package com.microsoft.intune.mam.policy;

import android.content.Context;
import android.content.pm.PackageManager;
import com.microsoft.aad.adal.AuthenticationConstants;
import com.microsoft.aad.adal.AuthenticationResult;
import com.microsoft.aad.adal.AuthenticationSettings;
import com.microsoft.aad.adal.WebRequestHandler;
import com.microsoft.intune.mam.client.MetaDataReader;
import com.microsoft.intune.mam.client.app.AuthCallbackUtils;
import com.microsoft.intune.mam.client.app.startup.ADALSettings;
import com.microsoft.intune.mam.client.identity.MAMIdentityManager;
import com.microsoft.intune.mam.log.MAMLogPIIFactory;
import com.microsoft.intune.mam.log.MAMLogger;
import com.microsoft.intune.mam.log.MAMLoggerProvider;
import com.microsoft.intune.mam.policy.MAMServiceLookupThread;
import com.microsoft.office.plat.registry.Constants;
import java.io.DataOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.net.HttpURLConnection;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.Locale;
import java.util.UUID;
import java.util.logging.Level;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLSocketFactory;
import org.apache.http.entity.mime.MIME;
import org.json.JSONArray;
import org.json.JSONObject;

/* loaded from: classes.dex */
public class MAMServiceLookupOperationsImpl implements MAMServiceLookupThread.Operations {
    private static final String APPID_NAME = "AppId";
    private static final String APPVERSION_NAME = "AppVersion";
    private static final int CONNECTION_RETRY_COUNT = 3;
    private static final int HTTP_CONNECT_TIMEOUT_MILLIS = 30000;
    private static final int HTTP_FWLINK_SLEEP_RETRY_MILLIS = 50;
    private static final int HTTP_FWLINK_TIMEOUT_MILLIS = 3000;
    private static final int HTTP_READ_TIMEOUT_MILLIS = 60000;
    private static final String ISTARGETED_URL = "/StatelessApplicationManagementService/ApplicationInstances(guid'00000000-0000-0000-0000-000000000000')/IsTargeted?api-version=1.1";
    private static final MAMLogger LOGGER = MAMLoggerProvider.getLogger((Class<?>) MAMServiceLookupOperationsImpl.class);
    private static final String OS_NAME = "Os";
    private static final String PLATFORM = "android";
    private static final String SDKVERSION_NAME = "SdkVersion";
    private final MAMServiceAuthenticationCallback mAuthCallback;
    private final Context mContext;
    private final MAMLogPIIFactory mLogScrubber;
    private final MAMIdentityManager mMAMIdentityManger;
    private final SSLSocketFactory mSSLSocketFactory;
    private HttpURLConnection mConnection = null;
    private AuthenticationResult mAuthResult = null;
    private String mRequestId = null;

    public MAMServiceLookupOperationsImpl(Context context, MAMLogPIIFactory mAMLogPIIFactory, SSLSocketFactory sSLSocketFactory, MAMIdentityManager mAMIdentityManager, MAMServiceAuthenticationCallback mAMServiceAuthenticationCallback) {
        this.mContext = context;
        this.mLogScrubber = mAMLogPIIFactory;
        this.mSSLSocketFactory = sSLSocketFactory;
        this.mMAMIdentityManger = mAMIdentityManager;
        this.mAuthCallback = mAMServiceAuthenticationCallback;
    }

