package com.microsoft.windowsintune.companyportal.authentication.aad;

import android.annotation.SuppressLint;
import android.app.Application;
import android.content.Context;
import android.content.Intent;
import android.os.Binder;
import android.os.Bundle;
import android.os.Handler;
import android.os.IBinder;
import android.os.Message;
import android.os.Messenger;
import com.microsoft.aad.adal.ADALError;
import com.microsoft.aad.adal.AuthenticationException;
import com.microsoft.aad.adal.AuthenticationResult;
import com.microsoft.intune.common.appintegrity.IRuntimeIntegrity;
import com.microsoft.intune.common.enrollment.datacomponent.implementation.EnrollmentSettings;
import com.microsoft.intune.common.enrollment.domain.IEnrollmentSettingsRepository;
import com.microsoft.intune.common.settings.DiagnosticSettings;
import com.microsoft.intune.common.settings.IDeploymentSettings;
import com.microsoft.intune.companyportal.authentication.domain.IAuthManager;
import com.microsoft.intune.companyportal.authentication.domain.telemetry.IAuthenticationTelemetry;
import com.microsoft.intune.companyportal.environment.domain.IEnvironmentRepository;
import com.microsoft.intune.mam.policy.MAMServiceAuthentication;
import com.microsoft.omadm.SessionSettings;
import com.microsoft.omadm.users.UserManager;
import com.microsoft.windowsintune.companyportal.NavigationService;
import com.microsoft.windowsintune.companyportal.ServiceLocator;
import com.microsoft.windowsintune.companyportal.authentication.aad.RemoteClientList;
import com.microsoft.windowsintune.companyportal.exceptions.AadAuthenticationException;
import com.microsoft.windowsintune.companyportal.exceptions.CommonExceptionHandler;
import com.microsoft.windowsintune.companyportal.models.GraphToken;
import com.microsoft.windowsintune.companyportal.models.IntuneToken;
import com.microsoft.windowsintune.companyportal.threading.IWorkersThreadPool;
import com.microsoft.windowsintune.companyportal.utils.CookieManagementUtils;
import com.microsoft.windowsintune.companyportal.utils.Delegate;
import dagger.android.DaggerService;
import java.text.MessageFormat;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.apache.commons.lang3.StringUtils;

/* loaded from: classes2.dex */
public class SignInService extends DaggerService {
    private static final String AAD_USER_AUTHORITY = "AAD_USER_AUTHORITY";
    private static final String AAD_USER_ID = "AAD_USER_ID";
    private static final String AAD_USER_TOKEN = "AAD_USER_TOKEN";
    private static final int AUTHENTICATION_FAILURE = 100;
    private static final int AUTHENTICATION_SUCCESS = 101;
    public static final String BINDER_LOCALITY = "com.microsoft.windowsintune.companyportal.authentication.aad.signinservice.binderlocality";
    private static final String EXCEPTION_TYPE = "EXCEPTION_TYPE";
    public static final int LOCAL_BINDER = 0;
    private static final int REAUTHENTICATE_MAM_SERVICE_SILENT = 5;
    private static final int REAUTHENTICATE_SW_USER = 3;
    private static final int REAUTHENTICATE_SW_USER_SILENT = 4;
    private static final int REGISTER_CLIENT = 1;
    public static final int REMOTE_BINDER = 1;
    private static final int UNREGISTER_CLIENT = 2;
    IAuthManager authManager;
    IEnvironmentRepository environmentRepository;
    private GraphAccess graphAccess;
    private IntuneAccess intuneAccess;
    private final SignInServiceBinder localBinder = new SignInServiceBinder();
    private CallbackList localClients;
    private Messenger messenger;
    private RemoteClientList remoteMAMServiceTokenClients;
    private RemoteClientList remoteSWTokenClients;
    private SessionSettings sessionSettings;
    private SignInFailureAction signInFailureAction;
    private SignInSuccessAction signInSuccessAction;
    private static final Logger LOGGER = Logger.getLogger(SignInService.class.getName());
    private static boolean shouldSignInStart = true;
    private static final Object SIGN_IN_LOCK = new Object();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes2.dex */
    public class AadFailureAction extends Delegate.Action1<Exception> {
        private final Delegate.Action1<Exception> callback;
        private final String exceptionMessage;

        AadFailureAction(Delegate.Action1<Exception> action1, String str) {
            this.callback = action1;
            this.exceptionMessage = str;
        }

