package com.microsoft.identity.common.internal.providers.microsoft.microsoftsts;

import admost.sdk.b;
import android.net.Uri;
import android.util.Pair;
import androidx.annotation.NonNull;
import androidx.annotation.Nullable;
import androidx.constraintlayout.motion.widget.a;
import com.microsoft.identity.common.adal.internal.AuthenticationConstants;
import com.microsoft.identity.common.adal.internal.util.StringExtensions;
import com.microsoft.identity.common.exception.ClientException;
import com.microsoft.identity.common.exception.ServiceException;
import com.microsoft.identity.common.internal.authscheme.AbstractAuthenticationScheme;
import com.microsoft.identity.common.internal.authscheme.PopAuthenticationSchemeInternal;
import com.microsoft.identity.common.internal.cache.ICacheRecord;
import com.microsoft.identity.common.internal.controllers.BaseController;
import com.microsoft.identity.common.internal.dto.IAccountRecord;
import com.microsoft.identity.common.internal.net.HttpClient;
import com.microsoft.identity.common.internal.net.HttpResponse;
import com.microsoft.identity.common.internal.net.ObjectMapper;
import com.microsoft.identity.common.internal.net.UrlConnectionHttpClient;
import com.microsoft.identity.common.internal.platform.Device;
import com.microsoft.identity.common.internal.platform.IDevicePopManager;
import com.microsoft.identity.common.internal.providers.microsoft.MicrosoftAuthorizationResponse;
import com.microsoft.identity.common.internal.providers.microsoft.MicrosoftTokenErrorResponse;
import com.microsoft.identity.common.internal.providers.microsoft.azureactivedirectory.AzureActiveDirectory;
import com.microsoft.identity.common.internal.providers.microsoft.azureactivedirectory.AzureActiveDirectoryCloud;
import com.microsoft.identity.common.internal.providers.microsoft.azureactivedirectory.ClientInfo;
import com.microsoft.identity.common.internal.providers.microsoft.microsoftsts.MicrosoftStsAuthorizationRequest;
import com.microsoft.identity.common.internal.providers.oauth2.AuthorizationResult;
import com.microsoft.identity.common.internal.providers.oauth2.AuthorizationResultFactory;
import com.microsoft.identity.common.internal.providers.oauth2.AuthorizationStrategy;
import com.microsoft.identity.common.internal.providers.oauth2.IDToken;
import com.microsoft.identity.common.internal.providers.oauth2.OAuth2Strategy;
import com.microsoft.identity.common.internal.providers.oauth2.OAuth2StrategyParameters;
import com.microsoft.identity.common.internal.providers.oauth2.TokenErrorResponse;
import com.microsoft.identity.common.internal.providers.oauth2.TokenRequest;
import com.microsoft.identity.common.internal.providers.oauth2.TokenResult;
import com.microsoft.identity.common.internal.telemetry.CliTelemInfo;
import com.microsoft.identity.common.internal.ui.webview.challengehandlers.PKeyAuthChallengeFactory;
import com.microsoft.identity.common.internal.ui.webview.challengehandlers.PKeyAuthChallengeHandler;
import com.microsoft.identity.common.internal.util.HeaderSerializationUtil;
import com.microsoft.identity.common.internal.util.StringUtil;
import com.microsoft.identity.common.logging.DiagnosticContext;
import com.microsoft.identity.common.logging.Logger;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.List;
import java.util.TreeMap;
import java.util.UUID;

/* loaded from: classes4.dex */
public class MicrosoftStsOAuth2Strategy extends OAuth2Strategy<MicrosoftStsAccessToken, MicrosoftStsAccount, MicrosoftStsAuthorizationRequest, MicrosoftStsAuthorizationRequest.Builder, AuthorizationStrategy, MicrosoftStsOAuth2Configuration, OAuth2StrategyParameters, MicrosoftStsAuthorizationResponse, MicrosoftStsRefreshToken, MicrosoftStsTokenRequest, MicrosoftStsTokenResponse, TokenResult, AuthorizationResult> {
    private static final String TAG = "MicrosoftStsOAuth2Strategy";
    private final HttpClient httpClient;

