package d.t.a.a;

import android.accounts.Account;
import android.accounts.AccountManager;
import android.accounts.AccountManagerFuture;
import android.accounts.AuthenticatorDescription;
import android.accounts.AuthenticatorException;
import android.accounts.OperationCanceledException;
import android.annotation.SuppressLint;
import android.annotation.TargetApi;
import android.content.Context;
import android.content.Intent;
import android.content.SharedPreferences;
import android.content.pm.PackageInfo;
import android.content.pm.PackageManager;
import android.content.pm.ResolveInfo;
import android.content.pm.Signature;
import android.os.Build;
import android.os.Bundle;
import android.os.Handler;
import android.os.Looper;
import android.text.TextUtils;
import android.util.Base64;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertPathValidator;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import java.util.Set;
import java.util.UUID;

@TargetApi(14)
/* renamed from: d.t.a.a.aa, reason: case insensitive filesystem */
/* loaded from: classes.dex */
public class C1077aa implements InterfaceC1116ua {

    /* renamed from: a, reason: collision with root package name */
    public Context f12869a;

    /* renamed from: b, reason: collision with root package name */
    public AccountManager f12870b;

    /* renamed from: c, reason: collision with root package name */
    public Handler f12871c;

    /* renamed from: d, reason: collision with root package name */
    public final String f12872d = Q.INSTANCE.f12792e;

    /* renamed from: d.t.a.a.aa$a */
    /* loaded from: classes.dex */
    enum a {
        CAN_SWITCH_TO_BROKER,
        CANNOT_SWITCH_TO_BROKER,
        NEED_PERMISSIONS_TO_SWITCH_TO_BROKER
    }

    public C1077aa(Context context) {
        this.f12869a = context;
        this.f12870b = AccountManager.get(this.f12869a);
        this.f12871c = new Handler(this.f12869a.getMainLooper());
    }

    public final Account a(String str, Account[] accountArr) {
        String str2;
        if (accountArr == null) {
            return null;
        }
        for (Account account : accountArr) {
            if (account != null && (str2 = account.name) != null && str2.equalsIgnoreCase(str)) {
                return account;
            }
        }
        return null;
    }

    public final Bundle a(M m2) {
        Bundle bundle = new Bundle();
        bundle.putInt("com.microsoft.aad.adal:RequestId", m2.f12738a);
        bundle.putInt("expiration.buffer", Q.INSTANCE.f12798k);
        bundle.putString("account.authority", m2.f12739b);
        bundle.putString("account.resource", m2.f12741d);
        bundle.putString("account.redirect", m2.f12740c);
        bundle.putString("account.clientid.key", m2.f12742e);
        bundle.putString("adal.version.key", m2.f12750m);
        bundle.putString("account.userinfo.userid", m2.f12744g);
        bundle.putString("account.extra.query.param", m2.f12747j);
        UUID uuid = m2.f12746i;
        if (uuid != null) {
            bundle.putString("account.correlationid", uuid.toString());
        }
        String str = m2.f12745h;
        if (Pa.d(str)) {
            str = m2.f12743f;
        }
        bundle.putString("account.login.hint", str);
        bundle.putString("account.name", str);
        Ma ma = m2.f12748k;
        if (ma != null) {
            bundle.putString("account.prompt", ma.name());
        }
        if (!Pa.d(m2.q)) {
            bundle.putString("skip.cache", Boolean.toString(true));
            bundle.putString("account.claims", m2.q);
        }
        return bundle;
    }

    /* JADX WARN: Removed duplicated region for block: B:69:0x0160  */
    /* JADX WARN: Removed duplicated region for block: B:70:0x008b A[EXC_TOP_SPLITTER, SYNTHETIC] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public d.t.a.a.O a(d.t.a.a.M r13, d.t.a.a.Z r14) {
        /*
            Method dump skipped, instructions count: 667
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: d.t.a.a.C1077aa.a(d.t.a.a.M, d.t.a.a.Z):d.t.a.a.O");
    }

    public final Ya a(String str, Ya[] yaArr) {
        if (yaArr == null) {
            return null;
        }
        for (Ya ya : yaArr) {
            if (ya != null && !TextUtils.isEmpty(ya.f12860a) && ya.f12860a.equalsIgnoreCase(str)) {
                return ya;
            }
        }
        return null;
    }

