package com.microsoft.identity.client;

import android.content.Context;
import com.google.gson.Gson;
import com.google.gson.GsonBuilder;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import org.apache.commons.math3.geometry.VectorFormat;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes79.dex */
public class TokenCache {
    private static final int DEFAULT_EXPIRATION_BUFFER = 300;
    private static final String TAG = TokenCache.class.getSimpleName();
    private Gson mGson = new GsonBuilder().registerTypeAdapter(AccessTokenCacheItem.class, new TokenCacheItemDeserializer()).registerTypeAdapter(RefreshTokenCacheItem.class, new TokenCacheItemDeserializer()).create();
    private final TokenCacheAccessor mTokenCacheAccessor;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes79.dex */
    public interface DeleteTokenAction {
        void deleteToken(BaseTokenCacheItem baseTokenCacheItem);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public TokenCache(Context context) {
        this.mTokenCacheAccessor = new TokenCacheAccessor(context);
    }

    private void deleteTokenByUser(User user, List<? extends BaseTokenCacheItem> list, RequestContext requestContext, DeleteTokenAction deleteTokenAction) {
        for (BaseTokenCacheItem baseTokenCacheItem : list) {
            if (tokenMatchesUser(user, baseTokenCacheItem)) {
                Logger.verbosePII(TAG, requestContext, "Remove tokens for user with displayable " + user.getDisplayableId() + "; User identifier: " + user.getUserIdentifier());
                deleteTokenAction.deleteToken(baseTokenCacheItem);
                return;
            }
        }
    }

    private List<AccessTokenCacheItem> getAccessTokens(AccessTokenCacheKey accessTokenCacheKey, RequestContext requestContext) {
        List<AccessTokenCacheItem> allAccessTokens = getAllAccessTokens(requestContext);
        ArrayList arrayList = new ArrayList();
        for (AccessTokenCacheItem accessTokenCacheItem : allAccessTokens) {
            if (accessTokenCacheKey.matches(accessTokenCacheItem) && accessTokenCacheItem.getScope().containsAll(accessTokenCacheKey.getScope())) {
                arrayList.add(accessTokenCacheItem);
            }
        }
        Logger.verbose(TAG, requestContext, "Retrieve access tokens for the given cache key.");
        Logger.verbosePII(TAG, requestContext, "Key used to retrieve access tokens is: " + accessTokenCacheKey);
        return arrayList;
    }

    private List<AccessTokenCacheItem> getAllAccessTokensForApp(String str, RequestContext requestContext) {
        List<AccessTokenCacheItem> allAccessTokens = getAllAccessTokens(requestContext);
        ArrayList arrayList = new ArrayList(allAccessTokens.size());
        for (AccessTokenCacheItem accessTokenCacheItem : allAccessTokens) {
            if (str.equalsIgnoreCase(accessTokenCacheItem.getClientId())) {
                arrayList.add(accessTokenCacheItem);
            }
        }
        return Collections.unmodifiableList(arrayList);
    }

    private List<RefreshTokenCacheItem> getAllRefreshTokenForApp(String str, RequestContext requestContext) {
        List<RefreshTokenCacheItem> allRefreshTokens = getAllRefreshTokens(requestContext);
        ArrayList arrayList = new ArrayList(allRefreshTokens.size());
        for (RefreshTokenCacheItem refreshTokenCacheItem : allRefreshTokens) {
            if (str.equalsIgnoreCase(refreshTokenCacheItem.getClientId())) {
                arrayList.add(refreshTokenCacheItem);
            }
        }
        Logger.verbose(TAG, requestContext, "Retrieve all the refresh tokens for given client id: " + str + "; Returned refresh token number is " + arrayList.size());
        return Collections.unmodifiableList(arrayList);
    }

    private List<RefreshTokenCacheItem> getRefreshTokens(RefreshTokenCacheKey refreshTokenCacheKey, RequestContext requestContext) {
        List<RefreshTokenCacheItem> allRefreshTokens = getAllRefreshTokens(requestContext);
        ArrayList arrayList = new ArrayList();
        for (RefreshTokenCacheItem refreshTokenCacheItem : allRefreshTokens) {
            if (refreshTokenCacheKey.matches(refreshTokenCacheItem)) {
                arrayList.add(refreshTokenCacheItem);
            }
        }
        Logger.verbose(TAG, requestContext, "Retrieve refresh tokens for the given cache key");
        Logger.verbosePII(TAG, requestContext, "Key used to retrieve refresh tokens is: " + refreshTokenCacheKey.toString());
        return arrayList;
    }

