package com.microsoft.mmx.agents.ypp.authclient.auth;

import Microsoft.Windows.MobilityExperience.BaseActivity;
import android.annotation.SuppressLint;
import androidx.annotation.NonNull;
import androidx.annotation.Nullable;
import androidx.annotation.WorkerThread;
import com.microsoft.appmanager.telemetry.TelemetryUtils;
import com.microsoft.appmanager.telemetry.TraceContext;
import com.microsoft.appmanager.utils.AsyncOperation;
import com.microsoft.mmx.agents.di.AgentScope;
import com.microsoft.mmx.agents.util.Assert;
import com.microsoft.mmx.agents.ypp.DcgClient;
import com.microsoft.mmx.agents.ypp.EnvironmentType;
import com.microsoft.mmx.agents.ypp.authclient.auth.AuthManager;
import com.microsoft.mmx.agents.ypp.authclient.auth.IAuthManager;
import com.microsoft.mmx.agents.ypp.authclient.crypto.CryptoManager;
import com.microsoft.mmx.agents.ypp.authclient.crypto.IdentityExpiredException;
import com.microsoft.mmx.agents.ypp.authclient.crypto.KeyRotationOperation;
import com.microsoft.mmx.agents.ypp.authclient.service.IAuthServiceClient;
import com.microsoft.mmx.agents.ypp.authclient.service.InvalidIdentityException;
import com.microsoft.mmx.agents.ypp.authclient.telemetry.AuthManagerTelemetry;
import com.microsoft.mmx.agents.ypp.authclient.trust.ITrustManager;
import com.microsoft.mmx.agents.ypp.authclient.trust.TrustManagerFactory;
import com.microsoft.mmx.agents.ypp.authclient.utils.AuthTelemetryUtils;
import com.microsoft.mmx.agents.ypp.configuration.EnvironmentMappingUtils;
import com.microsoft.mmx.agents.ypp.configuration.PlatformConfiguration;
import com.microsoft.mmx.agents.ypp.utils.NetworkState;
import dagger.Lazy;
import java.util.Set;
import java.util.concurrent.CopyOnWriteArraySet;
import java.util.concurrent.Executor;
import java.util.concurrent.Executors;
import javax.inject.Inject;

@AgentScope
/* loaded from: classes3.dex */
public class AuthManager implements IAuthManager {
    public static final String DEFAULT_SCOPE = "general";
    private static final String LEGACY_ENVIRONMENT_WARNING = "Environment is Legacy, it needs to be resolved.";
    private final Lazy<IAuthServiceClient> authServiceClient;
    private final IAuthStorage authStorage;
    private final CryptoManager cryptoManager;
    private final Lazy<KeyRotationOperation> keyRotationOperation;
    private AsyncOperation<Void> migrationOperation;
    private final NetworkState networkState;
    private final PlatformConfiguration platformConfiguration;
    private final AuthManagerTelemetry telemetry;

    @Nullable
    private ITrustManager trustManager;
    private final TrustManagerFactory trustManagerFactory;
    private final Object migrationLock = new Object();
    private final Executor authExecutor = Executors.newSingleThreadExecutor();
    private final Set<IAuthManager.DeviceIdChangedListener> listeners = new CopyOnWriteArraySet();

    @Inject
    public AuthManager(@NonNull Lazy<IAuthServiceClient> lazy, @NonNull Lazy<KeyRotationOperation> lazy2, @NonNull IAuthStorage iAuthStorage, @NonNull TrustManagerFactory trustManagerFactory, @NonNull AuthManagerTelemetry authManagerTelemetry, @NonNull CryptoManager cryptoManager, @NonNull PlatformConfiguration platformConfiguration, @NonNull NetworkState networkState) {
        this.authServiceClient = lazy;
        this.authStorage = iAuthStorage;
        this.trustManagerFactory = trustManagerFactory;
        this.telemetry = authManagerTelemetry;
        this.cryptoManager = cryptoManager;
        this.keyRotationOperation = lazy2;
        this.platformConfiguration = platformConfiguration;
        this.networkState = networkState;
    }

