package com.microsoft.mmx.agents.ypp.authclient.auth;

import Microsoft.Windows.MobilityExperience.Health.Agents.BaseActivity;
import android.annotation.SuppressLint;
import androidx.annotation.NonNull;
import androidx.annotation.Nullable;
import androidx.annotation.WorkerThread;
import com.microsoft.connecteddevices.AsyncOperation;
import com.microsoft.mmx.agents.logging.ILogger;
import com.microsoft.mmx.agents.logging.LogDestination;
import com.microsoft.mmx.agents.logging.TraceContext;
import com.microsoft.mmx.agents.util.TelemetryUtils;
import com.microsoft.mmx.agents.ypp.authclient.auth.AuthManager;
import com.microsoft.mmx.agents.ypp.authclient.auth.IAuthManager;
import com.microsoft.mmx.agents.ypp.authclient.auth.IAuthStorage;
import com.microsoft.mmx.agents.ypp.authclient.crypto.CryptoManager;
import com.microsoft.mmx.agents.ypp.authclient.crypto.IdentityExpiredException;
import com.microsoft.mmx.agents.ypp.authclient.crypto.KeyRotationOperation;
import com.microsoft.mmx.agents.ypp.authclient.service.AuthCustomEventDetails;
import com.microsoft.mmx.agents.ypp.authclient.service.IAuthServiceClient;
import com.microsoft.mmx.agents.ypp.authclient.service.InvalidIdentityException;
import com.microsoft.mmx.agents.ypp.authclient.telemetry.AuthManagerTelemetry;
import com.microsoft.mmx.agents.ypp.authclient.trust.ITrustManager;
import com.microsoft.mmx.agents.ypp.authclient.trust.TrustManagerFactory;
import com.microsoft.mmx.agents.ypp.authclient.utils.AuthTelemetryUtils;
import com.microsoft.mmx.agents.ypp.configuration.PlatformConfiguration;
import io.reactivex.functions.Action;
import io.reactivex.functions.Consumer;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Objects;
import java.util.Set;
import java.util.concurrent.CopyOnWriteArraySet;
import java.util.concurrent.Executor;
import java.util.concurrent.Executors;
import javax.inject.Inject;
import javax.inject.Singleton;

@Singleton
/* loaded from: classes2.dex */
public class AuthManager implements IAuthManager {
    public static final String DEFAULT_SCOPE = "general";
    public final IAuthServiceClient authServiceClient;
    public final IAuthStorage authStorage;
    public final CryptoManager cryptoManager;
    public final KeyRotationOperation keyRotationOperation;
    public final Log logger;
    public final PlatformConfiguration platformConfiguration;
    public final AuthManagerTelemetry telemetry;

    @Nullable
    public ITrustManager trustManager;
    public final TrustManagerFactory trustManagerFactory;
    public final Executor authExecutor = Executors.newSingleThreadExecutor();
    public final Set<IAuthManager.DeviceIdChangedListener> listeners = new CopyOnWriteArraySet();
    public final Set<AsyncOperation> pendingOperations = Collections.synchronizedSet(new HashSet());

    /* loaded from: classes2.dex */
    public final class Log {
        public static final String ANOMALY = "AuthManagerAnomalyEvent";
        public final ILogger logger;
        public final String tag = AuthManager.class.getSimpleName();

        public Log(@NonNull ILogger iLogger) {
            this.logger = iLogger;
        }

        public void a(String str, Throwable th, TraceContext traceContext) {
            this.logger.logEvent(ANOMALY, "FailedRemovingKeyPair", th.getMessage(), new AuthCustomEventDetails.Builder().forAnomaly().setResultDetails(th).addData("deviceId", str).build().getData(), traceContext, LogDestination.Remote);
        }

        public void b(@NonNull Exception exc, @NonNull TraceContext traceContext) {
            this.logger.logEvent(ANOMALY, "InvalidDeviceIdAnomalyEvent", AuthCustomEventDetails.getSerializedDefaultAnomalyData(exc), traceContext, LogDestination.Remote);
        }

        public void c(boolean z, @NonNull String str) {
            this.logger.logDebug(this.tag, "Refreshing access token with forceRefresh=%s and scope=%s", Boolean.valueOf(z), str);
        }

        public void d(String str) {
            this.logger.logDebug(this.tag, "Removed key pair for deviceId: %s", str);
        }
    }