    public MicrosoftStsOAuth2Strategy(@NonNull MicrosoftStsOAuth2Configuration microsoftStsOAuth2Configuration, @NonNull OAuth2StrategyParameters oAuth2StrategyParameters) {
        super(microsoftStsOAuth2Configuration, oAuth2StrategyParameters);
        this.httpClient = UrlConnectionHttpClient.getDefaultInstance();
        setTokenEndpoint(microsoftStsOAuth2Configuration.getTokenEndpoint().toString());
    }

    public static boolean authSchemeIsPoP(@NonNull AbstractAuthenticationScheme abstractAuthenticationScheme) {
        return PopAuthenticationSchemeInternal.SCHEME_POP.equals(abstractAuthenticationScheme.getName());
    }

    private String buildCloudSpecificTokenEndpoint(@NonNull MicrosoftStsAuthorizationResponse microsoftStsAuthorizationResponse) {
        return !StringUtil.isEmpty(microsoftStsAuthorizationResponse.getCloudInstanceHostName()) ? Uri.parse(this.mTokenEndpoint).buildUpon().authority(microsoftStsAuthorizationResponse.getCloudInstanceHostName()).build().toString() : this.mTokenEndpoint;
    }

    private boolean cachedAccessTokenKidMatchesKeystoreKid(@Nullable String str) {
        String deviceAtPopThumbprint = getDeviceAtPopThumbprint();
        if (StringExtensions.isNullOrBlank(deviceAtPopThumbprint)) {
            return false;
        }
        return deviceAtPopThumbprint.equals(str);
    }

    private String getCloudSpecificTokenEndpoint(MicrosoftAuthorizationResponse microsoftAuthorizationResponse) {
        return StringUtil.isEmpty(microsoftAuthorizationResponse.getCloudInstanceHostName()) ? this.mTokenEndpoint : buildCloudSpecificTokenEndpoint((MicrosoftStsAuthorizationResponse) microsoftAuthorizationResponse);
    }

    private String getIssuerCacheIdentifierFromAuthority(URL url) {
        AzureActiveDirectoryCloud azureActiveDirectoryCloud = AzureActiveDirectory.getAzureActiveDirectoryCloud(url);
        if (azureActiveDirectoryCloud == null) {
            return url.getHost();
        }
        String preferredCacheHostName = azureActiveDirectoryCloud.getPreferredCacheHostName();
        StringBuilder sb2 = new StringBuilder();
        String str = TAG;
        sb2.append(str);
        sb2.append(":getIssuerCacheIdentifierFromAuthority");
        Logger.info(sb2.toString(), "Using preferred cache host name...");
        Logger.infoPII(str + ":getIssuerCacheIdentifierFromAuthority", "Preferred cache hostname: [" + preferredCacheHostName + "]");
        return preferredCacheHostName;
    }

    private HttpResponse performPKeyAuthRequest(@NonNull HttpResponse httpResponse, @NonNull MicrosoftStsTokenRequest microsoftStsTokenRequest) throws IOException, ClientException {
        String serializeObjectToFormUrlEncoded = ObjectMapper.serializeObjectToFormUrlEncoded(microsoftStsTokenRequest);
        TreeMap treeMap = new TreeMap();
        treeMap.put("client-request-id", DiagnosticContext.getRequestContext().get("correlation_id"));
        treeMap.putAll(Device.getPlatformIdParameters());
        treeMap.put("x-client-SKU", DiagnosticContext.getRequestContext().get("x-client-SKU"));
        treeMap.put("x-client-Ver", Device.getProductVersion());
        treeMap.put("x-app-name", microsoftStsTokenRequest.getClientAppName());
        treeMap.put("x-app-ver", microsoftStsTokenRequest.getClientAppVersion());
        String str = httpResponse.getHeaders().get("WWW-Authenticate").get(0);
        StringBuilder sb2 = new StringBuilder();
        String str2 = TAG;
        sb2.append(str2);
        sb2.append("#performPkeyAuthRequest");
        Logger.info(sb2.toString(), "Device certificate challenge request. ");
        Logger.infoPII(str2 + "#performPkeyAuthRequest", "Challenge header: " + str);
        try {
            PKeyAuthChallengeFactory pKeyAuthChallengeFactory = new PKeyAuthChallengeFactory();
            URL url = StringExtensions.getUrl(this.mTokenEndpoint);
            treeMap.putAll(PKeyAuthChallengeHandler.getChallengeHeader(pKeyAuthChallengeFactory.getPKeyAuthChallenge(str, url.toString())));
            treeMap.put("Content-Type", "application/x-www-form-urlencoded");
            return this.httpClient.post(url, treeMap, serializeObjectToFormUrlEncoded.getBytes("UTF-8"));
        } catch (UnsupportedEncodingException e10) {
            throw new ClientException("unsupported_encoding", "Unsupported encoding", e10);
        }
    }

