package i.h.a.a;

import android.accounts.Account;
import android.accounts.AccountManager;
import android.accounts.AccountManagerCallback;
import android.accounts.AccountManagerFuture;
import android.accounts.AuthenticatorDescription;
import android.accounts.AuthenticatorException;
import android.accounts.OperationCanceledException;
import android.annotation.TargetApi;
import android.content.Context;
import android.content.Intent;
import android.content.pm.PackageInfo;
import android.content.pm.PackageManager;
import android.content.pm.Signature;
import android.os.Bundle;
import android.os.Handler;
import android.os.Looper;
import android.text.TextUtils;
import android.util.Base64;
import com.microsoft.aad.adal.AuthenticationException;
import com.samsung.android.knox.container.KnoxContainerManager;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertPathValidator;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Date;
import java.util.GregorianCalendar;
import java.util.List;
import java.util.Set;
import java.util.UUID;

/* compiled from: BrokerProxy.java */
@TargetApi(14)
/* loaded from: classes.dex */
public class r implements d0 {

    /* renamed from: a, reason: collision with root package name */
    public Context f9392a;
    public AccountManager b;
    public Handler c;
    public final String d = p.INSTANCE.f9374m;

    public r(Context context) {
        this.f9392a = context;
        this.b = AccountManager.get(context);
        this.c = new Handler(this.f9392a.getMainLooper());
    }

    public boolean a() {
        boolean z;
        String packageName = this.f9392a.getPackageName();
        if (p.INSTANCE.f9376o) {
            PackageManager packageManager = this.f9392a.getPackageManager();
            boolean z2 = packageManager.checkPermission("android.permission.GET_ACCOUNTS", this.f9392a.getPackageName()) == 0 && packageManager.checkPermission("android.permission.MANAGE_ACCOUNTS", this.f9392a.getPackageName()) == 0 && packageManager.checkPermission("android.permission.USE_CREDENTIALS", this.f9392a.getPackageName()) == 0;
            if (!z2) {
                m0.k("BrokerProxy", "Broker related permissions are missing for GET_ACCOUNTS, MANAGE_ACCOUNTS, USE_CREDENTIALS", "", a.DEVELOPER_BROKER_PERMISSIONS_MISSING);
            }
            if (z2 && b(this.b, "", "") && !packageName.equalsIgnoreCase(p.INSTANCE.f9373l) && !packageName.equalsIgnoreCase("com.azure.authenticator")) {
                AuthenticatorDescription[] authenticatorTypes = this.b.getAuthenticatorTypes();
                int length = authenticatorTypes.length;
                int i2 = 0;
                while (true) {
                    if (i2 >= length) {
                        z = false;
                        break;
                    }
                    AuthenticatorDescription authenticatorDescription = authenticatorTypes[i2];
                    if (authenticatorDescription.type.equals("com.microsoft.workaccount") && m(authenticatorDescription.packageName)) {
                        z = true;
                        break;
                    }
                    i2++;
                }
                if (z) {
                    return true;
                }
            }
        }
        return false;
    }

    public final boolean b(AccountManager accountManager, String str, String str2) {
        for (AuthenticatorDescription authenticatorDescription : accountManager.getAuthenticatorTypes()) {
            if (authenticatorDescription.type.equals("com.microsoft.workaccount")) {
                Account[] accountsByType = this.b.getAccountsByType("com.microsoft.workaccount");
                if (authenticatorDescription.packageName.equalsIgnoreCase("com.azure.authenticator") || authenticatorDescription.packageName.equalsIgnoreCase("com.microsoft.windowsintune.companyportal") || authenticatorDescription.packageName.equalsIgnoreCase(p.INSTANCE.f9373l)) {
                    String str3 = authenticatorDescription.packageName;
                    Intent intent = new Intent();
                    intent.setPackage(str3);
                    intent.setClassName(str3, str3 + ".ui.AccountChooserActivity");
                    if (this.f9392a.getPackageManager().queryIntentActivities(intent, 0).size() > 0) {
                        m0.i("BrokerProxy", "Broker supports to add user through app");
                        return true;
                    }
                    if (accountsByType != null && accountsByType.length > 0) {
                        if (!i.g.a.t.a(str)) {
                            return str.equalsIgnoreCase(accountsByType[0].name);
                        }
                        if (!i.g.a.t.a(str2)) {
                            try {
                                if (d(str2, g()) == null) {
                                    return false;
                                }
                            } catch (AuthenticatorException | OperationCanceledException | IOException e) {
                                m0.e("BrokerProxy", i.a.c.a.a.O(e, i.a.c.a.a.s("VerifyAccount:")), "", a.BROKER_AUTHENTICATOR_EXCEPTION, e);
                                m0.i("BrokerProxy", "It could not check the uniqueid from broker. It is not using broker");
                                return false;
                            }
                        }
                        return true;
                    }
                }
            }
        }
        return false;
    }

