package com.blackberry.auth.spnego;

import android.accounts.AbstractAccountAuthenticator;
import android.accounts.Account;
import android.accounts.AccountAuthenticatorResponse;
import android.accounts.AccountManager;
import android.app.NotificationChannel;
import android.app.NotificationManager;
import android.app.PendingIntent;
import android.content.Context;
import android.content.Intent;
import android.os.Bundle;
import android.support.v4.app.t;
import android.util.Log;
import com.blackberry.auth.spnego.GssApiClient;
import com.blackberry.auth.spnego.exceptions.AccountException;
import com.blackberry.auth.spnego.exceptions.CredentialsException;
import com.blackberry.auth.spnego.exceptions.ExpiredPasswordException;
import com.blackberry.auth.spnego.exceptions.InternalException;
import com.blackberry.auth.spnego.exceptions.InvalidPasswordException;
import com.blackberry.auth.spnego.exceptions.NetworkException;
import com.blackberry.auth.spnego.exceptions.UnknownErrorException;
import com.blackberry.auth.spnego.exceptions.UsernameException;
import e2.x;
import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.UnrecoverableEntryException;
import java.security.cert.CertificateException;
import java.util.HashMap;
import java.util.Map;
import z0.d;
import z0.g;

/* compiled from: Authenticator.java */
/* loaded from: classes.dex */
public class a extends AbstractAccountAuthenticator {

    /* renamed from: a, reason: collision with root package name */
    private Context f4895a;

    /* renamed from: b, reason: collision with root package name */
    private Map<String, GssApiClient> f4896b;

    /* renamed from: c, reason: collision with root package name */
    private AccountManager f4897c;

    public a(Context context) {
        super(context);
        this.f4896b = null;
        Log.d("SSOAuthenticator", "Authenticator started...");
        this.f4895a = context;
        this.f4896b = new HashMap();
        this.f4897c = AccountManager.get(context);
    }

    private boolean a(String str) {
        if (str == null) {
            return false;
        }
        String[] c10 = d.e(this.f4895a).c();
        if (str.compareToIgnoreCase("com.android.chrome") == 0) {
            return true;
        }
        for (String str2 : c10) {
            if (str.matches(str2)) {
                return true;
            }
        }
        return false;
    }

    private Bundle b(Account account, int i10, String str) {
        Bundle bundle = new Bundle();
        Log.d("SSOAuthenticator", "createErrorResult Code = " + Integer.toString(i10) + ", msg = " + str);
        bundle.putString("authAccount", account.name);
        bundle.putString("accountType", account.type);
        int i11 = 1;
        bundle.putBoolean("complete", true);
        switch (i10) {
            case 1:
                i11 = 6;
                break;
            case 2:
            case 3:
            case 5:
                i11 = 3;
                break;
            case 4:
                break;
            case 6:
                i11 = 7;
                break;
            default:
                i11 = 8;
                break;
        }
        bundle.putInt("spnegoResult", i11);
        return bundle;
    }

    private static void c(Context context, NotificationManager notificationManager, String str) {
        if (notificationManager.getNotificationChannel(str) == null) {
            String string = context.getString(g.f26888i);
            String string2 = context.getString(g.f26886g);
            NotificationChannel notificationChannel = new NotificationChannel(str, string, 4);
            notificationChannel.setDescription(string2);
            notificationManager.createNotificationChannel(notificationChannel);
        }
    }

    private Bundle d(Account account, String str, String str2) {
        GssApiClient gssApiClient;
        String str3 = account.name + "$" + str;
        Log.i("SSOAuthenticator", " mClientMap Size = " + Integer.toString(this.f4896b.size()));
        if (str2 != null) {
            Log.i("SSOAuthenticator", "Retrieving existing context...");
            gssApiClient = this.f4896b.get(str3);
            if (gssApiClient == null) {
                Log.e("SSOAuthenticator", "Existing context not found");
                return b(account, 3, "Existing context not found");
            }
        } else {
            Log.d("SSOAuthenticator", "Challenge: null");
            try {
                Log.i("SSOAuthenticator", "Creating context...");
                GssApiClient gssApiClient2 = new GssApiClient(account.name, str);
                GssApiClient put = this.f4896b.put(str3, gssApiClient2);
                if (put != null) {
                    Log.i("SSOAuthenticator", "Cleanup old client");
                    put.a();
                }
                gssApiClient = gssApiClient2;
            } catch (InternalException e10) {
                Log.e("SSOAuthenticator", "Failed to create context - " + e10.getMessage());
                return b(account, 5, "Failed to create context");
            } catch (IllegalArgumentException e11) {
                Log.e("SSOAuthenticator", "Invalid service name - " + e11.getMessage());
                return b(account, 1, "Invalid service name");
            }
        }
        try {
            Log.i("SSOAuthenticator", "Authenticating...");
            GssApiClient.Result authenticate = gssApiClient.authenticate(str2);
            Log.d("SSOAuthenticator", "Complete: " + authenticate.f4891a);
            Bundle bundle = new Bundle();
            if (!authenticate.f4891a) {
                Bundle bundle2 = new Bundle();
                bundle2.putParcelable("context", gssApiClient);
                bundle.putBundle("spnegoContext", bundle2);
            }
            bundle.putString("authAccount", account.name);
            bundle.putString("accountType", account.type);
            bundle.putString("authtoken", authenticate.f4892b);
            bundle.putInt("spnegoResult", 0);
            bundle.putBoolean("complete", authenticate.f4891a);
            return bundle;
        } catch (InternalException e12) {
            Log.e("SSOAuthenticator", "Failed to authenticate - " + e12.getMessage());
            return b(account, 5, "Failed to authenticate");
        } catch (IllegalArgumentException e13) {
            Log.e("SSOAuthenticator", "Invalid challenge - " + e13.getMessage());
            return b(account, 2, "Invalid challenge");
        }
    }

