package com.microsoft.identity.common.java.cache;

import com.microsoft.identity.common.java.AuthenticationConstants;
import com.microsoft.identity.common.java.BaseAccount;
import com.microsoft.identity.common.java.dto.AccessTokenRecord;
import com.microsoft.identity.common.java.dto.AccountRecord;
import com.microsoft.identity.common.java.dto.Credential;
import com.microsoft.identity.common.java.dto.CredentialType;
import com.microsoft.identity.common.java.dto.IdTokenRecord;
import com.microsoft.identity.common.java.dto.RefreshTokenRecord;
import com.microsoft.identity.common.java.exception.ClientException;
import com.microsoft.identity.common.java.interfaces.IPlatformComponents;
import com.microsoft.identity.common.java.logging.Logger;
import com.microsoft.identity.common.java.providers.oauth2.AuthorizationRequest;
import com.microsoft.identity.common.java.providers.oauth2.OAuth2Strategy;
import com.microsoft.identity.common.java.providers.oauth2.OAuth2TokenCache;
import com.microsoft.identity.common.java.providers.oauth2.RefreshToken;
import com.microsoft.identity.common.java.providers.oauth2.TokenResponse;
import com.microsoft.identity.common.java.util.StringUtil;
import edu.umd.cs.findbugs.annotations.Nullable;
import java.util.Arrays;
import java.util.HashSet;
import java.util.List;
import java.util.Objects;
import java.util.Set;
import lombok.NonNull;

/* loaded from: classes8.dex */
public class MsalOAuth2TokenCache<GenericOAuth2Strategy extends OAuth2Strategy, GenericAuthorizationRequest extends AuthorizationRequest, GenericTokenResponse extends TokenResponse, GenericAccount extends BaseAccount, GenericRefreshToken extends RefreshToken> extends OAuth2TokenCache<GenericOAuth2Strategy, GenericAuthorizationRequest, GenericTokenResponse> implements IShareSingleSignOnState<GenericAccount, GenericRefreshToken> {

    /* renamed from: d, reason: collision with root package name */
    private static final String f61842d = "MsalOAuth2TokenCache";

    /* renamed from: e, reason: collision with root package name */
    private static final Object f61843e = new Object();

    /* renamed from: b, reason: collision with root package name */
    private IAccountCredentialCache f61844b;

    /* renamed from: c, reason: collision with root package name */
    private final IAccountCredentialAdapter<GenericOAuth2Strategy, GenericAuthorizationRequest, GenericTokenResponse, GenericAccount, GenericRefreshToken> f61845c;

    public MsalOAuth2TokenCache(IPlatformComponents iPlatformComponents, IAccountCredentialCache iAccountCredentialCache, IAccountCredentialAdapter<GenericOAuth2Strategy, GenericAuthorizationRequest, GenericTokenResponse, GenericAccount, GenericRefreshToken> iAccountCredentialAdapter) {
        super(iPlatformComponents);
        String str = f61842d;
        Logger.v(str, "Init: " + str);
        this.f61844b = iAccountCredentialCache;
        this.f61845c = iAccountCredentialAdapter;
    }

    private void d(AccessTokenRecord accessTokenRecord) {
        List<Credential> c10 = this.f61844b.c(accessTokenRecord.a(), accessTokenRecord.e(), CredentialType.fromString(accessTokenRecord.r()), accessTokenRecord.q(), accessTokenRecord.B(), accessTokenRecord.E(), accessTokenRecord.l(), null, accessTokenRecord.A(), accessTokenRecord.F(), this.f61844b.getCredentials());
        Logger.v(f61842d + ":deleteAccessTokensWithIntersectingScopes", "Inspecting " + c10.size() + " accessToken[s].");
        for (Credential credential : c10) {
            if (o(accessTokenRecord, (AccessTokenRecord) credential, true)) {
                Logger.n(f61842d + ":deleteAccessTokensWithIntersectingScopes", "Removing credential: " + credential);
                this.f61844b.a(credential);
            }
        }
    }

    private boolean f(@NonNull AccountRecord accountRecord) {
        Objects.requireNonNull(accountRecord, "account is marked non-null but is null");
        return i(accountRecord.getClass(), new String[][]{new String[]{"home_account_id", accountRecord.a()}, new String[]{"environment", accountRecord.e()}, new String[]{"local_account_id", accountRecord.b()}, new String[]{"username", accountRecord.j()}, new String[]{"authority_type", accountRecord.i()}});
    }

