package com.microsoft.aad.adal;

import android.net.Uri;
import android.os.Build;
import android.text.TextUtils;
import android.util.Base64;
import com.helpshift.analytics.AnalyticsEventKey;
import com.microsoft.aad.adal.AuthenticationConstants;
import com.microsoft.aad.adal.TelemetryUtils;
import com.microsoft.identity.common.adal.internal.AuthenticationConstants;
import com.microsoft.identity.common.adal.internal.JWSBuilder;
import com.microsoft.identity.common.adal.internal.net.HttpWebResponse;
import com.microsoft.identity.common.adal.internal.net.IWebRequestHandler;
import com.microsoft.identity.common.adal.internal.util.HashMapExtensions;
import com.microsoft.identity.common.exception.ServiceException;
import com.microsoft.identity.common.internal.providers.microsoft.azureactivedirectory.ClientInfo;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.SocketTimeoutException;
import java.net.URL;
import java.net.URLEncoder;
import java.util.GregorianCalendar;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.UUID;
import org.json.JSONException;
import org.json.JSONObject;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes3.dex */
public class Oauth2 {
    private static final String DEFAULT_AUTHORIZE_ENDPOINT = "/oauth2/authorize";
    private static final String DEFAULT_TOKEN_ENDPOINT = "/oauth2/token";
    private static final int DELAY_TIME_PERIOD = 1000;
    private static final String HTTPS_PROTOCOL_STRING = "https";
    private static final int MAX_RESILIENCY_ERROR_CODE = 599;
    private static final String STRING_FORMAT_QUERY_PARAM = "%s&%s=%s";
    private static final String TAG = "Oauth";
    private String mBrokerClientVersion;
    private String mClientVersion;
    private JWSBuilder mJWSBuilder;
    private AuthenticationRequest mRequest;
    private boolean mRetryOnce;
    private String mTokenEndpoint;
    private IWebRequestHandler mWebRequestHandler;

    /* JADX INFO: Access modifiers changed from: package-private */
    public Oauth2(AuthenticationRequest authenticationRequest) {
        this.mJWSBuilder = new JWSBuilder();
        this.mRetryOnce = true;
        this.mBrokerClientVersion = "";
        this.mClientVersion = "";
        this.mRequest = authenticationRequest;
        this.mWebRequestHandler = null;
        this.mJWSBuilder = null;
        setTokenEndpoint(this.mRequest.getAuthority() + DEFAULT_TOKEN_ENDPOINT);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Oauth2(AuthenticationRequest authenticationRequest, IWebRequestHandler iWebRequestHandler) {
        this.mJWSBuilder = new JWSBuilder();
        this.mRetryOnce = true;
        this.mBrokerClientVersion = "";
        this.mClientVersion = "";
        this.mRequest = authenticationRequest;
        this.mWebRequestHandler = iWebRequestHandler;
        this.mJWSBuilder = null;
        setTokenEndpoint(this.mRequest.getAuthority() + DEFAULT_TOKEN_ENDPOINT);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Oauth2(AuthenticationRequest authenticationRequest, IWebRequestHandler iWebRequestHandler, JWSBuilder jWSBuilder) {
        this.mJWSBuilder = new JWSBuilder();
        this.mRetryOnce = true;
        this.mBrokerClientVersion = "";
        this.mClientVersion = "";
        this.mRequest = authenticationRequest;
        this.mWebRequestHandler = iWebRequestHandler;
        this.mJWSBuilder = jWSBuilder;
        setTokenEndpoint(this.mRequest.getAuthority() + DEFAULT_TOKEN_ENDPOINT);
    }

    public static String decodeProtocolState(String str) throws UnsupportedEncodingException {
        if (com.microsoft.identity.common.adal.internal.util.StringExtensions.isNullOrBlank(str)) {
            return null;
        }
        return new String(Base64.decode(str, 9), "UTF-8");
    }

    public static void extractJsonObjects(Map<String, String> map, String str) throws JSONException {
        JSONObject jSONObject = new JSONObject(str);
        Iterator<String> keys = jSONObject.keys();
        while (keys.hasNext()) {
            String next = keys.next();
            map.put(next, jSONObject.getString(next));
        }
    }

    private Map<String, String> getRequestHeaders() {
        HashMap hashMap = new HashMap();
        hashMap.put("Accept", "application/json");
        return hashMap;
    }

    private AuthenticationResult parseJsonResponse(String str) throws JSONException, AuthenticationException {
        HashMap hashMap = new HashMap();
        extractJsonObjects(hashMap, str);
        return processUIResponseParams(hashMap);
    }