    private boolean tokenMatchesUser(User user, BaseTokenCacheItem baseTokenCacheItem) {
        return baseTokenCacheItem.getUserIdentifier().equals(user.getUserIdentifier());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void deleteAccessTokenByUser(User user, final RequestContext requestContext) {
        deleteTokenByUser(user, getAllAccessTokens(requestContext), requestContext, new DeleteTokenAction() { // from class: com.microsoft.identity.client.TokenCache.2
            @Override // com.microsoft.identity.client.TokenCache.DeleteTokenAction
            public void deleteToken(BaseTokenCacheItem baseTokenCacheItem) {
                TokenCache.this.mTokenCacheAccessor.deleteAccessToken(((AccessTokenCacheItem) baseTokenCacheItem).extractTokenCacheKey().toString(), requestContext);
            }
        });
    }

    void deleteRT(RefreshTokenCacheItem refreshTokenCacheItem, RequestContext requestContext) {
        Logger.info(TAG, requestContext, "Removing refresh tokens from the cache.");
        if (refreshTokenCacheItem == null) {
            Logger.warning(TAG, requestContext, "Null refresh token item is passed.");
        } else {
            Logger.verbosePII(TAG, requestContext, "Removing refresh token for user: " + refreshTokenCacheItem.getDisplayableId() + "; user identifier: " + refreshTokenCacheItem.getUserIdentifier());
            this.mTokenCacheAccessor.deleteRefreshToken(refreshTokenCacheItem.extractTokenCacheKey().toString(), requestContext);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void deleteRefreshTokenByUser(User user, final RequestContext requestContext) {
        deleteTokenByUser(user, getAllRefreshTokens(requestContext), requestContext, new DeleteTokenAction() { // from class: com.microsoft.identity.client.TokenCache.1
            @Override // com.microsoft.identity.client.TokenCache.DeleteTokenAction
            public void deleteToken(BaseTokenCacheItem baseTokenCacheItem) {
                TokenCache.this.mTokenCacheAccessor.deleteRefreshToken(((RefreshTokenCacheItem) baseTokenCacheItem).extractTokenCacheKey().toString(), requestContext);
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public AccessTokenCacheItem findAccessToken(AuthenticationRequestParameters authenticationRequestParameters, User user) {
        List<AccessTokenCacheItem> accessTokens = getAccessTokens(AccessTokenCacheKey.createTokenCacheKey(authenticationRequestParameters.getAuthority().getAuthority(), authenticationRequestParameters.getClientId(), authenticationRequestParameters.getScope(), user), authenticationRequestParameters.getRequestContext());
        if (accessTokens.isEmpty()) {
            Logger.info(TAG, authenticationRequestParameters.getRequestContext(), "No access is found for scopes: " + MsalUtils.convertSetToString(authenticationRequestParameters.getScope(), " "));
            if (user != null) {
                Logger.infoPII(TAG, authenticationRequestParameters.getRequestContext(), "User displayable: " + user.getDisplayableId() + " ;User unique identifier(Base64UrlEncoded(uid).Base64UrlEncoded(utid)): " + MsalUtils.getUniqueUserIdentifier(user.getUid(), user.getUtid()));
            }
            return null;
        }
        if (accessTokens.size() > 1) {
            Logger.verbose(TAG, authenticationRequestParameters.getRequestContext(), "Multiple access tokens are returned, cannot determine which one to return.");
            return null;
        }
        AccessTokenCacheItem accessTokenCacheItem = accessTokens.get(0);
        if (!accessTokenCacheItem.isExpired()) {
            return accessTokenCacheItem;
        }
        Logger.info(TAG, authenticationRequestParameters.getRequestContext(), "Access token is found but it's expired.");
        return null;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public AccessTokenCacheItem findAccessTokenItemAuthorityNotProvided(AuthenticationRequestParameters authenticationRequestParameters, User user) throws MsalClientException {
        String str;
        List<AccessTokenCacheItem> allAccessTokensForApp = getAllAccessTokensForApp(authenticationRequestParameters.getClientId(), authenticationRequestParameters.getRequestContext());
        ArrayList<AccessTokenCacheItem> arrayList = new ArrayList();
