package com.microsoft.aad.adal;

import android.content.Context;
import android.util.Log;
import ch.qos.logback.core.CoreConstants;
import com.microsoft.identity.common.adal.internal.net.IWebRequestHandler;
import com.microsoft.identity.common.adal.internal.net.WebRequestHandler;
import com.microsoft.identity.common.java.exception.ClientException;
import com.microsoft.identity.common.java.util.JWSBuilder;
import java.io.IOException;
import java.net.MalformedURLException;

/* loaded from: classes2.dex */
class AcquireTokenSilentHandler {
    private static final String TAG = "AcquireTokenSilentHandler";
    private boolean mAttemptedWithMRRT = false;
    private final AuthenticationRequest mAuthRequest;
    private final Context mContext;
    private TokenCacheItem mMrrtTokenCacheItem;
    private final TokenCacheAccessor mTokenCacheAccessor;
    private IWebRequestHandler mWebRequestHandler;

    /* JADX INFO: Access modifiers changed from: package-private */
    public AcquireTokenSilentHandler(Context context, AuthenticationRequest authenticationRequest, TokenCacheAccessor tokenCacheAccessor) {
        this.mWebRequestHandler = null;
        if (context == null) {
            throw new IllegalArgumentException(CoreConstants.CONTEXT_SCOPE_VALUE);
        }
        if (authenticationRequest == null) {
            throw new IllegalArgumentException("authRequest");
        }
        this.mContext = context;
        this.mAuthRequest = authenticationRequest;
        this.mTokenCacheAccessor = tokenCacheAccessor;
        this.mWebRequestHandler = new WebRequestHandler();
    }

    private AuthenticationResult acquireTokenWithCachedItem(TokenCacheItem tokenCacheItem) throws AuthenticationException {
        if (com.microsoft.identity.common.adal.internal.util.StringExtensions.isNullOrBlank(tokenCacheItem.getRefreshToken())) {
            Logger.v(TAG + ":acquireTokenWithCachedItem", "Token cache item contains empty refresh token, cannot continue refresh token request", this.mAuthRequest.getLogInfo(), null);
            return null;
        }
        AuthenticationResult acquireTokenWithRefreshToken = acquireTokenWithRefreshToken(tokenCacheItem.getRefreshToken());
        if (acquireTokenWithRefreshToken != null && !acquireTokenWithRefreshToken.isExtendedLifeTimeToken()) {
            this.mTokenCacheAccessor.updateCachedItemWithResult(this.mAuthRequest, acquireTokenWithRefreshToken, tokenCacheItem);
        }
        return acquireTokenWithRefreshToken;
    }

    private boolean isMRRTEntryExisted() throws AuthenticationException {
        try {
            TokenCacheItem mRRTItem = this.mTokenCacheAccessor.getMRRTItem(this.mAuthRequest.getClientId(), this.mAuthRequest.getUserFromRequest());
            return (mRRTItem == null || com.microsoft.identity.common.adal.internal.util.StringExtensions.isNullOrBlank(mRRTItem.getRefreshToken())) ? false : true;
        } catch (MalformedURLException e) {
            throw new AuthenticationException(ADALError.DEVELOPER_AUTHORITY_IS_NOT_VALID_URL, e.getMessage(), e);
        }
    }

    private boolean isTokenRequestFailed(AuthenticationResult authenticationResult) {
        return (authenticationResult == null || com.microsoft.identity.common.adal.internal.util.StringExtensions.isNullOrBlank(authenticationResult.getErrorCode())) ? false : true;
    }

