package org.lds.ldsaccount.oauth2;

import android.app.Application;
import android.content.Context;
import android.content.Intent;
import android.os.Build;
import com.google.android.exoplayer2.util.MimeTypes;
import com.google.android.gms.actions.SearchIntents;
import com.google.android.gms.common.Scopes;
import com.google.common.net.HttpHeaders;
import java.io.IOException;
import java.net.URI;
import java.net.UnknownHostException;
import java.nio.charset.Charset;
import java.util.Base64;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.concurrent.TimeUnit;
import javax.inject.Inject;
import javax.inject.Singleton;
import kotlin.Metadata;
import kotlin.NoWhenBranchMatchedException;
import kotlin.Unit;
import kotlin.collections.CollectionsKt;
import kotlin.jvm.functions.Function1;
import kotlin.jvm.internal.Intrinsics;
import kotlin.text.Charsets;
import kotlin.text.StringsKt;
import kotlin.text.Typography;
import kotlinx.serialization.json.Json;
import kotlinx.serialization.json.JsonBuilder;
import kotlinx.serialization.json.JsonKt;
import okhttp3.Dns;
import okhttp3.FormBody;
import okhttp3.HttpUrl;
import okhttp3.OkHttpClient;
import okhttp3.Request;
import okhttp3.Response;
import okhttp3.ResponseBody;
import okhttp3.logging.HttpLoggingInterceptor;
import org.lds.ldsaccount.AuthStatus;
import org.lds.ldsaccount.OauthRefreshResult;
import org.lds.ldsaccount.event.SignInResult;
import org.lds.ldsaccount.oauth2.dto.DtoTokenResponse;
import org.lds.ldsaccount.oauth2.dto.DtoUserInfo;
import org.lds.ldsaccount.prefs.OauthPrefs;
import org.lds.ldsaccount.ux.oauth2.web.BaseOauthWebSignInActivity;
import org.lds.ldsaccount.ux.oauth2.web.DefaultOauthWebSignInActivity;
import org.lds.mobile.io.LdsStandardCharset;
import org.lds.mobile.util.EncryptUtil;
import timber.log.Timber;

