package com.microsoft.identity.broker4j.broker.prt.prtv3;

import com.microsoft.identity.broker4j.broker.BrokerUtil;
import com.microsoft.identity.broker4j.broker.MicrosoftStsNonceUtil;
import com.microsoft.identity.broker4j.broker.platform.components.IBrokerPlatformComponents;
import com.microsoft.identity.broker4j.broker.prt.AbstractPrtAuthorizationStrategy;
import com.microsoft.identity.broker4j.broker.prt.PRT;
import com.microsoft.identity.broker4j.broker.prt.PrtConstants;
import com.microsoft.identity.broker4j.broker.prt.PrtProtocolVersion;
import com.microsoft.identity.broker4j.opentelemetry.AttributeName;
import com.microsoft.identity.broker4j.workplacejoin.data.WorkplaceJoinData;
import com.microsoft.identity.common.java.authorities.Authority;
import com.microsoft.identity.common.java.authorities.AzureActiveDirectoryAuthority;
import com.microsoft.identity.common.java.authscheme.BearerAuthenticationSchemeInternal;
import com.microsoft.identity.common.java.commands.parameters.BrokerInteractiveTokenCommandParameters;
import com.microsoft.identity.common.java.exception.ClientException;
import com.microsoft.identity.common.java.logging.Logger;
import com.microsoft.identity.common.java.opentelemetry.SpanExtension;
import com.microsoft.identity.common.java.providers.microsoft.azureactivedirectory.AzureActiveDirectory;
import com.microsoft.identity.common.java.providers.microsoft.microsoftsts.MicrosoftStsAuthorizationRequest;
import com.microsoft.identity.common.java.providers.microsoft.microsoftsts.MicrosoftStsOAuth2Strategy;
import com.microsoft.identity.common.java.providers.oauth2.OAuth2StrategyParameters;
import com.microsoft.identity.common.java.providers.oauth2.OpenIdConnectPromptParameter;
import com.microsoft.identity.common.java.util.StringUtil;
import edu.umd.cs.findbugs.annotations.Nullable;
import io.opentelemetry.api.trace.Span;
import java.util.ArrayList;
import lombok.NonNull;

/* loaded from: classes2.dex */
public class PrtV3AuthorizationStrategy extends AbstractPrtAuthorizationStrategy {
    private static final String TAG = "PrtV3AuthorizationStrategy";
    private final PRT mPrt;

    public PrtV3AuthorizationStrategy(@NonNull IBrokerPlatformComponents iBrokerPlatformComponents, @Nullable PRT prt) {
        super(iBrokerPlatformComponents, PrtProtocolVersion.V3_0);
        if (iBrokerPlatformComponents == null) {
            throw new NullPointerException("platformComponents is marked non-null but is null");
        }
        this.mPrt = prt;
    }

    private AzureActiveDirectoryAuthority getAuthorityToAcquirePrt(@NonNull Authority authority, boolean z) throws ClientException {
        if (authority == null) {
            throw new NullPointerException("requestAuthority is marked non-null but is null");
        }
        if (!(authority instanceof AzureActiveDirectoryAuthority)) {
            throw new ClientException("unknown_authority", "Authority not supported.");
        }
        AzureActiveDirectoryAuthority azureActiveDirectoryAuthority = (AzureActiveDirectoryAuthority) authority;
        if (!z && azureActiveDirectoryAuthority.getAudience().getCloudUrl().equalsIgnoreCase(AzureActiveDirectory.getDefaultCloudUrl()) && ("organizations".equalsIgnoreCase(azureActiveDirectoryAuthority.getAudience().getTenantId()) || "common".equalsIgnoreCase(azureActiveDirectoryAuthority.getAudience().getTenantId()))) {
            azureActiveDirectoryAuthority.setMultipleCloudsSupported(true);
        }
        return azureActiveDirectoryAuthority;
    }