    private AuthenticationResult tryFRT(String str, AuthenticationResult authenticationResult) throws AuthenticationException {
        AuthenticationResult useMRRT;
        try {
            TokenCacheItem fRTItem = this.mTokenCacheAccessor.getFRTItem(str, this.mAuthRequest.getUserFromRequest());
            if (fRTItem != null) {
                Logger.v(TAG + ":tryFRT", "Send request to use FRT for new AT.");
                AuthenticationResult acquireTokenWithCachedItem = acquireTokenWithCachedItem(fRTItem);
                return (!isTokenRequestFailed(acquireTokenWithCachedItem) || this.mAttemptedWithMRRT || (useMRRT = useMRRT()) == null) ? acquireTokenWithCachedItem : useMRRT;
            }
            if (this.mAttemptedWithMRRT) {
                return authenticationResult;
            }
            Logger.v(TAG + ":tryFRT", "FRT cache item does not exist, fall back to try MRRT.");
            return useMRRT();
        } catch (MalformedURLException e) {
            throw new AuthenticationException(ADALError.DEVELOPER_AUTHORITY_IS_NOT_VALID_URL, e.getMessage(), e);
        }
    }

    private AuthenticationResult tryMRRT() throws AuthenticationException {
        try {
            TokenCacheItem mRRTItem = this.mTokenCacheAccessor.getMRRTItem(this.mAuthRequest.getClientId(), this.mAuthRequest.getUserFromRequest());
            this.mMrrtTokenCacheItem = mRRTItem;
            if (mRRTItem == null) {
                Logger.v(TAG + ":tryMRRT", "MRRT token does not exist, try with FRT");
                return tryFRT("1", null);
            }
            if (mRRTItem.isFamilyToken()) {
                Logger.v(TAG + ":tryMRRT", "MRRT item exists but it's also a FRT, try with FRT.");
                return tryFRT(this.mMrrtTokenCacheItem.getFamilyClientId(), null);
            }
            AuthenticationResult useMRRT = useMRRT();
            if (isTokenRequestFailed(useMRRT)) {
                useMRRT = tryFRT(com.microsoft.identity.common.adal.internal.util.StringExtensions.isNullOrBlank(this.mMrrtTokenCacheItem.getFamilyClientId()) ? "1" : this.mMrrtTokenCacheItem.getFamilyClientId(), useMRRT);
            }
            if (com.microsoft.identity.common.adal.internal.util.StringExtensions.isNullOrBlank(this.mAuthRequest.getUserFromRequest()) && this.mTokenCacheAccessor.isMultipleMRRTsMatchingGivenApp(this.mAuthRequest.getClientId())) {
                throw new AuthenticationException(ADALError.AUTH_FAILED_USER_MISMATCH, "No User provided and multiple MRRTs exist for the given client id");
            }
            return useMRRT;
        } catch (MalformedURLException e) {
            throw new AuthenticationException(ADALError.DEVELOPER_AUTHORITY_IS_NOT_VALID_URL, e.getMessage(), e);
        }
    }

    private AuthenticationResult tryRT() throws AuthenticationException {
        try {
            TokenCacheItem regularRefreshTokenCacheItem = this.mTokenCacheAccessor.getRegularRefreshTokenCacheItem(this.mAuthRequest.getResource(), this.mAuthRequest.getClientId(), this.mAuthRequest.getUserFromRequest());
            if (regularRefreshTokenCacheItem == null) {
                Logger.v(TAG + ":tryRT", "Regular token cache entry does not exist, try with MRRT.");
                return tryMRRT();
            }
            if (regularRefreshTokenCacheItem.getIsMultiResourceRefreshToken() || isMRRTEntryExisted()) {
                Logger.v(TAG + ":tryRT", regularRefreshTokenCacheItem.getIsMultiResourceRefreshToken() ? "Found RT and it's also a MRRT, retry with MRRT" : "RT is found and there is a MRRT entry existed, try with MRRT");
                return tryMRRT();
            }
            if (com.microsoft.identity.common.adal.internal.util.StringExtensions.isNullOrBlank(this.mAuthRequest.getUserFromRequest()) && this.mTokenCacheAccessor.isMultipleRTsMatchingGivenAppAndResource(this.mAuthRequest.getClientId(), this.mAuthRequest.getResource())) {
                throw new AuthenticationException(ADALError.AUTH_FAILED_USER_MISMATCH, "Multiple refresh tokens exists for the given client id and resource");
            }
            Logger.v(TAG + ":tryRT", "Send request to use regular RT for new AT.");
            return acquireTokenWithCachedItem(regularRefreshTokenCacheItem);
        } catch (MalformedURLException e) {
            throw new AuthenticationException(ADALError.DEVELOPER_AUTHORITY_IS_NOT_VALID_URL, e.getMessage(), e);
        }
    }