/* compiled from: OauthManager.kt */
@Singleton
@Metadata(bv = {1, 0, 3}, d1 = {"\u0000¨\u0001\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\u000e\n\u0002\b\u0005\n\u0002\u0010\u000b\n\u0002\b\f\n\u0002\u0010\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\b\n\u0002\b\b\n\u0002\u0010$\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0002\b\u0006\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0004\n\u0002\u0018\u0002\n\u0002\b\u0006\n\u0002\u0018\u0002\n\u0002\b\u0004\b\u0007\u0018\u0000 Z2\u00020\u0001:\u0003Z[\\B\u001f\b\u0017\u0012\u0006\u0010\u0002\u001a\u00020\u0003\u0012\u0006\u0010\u0004\u001a\u00020\u0005\u0012\u0006\u0010\u0006\u001a\u00020\u0007¢\u0006\u0002\u0010\bB\u0017\b\u0000\u0012\u0006\u0010\u0002\u001a\u00020\u0003\u0012\u0006\u0010\t\u001a\u00020\n¢\u0006\u0002\u0010\u000bJ\u0006\u0010\u001e\u001a\u00020\rJ\b\u0010\u001f\u001a\u00020 H\u0002J@\u0010!\u001a\u0004\u0018\u00010\"2\u0006\u0010#\u001a\u00020$2\u0010\b\u0002\u0010%\u001a\n\u0012\u0006\b\u0001\u0012\u00020'0&2\b\b\u0002\u0010(\u001a\u00020\u00132\b\b\u0003\u0010)\u001a\u00020*2\b\b\u0002\u0010+\u001a\u00020\u0013J\u0010\u0010,\u001a\u00020\r2\u0006\u0010-\u001a\u00020\rH\u0002J\u0006\u0010.\u001a\u00020\rJ\u000e\u0010/\u001a\u00020\r2\u0006\u00100\u001a\u00020\rJ\u0006\u00101\u001a\u00020\rJ\u001e\u00102\u001a\u000e\u0012\u0004\u0012\u00020\r\u0012\u0004\u0012\u00020\r032\b\u00104\u001a\u0004\u0018\u00010\rH\u0002J\b\u00105\u001a\u00020\rH\u0002J\u0006\u00106\u001a\u000207J\u0006\u00108\u001a\u00020\rJ\u0006\u00109\u001a\u00020\u0013J\u0012\u0010:\u001a\u0004\u0018\u00010;2\u0006\u0010<\u001a\u00020\rH\u0002J\u0010\u0010=\u001a\u00020>2\u0006\u0010?\u001a\u00020@H\u0002J\u0010\u0010A\u001a\u00020\r2\u0006\u0010B\u001a\u00020\rH\u0007J\b\u0010C\u001a\u00020DH\u0007J\u0014\u0010E\u001a\u0004\u0018\u00010\r2\b\u0010<\u001a\u0004\u0018\u00010\rH\u0002J\u0016\u0010F\u001a\u00020>2\u0006\u0010G\u001a\u00020\r2\u0006\u0010H\u001a\u00020\rJ\u0006\u0010I\u001a\u00020 J\u0010\u0010J\u001a\u00020K2\u0006\u0010L\u001a\u00020MH\u0002J\u0010\u0010N\u001a\u00020K2\u0006\u0010\f\u001a\u00020\rH\u0007J\u0010\u0010O\u001a\u00020K2\u0006\u0010\u0018\u001a\u00020\rH\u0002J\u0012\u0010P\u001a\u00020K2\b\u0010Q\u001a\u0004\u0018\u00010RH\u0002J\u0010\u0010S\u001a\u00020\r2\u0006\u0010T\u001a\u00020\rH\u0007J\u0012\u0010U\u001a\u00020\r2\b\u0010Q\u001a\u0004\u0018\u00010RH\u0002J\u0012\u0010V\u001a\u00020\u00132\b\u0010Q\u001a\u0004\u0018\u00010RH\u0002J\u0012\u0010W\u001a\u00020\r2\b\u0010Q\u001a\u0004\u0018\u00010RH\u0002J\f\u0010X\u001a\u00020Y*\u00020YH\u0002R\u0011\u0010\f\u001a\u00020\r8F¢\u0006\u0006\u001a\u0004\b\u000e\u0010\u000fR\u0011\u0010\u0010\u001a\u00020\r8F¢\u0006\u0006\u001a\u0004\b\u0011\u0010\u000fR\u001a\u0010\u0012\u001a\u00020\u0013X\u0086\u000e¢\u0006\u000e\n\u0000\u001a\u0004\b\u0014\u0010\u0015\"\u0004\b\u0016\u0010\u0017R\u0011\u0010\u0018\u001a\u00020\r8F¢\u0006\u0006\u001a\u0004\b\u0019\u0010\u000fR\u001a\u0010\u0002\u001a\u00020\u0003X\u0086\u000e¢\u0006\u000e\n\u0000\u001a\u0004\b\u001a\u0010\u001b\"\u0004\b\u001c\u0010\u001dR\u000e\u0010\t\u001a\u00020\nX\u0082\u0004¢\u0006\u0002\n\u0000¨\u0006]"}, d2 = {"Lorg/lds/ldsaccount/oauth2/OauthManager;", "", "oauthConfiguration", "Lorg/lds/ldsaccount/oauth2/OauthConfiguration;", MimeTypes.BASE_TYPE_APPLICATION, "Landroid/app/Application;", "encryptUtil", "Lorg/lds/mobile/util/EncryptUtil;", "(Lorg/lds/ldsaccount/oauth2/OauthConfiguration;Landroid/app/Application;Lorg/lds/mobile/util/EncryptUtil;)V", "oauthPrefs", "Lorg/lds/ldsaccount/oauth2/AbstractOauthPrefs;", "(Lorg/lds/ldsaccount/oauth2/OauthConfiguration;Lorg/lds/ldsaccount/oauth2/AbstractOauthPrefs;)V", "accessToken", "", "getAccessToken", "()Ljava/lang/String;", "clientToken", "getClientToken", "enableLogging", "", "getEnableLogging", "()Z", "setEnableLogging", "(Z)V", "idToken", "getIdToken", "getOauthConfiguration", "()Lorg/lds/ldsaccount/oauth2/OauthConfiguration;", "setOauthConfiguration", "(Lorg/lds/ldsaccount/oauth2/OauthConfiguration;)V", "authenticateClient", "clearTokens", "", "createSignInAuthorizationIntent", "Landroid/content/Intent;", "context", "Landroid/content/Context;", "activityClass", "Ljava/lang/Class;", "Lorg/lds/ldsaccount/ux/oauth2/web/BaseOauthWebSignInActivity;", "previousSignInFailed", "customSignInFailedMessage", "", "showBackArrow", "decodeJson", "encodedJson", "getAccountId", "getBearerHeader", "token", "getName", "getParams", "", SearchIntents.EXTRA_QUERY, "getRequestUri", "getSignInState", "Lorg/lds/ldsaccount/oauth2/SignInState;", "getToken", "isSignedIn", "parseUrl", "Lokhttp3/HttpUrl;", "url", "processesErrorResponse", "Lorg/lds/ldsaccount/event/SignInResult;", "response", "Lokhttp3/Response;", "redeemCode", "authorizationCode", "refreshTokens", "Lorg/lds/ldsaccount/OauthRefreshResult;", "removePort", "signIn", "username", "password", "signOut", "updateUserInfo", "Lorg/lds/ldsaccount/oauth2/OauthManager$UserInfoResult;", "dtoUserInfo", "Lorg/lds/ldsaccount/oauth2/dto/DtoUserInfo;", "updateUserInfoFromAccessToken", "updateUserInfoFromIdToken", "validateAndStoreTokenAndUserResponse", "dtoTokenResponse", "Lorg/lds/ldsaccount/oauth2/dto/DtoTokenResponse;", "validateAuthorizationUri", "uriString", "validateClientTokenResponse", "validateRefreshTokenResponse", "validateWebTokenResponse", "setOAuthTimeouts", "Lokhttp3/OkHttpClient$Builder;", "Companion", "GrantType", "UserInfoResult", "ldsaccount"}, k = 1, mv = {1, 4, 0})
/* loaded from: classes3.dex */
public final class OauthManager {
    public static final String AUTHORIZATION_HEADER = "Authorization";
    private static final String CLIENT_ID = "client_id";
    private static final String CLIENT_SECRET = "client_secret";
    private static final String CODE = "code";
    private static final String GRANT_TYPE = "grant_type";
    public static final int HTTP_NOT_AUTHENTICATED = 480;
    private static final String ISSUER = "iss";
    private static final Json JSON;
    private static final String PASSWORD = "password";
    private static final String REDIRECT_URI = "redirect_uri";
    private static final String REFRESH_TOKEN = "refresh_token";
    private static final String SCOPE = "scope";
    private static final String STATE = "state";
    private static final String USERNAME = "username";
    private static final HttpLoggingInterceptor loggingInterceptor;
    private boolean enableLogging;
    private OauthConfiguration oauthConfiguration;
    private final AbstractOauthPrefs oauthPrefs;

