package com.microsoft.workaccount.workplacejoin;

import android.accounts.Account;
import android.accounts.AccountManager;
import android.content.Context;
import android.os.Build;
import android.text.TextUtils;
import com.google.gson.Gson;
import com.google.gson.JsonSyntaxException;
import com.microsoft.identity.client.BrokerUtils;
import com.microsoft.identity.common.adal.internal.AuthenticationConstants;
import com.microsoft.identity.common.adal.internal.cache.IWpjTelemetryCallback;
import com.microsoft.identity.common.adal.internal.cache.StorageHelper;
import com.microsoft.identity.common.adal.internal.util.StringExtensions;
import com.microsoft.identity.common.exception.ClientException;
import com.microsoft.identity.common.internal.cache.CacheRecord;
import com.microsoft.identity.common.internal.cache.ICacheRecord;
import com.microsoft.identity.common.internal.dto.AccountRecord;
import com.microsoft.identity.common.internal.dto.IdTokenRecord;
import com.microsoft.workaccount.authenticatorservice.LegacySecretKeyStorage;
import com.microsoft.workaccount.workplacejoin.core.StringHelper;
import com.microsoft.workaccount.workplacejoin.core.WorkplaceJoinApplication;
import com.microsoft.workaccount.workplacejoin.core.WorkplaceJoinFailure;
import com.microsoft.workaccount.workplacejoin.telemetry.TelemetryLogger;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.security.GeneralSecurityException;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.Date;
import java.util.List;
import java.util.concurrent.locks.ReentrantReadWriteLock;

/* loaded from: classes4.dex */
public class AccountManagerStorageHelper {
    public static final String ACCOUNT_MANAGER_STORAGE_KEY_BRT_AUTHORITY = "workplaceJoin.key.brt.authority";
    public static final String ACCOUNT_MANAGER_STORAGE_KEY_EMAIL = "workplaceJoin.key.email";
    public static final String ACCOUNT_MANAGER_STORAGE_KEY_ENCODED_SESSION_KEY = "workplaceJoin.key.session.key";
    public static final String ACCOUNT_MANAGER_STORAGE_KEY_PRT = "workplaceJoin.key.prt";
    public static final String ACCOUNT_MANAGER_STORAGE_KEY_PRT_ACQUISITION_TIME = "workplaceJoin.key.prt.acquisition.time";
    public static final String ACCOUNT_MANAGER_STORAGE_KEY_PRT_AUTHORITY = "workplaceJoin.key.prt.authority";
    public static final String ACCOUNT_MANAGER_STORAGE_KEY_PRT_IDTOKEN_KEY = "workplaceJoin.key.prt.idtoken.key";
    static final String WPJ_ACCOUNT_TYPE_CONSTANT = "com.microsoft.workaccount";
    private final AccountManager mAccountManager;
    private final Context mContext;
    private final StorageHelper mStorageHelper;
    private static final String TAG = AccountManagerStorageHelper.class.getSimpleName() + "#";
    private static final ReentrantReadWriteLock brtLock = new ReentrantReadWriteLock();

    public AccountManagerStorageHelper(Context context) throws IllegalArgumentException {
        if (context != null) {
            this.mContext = context;
            this.mAccountManager = AccountManager.get(context);
            this.mStorageHelper = new StorageHelper(context, new IWpjTelemetryCallback() { // from class: com.microsoft.workaccount.workplacejoin.AccountManagerStorageHelper.1
                @Override // com.microsoft.identity.common.adal.internal.cache.IWpjTelemetryCallback
                public void logEvent(Context context2, String str, Boolean bool, String str2) {
                    TelemetryLogger.logEvent(context2, str, bool, str2);
                }
            });
            LegacySecretKeyStorage.loadKeys();
            return;
        }
        IllegalArgumentException illegalArgumentException = new IllegalArgumentException("Parameter 'context' is null");
        Logger.e(TAG + "AccountManagerStorageHelper", illegalArgumentException.getMessage(), WorkplaceJoinFailure.INTERNAL, illegalArgumentException);
        throw illegalArgumentException;
    }

