package com.microsoft.aad.adal.unity;

import android.accounts.Account;
import android.accounts.AccountManager;
import android.content.Context;
import android.content.Intent;
import android.text.TextUtils;
import android.util.Base64;
import com.microsoft.aad.adal.unity.AuthenticationConstants;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.URL;
import java.net.URLEncoder;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.text.ParseException;
import java.text.SimpleDateFormat;
import java.util.Date;
import java.util.GregorianCalendar;
import java.util.HashMap;
import java.util.Locale;
import java.util.TimeZone;
import javax.crypto.NoSuchPaddingException;
import org.json.JSONException;

/* loaded from: classes.dex */
public class BrokerClient {
    public static final String BROKER_CLIENT_ID = "29d9ed98-a469-4536-ade2-f981bc1d605e";
    public static final String JWT_ACCESS_TOKEN = "access_token";
    private static final String JWT_BEARER_REQUEST = "grant_type=urn%3aietf%3aparams%3aoauth%3agrant-type%3ajwt-bearer&request=";
    public static final String JWT_EXPIRES_IN = "expires_in";
    public static final String JWT_EXPIRES_ON = "expires_on";
    private static final String JWT_GENERATION_IS_FAILED = "JWT generation is failed";
    public static final String JWT_ID_TOKEN = "id_token";
    public static final String JWT_NOT_BEFORE = "not_before";
    public static final String JWT_PRIMARY_REFRESH_TOKEN = "primary_refresh_token";
    public static final String JWT_PRT_EXPIRES_IN = "prt_expires_in";
    public static final String JWT_REFRESH_TOKEN = "refresh_token";
    public static final String JWT_RESOURCE = "resource";
    public static final String JWT_RT_EXPIRES_IN = "rt_expires_in";
    public static final String JWT_SCOPE = "scope";
    public static final String JWT_TOKEN_TYPE = "token_type";
    private static final String MAMVER = "mamver";
    public static final String NONCE_REQUEST_MSG = "grant_type=srv_challenge";
    public static final String PRT_SCOPE = "aza";
    private static final int SECONDS_EXPIRE = 300;
    private static final long SECONDS_MS = 1000;
    private static final String TAG = "BrokerClient";
    private static final String UTF_8_IS_NOT_SUPPORTED = "UTF-8 is not supported";
    private static final String WINDOWS_API_VERSION = "2.0";
    private static String sBrokerVersion;
    private AccountManager mAccountManager;
    private String mAdalClientVersion;
    private Context mAppContext;
    private BrokerProxy mBrokerCaller;
    private String mCallingPackageName;
    private IJWSBuilder mJWSBuilder;
    private Oauth2 mOauthClient;
    private BrokerRequest mRequest;
    private IWebRequestHandler mWebRequestHandler;

    /* loaded from: classes.dex */
    public enum AccountRequestType {
        AddAccount,
        AddAccountSSOBroker,
        Settings,
        Intune
    }

    public BrokerClient(Context context, BrokerRequest brokerRequest, String str) {
        this.mJWSBuilder = new JWSBuilder();
        this.mAppContext = context;
        this.mAccountManager = AccountManager.get(this.mAppContext);
        this.mRequest = brokerRequest;
        filterExtraQueryParams();
        this.mOauthClient = new Oauth2(this.mRequest);
        this.mWebRequestHandler = new WebRequestHandler();
        this.mJWSBuilder = new JWSBuilder();
        this.mBrokerCaller = new BrokerProxy(context);
        this.mCallingPackageName = str;
        this.mAdalClientVersion = brokerRequest.getVersion();
        applyPRNGFixes();
        filterExtraQueryParams();
    }