        for (AccessTokenCacheItem accessTokenCacheItem : allAccessTokensForApp) {
            if (user.getUserIdentifier().equals(accessTokenCacheItem.getUserIdentifier())) {
                arrayList.add(accessTokenCacheItem);
            }
        }
        if (arrayList.isEmpty()) {
            Logger.verbose(TAG, authenticationRequestParameters.getRequestContext(), "No tokens matching the user exist.");
            return null;
        }
        ArrayList arrayList2 = new ArrayList();
        for (AccessTokenCacheItem accessTokenCacheItem2 : arrayList) {
            if (accessTokenCacheItem2.getScope().containsAll(authenticationRequestParameters.getScope())) {
                arrayList2.add(accessTokenCacheItem2);
            }
        }
        if (arrayList2.size() > 1) {
            Logger.error(TAG, authenticationRequestParameters.getRequestContext(), "Authority is not provided for the silent request. Multiple matching tokens were detected.", null);
            throw new MsalClientException(MsalClientException.MULTIPLE_MATCHING_TOKENS_DETECTED, "Authority is not provided for the silent request. There are multiple matching tokens detected. ");
        }
        AccessTokenCacheItem accessTokenCacheItem3 = null;
        if (arrayList2.size() == 1) {
            accessTokenCacheItem3 = (AccessTokenCacheItem) arrayList2.get(0);
            str = accessTokenCacheItem3.getAuthority();
        } else {
            HashSet hashSet = new HashSet();
            Iterator it = arrayList.iterator();
            while (it.hasNext()) {
                hashSet.add(((AccessTokenCacheItem) it.next()).getAuthority());
            }
            if (hashSet.size() != 1) {
                Logger.error(TAG, authenticationRequestParameters.getRequestContext(), "Authority is not provided for the silent request. Mutiple authorities found.", null);
                StringBuilder sb = new StringBuilder();
                while (hashSet.iterator().hasNext()) {
                    sb.append((String) hashSet.iterator().next());
                    sb.append(VectorFormat.DEFAULT_SEPARATOR);
                }
                Logger.errorPII(TAG, authenticationRequestParameters.getRequestContext(), "The authorities found in the cache are: " + sb.toString(), null);
                throw new MsalClientException(MsalClientException.MULTIPLE_MATCHING_TOKENS_DETECTED, "Authority is not provided for the silent request. There are multiple matching tokens detected. ");
            }
            str = (String) hashSet.iterator().next();
        }
        Logger.verbosePII(TAG, authenticationRequestParameters.getRequestContext(), "Authority is not provided but found one matching access token item, authority is: " + str);
        authenticationRequestParameters.setAuthority(str, authenticationRequestParameters.getAuthority().mValidateAuthority);
        if (accessTokenCacheItem3 != null && !accessTokenCacheItem3.isExpired()) {
            return accessTokenCacheItem3;
        }
        Logger.verbose(TAG, authenticationRequestParameters.getRequestContext(), "Access token item found in the cache is already expired.");
        return null;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public RefreshTokenCacheItem findRefreshToken(AuthenticationRequestParameters authenticationRequestParameters, User user) throws MsalClientException {
        List<RefreshTokenCacheItem> refreshTokens = getRefreshTokens(RefreshTokenCacheKey.createTokenCacheKey(authenticationRequestParameters.getAuthority().getAuthorityHost(), authenticationRequestParameters.getClientId(), user), authenticationRequestParameters.getRequestContext());
        if (refreshTokens.size() == 0) {
            Logger.info(TAG, authenticationRequestParameters.getRequestContext(), "No RT was found for the given user.");
            Logger.infoPII(TAG, authenticationRequestParameters.getRequestContext(), "The given user info is: " + user.getDisplayableId() + "; userIdentifier: " + MsalUtils.getUniqueUserIdentifier(user.getUid(), user.getUtid()));
            return null;
        }
        if (refreshTokens.size() > 1) {
            throw new MsalClientException(MsalClientException.MULTIPLE_MATCHING_TOKENS_DETECTED, "Multiple tokens were detected.");
        }
        return refreshTokens.get(0);
    }

