package com.microsoft.office.tokenshare;

import com.microsoft.office.ConfigServiceInfoProvider.ConfigService;
import com.microsoft.office.ConfigServiceInfoProvider.ConfigToken;
import com.microsoft.office.ConfigServiceInfoProvider.TokenResponse;
import com.microsoft.office.identity.AuthResult;
import com.microsoft.office.identity.IdentityLiblet;
import com.microsoft.office.identity.adal.ADALAccountManager;
import com.microsoft.office.liveoauth.LiveOAuthProxy;
import com.microsoft.office.plat.ContextConnector;
import com.microsoft.office.plat.keystore.AccountType;
import com.microsoft.office.plat.keystore.KeyItem;
import com.microsoft.office.plat.keystore.KeyStore;
import com.microsoft.office.plat.logging.Trace;
import com.microsoft.tokenshare.AccountInfo;
import com.microsoft.tokenshare.RefreshToken;
import com.microsoft.tokenshare.TokenSharingManager;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Set;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes.dex */
public class FilterAndValidator {
    private static final String LIVE_OAUTH_INVALID_TICKETDATA = "InvalidTicketData";
    private static final String LIVE_OAUTH_NULL_TICKETRESULT = "NullTicketResult";
    private static final String LOG_TAG = "FilterAndValidator";
    protected static FilterAndValidator sFilterAndValidator;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public interface FilteringCriteria {
        boolean applyCriteriaAndEvaluate(AccountInfo accountInfo);

        boolean shouldContinue();
    }

    FilterAndValidator() {
    }

    private boolean fetchRefreshTokenAndValidate(final AccountInfo accountInfo) {
        if (!CommonAccountUtilities.isValidAccount(accountInfo)) {
            return false;
        }
        Trace.d(LOG_TAG, "Fetching Refresh Token of given account");
        final ResultHolder resultHolder = new ResultHolder();
        final String providerPackageId = accountInfo.getProviderPackageId();
        fetchToken(accountInfo, new com.microsoft.tokenshare.Callback<RefreshToken>() { // from class: com.microsoft.office.tokenshare.FilterAndValidator.4
            @Override // com.microsoft.tokenshare.Callback
            public void onError(Throwable th) {
                TelemetryUtility.logTelemetry(Integer.valueOf(TelemetryUtility.getAccountTypeValue(accountInfo)), providerPackageId, RawError.UNKNOWN_ERROR_ON_GET_REFRESH_TOKEN.value(), TelemetryUtility.getStackTraceStr(th));
                resultHolder.setResult(false);
            }

            @Override // com.microsoft.tokenshare.Callback
            public void onSuccess(RefreshToken refreshToken) {
                if (refreshToken == null || CommonAccountUtilities.isNullOrEmptyOrWhitespace(refreshToken.getRefreshToken())) {
                    TelemetryUtility.logTelemetry(Integer.valueOf(TelemetryUtility.getAccountTypeValue(accountInfo)), providerPackageId, RawError.REFRESH_TOKEN_IS_NULL_OR_EMPTY.value(), RawError.REFRESH_TOKEN_IS_NULL_OR_EMPTY.name());
                    resultHolder.setResult(false);
                } else {
                    Trace.d(FilterAndValidator.LOG_TAG, "Validating Refresh Token of given account");
                    resultHolder.setResult(Boolean.valueOf(accountInfo.getAccountType() == AccountInfo.AccountType.MSA ? FilterAndValidator.this.loginMSA(refreshToken, providerPackageId) : FilterAndValidator.this.loginADAL(accountInfo, refreshToken, providerPackageId)));
                }
            }
        });
        boolean booleanValue = ((Boolean) resultHolder.getResult()).booleanValue();
        if (booleanValue) {
            InvalidAccountsManager.getInstance().deleteFromInvalidAccountMap(accountInfo);
            return booleanValue;
        }
        InvalidAccountsManager.getInstance().putInvalidAccountofType(accountInfo);
        return booleanValue;
    }

    private List<AccountInfo> fetchTSLAccountsAndFilter(final FilteringCriteria filteringCriteria) {
        Trace.d(LOG_TAG, "Fetching accounts from TSL");
        final ResultHolder resultHolder = new ResultHolder();
        fetchAccounts(new com.microsoft.tokenshare.Callback<List<AccountInfo>>() { // from class: com.microsoft.office.tokenshare.FilterAndValidator.5
            @Override // com.microsoft.tokenshare.Callback
            public void onError(Throwable th) {
                TelemetryUtility.logTelemetry(TelemetryUtility.DEFAULT_ACCOUNT_TYPE, "", RawError.UNKNOWN_ERROR_ON_GET_ACCOUNTS.value(), TelemetryUtility.getStackTraceStr(th));
                resultHolder.setResult(new ArrayList());
            }

