package com.microsoft.rightsmanagement.flows;

import android.util.Patterns;
import com.microsoft.rightsmanagement.AuthenticationCompletionCallback;
import com.microsoft.rightsmanagement.AuthenticationRequestCallback;
import com.microsoft.rightsmanagement.ConsentCallback;
import com.microsoft.rightsmanagement.b;
import com.microsoft.rightsmanagement.communication.CommunicationUtils;
import com.microsoft.rightsmanagement.communication.dns.DnsClientResult;
import com.microsoft.rightsmanagement.communication.dns.DnsLookupClient;
import com.microsoft.rightsmanagement.communication.dns.Domain;
import com.microsoft.rightsmanagement.communication.servicediscovery.ServiceDiscoveryClient;
import com.microsoft.rightsmanagement.consent.ConsentDataStore;
import com.microsoft.rightsmanagement.consent.e;
import com.microsoft.rightsmanagement.consent.i;
import com.microsoft.rightsmanagement.diagnostics.PerfScenario;
import com.microsoft.rightsmanagement.diagnostics.scenarios.BasePerfScenario;
import com.microsoft.rightsmanagement.diagnostics.scenarios.ServicePerfScenario;
import com.microsoft.rightsmanagement.diagnostics.scenarios.d;
import com.microsoft.rightsmanagement.exceptions.ProtectionException;
import com.microsoft.rightsmanagement.exceptions.a;
import com.microsoft.rightsmanagement.exceptions.j;
import com.microsoft.rightsmanagement.exceptions.p;
import com.microsoft.rightsmanagement.flows.interfaces.IRmsFlowExecuter;
import com.microsoft.rightsmanagement.flows.interfaces.RmsFlowCompletionCallback;
import com.microsoft.rightsmanagement.identity.g;
import com.microsoft.rightsmanagement.k;
import com.microsoft.rightsmanagement.licenseparser.LicenseParser;
import com.microsoft.rightsmanagement.licenseparser.LicenseParserResult;
import com.microsoft.rightsmanagement.logger.h;
import com.microsoft.rightsmanagement.utils.AccessToken;
import com.microsoft.rightsmanagement.utils.AuthInfo;
import com.microsoft.rightsmanagement.utils.RMSLatch;
import com.microsoft.rightsmanagement.utils.c;
import com.microsoft.rightsmanagement.utils.f;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import java.util.Map;

/* loaded from: classes2.dex */
public abstract class ExternalAuthFlow extends RMSFlow {
    private static final String TAG = "ExternalAuthRMSFlow";
    private static final String URL_PROTOCOL = "https://";
    private AuthInfo mAuthInfo;
    protected boolean mConsentFailed;
    private String mDiscoveryUrl;
    private DnsLookupClient mDnsLookupClient;
    private boolean mIsAzureURL;
    private RMSLatch mLatch;
    protected LicenseParser mLicenseParser;
    protected LicenseParserResult mLicenseParserResult;
    private Domain mSelectedDomain;
    protected ServiceDiscoveryClient mServiceDiscoveryClient;
    private AuthenticationCallbackState mState;

    /* renamed from: com.microsoft.rightsmanagement.flows.ExternalAuthFlow$3, reason: invalid class name */
    /* loaded from: classes2.dex */
    /* synthetic */ class AnonymousClass3 {
        static final /* synthetic */ int[] $SwitchMap$com$microsoft$rightsmanagement$exceptions$ProtectionExceptionType = new int[p.values().length];

        static {
            try {
                $SwitchMap$com$microsoft$rightsmanagement$exceptions$ProtectionExceptionType[p.InvalidParameterException.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                $SwitchMap$com$microsoft$rightsmanagement$exceptions$ProtectionExceptionType[p.UserCancellationException.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
        }
    }