    @WorkerThread
    private synchronized AuthState createNewIdentity(@NonNull EnvironmentType environmentType, @NonNull TraceContext traceContext) {
        AuthState createRandomIdentity;
        Assert.that(environmentType != EnvironmentType.Legacy, LEGACY_ENVIRONMENT_WARNING);
        TraceContext createChild = traceContext.createChild();
        BaseActivity startEstablishIdentityActivity = this.telemetry.startEstablishIdentityActivity(createChild);
        try {
            AuthState authState = this.authStorage.getAuthState(environmentType);
            DcgClient detectLocalId = detectLocalId();
            if (detectLocalId == null) {
                createRandomIdentity = createRandomIdentity(environmentType, createChild);
            } else {
                DcgClient dcgClient = new DcgClient(detectLocalId.getDcgClientId(), environmentType);
                try {
                    AccessToken blockingGet = this.authServiceClient.get().claimSpecificIdentity(dcgClient, createChild).blockingGet();
                    Assert.that(blockingGet.getDeviceId().equals(detectLocalId.getDcgClientId()), "The new identity doesn't match the one found in the prod environment");
                    createRandomIdentity = this.authStorage.createNewAuthState(dcgClient, blockingGet);
                } catch (InvalidIdentityException unused) {
                    clear(traceContext);
                    createRandomIdentity = createRandomIdentity(environmentType, createChild);
                }
            }
            if (authState != null) {
                notifyListenersOfRemovedDeviceId(authState.getDeviceId(), createChild);
            }
            this.telemetry.logActivityEnd(startEstablishIdentityActivity);
        } catch (Exception e2) {
            this.telemetry.logErrorCreatingIdentityException(e2, createChild);
            if (this.networkState.isNetworkConnected()) {
                this.telemetry.logActivityEndExceptional("AuthManager", "createNewIdentity", e2, startEstablishIdentityActivity, traceContext);
            } else {
                this.telemetry.logActivityEndWithNetworkUnavailableResult(startEstablishIdentityActivity, e2);
            }
            handleServiceErrors(e2, traceContext);
            throw new AuthManagerException(e2);
        }
        return createRandomIdentity;
    }

    private AuthState createRandomIdentity(@NonNull EnvironmentType environmentType, @NonNull TraceContext traceContext) {
        AccessToken blockingGet = this.authServiceClient.get().createIdentity(environmentType, traceContext).blockingGet();
        AuthState createNewAuthState = this.authStorage.createNewAuthState(new DcgClient(blockingGet.getDeviceId(), environmentType), blockingGet);
        notifyListenersOfNewDeviceId(createNewAuthState.getDeviceId(), traceContext);
        return createNewAuthState;
    }

    @Nullable
    private DcgClient detectLocalId() {
        IAuthStorage iAuthStorage = this.authStorage;
        EnvironmentType environmentType = EnvironmentType.Dogfood;
        AuthState authState = iAuthStorage.getAuthState(environmentType);
        if (authState != null && !isDeviceIdExpired(authState)) {
            return new DcgClient(authState.getDeviceId(), environmentType);
        }
        IAuthStorage iAuthStorage2 = this.authStorage;
        EnvironmentType environmentType2 = EnvironmentType.Beta;
        AuthState authState2 = iAuthStorage2.getAuthState(environmentType2);
        if (authState2 != null && !isDeviceIdExpired(authState2)) {
            return new DcgClient(authState2.getDeviceId(), environmentType2);
        }
        IAuthStorage iAuthStorage3 = this.authStorage;
        EnvironmentType environmentType3 = EnvironmentType.Prod;
        AuthState authState3 = iAuthStorage3.getAuthState(environmentType3);
        if (authState3 == null || isDeviceIdExpired(authState3)) {
            return null;
        }
        return new DcgClient(authState3.getDeviceId(), environmentType3);
    }

