package com.microsoft.identity.broker4j.broker.joined;

import com.google.gson.Gson;
import com.microsoft.identity.broker4j.broker.BrokerAccountDataManager;
import com.microsoft.identity.broker4j.broker.BrokerConstants;
import com.microsoft.identity.broker4j.broker.BrokerUtil;
import com.microsoft.identity.broker4j.broker.MicrosoftStsNonceUtil;
import com.microsoft.identity.broker4j.broker.crypto.IKeyEntry;
import com.microsoft.identity.broker4j.broker.platform.components.IBrokerPlatformComponents;
import com.microsoft.identity.broker4j.broker.prt.PrtConstants;
import com.microsoft.identity.broker4j.broker.prt.PrtProtocolVersion;
import com.microsoft.identity.broker4j.broker.prt.SessionKeyUtil;
import com.microsoft.identity.broker4j.broker.prtv2.PrtV2;
import com.microsoft.identity.broker4j.broker.prtv2.PrtV2Loader;
import com.microsoft.identity.broker4j.opentelemetry.AttributeName;
import com.microsoft.identity.broker4j.workplacejoin.data.WorkplaceJoinData;
import com.microsoft.identity.common.java.AuthenticationConstants;
import com.microsoft.identity.common.java.authorities.Authority;
import com.microsoft.identity.common.java.authorities.AzureActiveDirectoryAuthority;
import com.microsoft.identity.common.java.authscheme.AbstractAuthenticationScheme;
import com.microsoft.identity.common.java.authscheme.PopAuthenticationSchemeInternal;
import com.microsoft.identity.common.java.authscheme.PopAuthenticationSchemeWithClientKeyInternal;
import com.microsoft.identity.common.java.authscheme.TokenAuthenticationScheme;
import com.microsoft.identity.common.java.broker.IBrokerAccount;
import com.microsoft.identity.common.java.commands.parameters.BrokerSilentTokenCommandParameters;
import com.microsoft.identity.common.java.constants.OAuth2SubErrorCode;
import com.microsoft.identity.common.java.controllers.ExceptionAdapter;
import com.microsoft.identity.common.java.crypto.IDevicePopManager;
import com.microsoft.identity.common.java.eststelemetry.EstsTelemetry;
import com.microsoft.identity.common.java.exception.ClientException;
import com.microsoft.identity.common.java.exception.ErrorStrings;
import com.microsoft.identity.common.java.exception.IntuneAppProtectionPolicyRequiredException;
import com.microsoft.identity.common.java.exception.ServiceException;
import com.microsoft.identity.common.java.exception.UiRequiredException;
import com.microsoft.identity.common.java.jwt.JwtRequestBody;
import com.microsoft.identity.common.java.jwt.JwtRequestHeader;
import com.microsoft.identity.common.java.jwt.JwtUtils;
import com.microsoft.identity.common.java.logging.DiagnosticContext;
import com.microsoft.identity.common.java.logging.Logger;
import com.microsoft.identity.common.java.net.HttpClient;
import com.microsoft.identity.common.java.net.HttpConstants;
import com.microsoft.identity.common.java.net.HttpResponse;
import com.microsoft.identity.common.java.net.UrlConnectionHttpClient;
import com.microsoft.identity.common.java.opentelemetry.OTelUtility;
import com.microsoft.identity.common.java.opentelemetry.SpanExtension;
import com.microsoft.identity.common.java.opentelemetry.SpanName;
import com.microsoft.identity.common.java.platform.Device;
import com.microsoft.identity.common.java.providers.microsoft.microsoftsts.MicrosoftStsTokenResponse;
import com.microsoft.identity.common.java.providers.oauth2.TokenErrorResponse;
import com.microsoft.identity.common.java.providers.oauth2.TokenRequest;
import com.microsoft.identity.common.java.request.SdkType;
import com.microsoft.identity.common.java.telemetry.CliTelemInfo;
import com.microsoft.identity.common.java.util.CommonURIBuilder;
import com.microsoft.identity.common.java.util.HashMapExtensions;
import com.microsoft.identity.common.java.util.HeaderSerializationUtil;
import com.microsoft.identity.common.java.util.ObjectMapper;
import com.microsoft.identity.common.java.util.StringUtil;
import com.microsoft.identity.common.java.util.ThreadUtils;
import edu.umd.cs.findbugs.annotations.Nullable;
import io.opentelemetry.api.trace.Span;
import io.opentelemetry.api.trace.StatusCode;
import io.opentelemetry.context.Scope;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.MalformedURLException;
import java.net.SocketTimeoutException;
import java.net.URISyntaxException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.SignatureException;
import java.security.cert.CertificateEncodingException;
import java.util.AbstractMap;
import java.util.Arrays;
import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.Objects;
import java.util.TreeMap;
import java.util.concurrent.TimeUnit;
import lombok.NonNull;
import okio.SmallSortedMap;
import org.json.JSONException;

/* loaded from: classes4.dex */
public class JoinedAccountRequestHandler {
    private static final String BROKER_CLIENT_ID = "29d9ed98-a469-4536-ade2-f981bc1d605e";
    private static final String MICROSOFT_ENROLLMENT_PARAM = "microsoft_enrollment_id";
    public static final int PRT_ATTEMPT_SLEEP_TIME_IN_MILLISECONDS = 5000;
    private static final String TAG = "JoinedAccountRequestHandler";
    private static final String WINDOWS_API_VERSION = "2.0";
    private static final String WINDOWS_API_VERSION_PARAM = "windows_api_version";
    public static final int sPRTMaxSetupTimeInMilliSeconds = 120000;
    private final IBrokerPlatformComponents mBrokerComponents;
    private final HttpClient mHttpClient;
    protected PrtV2Loader mPrtV2Loader;

    public JoinedAccountRequestHandler(@NonNull IBrokerPlatformComponents iBrokerPlatformComponents) {
        Objects.requireNonNull(iBrokerPlatformComponents, "brokerComponents is marked non-null but is null");
        this.mBrokerComponents = iBrokerPlatformComponents;
        this.mPrtV2Loader = PrtV2Loader.builder().brokerAccountDataStorage(iBrokerPlatformComponents.getBrokerAccountDataStorage()).sessionKeyLoader(iBrokerPlatformComponents.getBrokerKeyFactory().getSessionKeyLoader()).build();
        this.mHttpClient = iBrokerPlatformComponents.getHttpClientWrapper().wrap(UrlConnectionHttpClient.getDefaultInstance());
    }