    /* compiled from: OauthManager.kt */
    @Metadata(bv = {1, 0, 3}, d1 = {"\u0000\u0012\n\u0002\u0018\u0002\n\u0002\u0010\u0010\n\u0000\n\u0002\u0010\u000e\n\u0002\b\b\b\u0086\u0001\u0018\u00002\b\u0012\u0004\u0012\u00020\u00000\u0001B\u000f\b\u0002\u0012\u0006\u0010\u0002\u001a\u00020\u0003¢\u0006\u0002\u0010\u0004R\u0011\u0010\u0002\u001a\u00020\u0003¢\u0006\b\n\u0000\u001a\u0004\b\u0005\u0010\u0006j\u0002\b\u0007j\u0002\b\bj\u0002\b\tj\u0002\b\n¨\u0006\u000b"}, d2 = {"Lorg/lds/ldsaccount/oauth2/OauthManager$GrantType;", "", "value", "", "(Ljava/lang/String;ILjava/lang/String;)V", "getValue", "()Ljava/lang/String;", "AUTHORIZATION_CODE", "REFRESH_TOKEN", "PASSWORD", "CLIENT_CREDENTIALS", "ldsaccount"}, k = 1, mv = {1, 4, 0})
    /* loaded from: classes3.dex */
    public enum GrantType {
        AUTHORIZATION_CODE("authorization_code"),
        REFRESH_TOKEN(OauthManager.REFRESH_TOKEN),
        PASSWORD("password"),
        CLIENT_CREDENTIALS("client_credentials");

        private final String value;

        GrantType(String str) {
            this.value = str;
        }

        public final String getValue() {
            return this.value;
        }
    }

    /* compiled from: OauthManager.kt */
    @Metadata(bv = {1, 0, 3}, d1 = {"\u0000\f\n\u0002\u0018\u0002\n\u0002\u0010\u0010\n\u0002\b\u0005\b\u0086\u0001\u0018\u00002\b\u0012\u0004\u0012\u00020\u00000\u0001B\u0007\b\u0002¢\u0006\u0002\u0010\u0002j\u0002\b\u0003j\u0002\b\u0004j\u0002\b\u0005¨\u0006\u0006"}, d2 = {"Lorg/lds/ldsaccount/oauth2/OauthManager$UserInfoResult;", "", "(Ljava/lang/String;I)V", "CURRENT_USER", "NEW_USER", "FAILED", "ldsaccount"}, k = 1, mv = {1, 4, 0})
    /* loaded from: classes3.dex */
    public enum UserInfoResult {
        CURRENT_USER,
        NEW_USER,
        FAILED
    }

    @Metadata(bv = {1, 0, 3}, k = 3, mv = {1, 4, 0})
    /* loaded from: classes3.dex */
    public final /* synthetic */ class WhenMappings {
        public static final /* synthetic */ int[] $EnumSwitchMapping$0;

        static {
            int[] iArr = new int[UserInfoResult.values().length];
            $EnumSwitchMapping$0 = iArr;
            iArr[UserInfoResult.CURRENT_USER.ordinal()] = 1;
            iArr[UserInfoResult.NEW_USER.ordinal()] = 2;
            iArr[UserInfoResult.FAILED.ordinal()] = 3;
        }
    }

    static {
        HttpLoggingInterceptor httpLoggingInterceptor = new HttpLoggingInterceptor(null, 1, null);
        httpLoggingInterceptor.level(HttpLoggingInterceptor.Level.BASIC);
        loggingInterceptor = httpLoggingInterceptor;
        JSON = JsonKt.Json$default(null, new Function1<JsonBuilder, Unit>() { // from class: org.lds.ldsaccount.oauth2.OauthManager$Companion$JSON$1
            @Override // kotlin.jvm.functions.Function1
            public /* bridge */ /* synthetic */ Unit invoke(JsonBuilder jsonBuilder) {
                invoke2(jsonBuilder);
                return Unit.INSTANCE;
            }

            /* renamed from: invoke, reason: avoid collision after fix types in other method */
            public final void invoke2(JsonBuilder receiver) {
                Intrinsics.checkNotNullParameter(receiver, "$receiver");
                receiver.setIgnoreUnknownKeys(true);
                receiver.setAllowSpecialFloatingPointValues(true);
                receiver.setUseArrayPolymorphism(true);
            }
        }, 1, null);
    }

    /* JADX WARN: 'this' call moved to the top of the method (can break code semantics) */
    @Inject
    public OauthManager(OauthConfiguration oauthConfiguration, Application application, EncryptUtil encryptUtil) {
        this(oauthConfiguration, new OauthPrefs(application, encryptUtil));
        Intrinsics.checkNotNullParameter(oauthConfiguration, "oauthConfiguration");
        Intrinsics.checkNotNullParameter(application, "application");
        Intrinsics.checkNotNullParameter(encryptUtil, "encryptUtil");
    }

    public OauthManager(OauthConfiguration oauthConfiguration, AbstractOauthPrefs oauthPrefs) {
        Intrinsics.checkNotNullParameter(oauthConfiguration, "oauthConfiguration");
        Intrinsics.checkNotNullParameter(oauthPrefs, "oauthPrefs");
        this.oauthConfiguration = oauthConfiguration;
        this.oauthPrefs = oauthPrefs;
        oauthPrefs.migrate();
    }

    private final void clearTokens() {
        String accountId = this.oauthPrefs.getAccountId();
        this.oauthPrefs.signOut();
        this.oauthPrefs.setAccountId(accountId);
    }

    public static /* synthetic */ Intent createSignInAuthorizationIntent$default(OauthManager oauthManager, Context context, Class cls, boolean z, int i, boolean z2, int i2, Object obj) {
        if ((i2 & 2) != 0) {
            cls = DefaultOauthWebSignInActivity.class;
        }
        return oauthManager.createSignInAuthorizationIntent(context, cls, (i2 & 4) != 0 ? false : z, (i2 & 8) != 0 ? 0 : i, (i2 & 16) != 0 ? false : z2);
    }

