package com.microsoft.identity.common.internal.ui.webview;

import android.app.Activity;
import android.content.ActivityNotFoundException;
import android.content.ComponentName;
import android.content.Context;
import android.content.Intent;
import android.net.Uri;
import android.os.Handler;
import android.text.TextUtils;
import android.webkit.ClientCertRequest;
import android.webkit.WebResourceRequest;
import android.webkit.WebView;
import com.microsoft.identity.common.adal.internal.AuthenticationConstants;
import com.microsoft.identity.common.adal.internal.util.StringExtensions;
import com.microsoft.identity.common.exception.ClientException;
import com.microsoft.identity.common.exception.ErrorStrings;
import com.microsoft.identity.common.internal.broker.PackageHelper;
import com.microsoft.identity.common.internal.ui.webview.challengehandlers.ClientCertAuthChallengeHandler;
import com.microsoft.identity.common.internal.ui.webview.challengehandlers.IAuthorizationCompletionCallback;
import com.microsoft.identity.common.internal.ui.webview.challengehandlers.PKeyAuthChallengeFactory;
import com.microsoft.identity.common.internal.ui.webview.challengehandlers.PKeyAuthChallengeHandler;
import com.microsoft.identity.common.internal.util.StringUtil;
import com.microsoft.identity.common.logging.Logger;
import java.net.URISyntaxException;
import java.util.HashMap;
import java.util.Locale;

/* loaded from: classes4.dex */
public class AzureActiveDirectoryWebViewClient extends OAuth2WebViewClient {
    public static final String ERROR = "error";
    public static final String ERROR_DESCRIPTION = "error_description";
    public static final String ERROR_SUBCODE = "error_subcode";
    private static final String TAG = "AzureActiveDirectoryWebViewClient";
    private final String mRedirectUrl;

    public AzureActiveDirectoryWebViewClient(Activity activity, IAuthorizationCompletionCallback iAuthorizationCompletionCallback, OnPageLoadedCallback onPageLoadedCallback, OnPageCommitVisibleCallback onPageCommitVisibleCallback, String str) {
        super(activity, iAuthorizationCompletionCallback, onPageLoadedCallback, onPageCommitVisibleCallback);
        this.mRedirectUrl = str;
    }

    public AzureActiveDirectoryWebViewClient(Activity activity, IAuthorizationCompletionCallback iAuthorizationCompletionCallback, OnPageLoadedCallback onPageLoadedCallback, String str) {
        this(activity, iAuthorizationCompletionCallback, onPageLoadedCallback, null, str);
    }

    private boolean handleUrl(WebView webView, String str) {
        String lowerCase = str.toLowerCase(Locale.US);
        if (isPkeyAuthUrl(lowerCase)) {
            Logger.info(TAG, "WebView detected request for pkeyauth challenge.");
            try {
                new PKeyAuthChallengeHandler(webView, getCompletionCallback()).processChallenge(new PKeyAuthChallengeFactory().getPKeyAuthChallenge(str));
                return true;
            } catch (ClientException e) {
                String str2 = TAG;
                Logger.error(str2, e.getErrorCode(), null);
                Logger.errorPII(str2, e.getMessage(), e);
                returnError(e.getErrorCode(), e.getMessage());
                webView.stopLoading();
                return true;
            }
        }
        if (isRedirectUrl(lowerCase)) {
            Logger.info(TAG, "Navigation starts with the redirect uri.");
            processRedirectUrl(webView, str);
            return true;
        }
        if (isWebsiteRequestUrl(lowerCase)) {
            Logger.info(TAG, "It is an external website request");
            processWebsiteRequest(webView, str);
            return true;
        }
        if (isInstallRequestUrl(lowerCase)) {
            Logger.info(TAG, "It is an install request");
            processInstallRequest(webView, str);
            return true;
        }
        if (isWebCpUrl(lowerCase)) {
            Logger.info(TAG, "It is a request from WebCP");
            processWebCpRequest(webView, str);
            return true;
        }
        if (isPlayStoreUrl(lowerCase)) {
            Logger.info(TAG, "Request to open PlayStore.");
            return processPlayStoreURL(webView, str);
        }
        if (isAuthAppMFAUrl(lowerCase)) {
            Logger.info(TAG, "Request to link account with Authenticator.");
            processAuthAppMFAUrl(str);
            return true;
        }
        if (isInvalidRedirectUri(str)) {
            Logger.info(TAG, "Check for Redirect Uri.");
            processInvalidRedirectUri(webView, str);
            return true;
        }
        if (isBlankPageRequest(lowerCase)) {
            Logger.info(TAG, "It is an blank page request");
            return true;
        }
        if (isUriSSLProtected(lowerCase)) {
            Logger.info(TAG, "Check for SSL protection");
            processSSLProtectionCheck(webView, str);
            return true;
        }
        Logger.info(TAG, "This maybe a valid URI, but no special handling for this mentioned URI, hence deferring to WebView for loading.");
        processInvalidUrl(str);
        return false;
    }