        @Override // com.microsoft.windowsintune.companyportal.utils.Delegate.Action1, com.microsoft.windowsintune.companyportal.utils.Delegate.Action1Throw
        public void exec(Exception exc) {
            SignInService.cleanUpOnAdalFailure();
            this.callback.exec(exc instanceof AadAuthenticationException ? (AadAuthenticationException) exc : new AadAuthenticationException(this.exceptionMessage, exc));
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @SuppressLint({"HandlerLeak"})
    /* loaded from: classes2.dex */
    public class MessageHandler extends Handler {
        MessageHandler() {
        }

        @Override // android.os.Handler
        public void handleMessage(Message message) {
            switch (message.what) {
                case 1:
                    int i = message.getData().getInt(UserManager.TARGET_WHAT);
                    if (i == 3 || i == 4) {
                        SignInService.this.remoteSWTokenClients.add(new RemoteClientList.RemoteClient(message.replyTo, message));
                        return;
                    } else if (i == 5) {
                        SignInService.this.remoteMAMServiceTokenClients.add(new RemoteClientList.RemoteClient(message.replyTo, message));
                        return;
                    } else {
                        SignInService.LOGGER.severe("Unknown client registration.");
                        return;
                    }
                case 2:
                    int i2 = message.getData().getInt(UserManager.TARGET_WHAT);
                    if (i2 == 3 || i2 == 4) {
                        SignInService.this.remoteSWTokenClients.remove(message.replyTo);
                        return;
                    } else if (i2 == 5) {
                        SignInService.this.remoteMAMServiceTokenClients.remove(message.replyTo);
                        return;
                    } else {
                        SignInService.LOGGER.severe("Unknown client unregistration.");
                        return;
                    }
                case 3:
                    NavigationService.reauthenticateShiftWorker(SignInService.this);
                    return;
                case 4:
                    SignInService.this.signInUserSilentAsync(null, null);
                    return;
                case 5:
                    SignInService.this.acquireMAMServiceTokenSilentAsync(message.getData().getString("AAD_USER_ID", null), message.getData().getString("AAD_USER_AUTHORITY", null));
                    return;
                default:
                    super.handleMessage(message);
                    return;
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: classes2.dex */
    public class SignInFailureAction extends Delegate.Action1<Exception> {
        protected SignInFailureAction() {
        }

        @Override // com.microsoft.windowsintune.companyportal.utils.Delegate.Action1, com.microsoft.windowsintune.companyportal.utils.Delegate.Action1Throw
        public void exec(Exception exc) {
            SignInService.LOGGER.log(Level.WARNING, "User sign in failed. ", (Throwable) exc);
            synchronized (SignInService.SIGN_IN_LOCK) {
                CommonExceptionHandler.setAuthenticationHasCompleted();
                SignInService.this.sendFailureMessageToRemoteClients(exc);
                SignInService.this.localClients.callFailure(exc);
                boolean unused = SignInService.shouldSignInStart = true;
            }
            SignInService.this.remoteMAMServiceTokenClients.restart(SignInService.this.messenger);
        }
    }

    /* loaded from: classes2.dex */
    public class SignInServiceBinder extends Binder {
        public SignInServiceBinder() {
        }

        public SignInService getService() {
            return SignInService.this;
        }
    }

    /* loaded from: classes2.dex */
    public enum SignInState {
        ACQUIRED_GRAPH_TOKEN,
        ACQUIRED_INTUNE_TOKEN,
        SIGN_IN_COMPLETE
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: classes2.dex */
    public class SignInSuccessAction extends Delegate.Action0 {
        protected SignInSuccessAction() {
        }