    public synchronized Account createAccount(String str, String str2) {
        Account account;
        account = getAccount(str, str2);
        if (account == null) {
            account = new Account(str, str2);
            Logger.v(TAG + "createAccount", "Creating account. ", "account.name:" + account.name);
            this.mAccountManager.addAccountExplicitly(account, null, null);
        } else {
            Logger.v(TAG + "createAccount", "Account found. ", "account.name:" + account.name);
        }
        if (Build.VERSION.SDK_INT >= 26) {
            this.mAccountManager.setAccountVisibility(account, "com.azure.authenticator", 1);
            this.mAccountManager.setAccountVisibility(account, "com.microsoft.windowsintune.companyportal", 1);
            this.mAccountManager.setAccountVisibility(account, AuthenticationConstants.Broker.BROKER_HOST_APP_PACKAGE_NAME, 1);
        }
        return account;
    }

    public void deleteBRT(Account account) {
        try {
            setBRT(account, "", "");
        } catch (ClientException e) {
            Logger.e(TAG + ":deleteBRT", "Fail to create hash for broker RT", WorkplaceJoinFailure.INTERNAL, e);
        }
    }

    public void deletePRTandSK(Account account) {
        setEncryptedData(account, ACCOUNT_MANAGER_STORAGE_KEY_PRT, null);
        setEncryptedData(account, ACCOUNT_MANAGER_STORAGE_KEY_PRT_IDTOKEN_KEY, null);
        setAccountData(account, ACCOUNT_MANAGER_STORAGE_KEY_PRT_AUTHORITY, null);
        setEncodedSessionKey(account, null);
    }

    public Account getAccount(String str, String str2) {
        if (str != null && str2 != null) {
            Account[] accountsByType = getAccountManager().getAccountsByType(str2);
            if (accountsByType != null) {
                for (Account account : accountsByType) {
                    if (isAccountMatching(account, str)) {
                        Logger.v(TAG + "getAccount", "Account found.");
                        return account;
                    }
                }
            } else {
                Logger.v(TAG + "getAccount", "Account list null.");
            }
        }
        return null;
    }

    public String getAccountAuthorityType(Account account) {
        return getAccountData(account, AuthenticationConstants.Broker.ACCOUNT_USERINFO_AUTHORITY_TYPE);
    }

    public synchronized String getAccountData(Account account, String str) {
        String userData;
        userData = getAccountManager().getUserData(account, str);
        if (userData == null) {
            Logger.v(TAG + "getAccountData", "getUserData returned null for key: " + str);
        }
        return userData;
    }

    public String getAccountDisplayableUserId(Account account) {
        return getAccountData(account, "account.userinfo.userid.displayable");
    }

    public String getAccountEnvironment(Account account) {
        return getAccountData(account, AuthenticationConstants.Broker.ACCOUNT_USERINFO_ENVIRONMENT);
    }

    public synchronized String getAccountFamilyName(Account account) {
        return getAccountData(account, "account.userinfo.family.name");
    }

    public String getAccountGivenName(Account account) {
        return getAccountData(account, "account.userinfo.given.name");
    }

    public String getAccountHomeAccountId(Account account) {
        return getAccountData(account, "account.userinfo.userid");
    }

    public String getAccountHomeTenantId(Account account) {
        return getAccountData(account, "account.userinfo.tenantid");
    }

    public String getAccountIdToken(Account account) {
        return getAccountData(account, AuthenticationConstants.Broker.ACCOUNT_USERINFO_ID_TOKEN);
    }

    public String getAccountIdp(Account account) {
        return getAccountData(account, "account.userinfo.identity.provider");
    }

    public AccountManager getAccountManager() {
        return this.mAccountManager;
    }

    public boolean getAccountNgcStatus(Account account) {
        return Boolean.parseBoolean(getAccountData(account, WorkplaceJoinApplication.DATA_IS_NGC));
    }

    public String getAccountUserIdList(Account account) {
        return getAccountData(account, "account.userinfo.userid.list");
    }

    public Account[] getAllBrokerAccounts() {
        return getAccountManager().getAccountsByType("com.microsoft.workaccount");
    }

    public String getBRT(Account account) throws ClientException {
        brtLock.readLock().lock();
        try {
            try {
                return getEncryptedData(account, StringExtensions.createHash(AuthenticationConstants.Broker.USERDATA_BROKER_RT + account.name));
            } catch (UnsupportedEncodingException e) {
                throw new ClientException("unsupported_encoding", e.getMessage());
            } catch (NoSuchAlgorithmException e2) {
                throw new ClientException("no_such_algorithm", e2.getMessage());
            }
        } finally {
            brtLock.readLock().unlock();
        }
    }