    private void addClientToBrokerAppRegistry(@NonNull BrokerSilentTokenCommandParameters brokerSilentTokenCommandParameters) {
        String str;
        Objects.requireNonNull(brokerSilentTokenCommandParameters, "requestParameters is marked non-null but is null");
        PrtV2 prtV2 = this.mPrtV2Loader.getPrtV2(brokerSilentTokenCommandParameters.getBrokerAccount(), String.valueOf(brokerSilentTokenCommandParameters.getAuthority().getAuthorityURL()));
        if (prtV2 != null) {
            String homeAuthority = prtV2.getHomeAuthority();
            if (!StringUtil.isNullOrEmpty(homeAuthority)) {
                str = BrokerUtil.getEnvironmentFromAuthority(homeAuthority);
                BrokerUtil.addClientToDefaultBrokerApplicationRegistry(this.mBrokerComponents, brokerSilentTokenCommandParameters.getClientId(), brokerSilentTokenCommandParameters.getCallerUid(), str);
            }
        }
        str = null;
        BrokerUtil.addClientToDefaultBrokerApplicationRegistry(this.mBrokerComponents, brokerSilentTokenCommandParameters.getClientId(), brokerSilentTokenCommandParameters.getCallerUid(), str);
    }

    @NonNull
    private ClientException constructClientException(@NonNull Exception exc) {
        Objects.requireNonNull(exc, "e is marked non-null but is null");
        return exc instanceof MalformedURLException ? new ClientException(ErrorStrings.AUTHORITY_URL_NOT_VALID, exc.getMessage()) : exc instanceof SocketTimeoutException ? new ClientException("device_network_not_available", exc.getMessage()) : exc instanceof IOException ? new ClientException("io_error", exc.getMessage()) : ((exc instanceof NoSuchAlgorithmException) || (exc instanceof SignatureException) || (exc instanceof InvalidKeyException)) ? new ClientException(ErrorStrings.SIGNATURE_EXCEPTION, "Signing with device certificate failed, unable to create a valid signed JWT body for PRT request", exc) : exc instanceof CertificateEncodingException ? new ClientException(ErrorStrings.CERTIFICATE_ENCODING_ERROR, "Unable to retrieve encoded certificate to sign the JWT", exc) : new ClientException("unknown_error", "Saw an exception we did not understand how to interpret", exc);
    }

    private String getRequestBodyForTokenRequest(@NonNull PrtV2 prtV2, @NonNull BrokerSilentTokenCommandParameters brokerSilentTokenCommandParameters, @NonNull String str) throws IOException, JSONException, ClientException, URISyntaxException, CertificateEncodingException {
        String microsoftEnrollmentId;
        Objects.requireNonNull(prtV2, "prt is marked non-null but is null");
        Objects.requireNonNull(brokerSilentTokenCommandParameters, "parameters is marked non-null but is null");
        Objects.requireNonNull(str, "authority is marked non-null but is null");
        String str2 = TAG + ":getRequestBodyForTokenRequest";
        Logger.info(str2, brokerSilentTokenCommandParameters.getCorrelationId(), "Getting request body for token request from PRT. ");
        String signedJwtForTokenRequest = getSignedJwtForTokenRequest(prtV2, brokerSilentTokenCommandParameters, str);
        CommonURIBuilder commonURIBuilder = new CommonURIBuilder();
        commonURIBuilder.setParameter("windows_api_version", "2.0");
        commonURIBuilder.setParameter("redirect_uri", brokerSilentTokenCommandParameters.getRedirectUri());
        commonURIBuilder.setParameter("client_info", "1");
        commonURIBuilder.setParameter("client_id", brokerSilentTokenCommandParameters.getClientId());
        commonURIBuilder.setParameter(JoinedFlowConstants.JWT_BEARER_REQUEST, signedJwtForTokenRequest);
        if (!StringUtil.isNullOrEmpty(brokerSilentTokenCommandParameters.getClaimsRequestJson())) {
            commonURIBuilder.setParameter("claims", brokerSilentTokenCommandParameters.getClaimsRequestJson());
        }
        if (brokerSilentTokenCommandParameters.getSdkType() == SdkType.ADAL) {
            commonURIBuilder.setParameter("itver", "1");
        }
        if (!StringUtil.isNullOrEmpty(brokerSilentTokenCommandParameters.getCallerPackageName())) {
            commonURIBuilder.setParameter("x-app-name", brokerSilentTokenCommandParameters.getCallerPackageName());
        }
        if (!StringUtil.isNullOrEmpty(brokerSilentTokenCommandParameters.getCallerAppVersion())) {
            commonURIBuilder.setParameter("x-app-ver", brokerSilentTokenCommandParameters.getCallerAppVersion());
        }
        if (StringUtil.isNullOrEmpty(brokerSilentTokenCommandParameters.getMamEnrollmentId())) {
            Logger.info(str2, "Fetching Mam Enrollment Id");
            microsoftEnrollmentId = BrokerUtil.getMicrosoftEnrollmentId(brokerSilentTokenCommandParameters.getLocalAccountId(), brokerSilentTokenCommandParameters.getHomeAccountId(), brokerSilentTokenCommandParameters.getPlatformComponents(), brokerSilentTokenCommandParameters.getCallerPackageName());
        } else {
            Logger.info(str2, "Using Mam Enrollment Id from parameters");
            microsoftEnrollmentId = brokerSilentTokenCommandParameters.getMamEnrollmentId();
        }
        if (!StringUtil.isNullOrEmpty(microsoftEnrollmentId)) {
            commonURIBuilder.setParameter("microsoft_enrollment_id", microsoftEnrollmentId);
        }
        AbstractAuthenticationScheme authenticationScheme = brokerSilentTokenCommandParameters.getAuthenticationScheme();
        if (authenticationScheme instanceof PopAuthenticationSchemeInternal) {
            commonURIBuilder.setParameter("token_type", TokenRequest.TokenType.POP);
            IDevicePopManager defaultDevicePopManager = this.mBrokerComponents.getDefaultDevicePopManager();
            if (!defaultDevicePopManager.asymmetricKeyExists()) {
                String generateAsymmetricKey = defaultDevicePopManager.generateAsymmetricKey();
                Logger.verbosePII(str2, brokerSilentTokenCommandParameters.getCorrelationId(), "Generated new PoP asymmetric key with thumbprint: " + generateAsymmetricKey);
            }
            commonURIBuilder.setParameter("req_cnf", defaultDevicePopManager.getRequestConfirmation());
        } else if (authenticationScheme instanceof PopAuthenticationSchemeWithClientKeyInternal) {
            commonURIBuilder.setParameter("token_type", TokenRequest.TokenType.POP);
            commonURIBuilder.setParameter("req_cnf", ((PopAuthenticationSchemeWithClientKeyInternal) authenticationScheme).getRequestConfirmation());
        }
        return commonURIBuilder.build().getQuery();
    }