    public final Account c(String str, Account[] accountArr) {
        String str2;
        if (accountArr == null) {
            return null;
        }
        for (Account account : accountArr) {
            if (account != null && (str2 = account.name) != null && str2.equalsIgnoreCase(str)) {
                return account;
            }
        }
        return null;
    }

    public final x0 d(String str, x0[] x0VarArr) {
        if (x0VarArr == null) {
            return null;
        }
        for (x0 x0Var : x0VarArr) {
            if (x0Var != null && !TextUtils.isEmpty(x0Var.f9430k) && x0Var.f9430k.equalsIgnoreCase(str)) {
                return x0Var;
            }
        }
        return null;
    }

    public n e(l lVar) {
        Account account;
        Account c;
        a aVar = a.BROKER_AUTHENTICATOR_IO_EXCEPTION;
        Looper myLooper = Looper.myLooper();
        if (myLooper != null && myLooper == this.f9392a.getMainLooper()) {
            IllegalStateException illegalStateException = new IllegalStateException("calling this from your main thread can lead to deadlock");
            m0.e("BrokerProxy", "calling this from your main thread can lead to deadlock and/or ANRs", "", a.DEVELOPER_CALLING_ON_MAIN_THREAD, illegalStateException);
            if (this.f9392a.getApplicationInfo().targetSdkVersion >= 8) {
                throw illegalStateException;
            }
        }
        Account[] accountsByType = this.b.getAccountsByType("com.microsoft.workaccount");
        n nVar = null;
        if (TextUtils.isEmpty(lVar.r)) {
            try {
                x0 d = d(lVar.q, g());
                c = d != null ? c(d.f9431l, accountsByType) : null;
            } catch (AuthenticatorException | OperationCanceledException | IOException e) {
                m0.e("BrokerProxy", e.getMessage(), "", aVar, e);
                account = null;
            }
        } else {
            c = c(lVar.r, accountsByType);
        }
        account = c;
        if (account == null) {
            m0.i("BrokerProxy", "Target account is not found");
            return null;
        }
        try {
            AccountManagerFuture<Bundle> authToken = this.b.getAuthToken(account, "adal.authtoken.type", f(lVar), false, (AccountManagerCallback<Bundle>) null, this.c);
            m0.i("BrokerProxy", "Received result from Authenticator");
            nVar = i(authToken.getResult());
        } catch (AuthenticatorException unused) {
            m0.d("BrokerProxy", "Authenticator cancels the request", "", a.BROKER_AUTHENTICATOR_NOT_RESPONDING);
        } catch (OperationCanceledException e2) {
            m0.e("BrokerProxy", "Authenticator cancels the request", "", a.AUTH_FAILED_CANCELLED, e2);
        } catch (IOException unused2) {
            m0.d("BrokerProxy", "Authenticator cancels the request", "", aVar);
        }
        m0.i("BrokerProxy", "Returning result from Authenticator");
        return nVar;
    }

    public final Bundle f(l lVar) {
        Bundle bundle = new Bundle();
        bundle.putInt("com.microsoft.aad.adal:RequestId", lVar.f9343k);
        bundle.putString("account.authority", lVar.f9344l);
        bundle.putString("account.resource", lVar.f9346n);
        bundle.putString("account.redirect", lVar.f9345m);
        bundle.putString("account.clientid.key", lVar.f9347o);
        bundle.putString("adal.version.key", lVar.w);
        bundle.putString("account.extra.query.param", lVar.t);
        UUID uuid = lVar.s;
        if (uuid != null) {
            bundle.putString("account.correlationid", uuid.toString());
        }
        String str = lVar.r;
        if (i.g.a.t.a(str)) {
            str = lVar.f9348p;
        }
        bundle.putString("account.login.hint", str);
        bundle.putString("account.name", str);
        p0 p0Var = lVar.u;
        if (p0Var != null) {
            bundle.putString("account.prompt", p0Var.name());
        }
        return bundle;
    }