    private void setTokenRequestCorrelationId(@NonNull MicrosoftStsTokenRequest microsoftStsTokenRequest) {
        try {
            microsoftStsTokenRequest.setCorrelationId(UUID.fromString(DiagnosticContext.getRequestContext().get("correlation_id")));
        } catch (IllegalArgumentException e10) {
            Logger.error("MicrosoftSTSOAuth2Strategy", "Correlation id on diagnostic context is not a UUID.", e10);
        }
    }

    private void validateAuthScheme(@NonNull MicrosoftStsTokenRequest microsoftStsTokenRequest, @NonNull MicrosoftStsTokenResponse microsoftStsTokenResponse) throws ClientException {
        String tokenType = microsoftStsTokenRequest.getTokenType();
        String tokenType2 = microsoftStsTokenResponse.getTokenType();
        if (tokenType != null && !tokenType.equalsIgnoreCase(tokenType2)) {
            throw new ClientException(ClientException.AUTH_SCHEME_MISMATCH, a.a("Expected: [", tokenType, "]\nActual: [", tokenType2, "]"));
        }
    }

    private void validateTokensAreInResponse(@NonNull MicrosoftStsTokenRequest microsoftStsTokenRequest, @NonNull MicrosoftStsTokenResponse microsoftStsTokenResponse) throws ClientException {
        String str;
        boolean containsSubString = StringUtil.containsSubString(microsoftStsTokenRequest.getScope(), AuthenticationConstants.OAuth2Scopes.CLAIMS_UPDATE_RESOURCE);
        String str2 = ClientException.TOKENS_MISSING;
        String str3 = "";
        if (containsSubString || !StringUtil.isEmpty(microsoftStsTokenResponse.getAccessToken())) {
            str = null;
        } else {
            str3 = "".concat("access_token");
            str = ClientException.TOKENS_MISSING;
        }
        if (!TokenRequest.GrantTypes.CLIENT_CREDENTIALS.equalsIgnoreCase(microsoftStsTokenRequest.getGrantType()) && StringUtil.isEmpty(microsoftStsTokenResponse.getIdToken())) {
            str3 = str3.concat(" id_token");
            str = ClientException.TOKENS_MISSING;
        }
        if (TokenRequest.GrantTypes.CLIENT_CREDENTIALS.equalsIgnoreCase(microsoftStsTokenRequest.getGrantType()) || !StringUtil.isEmpty(microsoftStsTokenResponse.getRefreshToken())) {
            str2 = str;
        } else {
            str3 = str3.concat(" refresh_token");
        }
        if (str2 != null) {
            throw new ClientException(str2, String.format("Missing required tokens of type: {0}", str3));
        }
    }

    @Override // com.microsoft.identity.common.internal.providers.oauth2.OAuth2Strategy
    public MicrosoftStsAccount createAccount(@NonNull MicrosoftStsTokenResponse microsoftStsTokenResponse) {
        e8.a.a(new StringBuilder(), TAG, ":createAccount", "Creating account from TokenResponse...");
        try {
            MicrosoftStsAccount microsoftStsAccount = new MicrosoftStsAccount(new IDToken(microsoftStsTokenResponse.getIdToken()), new ClientInfo(microsoftStsTokenResponse.getClientInfo()));
            microsoftStsAccount.setEnvironment(getIssuerCacheIdentifierFromTokenEndpoint());
            return microsoftStsAccount;
        } catch (ServiceException e10) {
            StringBuilder sb2 = new StringBuilder();
            String str = TAG;
            sb2.append(str);
            sb2.append(":createAccount");
            Logger.error(sb2.toString(), "Failed to construct IDToken or ClientInfo", null);
            Logger.errorPII(str + ":createAccount", "Failed with Exception", e10);
            throw new RuntimeException();
        }
    }

