package com.microsoft.aad.adal;

import android.content.Context;
import android.net.Uri;
import com.adjust.sdk.Constants;
import com.microsoft.identity.common.adal.internal.net.HttpWebResponse;
import com.microsoft.identity.common.adal.internal.net.IWebRequestHandler;
import com.microsoft.identity.common.adal.internal.net.WebRequestHandler;
import com.microsoft.identity.common.adal.internal.util.HashMapExtensions;
import com.microsoft.identity.common.internal.providers.microsoft.azureactivedirectory.AzureActiveDirectory;
import com.microsoft.mobile.polymer.datamodel.JsonId;
import java.io.IOException;
import java.net.MalformedURLException;
import java.net.SocketTimeoutException;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URL;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Locale;
import java.util.Map;
import java.util.Set;
import java.util.UUID;
import java.util.concurrent.locks.ReentrantLock;
import org.json.JSONException;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes2.dex */
public class Discovery {
    private static final Set<String> AAD_WHITELISTED_HOSTS = Collections.synchronizedSet(new HashSet());
    private static final Map<String, Set<URI>> ADFS_VALIDATED_AUTHORITIES = Collections.synchronizedMap(new HashMap());
    private static final String API_VERSION_KEY = "api-version";
    private static final String API_VERSION_VALUE = "1.1";
    private static final String AUTHORIZATION_COMMON_ENDPOINT = "/common/oauth2/authorize";
    private static final String AUTHORIZATION_ENDPOINT_KEY = "authorization_endpoint";
    private static final String INSTANCE_DISCOVERY_SUFFIX = "common/discovery/instance";
    private static final String TAG = "Discovery";
    private static final String TRUSTED_QUERY_INSTANCE = "login.microsoftonline.com";
    private static volatile ReentrantLock sInstanceDiscoveryNetworkRequestLock;
    private Context mContext;
    private UUID mCorrelationId;
    private final IWebRequestHandler mWebrequestHandler;

    public Discovery(Context context) {
        initValidList();
        this.mContext = context;
        this.mWebrequestHandler = new WebRequestHandler();
    }

    private URL buildQueryString(String str, String str2) throws MalformedURLException {
        Uri.Builder builder = new Uri.Builder();
        builder.scheme(Constants.SCHEME).authority(str);
        builder.appendEncodedPath(INSTANCE_DISCOVERY_SUFFIX).appendQueryParameter(API_VERSION_KEY, API_VERSION_VALUE).appendQueryParameter(AUTHORIZATION_ENDPOINT_KEY, str2);
        return new URL(builder.build().toString());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static URL constructAuthorityUrl(URL url, String str) throws MalformedURLException {
        return new URL(new Uri.Builder().scheme(url.getProtocol()).authority(str).appendPath(url.getPath().replaceFirst("/", "")).build().toString());
    }

    private String getAuthorizationCommonEndpoint(URL url) {
        return new Uri.Builder().scheme(Constants.SCHEME).authority(url.getHost()).appendPath(AUTHORIZATION_COMMON_ENDPOINT).build().toString();
    }

    private static ReentrantLock getLock() {
        if (sInstanceDiscoveryNetworkRequestLock == null) {
            synchronized (Discovery.class) {
                if (sInstanceDiscoveryNetworkRequestLock == null) {
                    sInstanceDiscoveryNetworkRequestLock = new ReentrantLock();
                }
            }
        }
        return sInstanceDiscoveryNetworkRequestLock;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Set<String> getValidHosts() {
        return AAD_WHITELISTED_HOSTS;
    }

    private void initValidList() {
        if (AAD_WHITELISTED_HOSTS.isEmpty()) {
            AAD_WHITELISTED_HOSTS.add("login.windows.net");
            AAD_WHITELISTED_HOSTS.add(TRUSTED_QUERY_INSTANCE);
            AAD_WHITELISTED_HOSTS.add("login.chinacloudapi.cn");
            AAD_WHITELISTED_HOSTS.add("login.microsoftonline.de");
            AAD_WHITELISTED_HOSTS.add("login-us.microsoftonline.com");
            AAD_WHITELISTED_HOSTS.add("login.microsoftonline.us");
        }
    }

    private Map<String, String> parseResponse(HttpWebResponse httpWebResponse) throws JSONException {
        return HashMapExtensions.getJsonResponse(httpWebResponse);
    }

    private void performInstanceDiscovery(URL url, String str) throws AuthenticationException {
        if (AuthorityValidationMetadataCache.containsAuthorityHost(url)) {
            return;
        }
        HttpWebRequest.throwIfNetworkNotAvailable(this.mContext);
        try {
            Map<String, String> sendRequest = sendRequest(buildQueryString(str, getAuthorizationCommonEndpoint(url)));
            AzureActiveDirectory.initializeCloudMetadata(url.getHost().toLowerCase(Locale.US), sendRequest);
            AuthorityValidationMetadataCache.processInstanceDiscoveryMetadata(url, sendRequest);
            if (!AuthorityValidationMetadataCache.containsAuthorityHost(url)) {
                ArrayList arrayList = new ArrayList();
                arrayList.add(url.getHost());
                AuthorityValidationMetadataCache.updateInstanceDiscoveryMap(url.getHost(), new InstanceDiscoveryMetadata(url.getHost(), url.getHost(), arrayList));
            }
            if (!AuthorityValidationMetadataCache.isAuthorityValidated(url)) {
                throw new AuthenticationException(ADALError.DEVELOPER_AUTHORITY_IS_NOT_VALID_INSTANCE);
            }
        } catch (SocketTimeoutException e2) {
            Logger.e("Discovery:performInstanceDiscovery", "Error when validating authority. ", "", ADALError.DEVICE_CONNECTION_IS_NOT_AVAILABLE, e2);
            throw new AuthenticationException(ADALError.DEVICE_CONNECTION_IS_NOT_AVAILABLE, e2.getMessage(), e2);
        } catch (IOException e3) {
            Logger.e("Discovery:performInstanceDiscovery", "Error when validating authority. ", "", ADALError.IO_EXCEPTION, e3);
            throw new AuthenticationException(ADALError.IO_EXCEPTION, e3.getMessage(), e3);
        } catch (JSONException e4) {
            Logger.e("Discovery:performInstanceDiscovery", "Error when validating authority. ", "", ADALError.DEVELOPER_AUTHORITY_IS_NOT_VALID_INSTANCE, e4);
            throw new AuthenticationException(ADALError.DEVELOPER_AUTHORITY_IS_NOT_VALID_INSTANCE, e4.getMessage(), e4);
        }
    }

