package com.microsoft.office.outlook.token;

import android.annotation.SuppressLint;
import android.content.Context;
import android.os.Bundle;
import bolts.CoroutineUtils;
import bolts.Task;
import com.acompli.accore.ACAccountManager;
import com.acompli.accore.ACCore;
import com.acompli.accore.features.FeatureManager;
import com.acompli.accore.model.ACMailAccount;
import com.acompli.accore.util.ADALUtil;
import com.acompli.accore.util.BaseAnalyticsProvider;
import com.acompli.accore.util.MAMEnrollmentUtil;
import com.acompli.accore.util.concurrent.TaskUtil;
import com.acompli.libcircle.metrics.EventLogger;
import com.acompli.thrift.client.generated.TokenType;
import com.microsoft.aad.adal.ADALError;
import com.microsoft.aad.adal.AuthenticationException;
import com.microsoft.aad.adal.AuthenticationResult;
import com.microsoft.office.outlook.logger.Logger;
import com.microsoft.office.outlook.logger.LoggerFactory;
import com.microsoft.office.outlook.olmcore.managers.TokenStoreManager;
import com.microsoft.office.outlook.olmcore.model.interfaces.AccountId;
import com.microsoft.office.outlook.token.AadTokenUpdateStrategy;
import com.microsoft.office.outlook.token.AbstractTokenUpdateStrategy;
import com.microsoft.office.outlook.token.TokenUpdateStrategy;
import com.microsoft.office.outlook.tokenstore.TokenRestApi;
import com.microsoft.office.outlook.tokenstore.model.TokenError;
import com.microsoft.office.outlook.tokenstore.model.TokenErrorAccount;
import com.microsoft.office.outlook.tokenstore.model.TokenExtras;
import com.microsoft.office.outlook.tokenstore.model.TokenResult;
import java.util.UUID;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.TimeoutException;
import kotlin.coroutines.Continuation;
import kotlin.jvm.functions.Function1;

/* loaded from: classes3.dex */
public abstract class AadTokenUpdateStrategy extends AbstractTokenUpdateStrategy {
    private static final long ADAL_TIMEOUT = TimeUnit.SECONDS.toMillis(30);
    private static final Logger LOG = LoggerFactory.getLogger("AadTokenUpdateStrategy");
    String mCurrentRefreshResource;

    /* loaded from: classes3.dex */
    public static class AadTokenAcquirer implements TokenUpdateStrategy.TokenAcquirer {
        private final FeatureManager mFeatureManager;
        private AuthenticationResult mLastAuthenticationResult;
        final MAMEnrollmentUtil mMAMEnrollmentUtil;
        private final TokenStoreManager mTokenStoreManager;

        public AadTokenAcquirer(MAMEnrollmentUtil mAMEnrollmentUtil, FeatureManager featureManager, TokenStoreManager tokenStoreManager) {
            this.mMAMEnrollmentUtil = mAMEnrollmentUtil;
            this.mFeatureManager = featureManager;
            this.mTokenStoreManager = tokenStoreManager;
        }