    private AuthenticationResult postMessage(String str, Map<String, String> map) throws IOException, AuthenticationException {
        AuthenticationResult authenticationResult;
        String body;
        HttpEvent startHttpEvent = startHttpEvent();
        URL url = com.microsoft.identity.common.adal.internal.util.StringExtensions.getUrl(getTokenEndpoint());
        if (url == null) {
            stopHttpEvent(startHttpEvent);
            throw new AuthenticationException(ADALError.DEVELOPER_AUTHORITY_IS_NOT_VALID_URL);
        }
        startHttpEvent.setHttpPath(url);
        try {
            try {
                this.mWebRequestHandler.setRequestCorrelationId(this.mRequest.getCorrelationId());
                this.mWebRequestHandler.setClientVersion(AuthenticationContext.getVersionName());
                ClientMetrics.INSTANCE.beginClientMetricsRecord(url, this.mRequest.getCorrelationId(), map);
                HttpWebResponse sendPost = this.mWebRequestHandler.sendPost(url, map, str.getBytes("UTF-8"), "application/x-www-form-urlencoded");
                startHttpEvent.setResponseCode(sendPost.getStatusCode());
                startHttpEvent.setCorrelationId(this.mRequest.getCorrelationId().toString());
                stopHttpEvent(startHttpEvent);
                if (sendPost.getStatusCode() == 401) {
                    if (sendPost.getResponseHeaders() == null || !sendPost.getResponseHeaders().containsKey("WWW-Authenticate")) {
                        Logger.v("Oauth:postMessage", "401 http status code is returned without authorization header.");
                    } else {
                        String str2 = sendPost.getResponseHeaders().get("WWW-Authenticate").get(0);
                        Logger.i("Oauth:postMessage", "Device certificate challenge request. ", "Challenge header: " + str2);
                        if (com.microsoft.identity.common.adal.internal.util.StringExtensions.isNullOrBlank(str2)) {
                            throw new AuthenticationException(ADALError.DEVICE_CERTIFICATE_REQUEST_INVALID, "Challenge header is empty", sendPost);
                        }
                        if (com.microsoft.identity.common.adal.internal.util.StringExtensions.hasPrefixInHeader(str2, "PKeyAuth")) {
                            HttpEvent startHttpEvent2 = startHttpEvent();
                            startHttpEvent2.setHttpPath(url);
                            Logger.v("Oauth:postMessage", "Received pkeyAuth device challenge.");
                            ChallengeResponseBuilder challengeResponseBuilder = new ChallengeResponseBuilder(this.mJWSBuilder);
                            Logger.v("Oauth:postMessage", "Processing device challenge.");
                            map.put("Authorization", challengeResponseBuilder.getChallengeResponseFromHeader(str2, url.toString()).getAuthorizationHeaderValue());
                            Logger.v("Oauth:postMessage", "Sending request with challenge response.");
                            HttpWebResponse sendPost2 = this.mWebRequestHandler.sendPost(url, map, str.getBytes("UTF-8"), "application/x-www-form-urlencoded");
                            startHttpEvent2.setResponseCode(sendPost2.getStatusCode());
                            startHttpEvent2.setCorrelationId(this.mRequest.getCorrelationId().toString());
                            stopHttpEvent(startHttpEvent2);
                            sendPost = sendPost2;
                        }
                    }
                }
                boolean isEmpty = TextUtils.isEmpty(sendPost.getBody());
                if (isEmpty) {
                    authenticationResult = null;
                } else {
                    Logger.v("Oauth:postMessage", "Token request does not have exception.");
                    try {
                        authenticationResult = processTokenResponse(sendPost, startHttpEvent);
                        ClientMetrics.INSTANCE.setLastError(null);
                    } catch (ServerRespondingWithRetryableException e) {
                        AuthenticationResult retry = retry(str, map);
                        if (retry != null) {
                            ClientMetrics.INSTANCE.endClientMetricsRecord("token", this.mRequest.getCorrelationId());
                            return retry;
                        }
                        if (this.mRequest.getIsExtendedLifetimeEnabled()) {
                            Logger.v("Oauth:postMessage", "WebResponse is not a success due to: " + sendPost.getStatusCode());
                            throw e;
                        }
                        Logger.v("Oauth:postMessage", "WebResponse is not a success due to: " + sendPost.getStatusCode());
                        throw new AuthenticationException(ADALError.SERVER_ERROR, "WebResponse is not a success due to: " + sendPost.getStatusCode(), sendPost);
                    }
                }
                if (authenticationResult != null) {
                    ClientMetrics.INSTANCE.setLastErrorCodes(authenticationResult.getErrorCodes());
                    ClientMetrics.INSTANCE.endClientMetricsRecord("token", this.mRequest.getCorrelationId());
                    return authenticationResult;
                }
                if (isEmpty) {
                    body = "Status code:" + sendPost.getStatusCode();
                } else {
                    body = sendPost.getBody();
                }
                Logger.e("Oauth:postMessage", ADALError.SERVER_ERROR.getDescription(), body, ADALError.SERVER_ERROR);
                throw new AuthenticationException(ADALError.SERVER_ERROR, body, sendPost);
            } catch (UnsupportedEncodingException e2) {
                ClientMetrics.INSTANCE.setLastError(null);
                Logger.e("Oauth:postMessage", ADALError.ENCODING_IS_NOT_SUPPORTED.getDescription(), e2.getMessage(), ADALError.ENCODING_IS_NOT_SUPPORTED, e2);
                throw e2;
            } catch (SocketTimeoutException e3) {
                AuthenticationResult retry2 = retry(str, map);
                if (retry2 != null) {
                    ClientMetrics.INSTANCE.endClientMetricsRecord("token", this.mRequest.getCorrelationId());
                    return retry2;
                }
                ClientMetrics.INSTANCE.setLastError(null);
                if (this.mRequest.getIsExtendedLifetimeEnabled()) {
                    Logger.e("Oauth:postMessage", ADALError.SERVER_ERROR.getDescription(), e3.getMessage(), ADALError.SERVER_ERROR, e3);
                    throw new ServerRespondingWithRetryableException(e3.getMessage(), e3);
                }
                Logger.e("Oauth:postMessage", ADALError.SERVER_ERROR.getDescription(), e3.getMessage(), ADALError.SERVER_ERROR, e3);
                throw e3;
            } catch (IOException e4) {
                ClientMetrics.INSTANCE.setLastError(null);
                Logger.e("Oauth:postMessage", ADALError.SERVER_ERROR.getDescription(), e4.getMessage(), ADALError.SERVER_ERROR, e4);
                throw e4;
            }
        } catch (Throwable th) {
            ClientMetrics.INSTANCE.endClientMetricsRecord("token", this.mRequest.getCorrelationId());
            throw th;
        }
    }