    private boolean isAuthAppMFAUrl(String str) {
        return str.startsWith(AuthenticationConstants.Broker.AUTHENTICATOR_MFA_LINKING_PREFIX);
    }

    private boolean isBlankPageRequest(String str) {
        return "about:blank".equals(str);
    }

    private boolean isBrokerRequest(Intent intent) {
        return (intent == null || StringExtensions.isNullOrBlank(intent.getStringExtra(AuthenticationConstants.Broker.BROKER_REQUEST))) ? false : true;
    }

    private boolean isInstallRequestUrl(String str) {
        return str.startsWith(AuthenticationConstants.Broker.BROWSER_EXT_INSTALL_PREFIX);
    }

    private boolean isInvalidRedirectUri(String str) {
        return isBrokerRequest(getActivity().getIntent()) && str.startsWith(AuthenticationConstants.Broker.REDIRECT_PREFIX);
    }

    private boolean isPkeyAuthUrl(String str) {
        return str.startsWith(AuthenticationConstants.Broker.PKEYAUTH_REDIRECT.toLowerCase(Locale.ROOT));
    }

    private boolean isPlayStoreUrl(String str) {
        return str.startsWith(AuthenticationConstants.Broker.PLAY_STORE_INSTALL_PREFIX);
    }

    private boolean isRedirectUrl(String str) {
        return str.startsWith(this.mRedirectUrl.toLowerCase(Locale.US));
    }

    private boolean isUriSSLProtected(String str) {
        return !str.startsWith(AuthenticationConstants.Broker.REDIRECT_SSL_PREFIX);
    }

    private boolean isWebCpUrl(String str) {
        return str.startsWith(AuthenticationConstants.Broker.BROWSER_EXT_WEB_CP);
    }

    private boolean isWebsiteRequestUrl(String str) {
        return str.startsWith(AuthenticationConstants.Broker.BROWSER_EXT_PREFIX);
    }

    private void launchCompanyPortal() {
        Logger.verbose(TAG + "#launchCompanyPortal", "Sending intent to launch the CompanyPortal.");
        Intent intent = new Intent();
        intent.setComponent(new ComponentName(AuthenticationConstants.Broker.COMPANY_PORTAL_APP_PACKAGE_NAME, AuthenticationConstants.Broker.COMPANY_PORTAL_APP_LAUNCH_ACTIVITY_NAME));
        intent.addFlags(268468224);
        getActivity().startActivity(intent);
        getCompletionCallback().onChallengeResponseReceived(AuthenticationConstants.UIResponse.BROWSER_CODE_MDM, new Intent());
    }

    private void openLinkInBrowser(String str) {
        StringBuilder sb = new StringBuilder();
        String str2 = TAG;
        sb.append(str2);
        sb.append("#openLinkInBrowser");
        Logger.info(sb.toString(), "Try to open url link in browser");
        Intent intent = new Intent("android.intent.action.VIEW", Uri.parse(str.replace(AuthenticationConstants.Broker.BROWSER_EXT_PREFIX, AuthenticationConstants.Broker.REDIRECT_SSL_PREFIX)));
        if (intent.resolveActivity(getActivity().getPackageManager()) != null) {
            getActivity().startActivity(intent);
            return;
        }
        Logger.warn(str2 + "#openLinkInBrowser", "Unable to find an app to resolve the activity.");
    }

    private void processAuthAppMFAUrl(String str) {
        Logger.verbose(TAG + "#processAuthAppMFAUrl", "Linking Account in Broker for MFA.");
        try {
            Intent intent = new Intent("android.intent.action.VIEW", Uri.parse(str));
            intent.addFlags(268435456);
            getActivity().startActivity(intent);
        } catch (ActivityNotFoundException e) {
            Logger.error(TAG, "Failed to open the Authenticator application.", e);
        }
    }