    public String getBRTAuthority(Account account) {
        brtLock.readLock().lock();
        try {
            return getAccountData(account, ACCOUNT_MANAGER_STORAGE_KEY_BRT_AUTHORITY);
        } finally {
            brtLock.readLock().unlock();
        }
    }

    public List<Account> getBrtHolders() throws ClientException {
        ArrayList arrayList = new ArrayList();
        for (Account account : getAllBrokerAccounts()) {
            if (!StringHelper.IsNullOrBlank(getBRT(account))) {
                arrayList.add(account);
            }
        }
        return arrayList;
    }

    public ICacheRecord getCacheRecordFromAccount(Account account) throws ClientException {
        String accountIdToken = getAccountIdToken(account);
        if (accountIdToken == null) {
            throw new ClientException("idToken is null, cannot create an ICacheRecord object from data in AccountManagerStorageHelper");
        }
        try {
            IdTokenRecord idTokenRecord = (IdTokenRecord) new Gson().fromJson(accountIdToken, IdTokenRecord.class);
            AccountRecord accountRecord = new AccountRecord();
            accountRecord.setFamilyName(getAccountFamilyName(account));
            accountRecord.setName(getAccountGivenName(account));
            accountRecord.setUsername(getAccountDisplayableUserId(account));
            accountRecord.setHomeAccountId(getAccountHomeAccountId(account));
            accountRecord.setRealm(getAccountHomeTenantId(account));
            accountRecord.setEnvironment(getAccountEnvironment(account));
            accountRecord.setAuthorityType(getAccountAuthorityType(account));
            accountRecord.setLocalAccountId(BrokerUtils.getLocalAccountIdFromUserList(getAccountUserIdList(account)));
            return CacheRecord.builder().mAccount(accountRecord).mIdToken(idTokenRecord).build();
        } catch (JsonSyntaxException unused) {
            throw new ClientException("failed to cast idToken json, cannot create an ICacheRecord object from data in AccountManagerStorageHelper");
        }
    }

    public Context getContext() {
        return this.mContext;
    }

    public String getEmail(Account account) {
        return getAccountData(account, ACCOUNT_MANAGER_STORAGE_KEY_EMAIL);
    }

    public String getEncodedSessionKey(Account account) {
        return getEncryptedData(account, ACCOUNT_MANAGER_STORAGE_KEY_ENCODED_SESSION_KEY);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String getEncryptedData(Account account, String str) {
        String accountData = getAccountData(account, str);
        if (TextUtils.isEmpty(accountData)) {
            return accountData;
        }
        try {
            return this.mStorageHelper.decrypt(accountData);
        } catch (IOException | GeneralSecurityException e) {
            Logger.e(TAG + "getEncryptedData", "Decryption failure.", WorkplaceJoinFailure.INTERNAL, e);
            return null;
        }
    }

    public String getPRT(Account account) {
        return getEncryptedData(account, ACCOUNT_MANAGER_STORAGE_KEY_PRT);
    }

    public String getPRTAuthority(Account account) {
        return getAccountData(account, ACCOUNT_MANAGER_STORAGE_KEY_PRT_AUTHORITY);
    }

    public long getPrtAcquisitionTimeEpochMillis(Account account) {
        String accountData = getAccountData(account, ACCOUNT_MANAGER_STORAGE_KEY_PRT_ACQUISITION_TIME);
        if (TextUtils.isEmpty(accountData)) {
            return 0L;
        }
        return Long.parseLong(accountData);
    }

    public String getPrtIdToken(Account account) {
        return getEncryptedData(account, ACCOUNT_MANAGER_STORAGE_KEY_PRT_IDTOKEN_KEY);
    }

    public StorageHelper getStorageHelper() {
        return this.mStorageHelper;
    }

    public boolean hasData(Account account, String str) {
        return !TextUtils.isEmpty(getAccountManager().getUserData(account, str));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean isAccountMatching(Account account, String str) {
        String email;
        if (account.name.equalsIgnoreCase(str)) {
            return true;
        }
        return BrokerUtils.isActiveBroker(this.mContext) && (email = getEmail(account)) != null && email.equalsIgnoreCase(str);
    }

