package com.microsoft.identity.client.internal.api;

import admost.sdk.d;
import android.content.Context;
import androidx.annotation.NonNull;
import androidx.annotation.Nullable;
import com.microsoft.identity.client.exception.MsalClientException;
import com.microsoft.identity.common.AndroidPlatformComponents;
import com.microsoft.identity.common.internal.broker.BrokerValidator;
import com.microsoft.identity.common.java.AuthenticationConstants;
import com.microsoft.identity.common.java.authscheme.BearerAuthenticationSchemeInternal;
import com.microsoft.identity.common.java.cache.ICacheRecord;
import com.microsoft.identity.common.java.cache.MsalOAuth2TokenCache;
import com.microsoft.identity.common.java.dto.AccountRecord;
import com.microsoft.identity.common.java.exception.ClientException;
import com.microsoft.identity.common.java.providers.microsoft.MicrosoftAccount;
import com.microsoft.identity.common.java.providers.microsoft.MicrosoftRefreshToken;
import com.microsoft.identity.common.java.providers.microsoft.microsoftsts.MicrosoftStsAuthorizationRequest;
import com.microsoft.identity.common.java.providers.microsoft.microsoftsts.MicrosoftStsOAuth2Strategy;
import com.microsoft.identity.common.java.providers.microsoft.microsoftsts.MicrosoftStsTokenResponse;
import com.microsoft.identity.common.logging.Logger;

/* loaded from: classes6.dex */
public final class BrokerClientIdRefreshTokenAccessor {
    private static final String TAG = "BrokerClientIdRefreshTokenAccessor";

    @Nullable
    public static String get(@NonNull Context context, @NonNull String str) throws MsalClientException {
        String f10 = d.f(new StringBuilder(), TAG, ":get");
        throwIfNotValidBroker(context);
        MsalOAuth2TokenCache<MicrosoftStsOAuth2Strategy, MicrosoftStsAuthorizationRequest, MicrosoftStsTokenResponse, MicrosoftAccount, MicrosoftRefreshToken> create = MsalOAuth2TokenCache.create(AndroidPlatformComponents.createFromContext(context));
        ICacheRecord cacheRecordForIdentifier = getCacheRecordForIdentifier(create, str);
        if (cacheRecordForIdentifier == null) {
            Logger.verbose(f10, "No cache record found.");
            return null;
        }
        create.removeCredential(cacheRecordForIdentifier.getRefreshToken());
        create.removeCredential(cacheRecordForIdentifier.getAccessToken());
        if (cacheRecordForIdentifier.getRefreshToken() != null) {
            return cacheRecordForIdentifier.getRefreshToken().getSecret();
        }
        Logger.verbose(f10, "Refresh token record is empty.");
        return null;
    }

    private static ICacheRecord getCacheRecordForIdentifier(@NonNull MsalOAuth2TokenCache msalOAuth2TokenCache, @NonNull String str) throws MsalClientException {
        AccountRecord accountByLocalAccountId = msalOAuth2TokenCache.getAccountByLocalAccountId(null, AuthenticationConstants.Broker.BROKER_CLIENT_ID, str);
        if (accountByLocalAccountId != null) {
            return msalOAuth2TokenCache.load(AuthenticationConstants.Broker.BROKER_CLIENT_ID, null, accountByLocalAccountId, new BearerAuthenticationSchemeInternal());
        }
        throw new MsalClientException(ClientException.TOKEN_CACHE_ITEM_NOT_FOUND);
    }

    private static void throwIfNotValidBroker(Context context) throws MsalClientException {
        if (!new BrokerValidator(context).isValidBrokerPackage(context.getPackageName())) {
            throw new MsalClientException(MsalClientException.NOT_ELIGIBLE_TO_USE_BROKER, "This can only be invoked by Broker apps.");
        }
    }
}