    /* JADX WARN: Can't rename method to resolve collision */
    @Override // com.microsoft.identity.common.internal.providers.oauth2.OAuth2Strategy
    public MicrosoftStsAuthorizationRequest.Builder createAuthorizationRequestBuilder() {
        StringBuilder sb2 = new StringBuilder();
        String str = TAG;
        sb2.append(str);
        sb2.append(":createAuthorizationRequestBuilder");
        Logger.info(sb2.toString(), "Creating AuthorizationRequestBuilder...");
        MicrosoftStsAuthorizationRequest.Builder builder = new MicrosoftStsAuthorizationRequest.Builder();
        builder.setAuthority(((MicrosoftStsOAuth2Configuration) this.mConfig).getAuthorityUrl());
        if (((MicrosoftStsOAuth2Configuration) this.mConfig).getSlice() != null) {
            Logger.info(str + ":createAuthorizationRequestBuilder", "Setting slice params...");
            builder.setSlice(((MicrosoftStsOAuth2Configuration) this.mConfig).getSlice());
        }
        builder.setLibraryName(DiagnosticContext.getRequestContext().get("x-client-SKU"));
        builder.setLibraryVersion(Device.getProductVersion());
        builder.setFlightParameters(((MicrosoftStsOAuth2Configuration) this.mConfig).getFlightParameters());
        builder.setMultipleCloudAware(((MicrosoftStsOAuth2Configuration) this.mConfig).getMultipleCloudsSupported());
        return builder;
    }

    /* JADX WARN: Can't rename method to resolve collision */
    @Override // com.microsoft.identity.common.internal.providers.oauth2.OAuth2Strategy
    public MicrosoftStsAuthorizationRequest.Builder createAuthorizationRequestBuilder(@Nullable IAccountRecord iAccountRecord) {
        StringBuilder sb2 = new StringBuilder();
        String str = TAG;
        sb2.append(str);
        sb2.append(":createAuthorizationRequestBuilder");
        Logger.info(sb2.toString(), "Creating AuthorizationRequestBuilder");
        MicrosoftStsAuthorizationRequest.Builder createAuthorizationRequestBuilder = createAuthorizationRequestBuilder();
        if (iAccountRecord != null) {
            Pair<String, String> tenantInfo = StringUtil.getTenantInfo(iAccountRecord.getHomeAccountId());
            if (!StringExtensions.isNullOrBlank((String) tenantInfo.first) && !StringExtensions.isNullOrBlank((String) tenantInfo.second)) {
                createAuthorizationRequestBuilder.setUid((String) tenantInfo.first);
                createAuthorizationRequestBuilder.setUtid((String) tenantInfo.second);
                StringBuilder a10 = b.a("Builder w/ uid: [");
                a10.append((String) tenantInfo.first);
                a10.append("]");
                Logger.infoPII(str + ":createAuthorizationRequestBuilder", a10.toString());
                StringBuilder a11 = b.a("Builder w/ utid: [");
                a11.append((String) tenantInfo.second);
                a11.append("]");
                Logger.infoPII(str + ":createAuthorizationRequestBuilder", a11.toString());
            }
        }
        return createAuthorizationRequestBuilder;
    }

    /* JADX WARN: Can't rename method to resolve collision */
    @Override // com.microsoft.identity.common.internal.providers.oauth2.OAuth2Strategy
    public MicrosoftStsTokenRequest createRefreshTokenRequest(@NonNull AbstractAuthenticationScheme abstractAuthenticationScheme) throws ClientException {
        Logger.verbose(TAG + ":createRefreshTokenRequest", "Creating refresh token request");
        MicrosoftStsTokenRequest microsoftStsTokenRequest = new MicrosoftStsTokenRequest();
        microsoftStsTokenRequest.setGrantType("refresh_token");
        if (PopAuthenticationSchemeInternal.SCHEME_POP.equals(abstractAuthenticationScheme.getName())) {
            microsoftStsTokenRequest.setTokenType(TokenRequest.TokenType.POP);
            IDevicePopManager devicePoPManagerInstance = Device.getDevicePoPManagerInstance();
            if (!devicePoPManagerInstance.asymmetricKeyExists()) {
                devicePoPManagerInstance.generateAsymmetricKey(this.mStrategyParameters.getContext());
            }
            microsoftStsTokenRequest.setRequestConfirmation(devicePoPManagerInstance.getRequestConfirmation());
        }
        return microsoftStsTokenRequest;
    }