        @Override // com.microsoft.windowsintune.companyportal.utils.Delegate.Action0
        public void exec() {
            SignInService.LOGGER.log(Level.INFO, "User sign in succeeded. ");
            synchronized (SignInService.SIGN_IN_LOCK) {
                CommonExceptionHandler.setAuthenticationHasCompleted();
                SignInService.this.sendSuccessMessageToRemoteClients();
                boolean unused = SignInService.shouldSignInStart = true;
            }
            SignInService.this.remoteMAMServiceTokenClients.restart(SignInService.this.messenger);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void acquireIntuneTokenSilentAsync(Delegate.Action0 action0, Delegate.Action1<Exception> action1) {
        this.intuneAccess.acquireTokenSilentAsync(action0, new AadFailureAction(action1, "Failed to acquire Intune tokens."), this.authManager);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void acquireMAMServiceTokenSilent(String str, String str2) {
        try {
            Context applicationContext = ((Application) ServiceLocator.getInstance().get(Application.class)).getApplicationContext();
            IDeploymentSettings iDeploymentSettings = (IDeploymentSettings) ServiceLocator.getInstance().get(IDeploymentSettings.class);
            AuthenticationResult acquireTokenSilent = new AdalContext(applicationContext, iDeploymentSettings, (EnrollmentSettings) ServiceLocator.getInstance().get(EnrollmentSettings.class), (DiagnosticSettings) ServiceLocator.getInstance().get(DiagnosticSettings.class), (SessionSettings) ServiceLocator.getInstance().get(SessionSettings.class), str2).acquireTokenSilent(iDeploymentSettings.getDataPlugin() == IDeploymentSettings.DataPlugin.SERVICE_SIMULATOR ? iDeploymentSettings.getAadIntuneResourceId() : MAMServiceAuthentication.MAMSERVICE_RESOURCE_ID, str);
            if (AuthenticationResult.AuthenticationStatus.Succeeded != acquireTokenSilent.getStatus()) {
                LOGGER.info("Failed to acquire MAM Service token silently.");
                onMAMServiceTokenFailure(new AuthenticationException(ADALError.AUTH_FAILED), ADALError.AUTH_FAILED);
                return;
            }
            try {
                AuthenticationResultProcessor.validateResult(acquireTokenSilent);
                onMAMServiceTokenSuccess(acquireTokenSilent);
            } catch (AadAuthenticationException e) {
                LOGGER.log(Level.INFO, "Failed to acquire MAM Service token silently.", (Throwable) e);
                onMAMServiceTokenFailure(e, null);
            }
        } catch (AuthenticationException e2) {
            LOGGER.log(Level.INFO, "Failed to acquire MAM Service token silently.", (Throwable) e2);
            onMAMServiceTokenFailure(e2, e2.getCode());
        } catch (Exception e3) {
            LOGGER.log(Level.INFO, "Failed to acquire MAM Service token silently due to unexpected exception.", (Throwable) e3);
            onMAMServiceTokenFailure(e3, null);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void acquireMAMServiceTokenSilentAsync(final String str, final String str2) {
        synchronized (SIGN_IN_LOCK) {
            if (shouldSignInStart) {
                shouldSignInStart = false;
                ((IWorkersThreadPool) ServiceLocator.getInstance().get(IWorkersThreadPool.class)).execute(new Delegate.Func0<Object>() { // from class: com.microsoft.windowsintune.companyportal.authentication.aad.SignInService.4
                    @Override // com.microsoft.windowsintune.companyportal.utils.Delegate.Func0
                    public Object exec() {
                        SignInService.this.acquireMAMServiceTokenSilent(str, str2);
                        return null;
                    }
                }, null, null);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void cleanUpOnAdalFailure() {
        ServiceLocator serviceLocator = ServiceLocator.getInstance();
        IntuneToken intuneToken = (IntuneToken) ServiceLocator.getInstance().get(IntuneToken.class);
        if (((IEnrollmentSettingsRepository) serviceLocator.get(IEnrollmentSettingsRepository.class)).getEnrollOnIpPhone() && (intuneToken == null || StringUtils.isEmpty(intuneToken.getEncodedTokenValue()))) {
            LOGGER.info("[ipphone] Skip cleanup on ADAL failure.");
            return;
        }
        IDeploymentSettings iDeploymentSettings = (IDeploymentSettings) serviceLocator.get(IDeploymentSettings.class);
        if (IDeploymentSettings.DataPlugin.AAD == iDeploymentSettings.getDataPlugin() || IDeploymentSettings.DataPlugin.SERVICE_SIMULATOR == iDeploymentSettings.getDataPlugin()) {
            ((GraphToken) serviceLocator.get(GraphToken.class)).reset();
        }
        CookieManagementUtils.clearCookiesAsync();
        ((IntuneToken) serviceLocator.get(IntuneToken.class)).reset();
        if (iDeploymentSettings.isProductionBuild().booleanValue()) {
            iDeploymentSettings.resetPatchedEnvironment();
            ((DiagnosticSettings) serviceLocator.get(DiagnosticSettings.class)).setPatchProductionEnvironment(IDeploymentSettings.DEFAULT_ENVIRONMENT_NAME);
        }
    }