    public static void e(Context context, Intent intent, String str, String str2) {
        PendingIntent activity = PendingIntent.getActivity(context, 0, intent, x.a(134217728));
        if (str == null) {
            str = "";
        }
        if (str2 == null) {
            str2 = "";
        }
        String string = context.getString(g.f26887h);
        NotificationManager notificationManager = (NotificationManager) context.getSystemService("notification");
        c(context, notificationManager, string);
        notificationManager.notify(42, new t.c(context, string).j(str).i(str2).u(context.getResources().getIdentifier("sso_ic_launcher_mono", "drawable", context.getPackageName())).h(activity).t(1).k(-1).g(false).c());
    }

    private boolean f(String str) {
        if (str == null) {
            return true;
        }
        return str.startsWith("SPNEGO:HOSTBASED:");
    }

    @Override // android.accounts.AbstractAccountAuthenticator
    public Bundle addAccount(AccountAuthenticatorResponse accountAuthenticatorResponse, String str, String str2, String[] strArr, Bundle bundle) {
        Bundle bundle2 = new Bundle();
        Log.i("SSOAuthenticator", "accountType = " + str);
        Log.i("SSOAuthenticator", "authTokenType =" + str2);
        if (!f(str2)) {
            throw new AccountException("Invalid Auth Token Type");
        }
        bundle2.putParcelable("intent", AccountSetupActivity.g(this.f4895a, accountAuthenticatorResponse, str, str2, strArr, bundle));
        return bundle2;
    }

    @Override // android.accounts.AbstractAccountAuthenticator
    public Bundle confirmCredentials(AccountAuthenticatorResponse accountAuthenticatorResponse, Account account, Bundle bundle) {
        return null;
    }

    @Override // android.accounts.AbstractAccountAuthenticator
    public Bundle editProperties(AccountAuthenticatorResponse accountAuthenticatorResponse, String str) {
        throw new UnsupportedOperationException();
    }

    @Override // android.accounts.AbstractAccountAuthenticator
    public Bundle getAccountRemovalAllowed(AccountAuthenticatorResponse accountAuthenticatorResponse, Account account) {
        try {
            KerberosUtil.e(account.name);
        } catch (InternalException e10) {
            Log.e("SSOAuthenticator", "Failed to delete credentials - " + e10.getMessage());
        } catch (IOException e11) {
            e = e11;
            e.printStackTrace();
        } catch (IllegalArgumentException e12) {
            Log.e("SSOAuthenticator", "IllegalArgumentException - " + e12.getMessage());
        } catch (InvalidAlgorithmParameterException e13) {
            e = e13;
            e.printStackTrace();
        } catch (KeyStoreException e14) {
            e = e14;
            e.printStackTrace();
        } catch (NoSuchAlgorithmException e15) {
            e = e15;
            e.printStackTrace();
        } catch (NoSuchProviderException e16) {
            e = e16;
            e.printStackTrace();
        } catch (UnrecoverableEntryException e17) {
            e = e17;
            e.printStackTrace();
        } catch (CertificateException e18) {
            e = e18;
            e.printStackTrace();
        }
        Bundle bundle = new Bundle();
        bundle.putBoolean("booleanResult", true);
        return bundle;
    }