    private void acquireTokenFromADAL(MAMServiceLookupThread.MAMServiceSupportData mAMServiceSupportData) {
        if (validateParamsForAdalAuth(mAMServiceSupportData)) {
            AuthenticationSettings.INSTANCE.setSkipBroker(mAMServiceSupportData.mAdalInfo.getSkipBroker());
            ADALSettings.synchronizeAdalSettings(this.mContext);
            this.mAuthResult = acquireTokenHelper(mAMServiceSupportData);
            if (this.mAuthResult == null && !AuthenticationSettings.INSTANCE.getSkipBroker()) {
                LOGGER.warning("trying to acquire MAMService token again without broker");
                AuthenticationSettings.INSTANCE.setSkipBroker(true);
                try {
                    this.mAuthResult = acquireTokenHelper(mAMServiceSupportData);
                } finally {
                    AuthenticationSettings.INSTANCE.setSkipBroker(false);
                }
            }
            if (this.mAuthResult != null) {
                if (isInvalidRefreshToken(mAMServiceSupportData.mRefreshToken)) {
                    String refreshToken = this.mAuthResult.getRefreshToken();
                    if (isInvalidRefreshToken(refreshToken)) {
                        mAMServiceSupportData.mRefreshToken = MAMServiceAuthentication.BROKER_NEEDED;
                    } else {
                        mAMServiceSupportData.mRefreshToken = refreshToken;
                    }
                }
                mAMServiceSupportData.mMamServiceToken = this.mAuthResult.getAccessToken();
            }
        }
    }

    private void acquireTokenFromCallback(MAMServiceLookupThread.MAMServiceSupportData mAMServiceSupportData) {
        if (validateParamsForAuthCallback(mAMServiceSupportData)) {
            mAMServiceSupportData.mRefreshToken = MAMServiceAuthentication.APIV2_AUTH_USED;
            mAMServiceSupportData.mMamServiceToken = AuthCallbackUtils.acquireMAMServiceToken(this.mAuthCallback, mAMServiceSupportData.mUpn, mAMServiceSupportData.mAadId);
        }
    }

    private AuthenticationResult acquireTokenHelper(MAMServiceLookupThread.MAMServiceSupportData mAMServiceSupportData) {
        return !isInvalidRefreshToken(mAMServiceSupportData.mRefreshToken) ? MAMServiceAuthentication.authenticateWithRefreshToken(this.mContext, mAMServiceSupportData.mAdalInfo, mAMServiceSupportData.mRefreshToken) : MAMServiceAuthentication.acquireToken(this.mContext, mAMServiceSupportData.mAdalInfo, mAMServiceSupportData.mUpn, mAMServiceSupportData.mAadId, this.mMAMIdentityManger, this.mLogScrubber);
    }

    private String getActivityId() {
        return "{" + UUID.randomUUID().toString().toUpperCase(Locale.getDefault()) + "}";
    }

    private String getIsTargetedPostBody(String str) {
        String str2 = "1.0";
        try {
            str2 = this.mContext.getPackageManager().getPackageInfo(str, 0).versionName;
        } catch (PackageManager.NameNotFoundException e) {
            LOGGER.log(Level.WARNING, "Can't get package version, using default", (Throwable) e);
        }
        String str3 = String.valueOf(1) + "." + String.valueOf(5);
        JSONObject jSONObject = new JSONObject();
        jSONObject.put(APPID_NAME, str);
        jSONObject.put(APPVERSION_NAME, str2);
        jSONObject.put(SDKVERSION_NAME, str3);
        jSONObject.put(OS_NAME, PLATFORM);
        return jSONObject.toString();
    }

    private HttpURLConnection getIsTargetedPostConnection(String str, String str2, String str3, String str4) {
        HttpURLConnection openSecureConnection = openSecureConnection(new URL(new URL(str), ISTARGETED_URL));
        openSecureConnection.setRequestMethod("POST");
        openSecureConnection.setRequestProperty(MIME.CONTENT_TYPE, WebRequestHandler.HEADER_ACCEPT_JSON);
        openSecureConnection.setRequestProperty(AuthenticationConstants.Broker.CHALLENGE_RESPONSE_HEADER, str2);
        openSecureConnection.setRequestProperty("Prefer", "return-content");
        openSecureConnection.setRequestProperty("Content-Length", "" + Integer.toString(str3.getBytes().length));
        openSecureConnection.setRequestProperty(AuthenticationConstants.AAD.CLIENT_REQUEST_ID, str4);
        openSecureConnection.setUseCaches(false);
        openSecureConnection.setDoInput(true);
        openSecureConnection.setDoOutput(true);
        openSecureConnection.setConnectTimeout(HTTP_CONNECT_TIMEOUT_MILLIS);
        openSecureConnection.setReadTimeout(60000);
        return openSecureConnection;
    }

