package com.identity4j.connector.office365.services.token.handler;

import java.io.BufferedReader;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.net.URL;
import java.net.URLDecoder;
import java.net.URLEncoder;
import java.security.MessageDigest;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.crypto.Cipher;
import javax.crypto.Mac;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import javax.xml.parsers.DocumentBuilderFactory;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;

/* loaded from: input_file:com/identity4j/connector/office365/services/token/handler/WindowsLiveLogin.class */
public class WindowsLiveLogin {
    private static boolean debug = false;
    private String appId;
    private byte[] cryptKey;
    private byte[] signKey;
    private byte[] oldCryptKey;
    private byte[] oldSignKey;
    private Date oldSecretExpiry;
    private String securityAlgorithm;
    private boolean forceDelAuthNonProvisioned;
    private String policyUrl;
    private String returnUrl;
    private String baseUrl;
    private String secureUrl;
    private String consentUrl;

    /* loaded from: input_file:com/identity4j/connector/office365/services/token/handler/WindowsLiveLogin$ConsentToken.class */
    public static class ConsentToken {
        private WindowsLiveLogin wll;
        private String delegationToken;
        private String refreshToken;
        private byte[] sessionKey;
        private Date expiry;
        private List<String> offers;
        private String offersString;
        private String locationID;
        private String context;
        String decodedToken;
        String token;

        public ConsentToken(WindowsLiveLogin windowsLiveLogin, String str, String str2, String str3, String str4, String str5, String str6, String str7, String str8, String str9) {
            this.wll = windowsLiveLogin;
            setDelegationToken(str);
            setRefreshToken(str2);
            setSessionKey(str3);
            setExpiry(str4);
            setOffers(str5);
            setLocationID(str6);
            setContext(str7);
            setDecodedToken(str8);
            setToken(str9);
        }

        public String getDelegationToken() {
            return this.delegationToken;
        }

        private void setDelegationToken(String str) {
            if (WindowsLiveLogin.isVoid(str)) {
                throw new WLLException("Error: ConsentToken: Null delegation token.");
            }
            this.delegationToken = str;
        }

        public String getRefreshToken() {
            return this.refreshToken;
        }

        private void setRefreshToken(String str) {
            this.refreshToken = str;
        }

        public byte[] getSessionKey() {
            return this.sessionKey;
        }

        private void setSessionKey(String str) {
            if (WindowsLiveLogin.isVoid(str)) {
                throw new WLLException("Error: ConsentToken: Null session key.");
            }
            this.sessionKey = WindowsLiveLogin.u64(str);
        }

        public Date getExpiry() {
            return this.expiry;
        }

        public void setExpiry(String str) {
            if (WindowsLiveLogin.isVoid(str)) {
                throw new WLLException("Error: ConsentToken: Null expiry time.");
            }
            try {
                this.expiry = new Date(Long.parseLong(str) * 1000);
            } catch (Exception e) {
                throw new WLLException("Error: ConsentToken: Invalid expiry time: " + str);
            }
        }

        public List<String> getOffers() {
            return this.offers;
        }

        public String getOffersString() {
            return this.offersString;
        }

        private void setOffers(String str) {
            if (WindowsLiveLogin.isVoid(str)) {
                throw new WLLException("Error: ConsentToken: Null offers.");
            }
            String unescape = WindowsLiveLogin.unescape(str);
            this.offersString = "";
            this.offers = new ArrayList();
            for (String str2 : unescape.split(";")) {
                if (!WindowsLiveLogin.isVoid(this.offersString)) {
                    this.offersString = String.valueOf(this.offersString) + ",";
                }
                int indexOf = str2.indexOf(":");
                if (indexOf == -1) {
                    this.offers.add(str2);
                    this.offersString = String.valueOf(this.offersString) + str2;
                } else {
                    String substring = str2.substring(0, indexOf);
                    this.offers.add(substring);
                    this.offersString = String.valueOf(this.offersString) + substring;
                }
            }
        }

        public String getLocationID() {
            return this.locationID;
        }

        private void setLocationID(String str) {
            if (WindowsLiveLogin.isVoid(str)) {
                throw new WLLException("Error: ConsentToken: Null Location ID.");
            }
            this.locationID = str;
        }

        public String getContext() {
            return this.context;
        }

        private void setContext(String str) {
            this.context = str;
        }

        public String getDecodedToken() {
            return this.decodedToken;
        }

        private void setDecodedToken(String str) {
            this.decodedToken = str;
        }

        public String getToken() {
            return this.token;
        }

        private void setToken(String str) {
            this.token = str;
        }

        public boolean isValid() {
            if (WindowsLiveLogin.isVoid(getDelegationToken())) {
                return false;
            }
            return new Date().getTime() - 300 <= getExpiry().getTime();
        }

