package com.microsoft.aad.adal;

import android.accounts.Account;
import android.accounts.AccountManager;
import android.accounts.AccountManagerFuture;
import android.accounts.AuthenticatorDescription;
import android.accounts.AuthenticatorException;
import android.accounts.OperationCanceledException;
import android.annotation.SuppressLint;
import android.annotation.TargetApi;
import android.content.Context;
import android.content.Intent;
import android.content.pm.PackageInfo;
import android.content.pm.PackageManager;
import android.content.pm.ResolveInfo;
import android.content.pm.Signature;
import android.os.Build;
import android.os.Bundle;
import android.os.Handler;
import android.os.Looper;
import android.text.TextUtils;
import android.util.Base64;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertPathValidator;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import java.util.Set;

/* JADX INFO: Access modifiers changed from: package-private */
@TargetApi(14)
/* loaded from: classes.dex */
public class k {

    /* renamed from: a, reason: collision with root package name */
    private Context f9233a;

    /* renamed from: b, reason: collision with root package name */
    private AccountManager f9234b;

    /* renamed from: c, reason: collision with root package name */
    private Handler f9235c;

    /* renamed from: d, reason: collision with root package name */
    private final String f9236d = h.INSTANCE.c();

    /* loaded from: classes.dex */
    enum a {
        CAN_SWITCH_TO_BROKER,
        CANNOT_SWITCH_TO_BROKER,
        NEED_PERMISSIONS_TO_SWITCH_TO_BROKER
    }

    public k() {
    }

    public k(Context context) {
        this.f9233a = context;
        this.f9234b = AccountManager.get(this.f9233a);
        this.f9235c = new Handler(this.f9233a.getMainLooper());
    }

    private Intent a(Bundle bundle) {
        try {
            return (Intent) this.f9234b.addAccount("com.microsoft.workaccount", "adal.authtoken.type", null, bundle, null, null, this.f9235c).getResult().getParcelable("intent");
        } catch (AuthenticatorException e) {
            ah.b("BrokerProxy", "Authenticator cancels the request", "", com.microsoft.aad.adal.a.BROKER_AUTHENTICATOR_NOT_RESPONDING, e);
            return null;
        } catch (OperationCanceledException e2) {
            ah.b("BrokerProxy", "Authenticator cancels the request", "", com.microsoft.aad.adal.a.AUTH_FAILED_CANCELLED, e2);
            return null;
        } catch (IOException e3) {
            ah.b("BrokerProxy", "Authenticator cancels the request", "", com.microsoft.aad.adal.a.BROKER_AUTHENTICATOR_IO_EXCEPTION, e3);
            return null;
        }
    }

    private au a(String str, au[] auVarArr) {
        if (auVarArr != null) {
            for (au auVar : auVarArr) {
                if (auVar != null && !TextUtils.isEmpty(auVar.a()) && auVar.a().equalsIgnoreCase(str)) {
                    return auVar;
                }
            }
        }
        return null;
    }

    private void a(List<X509Certificate> list) {
        for (X509Certificate x509Certificate : list) {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA");
            messageDigest.update(x509Certificate.getEncoded());
            String encodeToString = Base64.encodeToString(messageDigest.digest(), 2);
            if (this.f9236d.equals(encodeToString) || "ho040S3ffZkmxqtQrSwpTVOn9r0=".equals(encodeToString)) {
                return;
            }
        }
        throw new d(com.microsoft.aad.adal.a.BROKER_APP_VERIFICATION_FAILED);
    }

    private boolean a(AccountManager accountManager) {
        for (AuthenticatorDescription authenticatorDescription : accountManager.getAuthenticatorTypes()) {
            if (authenticatorDescription.type.equals("com.microsoft.workaccount") && d(authenticatorDescription.packageName)) {
                return true;
            }
        }
        return false;
    }

