package com.microsoft.workaccount.authenticatorservice;

import android.net.Uri;
import android.os.Bundle;
import android.util.Base64;
import com.microsoft.identity.broker4j.broker.joined.JoinedAccountRequestBody;
import com.microsoft.identity.broker4j.broker.joined.JoinedAccountRequestHeader;
import com.microsoft.identity.broker4j.broker.joined.JoinedFlowConstants;
import com.microsoft.identity.broker4j.broker.joined.JoinedFlowUtil;
import com.microsoft.identity.broker4j.workplacejoin.data.WorkplaceJoinData;
import com.microsoft.identity.common.adal.internal.AuthenticationConstants;
import com.microsoft.identity.common.java.exception.ClientException;
import com.microsoft.identity.common.java.net.HttpResponse;
import com.microsoft.identity.common.java.net.UrlConnectionHttpClient;
import com.microsoft.identity.common.java.platform.Device;
import com.microsoft.identity.common.java.util.HashMapExtensions;
import com.microsoft.identity.common.java.util.ResultFuture;
import com.microsoft.identity.common.java.util.StringUtil;
import com.microsoft.identity.common.logging.Logger;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.cert.CertificateEncodingException;
import java.util.HashMap;
import java.util.TreeMap;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import org.json.JSONException;

/* loaded from: classes5.dex */
public class DeviceTokenRequestHandler {
    private static final String DEVICE_TOKEN_GRANT_TYPE = "device_token";
    private static final String DEVICE_TOKEN_ISSUER = "aad:brokerplugin";
    private static final String DEVICE_TOKEN_REDIRECT_URL = "msauth://Microsoft.AAD.BrokerPlugin/";
    private static final String TAG = "com.microsoft.workaccount.authenticatorservice.DeviceTokenRequestHandler";
    private static ExecutorService sExecutorService = Executors.newCachedThreadPool();

    private URL constructTokenEndpointForAcquiringNonceAndDeviceToken(String str) throws MalformedURLException {
        return new URL(Uri.parse(str).buildUpon().appendPath("oauth2").appendPath("token").toString());
    }

    private String getNonce(URL url, String str) throws IOException, JSONException {
        HashMap<String, String> jsonResponse;
        Logger.info(TAG + ":getNonce", "Starting to request for nonce");
        TreeMap treeMap = new TreeMap();
        treeMap.put("client-request-id", str);
        treeMap.put("Content-Type", JoinedFlowConstants.CONTENT_TYPE_FORM_URL_ENCODED);
        String str2 = null;
        HttpResponse post = UrlConnectionHttpClient.getDefaultInstance().post(url, treeMap, JoinedFlowConstants.NONCE_REQUEST_MSG.getBytes(AuthenticationConstants.CHARSET_UTF8), null);
        if (post.getStatusCode() == 200 && (str2 = (jsonResponse = HashMapExtensions.getJsonResponse(post)).get("nonce")) == null) {
            str2 = jsonResponse.get("Nonce");
        }
        String str3 = TAG + ":getNonce";
        StringBuilder sb = new StringBuilder();
        sb.append("Nonce not null :");
        sb.append(str2 != null);
        sb.append(" response code: ");
        sb.append(post.getStatusCode());
        Logger.info(str3, sb.toString());
        return str2;
    }

    private String signWithDeviceKey(String str, WorkplaceJoinData workplaceJoinData) throws UnsupportedEncodingException, ClientException {
        Logger.info(TAG + "signWithDeviceKey", "Attempting to sign with Device key");
        return StringUtil.encodeUrlSafeString(workplaceJoinData.getCertificateData().getDeviceKey().sign(str.getBytes(AuthenticationConstants.CHARSET_UTF8)));
    }

    public String getDeviceTokenRequestBody(WorkplaceJoinData workplaceJoinData, Bundle bundle, String str) throws CertificateEncodingException, IOException, JSONException, ClientException {
        Logger.verbose(TAG + "getDeviceTokenRequestBody", "Constructing device token request Body.");
        JoinedAccountRequestHeader joinedAccountRequestHeader = new JoinedAccountRequestHeader();
        joinedAccountRequestHeader.setType();
        joinedAccountRequestHeader.setAlg(JoinedAccountRequestHeader.ALG_VALUE_RS256);
        joinedAccountRequestHeader.setCert(new String(Base64.encode(workplaceJoinData.getCertificateData().getX509Cert().getEncoded(), 2), AuthenticationConstants.CHARSET_UTF8));
        JoinedAccountRequestBody joinedAccountRequestBody = new JoinedAccountRequestBody();
        joinedAccountRequestBody.setClientId("29d9ed98-a469-4536-ade2-f981bc1d605e");
        joinedAccountRequestBody.setNonce(getNonce(constructTokenEndpointForAcquiringNonceAndDeviceToken(str), bundle.getString("correlation_id")));
        joinedAccountRequestBody.setResource(bundle.getString("resource"));
        joinedAccountRequestBody.setRedirectUri(DEVICE_TOKEN_REDIRECT_URL);
        joinedAccountRequestBody.setIssuer(DEVICE_TOKEN_ISSUER);
        if (bundle.containsKey("scope")) {
            joinedAccountRequestBody.setJwtScope(bundle.getString("scope"));
        }
        joinedAccountRequestBody.setGrantType(DEVICE_TOKEN_GRANT_TYPE);
        String generateJWT = JoinedFlowUtil.generateJWT(joinedAccountRequestHeader, joinedAccountRequestBody);
        return "grant_type=urn%3aietf%3aparams%3aoauth%3agrant-type%3ajwt-bearer&request=" + (generateJWT + "." + signWithDeviceKey(generateJWT, workplaceJoinData));
    }

    public ResultFuture<HttpResponse> requestDeviceToken(final String str, Bundle bundle, String str2) throws MalformedURLException {
        final TreeMap treeMap = new TreeMap();
        treeMap.put("client-request-id", bundle.getString("correlation_id"));
        treeMap.putAll(Device.getPlatformIdParameters());
        treeMap.put("x-client-brkrver", "4.0.3");
        treeMap.put("Content-Type", JoinedFlowConstants.CONTENT_TYPE_FORM_URL_ENCODED);
        final ResultFuture<HttpResponse> resultFuture = new ResultFuture<>();
        final URL constructTokenEndpointForAcquiringNonceAndDeviceToken = constructTokenEndpointForAcquiringNonceAndDeviceToken(str2);
        sExecutorService.execute(new Runnable() { // from class: com.microsoft.workaccount.authenticatorservice.DeviceTokenRequestHandler.1
            @Override // java.lang.Runnable
            public void run() {
                try {
                    resultFuture.setResult(UrlConnectionHttpClient.getDefaultInstance().post(constructTokenEndpointForAcquiringNonceAndDeviceToken, treeMap, str.getBytes(AuthenticationConstants.CHARSET_UTF8), null));
                } catch (Throwable th) {
                    resultFuture.setException(th instanceof Exception ? th : new Exception(th));
                }
            }
        });
        return resultFuture;
    }
}