        public boolean refresh() {
            ConsentToken refreshConsentToken = this.wll.refreshConsentToken(this);
            if (refreshConsentToken == null) {
                return false;
            }
            copy(refreshConsentToken);
            return true;
        }

        private void copy(ConsentToken consentToken) {
            this.delegationToken = consentToken.delegationToken;
            this.refreshToken = consentToken.refreshToken;
            this.sessionKey = consentToken.sessionKey;
            this.expiry = consentToken.expiry;
            this.offers = consentToken.offers;
            this.offersString = consentToken.offersString;
            this.locationID = consentToken.locationID;
            this.decodedToken = consentToken.decodedToken;
            this.token = consentToken.token;
        }
    }

    /* loaded from: input_file:com/identity4j/connector/office365/services/token/handler/WindowsLiveLogin$User.class */
    public static class User {
        private Date timestamp;
        private String id;
        private boolean usePersistentCookie;
        private String context;
        private String token;

        public User(String str, String str2, String str3, String str4, String str5) {
            setTimestamp(str);
            setId(str2);
            setFlags(str3);
            setContext(str4);
            setToken(str5);
        }

        public Date getTimestamp() {
            return this.timestamp;
        }

        private void setTimestamp(String str) {
            if (WindowsLiveLogin.isVoid(str)) {
                throw new WLLException("Error: User: Null timestamp in token.");
            }
            try {
                this.timestamp = new Date(Long.parseLong(str) * 1000);
            } catch (Exception e) {
                throw new WLLException("Error: User: Invalid timestamp: " + str);
            }
        }

        public String getId() {
            return this.id;
        }

        private void setId(String str) {
            if (WindowsLiveLogin.isVoid(str)) {
                throw new WLLException("Error: User: Null id in token.");
            }
            if (!Pattern.compile("^\\w+$").matcher(str).matches()) {
                throw new WLLException("Error: User: Invalid id: " + str);
            }
            this.id = str;
        }

        public boolean usePersistentCookie() {
            return this.usePersistentCookie;
        }

        private void setFlags(String str) {
            this.usePersistentCookie = false;
            if (WindowsLiveLogin.isVoid(str)) {
                return;
            }
            try {
                this.usePersistentCookie = Integer.parseInt(str) % 2 == 1;
            } catch (Exception e) {
                throw new WLLException("Error: User: Invalid flags: " + str);
            }
        }

        public String getContext() {
            return this.context;
        }

        private void setContext(String str) {
            this.context = str;
        }

        public String getToken() {
            return this.token;
        }

        private void setToken(String str) {
            this.token = str;
        }
    }

    /* loaded from: input_file:com/identity4j/connector/office365/services/token/handler/WindowsLiveLogin$WLLException.class */
    public static class WLLException extends RuntimeException {
        public WLLException(String str) {
            super(str);
        }
    }

    public static void setDebug(boolean z) {
        debug = z;
    }

    private static void debug(String str) {
        if (!debug || isVoid(str)) {
            return;
        }
        System.err.println(String.valueOf("\nWindows Live ID Authentication SDK ") + str);
    }

    private static void fatal(String str) {
        debug(str);
        throw new WLLException(str);
    }

    public WindowsLiveLogin(String str, String str2) {
        this(str, str2, (String) null);
    }

    public WindowsLiveLogin(String str, String str2, String str3) {
        this(str, str2, str3, false);
    }

    public WindowsLiveLogin(boolean z, String str, String str2) {
        this.forceDelAuthNonProvisioned = false;
        setForceDelAuthNonProvisioned(z);
        setPolicyUrl(str);
        setReturnUrl(str2);
    }

    public WindowsLiveLogin(String str, String str2, String str3, boolean z) {
        this(str, str2, str3, z, null);
    }

    public WindowsLiveLogin(String str, String str2, String str3, boolean z, String str4) {
        this(str, str2, str3, z, str4, null);
    }

    public WindowsLiveLogin(String str, String str2, String str3, boolean z, String str4, String str5) {
        this.forceDelAuthNonProvisioned = false;
        setForceDelAuthNonProvisioned(z);
        setAppId(str);
        setSecret(str2);
        setSecurityAlgorithm(str3);
        setPolicyUrl(str4);
        setReturnUrl(str5);
    }

