCallback {
        void tokenRefreshFailedForResource(String str, Exception exc);

        void tokenRefreshedForResource(String str, long j, String str2);
    }

    private ADALUtil() {
    }

    public static void acquireToken(Activity activity, AuthenticationContext authenticationContext, String str, String str2, @Nullable String str3, @Nullable String str4, @Nullable PromptBehavior promptBehavior, @Nullable String str5, @Nullable String str6, AuthenticationCallback<AuthenticationResult> authenticationCallback) {
        if (!StringUtil.isNullOrEmpty(str6)) {
            c.sendADALSmartSessionEvent(OTADALSmartSessionEventType.claim_challenge, str);
        }
        authenticationContext.acquireToken(activity, str, str2, str3, str4, promptBehavior, str5, str6, getAcquireTokenCallback(str, authenticationContext, new MATSWrapper(), authenticationCallback));
    }

    public static void acquireTokenByRefreshToken(String str, Context context, String str2, String str3, String str4, AuthenticationCallback<AuthenticationResult> authenticationCallback) {
        AuthenticationContext aDALContext = getADALContext(str, context);
        aDALContext.acquireTokenByRefreshToken(str2, str3, str4, getAcquireTokenCallback(str4, aDALContext, new MATSWrapper(), authenticationCallback));
    }

    public static void acquireTokenInteractiveForCloud(Activity activity, String str, AuthenticationContext authenticationContext, CloudEnvironment cloudEnvironment, AuthenticationCallback<AuthenticationResult> authenticationCallback) {
        acquireToken(activity, authenticationContext, cloudEnvironment.getExchangeResourceID(), CLIENTID, getRedirectUri(), str, PromptBehavior.Always, "nux=1&msafed=0", null, authenticationCallback);
    }

    public static void acquireTokenSilentAsync(AuthenticationContext authenticationContext, String str, String str2, String str3, AuthenticationCallback<AuthenticationResult> authenticationCallback) {
        authenticationContext.acquireTokenSilentAsync(str, str2, str3, getAcquireTokenCallback(str, authenticationContext, new MATSWrapper(), authenticationCallback));
    }

    public static void acquireTokenSilentAsyncForQR(String str, Context context, String str2, String str3, String str4, AuthenticationCallback<AuthenticationResult> authenticationCallback) {
        AuthenticationContext aDALContext = getADALContext(str, context);
        aDALContext.acquireTokenSilentAsync(str2, str3, str4, getAcquireTokenCallback(str2, aDALContext, new MATSWrapper(), authenticationCallback));
    }

    @Nullable
    @WorkerThread
    public static AuthenticationResult acquireTokenSilentSync(Context context, ACMailAccount aCMailAccount, String str, long j, @Nullable String str2, @NonNull UUID uuid, boolean z) throws AuthenticationException, InterruptedException, TimeoutException {
        a.i("Acquire token for account " + aCMailAccount.getAccountID() + " with resource " + str);
        String authorityForAccount = getAuthorityForAccount(aCMailAccount);
        String userID = aCMailAccount.getUserID();
        String str3 = aCMailAccount.getAadTokenClaimChallenges().get(str);
        String str4 = str2 == null ? str3 : str2;
        if (str4 != null) {
            a.i("Acquiring token silently with claim challenge for account " + aCMailAccount.getAccountID());
        }
        try {
            AuthenticationResult b2 = b(context, userID, authorityForAccount, str, uuid, j, str4, z);
            if (b2 != null && b2.getAccessToken() != null && str3 != null) {
                aCMailAccount.removeAadTokenClaimChallenge(str);
            }
            return b2;
        } catch (AuthenticationException e2) {
            if (e2.getCode() != ADALError.AUTH_REFRESH_FAILED_PROMPT_NOT_ALLOWED) {
                throw e2;
            }
            if (!isMessageOnlyException(e2)) {
                throw e2;
            }
            aCMailAccount.addToBlockedScopes(str);
            throw e2;
        }
    }

    @Nullable
    @WorkerThread
    public static AuthenticationResult acquireTokenSilentSync(Context context, ACMailAccount aCMailAccount, String str, long j, boolean z) throws AuthenticationException, InterruptedException, TimeoutException {
        return acquireTokenSilentSync(context, aCMailAccount, str, j, (String) null, UUID.randomUUID(), z);
    }