    @Inject
    public AuthManager(@NonNull IAuthServiceClient iAuthServiceClient, @NonNull IAuthStorage iAuthStorage, @NonNull ILogger iLogger, @NonNull TrustManagerFactory trustManagerFactory, @NonNull AuthManagerTelemetry authManagerTelemetry, @NonNull CryptoManager cryptoManager, @NonNull KeyRotationOperation keyRotationOperation, @NonNull PlatformConfiguration platformConfiguration) {
        this.authServiceClient = iAuthServiceClient;
        this.authStorage = iAuthStorage;
        this.logger = new Log(iLogger);
        this.trustManagerFactory = trustManagerFactory;
        this.telemetry = authManagerTelemetry;
        this.cryptoManager = cryptoManager;
        this.keyRotationOperation = keyRotationOperation;
        this.platformConfiguration = platformConfiguration;
    }

    @WorkerThread
    private synchronized AuthState createNewIdentity(@NonNull TraceContext traceContext) {
        AuthState createNewAuthState;
        BaseActivity startEstablishIdentityActivity = this.telemetry.startEstablishIdentityActivity(traceContext);
        TraceContext activityTraceContext = TelemetryUtils.getActivityTraceContext(startEstablishIdentityActivity, traceContext);
        try {
            AccessToken blockingGet = this.authServiceClient.createIdentity(activityTraceContext).blockingGet();
            AuthState authState = this.authStorage.getAuthState();
            createNewAuthState = this.authStorage.createNewAuthState(blockingGet.getDeviceId(), blockingGet);
            if (authState != null) {
                notifyListenersOfRemovedDeviceId(authState.getDeviceId(), activityTraceContext);
            }
            notifyListenersOfNewDeviceId(createNewAuthState.getDeviceId(), activityTraceContext);
            this.telemetry.logActivityEnd(startEstablishIdentityActivity);
        } catch (Exception e2) {
            Log log = this.logger;
            log.logger.logException(log.tag, "Exception while attempting to establish a new identity.", e2, activityTraceContext, LogDestination.Local);
            this.telemetry.logActivityEndExceptional("createNewIdentity", e2, startEstablishIdentityActivity, traceContext);
            handleServiceErrors(e2);
            throw new AuthManagerException(e2);
        }
        return createNewAuthState;
    }

    /* JADX INFO: Access modifiers changed from: private */
    @NonNull
    @WorkerThread
    /* renamed from: getAuthState, reason: merged with bridge method [inline-methods] */
    public synchronized AuthState f(@NonNull TraceContext traceContext) {
        AuthState authState = this.authStorage.getAuthState();
        if (authState == null) {
            Log log = this.logger;
            log.logger.logDebug(log.tag, "Establishing new identity", new Object[0]);
            return createNewIdentity(traceContext);
        }
        if (!isDeviceIdExpired(authState)) {
            Log log2 = this.logger;
            log2.logger.logDebug(log2.tag, "Existing identity returned", new Object[0]);
            return authState;
        }
        Log log3 = this.logger;
        log3.logger.logDebug(log3.tag, "Replacing expired identity", new Object[0]);
        return createNewIdentity(traceContext);
    }

    private void handleServiceErrors(@NonNull Exception exc) {
        if ((exc instanceof IdentityExpiredException) || (exc instanceof InvalidIdentityException)) {
            clear();
        }
    }

    private boolean isAccessTokenExpired(@NonNull AccessToken accessToken) {
        return accessToken.expirationTime.minus(this.platformConfiguration.getTokenExpirationLeewayTime()).isBeforeNow();
    }

    private boolean isDeviceIdExpired(@NonNull AuthState authState) {
        return authState.lastUpdated.plus(this.platformConfiguration.getIdentityExpirationTime()).isBeforeNow();
    }

    private void notifyListenersOfNewDeviceId(@NonNull final String str, @NonNull final TraceContext traceContext) {
        Log log = this.logger;
        log.logger.logDebug(log.tag, "Notifying %d listeners of new device id", Integer.valueOf(AuthManager.this.listeners.size()));
        if (this.trustManager != null) {
            AsyncOperation.runAsync(new Runnable() { // from class: d.b.c.a.z2.a.a.b
                @Override // java.lang.Runnable
                public final void run() {
                    AuthManager.this.g(str, traceContext);
                }
            });
        }
        for (final IAuthManager.DeviceIdChangedListener deviceIdChangedListener : this.listeners) {
            AsyncOperation.runAsync(new Runnable() { // from class: d.b.c.a.z2.a.a.h
                @Override // java.lang.Runnable
                public final void run() {
                    IAuthManager.DeviceIdChangedListener.this.onDeviceIdProvisioned(str);
                }
            });
        }
    }