    /* loaded from: classes2.dex */
    enum AuthenticationCallbackState {
        NotCalled,
        Success,
        Failure,
        Cancel
    }

    public ExternalAuthFlow(IRmsFlowExecuter iRmsFlowExecuter, AsyncControl asyncControl, RmsFlowCompletionCallback rmsFlowCompletionCallback, DnsLookupClient dnsLookupClient, ServiceDiscoveryClient serviceDiscoveryClient, RMSLatch rMSLatch) {
        this(iRmsFlowExecuter, asyncControl, rmsFlowCompletionCallback, null, dnsLookupClient, serviceDiscoveryClient, rMSLatch);
    }

    public ExternalAuthFlow(IRmsFlowExecuter iRmsFlowExecuter, AsyncControl asyncControl, RmsFlowCompletionCallback rmsFlowCompletionCallback, LicenseParser licenseParser, DnsLookupClient dnsLookupClient, ServiceDiscoveryClient serviceDiscoveryClient, RMSLatch rMSLatch) {
        super(iRmsFlowExecuter, asyncControl, rmsFlowCompletionCallback);
        this.mConsentFailed = false;
        this.mLicenseParser = licenseParser;
        this.mDnsLookupClient = dnsLookupClient;
        this.mServiceDiscoveryClient = serviceDiscoveryClient;
        this.mLatch = rMSLatch;
        this.mState = AuthenticationCallbackState.NotCalled;
        this.mIsAzureURL = false;
    }

    private Map<String, String> generateMapFromAuthInfo(String str, AuthInfo authInfo) throws ProtectionException {
        HashMap hashMap = new HashMap();
        hashMap.put("oauth2.authority", authInfo.a());
        hashMap.put("oauth2.resource", authInfo.b());
        hashMap.put("oauth2.scope", authInfo.c());
        hashMap.put("userId", str);
        return hashMap;
    }