    @Override // com.microsoft.identity.common.internal.providers.oauth2.OAuth2Strategy
    public MicrosoftStsTokenRequest createTokenRequest(@NonNull MicrosoftStsAuthorizationRequest microsoftStsAuthorizationRequest, @NonNull MicrosoftStsAuthorizationResponse microsoftStsAuthorizationResponse, @NonNull AbstractAuthenticationScheme abstractAuthenticationScheme) throws ClientException {
        StringBuilder sb2 = new StringBuilder();
        String str = TAG;
        e8.a.a(sb2, str, ":createTokenRequest", "Creating TokenRequest...");
        if (((MicrosoftStsOAuth2Configuration) this.mConfig).getMultipleCloudsSupported() || microsoftStsAuthorizationRequest.getMultipleCloudAware().booleanValue()) {
            Logger.verbose(str, "get cloud specific authority based on authorization response.");
            setTokenEndpoint(getCloudSpecificTokenEndpoint(microsoftStsAuthorizationResponse));
        }
        MicrosoftStsTokenRequest microsoftStsTokenRequest = new MicrosoftStsTokenRequest();
        microsoftStsTokenRequest.setCodeVerifier(microsoftStsAuthorizationRequest.getPkceChallenge().getCodeVerifier());
        microsoftStsTokenRequest.setCode(microsoftStsAuthorizationResponse.getCode());
        microsoftStsTokenRequest.setRedirectUri(microsoftStsAuthorizationRequest.getRedirectUri());
        microsoftStsTokenRequest.setClientId(microsoftStsAuthorizationRequest.getClientId());
        microsoftStsTokenRequest.setScope(microsoftStsAuthorizationRequest.getTokenScope());
        microsoftStsTokenRequest.setClaims(microsoftStsAuthorizationRequest.getClaims());
        setTokenRequestCorrelationId(microsoftStsTokenRequest);
        if (microsoftStsAuthorizationResponse.getDeviceCode() != null) {
            microsoftStsTokenRequest.setGrantType(TokenRequest.GrantTypes.DEVICE_CODE);
            microsoftStsTokenRequest.setDeviceCode(microsoftStsAuthorizationResponse.getDeviceCode());
        } else {
            microsoftStsTokenRequest.setGrantType("authorization_code");
        }
        if (PopAuthenticationSchemeInternal.SCHEME_POP.equals(abstractAuthenticationScheme.getName())) {
            if (this.mStrategyParameters.getContext() == null) {
                throw new ClientException("MicrosoftStsOAuth2StrategyCannot execute PoP request sans Context");
            }
            microsoftStsTokenRequest.setTokenType(TokenRequest.TokenType.POP);
            IDevicePopManager devicePoPManagerInstance = Device.getDevicePoPManagerInstance();
            if (!devicePoPManagerInstance.asymmetricKeyExists()) {
                Logger.verbosePII(str, "Generated new PoP asymmetric key with thumbprint: " + devicePoPManagerInstance.generateAsymmetricKey(this.mStrategyParameters.getContext()));
            }
            microsoftStsTokenRequest.setRequestConfirmation(devicePoPManagerInstance.getRequestConfirmation());
        }
        return microsoftStsTokenRequest;
    }

    @Override // com.microsoft.identity.common.internal.providers.oauth2.OAuth2Strategy
    public MicrosoftStsAccessToken getAccessTokenFromResponse(@NonNull MicrosoftStsTokenResponse microsoftStsTokenResponse) {
        Logger.verbose(TAG + ":getAccessTokenFromResponse", "Getting AT from TokenResponse...");
        return new MicrosoftStsAccessToken(microsoftStsTokenResponse);
    }