    /* JADX WARN: Removed duplicated region for block: B:23:0x0056  */
    /* JADX WARN: Removed duplicated region for block: B:26:0x005e  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public d.t.a.a.C1077aa.a a(java.lang.String r9) {
        /*
            r8 = this;
            java.net.URL r0 = new java.net.URL     // Catch: java.net.MalformedURLException -> L8a
            r0.<init>(r9)     // Catch: java.net.MalformedURLException -> L8a
            android.content.Context r9 = r8.f12869a
            java.lang.String r9 = r9.getPackageName()
            d.t.a.a.Q r1 = d.t.a.a.Q.INSTANCE
            boolean r2 = r1.f12797j
            r3 = 0
            r4 = 1
            if (r2 == 0) goto L51
            java.lang.String r1 = r1.f12791d
            boolean r1 = r9.equalsIgnoreCase(r1)
            if (r1 != 0) goto L51
            java.lang.String r1 = "com.azure.authenticator"
            boolean r9 = r9.equalsIgnoreCase(r1)
            if (r9 != 0) goto L51
            android.accounts.AccountManager r9 = r8.f12870b
            android.accounts.AuthenticatorDescription[] r9 = r9.getAuthenticatorTypes()
            int r1 = r9.length
            r2 = 0
        L2b:
            if (r2 >= r1) goto L46
            r5 = r9[r2]
            java.lang.String r6 = r5.type
            java.lang.String r7 = "com.microsoft.workaccount"
            boolean r6 = r6.equals(r7)
            if (r6 == 0) goto L43
            java.lang.String r5 = r5.packageName
            boolean r5 = r8.f(r5)
            if (r5 == 0) goto L43
            r9 = 1
            goto L47
        L43:
            int r2 = r2 + 1
            goto L2b
        L46:
            r9 = 0
        L47:
            if (r9 == 0) goto L51
            boolean r9 = d.m.a.b.e.d.a.b.a(r0)
            if (r9 != 0) goto L51
            r9 = 1
            goto L52
        L51:
            r9 = 0
        L52:
            java.lang.String r0 = "BrokerProxy:canSwitchToBroker"
            if (r9 != 0) goto L5e
            java.lang.String r9 = "Broker auth is turned off or no valid broker is available on the device, cannot switch to broker."
            d.t.a.a.Ha.b(r0, r9)
            d.t.a.a.aa$a r9 = d.t.a.a.C1077aa.a.CANNOT_SWITCH_TO_BROKER
            return r9
        L5e:
            boolean r1 = r8.c()
            if (r1 != 0) goto L87
            if (r9 == 0) goto L71
            android.accounts.AccountManager r9 = r8.f12870b
            java.lang.String r1 = ""
            boolean r9 = r8.a(r9, r1, r1)
            if (r9 == 0) goto L71
            r3 = 1
        L71:
            if (r3 != 0) goto L7b
            java.lang.String r9 = "No valid account existed in broker, cannot switch to broker for auth."
            d.t.a.a.Ha.b(r0, r9)
            d.t.a.a.aa$a r9 = d.t.a.a.C1077aa.a.CANNOT_SWITCH_TO_BROKER
            return r9
        L7b:
            r8.e()     // Catch: d.t.a.a.Wa -> L7f
            goto L87
        L7f:
            java.lang.String r9 = "Missing GET_ACCOUNTS permission, cannot switch to broker."
            d.t.a.a.Ha.b(r0, r9)
            d.t.a.a.aa$a r9 = d.t.a.a.C1077aa.a.NEED_PERMISSIONS_TO_SWITCH_TO_BROKER
            return r9
        L87:
            d.t.a.a.aa$a r9 = d.t.a.a.C1077aa.a.CAN_SWITCH_TO_BROKER
            return r9
        L8a:
            java.lang.IllegalArgumentException r9 = new java.lang.IllegalArgumentException
            d.t.a.a.z r0 = d.t.a.a.EnumC1125z.DEVELOPER_AUTHORITY_IS_NOT_VALID_URL
            java.lang.String r0 = r0.name()
            r9.<init>(r0)
            throw r9
        */
        throw new UnsupportedOperationException("Method not decompiled: d.t.a.a.C1077aa.a(java.lang.String):d.t.a.a.aa$a");
    }