    @SuppressLint({"CheckResult"})
    private void notifyListenersOfRemovedDeviceId(@NonNull final String str, @NonNull TraceContext traceContext) {
        Log log = this.logger;
        log.logger.logDebug(log.tag, "Notifying %d listeners of removed device id", Integer.valueOf(AuthManager.this.listeners.size()));
        ITrustManager iTrustManager = this.trustManager;
        if (iTrustManager != null) {
            iTrustManager.deviceIdDeprovisioned(str, traceContext);
        }
        for (final IAuthManager.DeviceIdChangedListener deviceIdChangedListener : this.listeners) {
            AsyncOperation.runAsync(new Runnable() { // from class: d.b.c.a.z2.a.a.j
                @Override // java.lang.Runnable
                public final void run() {
                    IAuthManager.DeviceIdChangedListener.this.onDeviceIdDeprovisioned(str);
                }
            });
        }
    }

    private <T> AsyncOperation<T> processPendingOperation(@NonNull final AsyncOperation<T> asyncOperation) {
        this.pendingOperations.add(asyncOperation);
        return asyncOperation.whenComplete(new AsyncOperation.ResultBiConsumer() { // from class: d.b.c.a.z2.a.a.e
            @Override // com.microsoft.connecteddevices.AsyncOperation.ResultBiConsumer
            public final void accept(Object obj, Object obj2) {
                AuthManager.this.i(asyncOperation, obj, (Throwable) obj2);
            }
        });
    }

    @WorkerThread
    private synchronized AccessToken refreshAccessToken(@NonNull AuthState authState, @NonNull AuthManagerTelemetry.RefreshType refreshType, @NonNull String str, @NonNull TraceContext traceContext) {
        AccessToken blockingGet;
        BaseActivity startRefreshTokenActivity = this.telemetry.startRefreshTokenActivity(refreshType, traceContext);
        TraceContext activityTraceContext = TelemetryUtils.getActivityTraceContext(startRefreshTokenActivity, traceContext);
        try {
            blockingGet = this.authServiceClient.signIn(authState.getDeviceId(), str, activityTraceContext).blockingGet();
            this.authStorage.updateToken(authState.getDeviceId(), blockingGet);
            this.telemetry.logActivityEnd(startRefreshTokenActivity);
        } catch (Exception e2) {
            Log log = this.logger;
            log.logger.logException(log.tag, "Exception while attempting to refresh access token.", e2, activityTraceContext, LogDestination.Local);
            this.telemetry.logActivityEndExceptional("refreshAccessToken", e2, startRefreshTokenActivity, traceContext);
            handleServiceErrors(e2);
            throw new AuthManagerException(e2);
        }
        return blockingGet;
    }

    private synchronized void rotateKeysIfNecessary(@NonNull String str, @NonNull TraceContext traceContext) {
        if (this.cryptoManager.isKeyRotationNecessary(str, traceContext)) {
            Log log = this.logger;
            log.logger.logDebug(log.tag, "Starting key rotation for deviceId: %s", str);
            BaseActivity startKeyRotationActivity = this.telemetry.startKeyRotationActivity(traceContext);
            TraceContext activityTraceContext = TelemetryUtils.getActivityTraceContext(startKeyRotationActivity, traceContext);
            Throwable blockingGet = this.keyRotationOperation.performKeyRotation(str, activityTraceContext).blockingGet();
            if (blockingGet == null) {
                Log log2 = this.logger;
                log2.logger.logDebug(log2.tag, "Completed key rotation successfully for deviceId: %s", str);
                this.telemetry.logActivityEnd(startKeyRotationActivity);
            } else if (blockingGet instanceof Exception) {
                Log log3 = this.logger;
                Exception exc = (Exception) blockingGet;
                if (log3 == null) {
                    throw null;
                }
                log3.logger.logException(log3.tag, "Key rotation failed", exc, Collections.singletonMap("deviceId", str), activityTraceContext, LogDestination.Local);
                this.telemetry.logActivityEndExceptional("rotateKeysIfNecessary", (Exception) blockingGet, startKeyRotationActivity, traceContext);
            }
        }
    }

    public /* synthetic */ void a(AuthState authState) throws Exception {
        this.logger.d(authState.getDeviceId());
    }