    private String getSignedJwtForTokenRequest(@NonNull PrtV2 prtV2, @NonNull BrokerSilentTokenCommandParameters brokerSilentTokenCommandParameters, @NonNull String str) throws ClientException, CertificateEncodingException {
        Objects.requireNonNull(prtV2, "prt is marked non-null but is null");
        Objects.requireNonNull(brokerSilentTokenCommandParameters, "parameters is marked non-null but is null");
        Objects.requireNonNull(str, "authority is marked non-null but is null");
        String str2 = TAG + ":getSignedJwtForTokenRequest";
        JwtRequestBody jwtRequestBody = new JwtRequestBody();
        jwtRequestBody.setAudience(str);
        jwtRequestBody.setIssuer("29d9ed98-a469-4536-ade2-f981bc1d605e");
        Logger.info(str2, brokerSilentTokenCommandParameters.getCorrelationId(), "Token request with PRT. With redirectUri: " + brokerSilentTokenCommandParameters.getRedirectUri());
        long seconds = TimeUnit.MILLISECONDS.toSeconds(System.currentTimeMillis());
        jwtRequestBody.setIat(seconds);
        jwtRequestBody.setNBF(seconds);
        jwtRequestBody.setExp(seconds, 300L);
        jwtRequestBody.setJwtScope(StringUtil.join(TokenAuthenticationScheme.SCHEME_DELIMITER, brokerSilentTokenCommandParameters.getScopes()));
        jwtRequestBody.setGrantType("refresh_token");
        jwtRequestBody.setClientId(brokerSilentTokenCommandParameters.getClientId());
        jwtRequestBody.setNonce(MicrosoftStsNonceUtil.getNonce(JoinedFlowUtil.constructTokenEndpoint(str), brokerSilentTokenCommandParameters.getCorrelationId()));
        jwtRequestBody.setRefreshToken(prtV2.getRefreshToken());
        return this.mBrokerComponents.getBrokerKeyFactory().getSessionKeyJwtRequestSigner(prtV2.getSessionKey()).getSignedJwt(jwtRequestBody);
    }

    private void logRequestHeaders(@NonNull Map<String, String> map, @NonNull String str, @NonNull String str2) {
        Objects.requireNonNull(map, "headers is marked non-null but is null");
        Objects.requireNonNull(str, "correlationId is marked non-null but is null");
        Objects.requireNonNull(str2, "callingMethodTag is marked non-null but is null");
        Logger.info(str2, str, "Request Headers: " + ObjectMapper.serializeObjectToJsonString(map));
    }

    private void logResponseHeaders(@NonNull Map<String, List<String>> map, @NonNull String str, @NonNull String str2) {
        Objects.requireNonNull(map, "responseHeaders is marked non-null but is null");
        Objects.requireNonNull(str, "correlationId is marked non-null but is null");
        Objects.requireNonNull(str2, "callingMethodTag is marked non-null but is null");
        List<String> asList = Arrays.asList("Content-Type", HttpConstants.HeaderField.CONTENT_LENGTH, HttpConstants.HeaderField.X_MS_CLITELEM, "x-ms-request-id");
        HashMap hashMap = new HashMap();
        for (String str3 : asList) {
            List<String> list = map.get(str3);
            if (list != null && list.size() > 0) {
                hashMap.put(str3, list.get(0));
            }
        }
        Logger.info(str2, str, "Response Headers: " + ObjectMapper.serializeObjectToJsonString(hashMap));
    }