    public BrokerClient(Context context, BrokerRequest brokerRequest, String str, IWebRequestHandler iWebRequestHandler, IJWSBuilder iJWSBuilder) {
        this.mJWSBuilder = new JWSBuilder();
        this.mAppContext = context;
        this.mRequest = brokerRequest;
        filterExtraQueryParams();
        this.mAccountManager = AccountManager.get(this.mAppContext);
        this.mOauthClient = new Oauth2(this.mRequest, iWebRequestHandler, iJWSBuilder);
        this.mWebRequestHandler = iWebRequestHandler;
        this.mJWSBuilder = iJWSBuilder;
        this.mBrokerCaller = new BrokerProxy(context);
        this.mCallingPackageName = str;
        this.mAdalClientVersion = brokerRequest.getVersion();
        applyPRNGFixes();
    }

    private BrokerTokenResult acquireToken(IKeyHandler iKeyHandler, String str, String str2) throws BrokerClientException {
        HttpWebRequest.throwIfNetworkNotAvaliable(this.mAppContext);
        new BrokerTokenResult();
        Logger.v(TAG, "Building request to get access token with PRT.");
        try {
            HashMap<String, String> hashMap = new HashMap<>();
            hashMap.put("typ", "JWT");
            hashMap.put("alg", "HS256");
            hashMap.put("ctx", new String(Base64.encode(iKeyHandler.getDerivedKey().getCtx(), 3), "UTF_8"));
            HashMap<String, String> hashMap2 = new HashMap<>();
            hashMap2.put("aud", this.mRequest.getAuthority());
            hashMap2.put("iss", "29d9ed98-a469-4536-ade2-f981bc1d605e");
            String brokerRedirectUri = getBrokerRedirectUri(this.mAppContext, this.mCallingPackageName);
            Logger.v(TAG, "Token request with PRT, constructing redirect with calling app package name and signature: " + brokerRedirectUri);
            hashMap2.put(AuthenticationConstants.OAuth2.REDIRECT_URI, brokerRedirectUri);
            hashMap2.put("iat", "");
            hashMap2.put("nbf", "");
            hashMap2.put("exp", "");
            hashMap2.put("resource", this.mRequest.getResource());
            hashMap2.put("scope", "openid aza");
            hashMap2.put(AuthenticationConstants.OAuth2.GRANT_TYPE, "refresh_token");
            hashMap2.put("client_id", this.mRequest.getClientId());
            hashMap2.put("request_nonce", getNonce());
            hashMap2.put("refresh_token", str);
            String generateJWT = this.mJWSBuilder.generateJWT(hashMap, hashMap2, SECONDS_EXPIRE);
            String str3 = "windows_api_version=2.0&redirect_uri=" + brokerRedirectUri + "&client_id=" + this.mRequest.getClientId() + "&grant_type=urn%3aietf%3aparams%3aoauth%3agrant-type%3ajwt-bearer&request=" + (generateJWT + "." + iKeyHandler.signWithDerivedKey(generateJWT));
            Logger.v("BrokerClient#acquireToken", "Sending token request using PRT.");
            BrokerTokenResult sendTokenRequest = sendTokenRequest(iKeyHandler, str3);
            if (sendTokenRequest.getUserInfo() != null) {
                Logger.v("BrokerClient#acquireToken", "Userinfo returned from the token request using PRT.");
            } else {
                Logger.v("BrokerClient#acquireToken", "Userinfo is not returned from the token request using PRT, set id token with the one returned in prt result.");
                setIdToken(sendTokenRequest, str2);
            }
            Logger.v("BrokerClient#acquireToken", "Acquire token using PRT status:" + sendTokenRequest.getStatus());
            return sendTokenRequest;
        } catch (UnsupportedEncodingException e) {
            throw new BrokerClientException(UTF_8_IS_NOT_SUPPORTED, e);
        } catch (IOException e2) {
            throw new BrokerClientException("Encounter IOException " + e2.getMessage(), e2);
        } catch (NoSuchAlgorithmException e3) {
            throw new BrokerClientException(e3.getMessage(), e3);
        } catch (NoSuchProviderException e4) {
            throw new BrokerClientException("Bouncy castle is not available", e4);
        } catch (ParseException e5) {
            throw new BrokerClientException(e5.getMessage(), e5);
        } catch (NoSuchPaddingException e6) {
            throw new BrokerClientException(e6.getMessage(), e6);
        } catch (JSONException e7) {
            throw new BrokerClientException(JWT_GENERATION_IS_FAILED, e7);
        }
    }