    public x0[] g() {
        if (Looper.myLooper() == Looper.getMainLooper()) {
            throw new IllegalArgumentException("Calling getBrokerUsers on main thread");
        }
        Account[] accountsByType = this.b.getAccountsByType("com.microsoft.workaccount");
        Bundle bundle = new Bundle();
        bundle.putBoolean("com.microsoft.workaccount.user.info", true);
        if (accountsByType == null) {
            return null;
        }
        x0[] x0VarArr = new x0[accountsByType.length];
        for (int i2 = 0; i2 < accountsByType.length; i2++) {
            AccountManagerFuture<Bundle> updateCredentials = this.b.updateCredentials(accountsByType[i2], "adal.authtoken.type", bundle, null, null, null);
            m0.i("BrokerProxy", "Waiting for the result");
            Bundle result = updateCredentials.getResult();
            x0VarArr[i2] = new x0(result.getString("account.userinfo.userid"), result.getString("account.userinfo.given.name"), result.getString("account.userinfo.family.name"), result.getString("account.userinfo.identity.provider"), result.getString("account.userinfo.userid.displayable"));
        }
        return x0VarArr;
    }

    public Intent h(l lVar) {
        Intent intent = null;
        try {
            Intent intent2 = (Intent) this.b.addAccount("com.microsoft.workaccount", "adal.authtoken.type", null, f(lVar), null, null, this.c).getResult().getParcelable(KnoxContainerManager.INTENT_BUNDLE);
            if (intent2 == null) {
                return intent2;
            }
            try {
                intent2.putExtra("com.microsoft.aadbroker.adal.broker.request", "com.microsoft.aadbroker.adal.broker.request");
                if (j(intent2) || p0.FORCE_PROMPT != lVar.u) {
                    return intent2;
                }
                m0.i("BrokerProxy", "FORCE_PROMPT is set for broker auth via old version of broker app, reset to ALWAYS.");
                intent2.putExtra("account.prompt", p0.Always.name());
                return intent2;
            } catch (AuthenticatorException e) {
                e = e;
                intent = intent2;
                m0.e("BrokerProxy", "Authenticator cancels the request", "", a.BROKER_AUTHENTICATOR_NOT_RESPONDING, e);
                return intent;
            } catch (OperationCanceledException e2) {
                e = e2;
                intent = intent2;
                m0.e("BrokerProxy", "Authenticator cancels the request", "", a.AUTH_FAILED_CANCELLED, e);
                return intent;
            } catch (IOException e3) {
                e = e3;
                intent = intent2;
                m0.e("BrokerProxy", "Authenticator cancels the request", "", a.BROKER_AUTHENTICATOR_IO_EXCEPTION, e);
                return intent;
            }
        } catch (AuthenticatorException e4) {
            e = e4;
        } catch (OperationCanceledException e5) {
            e = e5;
        } catch (IOException e6) {
            e = e6;
        }
    }

    public final n i(Bundle bundle) {
        Date date;
        if (bundle == null) {
            throw new IllegalArgumentException("bundleResult");
        }
        int i2 = bundle.getInt("errorCode");
        String string = bundle.getString("errorMessage");
        if (!i.g.a.t.a(string)) {
            a aVar = a.BROKER_AUTHENTICATOR_ERROR_GETAUTHTOKEN;
            if (i2 == 6) {
                aVar = a.BROKER_AUTHENTICATOR_UNSUPPORTED_OPERATION;
            } else if (i2 == 7) {
                aVar = a.BROKER_AUTHENTICATOR_BAD_ARGUMENTS;
            } else if (i2 == 9) {
                aVar = a.BROKER_AUTHENTICATOR_BAD_AUTHENTICATION;
            }
            throw new AuthenticationException(aVar, string);
        }
        if (bundle.getBoolean("account.initial.request")) {
            n nVar = new n();
            nVar.w = true;
            return nVar;
        }
        x0 a2 = x0.a(bundle);
        String string2 = bundle.getString("account.userinfo.tenantid", "");
        if (bundle.getLong("account.expiredate") == 0) {
            m0.i("BrokerProxy", "Broker doesn't return expire date, set it current date plus one hour");
            GregorianCalendar gregorianCalendar = new GregorianCalendar();
            gregorianCalendar.add(13, 3600);
            date = gregorianCalendar.getTime();
        } else {
            date = new Date(bundle.getLong("account.expiredate"));
        }
        return new n(bundle.getString("authtoken"), "", date, false, a2, string2, "");
    }