    private AuthInfo getAuthInfo(byte[] bArr, String str) throws ProtectionException {
        DnsClientResult dnsClientResult;
        if (cancelFlowIfRequested()) {
            return null;
        }
        if (!c.k()) {
            h.a(TAG, "DNS based SD is disabled. Returning default CloudServiceDiscoveryDetails");
            this.mIsAzureURL = true;
            return c.J();
        }
        ArrayList arrayList = new ArrayList();
        if (bArr != null && this.mLicenseParser != null) {
            h.a(TAG, String.format("getAuthInfo: generating domains from PL", new Object[0]));
            this.mLicenseParserResult = this.mLicenseParser.a(bArr);
            if (this.mPerfScenario instanceof d) {
                ((d) this.mPerfScenario).d(this.mLicenseParserResult.a());
                ((d) this.mPerfScenario).e(this.mLicenseParserResult.d());
                ((d) this.mPerfScenario).f(this.mLicenseParserResult.c());
            }
            arrayList.addAll(this.mLicenseParserResult.e());
        }
        if (str != null) {
            h.a(TAG, String.format("getAuthInfo: generating domains from email = %s", str));
            arrayList.add(Domain.createDomainFromEmail(str));
        }
        if (arrayList.size() == 0) {
            throw new ProtectionException(TAG, "Developer error");
        }
        AuthInfo authInfo = null;
        int i = 0;
        while (true) {
            if (i >= arrayList.size()) {
                break;
            }
            Domain domain = (Domain) arrayList.get(i);
            AuthInfo a = g.a(this).a(domain);
            if (a != null) {
                this.mSelectedDomain = domain;
                this.mDiscoveryUrl = g.a(this).b(domain);
                try {
                    String lowerCase = this.mDiscoveryUrl.toLowerCase(Locale.US);
                    if (!lowerCase.startsWith("https://") && !lowerCase.startsWith("http://")) {
                        this.mIsAzureURL = CommunicationUtils.isDomainCloudBased(this.mDiscoveryUrl);
                        authInfo = a;
                    }
                    this.mIsAzureURL = CommunicationUtils.isUrlCloudBased(new URL(this.mDiscoveryUrl));
                    authInfo = a;
                } catch (MalformedURLException e) {
                    throw new ProtectionException(TAG, "The In memory Discovery URL is invalid", e);
                }
            } else {
                i++;
                authInfo = a;
            }
        }
        if (authInfo == null) {
            h.a(TAG, "No authentication information was found in the cache");
            if (!CommunicationUtils.isDeviceConnectedToDataNetwork(getContext())) {
                throw new a(c.n().D());
            }
            Iterator it = arrayList.iterator();
            DnsClientResult dnsClientResult2 = null;
            while (true) {
                if (!it.hasNext()) {
                    dnsClientResult = dnsClientResult2;
                    break;
                }
                Domain domain2 = (Domain) it.next();
                if (cancelFlowIfRequested()) {
                    return null;
                }
                dnsClientResult = g.a(this).b(domain2, this.mPerfScenarioContainer);
                if (dnsClientResult != null) {
                    h.a(TAG, String.format("getAuthInfo: Found cached DNS client result:%s and dnsLookupClientResults are :%s", domain2.toString(), dnsClientResult.toString()));
                    this.mSelectedDomain = domain2;
                    break;
                }
                this.mDnsLookupClient.setPerfScenariosContainer(this.mPerfScenarioContainer);
                dnsClientResult = this.mDnsLookupClient.lookupDiscoveryService(domain2, getContext());
                if (dnsClientResult != null) {
                    h.a(TAG, String.format("getAuthInfo: DNS lookup successful with domain:%s and dnsLookupClientResults are :%s", domain2.toString(), dnsClientResult.toString()));
                    g.a(this).a(dnsClientResult, this.mPerfScenarioContainer);
                    this.mSelectedDomain = domain2;
                    break;
                }
                dnsClientResult2 = dnsClientResult;
            }
            if (c.O() || dnsClientResult == null) {
                h.a(TAG, "Failed DNS lookup, reverting to cloud discovery url");
                this.mSelectedDomain = (Domain) arrayList.get(0);
                this.mIsAzureURL = true;
                dnsClientResult = DnsClientResult.createDefaultRecordFromDomain(this.mSelectedDomain);
            } else {
                h.a(TAG, "Found dns srv record");
                try {
                    String lowerCase2 = dnsClientResult.getDiscoveryUrl().toLowerCase(Locale.US);
                    if (!lowerCase2.startsWith("https://") && !lowerCase2.startsWith("http://")) {
                        this.mIsAzureURL = CommunicationUtils.isDomainCloudBased(dnsClientResult.getDiscoveryUrl());
                    }
                    this.mIsAzureURL = CommunicationUtils.isUrlCloudBased(new URL(dnsClientResult.getDiscoveryUrl()));
                } catch (MalformedURLException e2) {
                    throw new ProtectionException(TAG, "The In memory Discovery URL is invalid", e2);
                }
            }
            if (cancelFlowIfRequested()) {
                return null;
            }
            if (this.mSelectedDomain == null) {
                h.c(TAG, "selectedDomain is still null");
                throw new ProtectionException(TAG, "selectedDomain is still null");
            }
            h.a(TAG, String.format("getAuthInfo: selected domain:%s and selected dnsLookupClientResults are :%s", this.mSelectedDomain.toString(), dnsClientResult.toString()));
            this.mDiscoveryUrl = dnsClientResult.getDiscoveryUrl();
            h.a(TAG, String.format("getAuthInfo: discoveryUrl:%s", this.mDiscoveryUrl));
            ServicePerfScenario servicePerfScenario = (ServicePerfScenario) BasePerfScenario.a(PerfScenario.GetServiceDiscoveryAuthInfoServiceOp);
            servicePerfScenario.f();
            authInfo = (this.mLicenseParserResult == null || !f.a()) ? this.mServiceDiscoveryClient.getAuthenticationInfo(this.mDiscoveryUrl, this.mSelectedDomain, servicePerfScenario) : this.mServiceDiscoveryClient.getAuthenticationInfo(this.mDiscoveryUrl, this.mLicenseParserResult.b(), this.mSelectedDomain, servicePerfScenario);
            servicePerfScenario.e(this.mDiscoveryUrl);
            servicePerfScenario.f(String.valueOf(401));
            servicePerfScenario.g();
            if (this.mPerfScenarioContainer != null) {
                this.mPerfScenarioContainer.add(servicePerfScenario);
                this.mPerfScenarioContainer.b(true);
            }
            if (authInfo != null) {
                h.a(TAG, String.format("getAuthInfo: authInfo:%s", authInfo.toString()));
            } else {
                h.a(TAG, String.format("getAuthInfo: authInfo is null", new Object[0]));
            }
            g.a(this).a(dnsClientResult, authInfo);
        }
        return authInfo;
    }