    private void applyPRNGFixes() {
        try {
            PRNGFixes.apply();
        } catch (Exception e) {
            Logger.e(TAG, "Failed to apply prng fixes", "", ADALError.DEVICE_PRNG_FIX_ERROR, e);
        }
    }

    private String decryptPrtTokenResponse(String str, IKeyHandler iKeyHandler) throws JSONException, UnsupportedEncodingException, NoSuchAlgorithmException, NoSuchProviderException, NoSuchPaddingException, BrokerClientException {
        JweResponse parseJwe = JweResponse.parseJwe(str);
        if (!parseJwe.header.headerEncryptionAlgorithm.equalsIgnoreCase("A256GCM") && !parseJwe.header.headerEncryptionAlgorithm.equalsIgnoreCase("dir")) {
            throw new IllegalArgumentException("Invalid encryption algorithm");
        }
        byte[] decode = Base64.decode(parseJwe.iv, 8);
        byte[] decode2 = Base64.decode(parseJwe.payload, 8);
        byte[] decode3 = Base64.decode(parseJwe.header.headerContext, 0);
        Logger.v(TAG, "Decrypting the token response for using PRT. IV size:" + decode.length + " payload size:" + decode2.length + " ctx size:" + decode3.length);
        return new String(iKeyHandler.decryptUsingDerivedKey(decode, decode3, decode2), "UTF-8");
    }

    private void filterExtraQueryParams() {
        if (StringExtensions.IsNullOrBlank(this.mRequest.getExtraQueryParamsAuthentication())) {
            return;
        }
        HashMap<String, String> urlParameters = StringExtensions.getUrlParameters(this.mRequest.getAuthority() + this.mRequest.getExtraQueryParamsAuthentication());
        if (urlParameters.containsKey(MAMVER)) {
            this.mRequest.setExtraQueryParamsAuthentication("mamver=" + urlParameters.get(MAMVER));
        }
    }

    private String getAuthorizationEndpoint() {
        return this.mOauthClient.getAuthorizationEndpoint();
    }

    public static String getBrokerRedirectUri(Context context, String str) {
        return PackageHelper.getBrokerRedirectUrl(str, new PackageHelper(context).getCurrentSignatureForPackage(str));
    }

    public static String getBrokerVersion() {
        return sBrokerVersion;
    }

    private String getTokenEndpoint() {
        return this.mOauthClient.getTokenEndpoint();
    }

    private BrokerOauthError parseError(HttpWebResponse httpWebResponse) {
        BrokerOauthError brokerOauthError = new BrokerOauthError();
        if (TextUtils.isEmpty(httpWebResponse.getBody())) {
            String body = httpWebResponse.getBody();
            String str = body != null ? new String(body) : "Status code:" + String.valueOf(httpWebResponse.getStatusCode());
            Logger.v(TAG, "Server error message:" + str);
            brokerOauthError.setError(String.valueOf(httpWebResponse.getStatusCode()));
            brokerOauthError.setErrorDescription(str);
        } else {
            try {
                HashMap hashMap = new HashMap();
                String str2 = new String(httpWebResponse.getBody());
                Logger.v(TAG, "PRT error response:" + str2);
                Oauth2.extractJsonObjects(hashMap, str2);
                brokerOauthError.setError((String) hashMap.get(AuthenticationConstants.OAuth2.ERROR));
                brokerOauthError.setErrorDescription((String) hashMap.get(AuthenticationConstants.OAuth2.ERROR_DESCRIPTION));
                Logger.v(TAG, "Total response items:" + hashMap.size());
            } catch (Exception e) {
                Logger.e(TAG, e.getMessage(), "", ADALError.SERVER_INVALID_JSON_RESPONSE, e);
                brokerOauthError.setErrorDescription(e.getMessage());
            }
        }
        return brokerOauthError;
    }