    private AuthenticationResult useMRRT() throws AuthenticationException {
        Logger.v(TAG + ":useMRRT", "Send request to use MRRT for new AT.");
        this.mAttemptedWithMRRT = true;
        TokenCacheItem tokenCacheItem = this.mMrrtTokenCacheItem;
        if (tokenCacheItem != null) {
            return acquireTokenWithCachedItem(tokenCacheItem);
        }
        Logger.v(TAG + ":useMRRT", "MRRT does not exist, cannot proceed with MRRT for new AT.");
        return null;
    }

    AuthenticationResult acquireTokenWithAssertion() throws AuthenticationException {
        Logger.v(TAG + ":acquireTokenWithAssertion", "Try to get new access token with the provided assertion.", this.mAuthRequest.getLogInfo(), null);
        HttpUtil.throwIfNetworkNotAvailable(this.mContext);
        try {
            AuthenticationResult refreshTokenUsingAssertion = new Oauth2(this.mAuthRequest, this.mWebRequestHandler, new JWSBuilder()).refreshTokenUsingAssertion(this.mAuthRequest.getSamlAssertion(), this.mAuthRequest.getAssertionType());
            if (refreshTokenUsingAssertion != null && com.microsoft.identity.common.adal.internal.util.StringExtensions.isNullOrBlank(refreshTokenUsingAssertion.getRefreshToken())) {
                Logger.w(TAG + ":acquireTokenWithAssertion", "Refresh token is not returned or empty");
            }
            return refreshTokenUsingAssertion;
        } catch (AuthenticationException | IOException e) {
            Logger.e(TAG + ":acquireTokenWithAssertion", "Error in assertion for request.", "Request: " + this.mAuthRequest.getLogInfo() + " " + ExceptionExtensions.getExceptionMessage(e) + " " + Log.getStackTraceString(e), ADALError.AUTH_FAILED_NO_TOKEN, null);
            throw new AuthenticationException(ADALError.AUTH_FAILED_NO_TOKEN, ExceptionExtensions.getExceptionMessage(e), new AuthenticationException(ADALError.SERVER_ERROR, e.getMessage(), e));
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public AuthenticationResult acquireTokenWithRefreshToken(String str) throws AuthenticationException {
        Logger.v(TAG + ":acquireTokenWithRefreshToken", "Try to get new access token with the found refresh token.", this.mAuthRequest.getLogInfo(), null);
        HttpUtil.throwIfNetworkNotAvailable(this.mContext);
        try {
            AuthenticationResult refreshToken = new Oauth2(this.mAuthRequest, this.mWebRequestHandler, new JWSBuilder()).refreshToken(str);
            if (refreshToken != null && com.microsoft.identity.common.adal.internal.util.StringExtensions.isNullOrBlank(refreshToken.getRefreshToken())) {
                Logger.w(TAG + ":acquireTokenWithRefreshToken", "Refresh token is not returned or empty");
                refreshToken.setRefreshToken(str);
            }
            return refreshToken;
        } catch (ServerRespondingWithRetryableException e) {
            Logger.i(TAG + ":acquireTokenWithRefreshToken", "The server is not responding after the retry with error code: " + e.getCode(), "");
            TokenCacheItem staleToken = this.mTokenCacheAccessor.getStaleToken(this.mAuthRequest);
            if (staleToken != null) {
                AuthenticationResult createExtendedLifeTimeResult = AuthenticationResult.createExtendedLifeTimeResult(staleToken);
                Logger.i(TAG + ":acquireTokenWithRefreshToken", "The result with stale access token is returned.", "");
                return createExtendedLifeTimeResult;
            }