    private void processInstallRequest(final WebView webView, String str) {
        Intent intent = new Intent();
        HashMap<String, String> urlParameters = StringExtensions.getUrlParameters(str);
        final String str2 = urlParameters.get(AuthenticationConstants.Broker.INSTALL_URL_KEY);
        String str3 = urlParameters.get("username");
        if (!TextUtils.isEmpty(str2)) {
            Logger.info(TAG, "Return to caller with BROKER_REQUEST_RESUME, and waiting for result.");
            getCompletionCallback().onChallengeResponseReceived(AuthenticationConstants.UIResponse.BROKER_REQUEST_RESUME, intent);
            new Handler().postDelayed(new Runnable() { // from class: com.microsoft.identity.common.internal.ui.webview.AzureActiveDirectoryWebViewClient.1
                @Override // java.lang.Runnable
                public void run() {
                    AzureActiveDirectoryWebViewClient.this.getActivity().startActivity(new Intent("android.intent.action.VIEW", Uri.parse(str2.replace(AuthenticationConstants.Broker.BROWSER_EXT_PREFIX, AuthenticationConstants.Broker.REDIRECT_SSL_PREFIX))));
                    webView.stopLoading();
                }
            }, 1000L);
        } else {
            Logger.info(TAG, "Install link is null or empty, Return to caller with BROWSER_CODE_DEVICE_REGISTER");
            intent.putExtra("username", str3);
            getCompletionCallback().onChallengeResponseReceived(AuthenticationConstants.UIResponse.BROWSER_CODE_DEVICE_REGISTER, intent);
            webView.stopLoading();
        }
    }

    private void processInvalidRedirectUri(WebView webView, String str) {
        StringBuilder sb = new StringBuilder();
        String str2 = TAG;
        sb.append(str2);
        sb.append("#processInvalidRedirectUri");
        Logger.error(sb.toString(), "The RedirectUri is not as expected.", null);
        Logger.errorPII(str2, String.format("Received %s and expected %s", str, this.mRedirectUrl), null);
        returnError(ErrorStrings.DEVELOPER_REDIRECTURI_INVALID, String.format("The RedirectUri is not as expected. Received %s and expected %s", str, this.mRedirectUrl));
        webView.stopLoading();
    }

    private void processInvalidUrl(String str) {
        Logger.infoPII(TAG, "We are declining to override loading and redirect to invalid URL: '" + removeQueryParametersOrRedact(str) + "' the user's url pattern is '" + this.mRedirectUrl + "'");
    }

    private boolean processPlayStoreURL(WebView webView, String str) {
        webView.stopLoading();
        if (!str.startsWith("market://details?id=com.microsoft.windowsintune.companyportal") && !str.startsWith("market://details?id=com.azure.authenticator")) {
            Logger.info(TAG + "#processPlayStoreURL", "The URI is either trying to open an unknown application or contains unknown query parameters");
            return false;
        }
        String str2 = AuthenticationConstants.Broker.COMPANY_PORTAL_APP_PACKAGE_NAME;
        if (!str.contains(AuthenticationConstants.Broker.COMPANY_PORTAL_APP_PACKAGE_NAME)) {
            str2 = AuthenticationConstants.Broker.AZURE_AUTHENTICATOR_APP_PACKAGE_NAME;
        }
        Logger.info(TAG + "#processPlayStoreURL", "Request to open PlayStore to install package : '" + str2 + "'");
        try {
            Intent intent = new Intent("android.intent.action.VIEW", Uri.parse(AuthenticationConstants.Broker.PLAY_STORE_INSTALL_PREFIX + str2));
            intent.addFlags(268468224);
            getActivity().startActivity(intent);
            return true;
        } catch (ActivityNotFoundException e) {
            Logger.error(TAG + "#processPlayStoreURL", "PlayStore is not present on the device", e);
            return true;
        }
    }

    private void processSSLProtectionCheck(WebView webView, String str) {
        String removeQueryParametersOrRedact = removeQueryParametersOrRedact(str);
        Logger.error(TAG, "The webView was redirected to an unsafe URL: " + removeQueryParametersOrRedact, null);
        returnError(ErrorStrings.WEBVIEW_REDIRECTURL_NOT_SSL_PROTECTED, "The webView was redirected to an unsafe URL.");
        webView.stopLoading();
    }

    private void processWebCpRequest(WebView webView, String str) {
        webView.stopLoading();
        if (str.equalsIgnoreCase(AuthenticationConstants.Broker.WEBCP_LAUNCH_COMPANY_PORTAL_URL)) {
            launchCompanyPortal();
            return;
        }
        returnError(ErrorStrings.WEBCP_URI_INVALID, "Unexpected URL from WebCP: " + str);
    }