    public static boolean isUserAuthenticated() {
        IntuneToken intuneToken = (IntuneToken) ServiceLocator.getInstance().get(IntuneToken.class);
        return (intuneToken == null || intuneToken.getEncodedTokenValue().isEmpty() || intuneToken.isExpired()) ? false : true;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void logAndSendTelemetryForMicrosoftUser() {
        ServiceLocator serviceLocator = ServiceLocator.getInstance();
        if (((IDeploymentSettings) serviceLocator.get(IDeploymentSettings.class)).isProductionBuild().booleanValue() && ((GraphToken) serviceLocator.get(GraphToken.class)).isInMicrosoftDomain()) {
            LOGGER.finest("Logged in as a Microsoft user.");
            ((IAuthenticationTelemetry) serviceLocator.get(IAuthenticationTelemetry.class)).logMicrosoftUser();
        }
    }

    public static void signOutUser() {
        LOGGER.info("Signing out user");
        ServiceLocator serviceLocator = ServiceLocator.getInstance();
        IDeploymentSettings iDeploymentSettings = (IDeploymentSettings) serviceLocator.get(IDeploymentSettings.class);
        if (IDeploymentSettings.DataPlugin.AAD == iDeploymentSettings.getDataPlugin() || IDeploymentSettings.DataPlugin.SERVICE_SIMULATOR == iDeploymentSettings.getDataPlugin()) {
            ((AdalContext) serviceLocator.get(AdalContext.class)).clearCache();
        }
        SessionSettings sessionSettings = (SessionSettings) ServiceLocator.getInstance().get(SessionSettings.class);
        sessionSettings.setString(SessionSettings.AAD_USER_PRINCIPAL_NAME, "");
        sessionSettings.setString(SessionSettings.AAD_USER_UNIQUE_ID, "");
        sessionSettings.setString(SessionSettings.AAD_LOGIN_AUTHORITY, "");
        sessionSettings.clear();
        ((AdalContext) serviceLocator.get(AdalContext.class)).setLoginAuthority(iDeploymentSettings.getAadAuthority());
        cleanUpOnAdalFailure();
        synchronized (SIGN_IN_LOCK) {
            shouldSignInStart = true;
        }
    }

    protected void acquireGraphTokenSilentAsync(final Delegate.Action0 action0, final Delegate.Action1<Exception> action1) {
        this.graphAccess.acquireTokenSilentAsync(new Delegate.Action1<String>() { // from class: com.microsoft.windowsintune.companyportal.authentication.aad.SignInService.3
            @Override // com.microsoft.windowsintune.companyportal.utils.Delegate.Action1, com.microsoft.windowsintune.companyportal.utils.Delegate.Action1Throw
            public void exec(String str) {
                if (SignInService.this.environmentRepository.isManageSelfHostEnvironment().blockingFirst().booleanValue()) {
                    SignInService.this.acquireIntuneTokenSilentAsync(action0, action1);
                    return;
                }
                SignInService.this.logAndSendTelemetryForMicrosoftUser();
                SignInService.LOGGER.info(MessageFormat.format("Successfully acquired Graph token from AAD and is valid until {0}.", ((GraphToken) ServiceLocator.getInstance().get(GraphToken.class)).getTokenExpirationDate().toString()));
                SignInService.this.acquireIntuneTokenSilentAsync(action0, action1);
            }
        }, new AadFailureAction(action1, "Failed to acquire Graph token from AAD."));
    }

    @Override // android.app.Service
    public IBinder onBind(Intent intent) {
        return intent.getIntExtra(BINDER_LOCALITY, 0) != 1 ? this.localBinder : this.messenger.getBinder();
    }

    @Override // dagger.android.DaggerService, android.app.Service
    public void onCreate() {
        super.onCreate();
        onCreateInternal();
    }

    void onCreateInternal() {
        ServiceLocator serviceLocator = ServiceLocator.getInstance();
        IDeploymentSettings iDeploymentSettings = (IDeploymentSettings) serviceLocator.get(IDeploymentSettings.class);
        AdalContext adalContext = (AdalContext) serviceLocator.get(AdalContext.class);
        this.graphAccess = new GraphAccess(adalContext, iDeploymentSettings.getAadGraphApiResourceId());
        this.intuneAccess = new IntuneAccess(adalContext, iDeploymentSettings.getAadIntuneResourceId());
        this.signInSuccessAction = new SignInSuccessAction();
        this.signInFailureAction = new SignInFailureAction();
        this.messenger = new Messenger(new MessageHandler());
        this.remoteSWTokenClients = new RemoteClientList();
        this.remoteMAMServiceTokenClients = new RemoteClientList();
        this.localClients = new CallbackList();
        this.sessionSettings = (SessionSettings) serviceLocator.get(SessionSettings.class);
    }

