package com.microsoft.office.outlook.ui.onboarding.sso.task;

import android.accounts.AuthenticatorException;
import android.accounts.OperationCanceledException;
import android.annotation.SuppressLint;
import android.content.Context;
import android.text.TextUtils;
import com.acompli.accore.l0;
import com.acompli.accore.model.ACMailAccount;
import com.acompli.accore.util.z;
import com.microsoft.aad.adal.ADALAuthenticationContext;
import com.microsoft.aad.adal.AuthenticationException;
import com.microsoft.aad.adal.AuthenticationResult;
import com.microsoft.aad.adal.UserInfo;
import com.microsoft.cortana.shared.cortana.skills.commute.CommuteSkillScenario;
import com.microsoft.office.outlook.auth.AuthenticationType;
import com.microsoft.office.outlook.feature.FeatureManager;
import com.microsoft.office.outlook.logger.Logger;
import com.microsoft.office.outlook.logger.Loggers;
import com.microsoft.office.outlook.mats.MATSWrapper;
import com.microsoft.office.outlook.oneauth.contract.OneAuthManager;
import com.microsoft.office.outlook.oneauth.model.OneAuthSSOAccount;
import com.microsoft.office.outlook.restproviders.OutlookMSA;
import com.microsoft.office.outlook.sso.SSOAccountSubType;
import com.microsoft.office.outlook.tokenstore.TokenRestApi;
import com.microsoft.office.outlook.ui.onboarding.sso.datamodels.MicrosoftSSOAccount;
import com.microsoft.office.outlook.ui.onboarding.sso.datamodels.SSOAccount;
import com.microsoft.office.outlook.util.GooglePlayServices;
import com.microsoft.office.outlook.utils.AccountMigrationUtil;
import com.microsoft.tokenshare.AccountInfo;
import com.microsoft.tokenshare.AccountNotFoundException;
import com.microsoft.tokenshare.RefreshToken;
import com.microsoft.tokenshare.q;
import cu.l;
import d5.k;
import d5.p;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.TimeoutException;
import n5.a;
import vt.d;

/* loaded from: classes5.dex */
public class MicrosoftSSOAccountLoader implements SSOAccountLoader {
    private static final Logger LOG = Loggers.getInstance().getAccountLogger().withTag("MicrosoftSSOAccountLoader");

    private boolean accountAlreadyExists(List<ACMailAccount> list, SSOAccountSubType sSOAccountSubType, String str, String str2) {
        for (ACMailAccount aCMailAccount : list) {
            if (sSOAccountSubType == SSOAccountSubType.AAD) {
                String userID = aCMailAccount.getUserID();
                if (userID != null && userID.equalsIgnoreCase(str)) {
                    return true;
                }
            } else {
                String primaryEmail = aCMailAccount.getPrimaryEmail();
                if (primaryEmail != null && primaryEmail.equalsIgnoreCase(str2)) {
                    return true;
                }
            }
        }
        return false;
    }