    private List<com.microsoft.rightsmanagement.consent.f> getConsentProcessors(boolean z, ConsentDataStore consentDataStore, String str) throws ProtectionException {
        String str2;
        URL[] urlArr = new URL[1];
        try {
            str2 = getServiceDomain();
            try {
                urlArr[0] = new URL("https://" + str2);
                ArrayList arrayList = new ArrayList();
                arrayList.add(new i(new com.microsoft.rightsmanagement.consent.h(urlArr), str, this.mIsAzureURL, z, consentDataStore));
                arrayList.add(new e(new com.microsoft.rightsmanagement.consent.g(com.microsoft.rightsmanagement.d.DOCUMENT_TRACKING_CONSENT), str2, str, z, consentDataStore));
                return arrayList;
            } catch (MalformedURLException e) {
                e = e;
                h.c(TAG, String.format("getServiceDomain : malformed urls received from service domain. Service domain was %s ", str2));
                throw new ProtectionException(TAG, "Malformed urls received from selected domain", e);
            }
        } catch (MalformedURLException e2) {
            e = e2;
            str2 = null;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public List<com.microsoft.rightsmanagement.consent.f> getConsentProcessorsFromConsents(Collection<com.microsoft.rightsmanagement.a> collection, boolean z, ConsentDataStore consentDataStore, String str) throws ProtectionException {
        ArrayList arrayList = new ArrayList();
        String serviceDomain = getServiceDomain();
        for (com.microsoft.rightsmanagement.a aVar : collection) {
            if (aVar.a() == com.microsoft.rightsmanagement.d.SERVICE_URL_CONSENT) {
                arrayList.add(new i((k) aVar, str, this.mIsAzureURL, z, consentDataStore));
            } else if (aVar.a() == com.microsoft.rightsmanagement.d.DOCUMENT_TRACKING_CONSENT) {
                arrayList.add(new e(aVar, serviceDomain, str, z, consentDataStore));
            }
        }
        return arrayList;
    }

    private String getServiceDomain() throws ProtectionException {
        try {
            String host = this.mDiscoveryUrl != null ? Patterns.DOMAIN_NAME.matcher(this.mDiscoveryUrl).matches() ? this.mDiscoveryUrl : new URL(this.mDiscoveryUrl).getHost() : c.U();
            h.a(TAG, String.format("getServiceDomain : retrieved domain %s ", host));
            return host;
        } catch (MalformedURLException e) {
            h.c(TAG, String.format("getServiceDomain : discovery url was in invalid format", new Object[0]));
            throw new ProtectionException(TAG, "Malformed urls received from selected domain", e);
        }
    }