    private final String decodeJson(String encodedJson) {
        byte[] decodedBytes = Build.VERSION.SDK_INT >= 26 ? Base64.getDecoder().decode(encodedJson) : android.util.Base64.decode(encodedJson, 8);
        Intrinsics.checkNotNullExpressionValue(decodedBytes, "decodedBytes");
        return new String(decodedBytes, Charsets.UTF_8);
    }

    private final Map<String, String> getParams(String query) {
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        if (query != null) {
            Iterator it = StringsKt.split$default((CharSequence) query, new char[]{Typography.amp}, false, 0, 6, (Object) null).iterator();
            while (it.hasNext()) {
                List split$default = StringsKt.split$default((CharSequence) it.next(), new char[]{'='}, false, 2, 2, (Object) null);
                if (split$default.size() == 2) {
                    linkedHashMap.put(CollectionsKt.first(split$default), CollectionsKt.last(split$default));
                }
            }
        }
        return linkedHashMap;
    }

    private final String getRequestUri() {
        StringBuilder sb = new StringBuilder();
        sb.append(this.oauthConfiguration.getAuthorizationUrl());
        sb.append('?');
        sb.append("client_id=");
        sb.append(this.oauthConfiguration.getClientId());
        sb.append(Typography.amp);
        sb.append("redirect_uri=");
        sb.append(this.oauthConfiguration.getRedirectUri());
        sb.append(Typography.amp);
        sb.append("response_type=");
        sb.append(this.oauthConfiguration.getResponseType());
        sb.append(Typography.amp);
        sb.append("scope=");
        sb.append(this.oauthConfiguration.getScope());
        sb.append(Typography.amp);
        sb.append("state=");
        sb.append(this.oauthPrefs.genState());
        sb.append(Typography.amp);
        sb.append("nonce=");
        sb.append(this.oauthPrefs.genNonce());
        sb.append(Typography.amp);
        sb.append("embedded=true&");
        sb.append("lang=");
        Locale locale = Locale.getDefault();
        Intrinsics.checkNotNullExpressionValue(locale, "Locale.getDefault()");
        sb.append(locale.getISO3Language());
        return sb.toString();
    }

    private final HttpUrl parseUrl(String url) {
        HttpUrl parse = HttpUrl.INSTANCE.parse(url);
        if (parse == null) {
            Timber.e("Unable to parse url: " + url, new Object[0]);
        }
        return parse;
    }

    private final SignInResult processesErrorResponse(Response response) {
        try {
            ResponseBody body = response.body();
            String string = body != null ? body.string() : null;
            if (string != null && Intrinsics.areEqual(((DtoTokenResponse) JSON.decodeFromString(DtoTokenResponse.INSTANCE.serializer(), string)).getError(), "invalid_grant")) {
                return new SignInResult(AuthStatus.INVALID_CREDENTIALS, null);
            }
        } catch (Exception e) {
            Timber.e(e, "Failed to parse error response", new Object[0]);
        }
        return response.code() == 400 ? new SignInResult(AuthStatus.AUTH_SERVICE_UNAVAILABLE_BAD_REQUEST, null) : new SignInResult(AuthStatus.AUTH_SERVICE_UNAVAILABLE, null);
    }

    private final String removePort(String url) {
        if (url != null) {
            return StringsKt.replace$default(url, ":443", "", false, 4, (Object) null);
        }
        return null;
    }

    private final OkHttpClient.Builder setOAuthTimeouts(OkHttpClient.Builder builder) {
        builder.connectTimeout(3L, TimeUnit.MINUTES);
        builder.readTimeout(3L, TimeUnit.MINUTES);
        builder.writeTimeout(3L, TimeUnit.MINUTES);
        return builder;
    }

    private final UserInfoResult updateUserInfo(DtoUserInfo dtoUserInfo) {
        this.oauthPrefs.setName(dtoUserInfo.getName());
        String accountId = this.oauthPrefs.getAccountId();
        this.oauthPrefs.setAccountId(dtoUserInfo.getSub());
        return Intrinsics.areEqual(dtoUserInfo.getSub(), accountId) ? UserInfoResult.CURRENT_USER : UserInfoResult.NEW_USER;
    }

    private final UserInfoResult updateUserInfoFromIdToken(String idToken) {
        List split$default = StringsKt.split$default((CharSequence) idToken, new String[]{"."}, false, 0, 6, (Object) null);
        boolean z = true;
        String decodeJson = split$default.size() > 1 ? decodeJson((String) split$default.get(1)) : null;
        String str = decodeJson;
        if (str != null && !StringsKt.isBlank(str)) {
            z = false;
        }
        return !z ? updateUserInfo((DtoUserInfo) JSON.decodeFromString(DtoUserInfo.INSTANCE.serializer(), decodeJson)) : UserInfoResult.FAILED;
    }