    @SuppressLint({"BlockingAsyncCall"})
    private void populateAccountsFromOneAuth(final OneAuthManager oneAuthManager, FeatureManager featureManager, Map<String, SSOAccount> map, List<ACMailAccount> list) {
        Logger logger = LOG;
        logger.d("Populating accounts from OneAuth");
        p f10 = k.f(new l() { // from class: ir.a
            @Override // cu.l
            public final Object invoke(Object obj) {
                Object sSOAccounts;
                sSOAccounts = OneAuthManager.this.getSSOAccounts((d) obj);
                return sSOAccounts;
            }
        });
        try {
            f10.R(10L, TimeUnit.SECONDS, "populateAccountsFromOneAuth");
            if (!f6.k.p(f10)) {
                logger.e("OneAuth SSOTask failed");
                return;
            }
            List<OneAuthSSOAccount> list2 = (List) f10.z();
            if (list2 == null) {
                logger.d("Found no SSO accounts from OneAuth");
                return;
            }
            StringBuilder sb2 = new StringBuilder();
            logger.d("Found " + list2.size() + " SSO accounts from OneAuth");
            for (OneAuthSSOAccount oneAuthSSOAccount : list2) {
                SSOAccountSubType accountType = oneAuthSSOAccount.getAccountType();
                if (!accountAlreadyExists(list, accountType, oneAuthSSOAccount.getProviderId(), oneAuthSSOAccount.getEmail())) {
                    MicrosoftSSOAccount microsoftSSOAccount = new MicrosoftSSOAccount(oneAuthSSOAccount.getEmail(), oneAuthSSOAccount.getPackageId(), accountType, true, null, oneAuthSSOAccount.getProviderId());
                    microsoftSSOAccount.selected = true;
                    setIsOneAuthEnabledForSSOAccount(microsoftSSOAccount, accountType, featureManager);
                    sb2.setLength(0);
                    sb2.append("Provider Id: ");
                    sb2.append(oneAuthSSOAccount.getProviderId());
                    sb2.append("\n");
                    sb2.append("Provider Package: ");
                    sb2.append(oneAuthSSOAccount.getPackageId());
                    microsoftSSOAccount.debugInfo = sb2.toString();
                    microsoftSSOAccount.setOneAuthAccountId(oneAuthSSOAccount.getOneAuthAccountId());
                    String lowerCase = microsoftSSOAccount.email.toLowerCase();
                    if (map.containsKey(lowerCase) && microsoftSSOAccount.getAccountRequirement() == SSOAccount.AccountRequirement.NONE) {
                        map.remove(lowerCase);
                    }
                    if (!map.containsKey(lowerCase) && microsoftSSOAccount.isOneAuthSupportedAccount()) {
                        map.put(lowerCase, microsoftSSOAccount);
                    }
                }
            }
        } catch (InterruptedException e10) {
            LOG.e("InterruptedException while reading SSO accounts from OneAuth", e10);
        }
    }

    private void populateAccountsFromTSL(Map<String, SSOAccount> map, Context context, z zVar, FeatureManager featureManager, a aVar, List<ACMailAccount> list, boolean z10) {
        try {
            List<AccountInfo> e10 = q.h().e(context);
            StringBuilder sb2 = new StringBuilder();
            for (AccountInfo accountInfo : e10) {
                if (accountInfo.getAccountType() != AccountInfo.AccountType.OTHER && !TextUtils.isEmpty(accountInfo.getPrimaryEmail())) {
                    SSOAccountSubType sSOAccountSubType = SSOAccountSubType.getSSOAccountSubType(accountInfo.getAccountType());
                    if (!accountAlreadyExists(list, sSOAccountSubType, accountInfo.getAccountId(), accountInfo.getPrimaryEmail())) {
                        try {
                            MicrosoftSSOAccount microsoftSSOAccount = new MicrosoftSSOAccount(accountInfo.getPrimaryEmail(), accountInfo.getProviderPackageId(), sSOAccountSubType, AccountMigrationUtil.allowHxAccountCreation(featureManager, zVar, sSOAccountSubType == SSOAccountSubType.MSA ? AuthenticationType.Legacy_OutlookMSARest : AuthenticationType.Legacy_Office365RestDirect), null, accountInfo.getAccountId());
                            setIsOneAuthEnabledForSSOAccount(microsoftSSOAccount, sSOAccountSubType, featureManager);
                            microsoftSSOAccount.selected = true;
                            sb2.setLength(0);
                            sb2.append("Account ID: ");
                            sb2.append(accountInfo.getAccountId());
                            sb2.append("\n");
                            sb2.append("Provider Package: ");
                            sb2.append(accountInfo.getProviderPackageId());
                            sb2.append("\n");
                            sb2.append("Is Int or Ppe: ");
                            sb2.append(accountInfo.isIntOrPpe());
                            microsoftSSOAccount.debugInfo = sb2.toString();
                            String lowerCase = microsoftSSOAccount.email.toLowerCase();
                            if (map.containsKey(lowerCase) && microsoftSSOAccount.getAccountRequirement() == SSOAccount.AccountRequirement.NONE) {
                                map.remove(lowerCase);
                            }
                            if (!map.containsKey(lowerCase)) {
                                map.put(lowerCase, microsoftSSOAccount);
                                if (z10) {
                                    setAccessTokens(context, accountInfo, microsoftSSOAccount);
                                }
                            }
                            if (aVar.r()) {
                                microsoftSSOAccount.setAccountRequirement(SSOAccount.AccountRequirement.PASSWORD);
                            }
                        } catch (AccountNotFoundException | IOException | InterruptedException | TimeoutException e11) {
                            LOG.d("Failed getting sso account tokens", e11);
                        }
                    }
                }
            }
        } catch (IOException | InterruptedException e12) {
            LOG.e("Failed getting MSA SSO accounts", e12);
        }
    }