    @Nullable
    @WorkerThread
    @Deprecated
    public static AuthenticationResult acquireTokenSilentSync(Context context, String str, String str2, String str3, UUID uuid, long j, boolean z) throws AuthenticationException, InterruptedException, TimeoutException {
        return b(context, str, str2, str3, uuid, j, null, z);
    }

    public static AuthenticationResult acquireTokenSilentSync(AuthenticationContext authenticationContext, MATSWrapper mATSWrapper, String str, String str2, String str3) throws AuthenticationException, InterruptedException {
        AdalAction d2 = d(str, authenticationContext, mATSWrapper);
        try {
            AuthenticationResult acquireTokenSilentSync = authenticationContext.acquireTokenSilentSync(str, str2, str3);
            mATSWrapper.endAdalAction(d2, AdalAuthOutcome.SUCCEEDED, ErrorSource.NONE, "", "");
            return acquireTokenSilentSync;
        } catch (AuthenticationException | InterruptedException e2) {
            h(e2, d2, mATSWrapper);
            throw e2;
        }
    }

    @Nullable
    @WorkerThread
    public static AuthenticationResult acquireTokenSilentSyncWithClaimChallenge(Context context, ACMailAccount aCMailAccount, String str, long j, String str2) throws AuthenticationException, InterruptedException, TimeoutException {
        return acquireTokenSilentSync(context, aCMailAccount, str, j, str2, UUID.randomUUID(), true);
    }

    public static AuthenticationContext attemptADALLogin(@NonNull String str, @NonNull String str2, @NonNull Activity activity, @Nullable String str3, AuthenticationCallback<AuthenticationResult> authenticationCallback, boolean z) {
        AuthenticationContext authenticationContext = null;
        try {
            authenticationContext = getADALContext(str, activity.getApplicationContext());
            a.v("Redirect URI: " + authenticationContext.getRedirectUriForBroker());
            acquireToken(activity, authenticationContext, str2, CLIENTID, getRedirectUri(), str3 != null ? str3 : "", z ? PromptBehavior.FORCE_PROMPT : PromptBehavior.Always, "nux=1&msafed=0", null, authenticationCallback);
        } catch (Exception e2) {
            a.e("Exception in ADAL", e2);
        }
        return authenticationContext;
    }

    @Nullable
    @WorkerThread
    private static AuthenticationResult b(Context context, String str, String str2, String str3, UUID uuid, long j, @Nullable String str4, boolean z) throws AuthenticationException, InterruptedException, TimeoutException {
        AuthenticationContext aDALContext = getADALContext(str2, context, uuid);
        final AuthenticationResult[] authenticationResultArr = new AuthenticationResult[1];
        final Exception[] excArr = new Exception[1];
        final CountDownLatch countDownLatch = new CountDownLatch(1);
        AuthenticationCallbackWrapper acquireTokenCallback = getAcquireTokenCallback(str3, aDALContext, new MATSWrapper(), new AuthenticationCallback<AuthenticationResult>() { // from class: com.acompli.accore.util.ADALUtil.1
            @Override // com.microsoft.aad.adal.AuthenticationCallback
            /* renamed from: a, reason: merged with bridge method [inline-methods] */
            public void onSuccess(AuthenticationResult authenticationResult) {
                authenticationResultArr[0] = authenticationResult;
                countDownLatch.countDown();
            }

            @Override // com.microsoft.aad.adal.AuthenticationCallback
            public void onError(@Nullable Exception exc) {
                excArr[0] = exc;
                countDownLatch.countDown();
            }
        });
        if (str4 == null) {
            aDALContext.acquireTokenSilentAsync(str3, CLIENTID, str, z, acquireTokenCallback);
        } else {
            c.sendADALSmartSessionEvent(OTADALSmartSessionEventType.claim_challenge, str3);
            aDALContext.acquireTokenSilentAsync(str3, CLIENTID, str, str4, acquireTokenCallback);
        }
        if (d) {
            j = 30000;
        }
        if (!countDownLatch.await(j, TimeUnit.MILLISECONDS)) {
            acquireTokenCallback.a();
            if (d) {
                c.sendSlowComponentEvent(-2, OTComponentName.token_refresh, null);
            }
            throw new TimeoutException("ADAL operation did not complete");
        }
        Exception exc = excArr[0];
        if (exc == null) {
            return authenticationResultArr[0];
        }
        if (exc instanceof AuthenticationException) {
            throw ((AuthenticationException) exc);
        }
        if (exc instanceof RuntimeException) {
            throw ((RuntimeException) exc);
        }
        if (exc.getCause() == null) {
            throw new AuthenticationException(ADALError.ERROR_SILENT_REQUEST, exc.getMessage(), exc);
        }
        if (exc.getCause() instanceof AuthenticationException) {
            throw ((AuthenticationException) exc.getCause());
        }
        if (exc.getCause() instanceof RuntimeException) {
            throw ((RuntimeException) exc.getCause());
        }
        throw new AuthenticationException(ADALError.ERROR_SILENT_REQUEST, exc.getCause().getMessage(), exc.getCause());
    }