    public WindowsLiveLogin(String str) {
        this.forceDelAuthNonProvisioned = false;
        Map<String, String> parseSettings = parseSettings(str);
        if ("true".equals(parseSettings.get("debug"))) {
            setDebug(true);
        } else {
            setDebug(false);
        }
        if ("true".equals(parseSettings.get("force_delauth_nonprovisioned"))) {
            setForceDelAuthNonProvisioned(true);
        } else {
            setForceDelAuthNonProvisioned(false);
        }
        setAppId(parseSettings.get("appid"));
        setSecret(parseSettings.get("secret"));
        setOldSecret(parseSettings.get("oldsecret"));
        setOldSecretExpiry(parseSettings.get("oldsecretexpiry"));
        setSecurityAlgorithm(parseSettings.get("securityalgorithm"));
        setPolicyUrl(parseSettings.get("policyurl"));
        setReturnUrl(parseSettings.get("returnurl"));
        setBaseUrl(parseSettings.get("baseurl"));
        setSecureUrl(parseSettings.get("secureurl"));
        setConsentBaseUrl(parseSettings.get("consenturl"));
    }

    public WindowsLiveLogin() {
        this.forceDelAuthNonProvisioned = false;
    }

    public void setAppId(String str) {
        if (isVoid(str)) {
            if (this.forceDelAuthNonProvisioned) {
                return;
            } else {
                fatal("Error: setAppId: Attempt to set null application ID.");
            }
        }
        if (!Pattern.compile("^\\w+$").matcher(str).matches()) {
            fatal("Error: setAppId: Application ID must be alphanumeric: " + str);
        }
        this.appId = str;
    }

    public String getAppId() {
        if (isVoid(this.appId)) {
            fatal("Error: getAppId: Application ID was not set. Aborting.");
        }
        return this.appId;
    }

    public void setSecret(String str) {
        if (isVoid(str) || str.length() < 16) {
            if (this.forceDelAuthNonProvisioned) {
                return;
            } else {
                fatal("Error: setSecret: Secret key is expected to be non-null and longer than 16 characters.");
            }
        }
        this.signKey = derive(str, "SIGNATURE");
        this.cryptKey = derive(str, "ENCRYPTION");
    }

    public void setOldSecret(String str) {
        if (isVoid(str)) {
            return;
        }
        if (str.length() < 16) {
            fatal("Error: setOldSecret: Secret key is expected to be non-null and longer than 16 characters.");
        }
        this.oldSignKey = derive(str, "SIGNATURE");
        this.oldCryptKey = derive(str, "ENCRYPTION");
    }

    public void setOldSecretExpiry(String str) {
        if (isVoid(str)) {
            return;
        }
        try {
            this.oldSecretExpiry = new Date(Long.parseLong(str) * 1000);
        } catch (Exception e) {
            fatal("Error: setOldSecretExpiry: Invalid timestamp: " + str);
        }
    }

    public Date getOldSecretExpiry() {
        return this.oldSecretExpiry;
    }

    public void setSecurityAlgorithm(String str) {
        this.securityAlgorithm = str;
    }

    public String getSecurityAlgorithm() {
        return isVoid(this.securityAlgorithm) ? "wsignin1.0" : this.securityAlgorithm;
    }

    public void setForceDelAuthNonProvisioned(boolean z) {
        this.forceDelAuthNonProvisioned = z;
    }

    public void setPolicyUrl(String str) {
        if (isVoid(str) && this.forceDelAuthNonProvisioned) {
            fatal("Error: setPolicyUrl: Null policy URL given.");
        }
        this.policyUrl = str;
    }

    public String getPolicyUrl() {
        if (isVoid(this.policyUrl)) {
            debug("Warning: In the initial release of Delegated Auth, a Policy URL must be configured in the SDK for both provisioned and non-provisioned scenarios.");
            if (this.forceDelAuthNonProvisioned) {
                fatal("Error: getPolicyUrl: Policy URL must be set in a Delegated Auth non-provisioned scenario. Aborting.");
            }
        }
        return this.policyUrl;
    }

    public void setReturnUrl(String str) {
        if (isVoid(str) && this.forceDelAuthNonProvisioned) {
            fatal("Error: setReturnUrl: Null return URL given.");
        }
        this.returnUrl = str;
    }

    public String getReturnUrl() {
        if (isVoid(this.returnUrl) && this.forceDelAuthNonProvisioned) {
            fatal("Error: getReturnUrl: Return URL must be set in a Delegated Auth non-provisioned scenario. Aborting.");
        }
        return this.returnUrl;
    }

    public void setBaseUrl(String str) {
        this.baseUrl = str;
    }

    public String getBaseUrl() {
        return isVoid(this.baseUrl) ? "http://login.live.com/" : this.baseUrl;
    }