    @Override // com.microsoft.identity.common.internal.providers.oauth2.OAuth2Strategy
    public AuthorizationResultFactory getAuthorizationResultFactory() {
        return new MicrosoftStsAuthorizationResultFactory();
    }

    public String getBodyFromSuccessfulResponse(@NonNull String str) throws ClientException {
        return str;
    }

    @Nullable
    public String getDeviceAtPopThumbprint() {
        IDevicePopManager iDevicePopManager;
        try {
            iDevicePopManager = Device.getDevicePoPManagerInstance();
        } catch (ClientException e10) {
            Logger.error(TAG, e10.getMessage(), e10);
            iDevicePopManager = null;
        }
        if (iDevicePopManager == null) {
            Logger.warn(TAG, "DevicePopManager does not exist.");
            return null;
        }
        if (!iDevicePopManager.asymmetricKeyExists()) {
            throw new RuntimeException("Symmetric keys do not exist.");
        }
        try {
            return iDevicePopManager.getAsymmetricKeyThumbprint();
        } catch (ClientException e11) {
            Logger.error(TAG, "Key exists. But failed to load thumbprint.", e11);
            throw new RuntimeException(e11);
        }
    }

    @Override // com.microsoft.identity.common.internal.providers.oauth2.OAuth2Strategy
    public String getIssuerCacheIdentifier(@NonNull MicrosoftStsAuthorizationRequest microsoftStsAuthorizationRequest) {
        URL authority = microsoftStsAuthorizationRequest.getAuthority();
        AzureActiveDirectoryCloud azureActiveDirectoryCloud = AzureActiveDirectory.getAzureActiveDirectoryCloud(authority);
        if (azureActiveDirectoryCloud == null) {
            return authority.getHost();
        }
        String preferredCacheHostName = azureActiveDirectoryCloud.getPreferredCacheHostName();
        StringBuilder sb2 = new StringBuilder();
        String str = TAG;
        sb2.append(str);
        sb2.append(":getIssuerCacheIdentifier");
        Logger.info(sb2.toString(), "Using preferred cache host name...");
        Logger.infoPII(str + ":getIssuerCacheIdentifier", "Preferred cache hostname: [" + preferredCacheHostName + "]");
        return preferredCacheHostName;
    }

    public String getIssuerCacheIdentifierFromTokenEndpoint() {
        URL url;
        try {
            url = new URL(this.mTokenEndpoint);
        } catch (MalformedURLException e10) {
            Logger.error(TAG + ":getIssuerCacheIdentifierFromTokenEndpoint", "Getting issuer cache identifier from token endpoint failed due to malformed URL (mTokenEndpoint)...", e10);
            url = null;
        }
        if (url != null) {
            return getIssuerCacheIdentifierFromAuthority(url);
        }
        return null;
    }

    @Override // com.microsoft.identity.common.internal.providers.oauth2.OAuth2Strategy
    public MicrosoftStsRefreshToken getRefreshTokenFromResponse(@NonNull MicrosoftStsTokenResponse microsoftStsTokenResponse) {
        Logger.verbose(TAG + ":getRefreshTokenFromResponse", "Getting RT from TokenResponse...");
        return new MicrosoftStsRefreshToken(microsoftStsTokenResponse);
    }