    public final void a(List<X509Certificate> list) {
        X509Certificate x509Certificate = null;
        int i2 = 0;
        for (X509Certificate x509Certificate2 : list) {
            if (x509Certificate2.getSubjectDN().equals(x509Certificate2.getIssuerDN())) {
                i2++;
                x509Certificate = x509Certificate2;
            }
        }
        if (i2 > 1 || x509Certificate == null) {
            throw new L(EnumC1125z.BROKER_APP_VERIFICATION_FAILED, "Multiple self signed certs found or no self signed cert existed.");
        }
        PKIXParameters pKIXParameters = new PKIXParameters((Set<TrustAnchor>) Collections.singleton(new TrustAnchor(x509Certificate, null)));
        pKIXParameters.setRevocationEnabled(false);
        CertPathValidator.getInstance("PKIX").validate(CertificateFactory.getInstance("X.509").generateCertPath(list), pKIXParameters);
    }

    public final boolean a(AccountManager accountManager, String str, String str2) {
        for (AuthenticatorDescription authenticatorDescription : accountManager.getAuthenticatorTypes()) {
            if (authenticatorDescription.type.equals("com.microsoft.workaccount")) {
                Account[] accountsByType = this.f12870b.getAccountsByType("com.microsoft.workaccount");
                if (authenticatorDescription.packageName.equalsIgnoreCase("com.azure.authenticator") || authenticatorDescription.packageName.equalsIgnoreCase("com.microsoft.windowsintune.companyportal") || authenticatorDescription.packageName.equalsIgnoreCase(Q.INSTANCE.f12791d)) {
                    String str3 = authenticatorDescription.packageName;
                    Intent intent = new Intent();
                    intent.setPackage(str3);
                    intent.setClassName(str3, str3 + ".ui.AccountChooserActivity");
                    if (this.f12869a.getPackageManager().queryIntentActivities(intent, 0).size() > 0) {
                        return true;
                    }
                    if (accountsByType.length > 0) {
                        if (!Pa.d(str)) {
                            return str.equalsIgnoreCase(accountsByType[0].name);
                        }
                        if (!Pa.d(str2)) {
                            try {
                                if (a(str2, a()) == null) {
                                    return false;
                                }
                            } catch (AuthenticatorException | OperationCanceledException | IOException e2) {
                                Ha.a("BrokerProxy:verifyAccount", "Exception thrown when verifying accounts in broker. ", e2.getMessage(), EnumC1125z.BROKER_AUTHENTICATOR_EXCEPTION, e2);
                                Ha.b("BrokerProxy:verifyAccount", "It could not check the uniqueid from broker. It is not using broker");
                                return false;
                            }
                        }
                        return true;
                    }
                }
            }
        }
        return false;
    }

    public boolean a(String str, String str2) {
        if (c()) {
            return true;
        }
        return a(this.f12870b, str, str2);
    }