            Logger.e(TAG + ":acquireTokenWithRefreshToken", "Error in refresh token for request. ", "Request: " + this.mAuthRequest.getLogInfo() + " " + ExceptionExtensions.getExceptionMessage(e) + " " + Log.getStackTraceString(e), ADALError.AUTH_FAILED_NO_TOKEN, null);
            throw new AuthenticationException(ADALError.AUTH_FAILED_NO_TOKEN, ExceptionExtensions.getExceptionMessage(e), new AuthenticationException(ADALError.SERVER_ERROR, e.getMessage(), e));
        } catch (AuthenticationException e2) {
            e = e2;
            Logger.e(TAG + ":acquireTokenWithRefreshToken", "Error in refresh token for request.", "Request: " + this.mAuthRequest.getLogInfo() + " " + ExceptionExtensions.getExceptionMessage(e) + " " + Log.getStackTraceString(e), ADALError.AUTH_FAILED_NO_TOKEN, null);
            throw new AuthenticationException(ADALError.AUTH_FAILED_NO_TOKEN, ExceptionExtensions.getExceptionMessage(e), new AuthenticationException(ADALError.SERVER_ERROR, e.getMessage(), e));
        } catch (IOException e3) {
            e = e3;
            Logger.e(TAG + ":acquireTokenWithRefreshToken", "Error in refresh token for request.", "Request: " + this.mAuthRequest.getLogInfo() + " " + ExceptionExtensions.getExceptionMessage(e) + " " + Log.getStackTraceString(e), ADALError.AUTH_FAILED_NO_TOKEN, null);
            throw new AuthenticationException(ADALError.AUTH_FAILED_NO_TOKEN, ExceptionExtensions.getExceptionMessage(e), new AuthenticationException(ADALError.SERVER_ERROR, e.getMessage(), e));
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public AuthenticationResult getAccessToken() throws AuthenticationException {
        TokenCacheAccessor tokenCacheAccessor = this.mTokenCacheAccessor;
        if (tokenCacheAccessor == null) {
            return null;
        }
        TokenCacheItem aTFromCache = tokenCacheAccessor.getATFromCache(this.mAuthRequest.getResource(), this.mAuthRequest.getClientId(), this.mAuthRequest.getUserFromRequest());
        if (aTFromCache == null || this.mAuthRequest.getForceRefresh() || this.mAuthRequest.isClaimsChallengePresent()) {
            Logger.v(TAG + ":getAccessToken", "No valid access token exists, try with refresh token.");
            return tryRT();
        }
        Logger.v(TAG + ":getAccessToken", "Return AT from cache.");
        return AuthenticationResult.createResult(aTFromCache);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public AuthenticationResult getAccessTokenUsingAssertion() throws AuthenticationException {
        AuthenticationResult acquireTokenWithAssertion = acquireTokenWithAssertion();
        if (acquireTokenWithAssertion != null && !com.microsoft.identity.common.adal.internal.util.StringExtensions.isNullOrBlank(acquireTokenWithAssertion.getAccessToken())) {
            try {
                this.mTokenCacheAccessor.updateTokenCache(this.mAuthRequest, acquireTokenWithAssertion);
            } catch (ClientException e) {
                Logger.w(TAG + ":getAccessTokenUsingAssertion", "Access token fetched but unable to update token cache");
                throw ADALError.fromCommon(e);
            } catch (MalformedURLException e2) {
                Logger.w(TAG + ":getAccessTokenUsingAssertion", "Access token fetched but unable to update token cache");
                throw new AuthenticationException(ADALError.DEVELOPER_AUTHORITY_IS_NOT_VALID_URL, e2.getMessage(), e2);
            }
        }
        return acquireTokenWithAssertion;
    }

    void setWebRequestHandler(IWebRequestHandler iWebRequestHandler) {
        this.mWebRequestHandler = iWebRequestHandler;
    }
}