    private boolean g(@NonNull IdTokenRecord idTokenRecord) {
        Objects.requireNonNull(idTokenRecord, "idToken is marked non-null but is null");
        return i(idTokenRecord.getClass(), new String[][]{new String[]{"home_account_id", idTokenRecord.a()}, new String[]{"environment", idTokenRecord.e()}, new String[]{"credential_type", idTokenRecord.r()}, new String[]{"client_id", idTokenRecord.q()}, new String[]{"secret", idTokenRecord.s()}});
    }

    private boolean h(@NonNull RefreshTokenRecord refreshTokenRecord) {
        Objects.requireNonNull(refreshTokenRecord, "refreshToken is marked non-null but is null");
        return i(refreshTokenRecord.getClass(), new String[][]{new String[]{"credential_type", refreshTokenRecord.r()}, new String[]{"environment", refreshTokenRecord.e()}, new String[]{"home_account_id", refreshTokenRecord.a()}, new String[]{"client_id", refreshTokenRecord.q()}, new String[]{"secret", refreshTokenRecord.s()}});
    }

    private static boolean i(Class<?> cls, String[][] strArr) {
        boolean z10 = true;
        for (String[] strArr2 : strArr) {
            z10 = z10 && !StringUtil.i(strArr2[1]);
        }
        if (!z10) {
            Logger.z(f61842d + ":isSchemaCompliant", cls.getSimpleName() + " does not contain all required fields.");
            for (String[] strArr3 : strArr) {
                Logger.z(f61842d + ":isSchemaCompliant", strArr3[0] + " is null? [" + StringUtil.i(strArr3[1]) + "]");
            }
        }
        return z10;
    }

    private void j(@NonNull AccountRecord accountRecord, @NonNull RefreshTokenRecord refreshTokenRecord) {
        Objects.requireNonNull(accountRecord, "accountRecord is marked non-null but is null");
        Objects.requireNonNull(refreshTokenRecord, "deletionExemptRefreshToken is marked non-null but is null");
        boolean z10 = !StringUtil.i(refreshTokenRecord.z());
        StringBuilder sb2 = new StringBuilder();
        String str = f61842d;
        sb2.append(str);
        sb2.append(":removeAllRefreshTokensExcept");
        Logger.l(sb2.toString(), "isFamilyRefreshToken? [" + z10 + "]");
        boolean equals = "MSSTS".equals(accountRecord.i());
        Logger.l(str + ":removeAllRefreshTokensExcept", "isMultiResourceCapable? [" + equals + "]");
        if (z10 || equals) {
            int k10 = k(accountRecord.e(), z10 ? null : refreshTokenRecord.q(), CredentialType.RefreshToken, accountRecord, true, refreshTokenRecord);
            Logger.l(str + ":removeAllRefreshTokensExcept", "Refresh tokens removed: [" + k10 + "]");
            if (k10 > 1) {
                Logger.z(str + ":removeAllRefreshTokensExcept", "Multiple refresh tokens found for Account.");
            }
        }
    }

    private int k(@NonNull String str, @Nullable String str2, @NonNull CredentialType credentialType, @NonNull AccountRecord accountRecord, boolean z10, @NonNull Credential credential) {
        Objects.requireNonNull(str, "environment is marked non-null but is null");
        Objects.requireNonNull(credentialType, "credentialType is marked non-null but is null");
        Objects.requireNonNull(accountRecord, "targetAccount is marked non-null but is null");
        Objects.requireNonNull(credential, "deletionExemptRecord is marked non-null but is null");
        int i7 = 0;
        for (Credential credential2 : this.f61844b.d(accountRecord.a(), str, credentialType, str2, null, null, z10 ? null : accountRecord.l(), null, null)) {
            if (!credential.equals(credential2) && this.f61844b.a(credential2)) {
                i7++;
            }
        }
        return i7;
    }

    private void l(AccountRecord... accountRecordArr) {
        for (AccountRecord accountRecord : accountRecordArr) {
            this.f61844b.e(accountRecord);
        }
    }