            @Override // com.microsoft.tokenshare.Callback
            public void onSuccess(List<AccountInfo> list) {
                String value;
                Trace.d(FilterAndValidator.LOG_TAG, "onSuccess");
                ArrayList arrayList = new ArrayList();
                ArrayList arrayList2 = new ArrayList();
                HashMap hashMap = new HashMap();
                if (CommonAccountUtilities.isNullOrEmptyList(list)) {
                    value = RawError.NULL_OR_EMPTY_ACCOUNT_INFO_LIST.value();
                } else {
                    for (AccountInfo accountInfo : list) {
                        Trace.d(FilterAndValidator.LOG_TAG, String.format("accountType:: %s, provider :: %s", accountInfo.getAccountType(), accountInfo.getProviderPackageId()));
                        if (filteringCriteria.applyCriteriaAndEvaluate(accountInfo)) {
                            if (accountInfo.getAccountType().equals(AccountInfo.AccountType.MSA)) {
                                arrayList2.add(accountInfo);
                            } else if (accountInfo.getAccountType().equals(AccountInfo.AccountType.ORGID)) {
                                String domain = CommonAccountUtilities.getDomain(accountInfo.getAccountId());
                                Trace.d(FilterAndValidator.LOG_TAG, "domain : " + domain);
                                if (!CommonAccountUtilities.isNullOrEmptyOrWhitespace(domain)) {
                                    hashMap.put(domain, accountInfo);
                                }
                            }
                        }
                        if (!filteringCriteria.shouldContinue()) {
                            break;
                        }
                    }
                    arrayList.addAll(arrayList2);
                    arrayList.addAll(hashMap.values());
                    value = CommonAccountUtilities.isNullOrEmptyList(arrayList) ? RawError.NO_ACCOUNT_FROM_SUPPORTED_APPS.value() : "";
                }
                TelemetryUtility.logTelemetry(TelemetryUtility.DEFAULT_ACCOUNT_TYPE, "", value, "");
                resultHolder.setResult(arrayList);
            }
        });
        return (List) resultHolder.getResult();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public boolean genericFiltration(AccountInfo accountInfo) {
        return CommonAccountUtilities.isValidAccount(accountInfo) && !TSLSharedPreferences.getInstance().isUserTaggedAsSignedOut(accountInfo.getAccountId());
    }

    private String getADALPPEAuthorityUrl() {
        TokenResponse GetConfigToken = ConfigService.GetConfigToken(ConfigToken.ADALPPEAuthorityUrl);
        Trace.d(LOG_TAG, "TokenResponse:: " + GetConfigToken);
        if (GetConfigToken.isValid()) {
            return GetConfigToken.getToken();
        }
        return null;
    }

    public static FilterAndValidator getInstance() {
        Trace.d(LOG_TAG, "Retrieving FilterAndValidator's singleton instance");
        if (sFilterAndValidator == null) {
            sFilterAndValidator = new FilterAndValidator();
        }
        return sFilterAndValidator;
    }

    private boolean saveTicketToCache(String str, String str2) {
        Trace.d(LOG_TAG, "saveTicketToCache");
        try {
            Trace.d(LOG_TAG, "Create KeyItem to store the ticket");
            KeyItem keyItem = new KeyItem(AccountType.TSL_USER_INFO, str, str2);
            Trace.d(LOG_TAG, "Saving the Keyitem into KeyStore");
            return KeyStore.saveItem(keyItem);
        } catch (Exception e) {
            Trace.e(LOG_TAG, Trace.getStackTraceString(e));
            return false;
        }
    }

    protected void fetchAccounts(com.microsoft.tokenshare.Callback<List<AccountInfo>> callback) {
        TokenSharingManager.getInstance().getAccounts(ContextConnector.getInstance().getContext(), callback);
    }

    protected void fetchToken(AccountInfo accountInfo, com.microsoft.tokenshare.Callback<RefreshToken> callback) {
        TokenSharingManager.getInstance().getRefreshToken(ContextConnector.getInstance().getContext(), accountInfo, callback);
    }

    public List<AccountInfo> filterAccountsByExclusionList(Set<String> set) {
        Trace.d(LOG_TAG, "Filtering accounts based on given exclusion list");
        final Set<String> hashSet = set == null ? new HashSet<>() : set;
        return fetchTSLAccountsAndFilter(new FilteringCriteria() { // from class: com.microsoft.office.tokenshare.FilterAndValidator.3
            @Override // com.microsoft.office.tokenshare.FilterAndValidator.FilteringCriteria
            public boolean applyCriteriaAndEvaluate(AccountInfo accountInfo) {
                if (hashSet.contains(accountInfo.getAccountId()) || !FilterAndValidator.this.genericFiltration(accountInfo)) {
                    return false;
                }
                Trace.d(FilterAndValidator.LOG_TAG, "Found an Account that is not in exclusion list i.e, " + accountInfo.getAccountId());
                return true;
            }