    private AuthenticationResult processTokenResponse(HttpWebResponse httpWebResponse, HttpEvent httpEvent) throws AuthenticationException {
        String str;
        List<String> list;
        TelemetryUtils.CliTelemInfo parseXMsCliTelemHeader;
        List<String> list2;
        List<String> list3;
        String str2 = null;
        if (httpWebResponse.getResponseHeaders() != null) {
            str = (!httpWebResponse.getResponseHeaders().containsKey("client-request-id") || (list3 = httpWebResponse.getResponseHeaders().get("client-request-id")) == null || list3.size() <= 0) ? null : list3.get(0);
            if (httpWebResponse.getResponseHeaders().containsKey("x-ms-request-id") && (list2 = httpWebResponse.getResponseHeaders().get("x-ms-request-id")) != null && list2.size() > 0) {
                Logger.v("Oauth:processTokenResponse", "Set request id header. x-ms-request-id: " + list2.get(0));
                httpEvent.setRequestIdHeader(list2.get(0));
            }
            if (httpWebResponse.getResponseHeaders().get(AuthenticationConstants.HeaderField.X_MS_CLITELEM) != null && !httpWebResponse.getResponseHeaders().get(AuthenticationConstants.HeaderField.X_MS_CLITELEM).isEmpty() && (parseXMsCliTelemHeader = TelemetryUtils.parseXMsCliTelemHeader(httpWebResponse.getResponseHeaders().get(AuthenticationConstants.HeaderField.X_MS_CLITELEM).get(0))) != null) {
                httpEvent.setXMsCliTelemData(parseXMsCliTelemHeader);
                str2 = parseXMsCliTelemHeader.getSpeRing();
            }
        } else {
            str = null;
        }
        int statusCode = httpWebResponse.getStatusCode();
        if (statusCode != 200 && statusCode != 400 && statusCode != 401) {
            if (statusCode >= 500 && statusCode <= 599) {
                throw new ServerRespondingWithRetryableException("Server Error " + statusCode + " " + httpWebResponse.getBody(), httpWebResponse);
            }
            throw new AuthenticationException(ADALError.SERVER_ERROR, "Unexpected server response " + statusCode + " " + httpWebResponse.getBody(), httpWebResponse);
        }
        try {
            AuthenticationResult parseJsonResponse = parseJsonResponse(httpWebResponse.getBody());
            if (parseJsonResponse != null) {
                if (parseJsonResponse.getErrorCode() != null) {
                    parseJsonResponse.setHttpResponse(httpWebResponse);
                }
                TelemetryUtils.CliTelemInfo cliTelemInfo = new TelemetryUtils.CliTelemInfo();
                cliTelemInfo._setSpeRing(str2);
                parseJsonResponse.setCliTelemInfo(cliTelemInfo);
                httpEvent.setOauthErrorCode(parseJsonResponse.getErrorCode());
            }
            if (str != null && !str.isEmpty()) {
                try {
                    if (!UUID.fromString(str).equals(this.mRequest.getCorrelationId())) {
                        Logger.w("Oauth:processTokenResponse", "CorrelationId is not matching", "", ADALError.CORRELATION_ID_NOT_MATCHING_REQUEST_RESPONSE);
                    }
                    Logger.v("Oauth:processTokenResponse", "Response correlationId:" + str);
                } catch (IllegalArgumentException e) {
                    Logger.e("Oauth:processTokenResponse", "Wrong format of the correlation ID:" + str, "", ADALError.CORRELATION_ID_FORMAT, e);
                }
            }
            if (httpWebResponse.getResponseHeaders() != null && (list = httpWebResponse.getResponseHeaders().get(AuthenticationConstants.HeaderField.X_MS_CLITELEM)) != null && !list.isEmpty()) {
                TelemetryUtils.CliTelemInfo parseXMsCliTelemHeader2 = TelemetryUtils.parseXMsCliTelemHeader(list.get(0));
                if (parseJsonResponse != null) {
                    parseJsonResponse.setCliTelemInfo(parseXMsCliTelemHeader2);
                }
            }
            return parseJsonResponse;
        } catch (JSONException e2) {
            throw new AuthenticationException(ADALError.SERVER_INVALID_JSON_RESPONSE, "Can't parse server response. " + httpWebResponse.getBody(), httpWebResponse, e2);
        }
    }