    private Set<String> n(AccessTokenRecord accessTokenRecord) {
        HashSet hashSet = new HashSet();
        String G = accessTokenRecord.G();
        if (!StringUtil.i(G)) {
            hashSet.addAll(Arrays.asList(G.split("\\s+")));
        }
        return hashSet;
    }

    private boolean o(AccessTokenRecord accessTokenRecord, AccessTokenRecord accessTokenRecord2, boolean z10) {
        Set<String> n10 = n(accessTokenRecord);
        Set<String> n11 = n(accessTokenRecord2);
        if (z10) {
            Set<String> set = AuthenticationConstants.f61796d;
            n10.removeAll(set);
            n11.removeAll(set);
        }
        for (String str : n11) {
            if (n10.contains(str)) {
                StringBuilder sb2 = new StringBuilder();
                String str2 = f61842d;
                sb2.append(str2);
                sb2.append(":");
                sb2.append("scopesIntersect");
                Logger.l(sb2.toString(), "Scopes intersect.");
                Logger.n(str2 + ":scopesIntersect", n10.toString() + " contains [" + str + "]");
                return true;
            }
        }
        return false;
    }

    @Override // com.microsoft.identity.common.java.cache.IShareSingleSignOnState
    public void a(GenericAccount genericaccount, GenericRefreshToken genericrefreshtoken) throws ClientException {
        Logger.l(f61842d + ":setSingleSignOnState", "Set SSO state called.");
        AccountRecord b10 = this.f61845c.b(genericaccount);
        RefreshTokenRecord c10 = this.f61845c.c(genericrefreshtoken);
        IdTokenRecord a10 = this.f61845c.a(genericaccount, genericrefreshtoken);
        p(b10, null, c10, a10);
        l(b10);
        synchronized (f61843e) {
            m(a10, c10);
            j(b10, c10);
        }
    }

    public void c() {
        Logger.z(f61842d + ":clearAll", "Clearing cache.");
        this.f61844b.clearAll();
    }

    boolean e(@NonNull AccessTokenRecord accessTokenRecord) {
        Objects.requireNonNull(accessTokenRecord, "accessToken is marked non-null but is null");
        return i(accessTokenRecord.getClass(), new String[][]{new String[]{"credential_type", accessTokenRecord.r()}, new String[]{"home_account_id", accessTokenRecord.a()}, new String[]{"environment", accessTokenRecord.e()}, new String[]{"client_id", accessTokenRecord.q()}, new String[]{"target", accessTokenRecord.G()}, new String[]{"cached_at", accessTokenRecord.p()}, new String[]{"expires_on", accessTokenRecord.C()}, new String[]{"secret", accessTokenRecord.s()}});
    }

    void m(Credential... credentialArr) {
        for (Credential credential : credentialArr) {
            if (credential != null) {
                if (credential instanceof AccessTokenRecord) {
                    d((AccessTokenRecord) credential);
                }
                this.f61844b.b(credential);
            }
        }
    }

    void p(@NonNull AccountRecord accountRecord, AccessTokenRecord accessTokenRecord, @NonNull RefreshTokenRecord refreshTokenRecord, @NonNull IdTokenRecord idTokenRecord) throws ClientException {
        Objects.requireNonNull(accountRecord, "accountToSave is marked non-null but is null");
        Objects.requireNonNull(refreshTokenRecord, "refreshTokenToSave is marked non-null but is null");
        Objects.requireNonNull(idTokenRecord, "idTokenToSave is marked non-null but is null");
        Logger.v(f61842d + ":validateCacheArtifacts", "Validating cache artifacts...");
        boolean f8 = f(accountRecord);
        boolean z10 = accessTokenRecord == null || e(accessTokenRecord);
        boolean h10 = h(refreshTokenRecord);
        boolean g10 = g(idTokenRecord);
        if (!f8) {
            throw new ClientException("Account is missing schema-required fields.");
        }
        if (z10 && h10 && g10) {
            return;
        }
        String str = "[";
        if (!z10) {
            str = "[(AT)";
        }
        if (!h10) {
            str = str + "(RT)";
        }
        if (!g10) {
            str = str + "(ID)";
        }
        throw new ClientException("Credential is missing schema-required fields.", str + "]");
    }
}