    @Override // com.microsoft.mmx.agents.ypp.authclient.auth.IAuthManager
    public void addDeviceIdChangedListener(@NonNull IAuthManager.DeviceIdChangedListener deviceIdChangedListener) {
        this.listeners.add(deviceIdChangedListener);
        Log log = this.logger;
        log.logger.logDebug(log.tag, "DeviceId listener added", new Object[0]);
    }

    public /* synthetic */ void b(AuthState authState, TraceContext traceContext, Throwable th) throws Exception {
        this.logger.a(authState.getDeviceId(), th, traceContext);
    }

    public String c(final TraceContext traceContext, String str, String str2, boolean z) {
        final AuthState f = f(traceContext);
        if (str != null && !Objects.equals(str, f.getDeviceId())) {
            IllegalArgumentException illegalArgumentException = new IllegalArgumentException("DeviceId does not match established identity");
            this.logger.b(illegalArgumentException, traceContext);
            throw illegalArgumentException;
        }
        String lowerCase = str2 != null ? str2.toLowerCase() : DEFAULT_SCOPE;
        AccessToken accessToken = f.accessTokenMap.get(lowerCase);
        this.authExecutor.execute(new Runnable() { // from class: d.b.c.a.z2.a.a.c
            @Override // java.lang.Runnable
            public final void run() {
                AuthManager.this.h(f, traceContext);
            }
        });
        if (accessToken == null) {
            this.logger.c(z, lowerCase);
            return refreshAccessToken(f, AuthManagerTelemetry.RefreshType.NEW_TOKEN, lowerCase, traceContext).getToken();
        }
        if (z) {
            this.logger.c(true, lowerCase);
            return refreshAccessToken(f, AuthManagerTelemetry.RefreshType.FORCE_REFRESH, lowerCase, traceContext).getToken();
        }
        if (!isAccessTokenExpired(accessToken)) {
            return accessToken.getToken();
        }
        this.logger.c(false, lowerCase);
        return refreshAccessToken(f, AuthManagerTelemetry.RefreshType.EXPIRED, lowerCase, traceContext).getToken();
    }

    @Override // com.microsoft.mmx.agents.ypp.authclient.auth.IAuthManager
    public void clear() {
        final TraceContext createNewTraceContext = TelemetryUtils.createNewTraceContext(AuthTelemetryUtils.AUTH_MANAGER_SCENARIO_ID, AuthTelemetryUtils.AUTH_MANAGER_CLEAR_TRIGGER);
        Log log = this.logger;
        log.logger.logDebug(log.tag, "Clearing auth state", new Object[0]);
        final AuthState authState = this.authStorage.getAuthState();
        Executor executor = this.authExecutor;
        final IAuthStorage iAuthStorage = this.authStorage;
        iAuthStorage.getClass();
        executor.execute(new Runnable() { // from class: d.b.c.a.z2.a.a.l
            @Override // java.lang.Runnable
            public final void run() {
                IAuthStorage.this.clear();
            }
        });
        Iterator it = new HashSet(this.pendingOperations).iterator();
        while (it.hasNext()) {
            AsyncOperation asyncOperation = (AsyncOperation) it.next();
            if (!asyncOperation.isDone() && !asyncOperation.isCancelled()) {
                asyncOperation.cancel(true);
            }
        }
        this.pendingOperations.clear();
        if (authState != null) {
            this.cryptoManager.removeKeyPair(authState.getDeviceId(), createNewTraceContext).subscribe(new Action() { // from class: d.b.c.a.z2.a.a.k
                @Override // io.reactivex.functions.Action
                public final void run() {
                    AuthManager.this.a(authState);
                }
            }, new Consumer() { // from class: d.b.c.a.z2.a.a.i
                @Override // io.reactivex.functions.Consumer
                public final void accept(Object obj) {
                    AuthManager.this.b(authState, createNewTraceContext, (Throwable) obj);
                }
            });
            notifyListenersOfRemovedDeviceId(authState.getDeviceId(), createNewTraceContext);
        }
    }

    public /* synthetic */ String d(TraceContext traceContext) {
        return f(traceContext).getDeviceId();
    }

    public /* synthetic */ ITrustManager e(String str) throws Throwable {
        if (this.trustManager == null) {
            this.trustManager = this.trustManagerFactory.getForDeviceId(str);
        }
        return this.trustManager;
    }

    public /* synthetic */ void g(String str, TraceContext traceContext) {
        this.trustManager.deviceIdProvisioned(str, traceContext);
    }