    @Override // android.app.Service
    public void onDestroy() {
        this.messenger = null;
        this.remoteSWTokenClients.clear();
        this.remoteMAMServiceTokenClients.clear();
    }

    protected void onMAMServiceTokenFailure(Exception exc, ADALError aDALError) {
        LOGGER.log(Level.WARNING, "MAM Service sign in failed.", (Throwable) exc);
        synchronized (SIGN_IN_LOCK) {
            Bundle bundle = new Bundle();
            bundle.putString(EXCEPTION_TYPE, exc.getClass().toString());
            bundle.putBoolean(UserManager.DONT_PROMPT, true);
            bundle.putInt(UserManager.TOKEN_TYPE, 2);
            if (aDALError != null) {
                bundle.putSerializable(UserManager.ADAL_ERROR, aDALError);
            }
            Message obtain = Message.obtain((Handler) null, 100);
            obtain.setData(bundle);
            this.remoteMAMServiceTokenClients.sendMessage(obtain);
            shouldSignInStart = true;
        }
        this.localClients.restart();
        this.remoteSWTokenClients.restart(this.messenger);
    }

    protected void onMAMServiceTokenSuccess(AuthenticationResult authenticationResult) {
        LOGGER.log(Level.INFO, "MAM Service sign in succeeded. ");
        synchronized (SIGN_IN_LOCK) {
            Bundle bundle = new Bundle();
            bundle.putString("AAD_USER_ID", authenticationResult.getUserInfo().getUserId());
            bundle.putString("AAD_USER_TOKEN", authenticationResult.getAccessToken());
            bundle.putInt(UserManager.TOKEN_TYPE, 2);
            Message obtain = Message.obtain((Handler) null, 101);
            obtain.setData(bundle);
            this.remoteMAMServiceTokenClients.sendMessage(obtain);
            shouldSignInStart = true;
        }
        this.localClients.restart();
        this.remoteSWTokenClients.restart(this.messenger);
    }

    public void sendFailureMessageToRemoteClients(Exception exc) {
        Bundle bundle = new Bundle();
        bundle.putString(EXCEPTION_TYPE, exc.getClass().toString());
        bundle.putInt(UserManager.TOKEN_TYPE, 1);
        Message obtain = Message.obtain((Handler) null, 100);
        obtain.setData(bundle);
        this.remoteSWTokenClients.sendMessage(obtain);
    }

    public void sendSuccessMessageToRemoteClients() {
        Bundle bundle = new Bundle();
        bundle.putString("AAD_USER_ID", ((IntuneToken) ServiceLocator.getInstance().get(IntuneToken.class)).getAADUserIdValue());
        bundle.putString("AAD_USER_TOKEN", ((IntuneToken) ServiceLocator.getInstance().get(IntuneToken.class)).getAadAccessTokenValue());
        bundle.putInt(UserManager.TOKEN_TYPE, 1);
        Message obtain = Message.obtain((Handler) null, 101);
        obtain.setData(bundle);
        this.remoteSWTokenClients.sendMessage(obtain);
    }

    public void signInUserSilentAsync(Delegate.Action0 action0, Delegate.Action1<Exception> action1) {
        synchronized (SIGN_IN_LOCK) {
            if (action0 != null && action1 != null) {
                this.localClients.add(action0, action1, new Delegate.Action0() { // from class: com.microsoft.windowsintune.companyportal.authentication.aad.SignInService.1
                    @Override // com.microsoft.windowsintune.companyportal.utils.Delegate.Action0
                    public void exec() {
                        SignInService.this.signInUserSilentAsync(null, null);
                    }
                });
            }
            if (shouldSignInStart) {
                shouldSignInStart = false;
                ((IWorkersThreadPool) ServiceLocator.getInstance().get(IWorkersThreadPool.class)).execute(new Delegate.Func0<Object>() { // from class: com.microsoft.windowsintune.companyportal.authentication.aad.SignInService.2
                    @Override // com.microsoft.windowsintune.companyportal.utils.Delegate.Func0
                    public Object exec() {
                        SignInService.LOGGER.info("Starting silent based user sign in.");
                        SignInService.this.acquireGraphTokenSilentAsync(SignInService.this.signInSuccessAction, SignInService.this.signInFailureAction);
                        return null;
                    }
                }, null, null);
                ((IRuntimeIntegrity) ServiceLocator.getInstance().get(IRuntimeIntegrity.class)).verify();
            } else {
                LOGGER.info("Not starting silent sign in because sign in is ongoing.");
            }
        }
    }
}