    @NonNull
    private ServiceException parseAndConstructException(@Nullable String str, @Nullable String str2, @Nullable String str3, @Nullable BrokerSilentTokenCommandParameters brokerSilentTokenCommandParameters, @NonNull HttpResponse httpResponse, @NonNull String str4) throws ClientException {
        ServiceException serviceException;
        List<String> list;
        Objects.requireNonNull(httpResponse, "webResponse is marked non-null but is null");
        Objects.requireNonNull(str4, "authority is marked non-null but is null");
        String str5 = TAG + ":parseAndThrowException";
        Logger.warn(str5, str3, str + ", " + str2 + ", " + httpResponse.getStatusCode());
        try {
            if (StringUtil.isNullOrEmpty(httpResponse.getBody())) {
                Logger.warn(str5, str3, "Http response body null or empty.");
                serviceException = new ServiceException("json_parse_failure", "Http response body null or empty.", httpResponse.getStatusCode(), null);
            } else {
                HashMap<String, String> jsonResponseFromResponseBody = HashMapExtensions.getJsonResponseFromResponseBody(httpResponse.getBody());
                String str6 = jsonResponseFromResponseBody.get("error");
                String str7 = jsonResponseFromResponseBody.get("error_description");
                String str8 = jsonResponseFromResponseBody.get("suberror");
                Logger.warn(str5, str3, "Error from the server. " + str6 + ", " + str8 + ", " + str7 + ", " + httpResponse.getStatusCode());
                if (StringUtil.isNullOrEmpty(str6)) {
                    str6 = String.valueOf(httpResponse.getStatusCode());
                }
                if (!StringUtil.isNullOrEmpty(str7)) {
                    str = str7;
                }
                TokenErrorResponse tokenErrorResponse = new TokenErrorResponse();
                tokenErrorResponse.setError(str6);
                tokenErrorResponse.setSubError(str8);
                tokenErrorResponse.setErrorDescription(str);
                tokenErrorResponse.setStatusCode(httpResponse.getStatusCode());
                tokenErrorResponse.setResponseBody(httpResponse.getBody());
                tokenErrorResponse.setResponseHeadersJson(HeaderSerializationUtil.toJson(httpResponse.getHeaders()));
                serviceException = ExceptionAdapter.getExceptionFromTokenErrorResponse(brokerSilentTokenCommandParameters, tokenErrorResponse);
                if (serviceException instanceof IntuneAppProtectionPolicyRequiredException) {
                    Logger.verbose(str5, "Explicitly setting authority for IntuneAppProtectionPolicyRequiredException to " + str4 + "original parameter authority: " + brokerSilentTokenCommandParameters.getAuthority().getAuthorityURL().toString());
                    ((IntuneAppProtectionPolicyRequiredException) serviceException).setAuthorityUrl(str4);
                    addClientToBrokerAppRegistry(brokerSilentTokenCommandParameters);
                }
            }
        } catch (JSONException e) {
            Logger.error(str5, str3, "Json Parse error: Unable to parse response body.", e);
            serviceException = new ServiceException("json_parse_failure", "Json Parse error: Unable to parse response body.", httpResponse.getStatusCode(), e);
        }
        if (httpResponse.getHeaders() != null && (list = httpResponse.getHeaders().get(HttpConstants.HeaderField.X_MS_CLITELEM)) != null && !list.isEmpty()) {
            ExceptionAdapter.applyCliTelemInfo(CliTelemInfo.fromXMsCliTelemHeader(list.get(0)), serviceException);
        }
        serviceException.setCorrelationId(str3);
        return serviceException;
    }

    private MicrosoftStsTokenResponse requestAccessTokenWithPrtInternal(@NonNull IBrokerAccount iBrokerAccount, @NonNull PrtV2 prtV2, @NonNull BrokerSilentTokenCommandParameters brokerSilentTokenCommandParameters) throws ClientException, ServiceException {
        Objects.requireNonNull(iBrokerAccount, "account is marked non-null but is null");
        Objects.requireNonNull(prtV2, "prtV2 is marked non-null but is null");
        Objects.requireNonNull(brokerSilentTokenCommandParameters, "parameters is marked non-null but is null");
        String str = TAG + ":requestAccessTokenWithPrtInternal";
        Logger.info(str, brokerSilentTokenCommandParameters.getCorrelationId(), "Sending request to get access token using PRT.");
        Span current = SpanExtension.current();
        if (StringUtil.isNullOrEmpty(prtV2.getRefreshToken())) {
            Logger.error(str, brokerSilentTokenCommandParameters.getCorrelationId(), "PRT is null or empty", null);
            throw new ClientException("no_tokens_found", "PRT is null or empty");
        }
        try {
            TreeMap treeMap = new TreeMap();
            treeMap.put("client-request-id", brokerSilentTokenCommandParameters.getCorrelationId());
            treeMap.putAll(Device.getPlatformIdParameters());
            treeMap.put("x-client-SKU", DiagnosticContext.INSTANCE.getRequestContext().get("x-client-SKU"));
            treeMap.put("x-client-Ver", Device.getProductVersion());
            treeMap.put("x-client-brkrver", this.mBrokerComponents.getBrokerMetadata().getBrokerVersion());
            treeMap.put("x-app-name", brokerSilentTokenCommandParameters.getCallerPackageName());
            treeMap.put("x-app-ver", brokerSilentTokenCommandParameters.getCallerAppVersion());
            String accountHomeTenantId = new BrokerAccountDataManager(this.mBrokerComponents.getBrokerAccountDataStorage()).getAccountHomeTenantId(iBrokerAccount);
            String name = AttributeName.tenant_id.name();
            if (accountHomeTenantId == null) {
                accountHomeTenantId = "";
            }
            current.setAttribute(name, accountHomeTenantId);
            treeMap.putAll(EstsTelemetry.getInstance().getTelemetryHeaders());
            treeMap.put("Content-Type", BrokerConstants.CONTENT_TYPE_FORM_URL_ENCODED);
            logRequestHeaders(treeMap, brokerSilentTokenCommandParameters.getCorrelationId(), str);
            String authorityForAcquiringToken = prtV2.getAuthorityForAcquiringToken();
            HttpResponse post = this.mHttpClient.post(JoinedFlowUtil.constructTokenEndpoint(authorityForAcquiringToken), treeMap, getRequestBodyForTokenRequest(prtV2, brokerSilentTokenCommandParameters, authorityForAcquiringToken).getBytes(AuthenticationConstants.CHARSET_UTF8));
            current.setAttribute(AttributeName.response_content_type.name(), post.getHeaderValue("Content-Type", 0));
            current.setAttribute(AttributeName.http_status_code.name(), post.getStatusCode());
            current.setAttribute(com.microsoft.identity.common.java.opentelemetry.AttributeName.ccs_request_id.name(), post.getHeaderValue(HttpConstants.HeaderField.XMS_CCS_REQUEST_ID, 0));
            logResponseHeaders(post.getHeaders(), brokerSilentTokenCommandParameters.getCorrelationId(), str);
            if (post.getStatusCode() != 200) {
                Logger.info(str, brokerSilentTokenCommandParameters.getCorrelationId(), "Server Http error. Access token request with PRT with status code " + post.getStatusCode());
                throw parseAndConstructException(ErrorStrings.AUTH_REFRESH_FAILED, "Access Token request with PRT failed", brokerSilentTokenCommandParameters.getCorrelationId(), brokerSilentTokenCommandParameters, post, authorityForAcquiringToken);
            }
            Logger.info(str, brokerSilentTokenCommandParameters.getCorrelationId(), "Successful response from Token endpoint for refresh_token using PRT.");
            MicrosoftStsTokenResponse microsoftStsTokenResponse = (MicrosoftStsTokenResponse) new Gson().asInterface(this.mBrokerComponents.getBrokerKeyFactory().getSessionKeyBasedDecryptorAesCbc(prtV2.getSessionKey()).decryptJwe(post.getBody()), MicrosoftStsTokenResponse.class);
            updateAuthorityWithCloudInstanceHostName(microsoftStsTokenResponse, brokerSilentTokenCommandParameters.getAuthority());
            if (StringUtil.isNullOrEmpty(microsoftStsTokenResponse.getAuthority())) {
                Logger.info(str, brokerSilentTokenCommandParameters.getCorrelationId(), "Authority from service response is null. Using authority from request.");
                microsoftStsTokenResponse.setAuthority(authorityForAcquiringToken);
            }
            if (StringUtil.isNullOrEmpty(microsoftStsTokenResponse.getIdToken()) && !StringUtil.isNullOrEmpty(prtV2.getIdToken())) {
                Logger.info(str, brokerSilentTokenCommandParameters.getCorrelationId(), "ID token from service response is null. Setting ID Token from PRT.");
                microsoftStsTokenResponse.setIdToken(prtV2.getIdToken());
            }
            setClientTelemetryToBrokerTokenResponse(microsoftStsTokenResponse, post);
            return microsoftStsTokenResponse;
        } catch (UnsupportedEncodingException e) {
            throw new ClientException("unsupported_encoding", e.getMessage());
        } catch (MalformedURLException e2) {
            e = e2;
            throw new ClientException(ErrorStrings.AUTHORITY_URL_NOT_VALID, e.getMessage());
        } catch (SocketTimeoutException e3) {
            throw new ClientException("device_network_not_available", e3.getMessage());
        } catch (IOException e4) {
            throw new ClientException("io_error", e4.getMessage());
        } catch (URISyntaxException e5) {
            e = e5;
            throw new ClientException(ErrorStrings.AUTHORITY_URL_NOT_VALID, e.getMessage());
        } catch (CertificateEncodingException e6) {
            throw constructClientException(e6);
        } catch (JSONException e7) {
            throw new ServiceException("invalid_jwt", e7.getMessage(), e7);
        }
    }