    public void setSecureUrl(String str) {
        this.secureUrl = str;
    }

    public String getSecureUrl() {
        return isVoid(this.secureUrl) ? "https://login.live.com/" : this.secureUrl;
    }

    public void setConsentBaseUrl(String str) {
        this.consentUrl = str;
    }

    public String getConsentBaseUrl() {
        return isVoid(this.consentUrl) ? "https://consent.live.com/" : this.consentUrl;
    }

    public URL getLoginUrl() {
        return getLoginUrl(null);
    }

    public URL getLoginUrl(String str) {
        return getLoginUrl(str, null);
    }

    public URL getLoginUrl(String str, String str2) {
        String str3 = String.valueOf(String.valueOf(getBaseUrl()) + "wlogin.srf?appid=" + getAppId()) + "&alg=" + getSecurityAlgorithm();
        if (!isVoid(str)) {
            str3 = String.valueOf(str3) + "&appctx=" + escape(str);
        }
        if (!isVoid(str2)) {
            str3 = String.valueOf(str3) + "&mkt=" + escape(str2);
        }
        try {
            return new URL(str3);
        } catch (Exception e) {
            debug("Error: getLoginUrl: Unable to create login URL: " + str3 + ": " + e);
            return null;
        }
    }

    public URL getLogoutUrl() {
        return getLogoutUrl(null);
    }

    public URL getLogoutUrl(String str) {
        String str2 = String.valueOf(getBaseUrl()) + "logout.srf?appid=" + getAppId();
        if (!isVoid(str)) {
            str2 = String.valueOf(str2) + "&mkt=" + escape(str);
        }
        try {
            return new URL(str2);
        } catch (Exception e) {
            debug("Error: getLogoutUrl: Unable to create logout URL: " + str2 + ": " + e);
            return null;
        }
    }

    public User processLogin(Map<String, String[]> map) {
        if (map == null) {
            debug("Error: processLogin: Invalid query map.");
            return null;
        }
        String[] strArr = map.get("action");
        if (strArr == null || strArr.length != 1) {
            debug("Warning: processLogin: Single action parameter not found.");
            return null;
        }
        String str = strArr[0];
        if (!"login".equals(str)) {
            debug("Warning: processLogin: query action ignored: " + str);
            return null;
        }
        String[] strArr2 = map.get("stoken");
        if (strArr2 == null || strArr2.length != 1) {
            debug("Warning: processLogin: Single stoken parameter not found.");
            return null;
        }
        String str2 = strArr2[0];
        String str3 = null;
        String[] strArr3 = map.get("appctx");
        if (strArr3 != null && strArr3.length == 1) {
            str3 = escape(strArr3[0]);
        }
        return processToken(str2, str3);
    }

    public User processToken(String str) {
        return processToken(str, null);
    }

    public User processToken(String str, String str2) {
        if (isVoid(str)) {
            debug("Error: processToken: Invalid token specified.");
            return null;
        }
        String decodeAndValidateToken = decodeAndValidateToken(str);
        if (isVoid(decodeAndValidateToken)) {
            debug("Error: processToken: Failed to decode/validate token: " + str);
            return null;
        }
        Map<String, String> parse = parse(decodeAndValidateToken);
        if (parse == null || parse.size() < 3) {
            debug("Error: processToken: Failed to parse token after decoding: " + str);
            return null;
        }
        String appId = getAppId();
        String str3 = parse.get("appid");
        if (!appId.equals(str3)) {
            debug("Error: processToken: Application ID in token did not match ours: " + str3 + ", " + appId);
            return null;
        }
        User user = null;
        try {
            user = new User(parse.get("ts"), parse.get("uid"), parse.get("flags"), str2, str);
        } catch (WLLException e) {
            debug("Error: processToken: Contents of token considered invalid: " + e);
        }
        return user;
    }

    public String getClearCookieResponseType() {
        return "image/gif";
    }

    public byte[] getClearCookieResponseBody() {
        return Base64.decode("R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAEALAAAAAABAAEAAAIBTAA7");
    }

    public URL getConsentUrl(String str) {
        return getConsentUrl(str, null);
    }

    public URL getConsentUrl(String str, String str2) {
        return getConsentUrl(str, str2, null);
    }

    public URL getConsentUrl(String str, String str2, String str3) {
        return getConsentUrl(str, str2, str3, null);
    }