    private String getLookupFWLink(String str) {
        try {
            String mAMServiceFWLinkOverride = new MetaDataReader(this.mContext, str).getMAMServiceFWLinkOverride();
            if (mAMServiceFWLinkOverride != null) {
                LOGGER.info("overriding default FWLink with: " + mAMServiceFWLinkOverride);
                return mAMServiceFWLinkOverride;
            }
        } catch (AssertionError e) {
            LOGGER.log(Level.WARNING, "error looking for FWLink override", (Throwable) e);
        }
        LOGGER.info("using default FWLink value: https://go.microsoft.com/fwlink/?LinkID=533051&clcid=0x409");
        return MAMServiceLookupThread.Operations.DEFAULT_LOOKUP_FWLINK;
    }

    private String getLookupServiceUrl(String str) {
        int i = 0;
        while (true) {
            int i2 = i;
            if (i2 >= 3) {
                return null;
            }
            this.mConnection = null;
            this.mRequestId = null;
            if (i2 > 0) {
                try {
                    try {
                        try {
                            try {
                                LOGGER.info("Retrying retrieve lookup service URL operation...");
                                Thread.sleep(50L);
                            } catch (MalformedURLException e) {
                                LOGGER.log(Level.SEVERE, String.format("Could not create URL from lookup fwlink %s.", str), (Throwable) e);
                                if (this.mConnection != null) {
                                    this.mConnection.disconnect();
                                }
                                return null;
                            }
                        } catch (InterruptedException e2) {
                            LOGGER.log(Level.SEVERE, "Failed to sleep between fwlink request retries", (Throwable) e2);
                            if (this.mConnection != null) {
                                this.mConnection.disconnect();
                            }
                        }
                    } catch (IOException e3) {
                        LOGGER.log(Level.SEVERE, "Failed to get lookup service url from FWLink", (Throwable) e3);
                        if (this.mConnection != null) {
                            this.mConnection.disconnect();
                        }
                    }
                } catch (Throwable th) {
                    if (this.mConnection != null) {
                        this.mConnection.disconnect();
                    }
                    throw th;
                }
            }
            this.mConnection = (HttpURLConnection) new URL(str).openConnection();
            this.mConnection.setInstanceFollowRedirects(false);
            this.mConnection.setConnectTimeout(HTTP_FWLINK_TIMEOUT_MILLIS);
            this.mConnection.setReadTimeout(HTTP_FWLINK_TIMEOUT_MILLIS);
            int responseCode = this.mConnection.getResponseCode();
            if (responseCode == 302 || responseCode == 301) {
                String headerField = this.mConnection.getHeaderField("Location");
                LOGGER.info("Retrieved lookup service URL: " + headerField);
                if (this.mConnection == null) {
                    return headerField;
                }
                this.mConnection.disconnect();
                return headerField;
            }
            LOGGER.severe("Failed to get lookup service url from FWLink; status = " + String.valueOf(responseCode) + " " + this.mConnection.getResponseMessage());
            if (this.mConnection != null) {
                this.mConnection.disconnect();
            }
            i = i2 + 1;
        }
    }

    private static String getResponseContent(HttpURLConnection httpURLConnection) {
        InputStream inputStream = httpURLConnection.getInputStream();
        if (inputStream == null) {
            return null;
        }
        char[] cArr = new char[1024];
        StringBuilder sb = new StringBuilder();
        InputStreamReader inputStreamReader = new InputStreamReader(inputStream, "UTF-8");
        while (true) {
            int read = inputStreamReader.read(cArr, 0, cArr.length);
            if (read < 0) {
                return sb.toString();
            }
            sb.append(cArr, 0, read);
        }
    }