        @SuppressLint({"WaitForCompletionThreadBlock"})
        private TokenUpdateStrategy.Token getTokenFromTokenStore(ACMailAccount aCMailAccount, final String str) throws TokenUpdateStrategy.TokenUpdateException, InterruptedException {
            final AccountId accountId = aCMailAccount.getAccountId();
            final String str2 = aCMailAccount.getAadTokenClaimChallenges().get(str);
            Task f = CoroutineUtils.f(new Function1() { // from class: com.microsoft.office.outlook.token.a
                @Override // kotlin.jvm.functions.Function1
                public final Object invoke(Object obj) {
                    return AadTokenUpdateStrategy.AadTokenAcquirer.this.a(accountId, str, str2, (Continuation) obj);
                }
            });
            try {
                f.R(AadTokenUpdateStrategy.ADAL_TIMEOUT, TimeUnit.MILLISECONDS);
                if (TaskUtil.m(f)) {
                    TokenResult tokenResult = (TokenResult) f.y();
                    if (tokenResult instanceof TokenResult.Success) {
                        if (str2 != null) {
                            aCMailAccount.removeAadTokenClaimChallenge(str);
                        }
                        return new TokenUpdateStrategy.Token(((TokenResult.Success) tokenResult).getToken(), this.mTokenStoreManager.getTTL(accountId, str).longValue(), null);
                    }
                    if (tokenResult instanceof TokenResult.Error) {
                        TokenError tokenError = ((TokenResult.Error) tokenResult).getTokenError();
                        AadTokenUpdateStrategy.LOG.e("Failed to acquire token for accountId: " + accountId + " and scope: " + str + " with error " + tokenError.getTokenErrorMessage());
                        int tokenErrorType = tokenError.getTokenErrorType();
                        TokenUpdateStrategy.TokenUpdateException needsReauth = new TokenUpdateStrategy.TokenUpdateException().setNeedsReauth(false);
                        if (tokenErrorType == 0) {
                            needsReauth.setResource(str);
                            needsReauth.setNeedsReauth(true);
                            throw needsReauth;
                        }
                        if (tokenErrorType == 3) {
                            needsReauth.setResource(str);
                            if (!str.equals(TokenRestApi.AAD_PRIMARY)) {
                                throw needsReauth;
                            }
                            needsReauth.setNeedsReauth(true);
                            throw needsReauth;
                        }
                        if (tokenErrorType != 5) {
                            throw needsReauth;
                        }
                        TokenErrorAccount errorAccount = tokenError.getErrorAccount();
                        if (errorAccount == null) {
                            throw needsReauth;
                        }
                        this.mMAMEnrollmentUtil.o(errorAccount.getEmail(), errorAccount.getUserId(), errorAccount.getTenantId(), errorAccount.getAuthority(), false, null);
                        throw needsReauth;
                    }
                } else {
                    AadTokenUpdateStrategy.LOG.e("Token acquire task failed for accountId: " + accountId + " and scope: " + str);
                }
                throw new TokenUpdateStrategy.TokenUpdateException().setNeedsReauth(false);
            } catch (InterruptedException e) {
                AadTokenUpdateStrategy.LOG.e("Token acquire task interrupted for accountId: " + accountId + " and scope: " + str, e);
                throw e;
            }
        }

        private boolean isOneAuthAADFlagsOn() {
            return this.mFeatureManager.m(FeatureManager.Feature.K9) || this.mFeatureManager.m(FeatureManager.Feature.va) || this.mFeatureManager.m(FeatureManager.Feature.za) || this.mFeatureManager.m(FeatureManager.Feature.ya);
        }

        /* JADX INFO: Access modifiers changed from: private */
        /* renamed from: lambda$getTokenFromTokenStore$0, reason: merged with bridge method [inline-methods] */
        public /* synthetic */ Object a(AccountId accountId, String str, String str2, Continuation continuation) {
            return this.mTokenStoreManager.getToken(accountId, str, new TokenExtras(str2, UUID.randomUUID(), null), (Continuation<? super TokenResult>) continuation);
        }

        @Override // com.microsoft.office.outlook.token.TokenUpdateStrategy.TokenAcquirer
        public TokenUpdateStrategy.Token acquireTokenSilentSync(Context context, ACMailAccount aCMailAccount, String str) throws TokenUpdateStrategy.TokenUpdateException, InterruptedException, TimeoutException, TokenUpdateStrategy.NonBlockingTokenUpdateException {
            if (aCMailAccount.getOneAuthAccountId() != null && isOneAuthAADFlagsOn()) {
                return getTokenFromTokenStore(aCMailAccount, str);
            }
            try {
                AuthenticationResult h = ADALUtil.h(context, aCMailAccount, str, AadTokenUpdateStrategy.ADAL_TIMEOUT, false);
                this.mLastAuthenticationResult = h;
                return TokenUpdateStrategy.Token.createToken(h);
            } catch (AuthenticationException e) {
                boolean z = false;
                if (e.getCode() == ADALError.AUTH_FAILED_INTUNE_POLICY_REQUIRED) {
                    this.mMAMEnrollmentUtil.n(e, false, null);
                }
                TokenUpdateStrategy.TokenUpdateException tokenUpdateException = new TokenUpdateStrategy.TokenUpdateException(e);
                if (e.getCode() == ADALError.AUTH_REFRESH_FAILED_PROMPT_NOT_ALLOWED && (str.equals(TokenRestApi.AAD_PRIMARY) || !ADALUtil.B(e))) {
                    z = true;
                    tokenUpdateException.setResource(str);
                }
                tokenUpdateException.setNeedsReauth(z);
                throw tokenUpdateException;
            }
        }