    private AuthenticationResult retry(String str, Map<String, String> map) throws IOException, AuthenticationException {
        if (!this.mRetryOnce) {
            return null;
        }
        this.mRetryOnce = false;
        try {
            Thread.sleep(1000L);
        } catch (InterruptedException unused) {
            Logger.v("Oauth:retry", "The thread is interrupted while it is sleeping. ");
        }
        Logger.v("Oauth:retry", "Try again...");
        return postMessage(str, map);
    }

    private HttpEvent startHttpEvent() {
        HttpEvent httpEvent = new HttpEvent("Microsoft.ADAL.http_event");
        httpEvent.setRequestId(this.mRequest.getTelemetryRequestId());
        httpEvent.setMethod("Microsoft.ADAL.post");
        Telemetry.getInstance().startEvent(this.mRequest.getTelemetryRequestId(), "Microsoft.ADAL.http_event");
        return httpEvent;
    }

    private void stopHttpEvent(HttpEvent httpEvent) {
        Telemetry.getInstance().stopEvent(this.mRequest.getTelemetryRequestId(), httpEvent, "Microsoft.ADAL.http_event");
    }

    public String buildAssertionMessage(String str, String str2) throws UnsupportedEncodingException {
        Logger.v(TAG, "Building request message for redeeming token with saml assertion.");
        return buildRequestMessage(String.format("%s=%s&%s=%s&%s=%s&%s=%s&%s=%s", "grant_type", com.microsoft.identity.common.adal.internal.util.StringExtensions.urlFormEncode(str2), AuthenticationConstants.OAuth2.ASSERTION, com.microsoft.identity.common.adal.internal.util.StringExtensions.urlFormEncode(Base64.encodeToString(str.getBytes("UTF-8"), 2)), "client_id", com.microsoft.identity.common.adal.internal.util.StringExtensions.urlFormEncode(this.mRequest.getClientId()), "scope", "openid", "client_info", "1"));
    }

    public String buildRefreshTokenRequestMessage(String str) throws UnsupportedEncodingException {
        Logger.v(TAG, "Building request message for redeeming token with refresh token.");
        return buildRequestMessage(String.format("%s=%s&%s=%s&%s=%s&%s=%s", "grant_type", com.microsoft.identity.common.adal.internal.util.StringExtensions.urlFormEncode("refresh_token"), "refresh_token", com.microsoft.identity.common.adal.internal.util.StringExtensions.urlFormEncode(str), "client_id", com.microsoft.identity.common.adal.internal.util.StringExtensions.urlFormEncode(this.mRequest.getClientId()), "client_info", "1"));
    }