    private static String c(String str) throws UnsupportedEncodingException {
        int length = str.length() % 4;
        String replace = str.replace('-', '+').replace('_', '/');
        if (length != 0) {
            replace = replace + "===".substring(0, 4 - length);
        }
        return new String(Base64.decode(replace, 0), "UTF-8");
    }

    public static void clearCachedAuthTokensForAccount(Context context, FeatureManager featureManager, ACMailAccount aCMailAccount) {
        if (AccountTokenRefreshJob.getSupportedAuthTypes(featureManager).contains(AuthenticationType.findByValue(aCMailAccount.getAuthenticationType()))) {
            getADALContext(getAuthorityForAccount(aCMailAccount), context).getCache().removeAll();
            return;
        }
        a.w("Account " + aCMailAccount.getAccountID() + " had unsupported auth type for clearing tokens");
    }

    private static AdalAction d(String str, AuthenticationContext authenticationContext, MATSWrapper mATSWrapper) {
        UUID requestCorrelationId = authenticationContext.getRequestCorrelationId();
        authenticationContext.setRequestCorrelationId(requestCorrelationId);
        if (isSSMEnabledForResource(str)) {
            ArrayList arrayList = new ArrayList(1);
            arrayList.add(CAPABILITY_LONG_LIVED_TOKEN);
            authenticationContext.setClientCapabilites(arrayList);
        }
        String uuid = requestCorrelationId.toString();
        Loggers.getInstance().getAccountLogger().d(String.format("ADAL auth correlationId: %s for scope %s", uuid, str));
        return mATSWrapper.startAdalAction(mATSWrapper.createScenario(), uuid);
    }

    @Nullable
    private static ADALError e(Exception exc) {
        if (exc instanceof AuthenticationException) {
            return ((AuthenticationException) exc).getCode();
        }
        return null;
    }

    @NonNull
    @VisibleForTesting
    static String f(int i, boolean z) {
        String packageNameForEnvironment = Environment.getPackageNameForEnvironment(i);
        String str = "fcg80qvoM1YMKJZibjBwQcDfOno%3D";
        if (!z) {
            if (i != 0) {
                if (i != 3) {
                    if (i != 4 && i != 5 && i != 6) {
                        throw new IllegalStateException("Target '" + Environment.getAppTarget() + "' is not supported");
                    }
                }
            }
            str = "jE6Au8Nvh42nAczUv%2BJW%2FQ1MTCg%3D";
        }
        return String.format("msauth://%s/%s", packageNameForEnvironment, str);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static /* synthetic */ void g(boolean z, Random random, EventLogger eventLogger, Map map) {
        if (z) {
            MATS.getInstance().processAdalTelemetryBlob(map);
        }
        if (!map.isEmpty() && random.nextInt(100) < 2) {
            map.put("aggregated", "true");
            eventLogger.sendEvent("adal_telemetry", map, null, null, TelemetrySource.ADAL);
        }
    }

    public static AuthenticationContext getADALContext(Context context) {
        return getADALContext(AUTHORITY_PE, context);
    }

    public static AuthenticationContext getADALContext(String str, Context context) {
        AuthenticationSettings.INSTANCE.setUseBroker(isAllowingBroker(context));
        initializeSecretKey();
        AuthenticationContext authenticationContext = new AuthenticationContext(context, str, true);
        authenticationContext.setExtendedLifetimeEnabled(true);
        return authenticationContext;
    }

    public static AuthenticationContext getADALContext(String str, Context context, UUID uuid) {
        AuthenticationContext aDALContext = getADALContext(str, context);
        aDALContext.setRequestCorrelationId(uuid);
        return aDALContext;
    }

    public static AuthenticationCallbackWrapper getAcquireTokenCallback(String str, AuthenticationContext authenticationContext, MATSWrapper mATSWrapper, AuthenticationCallback<AuthenticationResult> authenticationCallback) {
        return new AuthenticationCallbackWrapper(mATSWrapper, d(str, authenticationContext, mATSWrapper), authenticationCallback);
    }

    public static AuthenticationContext getAuthenticationContextForCloud(Context context, CloudEnvironment cloudEnvironment) {
        return getADALContext(cloudEnvironment.getAadAuthority(), context.getApplicationContext());
    }