    private AsyncOperation<Void> ensureInitialized(@NonNull final TraceContext traceContext) {
        AsyncOperation<Void> asyncOperation;
        final EnvironmentType inferEnvironmentFromBuild = EnvironmentMappingUtils.inferEnvironmentFromBuild();
        synchronized (this.migrationLock) {
            if (this.migrationOperation == null) {
                if (inferEnvironmentFromBuild == EnvironmentType.Legacy) {
                    throw new IllegalArgumentException("Can't migrate YPP auth storage to the 'legacy' environment");
                }
                this.migrationOperation = AsyncOperation.runAsync(new Runnable() { // from class: b.e.c.a.n3.c.a.f
                    @Override // java.lang.Runnable
                    public final void run() {
                        AuthManager.this.g(inferEnvironmentFromBuild, traceContext);
                    }
                }, this.authExecutor).whenComplete(new AsyncOperation.ResultBiConsumer() { // from class: b.e.c.a.n3.c.a.b
                    @Override // com.microsoft.appmanager.utils.AsyncOperation.ResultBiConsumer
                    public final void accept(Object obj, Object obj2) {
                        AuthManager.this.h(traceContext, (Void) obj, (Throwable) obj2);
                    }
                });
            }
            asyncOperation = this.migrationOperation;
        }
        return asyncOperation;
    }

    @NonNull
    @WorkerThread
    private synchronized AuthState getAuthState(@NonNull EnvironmentType environmentType, @NonNull TraceContext traceContext) {
        try {
            Assert.that(environmentType != EnvironmentType.Legacy, LEGACY_ENVIRONMENT_WARNING);
            AuthState authState = this.authStorage.getAuthState(environmentType);
            if (authState == null) {
                this.telemetry.creatingIdentity();
                return createNewIdentity(environmentType, traceContext);
            }
            if (isDeviceIdExpired(authState)) {
                this.telemetry.replacingExpiredIdentity();
                return createNewIdentity(environmentType, traceContext);
            }
            this.telemetry.existingIdentityReturned();
            return authState;
        } catch (AuthManagerException e2) {
            this.telemetry.logErrorWhileFetchingAuthState(e2, traceContext);
            throw e2;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    @NonNull
    /* renamed from: getTrustManagerInternal, reason: merged with bridge method [inline-methods] */
    public ITrustManager e(@NonNull String str) {
        synchronized (this.trustManagerFactory) {
            if (this.trustManager == null) {
                this.trustManager = this.trustManagerFactory.getForDeviceId(str);
            }
        }
        return this.trustManager;
    }

    private void handleServiceErrors(@NonNull Exception exc, @NonNull TraceContext traceContext) {
        if ((exc instanceof IdentityExpiredException) || (exc instanceof InvalidIdentityException)) {
            this.telemetry.logServiceErrorAnomaly(exc, traceContext);
            clear(traceContext);
        }
    }

    private boolean isAccessTokenExpired(@NonNull AccessToken accessToken) {
        return accessToken.getExpirationTime().minus(this.platformConfiguration.getTokenExpirationLeewayTime()).isBeforeNow();
    }

    private boolean isDeviceIdExpired(@NonNull AuthState authState) {
        return authState.b().plus(this.platformConfiguration.getIdentityExpirationTime()).isBeforeNow();
    }

    private void notifyListenersOfNewDeviceId(@NonNull final String str, @NonNull TraceContext traceContext) {
        this.telemetry.notifyNewDeviceId(this.listeners.size());
        final TraceContext createChildScenario = traceContext.createChildScenario("DeviceIdProvisioned");
        if (this.trustManager != null) {
            AsyncOperation.runAsync(new Runnable() { // from class: b.e.c.a.n3.c.a.j
                @Override // java.lang.Runnable
                public final void run() {
                    AuthManager.this.i(str, createChildScenario);
                }
            });
        }
        for (final IAuthManager.DeviceIdChangedListener deviceIdChangedListener : this.listeners) {
            AsyncOperation.runAsync(new Runnable() { // from class: b.e.c.a.n3.c.a.g
                @Override // java.lang.Runnable
                public final void run() {
                    IAuthManager.DeviceIdChangedListener.this.onDeviceIdProvisioned(str);
                }
            });
        }
    }

    @SuppressLint({"CheckResult"})
    private void notifyListenersOfRemovedDeviceId(@NonNull final String str, @NonNull TraceContext traceContext) {
        this.telemetry.notifyDeviceIdRemoved(this.listeners.size());
        TraceContext createChildScenario = traceContext.createChildScenario("DeviceIdDeprovisioned");
        ITrustManager iTrustManager = this.trustManager;
        if (iTrustManager != null) {
            iTrustManager.deviceIdDeprovisioned(str, createChildScenario);
        }
        for (final IAuthManager.DeviceIdChangedListener deviceIdChangedListener : this.listeners) {
            AsyncOperation.runAsync(new Runnable() { // from class: b.e.c.a.n3.c.a.h
                @Override // java.lang.Runnable
                public final void run() {
                    IAuthManager.DeviceIdChangedListener.this.onDeviceIdDeprovisioned(str);
                }
            });
        }
    }