    private void populateBrokerAccounts(Map<String, SSOAccount> map, Context context, z zVar, FeatureManager featureManager, List<ACMailAccount> list) {
        try {
            UserInfo[] brokerUsers = com.acompli.accore.util.d.q(context).getBrokerUsers();
            if (brokerUsers == null) {
                LOG.v("No accounts available from the Broker");
                return;
            }
            StringBuilder sb2 = new StringBuilder();
            for (UserInfo userInfo : brokerUsers) {
                String displayableId = userInfo.getDisplayableId();
                String userId = userInfo.getUserId();
                if (displayableId == null) {
                    LOG.d("Skipping broker account with userId " + userId + " as userInfoDisplayableId is null");
                } else {
                    String lowerCase = displayableId.toLowerCase();
                    Date passwordExpiresOn = userInfo.getPasswordExpiresOn();
                    if (passwordExpiresOn == null || !passwordExpiresOn.before(new Date())) {
                        SSOAccountSubType sSOAccountSubType = SSOAccountSubType.AAD;
                        if (!accountAlreadyExists(list, sSOAccountSubType, userId, lowerCase)) {
                            MicrosoftSSOAccount microsoftSSOAccount = new MicrosoftSSOAccount(lowerCase, userInfo.getIdentityProvider(), sSOAccountSubType, AccountMigrationUtil.allowHxAccountCreation(featureManager, zVar, AuthenticationType.Legacy_Office365RestDirect), null, userId);
                            microsoftSSOAccount.selected = true;
                            setIsOneAuthEnabledForSSOAccount(microsoftSSOAccount, sSOAccountSubType, featureManager);
                            sb2.setLength(0);
                            sb2.append("Account ID: ");
                            sb2.append(userId);
                            sb2.append("\n");
                            sb2.append("Identity Provider: ");
                            sb2.append(userInfo.getIdentityProvider());
                            sb2.append("\n");
                            sb2.append("expirationDate: ");
                            if (passwordExpiresOn == null) {
                                sb2.append(CommuteSkillScenario.ACTION_NONE);
                            } else {
                                sb2.append(System.currentTimeMillis() - passwordExpiresOn.getTime());
                                sb2.append("ms");
                            }
                            microsoftSSOAccount.debugInfo = sb2.toString();
                            if (!map.containsKey(lowerCase)) {
                                map.put(lowerCase, microsoftSSOAccount);
                            }
                        }
                    }
                }
            }
        } catch (AuthenticatorException | OperationCanceledException | IOException e10) {
            LOG.e("Failed getting accounts from Broker", e10);
        }
    }

    private void setAccessTokens(Context context, AccountInfo accountInfo, MicrosoftSSOAccount microsoftSSOAccount) throws InterruptedException, AccountNotFoundException, TimeoutException, IOException {
        RefreshToken j10 = q.h().j(context, accountInfo);
        if (j10 == null) {
            throw new AccountNotFoundException("Error getting refresh token");
        }
        microsoftSSOAccount.mRefreshToken = j10.b();
        if (accountInfo.getAccountType() == AccountInfo.AccountType.ORGID) {
            setAccessTokensForO365(context, accountInfo, microsoftSSOAccount);
        } else if (accountInfo.getAccountType() == AccountInfo.AccountType.MSA) {
            setAccessTokensForOutlook(microsoftSSOAccount);
        }
    }