        @Override // com.microsoft.office.outlook.token.TokenUpdateStrategy.TokenAcquirer
        public void onTokenRefreshed(ACMailAccount aCMailAccount) {
            this.mMAMEnrollmentUtil.z(aCMailAccount, this.mLastAuthenticationResult);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public AadTokenUpdateStrategy(Context context, ACCore aCCore, ACAccountManager aCAccountManager, AbstractTokenUpdateStrategy.DebugInfoDisplayDelegate debugInfoDisplayDelegate, EventLogger eventLogger, BaseAnalyticsProvider baseAnalyticsProvider) {
        super(context, aCCore, aCAccountManager, debugInfoDisplayDelegate, eventLogger, baseAnalyticsProvider);
    }

    private TokenType getTokenTypeForAdalResource(String str) {
        str.hashCode();
        if (str.equals(TokenRestApi.AAD_PRIMARY)) {
            return TokenType.DirectAccessToken;
        }
        if (str.equals("https://substrate.office.com")) {
            return TokenType.SearchAccessToken;
        }
        throw new IllegalArgumentException("Unknown resource type: " + str);
    }

    private boolean needsAccountTokenSync(String str) {
        str.hashCode();
        return str.equals(TokenRestApi.AAD_PRIMARY) || str.equals("https://substrate.office.com");
    }

    @Override // com.microsoft.office.outlook.token.TokenUpdateStrategy
    public Bundle createReauthExtrasBundle(Context context, ACMailAccount aCMailAccount) {
        Bundle bundle = new Bundle();
        bundle.putInt(TokenUpdateStrategy.INTENT_KEY_ACCOUNT_NEEDING_REAUTH, aCMailAccount.getAccountID());
        bundle.putString(TokenUpdateStrategy.INTENT_KEY_AAD_RESOURCE, this.mCurrentRefreshResource);
        return bundle;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.microsoft.office.outlook.token.AbstractTokenUpdateStrategy
    public boolean isTokenChanged(ACMailAccount aCMailAccount, String str, TokenUpdateStrategy.Token token) {
        String value = token.getValue();
        str.hashCode();
        String substrateToken = !str.equals(TokenRestApi.AAD_PRIMARY) ? !str.equals("https://substrate.office.com") ? null : aCMailAccount.getSubstrateToken() : aCMailAccount.getDirectToken();
        return value != null && (substrateToken == null || !substrateToken.equals(value));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.microsoft.office.outlook.token.AbstractTokenUpdateStrategy
    public void setAccountToken(ACMailAccount aCMailAccount, String str, TokenUpdateStrategy.Token token) {
        str.hashCode();
        if (str.equals(TokenRestApi.AAD_PRIMARY)) {
            aCMailAccount.setDirectToken(token.getValue());
            aCMailAccount.setDirectTokenExpiration(token.getExpirationMillis());
        } else if (str.equals("https://substrate.office.com")) {
            aCMailAccount.setSubstrateToken(token.getValue());
            aCMailAccount.setSubstrateTokenExpiration(token.getExpirationMillis());
        }
    }

    @Override // com.microsoft.office.outlook.token.AbstractTokenUpdateStrategy
    protected void syncAccountToken(ACMailAccount aCMailAccount, String str, TokenUpdater tokenUpdater) {
        if (needsAccountTokenSync(str)) {
            TokenType tokenTypeForAdalResource = getTokenTypeForAdalResource(str);
            this.mAccountManager.G7(aCMailAccount, tokenTypeForAdalResource, tokenUpdater);
            displayDebugTokenExpirationInfo(aCMailAccount.getTokenExpiration(), tokenTypeForAdalResource.name(), aCMailAccount.getPrimaryEmail());
        }
    }
}