    private static String getUrlFromJson(String str) {
        JSONArray jSONArray = new JSONObject(str).getJSONArray("Services");
        for (int i = 0; i < jSONArray.length(); i++) {
            JSONObject jSONObject = jSONArray.getJSONObject(i);
            String string = jSONObject.getString("ServiceName");
            String string2 = jSONObject.getString("Url");
            LOGGER.info("found service " + string + " with URL " + string2);
            if ("MAM.API.Application".equalsIgnoreCase(string)) {
                return string2;
            }
        }
        return null;
    }

    private boolean isHTTPMAMServiceAllowed() {
        return new MetaDataReader(this.mContext).isDebugHTTPMAMServiceAllowed();
    }

    private static boolean isInvalidRefreshToken(String str) {
        return str == null || str.isEmpty();
    }

    private HttpURLConnection openSecureConnection(URL url) {
        HttpURLConnection httpURLConnection = (HttpURLConnection) url.openConnection();
        if (this.mSSLSocketFactory != null) {
            if (httpURLConnection instanceof HttpsURLConnection) {
                ((HttpsURLConnection) httpURLConnection).setSSLSocketFactory(this.mSSLSocketFactory);
            } else if (!isHTTPMAMServiceAllowed()) {
                throw new MalformedURLException("https scheme is required for MAMService URLs.  Invalid URL: " + url.toString());
            }
        }
        return httpURLConnection;
    }

    private boolean validateParamsForAdalAuth(MAMServiceLookupThread.MAMServiceSupportData mAMServiceSupportData) {
        if (mAMServiceSupportData == null) {
            LOGGER.severe("null supportData passed to acquireToken() -- programmer error.");
            return false;
        }
        if (mAMServiceSupportData.mAdalInfo == null) {
            LOGGER.severe("required AdalInfo not provided for acquireToken() -- programmer error.");
            return false;
        }
        if (mAMServiceSupportData.mUpn != null) {
            return true;
        }
        LOGGER.severe("required UPN not provided for acquireToken() -- programmer error.");
        return false;
    }

    private boolean validateParamsForAuthCallback(MAMServiceLookupThread.MAMServiceSupportData mAMServiceSupportData) {
        if (mAMServiceSupportData == null) {
            LOGGER.severe("null supportData passed to acquireTokenFromCallback() -- programmer error.");
            return false;
        }
        if (mAMServiceSupportData.mUpn == null) {
            LOGGER.severe("required UPN not provided for acquireTokenFromCallback() -- programmer error.");
            return false;
        }
        if (mAMServiceSupportData.mAadId != null) {
            return true;
        }
        LOGGER.severe("required AAD ID not provided for acquireTokenFromCallback() -- programmer error.");
        return false;
    }

    private boolean validateParamsForGetIsTargeted(MAMServiceLookupThread.MAMServiceSupportData mAMServiceSupportData) {
        if (mAMServiceSupportData == null) {
            LOGGER.severe("null supportData passed to getIsTargeted() -- programmer error.");
            return false;
        }
        if (mAMServiceSupportData.mMamServiceToken == null) {
            LOGGER.severe("required MAMService token not provided for getIsTargeted() -- programmer error.");
            return false;
        }
        if (mAMServiceSupportData.mMamServiceUrl == null) {
            LOGGER.severe("required MAMService URL not provided for getIsTargeted() -- programmer error.");
            return false;
        }
        if (mAMServiceSupportData.mPackageName != null) {
            return true;
        }
        LOGGER.severe("required package name not provided for getIsTargeted() -- programmer error.");
        return false;
    }

    private boolean validateParamsForGetLookupServiceUrl(MAMServiceLookupThread.MAMServiceSupportData mAMServiceSupportData) {
        if (mAMServiceSupportData == null) {
            LOGGER.severe("null supportData passed to getLookupServiceUrl() -- programmer error.");
            return false;
        }
        if (mAMServiceSupportData.mPackageName != null) {
            return true;
        }
        LOGGER.severe("required package name not provided for getLookupServiceUrl() -- programmer error.");
        return false;
    }