    @NonNull
    private PrtV2 sendRequestToGetPrt(@NonNull AbstractAcquirePrtStrategy abstractAcquirePrtStrategy) throws JSONException, IOException, ServiceException, ClientException, URISyntaxException, CertificateEncodingException, NoSuchAlgorithmException, InvalidKeyException, SignatureException {
        Objects.requireNonNull(abstractAcquirePrtStrategy, "strategy is marked non-null but is null");
        String str = TAG + ":sendRequestToGetPrt";
        Logger.info(str, abstractAcquirePrtStrategy.getCorrelationId(), "Sending request to get PRT with " + abstractAcquirePrtStrategy.getName());
        Span current = SpanExtension.current();
        TreeMap treeMap = new TreeMap();
        treeMap.put("client-request-id", abstractAcquirePrtStrategy.getCorrelationId());
        treeMap.putAll(Device.getPlatformIdParameters());
        DiagnosticContext diagnosticContext = DiagnosticContext.INSTANCE;
        treeMap.put("x-client-SKU", diagnosticContext.getRequestContext().get("x-client-SKU"));
        treeMap.put("x-client-Ver", Device.getProductVersion());
        treeMap.put("x-client-brkrver", this.mBrokerComponents.getBrokerMetadata().getBrokerVersion());
        treeMap.put("Content-Type", BrokerConstants.CONTENT_TYPE_FORM_URL_ENCODED);
        current.setAttribute(AttributeName.correlation_id.name(), abstractAcquirePrtStrategy.getCorrelationId());
        current.setAttribute(AttributeName.client_sku.name(), diagnosticContext.getRequestContext().get("x-client-SKU"));
        current.setAttribute(AttributeName.sku_version.name(), Device.getProductVersion());
        current.setAttribute(AttributeName.broker_version.name(), this.mBrokerComponents.getBrokerMetadata().getBrokerVersion());
        logRequestHeaders(treeMap, abstractAcquirePrtStrategy.getCorrelationId(), str);
        HttpResponse post = this.mHttpClient.post(JoinedFlowUtil.constructTokenEndpoint(AzureActiveDirectoryAuthority.convertToDefaultAuthority(abstractAcquirePrtStrategy.getRequestAuthority().getAuthorityUri().toString())), treeMap, abstractAcquirePrtStrategy.getRequestMessage().getBytes(AuthenticationConstants.CHARSET_UTF8));
        current.setAttribute(AttributeName.response_content_type.name(), post.getHeaders().get("Content-Type").get(0));
        current.setAttribute(AttributeName.http_status_code.name(), post.getStatusCode());
        current.setAttribute(com.microsoft.identity.common.java.opentelemetry.AttributeName.ccs_request_id.name(), post.getHeaderValue(HttpConstants.HeaderField.XMS_CCS_REQUEST_ID, 0));
        logResponseHeaders(post.getHeaders(), abstractAcquirePrtStrategy.getCorrelationId(), str);
        if (post.getStatusCode() == 200) {
            return abstractAcquirePrtStrategy.constructNewPrtFromResponse(HashMapExtensions.getJsonResponseFromResponseBody(abstractAcquirePrtStrategy.processResponse(post.getBody())));
        }
        throw parseAndConstructException(ErrorStrings.BROKER_PRT_REFRESH_FAILED, "Request to get PRT with " + abstractAcquirePrtStrategy.getName() + " failed", abstractAcquirePrtStrategy.getCorrelationId(), null, post, abstractAcquirePrtStrategy.getRequestAuthority().getAuthorityUri().toString());
    }

    private void setClientTelemetryToBrokerTokenResponse(@NonNull MicrosoftStsTokenResponse microsoftStsTokenResponse, @NonNull HttpResponse httpResponse) {
        List<String> list;
        CliTelemInfo fromXMsCliTelemHeader;
        Objects.requireNonNull(microsoftStsTokenResponse, "tokenResponse is marked non-null but is null");
        Objects.requireNonNull(httpResponse, "response is marked non-null but is null");
        if (httpResponse.getHeaders() == null || (list = httpResponse.getHeaders().get(HttpConstants.HeaderField.X_MS_CLITELEM)) == null || list.isEmpty() || (fromXMsCliTelemHeader = CliTelemInfo.fromXMsCliTelemHeader(list.get(0))) == null) {
            return;
        }
        microsoftStsTokenResponse.setSpeRing(fromXMsCliTelemHeader.getSpeRing());
        microsoftStsTokenResponse.setRefreshTokenAge(fromXMsCliTelemHeader.getRefreshTokenAge());
        microsoftStsTokenResponse.setCliTelemErrorCode(fromXMsCliTelemHeader.getServerErrorCode());
        microsoftStsTokenResponse.setCliTelemSubErrorCode(fromXMsCliTelemHeader.getServerSubErrorCode());
    }