    @NonNull
    public static String getAuthorityForAccount(ACMailAccount aCMailAccount) {
        return (aCMailAccount == null || aCMailAccount.getAuthorityAAD() == null) ? AUTHORITY_PE : aCMailAccount.getAuthorityAAD();
    }

    @NonNull
    public static String getRedirectUri() {
        return f(Environment.getAppTarget(), true);
    }

    public static synchronized byte[] getSecretKeyBytes() {
        byte[] bArr;
        synchronized (ADALUtil.class) {
            if (b == null) {
                initializeSecretKey();
            }
            bArr = b;
        }
        return bArr;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void h(Exception exc, AdalAction adalAction, MATSWrapper mATSWrapper) {
        ADALError e2 = e(exc);
        if (e2 == null) {
            mATSWrapper.endAdalAction(adalAction, AdalAuthOutcome.FAILED, ErrorSource.SERVICE, "", "");
        } else if (e2 == ADALError.AUTH_FAILED_CANCELLED) {
            mATSWrapper.endAdalAction(adalAction, AdalAuthOutcome.CANCELLED, ErrorSource.AUTHSDK, "AUTH_FAILED_CANCELLED", ADALError.AUTH_FAILED_CANCELLED.getDescription());
        } else {
            mATSWrapper.endAdalAction(adalAction, AdalAuthOutcome.FAILED, ErrorSource.AUTHSDK, e2.name(), e2.getDescription());
        }
    }

    private static void i(int i, @Nullable ACAccountManager aCAccountManager, @Nullable String str, @Nullable String str2) {
        if (aCAccountManager == null) {
            return;
        }
        for (ACMailAccount aCMailAccount : aCAccountManager.getMailAccounts()) {
            if (aCMailAccount.getAccountID() != i) {
                if (!TextUtils.isEmpty(str2) && str2.equalsIgnoreCase(aCMailAccount.getO365UPN())) {
                    c.sendAdalMismatchEvent(OTADALMismatchType.upn_matches_other_account);
                }
                if (!TextUtils.isEmpty(str) && str.equalsIgnoreCase(aCMailAccount.getUserID())) {
                    c.sendAdalMismatchEvent(OTADALMismatchType.oid_matches_other_account);
                }
            }
        }
    }

    public static void initializeAdalTelemetry(final EventLogger eventLogger, BaseAnalyticsProvider baseAnalyticsProvider, final boolean z, boolean z2, boolean z3) {
        c = baseAnalyticsProvider;
        d = z2;
        e = z3;
        final Random random = new Random();
        Telemetry.getInstance().registerDispatcher(new IDispatcher() { // from class: com.acompli.accore.util.a
            @Override // com.microsoft.aad.adal.IDispatcher
            public final void dispatchEvent(Map map) {
                ADALUtil.g(z, random, eventLogger, map);
            }
        }, true);
    }

    public static synchronized void initializeSecretKey() {
        StrictModeProfiler strictModeProfiler;
        String str;
        synchronized (ADALUtil.class) {
            if (b == null) {
                StrictModeProfiler.INSTANCE.beginStrictModeExemption("ADALUtil#initializeSecretKey");
                StrictMode.noteSlowCall("ADALUtil#initializeSecretKey");
                try {
                    try {
                        byte[] encoded = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1").generateSecret(new PBEKeySpec("shpadoinkle".toCharArray(), "salty".getBytes("UTF-8"), 100, 256)).getEncoded();
                        b = encoded;
                        if (encoded == null) {
                            Loggers.getInstance().getAccountLogger().e("Null bytes returned for setting ADAL secret");
                        }
                        AuthenticationSettings.INSTANCE.setSecretKey(b);
                        strictModeProfiler = StrictModeProfiler.INSTANCE;
                        str = "ADALUtil#initializeSecretKey";
                    } catch (Throwable th) {
                        StrictModeProfiler.INSTANCE.endStrictModeExemption("ADALUtil#initializeSecretKey");
                        throw th;
                    }
                } catch (UnsupportedEncodingException | NoSuchAlgorithmException | InvalidKeySpecException e2) {
                    Loggers.getInstance().getAccountLogger().e("Failed to set ADAL secret", e2);
                    strictModeProfiler = StrictModeProfiler.INSTANCE;
                    str = "ADALUtil#initializeSecretKey";
                }
                strictModeProfiler.endStrictModeExemption(str);
            }
        }
    }