            @Override // com.microsoft.office.tokenshare.FilterAndValidator.FilteringCriteria
            public boolean shouldContinue() {
                return true;
            }
        });
    }

    public List<AccountInfo> filterAccountsOnAccountType(final AccountInfo.AccountType accountType) {
        Trace.d(LOG_TAG, "Filtering accounts based on Account type : " + accountType);
        return fetchTSLAccountsAndFilter(new FilteringCriteria() { // from class: com.microsoft.office.tokenshare.FilterAndValidator.2
            @Override // com.microsoft.office.tokenshare.FilterAndValidator.FilteringCriteria
            public boolean applyCriteriaAndEvaluate(AccountInfo accountInfo) {
                if (!accountType.equals(accountInfo.getAccountType()) || !FilterAndValidator.this.genericFiltration(accountInfo)) {
                    return false;
                }
                Trace.d(FilterAndValidator.LOG_TAG, "Found an Account with AccountType : " + accountType);
                return true;
            }

            @Override // com.microsoft.office.tokenshare.FilterAndValidator.FilteringCriteria
            public boolean shouldContinue() {
                return true;
            }
        });
    }

    public AccountInfo filterOnAccountId(final String str) {
        Trace.d(LOG_TAG, "Filtering the accounts based on the Account Id : " + str);
        if (CommonAccountUtilities.isNullOrEmptyOrWhitespace(str)) {
            throw new IllegalArgumentException("Invalid accountId passed in");
        }
        Trace.d(LOG_TAG, "Fetching Accounts from TSL");
        List<AccountInfo> fetchTSLAccountsAndFilter = fetchTSLAccountsAndFilter(new FilteringCriteria() { // from class: com.microsoft.office.tokenshare.FilterAndValidator.1
            private boolean foundOneAsPerCriteria = false;

            @Override // com.microsoft.office.tokenshare.FilterAndValidator.FilteringCriteria
            public boolean applyCriteriaAndEvaluate(AccountInfo accountInfo) {
                if (!CommonAccountUtilities.isValidAccount(accountInfo) || !accountInfo.getAccountId().equalsIgnoreCase(str)) {
                    return false;
                }
                Trace.d(FilterAndValidator.LOG_TAG, "Found an Account with AccountId : " + str);
                this.foundOneAsPerCriteria = true;
                return true;
            }

            @Override // com.microsoft.office.tokenshare.FilterAndValidator.FilteringCriteria
            public boolean shouldContinue() {
                return !this.foundOneAsPerCriteria;
            }
        });
        if (fetchTSLAccountsAndFilter.isEmpty()) {
            return null;
        }
        return fetchTSLAccountsAndFilter.get(0);
    }