    private boolean validateParamsForQueryLookupService(MAMServiceLookupThread.MAMServiceSupportData mAMServiceSupportData) {
        if (mAMServiceSupportData == null) {
            LOGGER.severe("null supportData passed to queryLookupService() -- programmer error.");
            return false;
        }
        if (mAMServiceSupportData.mMamServiceToken == null) {
            LOGGER.severe("required MAMService token not provided for queryLookupService() -- programmer error.");
            return false;
        }
        if (mAMServiceSupportData.mLookupServiceUrl == null) {
            LOGGER.severe("required lookup service URL not provided for queryLookupService() -- programmer error.");
            return false;
        }
        if (mAMServiceSupportData.mPackageName != null) {
            return true;
        }
        LOGGER.severe("required package name not provided for queryLookupService() -- programmer error.");
        return false;
    }

    @Override // com.microsoft.intune.mam.policy.MAMServiceLookupThread.Operations
    public void acquireToken(MAMServiceLookupThread.MAMServiceSupportData mAMServiceSupportData) {
        if (this.mAuthCallback != null) {
            acquireTokenFromCallback(mAMServiceSupportData);
        } else {
            LOGGER.info("No auth callback is registered in acquireToken(); proceeding with ADAL calls.");
            acquireTokenFromADAL(mAMServiceSupportData);
        }
    }

    @Override // com.microsoft.intune.mam.policy.MAMServiceLookupThread.Operations
    public void getIsTargeted(MAMServiceLookupThread.MAMServiceSupportData mAMServiceSupportData) {
        if (validateParamsForGetIsTargeted(mAMServiceSupportData)) {
            String authHeaderFromToken = MAMServiceAuthentication.authHeaderFromToken(mAMServiceSupportData.mMamServiceToken);
            this.mConnection = null;
            this.mRequestId = getActivityId();
            try {
                try {
                    String isTargetedPostBody = getIsTargetedPostBody(mAMServiceSupportData.mPackageName);
                    LOGGER.info("Checking if user is targeted for policy.  POSTing " + isTargetedPostBody + " with activity id: " + this.mRequestId);
                    this.mConnection = getIsTargetedPostConnection(mAMServiceSupportData.mMamServiceUrl, authHeaderFromToken, isTargetedPostBody, this.mRequestId);
                    DataOutputStream dataOutputStream = new DataOutputStream(this.mConnection.getOutputStream());
                    dataOutputStream.writeBytes(isTargetedPostBody);
                    dataOutputStream.flush();
                    dataOutputStream.close();
                    int responseCode = this.mConnection.getResponseCode();
                    if (responseCode == 200) {
                        String responseContent = getResponseContent(this.mConnection);
                        if (responseContent == null || responseContent.isEmpty()) {
                            LOGGER.severe("Failed to get JSON response from MAM Service; response body was empty.");
                            if (this.mConnection != null) {
                                this.mConnection.disconnect();
                                return;
                            }
                            return;
                        }
                        LOGGER.info("IsTargeted response: " + responseContent);
                        mAMServiceSupportData.mIsTargeted = Boolean.valueOf(new JSONObject(responseContent).getBoolean(Constants.VALUE));
                    } else {
                        LOGGER.severe("Failed to get JSON response from MAM Service; activity id: " + this.mRequestId + "; status = " + String.valueOf(responseCode) + " " + this.mConnection.getResponseMessage());
                    }
                    if (this.mConnection != null) {
                        this.mConnection.disconnect();
                    }
                } catch (Exception e) {
                    LOGGER.log(Level.SEVERE, "Failed to query the MAMService for policy targeting, activity id: " + this.mRequestId, (Throwable) e);
                    if (this.mConnection != null) {
                        this.mConnection.disconnect();
                    }
                }
            } catch (Throwable th) {
                if (this.mConnection != null) {
                    this.mConnection.disconnect();
                }
                throw th;
            }
        }
    }