    private Map<String, String> sendRequest(URL url) throws IOException, JSONException, AuthenticationException {
        Logger.v(TAG, "Sending discovery request to query url. ", "queryUrl: " + url, null);
        HashMap hashMap = new HashMap();
        hashMap.put("Accept", "application/json");
        UUID uuid = this.mCorrelationId;
        if (uuid != null) {
            hashMap.put("client-request-id", uuid.toString());
            hashMap.put("return-client-request-id", JsonId.VALUE_TRUE_STRING);
        }
        try {
            ClientMetrics.INSTANCE.beginClientMetricsRecord(url, this.mCorrelationId, hashMap);
            HttpWebResponse sendGet = this.mWebrequestHandler.sendGet(url, hashMap);
            ClientMetrics.INSTANCE.setLastError(null);
            Map<String, String> parseResponse = parseResponse(sendGet);
            if (!parseResponse.containsKey("error_codes")) {
                ClientMetrics.INSTANCE.endClientMetricsRecord(ClientMetricsEndpointType.INSTANCE_DISCOVERY, this.mCorrelationId);
                return parseResponse;
            }
            String str = parseResponse.get("error_codes");
            ClientMetrics.INSTANCE.setLastError(str);
            throw new AuthenticationException(ADALError.DEVELOPER_AUTHORITY_IS_NOT_VALID_INSTANCE, "Fail to valid authority with errors: " + str);
        } catch (Throwable th) {
            ClientMetrics.INSTANCE.endClientMetricsRecord(ClientMetricsEndpointType.INSTANCE_DISCOVERY, this.mCorrelationId);
            throw th;
        }
    }

    private static void validateADFS(URL url, String str) throws AuthenticationException {
        try {
            URI uri = url.toURI();
            if (ADFS_VALIDATED_AUTHORITIES.get(str) == null || !ADFS_VALIDATED_AUTHORITIES.get(str).contains(uri)) {
                if (!ADFSWebFingerValidator.realmIsTrusted(uri, new WebFingerMetadataRequestor().requestMetadata(new WebFingerMetadataRequestParameters(url, new DRSMetadataRequestor().requestMetadata(str))))) {
                    throw new AuthenticationException(ADALError.DEVELOPER_AUTHORITY_IS_NOT_VALID_INSTANCE);
                }
                if (ADFS_VALIDATED_AUTHORITIES.get(str) == null) {
                    ADFS_VALIDATED_AUTHORITIES.put(str, new HashSet());
                }
                ADFS_VALIDATED_AUTHORITIES.get(str).add(uri);
            }
        } catch (URISyntaxException unused) {
            throw new AuthenticationException(ADALError.DEVELOPER_AUTHORITY_IS_NOT_VALID_URL, "Authority URL/URI must be RFC 2396 compliant to use AD FS validation");
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void verifyAuthorityValidInstance(URL url) throws AuthenticationException {
        if (url == null || com.microsoft.identity.common.adal.internal.util.StringExtensions.isNullOrBlank(url.getHost()) || !url.getProtocol().equals(Constants.SCHEME) || !com.microsoft.identity.common.adal.internal.util.StringExtensions.isNullOrBlank(url.getQuery()) || !com.microsoft.identity.common.adal.internal.util.StringExtensions.isNullOrBlank(url.getRef()) || com.microsoft.identity.common.adal.internal.util.StringExtensions.isNullOrBlank(url.getPath())) {
            throw new AuthenticationException(ADALError.DEVELOPER_AUTHORITY_IS_NOT_VALID_INSTANCE);
        }
    }

    public void setCorrelationId(UUID uuid) {
        this.mCorrelationId = uuid;
    }

    public void validateAuthority(URL url) throws AuthenticationException {
        verifyAuthorityValidInstance(url);
        if (AuthorityValidationMetadataCache.containsAuthorityHost(url)) {
            return;
        }
        String lowerCase = url.getHost().toLowerCase(Locale.US);
        if (!AAD_WHITELISTED_HOSTS.contains(url.getHost().toLowerCase(Locale.US))) {
            lowerCase = TRUSTED_QUERY_INSTANCE;
        }
        try {
            sInstanceDiscoveryNetworkRequestLock = getLock();
            sInstanceDiscoveryNetworkRequestLock.lock();
            performInstanceDiscovery(url, lowerCase);
        } finally {
            sInstanceDiscoveryNetworkRequestLock.unlock();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void validateAuthorityADFS(URL url, String str) throws AuthenticationException {
        if (com.microsoft.identity.common.adal.internal.util.StringExtensions.isNullOrBlank(str)) {
            throw new IllegalArgumentException("Cannot validate AD FS Authority with domain [null]");
        }
        validateADFS(url, str);
    }
}