    private PrtV2 tryUpdatePrt(@NonNull IBrokerAccount iBrokerAccount, @NonNull PrtV2 prtV2, @NonNull String str) {
        Objects.requireNonNull(iBrokerAccount, "account is marked non-null but is null");
        Objects.requireNonNull(prtV2, "prt is marked non-null but is null");
        Objects.requireNonNull(str, "correlationId is marked non-null but is null");
        String str2 = TAG + ":tryUpdatePrt";
        PrtV2Loader.getPrtV2Writelock().lock();
        Span createSpan = OTelUtility.createSpan(SpanName.RefreshPrt.name());
        try {
            try {
                Scope makeCurrentSpan = SpanExtension.makeCurrentSpan(createSpan);
                try {
                    SpanExtension.current().setAttribute(AttributeName.prt_protocol_version.name(), PrtProtocolVersion.V2_0.getValue());
                    PrtV2 acquirePrtWithStrategy = acquirePrtWithStrategy(new RefreshPrtStrategy(prtV2, this.mBrokerComponents, str), iBrokerAccount);
                    if (makeCurrentSpan != null) {
                        makeCurrentSpan.close();
                    }
                    return acquirePrtWithStrategy;
                } catch (Throwable th) {
                    if (makeCurrentSpan != null) {
                        try {
                            makeCurrentSpan.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    }
                    throw th;
                }
            } finally {
                createSpan.end();
                PrtV2Loader.getPrtV2Writelock().unlock();
            }
        } catch (ClientException | ServiceException e) {
            Logger.error(str2, str, "Failed to update PRT.", e);
            createSpan.end();
            PrtV2Loader.getPrtV2Writelock().unlock();
            return null;
        }
    }

    private void updateAuthorityWithCloudInstanceHostName(@NonNull MicrosoftStsTokenResponse microsoftStsTokenResponse, @NonNull Authority authority) throws URISyntaxException {
        Objects.requireNonNull(microsoftStsTokenResponse, "tokenResponse is marked non-null but is null");
        Objects.requireNonNull(authority, "requestAuthority is marked non-null but is null");
        String cloudInstanceHostName = microsoftStsTokenResponse.getCloudInstanceHostName();
        if (StringUtil.isNullOrEmpty(cloudInstanceHostName)) {
            return;
        }
        microsoftStsTokenResponse.setAuthority(new SmallSortedMap.DescendingEntryIterator().setScheme("https").setHost(cloudInstanceHostName).setPath(authority.getAuthorityURL().getPath()).build().toString().toLowerCase(Locale.US));
    }

    @NonNull
    public PrtV2 acquirePrt(@NonNull IBrokerAccount iBrokerAccount, @NonNull WorkplaceJoinData workplaceJoinData, @NonNull String str, @NonNull Authority authority, @NonNull String str2) throws ClientException, ServiceException {
        Objects.requireNonNull(iBrokerAccount, "account is marked non-null but is null");
        Objects.requireNonNull(workplaceJoinData, "wpjData is marked non-null but is null");
        Objects.requireNonNull(str, "brokerRt is marked non-null but is null");
        Objects.requireNonNull(authority, "homeAuthority is marked non-null but is null");
        Objects.requireNonNull(str2, "correlationId is marked non-null but is null");
        PrtV2Loader.getPrtV2Writelock().lock();
        Span createSpan = OTelUtility.createSpan(SpanName.AcquirePrtUsingBrt.name());
        try {
            Scope makeCurrentSpan = SpanExtension.makeCurrentSpan(createSpan);
            try {
                SpanExtension.current().setAttribute(AttributeName.prt_protocol_version.name(), PrtProtocolVersion.V2_0.getValue());
                PrtV2 acquirePrtWithStrategy = acquirePrtWithStrategy(new AcquirePrtWithBrtStrategy(str, authority, workplaceJoinData, this.mBrokerComponents, str2), iBrokerAccount);
                if (makeCurrentSpan != null) {
                    makeCurrentSpan.close();
                }
                return acquirePrtWithStrategy;
            } finally {
            }
        } finally {
            createSpan.end();
            PrtV2Loader.getPrtV2Writelock().unlock();
        }
    }

    @NonNull
    public PrtV2 acquirePrtAfterDeviceRegistration(@NonNull IBrokerAccount iBrokerAccount, @NonNull WorkplaceJoinData workplaceJoinData, @NonNull String str, @NonNull Authority authority, @NonNull String str2) throws ClientException, ServiceException {
        Objects.requireNonNull(iBrokerAccount, "account is marked non-null but is null");
        Objects.requireNonNull(workplaceJoinData, "wpjData is marked non-null but is null");
        Objects.requireNonNull(str, "brokerRt is marked non-null but is null");
        Objects.requireNonNull(authority, "homeAuthority is marked non-null but is null");
        Objects.requireNonNull(str2, "correlationId is marked non-null but is null");
        String str3 = TAG + ":acquirePrtAfterDeviceRegistration";
        Logger.info(str3, str2, "Acquire PRT after device registration.");
        Date date = new Date();
        PrtV2Loader.getPrtV2Writelock().lock();
        do {
            try {
                ThreadUtils.sleepSafely(getPrtAcquisitionSleepTimeInMilliSeconds(), str3, "Failed to sleep before PRT acquisition");
                try {
                    return acquirePrt(iBrokerAccount, workplaceJoinData, str, authority, str2);
                } catch (ServiceException e) {
                    if (!"invalid_grant".equalsIgnoreCase(e.getErrorCode()) || !OAuth2SubErrorCode.DEVICE_AUTHENTICATION_FAILED.equalsIgnoreCase(e.getOAuthSubErrorCode())) {
                        throw e;
                    }
                    Logger.info(str3, str2, "Hitting a propagation delay, retry PRT acquisition.");
                }
            } finally {
                PrtV2Loader.getPrtV2Writelock().unlock();
            }
        } while (new Date().getTime() - date.getTime() < getPrtMaxSetupTimeInMilliSeconds());
        throw new ServiceException("service_not_available", "The device registration record failed to propagate within the given time frame. Please try again later.", null);
    }