    private void setAccessTokensForO365(Context context, AccountInfo accountInfo, MicrosoftSSOAccount microsoftSSOAccount) throws InterruptedException {
        ADALAuthenticationContext aDALAuthenticationContext = new ADALAuthenticationContext(context, "https://login.windows.net/common/oauth2/token", false);
        try {
            aDALAuthenticationContext.deserialize(microsoftSSOAccount.mRefreshToken);
            try {
                AuthenticationResult l10 = com.acompli.accore.util.d.l(aDALAuthenticationContext, new MATSWrapper(), TokenRestApi.AAD_PRIMARY, "27922004-5251-4030-b22d-91ecd9a37ea4", accountInfo.getAccountId());
                if (l10.getStatus() == AuthenticationResult.AuthenticationStatus.Succeeded) {
                    microsoftSSOAccount.mExchangeResult = l10;
                } else {
                    Logger logger = LOG;
                    logger.e("Error: " + l10.getErrorCode() + " " + l10.getErrorDescription());
                    logger.e(l10.getErrorLogInfo());
                }
            } catch (AuthenticationException e10) {
                LOG.e("Error getting resource_exchange (direct) access token", e10);
            }
        } catch (AuthenticationException | IllegalArgumentException e11) {
            LOG.e("Error deserializing refresh token", e11);
        }
    }

    private void setAccessTokensForOutlook(MicrosoftSSOAccount microsoftSSOAccount) throws IOException {
        try {
            retrofit2.q<OutlookMSA.RefreshResponse> doTokenRefresh = OutlookMSA.doTokenRefresh((OutlookMSA.RefreshRequest) l6.a.h().e("https://login.live.com/", OutlookMSA.RefreshRequest.class, "OutlookMSA.RefreshRequest"), new MATSWrapper(), "service::outlook.office.com::MBI_SSL", microsoftSSOAccount.mRefreshToken, microsoftSSOAccount.mCid);
            if (!doTokenRefresh.f()) {
                LOG.w("Unsuccessful response trying to refresh Outlook MSA token for account");
                microsoftSSOAccount.mOutlookRefreshResponse = null;
                return;
            }
            OutlookMSA.RefreshResponse a10 = doTokenRefresh.a();
            if (a10 == null || a10.access_token == null) {
                LOG.e("Error refreshing Outlook MSA Token: " + a10);
            }
            microsoftSSOAccount.mOutlookRefreshResponse = a10;
        } catch (RuntimeException e10) {
            LOG.e("Failed to refresh Outlook token", e10);
        }
    }

    private void setIsOneAuthEnabledForSSOAccount(MicrosoftSSOAccount microsoftSSOAccount, SSOAccountSubType sSOAccountSubType, FeatureManager featureManager) {
        microsoftSSOAccount.setIsOneAuthSupportedAccount(sSOAccountSubType == SSOAccountSubType.MSA || (sSOAccountSubType == SSOAccountSubType.AAD && featureManager.isFeatureOn(FeatureManager.Feature.ONEAUTH_O365)));
    }

    @Override // com.microsoft.office.outlook.ui.onboarding.sso.task.SSOAccountLoader
    public ArrayList<SSOAccount> loadAccounts(Context context, FeatureManager featureManager, a aVar, z zVar, l0 l0Var, List<ACMailAccount> list, boolean z10, GooglePlayServices googlePlayServices, OneAuthManager oneAuthManager) {
        HashMap hashMap = new HashMap();
        populateAccountsFromOneAuth(oneAuthManager, featureManager, hashMap, list);
        populateAccountsFromTSL(hashMap, context, zVar, featureManager, aVar, list, z10);
        if (featureManager.isFeatureOn(FeatureManager.Feature.POPULATE_BROKER_ACCOUNTS)) {
            populateBrokerAccounts(hashMap, context, zVar, featureManager, list);
        }
        return new ArrayList<>(hashMap.values());
    }
}