    @Override // android.accounts.AbstractAccountAuthenticator
    public Bundle getAuthToken(AccountAuthenticatorResponse accountAuthenticatorResponse, Account account, String str, Bundle bundle) {
        for (String str2 : bundle.keySet()) {
            Log.i("SSOAuthenticator", str2 + " is a key in the bundle ");
            Log.i("SSOAuthenticator", bundle.get(str2).toString());
        }
        String nameForUid = this.f4895a.getPackageManager().getNameForUid(bundle.getInt("callerUid"));
        Log.i("SSOAuthenticator", "Caller Name: " + nameForUid);
        Log.d("SSOAuthenticator", "Token type: " + str);
        if (!f(str)) {
            Log.e("SSOAuthenticator", "Invalid prefix for token type");
            return b(account, 1, "Invalid prefix");
        }
        if (!z0.a.h(this.f4895a)) {
            return b(account, 5, "Spnego Not Licensed.");
        }
        if (!KerberosUtil.c()) {
            return b(account, 5, "Kerberos Not Configured.");
        }
        if (!a(nameForUid)) {
            Log.i("SSOAuthenticator", "Caller: " + nameForUid + " does not have permission to access SSO.");
            return b(account, 5, "Permission denied.");
        }
        String substring = str.substring(17);
        Log.d("SSOAuthenticator", "Service: " + substring);
        String string = bundle.getString("authtoken", null);
        if (string == null && bundle.containsKey("spnegoContext")) {
            string = bundle.getString("incomingAuthToken");
        }
        try {
            return d(account, substring, string);
        } catch (CredentialsException e10) {
            e10.printStackTrace();
            try {
                String password = this.f4897c.getPassword(account);
                if (password != null && !password.isEmpty()) {
                    KerberosUtil.f(this.f4895a, account.name, this.f4897c.getPassword(account));
                    try {
                        return d(account, substring, string);
                    } catch (CredentialsException unused) {
                        Log.e("SSOAuthenticator", "Failed to renew credentials - " + e10.getMessage());
                        return b(account, 5, "Failed to renew credentials");
                    }
                }
                Bundle bundle2 = new Bundle();
                Log.d("SSOAuthenticator", "getAuthToken(): Asking for credentials confirmation");
                Intent j10 = AccountPasswordPromptActivity.j(this.f4895a, account.name, accountAuthenticatorResponse);
                j10.putExtra("url", substring.split("@")[1]);
                if (nameForUid.compareTo("com.android.chrome") != 0) {
                    Log.d("SSOAuthenticator", "Adding error code to results.");
                    bundle2.putString("authAccount", account.name);
                    bundle2.putString("accountType", account.type);
                    bundle2.putBoolean("complete", true);
                    bundle2.putInt("spnegoResult", 5);
                    Context context = this.f4895a;
                    e(context, j10, context.getString(g.f26900u), this.f4895a.getString(g.f26899t));
                } else {
                    bundle2.putParcelable("intent", j10);
                    bundle2.putBoolean("complete", true);
                }
                return bundle2;
            } catch (ExpiredPasswordException unused2) {
                Log.e("SSOAuthenticator", "Expired password - " + e10.getMessage());
                return b(account, 5, "Expired password");
            } catch (InternalException unused3) {
                Log.e("SSOAuthenticator", "Failed to renew credentials - " + e10.getMessage());
                return b(account, 5, "Failed to renew credentials");
            } catch (InvalidPasswordException unused4) {
                Log.e("SSOAuthenticator", "Invalid password - " + e10.getMessage());
                return b(account, 5, "Invalid password");
            } catch (NetworkException unused5) {
                Log.e("SSOAuthenticator", "Failed to connect to KDC - " + e10.getMessage());
                return b(account, 4, "Failed to connect to KDC");
            } catch (UnknownErrorException unused6) {
                Log.e("SSOAuthenticator", "Unknown error - " + e10.getMessage());
                return b(account, 5, "Unknown error");
            } catch (UsernameException unused7) {
                Log.e("SSOAuthenticator", "Invalid username or realm - " + e10.getMessage());
                return b(account, 6, "Invalid username or realm");
            } catch (IllegalArgumentException unused8) {
                Log.e("SSOAuthenticator", "Invalid cached credentials - " + e10.getMessage());
                return b(account, 5, "Invalid credentials");
            }
        }
    }

    @Override // android.accounts.AbstractAccountAuthenticator
    public String getAuthTokenLabel(String str) {
        throw new UnsupportedOperationException();
    }

    @Override // android.accounts.AbstractAccountAuthenticator
    public Bundle hasFeatures(AccountAuthenticatorResponse accountAuthenticatorResponse, Account account, String[] strArr) {
        boolean z10 = false;
        if (strArr.length == 0 || (strArr.length == 1 && strArr[0].equals("SPNEGO"))) {
            z10 = true;
        }
        Bundle bundle = new Bundle();
        bundle.putBoolean("booleanResult", z10);
        return bundle;
    }

    @Override // android.accounts.AbstractAccountAuthenticator
    public Bundle updateCredentials(AccountAuthenticatorResponse accountAuthenticatorResponse, Account account, String str, Bundle bundle) {
        throw new UnsupportedOperationException();
    }
}
