package com.microsoft.office.outlook.ui.onboarding.sso.task;

import android.accounts.AuthenticatorException;
import android.accounts.OperationCanceledException;
import android.annotation.SuppressLint;
import android.content.Context;
import android.text.TextUtils;
import bolts.CoroutineUtils;
import bolts.Task;
import com.acompli.accore.ACAccountManager;
import com.acompli.accore.ACCore;
import com.acompli.accore.debug.DebugSharedPreferences;
import com.acompli.accore.features.FeatureManager;
import com.acompli.accore.model.ACMailAccount;
import com.acompli.accore.util.ADALUtil;
import com.acompli.accore.util.Environment;
import com.acompli.accore.util.concurrent.TaskUtil;
import com.acompli.acompli.api.RestAdapterFactory;
import com.facebook.react.views.textinput.ReactEditTextInputConnectionWrapper;
import com.microsoft.aad.adal.ADALAuthenticationContext;
import com.microsoft.aad.adal.AuthenticationException;
import com.microsoft.aad.adal.AuthenticationResult;
import com.microsoft.aad.adal.UserInfo;
import com.microsoft.cortana.shared.cortana.skills.commute.CommuteSkillScenario;
import com.microsoft.office.outlook.auth.AuthenticationType;
import com.microsoft.office.outlook.logger.Logger;
import com.microsoft.office.outlook.logger.Loggers;
import com.microsoft.office.outlook.mats.MATSWrapper;
import com.microsoft.office.outlook.oneauth.contract.OneAuthManager;
import com.microsoft.office.outlook.oneauth.model.OneAuthSSOAccount;
import com.microsoft.office.outlook.restproviders.OutlookMSA;
import com.microsoft.office.outlook.sso.SSOAccountSubType;
import com.microsoft.office.outlook.tokenstore.TokenRestApi;
import com.microsoft.office.outlook.ui.onboarding.sso.datamodels.MicrosoftSSOAccount;
import com.microsoft.office.outlook.ui.onboarding.sso.datamodels.SSOAccount;
import com.microsoft.office.outlook.util.GooglePlayServices;
import com.microsoft.office.outlook.utils.AccountMigrationUtil;
import com.microsoft.tokenshare.AccountInfo;
import com.microsoft.tokenshare.AccountNotFoundException;
import com.microsoft.tokenshare.RefreshToken;
import com.microsoft.tokenshare.TokenSharingManager;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.TimeoutException;
import kotlin.coroutines.Continuation;
import kotlin.jvm.functions.Function1;
import retrofit2.Response;

/* loaded from: classes3.dex */
public class MicrosoftSSOAccountLoader implements SSOAccountLoader {
    private static final Logger LOG = Loggers.getInstance().getAccountLogger().withTag("MicrosoftSSOAccountLoader");

    private boolean accountAlreadyExists(List<ACMailAccount> list, SSOAccountSubType sSOAccountSubType, String str, String str2) {
        for (ACMailAccount aCMailAccount : list) {
            if (sSOAccountSubType == SSOAccountSubType.AAD) {
                String userID = aCMailAccount.getUserID();
                if (userID != null && userID.equalsIgnoreCase(str)) {
                    return true;
                }
            } else {
                String primaryEmail = aCMailAccount.getPrimaryEmail();
                if (primaryEmail != null && primaryEmail.equalsIgnoreCase(str2)) {
                    return true;
                }
            }
        }
        return false;
    }