    protected boolean loginADAL(AccountInfo accountInfo, RefreshToken refreshToken, final String str) {
        String aDALPPEAuthorityUrl;
        Trace.d(LOG_TAG, "Refresh Token validation for ADAL");
        IdentityLiblet.ADALServiceParams GetADALServiceParams = IdentityLiblet.GetInstance().GetADALServiceParams(accountInfo.getPrimaryEmail());
        boolean z = false;
        String value = RawError.NONE.value();
        String name = RawError.NONE.name();
        if (GetADALServiceParams == null) {
            Trace.d(LOG_TAG, "ADAL Service parameters are null");
            value = RawError.NULL_ADAL_SERVICE_PARAMETERS.value();
            name = RawError.NULL_ADAL_SERVICE_PARAMETERS.name();
        }
        try {
            aDALPPEAuthorityUrl = accountInfo.isIntOrPpe() ? getADALPPEAuthorityUrl() : GetADALServiceParams.AuthorityUrl;
            if (CommonAccountUtilities.isNullOrEmptyOrWhitespace(aDALPPEAuthorityUrl)) {
                Trace.d(LOG_TAG, "Invalid AuthorityUrl");
                value = RawError.INVALID_AUTHORITY_URL.value();
                name = RawError.INVALID_AUTHORITY_URL.name();
            }
        } catch (Exception e) {
            Trace.e(LOG_TAG, Trace.getStackTraceString(e));
            value = RawError.IDENTITY_LIBLET_EXCEPTION.value();
            name = TelemetryUtility.getStackTraceStr(e);
        }
        if (IdentityLiblet.GetInstance().getADALAccountManager() == null) {
            TelemetryUtility.logTelemetry(TelemetryUtility.ORGID_ACCOUNT_TYPE, str, RawError.NO_ADAL_ACCOUNT_MANAGER.value(), RawError.NO_ADAL_ACCOUNT_MANAGER.name());
            return false;
        }
        IdentityLiblet.GetInstance().getADALAccountManager().deserializeADALBlob(accountInfo.getPrimaryEmail(), aDALPPEAuthorityUrl, refreshToken.getRefreshToken());
        final ResultHolder resultHolder = new ResultHolder();
        IdentityLiblet.GetInstance().getADALAccountManager().getTokenSilentWithAuthorityUrl(aDALPPEAuthorityUrl, accountInfo.getAccountId(), GetADALServiceParams.ResourceId, GetADALServiceParams.ClientId, accountInfo.getPrimaryEmail(), new ADALAccountManager.TokenCompleteListener() { // from class: com.microsoft.office.tokenshare.FilterAndValidator.6
            @Override // com.microsoft.office.identity.adal.ADALAccountManager.TokenCompleteListener
            public void onError(String str2, AuthResult authResult) {
                TelemetryUtility.logTelemetry(TelemetryUtility.ORGID_ACCOUNT_TYPE, str, RawError.ADAL_IDENTITY_CREATION_FAILED.value(), "Error Message : " + str2 + " AuthResult : " + authResult);
                resultHolder.setResult(false);
            }

            @Override // com.microsoft.office.identity.adal.ADALAccountManager.TokenCompleteListener
            public void onSuccess(String str2, String str3) {
                resultHolder.setResult(true);
            }
        });
        z = ((Boolean) resultHolder.getResult()).booleanValue();
        TelemetryUtility.logTelemetry(TelemetryUtility.ORGID_ACCOUNT_TYPE, str, value, name);
        return z;
    }

    protected boolean loginMSA(RefreshToken refreshToken, String str) {
        Trace.d(LOG_TAG, "Refresh Token validation for MSA");
        IdentityLiblet.LiveIdServiceParams GetLiveIdDefaultServiceParams = IdentityLiblet.GetInstance().GetLiveIdDefaultServiceParams();
        LiveOAuthProxy.TicketResult GetTicketResult = LiveOAuthProxy.GetTicketResult(refreshToken.getRefreshToken(), GetLiveIdDefaultServiceParams.Target, GetLiveIdDefaultServiceParams.Policy, LiveOAuthProxy.GetAppId());
        boolean z = false;
        String value = RawError.NONE.value();
        String name = RawError.NONE.name();
        if (GetTicketResult == null) {
            value = RawError.REFRESH_TOKEN_VALIDATION_FAILED.value();
            name = LIVE_OAUTH_NULL_TICKETRESULT;
        } else if (CommonAccountUtilities.isNullOrEmptyOrWhitespace(GetTicketResult.getError())) {
            LiveOAuthProxy.TicketData ticketData = GetTicketResult.getTicketData();
            if (ticketData == null || CommonAccountUtilities.isNullOrEmptyOrWhitespace(ticketData.Cid) || CommonAccountUtilities.isNullOrEmptyOrWhitespace(ticketData.RefreshToken)) {
                value = RawError.REFRESH_TOKEN_VALIDATION_FAILED.value();
                name = LIVE_OAUTH_NULL_TICKETRESULT;
            }
            if (!saveTicketToCache(ticketData.Cid, ticketData.RefreshToken)) {
                value = RawError.UNABLE_TO_SAVE_REFRESH_TOKEN.value();
                name = RawError.UNABLE_TO_SAVE_REFRESH_TOKEN.name();
            }
            z = true;
        } else {
            value = RawError.REFRESH_TOKEN_VALIDATION_FAILED.value();
            name = GetTicketResult.getError();
        }
        TelemetryUtility.logTelemetry(TelemetryUtility.MSA_ACCOUNT_TYPE, str, value, name);
        return z;
    }

    public List<AccountInfo> validateAccountsSync(List<AccountInfo> list) {
        if (list == null) {
            throw new IllegalArgumentException("Invalid accounts list");
        }
        Trace.d(LOG_TAG, "Validating the given accounts");
        ArrayList arrayList = new ArrayList(list.size());
        for (AccountInfo accountInfo : list) {
            Trace.d(LOG_TAG, "Validating the refresh token of the account");
            if (fetchRefreshTokenAndValidate(accountInfo)) {
                arrayList.add(accountInfo);
            }
        }
        return arrayList;
    }
}