    @Override // com.microsoft.mmx.agents.ypp.authclient.auth.IAuthManager
    @NonNull
    public AsyncOperation<String> getAccessToken(boolean z, @Nullable String str, @NonNull TraceContext traceContext) {
        return getAccessToken(z, str, null, traceContext);
    }

    @Override // com.microsoft.mmx.agents.ypp.authclient.auth.IAuthManager
    @NonNull
    public AsyncOperation<String> getAccessToken(final boolean z, @Nullable final String str, @Nullable final String str2, @NonNull final TraceContext traceContext) {
        return processPendingOperation(AsyncOperation.supplyAsync(new AsyncOperation.Supplier() { // from class: d.b.c.a.z2.a.a.g
            @Override // com.microsoft.connecteddevices.AsyncOperation.Supplier
            public final Object get() {
                return AuthManager.this.c(traceContext, str2, str, z);
            }
        }, this.authExecutor));
    }

    @Override // com.microsoft.mmx.agents.ypp.authclient.auth.IAuthManager
    @NonNull
    public AsyncOperation<String> getDeviceId(@NonNull final TraceContext traceContext) {
        return processPendingOperation(AsyncOperation.supplyAsync(new AsyncOperation.Supplier() { // from class: d.b.c.a.z2.a.a.f
            @Override // com.microsoft.connecteddevices.AsyncOperation.Supplier
            public final Object get() {
                return AuthManager.this.d(traceContext);
            }
        }, this.authExecutor));
    }

    @Override // com.microsoft.mmx.agents.ypp.authclient.auth.IAuthManager
    @NonNull
    public AsyncOperation<ITrustManager> getTrustManager(@NonNull TraceContext traceContext) {
        return getDeviceId(traceContext).thenApplyAsync(new AsyncOperation.ResultFunction() { // from class: d.b.c.a.z2.a.a.d
            @Override // com.microsoft.connecteddevices.AsyncOperation.ResultFunction
            public final Object apply(Object obj) {
                return AuthManager.this.e((String) obj);
            }
        }, this.authExecutor);
    }

    public /* synthetic */ void h(AuthState authState, TraceContext traceContext) {
        rotateKeysIfNecessary(authState.getDeviceId(), traceContext);
    }

    @Override // com.microsoft.mmx.agents.ypp.authclient.auth.IAuthManager
    public boolean hasActiveIdentity() {
        if (this.authStorage.getAuthState() == null) {
            return false;
        }
        return !isDeviceIdExpired(r0);
    }

    public /* synthetic */ void i(AsyncOperation asyncOperation, Object obj, Throwable th) throws Throwable {
        this.pendingOperations.remove(asyncOperation);
    }

    @Override // com.microsoft.mmx.agents.ypp.authclient.auth.IAuthManager
    @NonNull
    public AsyncOperation<Void> init() {
        return init(TelemetryUtils.createNewTraceContext(AuthTelemetryUtils.AUTH_MANAGER_SCENARIO_ID, AuthTelemetryUtils.AUTH_MANAGER_INIT_TRIGGER));
    }

    @Override // com.microsoft.mmx.agents.ypp.authclient.auth.IAuthManager
    @NonNull
    public AsyncOperation<Void> init(@NonNull final TraceContext traceContext) {
        return processPendingOperation(AsyncOperation.runAsync(new Runnable() { // from class: d.b.c.a.z2.a.a.a
            @Override // java.lang.Runnable
            public final void run() {
                AuthManager.this.f(traceContext);
            }
        }, this.authExecutor));
    }

    @Override // com.microsoft.mmx.agents.ypp.authclient.auth.IAuthManager
    public void removeDeviceIdChangedListener(@NonNull IAuthManager.DeviceIdChangedListener deviceIdChangedListener) {
        this.listeners.remove(deviceIdChangedListener);
        Log log = this.logger;
        log.logger.logDebug(log.tag, "DeviceId listener removed", new Object[0]);
    }
}