    @WorkerThread
    private synchronized AccessToken refreshAccessToken(@NonNull String str, @NonNull AuthManagerTelemetry.RefreshType refreshType, @NonNull String str2, @NonNull EnvironmentType environmentType, @NonNull TraceContext traceContext) {
        AccessToken blockingGet;
        Assert.that(environmentType != EnvironmentType.Legacy, LEGACY_ENVIRONMENT_WARNING);
        TraceContext createChild = traceContext.createChild();
        BaseActivity startRefreshTokenActivity = this.telemetry.startRefreshTokenActivity(refreshType, createChild);
        try {
            DcgClient dcgClient = new DcgClient(str, environmentType);
            blockingGet = this.authServiceClient.get().signIn(dcgClient, str2, createChild).blockingGet();
            this.authStorage.updateToken(dcgClient, blockingGet);
            this.telemetry.logActivityEnd(startRefreshTokenActivity);
        } catch (Exception e2) {
            this.telemetry.logErrorRefreshingTokenException(e2, createChild);
            if (this.networkState.isNetworkConnected()) {
                this.telemetry.logActivityEndExceptional("AuthManager", "refreshAccessToken", e2, startRefreshTokenActivity, traceContext);
            } else {
                this.telemetry.logActivityEndWithNetworkUnavailableResult(startRefreshTokenActivity, e2);
            }
            handleServiceErrors(e2, traceContext);
            throw new AuthManagerException(e2);
        }
        return blockingGet;
    }

    private synchronized void rotateKeysIfNecessary(@NonNull String str, @NonNull EnvironmentType environmentType, @NonNull TraceContext traceContext) {
        Assert.that(environmentType != EnvironmentType.Legacy, LEGACY_ENVIRONMENT_WARNING);
        if (this.cryptoManager.isKeyRotationNecessary(str, traceContext)) {
            this.telemetry.startKeyRotation(str);
            TraceContext createChild = traceContext.createChild();
            BaseActivity startKeyRotationActivity = this.telemetry.startKeyRotationActivity(createChild);
            Throwable blockingGet = this.keyRotationOperation.get().performKeyRotation(str, environmentType, createChild).blockingGet();
            if (blockingGet == null) {
                this.telemetry.keyRotationSuccess(str);
                this.telemetry.logActivityEnd(startKeyRotationActivity);
            } else if ((blockingGet instanceof Exception) && !this.networkState.isNetworkConnected()) {
                this.telemetry.logActivityEndWithNetworkUnavailableResult(startKeyRotationActivity, (Exception) TelemetryUtils.extractException(blockingGet));
            } else if (blockingGet instanceof Exception) {
                this.telemetry.logKeyRotationErrorException(str, (Exception) blockingGet, createChild);
                this.telemetry.logActivityEndExceptional("AuthManager", "rotateKeysIfNecessary", (Exception) blockingGet, startKeyRotationActivity, traceContext);
            }
        }
    }

    public /* synthetic */ void a(AuthState authState, EnvironmentType environmentType, TraceContext traceContext) {
        rotateKeysIfNecessary(authState.getDeviceId(), environmentType, traceContext);
    }

    @Override // com.microsoft.mmx.agents.ypp.authclient.auth.IAuthManager
    public void addDeviceIdChangedListener(@NonNull IAuthManager.DeviceIdChangedListener deviceIdChangedListener) {
        this.listeners.add(deviceIdChangedListener);
        this.telemetry.listenerAdded();
    }