    private PRTResult parsePRT(HashMap<String, String> hashMap) {
        PRTResult pRTResult = new PRTResult();
        pRTResult.setIdToken(hashMap.get(JWT_ID_TOKEN));
        pRTResult.setSessionKeyJwe(hashMap.get("session_key_jwe"));
        pRTResult.setPrimaryRefreshToken(hashMap.get("refresh_token"));
        pRTResult.setExpiresIn(Integer.parseInt(hashMap.get("expires_in")));
        return pRTResult;
    }

    private BrokerTokenResult parseToken(HashMap<String, String> hashMap) throws ParseException {
        BrokerTokenResult brokerTokenResult = new BrokerTokenResult();
        TimeZone timeZone = TimeZone.getTimeZone("UTC");
        brokerTokenResult.setAccessTokenType(hashMap.get("token_type"));
        String str = hashMap.get("expires_in");
        brokerTokenResult.setExpiresIn(Integer.parseInt(str));
        new SimpleDateFormat("dd-MM-yyyy HH:mm:ss.SSS", Locale.US).setTimeZone(timeZone);
        Date date = new Date(Long.parseLong(hashMap.get(JWT_EXPIRES_ON)));
        brokerTokenResult.setExpiresOn(date);
        if (date.before(new Date())) {
            GregorianCalendar gregorianCalendar = new GregorianCalendar();
            gregorianCalendar.add(13, (str == null || str.isEmpty()) ? AuthenticationConstants.DEFAULT_EXPIRATION_TIME_SEC : Integer.parseInt(str));
            brokerTokenResult.setExpiresOn(gregorianCalendar.getTime());
        }
        brokerTokenResult.setExpiresNotBefore(new Date(Long.parseLong(hashMap.get(JWT_NOT_BEFORE))));
        brokerTokenResult.setResource(hashMap.get("resource"));
        brokerTokenResult.setAccessToken(hashMap.get("access_token"));
        brokerTokenResult.setPrimaryRefreshToken(hashMap.get(JWT_PRIMARY_REFRESH_TOKEN));
        brokerTokenResult.setRefreshToken(hashMap.get("refresh_token"));
        if (hashMap.get(JWT_PRT_EXPIRES_IN) != null) {
            brokerTokenResult.setPrimaryRefreshTokenExpiresIn(Integer.parseInt(hashMap.get(JWT_PRT_EXPIRES_IN)));
        }
        if (hashMap.get(JWT_RT_EXPIRES_IN) != null) {
            brokerTokenResult.setRefreshTokenExpiresIn(Integer.parseInt(hashMap.get(JWT_RT_EXPIRES_IN)));
        }
        brokerTokenResult.setScope(hashMap.get("scope"));
        brokerTokenResult.setIdToken(hashMap.get(JWT_ID_TOKEN));
        if (hashMap.containsKey(JWT_ID_TOKEN)) {
            setIdToken(brokerTokenResult, hashMap.get(JWT_ID_TOKEN));
        }
        return brokerTokenResult;
    }

    private PRTResult sendPrtRequest(String str) throws JSONException, IOException {
        Logger.v(TAG, "Sending request to get PRT with broker RT.");
        PRTResult pRTResult = new PRTResult();
        HashMap<String, String> hashMap = new HashMap<>();
        this.mWebRequestHandler.setRequestCorrelationId(this.mRequest.getCorrelationId());
        Logger.d(TAG, "PRT request:" + str);
        HttpWebResponse sendPost = this.mWebRequestHandler.sendPost(StringExtensions.getUrl(getTokenEndpoint()), null, str.getBytes("UTF_8"), "application/x-www-form-urlencoded");
        if (sendPost.getStatusCode() == 200) {
            Oauth2.extractJsonObjects(hashMap, new String(sendPost.getBody()));
            return parsePRT(hashMap);
        }
        pRTResult.setError(parseError(sendPost));
        return pRTResult;
    }