    public URL getConsentUrl(String str, String str2, String str3, String str4) {
        if (isVoid(str)) {
            throw new WLLException("Error: getConsentUrl: Invalid offers list.");
        }
        String str5 = String.valueOf(String.valueOf(getConsentBaseUrl()) + "Delegation.aspx") + "?ps=" + escape(str);
        if (!isVoid(str2)) {
            str5 = String.valueOf(str5) + "&appctx=" + escape(str2);
        }
        if (isVoid(str3)) {
            str3 = getReturnUrl();
        }
        if (!isVoid(str3)) {
            str5 = String.valueOf(str5) + "&ru=" + escape(str3);
        }
        if (!isVoid(str4)) {
            str5 = String.valueOf(str5) + "&mkt=" + escape(str4);
        }
        String policyUrl = getPolicyUrl();
        if (!isVoid(policyUrl)) {
            str5 = String.valueOf(str5) + "&pl=" + escape(policyUrl);
        }
        if (!this.forceDelAuthNonProvisioned) {
            str5 = String.valueOf(str5) + "&app=" + getAppVerifier();
        }
        try {
            return new URL(str5);
        } catch (Exception e) {
            throw new WLLException("Error: getConsentUrl: Unable to create consent URL: " + str5 + ": " + e);
        }
    }

    public URL getRefreshConsentTokenUrl(String str, String str2) {
        return getRefreshConsentTokenUrl(str, str2, null);
    }

    public URL getRefreshConsentTokenUrl(String str, String str2, String str3) {
        if (isVoid(str)) {
            throw new WLLException("Error: getRefreshConsentTokenUrl: Invalid offers list.");
        }
        if (isVoid(str2)) {
            throw new WLLException("Error: getRefreshConsentTokenUrl: Invalid refresh token.");
        }
        String str4 = String.valueOf(String.valueOf(String.valueOf(getConsentBaseUrl()) + "RefreshToken.aspx") + "?ps=" + escape(str)) + "&reft=" + str2;
        if (isVoid(str3)) {
            str3 = getReturnUrl();
        }
        if (!isVoid(str3)) {
            str4 = String.valueOf(str4) + "&ru=" + escape(str3);
        }
        if (!this.forceDelAuthNonProvisioned) {
            str4 = String.valueOf(str4) + "&app=" + getAppVerifier();
        }
        try {
            return new URL(str4);
        } catch (Exception e) {
            throw new WLLException("Error: getRefreshConsentTokenUrl: Unable to create refresh consent token URL: " + str4 + ": " + e);
        }
    }

    public URL getManageConsentUrl() {
        return getManageConsentUrl(null);
    }

    public URL getManageConsentUrl(String str) {
        String str2 = String.valueOf(getConsentBaseUrl()) + "ManageConsent.aspx";
        if (!isVoid(str)) {
            str2 = String.valueOf(str2) + "?mkt=" + escape(str);
        }
        try {
            return new URL(str2);
        } catch (Exception e) {
            throw new WLLException("Error: getManageConsentUrl: Unable to create manage consent URL: " + str2 + ": " + e);
        }
    }

    public ConsentToken processConsent(Map<String, String[]> map) {
        if (map == null) {
            debug("Error: processConsent: Invalid query map.");
            return null;
        }
        String[] strArr = map.get("action");
        if (strArr == null || strArr.length != 1) {
            debug("Warning: processConsent: Single action parameter not found.");
            return null;
        }
        String str = strArr[0];
        if (!"delauth".equals(str)) {
            debug("Warning: processConsent: query action ignored: " + str);
            return null;
        }
        String[] strArr2 = map.get("ResponseCode");
        if (strArr2 == null || strArr2.length != 1) {
            debug("Warning: processConsent: Single ResponseCode parameter not found.");
            return null;
        }
        String str2 = strArr2[0];
        if (!"RequestApproved".equals(str2)) {
            debug("Error: processConsent: Consent was not successfully granted: " + str2);
            return null;
        }
        String[] strArr3 = map.get("ConsentToken");
        if (strArr3 == null || strArr3.length != 1) {
            debug("Warning: processConsent: Single ConsentToken parameter not found.");
            return null;
        }
        String str3 = strArr3[0];
        String str4 = null;
        String[] strArr4 = map.get("appctx");
        if (strArr4 != null && strArr4.length == 1) {
            str4 = escape(strArr4[0]);
        }
        return processConsentToken(str3, str4);
    }

    public ConsentToken processConsentToken(String str) {
        return processConsentToken(str, null);
    }