    private String getPrompt(@NonNull BrokerInteractiveTokenCommandParameters brokerInteractiveTokenCommandParameters) {
        if (brokerInteractiveTokenCommandParameters == null) {
            throw new NullPointerException("requestParameters is marked non-null but is null");
        }
        if ((StringUtil.isNullOrEmpty(brokerInteractiveTokenCommandParameters.getLoginHint()) || brokerInteractiveTokenCommandParameters.getPrompt() != OpenIdConnectPromptParameter.SELECT_ACCOUNT) && brokerInteractiveTokenCommandParameters.getPrompt() != null) {
            return brokerInteractiveTokenCommandParameters.getPrompt().toString();
        }
        return null;
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // com.microsoft.identity.broker4j.broker.prt.AbstractPrtAuthorizationStrategy
    public MicrosoftStsAuthorizationRequest.Builder createAuthorizationRequestInternal(@NonNull BrokerInteractiveTokenCommandParameters brokerInteractiveTokenCommandParameters) throws ClientException {
        if (brokerInteractiveTokenCommandParameters == null) {
            throw new NullPointerException("requestParameters is marked non-null but is null");
        }
        OAuth2StrategyParameters build = OAuth2StrategyParameters.builder().platformComponents(this.mBrokerPlatformComponents).authenticationScheme(new BearerAuthenticationSchemeInternal()).build();
        AzureActiveDirectoryAuthority authorityToAcquirePrt = getAuthorityToAcquirePrt(brokerInteractiveTokenCommandParameters.getAuthority(), brokerInteractiveTokenCommandParameters.isAccountTransferRequest());
        this.mOAuth2Strategy = (MicrosoftStsOAuth2Strategy) authorityToAcquirePrt.createOAuth2Strategy(build);
        String brokerRedirectUri = this.mBrokerPlatformComponents.getBrokerMetadata().getBrokerRedirectUri();
        MicrosoftStsAuthorizationRequest.Builder createAuthorizationRequestBuilder = this.mOAuth2Strategy.createAuthorizationRequestBuilder(brokerInteractiveTokenCommandParameters.getAccount());
        ((MicrosoftStsAuthorizationRequest.Builder) ((MicrosoftStsAuthorizationRequest.Builder) ((MicrosoftStsAuthorizationRequest.Builder) createAuthorizationRequestBuilder.setClientId("29d9ed98-a469-4536-ade2-f981bc1d605e")).setRedirectUri(brokerRedirectUri)).setAuthority(authorityToAcquirePrt.getAuthorityURL()).setMultipleCloudAware(authorityToAcquirePrt.isMultipleCloudsSupported()).setScope(PrtConstants.PRT_UPDATE_SCOPES)).setTokenScope(PrtConstants.PRT_UPDATE_SCOPES).setPrompt(getPrompt(brokerInteractiveTokenCommandParameters));
        if (brokerInteractiveTokenCommandParameters.getExtraScopesToConsent() != null) {
            createAuthorizationRequestBuilder.setScope("aza openid email profile offline_access urn:aad:tb:update:prt/.default " + StringUtil.join(" ", brokerInteractiveTokenCommandParameters.getExtraScopesToConsent()));
        }
        ArrayList arrayList = new ArrayList();
        if (brokerInteractiveTokenCommandParameters.getExtraQueryStringParameters() != null) {
            arrayList.addAll(brokerInteractiveTokenCommandParameters.getExtraQueryStringParameters());
        }
        createAuthorizationRequestBuilder.setExtraQueryParams(arrayList);
        return createAuthorizationRequestBuilder;
    }

    @Override // com.microsoft.identity.broker4j.broker.prt.AbstractPrtAuthorizationStrategy
    public String getRefreshTokenCredential(@NonNull BrokerInteractiveTokenCommandParameters brokerInteractiveTokenCommandParameters, @Nullable WorkplaceJoinData workplaceJoinData) throws ClientException {
        if (brokerInteractiveTokenCommandParameters == null) {
            throw new NullPointerException("requestParameters is marked non-null but is null");
        }
        String str = TAG + ":getRefreshTokenCredential";
        Span current = SpanExtension.current();
        if (this.mPrt != null) {
            try {
                Logger.info(str, "Getting Refresh token Credential.");
                String refreshTokenCredentialWithBrokerPurposeClaim = this.mPrt.getRefreshTokenCredentialWithBrokerPurposeClaim(this.mBrokerPlatformComponents, MicrosoftStsNonceUtil.getNonce(this.mPrt.getHomeAuthority(), brokerInteractiveTokenCommandParameters.getCorrelationId(), BrokerUtil.shouldUseMultiSrvChallengeGrantTypeInNonceForMsa(this.mBrokerPlatformComponents, brokerInteractiveTokenCommandParameters.getAuthority(), brokerInteractiveTokenCommandParameters.getBrokerAccount())), workplaceJoinData);
                current.setAttribute(AttributeName.is_passing_prt_to_authorization.name(), true);
                return refreshTokenCredentialWithBrokerPurposeClaim;
            } catch (Throwable th) {
                Logger.warn(str, "Failed to attach PRT header. " + th.getMessage());
            }
        }
        current.setAttribute(AttributeName.is_passing_prt_to_authorization.name(), false);
        return null;
    }
}