    private BrokerTokenResult sendTokenRequest(IKeyHandler iKeyHandler, String str) throws JSONException, IOException, ParseException, NoSuchAlgorithmException, NoSuchProviderException, NoSuchPaddingException, BrokerClientException {
        BrokerTokenResult brokerTokenResult = new BrokerTokenResult();
        HashMap<String, String> hashMap = new HashMap<>();
        this.mWebRequestHandler.setRequestCorrelationId(this.mRequest.getCorrelationId());
        HttpWebResponse sendPost = this.mWebRequestHandler.sendPost(StringExtensions.getUrl(getTokenEndpoint()), null, str.getBytes("UTF_8"), "application/x-www-form-urlencoded");
        if (sendPost.getStatusCode() != 200) {
            Logger.v(TAG, String.format("Received PRT response is %d", Integer.valueOf(sendPost.getStatusCode())));
            brokerTokenResult.setError(parseError(sendPost));
            return brokerTokenResult;
        }
        String decryptPrtTokenResponse = decryptPrtTokenResponse(new String(sendPost.getBody()), iKeyHandler);
        Oauth2.extractJsonObjects(hashMap, decryptPrtTokenResponse);
        Logger.d(TAG, "Parsing json mesage:" + decryptPrtTokenResponse);
        return parseToken(hashMap);
    }

    public static void setBrokerVersion(String str) {
        sBrokerVersion = str;
    }

    private void setIdToken(BrokerTokenResult brokerTokenResult, String str) {
        if (StringExtensions.IsNullOrBlank(str)) {
            Logger.v(TAG, "IdToken is not provided");
            return;
        }
        IdToken idToken = new IdToken(str);
        String tenantId = idToken.getTenantId();
        UserInfo userInfo = new UserInfo(idToken);
        brokerTokenResult.setTenantId(tenantId);
        brokerTokenResult.setUserInfo(userInfo);
    }

    public BrokerTokenResult acquireToken(Account account, IKeyHandler iKeyHandler) throws BrokerClientException {
        BrokerTokenResult brokerTokenResult = new BrokerTokenResult();
        try {
            PRTResult prt = getPRT(account, iKeyHandler);
            if (!StringExtensions.IsNullOrBlank(prt.getPrimaryRefreshToken())) {
                Logger.v(TAG, "PRT exists and using it to get access token.");
                return acquireToken(iKeyHandler, prt.getPrimaryRefreshToken(), prt.getIdToken());
            }
            Logger.v(TAG, "PRT does not exist");
            brokerTokenResult.setError(prt.getError());
            return brokerTokenResult;
        } catch (Exception e) {
            throw new BrokerClientException(e.getMessage(), e);
        }
    }