    @NonNull
    public PrtV2 acquirePrtWithStrategy(@NonNull AbstractAcquirePrtStrategy abstractAcquirePrtStrategy, @NonNull IBrokerAccount iBrokerAccount) throws ClientException, ServiceException {
        Objects.requireNonNull(abstractAcquirePrtStrategy, "strategy is marked non-null but is null");
        Objects.requireNonNull(iBrokerAccount, "account is marked non-null but is null");
        String str = TAG + ":acquirePrtWithStrategy";
        Span current = SpanExtension.current();
        try {
            String accountHomeTenantId = new BrokerAccountDataManager(this.mBrokerComponents.getBrokerAccountDataStorage()).getAccountHomeTenantId(iBrokerAccount);
            String name = AttributeName.tenant_id.name();
            if (accountHomeTenantId == null) {
                accountHomeTenantId = "";
            }
            current.setAttribute(name, accountHomeTenantId);
            PrtV2 sendRequestToGetPrt = sendRequestToGetPrt(abstractAcquirePrtStrategy);
            this.mPrtV2Loader.setPrtV2(iBrokerAccount, sendRequestToGetPrt);
            current.setStatus(StatusCode.OK);
            return sendRequestToGetPrt;
        } catch (IOException e) {
            e = e;
            current.recordException(e);
            current.setStatus(StatusCode.ERROR);
            abstractAcquirePrtStrategy.logInfo(str, "Exception: " + e.getMessage());
            throw constructClientException(e);
        } catch (URISyntaxException e2) {
            e = e2;
            current.recordException(e);
            current.setStatus(StatusCode.ERROR);
            abstractAcquirePrtStrategy.logInfo(str, "Exception: " + e.getMessage());
            throw constructClientException(e);
        } catch (InvalidKeyException e3) {
            e = e3;
            current.recordException(e);
            current.setStatus(StatusCode.ERROR);
            abstractAcquirePrtStrategy.logInfo(str, "Exception: " + e.getMessage());
            throw constructClientException(e);
        } catch (NoSuchAlgorithmException e4) {
            e = e4;
            current.recordException(e);
            current.setStatus(StatusCode.ERROR);
            abstractAcquirePrtStrategy.logInfo(str, "Exception: " + e.getMessage());
            throw constructClientException(e);
        } catch (SignatureException e5) {
            e = e5;
            current.recordException(e);
            current.setStatus(StatusCode.ERROR);
            abstractAcquirePrtStrategy.logInfo(str, "Exception: " + e.getMessage());
            throw constructClientException(e);
        } catch (CertificateEncodingException e6) {
            e = e6;
            current.recordException(e);
            current.setStatus(StatusCode.ERROR);
            abstractAcquirePrtStrategy.logInfo(str, "Exception: " + e.getMessage());
            throw constructClientException(e);
        } catch (JSONException e7) {
            current.recordException(e7);
            current.setStatus(StatusCode.ERROR);
            abstractAcquirePrtStrategy.logInfo(str, "Exception: " + e7.getMessage());
            throw new ServiceException("invalid_jwt", e7.getMessage(), e7);
        } catch (Throwable th) {
            current.recordException(th);
            current.setStatus(StatusCode.ERROR);
            throw th;
        }
    }

    public int getPrtAcquisitionSleepTimeInMilliSeconds() {
        return 5000;
    }

    public int getPrtMaxSetupTimeInMilliSeconds() {
        return 120000;
    }

    public String getResolveInterruptRefreshCredential(IBrokerAccount iBrokerAccount, String str, Authority authority) throws ClientException {
        String str2 = TAG + ":getResolveInterruptRefreshCredential";
        Logger.info(str2, str, "Generating the the refresh credential to resolve interrupt.");
        PrtV2 prtV2 = this.mPrtV2Loader.getPrtV2(iBrokerAccount, authority.getAuthorityURL().toString());
        if (prtV2 == null) {
            Logger.info(str2, str, "PRT is null.");
            return "";
        }
        JwtRequestHeader jwtRequestHeader = new JwtRequestHeader();
        jwtRequestHeader.setType();
        jwtRequestHeader.setAlg(JwtRequestHeader.ALG_VALUE_HS256);
        jwtRequestHeader.setKId("session");
        byte[] generateRandomKeyContext = SessionKeyUtil.generateRandomKeyContext();
        jwtRequestHeader.setCtx(new String(SmallSortedMap.EntryIterator.writeTypedObject(generateRandomKeyContext, 3), AuthenticationConstants.CHARSET_UTF8));
        JwtRequestBody jwtRequestBody = new JwtRequestBody();
        long seconds = TimeUnit.MILLISECONDS.toSeconds(System.currentTimeMillis());
        jwtRequestBody.setNonce(MicrosoftStsNonceUtil.getNonce(JoinedFlowUtil.constructTokenEndpoint(prtV2.getAuthorityForAcquiringToken()), str));
        jwtRequestBody.setIat(seconds);
        jwtRequestBody.setNBF(seconds);
        jwtRequestBody.setExp(seconds, 300L);
        jwtRequestBody.setJwtScope("offline_access" + TokenAuthenticationScheme.SCHEME_DELIMITER + "openid" + TokenAuthenticationScheme.SCHEME_DELIMITER + "profile" + TokenAuthenticationScheme.SCHEME_DELIMITER + "aza");
        jwtRequestBody.setRefreshToken(prtV2.getRefreshToken());
        String generateJWT = JwtUtils.generateJWT(jwtRequestHeader, jwtRequestBody);
        IKeyEntry deriveKey = SessionKeyUtil.deriveKey(this.mBrokerComponents, prtV2.getSessionKey(), generateRandomKeyContext);
        String encodeUrlSafeString = StringUtil.encodeUrlSafeString(this.mBrokerComponents.getBrokerKeyFactory().getDerivedSessionKeyAccessor(deriveKey, SessionKeyUtil.DERIVED_KEY_DECRYPTION_ALGORITHM_AES_CBC).sign(generateJWT.getBytes(AuthenticationConstants.ENCODING_UTF8)));
        this.mBrokerComponents.getBrokerKeyFactory().getKeyManager().deleteKey(deriveKey);
        return generateJWT + "." + encodeUrlSafeString;
    }

