package com.google.corp.android.http;

import android.accounts.Account;
import android.net.Uri;
import android.util.Log;
import com.google.api.client.http.HttpMethods;
import com.google.common.net.HttpHeaders;
import com.google.corp.android.lifecycle.ActivityTracker;
import com.google.corplogin.android.Constants;
import com.google.corplogin.android.SsoException;
import com.google.corplogin.android.SsoRequest;
import java.io.IOException;
import java.net.HttpURLConnection;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.HashSet;
import java.util.Set;
import javax.inject.Inject;
import javax.inject.Provider;
import javax.inject.Singleton;

@Singleton
/* loaded from: classes5.dex */
public class SsoAuthenticator {
    private static final int DEFAULT_MAX_REDIRECTS = 3;
    private static final String TAG = "SsoAuthenticator";
    private final Provider<Account> accountProvider;
    private final ActivityTracker activityTracker;
    private final NestedHttpUrlConnectionFactory connectionFactory;
    private final Set<String> loginHosts;
    private int maxLoginRedirects;
    private final SsoService ssoService;

    @Inject
    public SsoAuthenticator(Provider<Account> provider, ActivityTracker activityTracker, SsoService ssoService, NestedHttpUrlConnectionFactory nestedHttpUrlConnectionFactory) {
        if (provider == null) {
            throw new NullPointerException("accountProvider");
        }
        if (activityTracker == null) {
            throw new NullPointerException("activityTracker");
        }
        if (ssoService == null) {
            throw new NullPointerException("ssoService");
        }
        if (nestedHttpUrlConnectionFactory == null) {
            throw new NullPointerException("nestedFactory");
        }
        this.accountProvider = provider;
        this.activityTracker = activityTracker;
        this.ssoService = ssoService;
        this.connectionFactory = nestedHttpUrlConnectionFactory;
        this.loginHosts = new HashSet(Constants.DEFAULT_LOGIN_HOSTS);
        this.maxLoginRedirects = 3;
    }

    static Provider<Account> accountFromEmail(String str) {
        final Account account = new Account(str, "com.google");
        return new Provider<Account>() { // from class: com.google.corp.android.http.SsoAuthenticator.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // javax.inject.Provider
            public Account get() {
                return account;
            }
        };
    }

    private boolean authenticate(URL url, String str, int i) throws IOException {
        HttpURLConnection openConnection = this.connectionFactory.openConnection(url);
        try {
            openConnection.setInstanceFollowRedirects(false);
            openConnection.setRequestMethod(HttpMethods.HEAD);
            if (openConnection.getResponseCode() == 302) {
                String headerField = openConnection.getHeaderField(HttpHeaders.LOCATION);
                if (headerField == null) {
                    Log.e(TAG, "Auth failure: post-login redirect location was null.");
                } else {
                    if (urisAreEquivalent(str, headerField)) {
                        openConnection.disconnect();
                        return true;
                    }
                    if (i < this.maxLoginRedirects) {
                        openConnection.disconnect();
                        Log.d(TAG, new StringBuilder(String.valueOf(headerField).length() + 87 + String.valueOf(str).length()).append("Need to retry login; post-login redirect location ").append(headerField).append(" does not match original destination ").append(str).toString());
                        return authenticate(new URL(headerField), str, i + 1);
                    }
                }
            } else {
                Log.e(TAG, new StringBuilder(64).append("Invalid post-login HTTP response code: ").append(openConnection.getResponseCode()).append("; expected ").append(302).toString());
            }
            return false;
        } finally {
            openConnection.disconnect();
        }
    }

    private URL getRefreshUrl(String str) throws SsoException, MalformedURLException {
        return new URL(getRefreshUrlString(str));
    }

    private static boolean stringsAreEqual(String str, String str2) {
        return str == null ? str2 == null : str.equals(str2);
    }

    static boolean urisAreEquivalent(String str, String str2) {
        if (str.equals(str2)) {
            return true;
        }
        Uri parse = Uri.parse(str);
        Uri parse2 = Uri.parse(str2);
        return stringsAreEqual(parse.getPath(), parse2.getPath()) && stringsAreEqual(parse.getQuery(), parse2.getQuery());
    }

    public void addLoginHostname(String str) {
        this.loginHosts.add(str);
    }

    public boolean authenticate(String str, String str2) throws IOException {
        if (str == null || str2 == null) {
            return false;
        }
        if (!isLoginUrl(Uri.parse(str2))) {
            String valueOf = String.valueOf(str2);
            Log.d(TAG, valueOf.length() != 0 ? "Corp SSO login does not appear to be necessary; non-corp-login URL encountered: ".concat(valueOf) : new String("Corp SSO login does not appear to be necessary; non-corp-login URL encountered: "));
            return false;
        }
        try {
            return authenticate(getRefreshUrl(str2), str, 0);
        } catch (SsoException e) {
            Log.e(TAG, "SSO login exchange failed.", e);
            return false;
        }
    }

    String getRefreshUrlString(String str) throws SsoException {
        Account account = this.accountProvider.get();
        if (account != null) {
            return this.ssoService.invoke(SsoRequest.builder().setAccount(account.name).setSsoUrl(str).setSuppressUserInteractions(true ^ this.activityTracker.hasForegroundActivity()).build()).getResultUrl();
        }
        throw new SsoException(1, "User account missing");
    }

    boolean isLoginUrl(Uri uri) {
        Set<String> queryParameterNames = uri.getQueryParameterNames();
        return this.loginHosts.contains(uri.getAuthority()) && queryParameterNames.contains("s") && queryParameterNames.contains("d");
    }

    public void setMaxLoginRedirects(int i) {
        this.maxLoginRedirects = i;
    }
}