    public Ya[] a() {
        if (Looper.myLooper() == Looper.getMainLooper()) {
            throw new IllegalArgumentException("Calling getBrokerUsers on main thread");
        }
        if (c()) {
            return Y.a().a(this.f12869a);
        }
        Account[] accountsByType = this.f12870b.getAccountsByType("com.microsoft.workaccount");
        Bundle bundle = new Bundle();
        bundle.putBoolean("com.microsoft.workaccount.user.info", true);
        StringBuilder a2 = d.d.a.a.a.a("Retrieve all the accounts from account manager with broker account type, and the account length is: ");
        a2.append(accountsByType.length);
        Ha.b("BrokerProxy:getUserInfoFromAccountManager", a2.toString());
        Ya[] yaArr = new Ya[accountsByType.length];
        for (int i2 = 0; i2 < accountsByType.length; i2++) {
            AccountManagerFuture<Bundle> updateCredentials = this.f12870b.updateCredentials(accountsByType[i2], "adal.authtoken.type", bundle, null, null, null);
            Ha.b("BrokerProxy:getUserInfoFromAccountManager", "Waiting for userinfo retrieval result from Broker.");
            Bundle result = updateCredentials.getResult();
            yaArr[i2] = new Ya(result.getString("account.userinfo.userid"), result.getString("account.userinfo.given.name"), result.getString("account.userinfo.family.name"), result.getString("account.userinfo.identity.provider"), result.getString("account.userinfo.userid.displayable"));
        }
        return yaArr;
    }

    public String b() {
        for (AuthenticatorDescription authenticatorDescription : this.f12870b.getAuthenticatorTypes()) {
            if (authenticatorDescription.type.equals("com.microsoft.workaccount")) {
                return authenticatorDescription.packageName;
            }
        }
        return null;
    }

    public final String b(String str) {
        if (this.f12869a.getPackageManager().checkPermission(str, this.f12869a.getPackageName()) == 0) {
            return "";
        }
        Ha.d("BrokerProxy", d.d.a.a.a.a("Broker related permissions are missing for ", str), "", EnumC1125z.DEVELOPER_BROKER_PERMISSIONS_MISSING);
        return str + ' ';
    }

    public final void b(List<X509Certificate> list) {
        for (X509Certificate x509Certificate : list) {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA");
            messageDigest.update(x509Certificate.getEncoded());
            String encodeToString = Base64.encodeToString(messageDigest.digest(), 2);
            if (this.f12872d.equals(encodeToString) || "ho040S3ffZkmxqtQrSwpTVOn9r0=".equals(encodeToString)) {
                return;
            }
        }
        throw new L(EnumC1125z.BROKER_APP_VERIFICATION_FAILED);
    }

    public String c(String str) {
        PackageInfo packageInfo = this.f12869a.getPackageManager().getPackageInfo(str, 0);
        StringBuilder a2 = d.d.a.a.a.a("VersionName=");
        a2.append(packageInfo.versionName);
        a2.append(";VersonCode=");
        return d.d.a.a.a.a(a2, packageInfo.versionCode, ".");
    }

    public final boolean c() {
        List<ResolveInfo> queryIntentServices;
        Intent b2 = Y.b(this.f12869a);
        return (b2 == null || (queryIntentServices = this.f12869a.getPackageManager().queryIntentServices(b2, 0)) == null || queryIntentServices.size() <= 0) ? false : true;
    }

    @SuppressLint({"PackageManagerGetSignatures"})
    public final List<X509Certificate> d(String str) {
        PackageInfo packageInfo = this.f12869a.getPackageManager().getPackageInfo(str, 64);
        if (packageInfo == null) {
            throw new L(EnumC1125z.APP_PACKAGE_NAME_NOT_FOUND, "No broker package existed.");
        }
        Signature[] signatureArr = packageInfo.signatures;
        if (signatureArr == null || signatureArr.length == 0) {
            throw new L(EnumC1125z.BROKER_APP_VERIFICATION_FAILED, "No signature associated with the broker package.");
        }
        ArrayList arrayList = new ArrayList(signatureArr.length);
        for (Signature signature : packageInfo.signatures) {
            try {
                arrayList.add((X509Certificate) CertificateFactory.getInstance("X509").generateCertificate(new ByteArrayInputStream(signature.toByteArray())));
            } catch (CertificateException unused) {
                throw new L(EnumC1125z.BROKER_APP_VERIFICATION_FAILED);
            }
        }
        return arrayList;
    }