    @NonNull
    public Map.Entry<String, String> getSsoCookie(@Nullable String str, @NonNull IBrokerAccount iBrokerAccount, @NonNull String str2, @NonNull String str3) throws JSONException, ClientException {
        String str4;
        Objects.requireNonNull(iBrokerAccount, "account is marked non-null but is null");
        Objects.requireNonNull(str2, "requestAuthority is marked non-null but is null");
        Objects.requireNonNull(str3, "ssoUrl is marked non-null but is null");
        IBrokerAccount account = this.mBrokerComponents.getBrokerAccountDataStorage().getAccount(iBrokerAccount.getSPHINCSPlusKeyGenerationParameters(), "com.microsoft.workaccount");
        if (account == null) {
            throw new ClientException(ClientException.ACCOUNT_NOT_FOUND, "Specified account not found in data store");
        }
        PrtV2 prtV2 = this.mPrtV2Loader.getPrtV2(account, str2);
        if (prtV2 == null) {
            throw new ClientException("no_tokens_found", "No PRT available for account");
        }
        try {
            List<SmallSortedMap.AnonymousClass1> queryParams = new SmallSortedMap.DescendingEntryIterator(str3).getQueryParams();
            if (queryParams != null) {
                for (SmallSortedMap.AnonymousClass1 anonymousClass1 : queryParams) {
                    if (PrtConstants.SSO_NONCE_QUERY_PARAM_KEY.equalsIgnoreCase(anonymousClass1.getName())) {
                        str4 = anonymousClass1.getValue();
                        break;
                    }
                }
            }
            str4 = null;
            byte[] generateRandomKeyContext = SessionKeyUtil.generateRandomKeyContext();
            return new AbstractMap.SimpleEntry(prtV2.getHomeAuthority(), prtV2.getSsoCookieFormat(str4, generateRandomKeyContext, this.mBrokerComponents.getBrokerKeyFactory().getDerivedSessionKeyAccessor(SessionKeyUtil.deriveKey(this.mBrokerComponents, prtV2.getSessionKey(), generateRandomKeyContext), SessionKeyUtil.DERIVED_KEY_DECRYPTION_ALGORITHM_AES_CBC)));
        } catch (URISyntaxException e) {
            throw new ClientException("malformed_url", "The SSO token url is malformed", e);
        }
    }

    @Nullable
    public PrtV2 loadPrt(@NonNull IBrokerAccount iBrokerAccount, @NonNull Authority authority, @NonNull String str) {
        Objects.requireNonNull(iBrokerAccount, "account is marked non-null but is null");
        Objects.requireNonNull(authority, "requestAuthority is marked non-null but is null");
        Objects.requireNonNull(str, "correlationId is marked non-null but is null");
        String str2 = TAG + ":loadPrt";
        PrtV2 prtV2 = this.mPrtV2Loader.getPrtV2(iBrokerAccount, authority.getAuthorityURL().toString());
        if (prtV2 == null) {
            Logger.info(str2, str, "PRT is null.");
            return null;
        }
        if (prtV2.shouldRefreshPrt()) {
            Logger.info(str2, str, "Attempting to refreshing PRT.");
            PrtV2 tryUpdatePrt = tryUpdatePrt(iBrokerAccount, prtV2, str);
            if (tryUpdatePrt != null) {
                tryUpdatePrt.setRequestAuthority(authority.getAuthorityURL().toString());
                Logger.info(str2, str, "PRT refresh successful. Returning new PRT.");
                return tryUpdatePrt;
            }
            Logger.warn(str2, "Failed to refresh PRT. Will return existing PRT.");
        }
        return prtV2;
    }

    @NonNull
    public MicrosoftStsTokenResponse requestAccessTokenWithPrt(@NonNull IBrokerAccount iBrokerAccount, @NonNull BrokerSilentTokenCommandParameters brokerSilentTokenCommandParameters) throws ClientException, ServiceException {
        Objects.requireNonNull(iBrokerAccount, "account is marked non-null but is null");
        Objects.requireNonNull(brokerSilentTokenCommandParameters, "parameters is marked non-null but is null");
        Span createSpan = OTelUtility.createSpan(SpanName.AcquireAtUsingPrt.name());
        try {
            Scope makeCurrentSpan = SpanExtension.makeCurrentSpan(createSpan);
            try {
                SpanExtension.current().setAttribute(AttributeName.prt_protocol_version.name(), PrtProtocolVersion.V2_0.getValue());
                createSpan.setAttribute(AttributeName.correlation_id.name(), brokerSilentTokenCommandParameters.getCorrelationId());
                createSpan.setAttribute(AttributeName.client_sku.name(), DiagnosticContext.INSTANCE.getRequestContext().get("x-client-SKU"));
                createSpan.setAttribute(AttributeName.sku_version.name(), Device.getProductVersion());
                createSpan.setAttribute(AttributeName.broker_version.name(), this.mBrokerComponents.getBrokerMetadata().getBrokerVersion());
                PrtV2 loadPrt = loadPrt(iBrokerAccount, brokerSilentTokenCommandParameters.getAuthority(), brokerSilentTokenCommandParameters.getCorrelationId());
                if (loadPrt == null) {
                    throw new UiRequiredException("no_tokens_found", "PRT is not found. It might have been wiped.");
                }
                MicrosoftStsTokenResponse requestAccessTokenWithPrtInternal = requestAccessTokenWithPrtInternal(iBrokerAccount, loadPrt, brokerSilentTokenCommandParameters);
                createSpan.setStatus(StatusCode.OK);
                if (makeCurrentSpan != null) {
                    makeCurrentSpan.close();
                }
                return requestAccessTokenWithPrtInternal;
            } finally {
            }
        } finally {
        }
    }
}