    public ConsentToken processConsentToken(String str, String str2) {
        String str3 = str;
        if (isVoid(str)) {
            debug("Error: processConsentToken: Null token.");
            return null;
        }
        Map<String, String> parse = parse(unescape(str));
        if (parse == null) {
            debug("Error: processConsentToken: Failed to parse token: " + str);
            return null;
        }
        if (!isVoid(parse.get("eact"))) {
            String decodeAndValidateToken = decodeAndValidateToken(parse.get("eact"));
            if (isVoid(decodeAndValidateToken)) {
                debug("Error: processConsentToken: Failed to decode/validate token: " + str);
                return null;
            }
            parse = parse(decodeAndValidateToken);
            str3 = escape(decodeAndValidateToken);
        }
        ConsentToken consentToken = null;
        try {
            consentToken = new ConsentToken(this, parse.get("delt"), parse.get("reft"), parse.get("skey"), parse.get("exp"), parse.get("offer"), parse.get("lid"), str2, str3, str);
        } catch (WLLException e) {
            debug("Error: processConsentToken: Contents of token considered invalid: " + e);
        }
        return consentToken;
    }

    public ConsentToken refreshConsentToken(ConsentToken consentToken) {
        return refreshConsentToken(consentToken, (String) null);
    }

    public ConsentToken refreshConsentToken(ConsentToken consentToken, String str) {
        if (consentToken != null) {
            return refreshConsentToken(consentToken.getOffersString(), consentToken.getRefreshToken(), str);
        }
        debug("Error: refreshConsentToken: Null consent token.");
        return null;
    }

    public ConsentToken refreshConsentToken(String str, String str2) {
        return refreshConsentToken(str, str2, null);
    }

    public ConsentToken refreshConsentToken(String str, String str2, String str3) {
        try {
            URL refreshConsentTokenUrl = getRefreshConsentTokenUrl(str, str2, str3);
            if (refreshConsentTokenUrl == null) {
                debug("Error: Failed to construct refresh consent token URL.");
                return null;
            }
            String fetch = fetch(refreshConsentTokenUrl);
            if (isVoid(fetch)) {
                debug("Error: refreshConsentToken: Failed to download token.");
                return null;
            }
            Matcher matcher = Pattern.compile("\\{\"ConsentToken\":\"(.*)\"\\}").matcher(fetch);
            if (matcher.find()) {
                return processConsentToken(matcher.group(1));
            }
            debug("Error: refreshConsentToken: Failed to extract token: " + fetch);
            return null;
        } catch (Exception e) {
            debug("Error: Failed to construct refresh consent token URL: " + e);
            return null;
        }
    }

    public String decodeAndValidateToken(String str) {
        boolean z = false;
        if (new Date().getTime() < (this.oldSecretExpiry == null ? 0L : this.oldSecretExpiry.getTime()) && this.oldCryptKey != null && this.oldSignKey != null) {
            z = true;
        }
        String decodeAndValidateToken = decodeAndValidateToken(str, this.cryptKey, this.signKey);
        if (!isVoid(decodeAndValidateToken) || !z) {
            return decodeAndValidateToken;
        }
        debug("Warning: Failed to validate token with current secret, attempting old secret.");
        return decodeAndValidateToken(str, this.oldCryptKey, this.oldSignKey);
    }

    public String decodeAndValidateToken(String str, byte[] bArr, byte[] bArr2) {
        String decodeToken = decodeToken(str, bArr);
        if (!isVoid(decodeToken)) {
            decodeToken = validateToken(decodeToken, bArr2);
        }
        return decodeToken;
    }

    public String decodeToken(String str) {
        return decodeToken(str, this.cryptKey);
    }

    public String decodeToken(String str, byte[] bArr) {
        if (bArr == null || bArr.length == 0) {
            fatal("Error: decodeToken: Secret key was not set. Aborting.");
        }
        if (isVoid(str)) {
            debug("Error: decodeToken: Null token input.");
            return null;
        }
        try {
            byte[] u64 = u64(str);
            if (u64 == null || u64.length <= 16 || u64.length % 16 != 0) {
                debug("Error: decodeToken: Attempted to decode invalid token.");
                return null;
            }
            byte[] copyOf = Arrays.copyOf(u64, 16);
            byte[] copyOfRange = Arrays.copyOfRange(u64, 16, u64.length);
            SecretKeySpec secretKeySpec = new SecretKeySpec(bArr, "AES");
            IvParameterSpec ivParameterSpec = new IvParameterSpec(copyOf);
            Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
            cipher.init(2, secretKeySpec, ivParameterSpec);
            return new String(cipher.doFinal(copyOfRange));
        } catch (Exception e) {
            debug("Error: decodeToken: Decryption failed: " + str + ", " + e);
            return null;
        }
    }

    public byte[] signToken(String str) {
        return signToken(str, this.signKey);
    }