    public /* synthetic */ String b(EnvironmentType environmentType, final TraceContext traceContext, String str, AccessTokenRetrievalPolicy accessTokenRetrievalPolicy, Void r11) {
        final EnvironmentType resolveEnvironment = EnvironmentMappingUtils.resolveEnvironment(environmentType);
        try {
            final AuthState authState = getAuthState(resolveEnvironment, traceContext);
            String lowerCase = str != null ? str.toLowerCase() : DEFAULT_SCOPE;
            AccessToken accessToken = authState.a().get(lowerCase);
            this.authExecutor.execute(new Runnable() { // from class: b.e.c.a.n3.c.a.a
                @Override // java.lang.Runnable
                public final void run() {
                    AuthManager.this.a(authState, resolveEnvironment, traceContext);
                }
            });
            if (accessToken == null) {
                this.telemetry.refreshingAccessToken(accessTokenRetrievalPolicy, lowerCase);
                return refreshAccessToken(authState.getDeviceId(), AuthManagerTelemetry.RefreshType.NEW_TOKEN, lowerCase, resolveEnvironment, traceContext).getToken();
            }
            if (accessTokenRetrievalPolicy == AccessTokenRetrievalPolicy.FORCE_REFRESH) {
                this.telemetry.refreshingAccessToken(accessTokenRetrievalPolicy, lowerCase);
                return refreshAccessToken(authState.getDeviceId(), AuthManagerTelemetry.RefreshType.FORCE_REFRESH, lowerCase, resolveEnvironment, traceContext).getToken();
            }
            if (!isAccessTokenExpired(accessToken)) {
                return accessToken.getToken();
            }
            this.telemetry.refreshingAccessToken(accessTokenRetrievalPolicy, lowerCase);
            return refreshAccessToken(authState.getDeviceId(), AuthManagerTelemetry.RefreshType.EXPIRED, lowerCase, resolveEnvironment, traceContext).getToken();
        } catch (AuthManagerException e2) {
            this.telemetry.logExceptionWhileFetchingAccessToken(e2, traceContext);
            throw e2;
        }
    }

    public /* synthetic */ String c(EnvironmentType environmentType, TraceContext traceContext, Void r3) {
        try {
            return getAuthState(EnvironmentMappingUtils.resolveEnvironment(environmentType), traceContext).getDeviceId();
        } catch (AuthManagerException e2) {
            this.telemetry.logErrorWhileFetchingDeviceId(e2, traceContext);
            throw e2;
        }
    }

    @Override // com.microsoft.mmx.agents.ypp.authclient.auth.IAuthManager
    public void clear(TraceContext traceContext) {
        this.telemetry.clearCalled();
        DcgClient detectLocalId = detectLocalId();
        this.authStorage.clear();
        if (detectLocalId != null) {
            Throwable blockingGet = this.cryptoManager.removeKeyPair(detectLocalId.getDcgClientId(), traceContext).blockingGet();
            if (blockingGet != null) {
                this.telemetry.failedRemovingKeyPairException(detectLocalId.getDcgClientId(), blockingGet, traceContext);
            } else {
                this.telemetry.removedKeyPair(detectLocalId.getDcgClientId());
            }
            notifyListenersOfRemovedDeviceId(detectLocalId.getDcgClientId(), traceContext);
        }
    }

    public /* synthetic */ AsyncOperation d(TraceContext traceContext, Void r3) {
        DcgClient detectLocalId = detectLocalId();
        if (detectLocalId != null) {
            return AsyncOperation.completedFuture(detectLocalId.getDcgClientId());
        }
        try {
            return getDeviceId(EnvironmentMappingUtils.inferEnvironmentFromBuild(), traceContext);
        } catch (AuthManagerException e2) {
            this.telemetry.logErrorWhileFetchingTrustManager(e2, traceContext);
            throw e2;
        }
    }

    public /* synthetic */ void f(TraceContext traceContext) {
        getAuthState(EnvironmentType.Prod, traceContext);
    }

    public /* synthetic */ void g(EnvironmentType environmentType, TraceContext traceContext) {
        this.authStorage.migrateToEnvironmentSensitiveStorage(environmentType);
        DcgClient detectLocalId = detectLocalId();
        if (detectLocalId != null) {
            e(detectLocalId.getDcgClientId()).migrateToEnvironmentSensitiveStorage(environmentType, traceContext);
        }
    }