    public BrokerTokenResult acquireTokenAfterResolveInterrupt(IKeyHandler iKeyHandler, String str, String str2) throws BrokerClientException {
        new BrokerTokenResult();
        String str3 = StringExtensions.getUrlParameters(str2).get("code");
        if (TextUtils.isEmpty(str3)) {
            throw new BrokerClientException("Auth code is null or empty.");
        }
        try {
            HashMap<String, String> hashMap = new HashMap<>();
            hashMap.put("typ", "JWT");
            hashMap.put("alg", "HS256");
            hashMap.put("ctx", new String(Base64.encode(iKeyHandler.getDerivedKey().getCtx(), 3), "UTF_8"));
            HashMap<String, String> hashMap2 = new HashMap<>();
            hashMap2.put("aud", this.mRequest.getAuthority());
            hashMap2.put("iss", "29d9ed98-a469-4536-ade2-f981bc1d605e");
            hashMap2.put("iat", "");
            hashMap2.put("nbf", "");
            hashMap2.put("exp", "");
            hashMap2.put("resource", this.mRequest.getResource());
            hashMap2.put("client_id", this.mRequest.getClientId());
            hashMap2.put("scope", "openid");
            hashMap2.put(AuthenticationConstants.OAuth2.GRANT_TYPE, AuthenticationConstants.OAuth2.AUTHORIZATION_CODE);
            hashMap2.put(AuthenticationConstants.OAuth2.AUTHORIZATION_CODE, str3);
            String generateJWT = this.mJWSBuilder.generateJWT(hashMap, hashMap2, SECONDS_EXPIRE);
            BrokerTokenResult sendTokenRequest = sendTokenRequest(iKeyHandler, "windows_api_version=2.0&redirect_uri=" + URLEncoder.encode(PackageHelper.getBrokerRedirectUrl(this.mCallingPackageName, new PackageHelper(this.mAppContext).getCurrentSignatureForPackage(this.mCallingPackageName))) + "&client_id=" + this.mRequest.getClientId() + "&grant_type=urn%3aietf%3aparams%3aoauth%3agrant-type%3ajwt-bearer&request=" + (generateJWT + "." + iKeyHandler.signWithDerivedKey(generateJWT)));
            if (sendTokenRequest.getUserInfo() == null) {
                setIdToken(sendTokenRequest, str);
            }
            Logger.v(TAG, "PRT status:" + sendTokenRequest.getStatus());
            return sendTokenRequest;
        } catch (IOException e) {
            throw new BrokerClientException(UTF_8_IS_NOT_SUPPORTED, e);
        } catch (NoSuchAlgorithmException e2) {
            throw new BrokerClientException(e2.getMessage(), e2);
        } catch (NoSuchProviderException e3) {
            throw new BrokerClientException("Bouncy castle is not available", e3);
        } catch (ParseException e4) {
            throw new BrokerClientException(e4.getMessage(), e4);
        } catch (NoSuchPaddingException e5) {
            throw new BrokerClientException(e5.getMessage(), e5);
        } catch (JSONException e6) {
            throw new BrokerClientException(JWT_GENERATION_IS_FAILED, e6);
        }
    }

    public String getAdalClientVersion() {
        return this.mAdalClientVersion;
    }

    public String getAddSSOUserRequest() throws UnsupportedEncodingException {
        this.mOauthClient.setAdalClientVersion(this.mAdalClientVersion);
        String codeRequestUrl = this.mOauthClient.getCodeRequestUrl();
        return (this.mRequest.getLoginHint() == null || this.mRequest.getLoginHint().isEmpty()) ? codeRequestUrl : codeRequestUrl + "&restrict_to_hint=true";
    }

    public Intent getIntentForAccountActivity(BrokerRequest brokerRequest) {
        return this.mBrokerCaller.getIntentForBrokerActivity(brokerRequest);
    }

    public String getNonce() {
        Logger.v(TAG, "Starting to request for nonce.");
        URL url = StringExtensions.getUrl(getTokenEndpoint());
        HashMap hashMap = new HashMap();
        this.mWebRequestHandler.setRequestCorrelationId(this.mRequest.getCorrelationId());
        try {
            HttpWebResponse sendPost = this.mWebRequestHandler.sendPost(url, null, NONCE_REQUEST_MSG.getBytes("UTF_8"), "application/x-www-form-urlencoded");
            if (sendPost.getStatusCode() != 200) {
                return null;
            }
            Oauth2.extractJsonObjects(hashMap, new String(sendPost.getBody()));
            String str = (String) hashMap.get(AuthenticationConstants.Broker.PRT_NONCE);
            return str == null ? (String) hashMap.get("Nonce") : str;
        } catch (IOException e) {
            Logger.e(TAG, "IO exception", e.getMessage(), ADALError.IO_EXCEPTION, e);
            return null;
        } catch (JSONException e2) {
            Logger.e(TAG, "Json exception", e2.getMessage(), ADALError.SERVER_INVALID_JSON_RESPONSE, e2);
            return null;
        }
    }