    @SuppressLint({"WaitForCompletionThreadBlock"})
    private void populateAccountsFromOneAuth(final OneAuthManager oneAuthManager, FeatureManager featureManager, Map<String, SSOAccount> map, List<ACMailAccount> list) {
        Logger logger = LOG;
        logger.d("Populating accounts from OneAuth");
        Task f2 = CoroutineUtils.f(new Function1() { // from class: x.a
            @Override // kotlin.jvm.functions.Function1
            public final Object invoke(Object obj) {
                Object sSOAccounts;
                sSOAccounts = OneAuthManager.this.getSSOAccounts((Continuation) obj);
                return sSOAccounts;
            }
        });
        try {
            f2.R(10L, TimeUnit.SECONDS);
            if (!TaskUtil.p(f2)) {
                logger.e("OneAuth SSOTask failed");
                return;
            }
            List<OneAuthSSOAccount> list2 = (List) f2.z();
            if (list2 == null) {
                logger.d("Found no SSO accounts from OneAuth");
                return;
            }
            StringBuilder sb = new StringBuilder();
            logger.d("Found " + list2.size() + " SSO accounts from OneAuth");
            for (OneAuthSSOAccount oneAuthSSOAccount : list2) {
                SSOAccountSubType accountType = oneAuthSSOAccount.getAccountType();
                if (!accountAlreadyExists(list, accountType, oneAuthSSOAccount.getProviderId(), oneAuthSSOAccount.getEmail())) {
                    MicrosoftSSOAccount microsoftSSOAccount = new MicrosoftSSOAccount(oneAuthSSOAccount.getEmail(), oneAuthSSOAccount.getPackageId(), accountType, true, null, oneAuthSSOAccount.getProviderId());
                    microsoftSSOAccount.selected = true;
                    setIsOneAuthEnabledForSSOAccount(microsoftSSOAccount, accountType, featureManager);
                    sb.setLength(0);
                    sb.append("Provider Id: ");
                    sb.append(oneAuthSSOAccount.getProviderId());
                    sb.append(ReactEditTextInputConnectionWrapper.NEWLINE_RAW_VALUE);
                    sb.append("Provider Package: ");
                    sb.append(oneAuthSSOAccount.getPackageId());
                    microsoftSSOAccount.debugInfo = sb.toString();
                    microsoftSSOAccount.setOneAuthAccountId(oneAuthSSOAccount.getOneAuthAccountId());
                    String lowerCase = microsoftSSOAccount.email.toLowerCase();
                    if (map.containsKey(lowerCase) && microsoftSSOAccount.getAccountRequirement() == SSOAccount.AccountRequirement.NONE) {
                        map.remove(lowerCase);
                    }
                    if (!map.containsKey(lowerCase)) {
                        map.put(lowerCase, microsoftSSOAccount);
                    }
                }
            }
        } catch (InterruptedException e2) {
            LOG.e("InterruptedException while reading SSO accounts from OneAuth", e2);
        }
    }

    private void populateAccountsFromTSL(Map<String, SSOAccount> map, Context context, Environment environment, FeatureManager featureManager, DebugSharedPreferences debugSharedPreferences, List<ACMailAccount> list, boolean z) {
        try {
            List<AccountInfo> e2 = TokenSharingManager.h().e(context);
            StringBuilder sb = new StringBuilder();
            for (AccountInfo accountInfo : e2) {
                if (accountInfo.getAccountType() != AccountInfo.AccountType.OTHER && !TextUtils.isEmpty(accountInfo.getPrimaryEmail())) {
                    SSOAccountSubType sSOAccountSubType = SSOAccountSubType.getSSOAccountSubType(accountInfo.getAccountType());
                    if (!accountAlreadyExists(list, sSOAccountSubType, accountInfo.getAccountId(), accountInfo.getPrimaryEmail())) {
                        try {
                            MicrosoftSSOAccount microsoftSSOAccount = new MicrosoftSSOAccount(accountInfo.getPrimaryEmail(), accountInfo.getProviderPackageId(), sSOAccountSubType, AccountMigrationUtil.allowHxAccountCreation(featureManager, environment, sSOAccountSubType == SSOAccountSubType.MSA ? AuthenticationType.Legacy_OutlookMSARest : AuthenticationType.Legacy_Office365RestDirect), null, accountInfo.getAccountId());
                            setIsOneAuthEnabledForSSOAccount(microsoftSSOAccount, sSOAccountSubType, featureManager);
                            microsoftSSOAccount.selected = true;
                            sb.setLength(0);
                            sb.append("Account ID: ");
                            sb.append(accountInfo.getAccountId());
                            sb.append(ReactEditTextInputConnectionWrapper.NEWLINE_RAW_VALUE);
                            sb.append("Provider Package: ");
                            sb.append(accountInfo.getProviderPackageId());
                            sb.append(ReactEditTextInputConnectionWrapper.NEWLINE_RAW_VALUE);
                            sb.append("Is Int or Ppe: ");
                            sb.append(accountInfo.isIntOrPpe());
                            microsoftSSOAccount.debugInfo = sb.toString();
                            String lowerCase = microsoftSSOAccount.email.toLowerCase();
                            if (map.containsKey(lowerCase) && microsoftSSOAccount.getAccountRequirement() == SSOAccount.AccountRequirement.NONE) {
                                map.remove(lowerCase);
                            }
                            if (!map.containsKey(lowerCase)) {
                                map.put(lowerCase, microsoftSSOAccount);
                                if (z) {
                                    setAccessTokens(context, accountInfo, microsoftSSOAccount);
                                }
                            }
                            if (debugSharedPreferences.l()) {
                                microsoftSSOAccount.setAccountRequirement(SSOAccount.AccountRequirement.PASSWORD);
                            }
                        } catch (AccountNotFoundException | IOException | InterruptedException | TimeoutException e3) {
                            LOG.d("Failed getting sso account tokens", e3);
                        }
                    }
                }
            }
        } catch (IOException | InterruptedException e4) {
            LOG.e("Failed getting MSA SSO accounts", e4);
        }
    }