    public String buildRequestMessage(String str) throws UnsupportedEncodingException {
        if (!com.microsoft.identity.common.adal.internal.util.StringExtensions.isNullOrBlank(this.mRequest.getResource())) {
            str = String.format(STRING_FORMAT_QUERY_PARAM, str, "resource", com.microsoft.identity.common.adal.internal.util.StringExtensions.urlFormEncode(this.mRequest.getResource()));
        }
        if (!com.microsoft.identity.common.adal.internal.util.StringExtensions.isNullOrBlank(this.mRequest.getScope())) {
            str = String.format(STRING_FORMAT_QUERY_PARAM, str, "scope", com.microsoft.identity.common.adal.internal.util.StringExtensions.urlFormEncode(this.mRequest.getScope()));
        }
        if (!com.microsoft.identity.common.adal.internal.util.StringExtensions.isNullOrBlank(this.mRequest.getRedirectUri()) && !this.mRequest.getClientId().equalsIgnoreCase(AuthenticationConstants.Broker.BROKER_CLIENT_ID)) {
            str = String.format(STRING_FORMAT_QUERY_PARAM, str, "redirect_uri", com.microsoft.identity.common.adal.internal.util.StringExtensions.urlFormEncode(this.mRequest.getRedirectUri()));
        }
        if (!com.microsoft.identity.common.adal.internal.util.StringExtensions.isNullOrBlank(this.mRequest.getClaimsChallenge()) || this.mRequest.getClientCapabilities() != null) {
            str = String.format(STRING_FORMAT_QUERY_PARAM, str, "claims", com.microsoft.identity.common.adal.internal.util.StringExtensions.urlFormEncode(AuthenticationContext.mergeClaimsWithClientCapabilities(this.mRequest.getClaimsChallenge(), this.mRequest.getClientCapabilities())));
        }
        if (!com.microsoft.identity.common.adal.internal.util.StringExtensions.isNullOrBlank(this.mRequest.getAppName())) {
            str = String.format(STRING_FORMAT_QUERY_PARAM, str, "x-app-name", com.microsoft.identity.common.adal.internal.util.StringExtensions.urlFormEncode(this.mRequest.getAppName()));
        }
        return !com.microsoft.identity.common.adal.internal.util.StringExtensions.isNullOrBlank(this.mRequest.getAppVersion()) ? String.format(STRING_FORMAT_QUERY_PARAM, str, "x-app-ver", com.microsoft.identity.common.adal.internal.util.StringExtensions.urlFormEncode(this.mRequest.getAppVersion())) : str;
    }

    public String buildTokenRequestMessage(String str) throws UnsupportedEncodingException {
        Logger.v(TAG, "Building request message for redeeming token with auth code.");
        String format = String.format("%s=%s&%s=%s&%s=%s&%s=%s&%s=%s", "grant_type", com.microsoft.identity.common.adal.internal.util.StringExtensions.urlFormEncode("authorization_code"), "code", com.microsoft.identity.common.adal.internal.util.StringExtensions.urlFormEncode(str), "client_id", com.microsoft.identity.common.adal.internal.util.StringExtensions.urlFormEncode(this.mRequest.getClientId()), "redirect_uri", com.microsoft.identity.common.adal.internal.util.StringExtensions.urlFormEncode(this.mRequest.getRedirectUri()), "client_info", "1");
        if (!com.microsoft.identity.common.adal.internal.util.StringExtensions.isNullOrBlank(this.mRequest.getClaimsChallenge()) || this.mRequest.getClientCapabilities() != null) {
            format = String.format(STRING_FORMAT_QUERY_PARAM, format, "claims", com.microsoft.identity.common.adal.internal.util.StringExtensions.urlFormEncode(AuthenticationContext.mergeClaimsWithClientCapabilities(this.mRequest.getClaimsChallenge(), this.mRequest.getClientCapabilities())));
        }
        if (!com.microsoft.identity.common.adal.internal.util.StringExtensions.isNullOrBlank(this.mRequest.getAppName())) {
            format = String.format(STRING_FORMAT_QUERY_PARAM, format, "x-app-name", com.microsoft.identity.common.adal.internal.util.StringExtensions.urlFormEncode(this.mRequest.getAppName()));
        }
        return !com.microsoft.identity.common.adal.internal.util.StringExtensions.isNullOrBlank(this.mRequest.getAppVersion()) ? String.format(STRING_FORMAT_QUERY_PARAM, format, "x-app-ver", com.microsoft.identity.common.adal.internal.util.StringExtensions.urlFormEncode(this.mRequest.getAppVersion())) : format;
    }

    public String encodeProtocolState() throws UnsupportedEncodingException {
        return Base64.encodeToString(String.format("a=%s&r=%s", this.mRequest.getAuthority(), this.mRequest.getResource()).getBytes("UTF-8"), 9);
    }

    public String getAuthorizationEndpoint() {
        return this.mRequest.getAuthority() + DEFAULT_AUTHORIZE_ENDPOINT;
    }