    public byte[] signToken(String str, byte[] bArr) {
        if (bArr == null || bArr.length == 0) {
            fatal("Error: signToken: Secret key was not set. Aborting.");
        }
        if (isVoid(str)) {
            debug("Attempted to sign null token.");
            return null;
        }
        try {
            Mac mac = Mac.getInstance("HmacSHA256");
            mac.init(new SecretKeySpec(bArr, "AES"));
            return mac.doFinal(str.getBytes());
        } catch (Exception e) {
            debug("Error: signToken: Signing failed: " + str + ", " + e);
            return null;
        }
    }

    public String validateToken(String str) {
        return validateToken(str, this.signKey);
    }

    public String validateToken(String str, byte[] bArr) {
        if (isVoid(str)) {
            debug("Error: validateToken: Null token.");
            return null;
        }
        String[] split = str.split("&sig=");
        if (split.length != 2) {
            debug("Error: validateToken: Invalid token: " + str);
            return null;
        }
        byte[] u64 = u64(split[1]);
        if (u64 == null) {
            debug("Error: validateToken: Could not extract the signature from the token.");
            return null;
        }
        byte[] signToken = signToken(split[0], bArr);
        if (signToken == null) {
            debug("Error: validateToken: Could not generate a signature for the token.");
            return null;
        }
        if (Arrays.equals(u64, signToken)) {
            return str;
        }
        debug("Error: validateToken: Signature did not match.");
        return null;
    }

    public String getAppVerifier() {
        return getAppVerifier(null);
    }

    public String getAppVerifier(String str) {
        String str2 = "appid=" + getAppId() + "&ts=" + getTimestamp();
        if (!isVoid(str)) {
            str2 = String.valueOf(str2) + "&ip=" + str;
        }
        return escape(String.valueOf(str2) + "&sig=" + e64(signToken(str2)));
    }

    public URL getAppLoginUrl() {
        return getAppLoginUrl(null, null, false);
    }

    public URL getAppLoginUrl(String str) {
        return getAppLoginUrl(str, null, false);
    }

    public URL getAppLoginUrl(String str, String str2) {
        return getAppLoginUrl(str, str2, false);
    }

    public URL getAppLoginUrl(String str, String str2, boolean z) {
        String str3 = String.valueOf(String.valueOf(getSecureUrl()) + "wapplogin.srf?app=" + getAppVerifier(str2)) + "&alg=" + getSecurityAlgorithm();
        if (!isVoid(str)) {
            str3 = String.valueOf(str3) + "&id=" + str;
        }
        if (z) {
            str3 = String.valueOf(str3) + "&js=1";
        }
        try {
            return new URL(str3);
        } catch (Exception e) {
            debug("Error: getAppLoginUrl: Could not create application login URL: " + str3 + ", " + e);
            return null;
        }
    }

    public String getAppSecurityToken() {
        return getAppSecurityToken(null, null);
    }

    public String getAppSecurityToken(String str) {
        return getAppSecurityToken(str, null);
    }

    public String getAppSecurityToken(String str, String str2) {
        URL appLoginUrl = getAppLoginUrl(str, str2);
        if (appLoginUrl == null) {
            debug("Error: getAppSecurityToken: Could not get application sign-in URL to fetch security token");
            return null;
        }
        String fetch = fetch(appLoginUrl);
        if (isVoid(fetch)) {
            debug("Error: getAppSecurityToken: Could not fetch security token from URL: " + appLoginUrl);
            return null;
        }
        Matcher matcher = Pattern.compile("\\{\"token\":\"(.*)\"\\}").matcher(fetch);
        if (matcher.find()) {
            return matcher.group(1);
        }
        debug("error: getAppSecurityToken: Failed to extract token: " + fetch);
        return null;
    }

    public String getAppRetCode() {
        return "appid=" + getAppId();
    }

    public Map<String, String> getTrustedParams(String str) {
        return getTrustedParams(str, null);
    }

    public Map<String, String> getTrustedParams(String str, String str2) {
        String trustedToken = getTrustedToken(str);
        if (isVoid(trustedToken)) {
            return null;
        }
        String str3 = "<wst:RequestSecurityTokenResponse xmlns:wst=\"http://schemas.xmlsoap.org/ws/2005/02/trust\"><wst:RequestedSecurityToken><wsse:BinarySecurityToken xmlns:wsse=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd\">" + trustedToken + "</wsse:BinarySecurityToken></wst:RequestedSecurityToken><wsp:AppliesTo xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\"><wsa:EndpointReference xmlns:wsa=\"http://schemas.xmlsoap.org/ws/2004/08/addressing\"><wsa:Address>uri:WindowsLiveID</wsa:Address></wsa:EndpointReference></wsp:AppliesTo></wst:RequestSecurityTokenResponse>";
        HashMap hashMap = new HashMap();
        hashMap.put("wa", getSecurityAlgorithm());
        hashMap.put("wresult", str3);
        if (!isVoid(str2)) {
            hashMap.put("wctx", str2);
        }
        return hashMap;
    }