    public static boolean isAllowingBroker(Context context) {
        return PreferenceManager.getDefaultSharedPreferences(context).getBoolean("ADALUtil:ALLOW_ADAL_BROKER", true);
    }

    public static boolean isMessageOnlyException(AuthenticationException authenticationException) {
        HashMap<String, String> httpResponseBody = authenticationException.getHttpResponseBody();
        if (httpResponseBody == null) {
            a.e("isMessageOnlyException:: Null http response body");
            return false;
        }
        String str = httpResponseBody.get(AuthenticationConstants.OAuth2.SUBERROR);
        if (StringUtil.isNullOrEmpty(str)) {
            a.e("isMessageOnlyException:: Null or empty suberror value");
            return false;
        }
        if (!str.equalsIgnoreCase(AuthenticationConstants.OAuth2SubErrorCode.MESSAGE_ONLY)) {
            return false;
        }
        a.d("isMessageOnlyException:: message_only suberror - conditional access blocked");
        return true;
    }

    public static boolean isSSMEnabledForResource(String str) {
        return "https://outlook.office365.com/".equals(str) || (e && isSharepointResource(str));
    }

    public static boolean isSharepointResource(String str) {
        return str.contains(f) || str.contains(g);
    }

    private static void j(int i) {
        AuthenticationSettings.INSTANCE.setExpirationBuffer(i);
    }

    private static void k(ACMailAccount aCMailAccount, String str, @Nullable ACAccountManager aCAccountManager) {
        if (aCMailAccount == null || TextUtils.isEmpty(str)) {
            return;
        }
        try {
            String[] split = str.split("\\.");
            if (split.length != 3) {
                c.sendAdalMismatchEvent(OTADALMismatchType.token_not_3_parts);
                return;
            }
            JSONObject jSONObject = new JSONObject(new String(Base64.decode(split[1], 8)));
            String string = jSONObject.getString("oid");
            String string2 = jSONObject.getString("tid");
            String string3 = jSONObject.getString("upn");
            i(aCMailAccount.getAccountID(), aCAccountManager, string, string3);
            if (!TextUtils.isEmpty(string) && !string.equalsIgnoreCase(aCMailAccount.getUserID())) {
                c.sendAdalMismatchEvent(OTADALMismatchType.token_oid_account_userid_mismatch);
            }
            if (!TextUtils.isEmpty(aCMailAccount.getXAnchorMailbox())) {
                if (!aCMailAccount.getXAnchorMailbox().equalsIgnoreCase(string + DogfoodNudgeUtil.AT + string2)) {
                    c.sendAdalMismatchEvent(OTADALMismatchType.token_oid_at_tid_anchor_mailbox_mismatch);
                }
            }
            if (TextUtils.isEmpty(string3) || string3.equalsIgnoreCase(aCMailAccount.getO365UPN())) {
                return;
            }
            c.sendAdalMismatchEvent(OTADALMismatchType.token_upn_account_upn_mismatch);
        } catch (JSONException unused) {
            a.w("Failed to parse JSON for decoded JWT");
            c.sendAdalMismatchEvent(OTADALMismatchType.json_parse_oid_tid_upn_failed);
        } catch (Exception unused2) {
            a.w("Failed to parse base64 for JWT");
            c.sendAdalMismatchEvent(OTADALMismatchType.base64_parse_failed);
        }
    }