    @Override // com.microsoft.intune.mam.policy.MAMServiceLookupThread.Operations
    public AuthenticationResult getLastAuthResult() {
        return this.mAuthResult;
    }

    @Override // com.microsoft.intune.mam.policy.MAMServiceLookupThread.Operations
    public HttpURLConnection getLastConnection() {
        return this.mConnection;
    }

    @Override // com.microsoft.intune.mam.policy.MAMServiceLookupThread.Operations
    public String getLastRequestId() {
        return this.mRequestId;
    }

    @Override // com.microsoft.intune.mam.policy.MAMServiceLookupThread.Operations
    public void getLookupServiceUrl(MAMServiceLookupThread.MAMServiceSupportData mAMServiceSupportData) {
        if (validateParamsForGetLookupServiceUrl(mAMServiceSupportData)) {
            mAMServiceSupportData.mLookupServiceUrl = getLookupServiceUrl(getLookupFWLink(mAMServiceSupportData.mPackageName));
        }
    }

    @Override // com.microsoft.intune.mam.policy.MAMServiceLookupThread.Operations
    public void queryLookupService(MAMServiceLookupThread.MAMServiceSupportData mAMServiceSupportData) {
        if (validateParamsForQueryLookupService(mAMServiceSupportData)) {
            this.mConnection = null;
            this.mRequestId = getActivityId();
            String authHeaderFromToken = MAMServiceAuthentication.authHeaderFromToken(mAMServiceSupportData.mMamServiceToken);
            try {
                try {
                    this.mConnection = openSecureConnection(new URL(mAMServiceSupportData.mLookupServiceUrl + (mAMServiceSupportData.mLookupServiceUrl.contains("?") ? "&api-version=1.0" : "?api-version=1.0")));
                    this.mConnection.setRequestProperty(WebRequestHandler.HEADER_ACCEPT, WebRequestHandler.HEADER_ACCEPT_JSON);
                    this.mConnection.setRequestProperty(AuthenticationConstants.Broker.CHALLENGE_RESPONSE_HEADER, authHeaderFromToken);
                    this.mConnection.setRequestProperty(APPID_NAME, mAMServiceSupportData.mPackageName);
                    this.mConnection.setRequestProperty(AuthenticationConstants.AAD.CLIENT_REQUEST_ID, this.mRequestId);
                    this.mConnection.setConnectTimeout(HTTP_CONNECT_TIMEOUT_MILLIS);
                    this.mConnection.setReadTimeout(60000);
                    LOGGER.info("Querying lookup service with URL: " + mAMServiceSupportData.mLookupServiceUrl + " activity id: " + this.mRequestId);
                    int responseCode = this.mConnection.getResponseCode();
                    if (responseCode == 200) {
                        String responseContent = getResponseContent(this.mConnection);
                        if (responseContent == null || responseContent.isEmpty()) {
                            LOGGER.severe("Failed to get MAM service url from lookup service; response body was empty; activity id: " + this.mRequestId);
                            if (this.mConnection != null) {
                                this.mConnection.disconnect();
                                return;
                            }
                            return;
                        }
                        LOGGER.info("Lookup Service returned response: " + responseContent);
                        mAMServiceSupportData.mMamServiceUrl = getUrlFromJson(responseContent);
                    } else {
                        LOGGER.severe("Failed to get MAM service url from lookup service; activity id: " + this.mRequestId + "; status = " + String.valueOf(responseCode) + " " + this.mConnection.getResponseMessage());
                    }
                    if (this.mConnection != null) {
                        this.mConnection.disconnect();
                    }
                } catch (Exception e) {
                    LOGGER.log(Level.SEVERE, "Failed to get MAM service url from lookup service; activity id: " + this.mRequestId, (Throwable) e);
                    if (this.mConnection != null) {
                        this.mConnection.disconnect();
                    }
                }
            } catch (Throwable th) {
                if (this.mConnection != null) {
                    this.mConnection.disconnect();
                }
                throw th;
            }
        }
    }
}
