package com.microsoft.aad.adal;

import android.net.Uri;
import com.sun.xml.stream.writers.XMLStreamWriterImpl;
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URL;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Locale;
import java.util.Map;
import java.util.Set;
import java.util.UUID;
import microsoft.exchange.webservices.data.EWSConstants;
import microsoft.exchange.webservices.data.core.EwsUtilities;
import org.json.JSONException;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes2.dex */
public final class ca {

    /* renamed from: a, reason: collision with root package name */
    private static final Set<String> f1605a = Collections.synchronizedSet(new HashSet());
    private static final Map<String, Set<URI>> b = Collections.synchronizedMap(new HashMap());
    private UUID c;
    private final cx d;

    public ca() {
        b();
        this.d = new ek();
    }

    private URL a(String str, String str2) {
        Uri.Builder builder = new Uri.Builder();
        builder.scheme(EWSConstants.HTTPS_SCHEME).authority(str);
        builder.appendEncodedPath("common/discovery/instance").appendQueryParameter("api-version", XMLStreamWriterImpl.DEFAULT_XML_VERSION).appendQueryParameter("authorization_endpoint", str2);
        return new URL(builder.build().toString());
    }

    private Map<String, String> a(cn cnVar) {
        return cc.a(cnVar);
    }

    private void b() {
        if (f1605a.isEmpty()) {
            f1605a.add("login.windows.net");
            f1605a.add("login.microsoftonline.com");
            f1605a.add("login.chinacloudapi.cn");
            f1605a.add("login.microsoftonline.de");
            f1605a.add("login-us.microsoftonline.com");
            f1605a.add("login.microsoftonline.us");
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void b(URL url) {
        if (url == null || dw.a(url.getHost()) || !url.getProtocol().equals(EWSConstants.HTTPS_SCHEME) || !dw.a(url.getQuery()) || !dw.a(url.getRef()) || dw.a(url.getPath())) {
            throw new AuthenticationException(a.DEVELOPER_AUTHORITY_IS_NOT_VALID_INSTANCE);
        }
    }

    private static void b(URL url, String str) {
        try {
            URI uri = url.toURI();
            if (b.get(str) == null || !b.get(str).contains(uri)) {
                if (!b.a(uri, new ej().a(new ei(url, new bu().a(str))))) {
                    throw new AuthenticationException(a.DEVELOPER_AUTHORITY_IS_NOT_VALID_INSTANCE);
                }
                if (b.get(str) == null) {
                    b.put(str, new HashSet());
                }
                b.get(str).add(uri);
            }
        } catch (URISyntaxException e) {
            throw new AuthenticationException(a.DEVELOPER_AUTHORITY_IS_NOT_VALID_URL, "Authority URL/URI must be RFC 2396 compliant to use AD FS validation");
        }
    }

    private void c(URL url) {
        try {
            if (!d(a("login.windows.net", f(url)))) {
                throw new AuthenticationException(a.DEVELOPER_AUTHORITY_IS_NOT_VALID_INSTANCE);
            }
            e(url);
        } catch (IOException | JSONException e) {
            dg.b("Discovery", "Error when validating authority", "", a.DEVELOPER_AUTHORITY_IS_NOT_VALID_URL, e);
            throw new AuthenticationException(a.DEVELOPER_AUTHORITY_IS_NOT_VALID_INSTANCE, e.getMessage(), e);
        }
    }

    private boolean d(URL url) {
        dg.c("Discovery", "Sending discovery request to:" + url);
        HashMap hashMap = new HashMap();
        hashMap.put("Accept", io.fabric.sdk.android.services.b.a.ACCEPT_JSON_VALUE);
        if (this.c != null) {
            hashMap.put("client-request-id", this.c.toString());
            hashMap.put("return-client-request-id", EwsUtilities.XSTrue);
        }
        try {
            bs.INSTANCE.a(url, this.c, hashMap);
            cn a2 = this.d.a(url, hashMap);
            bs.INSTANCE.a((String) null);
            Map<String, String> a3 = a(a2);
            if (!a3.containsKey("error_codes")) {
                return a3.containsKey("tenant_discovery_endpoint");
            }
            String str = a3.get("error_codes");
            bs.INSTANCE.a(str);
            throw new AuthenticationException(a.DEVELOPER_AUTHORITY_IS_NOT_VALID_INSTANCE, "Fail to valid authority with errors: " + str);
        } finally {
            bs.INSTANCE.a("instance", this.c);
        }
    }

    private void e(URL url) {
        String host = url.getHost();
        if (dw.a(host)) {
            return;
        }
        f1605a.add(host.toLowerCase(Locale.US));
    }

    private String f(URL url) {
        return new Uri.Builder().scheme(EWSConstants.HTTPS_SCHEME).authority(url.getHost()).appendPath("/common/oauth2/authorize").build().toString();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Set<String> a() {
        return f1605a;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void a(URL url) {
        b(url);
        if (f1605a.contains(url.getHost().toLowerCase(Locale.US))) {
            return;
        }
        c(url);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void a(URL url, String str) {
        if (dw.a(str)) {
            throw new IllegalArgumentException("Cannot validate AD FS Authority with domain [null]");
        }
        b(url, str);
        a(url);
    }

    public void a(UUID uuid) {
        this.c = uuid;
    }
}