    @NonNull
    public static Map<AADTokenProperty, Object> parseTokenProperties(String str, AADTokenProperty... aADTokenPropertyArr) {
        HashMap hashMap = new HashMap();
        if (aADTokenPropertyArr.length != 0 && !TextUtils.isEmpty(str) && str.contains(GroupUtils.DOT)) {
            String[] split = str.split("\\.");
            if (split.length < 3) {
                return hashMap;
            }
            try {
                JSONObject jSONObject = new JSONObject(c(split[1]));
                for (AADTokenProperty aADTokenProperty : aADTokenPropertyArr) {
                    if (jSONObject.has(aADTokenProperty.getKey())) {
                        hashMap.put(aADTokenProperty, jSONObject.get(aADTokenProperty.getKey()));
                    }
                }
            } catch (UnsupportedEncodingException e2) {
                a.e("Error decoding token (base64) ", e2);
            } catch (JSONException e3) {
                a.e("Error parsing token json ", e3);
            }
        }
        return hashMap;
    }

    @Deprecated
    public static void refreshTokenForResource(@Nullable Activity activity, Context context, ACMailAccount aCMailAccount, final String str, final TokenRefreshedCallback tokenRefreshedCallback) {
        try {
            AuthenticationContext aDALContext = getADALContext(getAuthorityForAccount(aCMailAccount), context);
            AuthenticationCallback<AuthenticationResult> authenticationCallback = new AuthenticationCallback<AuthenticationResult>() { // from class: com.acompli.accore.util.ADALUtil.2
                @Override // com.microsoft.aad.adal.AuthenticationCallback
                /* renamed from: a, reason: merged with bridge method [inline-methods] */
                public void onSuccess(AuthenticationResult authenticationResult) {
                    TokenRefreshedCallback.this.tokenRefreshedForResource(authenticationResult.getAccessToken(), authenticationResult.getExpiresOn() != null ? authenticationResult.getExpiresOn().getTime() : 0L, str);
                }

                @Override // com.microsoft.aad.adal.AuthenticationCallback
                public void onError(Exception exc) {
                    TokenRefreshedCallback.this.tokenRefreshFailedForResource(str, exc);
                }
            };
            if (activity == null) {
                acquireTokenSilentAsync(aDALContext, str, CLIENTID, aCMailAccount.getUserID(), authenticationCallback);
            } else {
                acquireToken(activity, aDALContext, str, CLIENTID, getRedirectUri(), aCMailAccount.getO365UPN(), PromptBehavior.Auto, "nux=1&msafed=0", null, authenticationCallback);
            }
        } catch (Exception e2) {
            tokenRefreshedCallback.tokenRefreshFailedForResource(str, e2);
        }
    }

    public static void setAllowBroker(Context context, boolean z) {
        AuthenticationSettings.INSTANCE.setUseBroker(z);
        PreferenceManager.getDefaultSharedPreferences(context).edit().putBoolean("ADALUtil:ALLOW_ADAL_BROKER", z).apply();
    }

    public static void setDefaultAdalTokenBufferExpiration() {
        j(1320);
    }

    public static void setOneDayAdalTokenBufferExpiration() {
        j(86400);
    }

    @WorkerThread
    public static void updateAccountWithAuthResult(ACCore aCCore, ACMailAccount aCMailAccount, AuthenticationResult authenticationResult) {
        if (authenticationResult.getUserInfo() != null) {
            String userId = authenticationResult.getUserInfo().getUserId();
            String displayableId = authenticationResult.getUserInfo().getDisplayableId();
            if (aCMailAccount.getUserID() != null && userId != null && !userId.equals(aCMailAccount.getUserID())) {
                c.sendAdalMismatchEvent(OTADALMismatchType.azure_userid_account_userid_mismatch);
            }
            if (!TextUtils.isEmpty(userId)) {
                aCMailAccount.setUserID(userId);
            }
            if (!TextUtils.isEmpty(displayableId) && !TextUtils.equals(displayableId, aCMailAccount.getO365UPN())) {
                aCMailAccount.setUsername(displayableId);
            }
        }
        aCMailAccount.setRefreshToken(authenticationResult.getRefreshToken());
        if (!TextUtils.isEmpty(authenticationResult.getAccessToken())) {
            aCMailAccount.setAccessToken(authenticationResult.getAccessToken());
            k(aCMailAccount, authenticationResult.getAccessToken(), aCCore.getAccountManager());
        }
        if (authenticationResult.getExpiresOn() != null) {
            aCMailAccount.setTokenExpiration(authenticationResult.getExpiresOn().getTime());
        }
        aCCore.getAccountManager().updateAccount(aCMailAccount);
        aCCore.getMAMEnrollmentUtil().onAadTokenRefreshed(aCMailAccount, authenticationResult);
    }
}