    private boolean a(AccountManager accountManager, String str, String str2) {
        for (AuthenticatorDescription authenticatorDescription : accountManager.getAuthenticatorTypes()) {
            if (authenticatorDescription.type.equals("com.microsoft.workaccount")) {
                Account[] accountsByType = this.f9234b.getAccountsByType("com.microsoft.workaccount");
                if (authenticatorDescription.packageName.equalsIgnoreCase("com.azure.authenticator") || authenticatorDescription.packageName.equalsIgnoreCase("com.microsoft.windowsintune.companyportal") || authenticatorDescription.packageName.equalsIgnoreCase(h.INSTANCE.b())) {
                    if (c(authenticatorDescription.packageName)) {
                        return true;
                    }
                    if (accountsByType.length > 0) {
                        return a(accountsByType, str, str2);
                    }
                }
            }
        }
        return false;
    }

    private boolean a(Context context, Intent intent) {
        List<ResolveInfo> queryIntentServices;
        return (intent == null || (queryIntentServices = context.getPackageManager().queryIntentServices(intent, 0)) == null || queryIntentServices.size() <= 0) ? false : true;
    }

    private boolean a(Intent intent) {
        if (intent == null) {
            throw new IllegalArgumentException("intent");
        }
        return "v2".equalsIgnoreCase(intent.getStringExtra("broker.version"));
    }

    private boolean a(Account[] accountArr, String str, String str2) {
        if (!ao.a(str)) {
            return str.equalsIgnoreCase(accountArr[0].name);
        }
        if (ao.a(str2)) {
            return true;
        }
        try {
            return a(str2, c()) != null;
        } catch (AuthenticatorException | OperationCanceledException | IOException e) {
            ah.b("BrokerProxy", "VerifyAccount:" + e.getMessage(), "", com.microsoft.aad.adal.a.BROKER_AUTHENTICATOR_EXCEPTION, e);
            ah.c("BrokerProxy", "It could not check the uniqueid from broker. It is not using broker");
            return false;
        }
    }

    private Bundle b(e eVar) {
        Bundle bundle = new Bundle();
        bundle.putInt("com.microsoft.aad.adal:RequestId", eVar.j());
        bundle.putString("account.authority", eVar.a());
        bundle.putString("account.resource", eVar.c());
        bundle.putString("account.redirect", eVar.b());
        bundle.putString("account.clientid.key", eVar.d());
        bundle.putString("adal.version.key", eVar.m());
        bundle.putString("account.userinfo.userid", eVar.l());
        bundle.putString("account.extra.query.param", eVar.g());
        if (eVar.f() != null) {
            bundle.putString("account.correlationid", eVar.f().toString());
        }
        String k = eVar.k();
        if (ao.a(k)) {
            k = eVar.e();
        }
        bundle.putString("account.login.hint", k);
        bundle.putString("account.name", k);
        if (eVar.i() != null) {
            bundle.putString("account.prompt", eVar.i().name());
        }
        return bundle;
    }

    private String b(String str) {
        if (this.f9233a.getPackageManager().checkPermission(str, this.f9233a.getPackageName()) == 0) {
            return "";
        }
        ah.f("BrokerProxy", "Broker related permissions are missing for " + str, "", com.microsoft.aad.adal.a.DEVELOPER_BROKER_PERMISSIONS_MISSING);
        return str + ' ';
    }

    private void b(List<X509Certificate> list) {
        PKIXParameters pKIXParameters = new PKIXParameters((Set<TrustAnchor>) Collections.singleton(new TrustAnchor(c(list), null)));
        pKIXParameters.setRevocationEnabled(false);
        CertPathValidator.getInstance("PKIX").validate(CertificateFactory.getInstance("X.509").generateCertPath(list), pKIXParameters);
    }