    public PRTResult getPRT(Account account, IKeyHandler iKeyHandler) throws BrokerClientException {
        PRTResult prt = iKeyHandler.getPRT(account);
        try {
            if (TextUtils.isEmpty(prt.getPrimaryRefreshToken())) {
                Logger.v("BrokerClient#getPRT", "PRT does not exist and checking broker RT");
                String userData = this.mAccountManager.getUserData(account, StringExtensions.createHash(AuthenticationConstants.Broker.USERDATA_BROKER_RT + account.name));
                if (TextUtils.isEmpty(userData)) {
                    Logger.v(TAG, "Broker refresh token does not exists and prt is not requested.");
                } else {
                    Logger.v("BrokerClient#getPRT", "Requesting PRT with BrokerRT");
                    prt = getPRTWithRefreshToken(iKeyHandler, userData);
                    if (!TextUtils.isEmpty(prt.getPrimaryRefreshToken())) {
                        Logger.v("BrokerClient#getPRT", "PRT is received with BrokerRT, saving PRT.");
                        iKeyHandler.savePRT(prt);
                    } else if (prt.getError() != null && prt.getError().isInvalidGrant()) {
                        iKeyHandler.deletePRT();
                        Logger.v("BrokerClient#getPRT", "Received invalid_grant when requesting PRT with BrokerRT.");
                    }
                }
            } else {
                Logger.v("BrokerClient#getPRT", "PRT already exists.");
            }
            return prt;
        } catch (IOException e) {
            throw new BrokerClientException(UTF_8_IS_NOT_SUPPORTED, e);
        } catch (NoSuchAlgorithmException e2) {
            throw new BrokerClientException(JWT_GENERATION_IS_FAILED, e2);
        } catch (JSONException e3) {
            throw new BrokerClientException(JWT_GENERATION_IS_FAILED, e3);
        }
    }

    public PRTResult getPRTWithNGC(IKeyHandler iKeyHandler) throws BrokerClientException {
        new PRTResult();
        try {
            String nonce = getNonce();
            HashMap<String, String> hashMap = new HashMap<>();
            hashMap.put("typ", "JWT");
            hashMap.put("alg", "RS256");
            hashMap.put("kid", iKeyHandler.getKeyId());
            hashMap.put("use", "ngc");
            HashMap<String, String> hashMap2 = new HashMap<>();
            hashMap2.put("aud", this.mRequest.getAuthority());
            hashMap2.put("iss", this.mRequest.getLoginHint());
            hashMap2.put("iat", "");
            hashMap2.put("use", "ngc");
            String signWithNGC = iKeyHandler.signWithNGC(this.mJWSBuilder.generateJWT(hashMap, hashMap2, SECONDS_EXPIRE));
            HashMap<String, String> hashMap3 = new HashMap<>();
            hashMap3.put("typ", "JWT");
            hashMap3.put("alg", "RS256");
            hashMap3.put("x5c", iKeyHandler.getDeviceCertX5c());
            HashMap<String, String> hashMap4 = new HashMap<>();
            hashMap4.put("assertion", signWithNGC);
            hashMap4.put("client_id", this.mRequest.getClientId());
            hashMap4.put("scope", "openid aza");
            hashMap4.put(AuthenticationConstants.Broker.PRT_NONCE, nonce);
            hashMap4.put(AuthenticationConstants.OAuth2.GRANT_TYPE, "ngc");
            return sendPrtRequest(JWT_BEARER_REQUEST + iKeyHandler.signWithDevice(this.mJWSBuilder.generateJWT(hashMap3, hashMap4, SECONDS_EXPIRE)));
        } catch (IOException e) {
            throw new BrokerClientException(UTF_8_IS_NOT_SUPPORTED, e);
        } catch (JSONException e2) {
            throw new BrokerClientException(JWT_GENERATION_IS_FAILED, e2);
        }
    }