    public String getAuthorizationEndpointQueryParameters() throws UnsupportedEncodingException {
        Uri.Builder builder = new Uri.Builder();
        builder.appendQueryParameter("response_type", "code").appendQueryParameter("client_id", URLEncoder.encode(this.mRequest.getClientId(), "UTF-8")).appendQueryParameter("resource", URLEncoder.encode(this.mRequest.getResource(), "UTF-8")).appendQueryParameter("redirect_uri", URLEncoder.encode(this.mRequest.getRedirectUri(), "UTF-8")).appendQueryParameter("state", encodeProtocolState());
        if (!com.microsoft.identity.common.adal.internal.util.StringExtensions.isNullOrBlank(this.mRequest.getLoginHint())) {
            builder.appendQueryParameter("login_hint", URLEncoder.encode(this.mRequest.getLoginHint(), "UTF-8"));
        }
        if (com.microsoft.identity.common.adal.internal.util.StringExtensions.isNullOrBlank(this.mClientVersion)) {
            this.mClientVersion = AuthenticationContext.getVersionName();
        }
        builder.appendQueryParameter("x-client-SKU", "Android").appendQueryParameter("x-client-Ver", URLEncoder.encode(this.mClientVersion, "UTF-8")).appendQueryParameter("x-client-OS", URLEncoder.encode(String.valueOf(Build.VERSION.SDK_INT), "UTF-8")).appendQueryParameter("x-client-DM", URLEncoder.encode(Build.MODEL, "UTF-8"));
        if (!com.microsoft.identity.common.adal.internal.util.StringExtensions.isNullOrBlank(this.mBrokerClientVersion)) {
            builder.appendQueryParameter("x-client-brkrver", URLEncoder.encode(this.mBrokerClientVersion, "UTF-8"));
        }
        if (this.mRequest.getCorrelationId() != null) {
            builder.appendQueryParameter("client-request-id", URLEncoder.encode(this.mRequest.getCorrelationId().toString(), "UTF-8"));
        }
        if (this.mRequest.getPrompt() == PromptBehavior.Always) {
            builder.appendQueryParameter("prompt", URLEncoder.encode("login", "UTF-8"));
        } else if (this.mRequest.getPrompt() == PromptBehavior.REFRESH_SESSION) {
            builder.appendQueryParameter("prompt", URLEncoder.encode("refresh_session", "UTF-8"));
        }
        String extraQueryParamsAuthentication = this.mRequest.getExtraQueryParamsAuthentication();
        if (com.microsoft.identity.common.adal.internal.util.StringExtensions.isNullOrBlank(extraQueryParamsAuthentication) || !extraQueryParamsAuthentication.contains(AuthenticationConstants.OAuth2.HAS_CHROME)) {
            builder.appendQueryParameter(AuthenticationConstants.OAuth2.HAS_CHROME, "1");
        }
        if (!com.microsoft.identity.common.adal.internal.util.StringExtensions.isNullOrBlank(this.mRequest.getClaimsChallenge()) || this.mRequest.getClientCapabilities() != null) {
            builder.appendQueryParameter("claims", URLEncoder.encode(AuthenticationContext.mergeClaimsWithClientCapabilities(this.mRequest.getClaimsChallenge(), this.mRequest.getClientCapabilities()), "UTF-8"));
        }
        if (!com.microsoft.identity.common.adal.internal.util.StringExtensions.isNullOrBlank(this.mRequest.getAppName())) {
            builder.appendQueryParameter("x-app-name", this.mRequest.getAppName());
        }
        if (!com.microsoft.identity.common.adal.internal.util.StringExtensions.isNullOrBlank(this.mRequest.getAppVersion())) {
            builder.appendQueryParameter("x-app-ver", this.mRequest.getAppVersion());
        }
        String query = builder.build().getQuery();
        if (com.microsoft.identity.common.adal.internal.util.StringExtensions.isNullOrBlank(extraQueryParamsAuthentication)) {
            return query;
        }
        if (!extraQueryParamsAuthentication.startsWith("&")) {
            extraQueryParamsAuthentication = "&" + extraQueryParamsAuthentication;
        }
        return query + extraQueryParamsAuthentication;
    }

    public String getCodeRequestUrl() throws UnsupportedEncodingException {
        return String.format("%s?%s", getAuthorizationEndpoint(), getAuthorizationEndpointQueryParameters());
    }

    public AuthenticationResult getToken(String str) throws IOException, AuthenticationException {
        if (com.microsoft.identity.common.adal.internal.util.StringExtensions.isNullOrBlank(str)) {
            throw new IllegalArgumentException("authorizationUrl");
        }
        HashMap<String, String> urlParameters = com.microsoft.identity.common.adal.internal.util.StringExtensions.getUrlParameters(str);
        String decodeProtocolState = decodeProtocolState(urlParameters.get("state"));
        if (com.microsoft.identity.common.adal.internal.util.StringExtensions.isNullOrBlank(decodeProtocolState)) {
            throw new AuthenticationException(ADALError.AUTH_FAILED_NO_STATE);
        }
        Uri parse = Uri.parse("http://state/path?" + decodeProtocolState);
        String queryParameter = parse.getQueryParameter("a");
        String queryParameter2 = parse.getQueryParameter(AnalyticsEventKey.SMART_INTENT_SEARCH_RANK);
        if (com.microsoft.identity.common.adal.internal.util.StringExtensions.isNullOrBlank(queryParameter) || com.microsoft.identity.common.adal.internal.util.StringExtensions.isNullOrBlank(queryParameter2) || !queryParameter2.equalsIgnoreCase(this.mRequest.getResource())) {
            throw new AuthenticationException(ADALError.AUTH_FAILED_BAD_STATE);
        }
        AuthenticationResult processUIResponseParams = processUIResponseParams(urlParameters);
        if (processUIResponseParams == null || processUIResponseParams.getCode() == null || processUIResponseParams.getCode().isEmpty()) {
            return processUIResponseParams;
        }
        AuthenticationResult tokenForCode = getTokenForCode(processUIResponseParams.getCode());
        if (com.microsoft.identity.common.adal.internal.util.StringExtensions.isNullOrBlank(processUIResponseParams.getAuthority())) {
            tokenForCode.setAuthority(this.mRequest.getAuthority());
        } else {
            tokenForCode.setAuthority(processUIResponseParams.getAuthority());
        }
        return tokenForCode;
    }