    private X509Certificate c(List<X509Certificate> list) {
        int i;
        int i2 = 0;
        X509Certificate x509Certificate = null;
        for (X509Certificate x509Certificate2 : list) {
            if (x509Certificate2.getSubjectDN().equals(x509Certificate2.getIssuerDN())) {
                i = i2 + 1;
            } else {
                x509Certificate2 = x509Certificate;
                i = i2;
            }
            i2 = i;
            x509Certificate = x509Certificate2;
        }
        if (i2 > 1 || x509Certificate == null) {
            throw new d(com.microsoft.aad.adal.a.BROKER_APP_VERIFICATION_FAILED, "Multiple self signed certs found or no self signed cert existed.");
        }
        return x509Certificate;
    }

    private boolean c(String str) {
        Intent intent = new Intent();
        intent.setPackage(str);
        intent.setClassName(str, str + ".ui.AccountChooserActivity");
        return this.f9233a.getPackageManager().queryIntentActivities(intent, 0).size() > 0;
    }

    private boolean d() {
        return a(this.f9233a, j.c(this.f9233a));
    }

    private boolean d(String str) {
        try {
            List<X509Certificate> e = e(str);
            a(e);
            if (e.size() <= 1) {
                return true;
            }
            b(e);
            return true;
        } catch (PackageManager.NameNotFoundException e2) {
            ah.g("BrokerProxy", "Broker related package does not exist", "", com.microsoft.aad.adal.a.BROKER_PACKAGE_NAME_NOT_FOUND);
            return false;
        } catch (d e3) {
            e = e3;
            ah.b("BrokerProxy", e.getMessage(), "", com.microsoft.aad.adal.a.BROKER_VERIFICATION_FAILED, e);
            return false;
        } catch (IOException e4) {
            e = e4;
            ah.b("BrokerProxy", e.getMessage(), "", com.microsoft.aad.adal.a.BROKER_VERIFICATION_FAILED, e);
            return false;
        } catch (NoSuchAlgorithmException e5) {
            ah.g("BrokerProxy", "Digest SHA algorithm does not exists", "", com.microsoft.aad.adal.a.DEVICE_NO_SUCH_ALGORITHM);
            return false;
        } catch (GeneralSecurityException e6) {
            e = e6;
            ah.b("BrokerProxy", e.getMessage(), "", com.microsoft.aad.adal.a.BROKER_VERIFICATION_FAILED, e);
            return false;
        }
    }

    @SuppressLint({"PackageManagerGetSignatures"})
    private List<X509Certificate> e(String str) {
        PackageInfo packageInfo = this.f9233a.getPackageManager().getPackageInfo(str, 64);
        if (packageInfo == null) {
            throw new d(com.microsoft.aad.adal.a.APP_PACKAGE_NAME_NOT_FOUND, "No broker package existed.");
        }
        if (packageInfo.signatures == null || packageInfo.signatures.length == 0) {
            throw new d(com.microsoft.aad.adal.a.BROKER_APP_VERIFICATION_FAILED, "No signature associated with the broker package.");
        }
        ArrayList arrayList = new ArrayList(packageInfo.signatures.length);
        for (Signature signature : packageInfo.signatures) {
            try {
                arrayList.add((X509Certificate) CertificateFactory.getInstance("X509").generateCertificate(new ByteArrayInputStream(signature.toByteArray())));
            } catch (CertificateException e) {
                throw new d(com.microsoft.aad.adal.a.BROKER_APP_VERIFICATION_FAILED);
            }
        }
        return arrayList;
    }