    private void handleConsentCallback(ConsentCallback consentCallback, final String str) throws ProtectionException {
        this.mConsentFailed = false;
        final ConsentDataStore a = ConsentDataStore.a();
        final RMSLatch rMSLatch = new RMSLatch();
        try {
            try {
                a.a(this);
                final boolean z = consentCallback == null;
                List<com.microsoft.rightsmanagement.consent.f> consentProcessors = getConsentProcessors(z, a, str);
                final ArrayList arrayList = new ArrayList();
                for (com.microsoft.rightsmanagement.consent.f fVar : consentProcessors) {
                    if (fVar.a()) {
                        arrayList.add(fVar.d());
                    }
                }
                if (arrayList.size() > 0) {
                    BasePerfScenario a2 = BasePerfScenario.a(PerfScenario.RequestConsentOp);
                    a2.f();
                    consentCallback.a(arrayList, new b() { // from class: com.microsoft.rightsmanagement.flows.ExternalAuthFlow.2
                        @Override // com.microsoft.rightsmanagement.b
                        public void submitConsentsWithConsentResults(Collection<com.microsoft.rightsmanagement.a> collection) throws ProtectionException {
                            try {
                                try {
                                    if (collection == null) {
                                        throw new j(ExternalAuthFlow.TAG, "consents collection is null");
                                    }
                                    List consentProcessorsFromConsents = ExternalAuthFlow.this.getConsentProcessorsFromConsents(arrayList, z, a, str);
                                    Iterator it = consentProcessorsFromConsents.iterator();
                                    while (it.hasNext()) {
                                        ((com.microsoft.rightsmanagement.consent.f) it.next()).b();
                                    }
                                    Iterator it2 = consentProcessorsFromConsents.iterator();
                                    while (it2.hasNext()) {
                                        ((com.microsoft.rightsmanagement.consent.f) it2.next()).c();
                                    }
                                } catch (ProtectionException e) {
                                    ExternalAuthFlow.this.mConsentFailed = true;
                                    switch (AnonymousClass3.$SwitchMap$com$microsoft$rightsmanagement$exceptions$ProtectionExceptionType[e.c().ordinal()]) {
                                        case 1:
                                        case 2:
                                            throw e;
                                        default:
                                            h.c(ExternalAuthFlow.TAG, "Unexpected exception during consent handling " + e.toString());
                                            throw com.microsoft.rightsmanagement.exceptions.d.a(e);
                                    }
                                }
                            } finally {
                                rMSLatch.a();
                            }
                        }
                    });
                    rMSLatch.b();
                    a2.g();
                    this.mPerfScenarioContainer.add(a2);
                    this.mPerfScenarioContainer.a(a2.d());
                }
            } catch (InterruptedException e) {
                throw new ProtectionException(TAG, "Received an interrupt exception while latching", e);
            }
        } finally {
            a.b();
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public AccessToken getAccessToken(byte[] bArr, String str, AuthenticationRequestCallback authenticationRequestCallback, ConsentCallback consentCallback) throws ProtectionException {
        if (bArr == null && str == null) {
            throw new ProtectionException(TAG, "Invalid parameters to GetAuthInfoFlow");
        }
        this.mUserId = str;
        this.mVerifiedUserId = str;
        final AuthInfo authInfo = getAuthInfo(bArr, str);
        if (authInfo == null) {
            h.a(TAG, "Flow was cancelled");
            return null;
        }
        handleConsentCallback(consentCallback, str);
        if (this.mConsentFailed) {
            h.a(TAG, "mConsentFailed = " + this.mConsentFailed);
            return null;
        }
        Map<String, String> generateMapFromAuthInfo = generateMapFromAuthInfo(str, authInfo);
        BasePerfScenario a = BasePerfScenario.a(PerfScenario.RequestTokenOp);
        a.f();
        authenticationRequestCallback.a(generateMapFromAuthInfo, new AuthenticationCompletionCallback() { // from class: com.microsoft.rightsmanagement.flows.ExternalAuthFlow.1
            public void onCancel() {
                ExternalAuthFlow.this.mState = AuthenticationCallbackState.Cancel;
                ExternalAuthFlow.this.mLatch.a();
            }

            @Override // com.microsoft.rightsmanagement.AuthenticationCompletionCallback
            public void onFailure() {
                ExternalAuthFlow.this.mState = AuthenticationCallbackState.Failure;
                ExternalAuthFlow.this.mLatch.a();
            }

            @Override // com.microsoft.rightsmanagement.AuthenticationCompletionCallback
            public void onSuccess(String str2) {
                ExternalAuthFlow.this.mAccessToken = new AccessToken(str2, authInfo.b());
                ExternalAuthFlow.this.mState = AuthenticationCallbackState.Success;
                ExternalAuthFlow.this.mLatch.a();
            }
        });
        if (this.mState == AuthenticationCallbackState.NotCalled) {
            try {
                this.mLatch.b();
                a.g();
                this.mPerfScenarioContainer.add(a);
                this.mPerfScenarioContainer.a(a.d());
            } catch (InterruptedException e) {
                throw new ProtectionException(TAG, "Received an interrupt exception while latching", e);
            }
        }
        if (this.mState == AuthenticationCallbackState.Failure) {
            throw new com.microsoft.rightsmanagement.exceptions.internal.a("TAG", "Failed getting authentication token from user");
        }
        if (this.mState == AuthenticationCallbackState.Cancel) {
            this.mAsyncControl.cancel();
            cancelFlowIfRequested();
            return null;
        }
        if (this.mAccessToken != null && this.mAccessToken.c()) {
            return this.mAccessToken;
        }
        h.c(TAG, "Access Token is null");
        throw new com.microsoft.rightsmanagement.exceptions.f(str, generateMapFromAuthInfo.toString());
    }

    public String getContentId() {
        if (this.mLicenseParserResult != null) {
            return this.mLicenseParserResult.a();
        }
        return null;
    }

    public String getDiscoveryUrl() {
        return this.mDiscoveryUrl;
    }

    public Domain getSelectedDomain() {
        return this.mSelectedDomain;
    }
}