    private final UserInfoResult validateAndStoreTokenAndUserResponse(DtoTokenResponse dtoTokenResponse) {
        if (dtoTokenResponse == null) {
            return UserInfoResult.FAILED;
        }
        if (!StringsKt.isBlank(dtoTokenResponse.getError())) {
            Timber.e("Error: " + dtoTokenResponse.getError() + ": " + dtoTokenResponse.getErrorDescription(), new Object[0]);
            return UserInfoResult.FAILED;
        }
        if (StringsKt.isBlank(dtoTokenResponse.getAccessToken())) {
            Timber.e("ERROR: Missing Access token", new Object[0]);
            return UserInfoResult.FAILED;
        }
        if (StringsKt.isBlank(dtoTokenResponse.getRefreshToken())) {
            Timber.e("ERROR: Missing Refresh token", new Object[0]);
            return UserInfoResult.FAILED;
        }
        if (this.oauthConfiguration.getRequireIdToken() && StringsKt.isBlank(dtoTokenResponse.getIdToken())) {
            Timber.e("ERROR: Missing id token", new Object[0]);
            return UserInfoResult.FAILED;
        }
        UserInfoResult updateUserInfoFromIdToken = this.oauthConfiguration.getRequireIdToken() ? updateUserInfoFromIdToken(dtoTokenResponse.getIdToken()) : updateUserInfoFromAccessToken(dtoTokenResponse.getAccessToken());
        if (updateUserInfoFromIdToken == UserInfoResult.FAILED) {
            Timber.e("ERROR: Failed to update user", new Object[0]);
            return UserInfoResult.FAILED;
        }
        this.oauthPrefs.setAccessToken(dtoTokenResponse.getAccessToken());
        this.oauthPrefs.setAccessTokenExpiration(dtoTokenResponse.getExpiresIn());
        this.oauthPrefs.setIdToken(dtoTokenResponse.getIdToken());
        this.oauthPrefs.setIdTokenExpiration(dtoTokenResponse.getExpiresIn());
        this.oauthPrefs.setRefreshToken(dtoTokenResponse.getRefreshToken());
        this.oauthPrefs.setRefreshTokenExpiration(this.oauthConfiguration.getRefreshTokenLifespanSeconds());
        this.oauthPrefs.setRefreshTokenMaxAge(this.oauthConfiguration.getRefreshTokenMaxAgeSeconds());
        return updateUserInfoFromIdToken;
    }

    private final String validateClientTokenResponse(DtoTokenResponse dtoTokenResponse) {
        if (dtoTokenResponse == null) {
            return "";
        }
        if (!(!StringsKt.isBlank(dtoTokenResponse.getError()))) {
            if (StringsKt.isBlank(dtoTokenResponse.getIdToken())) {
                Timber.e("ERROR: Missing id token", new Object[0]);
                return "";
            }
            this.oauthPrefs.setClientToken(dtoTokenResponse.getIdToken());
            this.oauthPrefs.setClientTokenExpiration(dtoTokenResponse.getExpiresIn());
            return dtoTokenResponse.getIdToken();
        }
        Timber.e("Error: " + dtoTokenResponse.getError() + ": " + dtoTokenResponse.getErrorDescription(), new Object[0]);
        return "";
    }

    private final boolean validateRefreshTokenResponse(DtoTokenResponse dtoTokenResponse) {
        if (dtoTokenResponse == null) {
            return false;
        }
        if (!StringsKt.isBlank(dtoTokenResponse.getError())) {
            Timber.e("Error: " + dtoTokenResponse.getError() + ": " + dtoTokenResponse.getErrorDescription(), new Object[0]);
            return false;
        }
        if (this.oauthConfiguration.getRequireIdToken() && StringsKt.isBlank(dtoTokenResponse.getIdToken())) {
            Timber.e("ERROR: Missing id token", new Object[0]);
            return false;
        }
        this.oauthPrefs.setAccessToken(dtoTokenResponse.getAccessToken());
        this.oauthPrefs.setAccessTokenExpiration(dtoTokenResponse.getExpiresIn());
        this.oauthPrefs.setIdToken(dtoTokenResponse.getIdToken());
        this.oauthPrefs.setIdTokenExpiration(dtoTokenResponse.getExpiresIn());
        this.oauthPrefs.setRefreshToken(dtoTokenResponse.getRefreshToken());
        this.oauthPrefs.setRefreshTokenExpiration(this.oauthConfiguration.getRefreshTokenLifespanSeconds());
        return true;
    }

    private final String validateWebTokenResponse(DtoTokenResponse dtoTokenResponse) {
        if (dtoTokenResponse == null) {
            return "";
        }
        if (!StringsKt.isBlank(dtoTokenResponse.getError())) {
            Timber.e("Error: " + dtoTokenResponse.getError() + ": " + dtoTokenResponse.getErrorDescription(), new Object[0]);
            return "";
        }
        if (!Intrinsics.areEqual(this.oauthPrefs.getNonce(), dtoTokenResponse.getNonce())) {
            Timber.e("Nonce Mismatch", new Object[0]);
            return "";
        }
        if (this.oauthConfiguration.getRequireIdToken() && StringsKt.isBlank(dtoTokenResponse.getIdToken())) {
            Timber.e("ERROR: Missing id token", new Object[0]);
            return "";
        }
        this.oauthPrefs.setAccessToken(dtoTokenResponse.getAccessToken());
        this.oauthPrefs.setAccessTokenExpiration(dtoTokenResponse.getExpiresIn());
        this.oauthPrefs.setIdToken(dtoTokenResponse.getIdToken());
        this.oauthPrefs.setIdTokenExpiration(dtoTokenResponse.getExpiresIn());
        this.oauthPrefs.setRefreshToken(dtoTokenResponse.getRefreshToken());
        this.oauthPrefs.setRefreshTokenExpiration(this.oauthConfiguration.getRefreshTokenLifespanSeconds());
        this.oauthPrefs.setRefreshTokenMaxAge(this.oauthConfiguration.getRefreshTokenMaxAgeSeconds());
        return this.oauthPrefs.getAccessToken();
    }