    private void processWebsiteRequest(WebView webView, String str) {
        webView.stopLoading();
        if (!str.contains(AuthenticationConstants.Broker.BROWSER_DEVICE_CA_URL_QUERY_STRING_PARAMETER)) {
            openLinkInBrowser(str);
            getCompletionCallback().onChallengeResponseReceived(AuthenticationConstants.UIResponse.BROWSER_CODE_CANCEL, new Intent());
            return;
        }
        Logger.info(TAG + "#processWebsiteRequest", "This is a device CA request.");
        PackageHelper packageHelper = new PackageHelper(getActivity().getPackageManager());
        Context applicationContext = getActivity().getApplicationContext();
        if (packageHelper.isPackageInstalledAndEnabled(applicationContext, AuthenticationConstants.Broker.IPPHONE_APP_PACKAGE_NAME) && AuthenticationConstants.Broker.IPPHONE_APP_SIGNATURE.equals(packageHelper.getCurrentSignatureForPackage(AuthenticationConstants.Broker.IPPHONE_APP_PACKAGE_NAME)) && packageHelper.isPackageInstalledAndEnabled(applicationContext, AuthenticationConstants.Broker.COMPANY_PORTAL_APP_PACKAGE_NAME)) {
            try {
                launchCompanyPortal();
                return;
            } catch (Exception unused) {
                Logger.warn(TAG + "#processWebsiteRequest", "Failed to launch Company Portal, falling back to browser.");
            }
        }
        openLinkInBrowser(str);
        getCompletionCallback().onChallengeResponseReceived(AuthenticationConstants.UIResponse.BROWSER_CODE_MDM, new Intent());
    }

    private String removeQueryParametersOrRedact(String str) {
        try {
            return StringExtensions.removeQueryParameterFromUrl(str);
        } catch (URISyntaxException e) {
            Logger.errorPII(TAG, "Redirect URI has invalid syntax, unable to parse", e);
            return "redacted";
        }
    }

    private void returnError(String str, String str2) {
        Intent intent = new Intent();
        intent.putExtra(AuthenticationConstants.Browser.RESPONSE_ERROR_CODE, str);
        intent.putExtra(AuthenticationConstants.Browser.RESPONSE_ERROR_MESSAGE, str2);
        getCompletionCallback().onChallengeResponseReceived(AuthenticationConstants.UIResponse.BROWSER_CODE_ERROR, intent);
    }

    @Override // android.webkit.WebViewClient
    public void onReceivedClientCertRequest(WebView webView, ClientCertRequest clientCertRequest) {
        new ClientCertAuthChallengeHandler(getActivity()).processChallenge(clientCertRequest);
    }

    protected void processRedirectUrl(WebView webView, String str) {
        HashMap<String, String> urlParameters = StringExtensions.getUrlParameters(str);
        if (StringExtensions.isNullOrBlank(urlParameters.get("error"))) {
            Logger.info(TAG, "It is pointing to redirect. Final url can be processed to get the code or error.");
            Intent intent = new Intent();
            intent.putExtra(AuthenticationConstants.AuthorizationIntentKey.AUTHORIZATION_FINAL_URL, str);
            getCompletionCallback().onChallengeResponseReceived(AuthenticationConstants.UIResponse.BROWSER_CODE_COMPLETE, intent);
            webView.stopLoading();
            return;
        }
        Logger.info(TAG, "Sending intent to cancel authentication activity");
        Intent intent2 = new Intent();
        intent2.putExtra(AuthenticationConstants.Browser.RESPONSE_ERROR_CODE, urlParameters.get("error"));
        intent2.putExtra(AuthenticationConstants.Browser.RESPONSE_ERROR_SUBCODE, urlParameters.get("error_subcode"));
        if (StringUtil.isEmpty(urlParameters.get("error_description"))) {
            intent2.putExtra(AuthenticationConstants.Browser.RESPONSE_ERROR_MESSAGE, urlParameters.get("error_subcode"));
        } else {
            intent2.putExtra(AuthenticationConstants.Browser.RESPONSE_ERROR_MESSAGE, urlParameters.get("error_description"));
        }
        if (StringUtil.equalsIgnoreCase(urlParameters.get("error_subcode"), AuthenticationConstants.Browser.SUB_ERROR_UI_CANCEL)) {
            getCompletionCallback().onChallengeResponseReceived(AuthenticationConstants.UIResponse.BROWSER_CODE_CANCEL, intent2);
        } else {
            getCompletionCallback().onChallengeResponseReceived(AuthenticationConstants.UIResponse.BROWSER_CODE_ERROR, intent2);
        }
        webView.stopLoading();
    }

    @Override // android.webkit.WebViewClient
    public boolean shouldOverrideUrlLoading(WebView webView, WebResourceRequest webResourceRequest) {
        return handleUrl(webView, webResourceRequest.getUrl().toString());
    }

    @Override // android.webkit.WebViewClient
    public boolean shouldOverrideUrlLoading(WebView webView, String str) {
        if (StringUtil.isEmpty(str)) {
            throw new IllegalArgumentException("Redirect to empty url in web view.");
        }
        return handleUrl(webView, str);
    }
}