    public final boolean j(Intent intent) {
        return "v2".equalsIgnoreCase(intent.getStringExtra("broker.version"));
    }

    public final List<X509Certificate> k(String str) {
        a aVar = a.BROKER_APP_VERIFICATION_FAILED;
        PackageInfo packageInfo = this.f9392a.getPackageManager().getPackageInfo(str, 64);
        if (packageInfo == null) {
            throw new AuthenticationException(a.APP_PACKAGE_NAME_NOT_FOUND, "No broker package existed.");
        }
        Signature[] signatureArr = packageInfo.signatures;
        if (signatureArr == null || signatureArr.length == 0) {
            throw new AuthenticationException(aVar, "No signature associated with the broker package.");
        }
        ArrayList arrayList = new ArrayList(packageInfo.signatures.length);
        for (Signature signature : packageInfo.signatures) {
            try {
                arrayList.add((X509Certificate) CertificateFactory.getInstance("X509").generateCertificate(new ByteArrayInputStream(signature.toByteArray())));
            } catch (CertificateException unused) {
                throw new AuthenticationException(aVar);
            }
        }
        return arrayList;
    }

    public final void l(List<X509Certificate> list) {
        X509Certificate x509Certificate = null;
        int i2 = 0;
        for (X509Certificate x509Certificate2 : list) {
            if (x509Certificate2.getSubjectDN().equals(x509Certificate2.getIssuerDN())) {
                i2++;
                x509Certificate = x509Certificate2;
            }
        }
        if (i2 > 1 || x509Certificate == null) {
            throw new AuthenticationException(a.BROKER_APP_VERIFICATION_FAILED, "Multiple self signed certs found or no self signed cert existed.");
        }
        PKIXParameters pKIXParameters = new PKIXParameters((Set<TrustAnchor>) Collections.singleton(new TrustAnchor(x509Certificate, null)));
        pKIXParameters.setRevocationEnabled(false);
        CertPathValidator.getInstance("PKIX").validate(CertificateFactory.getInstance("X.509").generateCertPath(list), pKIXParameters);
    }

    public final boolean m(String str) {
        try {
            List<X509Certificate> k2 = k(str);
            n(k2);
            if (((ArrayList) k2).size() > 1) {
                l(k2);
            }
            return true;
        } catch (PackageManager.NameNotFoundException unused) {
            m0.d("BrokerProxy", "Broker related package does not exist", "", a.BROKER_PACKAGE_NAME_NOT_FOUND);
            return false;
        } catch (AuthenticationException e) {
            e = e;
            m0.e("BrokerProxy", e.getMessage(), "", a.BROKER_VERIFICATION_FAILED, e);
            return false;
        } catch (IOException e2) {
            e = e2;
            m0.e("BrokerProxy", e.getMessage(), "", a.BROKER_VERIFICATION_FAILED, e);
            return false;
        } catch (NoSuchAlgorithmException unused2) {
            m0.d("BrokerProxy", "Digest SHA algorithm does not exists", "", a.DEVICE_NO_SUCH_ALGORITHM);
            return false;
        } catch (GeneralSecurityException e3) {
            e = e3;
            m0.e("BrokerProxy", e.getMessage(), "", a.BROKER_VERIFICATION_FAILED, e);
            return false;
        }
    }

    public final void n(List<X509Certificate> list) {
        for (X509Certificate x509Certificate : list) {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA");
            messageDigest.update(x509Certificate.getEncoded());
            String encodeToString = Base64.encodeToString(messageDigest.digest(), 2);
            if (this.d.equals(encodeToString) || "ho040S3ffZkmxqtQrSwpTVOn9r0=".equals(encodeToString)) {
                return;
            }
        }
        throw new AuthenticationException(a.BROKER_APP_VERIFICATION_FAILED);
    }
}