    /* JADX WARN: Multi-variable type inference failed */
    public final String authenticateClient() {
        String clientToken = getClientToken();
        int i = 1;
        if (!StringsKt.isBlank(clientToken)) {
            return clientToken;
        }
        HttpUrl parseUrl = parseUrl(this.oauthConfiguration.getTokenUrl());
        if (parseUrl != null) {
            String charset = LdsStandardCharset.getUTF_8().name();
            FormBody build = new FormBody.Builder(0 == true ? 1 : 0, i, 0 == true ? 1 : 0).add(CLIENT_ID, this.oauthConfiguration.getClientId()).add(CLIENT_SECRET, this.oauthConfiguration.getClientSecret()).add(GRANT_TYPE, GrantType.CLIENT_CREDENTIALS.getValue()).add(SCOPE, Scopes.OPEN_ID).build();
            Request.Builder url = new Request.Builder().url(parseUrl);
            Intrinsics.checkNotNullExpressionValue(charset, "charset");
            try {
                Response execute = setOAuthTimeouts(new OkHttpClient.Builder()).addInterceptor(loggingInterceptor).build().newCall(url.addHeader(HttpHeaders.ACCEPT_CHARSET, charset).addHeader("Content-Type", "application/x-www-form-urlencoded;charset=" + charset).post(build).build()).execute();
                if (execute.isSuccessful()) {
                    ResponseBody body = execute.body();
                    return validateClientTokenResponse(body != null ? (DtoTokenResponse) JSON.decodeFromString(DtoTokenResponse.INSTANCE.serializer(), body.string()) : null);
                }
                String str = "Failed to refresh tokens. Code " + execute.code() + ": " + execute.message();
                if (this.oauthConfiguration.getEnableVerboseLogging()) {
                    StringBuilder sb = new StringBuilder();
                    sb.append(str);
                    StringBuilder sb2 = new StringBuilder();
                    sb2.append(", Url: ");
                    sb2.append(parseUrl);
                    sb2.append("\n                        |Has Client ID: ");
                    sb2.append(!StringsKt.isBlank(this.oauthConfiguration.getClientId()));
                    sb2.append("\n                        |Has Client Secret: ");
                    sb2.append(!StringsKt.isBlank(this.oauthConfiguration.getClientSecret()));
                    sb2.append("\n                        |Current Time: ");
                    sb2.append(System.currentTimeMillis());
                    sb2.append("\n                        |Response Body: ");
                    ResponseBody body2 = execute.body();
                    sb2.append(body2 != null ? body2.string() : null);
                    sb.append(StringsKt.trimMargin$default(sb2.toString(), null, 1, null));
                    str = sb.toString();
                }
                Timber.e(str, new Object[0]);
            } catch (Exception e) {
                Timber.e(e, "Failed to refresh access code", new Object[0]);
            }
        }
        return "";
    }

    public final Intent createSignInAuthorizationIntent(Context context, Class<? extends BaseOauthWebSignInActivity> activityClass, boolean previousSignInFailed, int customSignInFailedMessage, boolean showBackArrow) {
        Intrinsics.checkNotNullParameter(context, "context");
        Intrinsics.checkNotNullParameter(activityClass, "activityClass");
        Intent intent = new Intent(context, activityClass);
        intent.putExtra(BaseOauthWebSignInActivity.EXTRA_URL, getRequestUri());
        intent.putExtra(BaseOauthWebSignInActivity.EXTRA_REDIRECT_SCHEME, this.oauthConfiguration.getRedirectScheme());
        intent.putExtra(BaseOauthWebSignInActivity.EXTRA_PREVIOUS_SIGN_IN_FAILED, previousSignInFailed);
        intent.putExtra(BaseOauthWebSignInActivity.EXTRA_CUSTOM_SIGN_IN_FAILED_MESSAGE, customSignInFailedMessage);
        intent.putExtra(BaseOauthWebSignInActivity.EXTRA_SHOW_BACK_ARROW, showBackArrow);
        return intent;
    }

    public final String getAccessToken() {
        return this.oauthPrefs.getAccessToken();
    }

    public final String getAccountId() {
        return this.oauthPrefs.getAccountId();
    }

    public final String getBearerHeader(String token) {
        Intrinsics.checkNotNullParameter(token, "token");
        return "Bearer " + token;
    }

    public final String getClientToken() {
        return this.oauthPrefs.getClientToken();
    }

    public final boolean getEnableLogging() {
        return this.enableLogging;
    }

    public final String getIdToken() {
        return this.oauthPrefs.getIdToken();
    }

    public final String getName() {
        return this.oauthPrefs.getName();
    }

    public final OauthConfiguration getOauthConfiguration() {
        return this.oauthConfiguration;
    }

    public final SignInState getSignInState() {
        return this.oauthPrefs.checkSignInState();
    }

    public final String getToken() {
        return this.oauthConfiguration.getRequireIdToken() ? getIdToken() : getAccessToken();
    }

    public final boolean isSignedIn() {
        return getSignInState() == SignInState.SIGNED_IN;
    }

    /* JADX WARN: Multi-variable type inference failed */
    public final synchronized String redeemCode(String authorizationCode) {
        Response execute;
        Intrinsics.checkNotNullParameter(authorizationCode, "authorizationCode");
        HttpUrl parseUrl = parseUrl(this.oauthConfiguration.getTokenUrl());
        if (parseUrl == null) {
            return "";
        }
        String charset = LdsStandardCharset.getUTF_8().name();
        FormBody build = new FormBody.Builder(0 == true ? 1 : 0, 1, 0 == true ? 1 : 0).add(CLIENT_ID, this.oauthConfiguration.getClientId()).add(CLIENT_SECRET, this.oauthConfiguration.getClientSecret()).add(REDIRECT_URI, this.oauthConfiguration.getRedirectUri()).add(GRANT_TYPE, GrantType.AUTHORIZATION_CODE.getValue()).add(CODE, authorizationCode).build();
        Request.Builder url = new Request.Builder().url(parseUrl);
        Intrinsics.checkNotNullExpressionValue(charset, "charset");
        Request build2 = url.addHeader(HttpHeaders.ACCEPT_CHARSET, charset).addHeader("Content-Type", "application/x-www-form-urlencoded;charset=" + charset).post(build).build();
        OkHttpClient.Builder oAuthTimeouts = setOAuthTimeouts(new OkHttpClient.Builder());
        if (this.enableLogging) {
            oAuthTimeouts.addInterceptor(loggingInterceptor);
        }
        try {
            execute = oAuthTimeouts.build().newCall(build2).execute();
        } catch (Exception e) {
            Timber.e(e, "Failed to redeem access code", new Object[0]);
        }
        if (execute.isSuccessful()) {
            ResponseBody body = execute.body();
            return validateWebTokenResponse(body != null ? (DtoTokenResponse) JSON.decodeFromString(DtoTokenResponse.INSTANCE.serializer(), body.string()) : null);
        }
        Timber.e("Failed to redeem access code " + execute.code() + ": " + execute.message(), new Object[0]);
        return "";
    }