    @Override // com.microsoft.mmx.agents.ypp.authclient.auth.IAuthManager
    @NonNull
    public AsyncOperation<String> getAccessToken(@NonNull final EnvironmentType environmentType, @NonNull final AccessTokenRetrievalPolicy accessTokenRetrievalPolicy, @Nullable final String str, @NonNull final TraceContext traceContext) {
        return ensureInitialized(traceContext).thenApplyAsync(new AsyncOperation.ResultFunction() { // from class: b.e.c.a.n3.c.a.c
            @Override // com.microsoft.appmanager.utils.AsyncOperation.ResultFunction
            public final Object apply(Object obj) {
                return AuthManager.this.b(environmentType, traceContext, str, accessTokenRetrievalPolicy, (Void) obj);
            }
        }, this.authExecutor);
    }

    @Override // com.microsoft.mmx.agents.ypp.authclient.auth.IAuthManager
    @NonNull
    public AsyncOperation<String> getAccessToken(@NonNull AccessTokenRetrievalPolicy accessTokenRetrievalPolicy, @Nullable String str, @NonNull TraceContext traceContext) {
        return getAccessToken(EnvironmentType.Legacy, accessTokenRetrievalPolicy, str, traceContext);
    }

    @Override // com.microsoft.mmx.agents.ypp.authclient.auth.IAuthManager
    @NonNull
    public AsyncOperation<String> getDeviceId(@NonNull final EnvironmentType environmentType, @NonNull final TraceContext traceContext) {
        return ensureInitialized(traceContext).thenApplyAsync(new AsyncOperation.ResultFunction() { // from class: b.e.c.a.n3.c.a.d
            @Override // com.microsoft.appmanager.utils.AsyncOperation.ResultFunction
            public final Object apply(Object obj) {
                return AuthManager.this.c(environmentType, traceContext, (Void) obj);
            }
        }, this.authExecutor);
    }

    @Override // com.microsoft.mmx.agents.ypp.authclient.auth.IAuthManager
    @NonNull
    public AsyncOperation<ITrustManager> getTrustManager(@NonNull final TraceContext traceContext) {
        return ensureInitialized(traceContext).thenCompose(new AsyncOperation.ResultFunction() { // from class: b.e.c.a.n3.c.a.e
            @Override // com.microsoft.appmanager.utils.AsyncOperation.ResultFunction
            public final Object apply(Object obj) {
                return AuthManager.this.d(traceContext, (Void) obj);
            }
        }).thenApplyAsync(new AsyncOperation.ResultFunction() { // from class: b.e.c.a.n3.c.a.k
            @Override // com.microsoft.appmanager.utils.AsyncOperation.ResultFunction
            public final Object apply(Object obj) {
                return AuthManager.this.e((String) obj);
            }
        }, this.authExecutor);
    }

    public /* synthetic */ void h(TraceContext traceContext, Void r2, Throwable th) {
        if (th != null) {
            this.telemetry.logMigrationOperationFailed(th, traceContext);
        }
    }

    @Override // com.microsoft.mmx.agents.ypp.authclient.auth.IAuthManager
    public boolean hasActiveIdentity() {
        return detectLocalId() != null;
    }

    public /* synthetic */ void i(String str, TraceContext traceContext) {
        this.trustManager.deviceIdProvisioned(str, traceContext);
    }

    @Override // com.microsoft.mmx.agents.ypp.authclient.auth.IAuthManager
    @NonNull
    public AsyncOperation<Void> init() {
        return init(TelemetryUtils.createNewTraceContext(AuthTelemetryUtils.UNKNOWN_AUTH, AuthTelemetryUtils.AUTH_MANAGER_INIT_TRIGGER));
    }

    @Override // com.microsoft.mmx.agents.ypp.authclient.auth.IAuthManager
    @NonNull
    public AsyncOperation<Void> init(@NonNull final TraceContext traceContext) {
        return AsyncOperation.runAsync(new Runnable() { // from class: b.e.c.a.n3.c.a.i
            @Override // java.lang.Runnable
            public final void run() {
                AuthManager.this.f(traceContext);
            }
        }, this.authExecutor);
    }

    @Override // com.microsoft.mmx.agents.ypp.authclient.auth.IAuthManager
    public void removeDcgAuthToken() {
        this.authStorage.removeAllTokens();
    }

    @Override // com.microsoft.mmx.agents.ypp.authclient.auth.IAuthManager
    public void removeDeviceIdChangedListener(@NonNull IAuthManager.DeviceIdChangedListener deviceIdChangedListener) {
        this.listeners.remove(deviceIdChangedListener);
        this.telemetry.listenerRemoved();
    }
}