    private void populateBrokerAccounts(Map<String, SSOAccount> map, Context context, Environment environment, FeatureManager featureManager, List<ACMailAccount> list) {
        UserInfo[] userInfoArr;
        try {
            UserInfo[] brokerUsers = ADALUtil.q(context).getBrokerUsers();
            if (brokerUsers == null) {
                LOG.v("No accounts available from the Broker");
                return;
            }
            StringBuilder sb = new StringBuilder();
            int length = brokerUsers.length;
            int i2 = 0;
            while (i2 < length) {
                UserInfo userInfo = brokerUsers[i2];
                String lowerCase = userInfo.getDisplayableId().toLowerCase();
                Date passwordExpiresOn = userInfo.getPasswordExpiresOn();
                if (passwordExpiresOn == null || !passwordExpiresOn.before(new Date())) {
                    SSOAccountSubType sSOAccountSubType = SSOAccountSubType.AAD;
                    if (!accountAlreadyExists(list, sSOAccountSubType, userInfo.getUserId(), lowerCase)) {
                        userInfoArr = brokerUsers;
                        MicrosoftSSOAccount microsoftSSOAccount = new MicrosoftSSOAccount(lowerCase, userInfo.getIdentityProvider(), sSOAccountSubType, AccountMigrationUtil.allowHxAccountCreation(featureManager, environment, AuthenticationType.Legacy_Office365RestDirect), null, userInfo.getUserId());
                        microsoftSSOAccount.selected = true;
                        setIsOneAuthEnabledForSSOAccount(microsoftSSOAccount, sSOAccountSubType, featureManager);
                        sb.setLength(0);
                        sb.append("Account ID: ");
                        sb.append(userInfo.getUserId());
                        sb.append(ReactEditTextInputConnectionWrapper.NEWLINE_RAW_VALUE);
                        sb.append("Identity Provider: ");
                        sb.append(userInfo.getIdentityProvider());
                        sb.append(ReactEditTextInputConnectionWrapper.NEWLINE_RAW_VALUE);
                        sb.append("expirationDate: ");
                        if (passwordExpiresOn == null) {
                            sb.append(CommuteSkillScenario.ACTION_NONE);
                        } else {
                            sb.append(System.currentTimeMillis() - passwordExpiresOn.getTime());
                            sb.append("ms");
                        }
                        microsoftSSOAccount.debugInfo = sb.toString();
                        if (!map.containsKey(lowerCase)) {
                            map.put(userInfo.getDisplayableId(), microsoftSSOAccount);
                        }
                        i2++;
                        brokerUsers = userInfoArr;
                    }
                }
                userInfoArr = brokerUsers;
                i2++;
                brokerUsers = userInfoArr;
            }
        } catch (AuthenticatorException | OperationCanceledException | IOException e2) {
            LOG.e("Failed getting accounts from Broker", e2);
        }
    }

    private void setAccessTokens(Context context, AccountInfo accountInfo, MicrosoftSSOAccount microsoftSSOAccount) throws InterruptedException, AccountNotFoundException, TimeoutException, IOException {
        RefreshToken j2 = TokenSharingManager.h().j(context, accountInfo);
        if (j2 == null) {
            throw new AccountNotFoundException("Error getting refresh token");
        }
        microsoftSSOAccount.mRefreshToken = j2.b();
        if (accountInfo.getAccountType() == AccountInfo.AccountType.ORGID) {
            setAccessTokensForO365(context, accountInfo, microsoftSSOAccount);
        } else if (accountInfo.getAccountType() == AccountInfo.AccountType.MSA) {
            setAccessTokensForOutlook(microsoftSSOAccount);
        }
    }

