package com.microsoft.identity.client;

import com.microsoft.identity.client.Authority;
import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.Set;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes.dex */
public class AadAuthority extends Authority {
    private static final String AAD_INSTANCE_DISCOVERY_ENDPOINT = "https://login.microsoftonline.com/common/discovery/instance";
    private static final String API_VERSION = "api-version";
    private static final String API_VERSION_VALUE = "1.0";
    private static final String AUTHORIZATION_ENDPOINT = "authorization_endpoint";
    static final String DEPRECATED_AAD_AUTHORITY_HOST = "login.windows.net";
    private static final String TAG = "AadAuthority";
    static final String AAD_AUTHORITY_HOST = "login.microsoftonline.com";
    static final String[] TRUSTED_HOSTS = {AAD_AUTHORITY_HOST, "login.chinacloudapi.cn", "login.microsoftonline.de", "login-us.microsoftonline.com"};
    static final Set<String> TRUSTED_HOST_SET = Collections.unmodifiableSet(new HashSet(Arrays.asList(TRUSTED_HOSTS)));

    /* JADX INFO: Access modifiers changed from: package-private */
    public AadAuthority(URL url, boolean z) {
        super(url, z);
        if (url.getHost().equalsIgnoreCase(DEPRECATED_AAD_AUTHORITY_HOST)) {
            try {
                this.mAuthorityUrl = new URL(String.format("https://%s%s", this.mAuthorityUrl.getAuthority().replace(DEPRECATED_AAD_AUTHORITY_HOST, AAD_AUTHORITY_HOST), this.mAuthorityUrl.getPath()));
            } catch (MalformedURLException e) {
                Logger.error(TAG, null, "Fail to replace login.windows.net to login.microsoftonline.com", e);
                throw new IllegalArgumentException("Malformed authority url");
            }
        }
        this.mAuthorityType = Authority.AuthorityType.AAD;
    }

    @Override // com.microsoft.identity.client.Authority
    void addToResolvedAuthorityCache(String str) {
        RESOLVED_AUTHORITY.put(this.mAuthorityUrl.toString(), this);
    }

    @Override // com.microsoft.identity.client.Authority
    boolean existsInResolvedAuthorityCache(String str) {
        return RESOLVED_AUTHORITY.containsKey(this.mAuthorityUrl.toString());
    }

    @Override // com.microsoft.identity.client.Authority
    String performInstanceDiscovery(RequestContext requestContext, String str) throws MsalServiceException, MsalClientException {
        Logger.info(TAG, requestContext, "Passed in authority " + this.mAuthorityUrl.toString() + " is AAD authority. Start doing Instance discovery.");
        if (!this.mValidateAuthority || TRUSTED_HOST_SET.contains(this.mAuthorityUrl.getAuthority())) {
            Logger.verbose(TAG, requestContext, "Authority validation is turned off or the passed-in authority is in the trust list, skipping instance discovery.");
            return getDefaultOpenIdConfigurationEndpoint();
        }
        Oauth2Client oauth2Client = new Oauth2Client(requestContext);
        oauth2Client.addQueryParameter(API_VERSION, "1.0");
        oauth2Client.addQueryParameter(AUTHORIZATION_ENDPOINT, this.mAuthorityUrl.toString() + "/oauth2/v2.0/authorize");
        oauth2Client.addHeader("client-request-id", requestContext.getCorrelationId().toString());
        try {
            InstanceDiscoveryResponse discoveryAADInstance = oauth2Client.discoveryAADInstance(new URL(AAD_INSTANCE_DISCOVERY_ENDPOINT));
            if (!MsalUtils.isEmpty(discoveryAADInstance.getError())) {
                throw new MsalServiceException(discoveryAADInstance.getError(), discoveryAADInstance.getErrorDescription(), discoveryAADInstance.getHttpStatusCode(), null);
            }
            this.mIsAuthorityValidated = true;
            Logger.info(TAG, requestContext, "Instance discovery succeeded. Tenant discovery endpoint is: " + discoveryAADInstance.getTenantDiscoveryEndpoint());
            return discoveryAADInstance.getTenantDiscoveryEndpoint();
        } catch (MalformedURLException e) {
            throw new MsalClientException(MsalClientException.MALFORMED_URL, "Malformed URL for instance discovery endpoint.", e);
        } catch (IOException e2) {
            throw new MsalClientException(MsalClientException.IO_ERROR, e2.getMessage(), e2);
        }
    }
}