    /* JADX WARN: Multi-variable type inference failed */
    public final synchronized OauthRefreshResult refreshTokens() {
        HttpUrl parseUrl = parseUrl(this.oauthConfiguration.getTokenUrl());
        if (parseUrl == null) {
            return new OauthRefreshResult.FAIL(false);
        }
        String refreshToken = this.oauthPrefs.getRefreshToken();
        int i = 1;
        if (StringsKt.isBlank(refreshToken)) {
            return new OauthRefreshResult.FAIL(true);
        }
        String charset = LdsStandardCharset.getUTF_8().name();
        FormBody build = new FormBody.Builder(0 == true ? 1 : 0, i, 0 == true ? 1 : 0).add(CLIENT_ID, this.oauthConfiguration.getClientId()).add(CLIENT_SECRET, this.oauthConfiguration.getClientSecret()).add(GRANT_TYPE, GrantType.REFRESH_TOKEN.getValue()).add(REFRESH_TOKEN, refreshToken).build();
        Request.Builder url = new Request.Builder().url(parseUrl);
        Intrinsics.checkNotNullExpressionValue(charset, "charset");
        try {
            try {
                Response execute = setOAuthTimeouts(new OkHttpClient.Builder()).addInterceptor(loggingInterceptor).build().newCall(url.addHeader(HttpHeaders.ACCEPT_CHARSET, charset).addHeader("Content-Type", "application/x-www-form-urlencoded;charset=" + charset).post(build).build()).execute();
                if (execute.isSuccessful()) {
                    ResponseBody body = execute.body();
                    DtoTokenResponse dtoTokenResponse = body != null ? (DtoTokenResponse) JSON.decodeFromString(DtoTokenResponse.INSTANCE.serializer(), body.string()) : null;
                    Timber.d("Token Refresh Success " + System.currentTimeMillis() + " | " + refreshToken, new Object[0]);
                    return validateRefreshTokenResponse(dtoTokenResponse) ? OauthRefreshResult.SUCCESS.INSTANCE : new OauthRefreshResult.FAIL(true);
                }
                String str = "Failed to refresh tokens. Code " + execute.code() + ": " + execute.message();
                if (this.oauthConfiguration.getEnableVerboseLogging()) {
                    StringBuilder sb = new StringBuilder();
                    sb.append(str);
                    StringBuilder sb2 = new StringBuilder();
                    sb2.append(", Url: ");
                    sb2.append(parseUrl);
                    sb2.append("\n                        |Has Client ID: ");
                    sb2.append(!StringsKt.isBlank(this.oauthConfiguration.getClientId()));
                    sb2.append("\n                        |Has Client Secret: ");
                    sb2.append(!StringsKt.isBlank(this.oauthConfiguration.getClientSecret()));
                    sb2.append("\n                        |Refresh Token: ");
                    sb2.append(refreshToken);
                    sb2.append(",\n                        |Current Time: ");
                    sb2.append(System.currentTimeMillis());
                    sb2.append("\n                        |Access Token is Valid? ");
                    sb2.append(this.oauthPrefs.isAccessTokenValid());
                    sb2.append("\n                        |Response Body: ");
                    ResponseBody body2 = execute.body();
                    sb2.append(body2 != null ? body2.string() : null);
                    sb.append(StringsKt.trimMargin$default(sb2.toString(), null, 1, null));
                    str = sb.toString();
                }
                Timber.e(str, new Object[0]);
                clearTokens();
                return new OauthRefreshResult.FAIL(true);
            } catch (Exception e) {
                Timber.e(e, "Failed to refresh tokens. Re-auth needed", new Object[0]);
                return new OauthRefreshResult.FAIL(true);
            }
        } catch (UnknownHostException e2) {
            Timber.e(e2, "Failed to refresh tokens. Re-auth not needed", new Object[0]);
            return new OauthRefreshResult.FAIL(false);
        } catch (IOException e3) {
            if (Intrinsics.areEqual(e3.getClass().getCanonicalName(), Dns.class.getCanonicalName())) {
                Timber.e(e3, "Failed to refresh tokens. Re-auth not needed", new Object[0]);
                return new OauthRefreshResult.FAIL(false);
            }
            Timber.e(e3, "Failed to refresh tokens. Re-auth needed", new Object[0]);
            return new OauthRefreshResult.FAIL(true);
        }
    }

    public final void setEnableLogging(boolean z) {
        this.enableLogging = z;
    }

    public final void setOauthConfiguration(OauthConfiguration oauthConfiguration) {
        Intrinsics.checkNotNullParameter(oauthConfiguration, "<set-?>");
        this.oauthConfiguration = oauthConfiguration;
    }