    public String getTokenEndpoint() {
        return this.mTokenEndpoint;
    }

    public AuthenticationResult getTokenForCode(String str) throws IOException, AuthenticationException {
        if (this.mWebRequestHandler == null) {
            throw new IllegalArgumentException("webRequestHandler");
        }
        try {
            String buildTokenRequestMessage = buildTokenRequestMessage(str);
            Map<String, String> requestHeaders = getRequestHeaders();
            Logger.v("Oauth:getTokenForCode", "Sending request to redeem token with auth code.");
            return postMessage(buildTokenRequestMessage, requestHeaders);
        } catch (UnsupportedEncodingException e) {
            Logger.e("Oauth:getTokenForCode", ADALError.ENCODING_IS_NOT_SUPPORTED.getDescription(), e.getMessage(), ADALError.ENCODING_IS_NOT_SUPPORTED, e);
            return null;
        }
    }

    public AuthenticationResult processUIResponseParams(Map<String, String> map) throws AuthenticationException {
        String str;
        boolean z;
        UserInfo userInfo;
        String str2;
        String str3;
        ClientInfo clientInfo = null;
        if (map.containsKey("error")) {
            String str4 = map.get("correlation_id");
            if (!com.microsoft.identity.common.adal.internal.util.StringExtensions.isNullOrBlank(str4)) {
                try {
                    Logger.setCorrelationId(UUID.fromString(str4));
                } catch (IllegalArgumentException unused) {
                    Logger.e(TAG, "CorrelationId is malformed: " + str4, "", ADALError.CORRELATION_ID_FORMAT);
                }
            }
            Logger.i(TAG, "OAuth2 error:" + map.get("error"), " Description:" + map.get("error_description"));
            AuthenticationResult authenticationResult = new AuthenticationResult(map.get("error"), map.get("error_description"), map.get("error_codes"));
            if (map.get("response_body") != null) {
                try {
                    extractJsonObjects(null, map.get("response_body"));
                    authenticationResult.setHttpResponseBody(null);
                } catch (JSONException e) {
                    Logger.e(TAG, "Json exception", ExceptionExtensions.getExceptionMessage(e), ADALError.SERVER_INVALID_JSON_RESPONSE);
                }
            }
            if (map.get("response_headers") != null) {
                try {
                    authenticationResult.setHttpResponseHeaders(HashMapExtensions.jsonStringAsMapList(map.get("response_headers")));
                } catch (JSONException e2) {
                    Logger.e(TAG, "Json exception", ExceptionExtensions.getExceptionMessage(e2), ADALError.SERVER_INVALID_JSON_RESPONSE);
                }
            }
            if (map.get("status_code") != null) {
                authenticationResult.setServiceStatusCode(Integer.parseInt(map.get("status_code")));
            }
            return authenticationResult;
        }
        if (map.containsKey("code")) {
            AuthenticationResult authenticationResult2 = new AuthenticationResult(this.mRequest.getClientId(), map.get("code"));
            String str5 = map.get("cloud_instance_host_name");
            if (com.microsoft.identity.common.adal.internal.util.StringExtensions.isNullOrBlank(str5)) {
                return authenticationResult2;
            }
            String uri = new Uri.Builder().scheme("https").authority(str5).path(com.microsoft.identity.common.adal.internal.util.StringExtensions.getUrl(this.mRequest.getAuthority()).getPath()).build().toString();
            setTokenEndpoint(uri + DEFAULT_TOKEN_ENDPOINT);
            authenticationResult2.setAuthority(uri);
            return authenticationResult2;
        }
        if (!map.containsKey("access_token")) {
            return null;
        }
        String str6 = map.get("expires_in");
        GregorianCalendar gregorianCalendar = new GregorianCalendar();
        Long valueOf = Long.valueOf((str6 == null || str6.isEmpty()) ? 3600L : Long.parseLong(str6));
        gregorianCalendar.add(13, (str6 == null || str6.isEmpty()) ? 3600 : Integer.parseInt(str6));
        String str7 = map.get("refresh_token");
        if (!map.containsKey("resource") || com.microsoft.identity.common.adal.internal.util.StringExtensions.isNullOrBlank(str7)) {
            str = null;
            z = false;
        } else {
            str = map.get("resource");
            z = true;
        }
        if (map.containsKey("id_token")) {
            String str8 = map.get("id_token");
            if (com.microsoft.identity.common.adal.internal.util.StringExtensions.isNullOrBlank(str8)) {
                Logger.v(TAG, "IdToken was not returned from token request.");
                str3 = str8;
                userInfo = null;
                str2 = null;
            } else {
                Logger.v(TAG, "Id token was returned, parsing id token.");
                IdToken idToken = new IdToken(str8);
                str3 = str8;
                str2 = idToken.getTenantId();
                userInfo = new UserInfo(idToken);
            }
        } else {
            userInfo = null;
            str2 = null;
            str3 = null;
        }
        String str9 = map.containsKey(AuthenticationConstants.OAuth2.ADAL_CLIENT_FAMILY_ID) ? map.get(AuthenticationConstants.OAuth2.ADAL_CLIENT_FAMILY_ID) : null;
        if (map.containsKey("client_info")) {
            try {
                clientInfo = new ClientInfo(map.get("client_info"));
            } catch (ServiceException unused2) {
                Logger.w(TAG, "ClientInfo decoding/parsing failed.");
            }
        }
        AuthenticationResult authenticationResult3 = new AuthenticationResult(map.get("access_token"), str7, gregorianCalendar.getTime(), z, userInfo, str2, str3, null, this.mRequest.getClientId());
        authenticationResult3.setResource(str);
        authenticationResult3.setClientInfo(clientInfo);
        authenticationResult3.setExpiresIn(valueOf);
        authenticationResult3.setResponseReceived(Long.valueOf(System.currentTimeMillis()));
        if (map.containsKey(AuthenticationConstants.OAuth2.EXT_EXPIRES_IN)) {
            String str10 = map.get(AuthenticationConstants.OAuth2.EXT_EXPIRES_IN);
            GregorianCalendar gregorianCalendar2 = new GregorianCalendar();
            gregorianCalendar2.add(13, com.microsoft.identity.common.adal.internal.util.StringExtensions.isNullOrBlank(str10) ? 3600 : Integer.parseInt(str10));
            authenticationResult3.setExtendedExpiresOn(gregorianCalendar2.getTime());
        }
        authenticationResult3.setFamilyClientId(str9);
        return authenticationResult3;
    }