    public PRTResult getPRTWithRefreshToken(IKeyHandler iKeyHandler, String str) throws JSONException, IOException {
        new PRTResult();
        Logger.v(TAG, "Building request for acquiring PRT with RT.");
        HashMap<String, String> hashMap = new HashMap<>();
        hashMap.put("typ", "JWT");
        hashMap.put("alg", "RS256");
        hashMap.put("x5c", iKeyHandler.getDeviceCertX5c());
        HashMap<String, String> hashMap2 = new HashMap<>();
        hashMap2.put("refresh_token", str);
        hashMap2.put("client_id", "29d9ed98-a469-4536-ade2-f981bc1d605e");
        hashMap2.put("scope", PRT_SCOPE);
        hashMap2.put(AuthenticationConstants.OAuth2.GRANT_TYPE, "refresh_token");
        String generateJWT = this.mJWSBuilder.generateJWT(hashMap, hashMap2, SECONDS_EXPIRE);
        String str2 = generateJWT + "." + iKeyHandler.signWithDevice(generateJWT);
        Logger.d(TAG, "SignedMsgBase64:" + str2);
        return sendPrtRequest(JWT_BEARER_REQUEST + str2);
    }

    public String getResolveInterruptRefreshCredential(Account account, IKeyHandler iKeyHandler) throws BrokerClientException {
        Logger.v(TAG, "Generating the the refresh credential to resolve interrupt.");
        try {
            PRTResult prt = iKeyHandler.getPRT(account);
            if (TextUtils.isEmpty(prt.getPrimaryRefreshToken())) {
                return "";
            }
            HashMap<String, String> hashMap = new HashMap<>();
            hashMap.put("typ", "JWT");
            hashMap.put("alg", "HS256");
            hashMap.put("kid", "session");
            hashMap.put("ctx", new String(Base64.encode(iKeyHandler.getDerivedKey().getCtx(), 3), "UTF_8"));
            HashMap<String, String> hashMap2 = new HashMap<>();
            hashMap2.put("iat", new StringBuilder().append(System.currentTimeMillis() / SECONDS_MS).toString());
            hashMap2.put("scope", "openid aza");
            hashMap2.put("refresh_token", prt.getPrimaryRefreshToken());
            String generateJWT = this.mJWSBuilder.generateJWT(hashMap, hashMap2, SECONDS_EXPIRE);
            return generateJWT + "." + iKeyHandler.signWithDerivedKey(generateJWT);
        } catch (UnsupportedEncodingException e) {
            throw new BrokerClientException(UTF_8_IS_NOT_SUPPORTED, e);
        } catch (JSONException e2) {
            throw new BrokerClientException(JWT_GENERATION_IS_FAILED, e2);
        }
    }

    public String getResolveInterruptRequest(String str) {
        return String.format("%s?response_type=code&client_id=%s&resource=%s&scope=openid%20aza%s", getAuthorizationEndpoint(), this.mRequest.getClientId(), this.mRequest.getResource(), str);
    }

    public AuthenticationResult getTokenForCode(String str) throws Exception {
        if (StringExtensions.IsNullOrBlank(str)) {
            throw new IllegalArgumentException("authorizationUrl");
        }
        AuthenticationResult processUIResponseParams = Oauth2.processUIResponseParams(StringExtensions.getUrlParameters(str));
        return (processUIResponseParams == null || processUIResponseParams.getCode() == null || processUIResponseParams.getCode().isEmpty()) ? processUIResponseParams : this.mOauthClient.getTokenForCode(processUIResponseParams.getCode());
    }

    protected PRTResult refreshPRT(IKeyHandler iKeyHandler, String str) throws IOException, JSONException {
        return getPRTWithRefreshToken(iKeyHandler, str);
    }

    public void saveTokenIntoCache(ITokenCacheStore iTokenCacheStore, AuthenticationResult authenticationResult) {
        if (iTokenCacheStore == null || authenticationResult == null || TextUtils.isEmpty(authenticationResult.getAccessToken())) {
            return;
        }
        new TokenCacheAccessor(iTokenCacheStore, this.mRequest.getAuthority()).updateTokenCache(this.mRequest.getResource(), this.mRequest.getClientId(), authenticationResult);
    }

    public void setAdalClientVersion(String str) {
        this.mAdalClientVersion = str;
        this.mWebRequestHandler.setAdalClientVersion(str);
    }
}