    public boolean d() {
        StringBuilder sb = new StringBuilder();
        if (Build.VERSION.SDK_INT >= 23) {
            Ha.b("BrokerProxy", "Device runs on 23 and above, skip the check for 22 and below.");
            return true;
        }
        sb.append(b("android.permission.GET_ACCOUNTS"));
        sb.append(b("android.permission.MANAGE_ACCOUNTS"));
        sb.append(b("android.permission.USE_CREDENTIALS"));
        if (sb.length() == 0) {
            return true;
        }
        EnumC1125z enumC1125z = EnumC1125z.DEVELOPER_BROKER_PERMISSIONS_MISSING;
        StringBuilder a2 = d.d.a.a.a.a("Broker related permissions are missing for ");
        a2.append(sb.toString());
        throw new Wa(enumC1125z, a2.toString());
    }

    public void e(String str) {
        if (str == null || str.isEmpty()) {
            return;
        }
        SharedPreferences sharedPreferences = this.f12869a.getSharedPreferences("com.microsoft.aad.adal.account.list", 0);
        String string = sharedPreferences.getString("AppAccountsForTokenRemoval", "");
        if (string.contains("|" + str)) {
            return;
        }
        d.d.a.a.a.a(sharedPreferences, "AppAccountsForTokenRemoval", d.d.a.a.a.a(string, "|", str));
    }

    @TargetApi(23)
    public boolean e() {
        StringBuilder sb = new StringBuilder();
        if (Build.VERSION.SDK_INT < 23) {
            Ha.b("BrokerProxy", "Device is lower than 23, skip the GET_ACCOUNTS permission check.");
            return true;
        }
        sb.append(b("android.permission.GET_ACCOUNTS"));
        if (sb.length() == 0) {
            return true;
        }
        EnumC1125z enumC1125z = EnumC1125z.DEVELOPER_BROKER_PERMISSIONS_MISSING;
        StringBuilder a2 = d.d.a.a.a.a("Broker related permissions are missing for ");
        a2.append(sb.toString());
        throw new Wa(enumC1125z, a2.toString());
    }

    public final boolean f(String str) {
        EnumC1125z enumC1125z;
        String str2;
        try {
            List<X509Certificate> d2 = d(str);
            b(d2);
            if (d2.size() > 1) {
                a(d2);
            }
            return true;
        } catch (PackageManager.NameNotFoundException unused) {
            enumC1125z = EnumC1125z.BROKER_PACKAGE_NAME_NOT_FOUND;
            str2 = "Broker related package does not exist";
            Ha.a("BrokerProxy:verifySignature", str2, "", enumC1125z);
            return false;
        } catch (L e2) {
            e = e2;
            Ha.a("BrokerProxy:verifySignature", EnumC1125z.BROKER_VERIFICATION_FAILED.fb, e.getMessage(), EnumC1125z.BROKER_VERIFICATION_FAILED, e);
            return false;
        } catch (IOException e3) {
            e = e3;
            Ha.a("BrokerProxy:verifySignature", EnumC1125z.BROKER_VERIFICATION_FAILED.fb, e.getMessage(), EnumC1125z.BROKER_VERIFICATION_FAILED, e);
            return false;
        } catch (NoSuchAlgorithmException unused2) {
            enumC1125z = EnumC1125z.DEVICE_NO_SUCH_ALGORITHM;
            str2 = "Digest SHA algorithm does not exists";
            Ha.a("BrokerProxy:verifySignature", str2, "", enumC1125z);
            return false;
        } catch (GeneralSecurityException e4) {
            e = e4;
            Ha.a("BrokerProxy:verifySignature", EnumC1125z.BROKER_VERIFICATION_FAILED.fb, e.getMessage(), EnumC1125z.BROKER_VERIFICATION_FAILED, e);
            return false;
        }
    }
}