    public AuthenticationResult refreshToken(String str) throws IOException, AuthenticationException {
        if (this.mWebRequestHandler == null) {
            Logger.v(TAG, "Web request is not set correctly.");
            throw new IllegalArgumentException("webRequestHandler is null.");
        }
        try {
            String buildRefreshTokenRequestMessage = buildRefreshTokenRequestMessage(str);
            Map<String, String> requestHeaders = getRequestHeaders();
            requestHeaders.put("x-ms-PKeyAuth", "1.0");
            Logger.v(TAG, "Sending request to redeem token with refresh token.");
            return postMessage(buildRefreshTokenRequestMessage, requestHeaders);
        } catch (UnsupportedEncodingException e) {
            Logger.e(TAG, ADALError.ENCODING_IS_NOT_SUPPORTED.getDescription(), e.getMessage(), ADALError.ENCODING_IS_NOT_SUPPORTED, e);
            return null;
        }
    }

    public AuthenticationResult refreshTokenUsingAssertion(String str, String str2) throws IOException, AuthenticationException {
        if (this.mWebRequestHandler == null) {
            Logger.v(TAG, "Web request is not set correctly.");
            throw new IllegalArgumentException("webRequestHandler is null.");
        }
        try {
            String buildAssertionMessage = buildAssertionMessage(str, str2);
            Map<String, String> requestHeaders = getRequestHeaders();
            requestHeaders.put("x-ms-PKeyAuth", "1.0");
            Logger.v(TAG, "Sending request to redeem token with assertion.");
            return postMessage(buildAssertionMessage, requestHeaders);
        } catch (UnsupportedEncodingException e) {
            Logger.e(TAG, ADALError.ENCODING_IS_NOT_SUPPORTED.getDescription(), e.getMessage(), ADALError.ENCODING_IS_NOT_SUPPORTED, e);
            return null;
        }
    }

    public void setBrokerClientVersion(String str) {
        this.mBrokerClientVersion = str;
    }

    public void setClientVersion(String str) {
        this.mClientVersion = str;
        IWebRequestHandler iWebRequestHandler = this.mWebRequestHandler;
        if (iWebRequestHandler != null) {
            iWebRequestHandler.setClientVersion(str);
        }
    }

    public void setTokenEndpoint(String str) {
        this.mTokenEndpoint = str;
    }
}