    List<AccessTokenCacheItem> getAllAccessTokens(RequestContext requestContext) {
        Collection<String> allAccessTokens = this.mTokenCacheAccessor.getAllAccessTokens(requestContext.getTelemetryRequestId());
        if (allAccessTokens == null) {
            Logger.verbose(TAG, requestContext, "No access tokens existed in the token cache.");
            return Collections.emptyList();
        }
        ArrayList arrayList = new ArrayList(allAccessTokens.size());
        Iterator<String> it = allAccessTokens.iterator();
        while (it.hasNext()) {
            arrayList.add((AccessTokenCacheItem) this.mGson.fromJson(it.next(), AccessTokenCacheItem.class));
        }
        return arrayList;
    }

    List<RefreshTokenCacheItem> getAllRefreshTokens(RequestContext requestContext) {
        Collection<String> allRefreshTokens = this.mTokenCacheAccessor.getAllRefreshTokens(requestContext.getTelemetryRequestId());
        if (allRefreshTokens == null) {
            Logger.verbose(TAG, requestContext, "No refresh tokens existed in the token cache.");
            return Collections.emptyList();
        }
        ArrayList arrayList = new ArrayList(allRefreshTokens.size());
        Iterator<String> it = allRefreshTokens.iterator();
        while (it.hasNext()) {
            arrayList.add((RefreshTokenCacheItem) this.mGson.fromJson(it.next(), RefreshTokenCacheItem.class));
        }
        return arrayList;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public List<User> getUsers(String str, String str2, RequestContext requestContext) throws MsalClientException {
        if (MsalUtils.isEmpty(str2)) {
            throw new IllegalArgumentException("empty or null clientId");
        }
        Logger.verbose(TAG, requestContext, "Retrieve users with the given client id: " + str2);
        List<RefreshTokenCacheItem> allRefreshTokenForApp = getAllRefreshTokenForApp(str2, requestContext);
        HashMap hashMap = new HashMap();
        for (RefreshTokenCacheItem refreshTokenCacheItem : allRefreshTokenForApp) {
            if (str.equalsIgnoreCase(refreshTokenCacheItem.getEnvironment())) {
                hashMap.put(refreshTokenCacheItem.getUserIdentifier(), refreshTokenCacheItem.getUser());
            }
        }
        return Collections.unmodifiableList(new ArrayList(hashMap.values()));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public AccessTokenCacheItem saveAccessToken(String str, String str2, TokenResponse tokenResponse, RequestContext requestContext) throws MsalClientException {
        Logger.info(TAG, null, "Starting to Save access token into cache. Access token will be saved with authority: " + str + "; Client Id: " + str2 + "; Scopes: " + tokenResponse.getScope());
        AccessTokenCacheItem accessTokenCacheItem = new AccessTokenCacheItem(str, str2, tokenResponse);
        AccessTokenCacheKey extractTokenCacheKey = accessTokenCacheItem.extractTokenCacheKey();
        for (AccessTokenCacheItem accessTokenCacheItem2 : getAllAccessTokensForApp(str2, requestContext)) {
            if (extractTokenCacheKey.matches(accessTokenCacheItem2) && MsalUtils.isScopeIntersects(accessTokenCacheItem.getScope(), accessTokenCacheItem2.getScope())) {
                this.mTokenCacheAccessor.deleteAccessToken(accessTokenCacheItem2.extractTokenCacheKey().toString(), requestContext);
            }
        }
        this.mTokenCacheAccessor.saveAccessToken(accessTokenCacheItem.extractTokenCacheKey().toString(), this.mGson.toJson(accessTokenCacheItem), requestContext);
        return accessTokenCacheItem;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void saveRefreshToken(String str, String str2, TokenResponse tokenResponse, RequestContext requestContext) throws MsalClientException {
        if (MsalUtils.isEmpty(tokenResponse.getRefreshToken())) {
            return;
        }
        Logger.info(TAG, requestContext, "Starting to save refresh token into cache. Refresh token will be saved with authority: " + str + "; Client Id: " + str2);
        RefreshTokenCacheItem refreshTokenCacheItem = new RefreshTokenCacheItem(str, str2, tokenResponse);
        this.mTokenCacheAccessor.saveRefreshToken(refreshTokenCacheItem.extractTokenCacheKey().toString(), this.mGson.toJson(refreshTokenCacheItem), requestContext);
    }
}