    /* JADX WARN: Multi-variable type inference failed */
    public final SignInResult signIn(String username, String password) {
        Intrinsics.checkNotNullParameter(username, "username");
        Intrinsics.checkNotNullParameter(password, "password");
        HttpUrl parseUrl = parseUrl(this.oauthConfiguration.getTokenUrl());
        Charset charset = null;
        Object[] objArr = 0;
        if (parseUrl == null) {
            return new SignInResult(AuthStatus.UNKNOWN_FAILURE, null, 2, null);
        }
        String charset2 = LdsStandardCharset.getUTF_8().name();
        FormBody build = new FormBody.Builder(charset, 1, objArr == true ? 1 : 0).add(CLIENT_ID, this.oauthConfiguration.getClientId()).add(CLIENT_SECRET, this.oauthConfiguration.getClientSecret()).add("username", username).add("password", password).add(GRANT_TYPE, GrantType.PASSWORD.getValue()).add(SCOPE, this.oauthConfiguration.getScope()).build();
        Request.Builder url = new Request.Builder().url(parseUrl);
        Intrinsics.checkNotNullExpressionValue(charset2, "charset");
        Request build2 = url.addHeader(HttpHeaders.ACCEPT_CHARSET, charset2).addHeader("Content-Type", "application/x-www-form-urlencoded;charset=" + charset2).post(build).build();
        OkHttpClient.Builder oAuthTimeouts = setOAuthTimeouts(new OkHttpClient.Builder());
        if (this.enableLogging) {
            oAuthTimeouts.addInterceptor(loggingInterceptor);
        }
        try {
            Response execute = oAuthTimeouts.build().newCall(build2).execute();
            if (!execute.isSuccessful()) {
                Timber.e("Failed to redeem access code " + execute.code() + ": " + execute.message(), new Object[0]);
                return processesErrorResponse(execute);
            }
            ResponseBody body = execute.body();
            String string = body != null ? body.string() : null;
            UserInfoResult validateAndStoreTokenAndUserResponse = validateAndStoreTokenAndUserResponse(string != null ? (DtoTokenResponse) JSON.decodeFromString(DtoTokenResponse.INSTANCE.serializer(), string) : null);
            int i = WhenMappings.$EnumSwitchMapping$0[validateAndStoreTokenAndUserResponse.ordinal()];
            if (i != 1 && i != 2) {
                if (i == 3) {
                    return new SignInResult(AuthStatus.UNKNOWN_FAILURE, validateAndStoreTokenAndUserResponse);
                }
                throw new NoWhenBranchMatchedException();
            }
            return new SignInResult(AuthStatus.SUCCESS, validateAndStoreTokenAndUserResponse);
        } catch (Exception e) {
            Timber.e(e, "Failed to redeem access code", new Object[0]);
            return new SignInResult(AuthStatus.AUTH_SERVICE_UNAVAILABLE, null);
        }
    }

    public final void signOut() {
        Timber.d("oauth Sign out requested", new Object[0]);
        this.oauthPrefs.signOut();
    }

    public final UserInfoResult updateUserInfoFromAccessToken(String accessToken) {
        DtoUserInfo dtoUserInfo;
        Intrinsics.checkNotNullParameter(accessToken, "accessToken");
        HttpUrl parseUrl = parseUrl(this.oauthConfiguration.getUserInfoUrl());
        if (parseUrl == null) {
            return UserInfoResult.FAILED;
        }
        if (StringsKt.isBlank(accessToken)) {
            Timber.e("Access token is missing or expired", new Object[0]);
            return UserInfoResult.FAILED;
        }
        String charset = LdsStandardCharset.getUTF_8().name();
        Request.Builder url = new Request.Builder().url(parseUrl);
        Intrinsics.checkNotNullExpressionValue(charset, "charset");
        try {
            Response execute = setOAuthTimeouts(new OkHttpClient.Builder()).addInterceptor(loggingInterceptor).build().newCall(url.addHeader(HttpHeaders.ACCEPT_CHARSET, charset).addHeader("Content-Type", "application/x-www-form-urlencoded;charset=" + charset).addHeader("Authorization", getBearerHeader(accessToken)).build()).execute();
            if (execute.isSuccessful()) {
                ResponseBody body = execute.body();
                return (body == null || (dtoUserInfo = (DtoUserInfo) JSON.decodeFromString(DtoUserInfo.INSTANCE.serializer(), body.string())) == null) ? UserInfoResult.FAILED : updateUserInfo(dtoUserInfo);
            }
        } catch (IOException e) {
            Timber.e(e, "Failed to get userInfo", new Object[0]);
        }
        return UserInfoResult.FAILED;
    }

    public final String validateAuthorizationUri(String uriString) {
        Intrinsics.checkNotNullParameter(uriString, "uriString");
        URI uri = new URI(uriString);
        if (!Intrinsics.areEqual(uri.getScheme(), this.oauthConfiguration.getRedirectScheme())) {
            Timber.e("Scheme Mismatch: " + uri.getScheme(), new Object[0]);
            return "";
        }
        if (!Intrinsics.areEqual(uri.getHost(), this.oauthConfiguration.getRedirectHost())) {
            Timber.e("Host Mismatch: " + uri.getHost(), new Object[0]);
            return "";
        }
        Map<String, String> params = getParams(uri.getQuery());
        if (!Intrinsics.areEqual(params.get("state"), this.oauthPrefs.getState())) {
            Timber.e("State mismatch " + params.get("state"), new Object[0]);
            return "";
        }
        if (!(!Intrinsics.areEqual(removePort(params.get(ISSUER)), removePort(this.oauthConfiguration.getIssuer())))) {
            String str = params.get(CODE);
            return str != null ? str : "";
        }
        Timber.e("Issuer mismatch " + params.get(ISSUER), new Object[0]);
        return "";
    }
}