    @Override // com.microsoft.identity.common.internal.providers.oauth2.OAuth2Strategy
    @NonNull
    public TokenResult getTokenResultFromHttpResponse(@NonNull HttpResponse httpResponse) throws ClientException {
        TokenErrorResponse tokenErrorResponse;
        List<String> list;
        StringBuilder sb2 = new StringBuilder();
        String str = TAG;
        sb2.append(str);
        sb2.append(":getTokenResultFromHttpResponse");
        Logger.verbose(sb2.toString(), "Getting TokenResult from HttpResponse...");
        MicrosoftStsTokenResponse microsoftStsTokenResponse = null;
        if (httpResponse.getStatusCode() >= 400) {
            tokenErrorResponse = (TokenErrorResponse) ObjectMapper.deserializeJsonStringToObject(httpResponse.getBody(), MicrosoftTokenErrorResponse.class);
            tokenErrorResponse.setStatusCode(httpResponse.getStatusCode());
            if (httpResponse.getHeaders() != null) {
                tokenErrorResponse.setResponseHeadersJson(HeaderSerializationUtil.toJson(httpResponse.getHeaders()));
            }
            tokenErrorResponse.setResponseBody(httpResponse.getBody());
        } else {
            microsoftStsTokenResponse = (MicrosoftStsTokenResponse) ObjectMapper.deserializeJsonStringToObject(getBodyFromSuccessfulResponse(httpResponse.getBody()), MicrosoftStsTokenResponse.class);
            tokenErrorResponse = null;
        }
        TokenResult tokenResult = new TokenResult(microsoftStsTokenResponse, tokenErrorResponse);
        BaseController.logResult(str, tokenResult);
        if (httpResponse.getHeaders() != null && (list = httpResponse.getHeaders().get(AuthenticationConstants.HeaderField.X_MS_CLITELEM)) != null && !list.isEmpty()) {
            CliTelemInfo fromXMsCliTelemHeader = CliTelemInfo.fromXMsCliTelemHeader(list.get(0));
            tokenResult.setCliTelemInfo(fromXMsCliTelemHeader);
            if (microsoftStsTokenResponse != null && fromXMsCliTelemHeader != null) {
                microsoftStsTokenResponse.setSpeRing(fromXMsCliTelemHeader.getSpeRing());
                microsoftStsTokenResponse.setRefreshTokenAge(fromXMsCliTelemHeader.getRefreshTokenAge());
                microsoftStsTokenResponse.setCliTelemErrorCode(fromXMsCliTelemHeader.getServerErrorCode());
                microsoftStsTokenResponse.setCliTelemSubErrorCode(fromXMsCliTelemHeader.getServerSubErrorCode());
            }
        }
        return tokenResult;
    }

    @Override // com.microsoft.identity.common.internal.providers.oauth2.OAuth2Strategy
    public HttpResponse performTokenRequest(MicrosoftStsTokenRequest microsoftStsTokenRequest) throws IOException, ClientException {
        HttpResponse performTokenRequest = super.performTokenRequest((MicrosoftStsOAuth2Strategy) microsoftStsTokenRequest);
        if (performTokenRequest.getStatusCode() != 401 || performTokenRequest.getHeaders() == null || !performTokenRequest.getHeaders().containsKey("WWW-Authenticate")) {
            return performTokenRequest;
        }
        Logger.info(TAG + ":performTokenRequest", "Receiving device certificate challenge request. ");
        return performPKeyAuthRequest(performTokenRequest, microsoftStsTokenRequest);
    }

    @Override // com.microsoft.identity.common.internal.providers.oauth2.OAuth2Strategy
    public void validateAuthorizationRequest(MicrosoftStsAuthorizationRequest microsoftStsAuthorizationRequest) {
    }

    @Override // com.microsoft.identity.common.internal.providers.oauth2.OAuth2Strategy
    public boolean validateCachedResult(@NonNull AbstractAuthenticationScheme abstractAuthenticationScheme, @NonNull ICacheRecord iCacheRecord) {
        super.validateCachedResult(abstractAuthenticationScheme, iCacheRecord);
        if (authSchemeIsPoP(abstractAuthenticationScheme)) {
            return cachedAccessTokenKidMatchesKeystoreKid(iCacheRecord.getAccessToken().getKid());
        }
        return true;
    }

    @Override // com.microsoft.identity.common.internal.providers.oauth2.OAuth2Strategy
    public void validateTokenRequest(MicrosoftStsTokenRequest microsoftStsTokenRequest) {
    }

    @Override // com.microsoft.identity.common.internal.providers.oauth2.OAuth2Strategy
    public void validateTokenResponse(@NonNull MicrosoftStsTokenRequest microsoftStsTokenRequest, @NonNull MicrosoftStsTokenResponse microsoftStsTokenResponse) throws ClientException {
        validateAuthScheme(microsoftStsTokenRequest, microsoftStsTokenResponse);
        validateTokensAreInResponse(microsoftStsTokenRequest, microsoftStsTokenResponse);
    }
}