    private au[] e() {
        Account[] accountsByType = this.f9234b.getAccountsByType("com.microsoft.workaccount");
        Bundle bundle = new Bundle();
        bundle.putBoolean("com.microsoft.workaccount.user.info", true);
        ah.c("BrokerProxy", "Retrieve all the accounts from account manager with broker account type, and the account length is: " + accountsByType.length);
        au[] auVarArr = new au[accountsByType.length];
        int i = 0;
        while (true) {
            int i2 = i;
            if (i2 >= accountsByType.length) {
                return auVarArr;
            }
            AccountManagerFuture<Bundle> updateCredentials = this.f9234b.updateCredentials(accountsByType[i2], "adal.authtoken.type", bundle, null, null, null);
            ah.c("BrokerProxy", "Waiting for userinfo retrieval result from Broker.");
            Bundle result = updateCredentials.getResult();
            auVarArr[i2] = new au(result.getString("account.userinfo.userid"), result.getString("account.userinfo.given.name"), result.getString("account.userinfo.family.name"), result.getString("account.userinfo.identity.provider"), result.getString("account.userinfo.userid.displayable"));
            i = i2 + 1;
        }
    }

    public Intent a(e eVar) {
        Intent a2;
        Bundle b2 = b(eVar);
        if (d()) {
            a2 = j.a().b(this.f9233a);
            a2.putExtras(b2);
        } else {
            a2 = a(b2);
        }
        if (a2 != null) {
            a2.putExtra("com.microsoft.aadbroker.adal.broker.request", "com.microsoft.aadbroker.adal.broker.request");
            if (!a(a2) && ak.FORCE_PROMPT == eVar.i()) {
                ah.c("BrokerProxy", "FORCE_PROMPT is set for broker auth via old version of broker app, reset to ALWAYS.");
                a2.putExtra("account.prompt", ak.Always.name());
            }
        }
        return a2;
    }

    public a a(String str) {
        try {
            URL url = new URL(str);
            String packageName = this.f9233a.getPackageName();
            boolean z = (!h.INSTANCE.e() || packageName.equalsIgnoreCase(h.INSTANCE.b()) || packageName.equalsIgnoreCase("com.azure.authenticator") || !a(this.f9234b) || as.a(url)) ? false : true;
            if (!z) {
                ah.c("BrokerProxy", "Broker auth is turned off or no valid broker is available on the device, cannot switch to broker.");
                return a.CANNOT_SWITCH_TO_BROKER;
            }
            if (!d()) {
                if (!(z && a(this.f9234b, "", ""))) {
                    ah.c("BrokerProxy", "No valid account existed in broker, cannot switch to broker for auth.");
                    return a.CANNOT_SWITCH_TO_BROKER;
                }
                try {
                    a();
                } catch (at e) {
                    ah.c("BrokerProxy", "Missing GET_ACCOUNTS permission, cannot switch to broker.");
                    return a.NEED_PERMISSIONS_TO_SWITCH_TO_BROKER;
                }
            }
            return a.CAN_SWITCH_TO_BROKER;
        } catch (MalformedURLException e2) {
            throw new IllegalArgumentException(com.microsoft.aad.adal.a.DEVELOPER_AUTHORITY_IS_NOT_VALID_URL.name());
        }
    }

    @TargetApi(23)
    public boolean a() {
        StringBuilder sb = new StringBuilder();
        if (Build.VERSION.SDK_INT >= 23) {
            sb.append(b("android.permission.GET_ACCOUNTS"));
            if (sb.length() != 0) {
                throw new at(com.microsoft.aad.adal.a.DEVELOPER_BROKER_PERMISSIONS_MISSING, "Broker related permissions are missing for " + sb.toString());
            }
        } else {
            ah.c("BrokerProxy", "Device is lower than 23, skip the GET_ACCOUNTS permission check.");
        }
        return true;
    }

    public String b() {
        for (AuthenticatorDescription authenticatorDescription : this.f9234b.getAuthenticatorTypes()) {
            if (authenticatorDescription.type.equals("com.microsoft.workaccount")) {
                return authenticatorDescription.packageName;
            }
        }
        return null;
    }

    public au[] c() {
        if (Looper.myLooper() == Looper.getMainLooper()) {
            throw new IllegalArgumentException("Calling getBrokerUsers on main thread");
        }
        return d() ? j.a().a(this.f9233a) : e();
    }
}