    private void setAccessTokensForO365(Context context, AccountInfo accountInfo, MicrosoftSSOAccount microsoftSSOAccount) throws InterruptedException {
        ADALAuthenticationContext aDALAuthenticationContext = new ADALAuthenticationContext(context, "https://login.windows.net/common/oauth2/token", false);
        try {
            aDALAuthenticationContext.deserialize(microsoftSSOAccount.mRefreshToken);
            try {
                AuthenticationResult l2 = ADALUtil.l(aDALAuthenticationContext, new MATSWrapper(), TokenRestApi.AAD_PRIMARY, "27922004-5251-4030-b22d-91ecd9a37ea4", accountInfo.getAccountId());
                if (l2.getStatus() == AuthenticationResult.AuthenticationStatus.Succeeded) {
                    microsoftSSOAccount.mExchangeResult = l2;
                } else {
                    Logger logger = LOG;
                    logger.e("Error: " + l2.getErrorCode() + " " + l2.getErrorDescription());
                    logger.e(l2.getErrorLogInfo());
                }
            } catch (AuthenticationException e2) {
                LOG.e("Error getting resource_exchange (direct) access token", e2);
            }
        } catch (AuthenticationException e3) {
            LOG.e("Error deserializing refresh token", e3);
        }
    }

    private void setAccessTokensForOutlook(MicrosoftSSOAccount microsoftSSOAccount) throws IOException {
        try {
            Response<OutlookMSA.RefreshResponse> doTokenRefresh = OutlookMSA.doTokenRefresh((OutlookMSA.RefreshRequest) RestAdapterFactory.i().e("https://login.live.com/", OutlookMSA.RefreshRequest.class, "OutlookMSA.RefreshRequest"), new MATSWrapper(), "service::outlook.office.com::MBI_SSL", microsoftSSOAccount.mRefreshToken, microsoftSSOAccount.mCid);
            if (!doTokenRefresh.f()) {
                LOG.w("Unsuccessful response trying to refresh Outlook MSA token for account");
                microsoftSSOAccount.mOutlookRefreshResponse = null;
                return;
            }
            OutlookMSA.RefreshResponse a2 = doTokenRefresh.a();
            if (a2 == null || a2.access_token == null) {
                LOG.e("Error refreshing Outlook MSA Token: " + a2);
            }
            microsoftSSOAccount.mOutlookRefreshResponse = a2;
        } catch (RuntimeException e2) {
            LOG.e("Failed to refresh Outlook token", e2);
        }
    }

    private void setIsOneAuthEnabledForSSOAccount(MicrosoftSSOAccount microsoftSSOAccount, SSOAccountSubType sSOAccountSubType, FeatureManager featureManager) {
        microsoftSSOAccount.setIsOneAuthSupportedAccount((sSOAccountSubType == SSOAccountSubType.MSA && featureManager.m(FeatureManager.Feature.ONEAUTH_MSA)) || (sSOAccountSubType == SSOAccountSubType.AAD && featureManager.m(FeatureManager.Feature.ONEAUTH_O365)));
    }

    @Override // com.microsoft.office.outlook.ui.onboarding.sso.task.SSOAccountLoader
    public ArrayList<SSOAccount> loadAccounts(Context context, ACCore aCCore, FeatureManager featureManager, DebugSharedPreferences debugSharedPreferences, Environment environment, ACAccountManager aCAccountManager, List<ACMailAccount> list, boolean z, GooglePlayServices googlePlayServices, OneAuthManager oneAuthManager) {
        HashMap hashMap = new HashMap();
        if (featureManager.m(FeatureManager.Feature.ONEAUTH_SSO)) {
            populateAccountsFromOneAuth(oneAuthManager, featureManager, hashMap, list);
        }
        populateAccountsFromTSL(hashMap, context, environment, featureManager, debugSharedPreferences, list, z);
        if (featureManager.m(FeatureManager.Feature.POPULATE_BROKER_ACCOUNTS)) {
            populateBrokerAccounts(hashMap, context, environment, featureManager, list);
        }
        return new ArrayList<>(hashMap.values());
    }
}