    public String getTrustedToken(String str) {
        if (isVoid(str)) {
            debug("Error: getTrustedToken: Null user specified.");
            return null;
        }
        String str2 = "appid=" + getAppId() + "&uid=" + escape(str) + "&ts=" + getTimestamp();
        return escape(String.valueOf(str2) + "&sig=" + e64(signToken(str2)));
    }

    public URL getTrustedLoginUrl() {
        String str = String.valueOf(getSecureUrl()) + "wlogin.srf";
        try {
            return new URL(str);
        } catch (Exception e) {
            debug("Error: getTrustedLoginUrl: Unable to create trusted sign-in URL: " + str + ": " + e);
            return null;
        }
    }

    public URL getTrustedLogoutUrl() {
        String str = String.valueOf(getSecureUrl()) + "logout.srf?appid=" + getAppId();
        try {
            return new URL(str);
        } catch (Exception e) {
            debug("Error: getTrustedLogoutUrl: Unable to create trusted sign-in URL: " + str + ": " + e);
            return null;
        }
    }

    private Map<String, String> parseSettings(String str) {
        try {
            InputStream resourceAsStream = Thread.currentThread().getContextClassLoader().getResourceAsStream(str);
            if (resourceAsStream == null) {
                fatal("Error: parseSettings: Could not load the settings file: " + str);
            }
            NodeList elementsByTagName = DocumentBuilderFactory.newInstance().newDocumentBuilder().parse(resourceAsStream).getElementsByTagName("windowslivelogin");
            if (elementsByTagName.getLength() != 1) {
                fatal("Error: parseSettings: Failed to parse settings file: " + str);
            }
            NodeList childNodes = elementsByTagName.item(0).getChildNodes();
            HashMap hashMap = new HashMap();
            for (int i = 0; i < childNodes.getLength(); i++) {
                Node item = childNodes.item(i);
                if (item.getNodeType() == 1) {
                    hashMap.put(item.getNodeName(), item.getFirstChild().getNodeValue());
                }
            }
            return hashMap;
        } catch (Exception e) {
            fatal("Error: parseSettings: Unable to load settings from: " + str + ": " + e);
            return null;
        }
    }

    private byte[] derive(String str, String str2) {
        if (isVoid(str) || isVoid(str2)) {
            fatal("Error: derive: secret or prefix is null.");
        }
        try {
            return Arrays.copyOf(MessageDigest.getInstance("SHA-256").digest((String.valueOf(str2) + str).getBytes()), 16);
        } catch (Exception e) {
            fatal("Error: derive: Unable to derive key: " + e);
            return null;
        }
    }

    private static Map<String, String> parse(String str) {
        if (isVoid(str)) {
            debug("Error: parse: Null input.");
            return null;
        }
        HashMap hashMap = new HashMap();
        for (String str2 : str.split("&")) {
            String[] split = str2.split("=");
            if (split.length != 2) {
                debug("Error: parse: Bad input passed to parse: " + str);
                return null;
            }
            hashMap.put(split[0], split[1]);
        }
        return hashMap;
    }

    private static String getTimestamp() {
        return String.valueOf(new Date().getTime() / 1000);
    }

    private static String e64(byte[] bArr) {
        if (bArr == null) {
            return null;
        }
        return escape(Base64.encodeBytes(bArr));
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static byte[] u64(String str) {
        if (str == null) {
            return null;
        }
        return Base64.decode(unescape(str));
    }

    private String fetch(URL url) {
        StringBuilder sb = new StringBuilder();
        try {
            BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(url.openStream()));
            while (true) {
                String readLine = bufferedReader.readLine();
                if (readLine == null) {
                    bufferedReader.close();
                    return sb.toString();
                }
                sb.append(readLine);
            }
        } catch (Exception e) {
            debug("Error: fetch: Exception reading URL: " + e);
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static boolean isVoid(String str) {
        return str == null || str.length() == 0;
    }

    public static String escape(String str) {
        if (str == null) {
            return null;
        }
        try {
            return URLEncoder.encode(str, "UTF-8");
        } catch (Exception e) {
            debug("Error: escape: Unable to URL-encode string: " + e);
            return null;
        }
    }

    public static String unescape(String str) {
        if (str == null) {
            return null;
        }
        try {
            return URLDecoder.decode(str, "UTF-8");
        } catch (Exception e) {
            debug("Error: unescape: Unable to URL-decode string: " + e);
            return null;
        }
    }
}