    public void setAccountAuthorityType(Account account, String str) {
        setAccountData(account, AuthenticationConstants.Broker.ACCOUNT_USERINFO_AUTHORITY_TYPE, str);
    }

    public synchronized void setAccountData(Account account, String str, String str2) {
        Logger.v(TAG + "setAccountData", str);
        getAccountManager().setUserData(account, str, str2);
    }

    public void setAccountDisplayableUserId(Account account, String str) {
        setAccountData(account, "account.userinfo.userid.displayable", str);
    }

    public void setAccountEnvironment(Account account, String str) {
        setAccountData(account, AuthenticationConstants.Broker.ACCOUNT_USERINFO_ENVIRONMENT, str);
    }

    public void setAccountFamilyName(Account account, String str) {
        setAccountData(account, "account.userinfo.family.name", str);
    }

    public void setAccountGivenName(Account account, String str) {
        setAccountData(account, "account.userinfo.given.name", str);
    }

    public void setAccountHomeAccountId(Account account, String str) {
        setAccountData(account, "account.userinfo.userid", str);
    }

    public void setAccountHomeTenantId(Account account, String str) {
        setAccountData(account, "account.userinfo.tenantid", str);
    }

    public void setAccountIdToken(Account account, String str) {
        setAccountData(account, AuthenticationConstants.Broker.ACCOUNT_USERINFO_ID_TOKEN, str);
    }

    public void setAccountIdp(Account account, String str) {
        setAccountData(account, "account.userinfo.identity.provider", str);
    }

    public void setAccountUserIdList(Account account, String str) {
        if (StringHelper.IsNullOrBlank(str)) {
            return;
        }
        setAccountData(account, "account.userinfo.userid.list", str + "$");
    }

    public void setBRT(Account account, String str, String str2) throws ClientException {
        Logger.v(TAG + ":setBRT", "Setting BRT.");
        brtLock.writeLock().lock();
        try {
            try {
                setEncryptedData(account, StringExtensions.createHash(AuthenticationConstants.Broker.USERDATA_BROKER_RT + account.name), str);
                setAccountData(account, ACCOUNT_MANAGER_STORAGE_KEY_BRT_AUTHORITY, str2);
                Logger.v(TAG + ":setBRT", "Invalidating PRT as BRT is updated.");
                deletePRTandSK(account);
            } catch (UnsupportedEncodingException e) {
                throw new ClientException("unsupported_encoding", e.getMessage());
            } catch (NoSuchAlgorithmException e2) {
                throw new ClientException("no_such_algorithm", e2.getMessage());
            }
        } finally {
            brtLock.writeLock().unlock();
        }
    }

    public void setEmail(Account account, String str) {
        setAccountData(account, ACCOUNT_MANAGER_STORAGE_KEY_EMAIL, str);
    }

    public void setEncodedSessionKey(Account account, String str) {
        setEncryptedData(account, ACCOUNT_MANAGER_STORAGE_KEY_ENCODED_SESSION_KEY, str);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setEncryptedData(Account account, String str, String str2) {
        if (TextUtils.isEmpty(str2)) {
            setAccountData(account, str, str2);
            return;
        }
        try {
            setAccountData(account, str, this.mStorageHelper.encrypt(str2));
        } catch (IOException | GeneralSecurityException e) {
            Logger.e(TAG + "setEncryptedData", "Encryption failure.", WorkplaceJoinFailure.INTERNAL, e);
        }
    }

    public void setPRT(Account account, String str, String str2, String str3) {
        setEncryptedData(account, ACCOUNT_MANAGER_STORAGE_KEY_PRT, str);
        setEncryptedData(account, ACCOUNT_MANAGER_STORAGE_KEY_PRT_IDTOKEN_KEY, str3);
        setAccountData(account, ACCOUNT_MANAGER_STORAGE_KEY_PRT_AUTHORITY, str2);
        setAccountData(account, ACCOUNT_MANAGER_STORAGE_KEY_PRT_ACQUISITION_TIME, Long.toString(new Date().getTime()));
    }

    public void setPrtAcquisitionTimeEpochMillis(Account account, long j) {
        setAccountData(account, ACCOUNT_MANAGER_STORAGE_KEY_PRT_ACQUISITION_TIME, Long.toString(j));
    }
}
