package org.forgerock.android.auth;

import android.net.Uri;
import android.util.Base64;
import apptentive.com.android.feedback.notifications.NotificationUtils;
import com.google.firebase.perf.network.FirebasePerfOkHttpClient;
import com.nuance.chat.constants.Constant;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.MalformedURLException;
import java.net.URL;
import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.Map;
import lombok.NonNull;
import okhttp3.Call;
import okhttp3.Callback;
import okhttp3.FormBody;
import okhttp3.OkHttpClient;
import okhttp3.Request;
import okhttp3.Response;

/* compiled from: OAuth2Client.java */
/* loaded from: classes3.dex */
public final class k1 {
    private static final String APPLICATION_X_WWW_FORM_URLENCODED = "application/x-www-form-urlencoded";
    private static final String CONTENT_TYPE = "Content-Type";
    private static final int STATE_LENGTH = 16;
    private static final String TAG = "OAuth2Client";
    private String clientId;
    private OkHttpClient okHttpClient;
    private String redirectUri;
    private String responseType = org.forgerock.android.auth.idp.a.CODE;
    private String scope;
    private r2 serverConfig;
    private static final h AUTHORIZE = new h(h.AUTHORIZE);
    private static final h EXCHANGE_TOKEN = new h(h.EXCHANGE_TOKEN);
    private static final h REFRESH_TOKEN = new h(h.REFRESH_TOKEN);
    private static final h REVOKE_TOKEN = new h(h.REVOKE_TOKEN);
    private static final h END_SESSION = new h(h.END_SESSION);

    /* compiled from: OAuth2Client.java */
    /* loaded from: classes3.dex */
    public class a implements Callback {
        final /* synthetic */ Map val$additionalParameters;
        final /* synthetic */ l1 val$handler;
        final /* synthetic */ n0 val$listener;
        final /* synthetic */ s1 val$pkce;
        final /* synthetic */ String val$state;
        final /* synthetic */ j2 val$token;

        /* compiled from: OAuth2Client.java */
        /* renamed from: org.forgerock.android.auth.k1$a$a, reason: collision with other inner class name */
        /* loaded from: classes3.dex */
        public class C0335a implements n0<String> {
            public C0335a() {
            }

            @Override // org.forgerock.android.auth.n0
            public void onException(Exception exc) {
                e1.debug(k1.TAG, "Failed to exchange for Authorization Code: %s", exc.getMessage());
                a.this.val$listener.onException(new org.forgerock.android.auth.exception.f("Failed to exchange authorization code with sso token", exc));
            }

            @Override // org.forgerock.android.auth.n0
            public void onSuccess(String str) {
                e1.debug(k1.TAG, "Authorization Code received.", new Object[0]);
                a aVar = a.this;
                k1.this.token(aVar.val$token, str, aVar.val$pkce, aVar.val$additionalParameters, aVar.val$handler, aVar.val$listener);
            }
        }

        public a(n0 n0Var, l1 l1Var, String str, j2 j2Var, s1 s1Var, Map map) {
            this.val$listener = n0Var;
            this.val$handler = l1Var;
            this.val$state = str;
            this.val$token = j2Var;
            this.val$pkce = s1Var;
            this.val$additionalParameters = map;
        }

        @Override // okhttp3.Callback
        public void onFailure(Call call, IOException iOException) {
            e1.debug(k1.TAG, "Failed to exchange for Authorization Code: %s", iOException.getMessage());
            this.val$listener.onException(iOException);
        }

        @Override // okhttp3.Callback
        public void onResponse(Call call, Response response) {
            this.val$handler.handleAuthorizeResponse(response, this.val$state, new C0335a());
        }
    }

    /* compiled from: OAuth2Client.java */
    /* loaded from: classes3.dex */
    public class b implements Callback {
        final /* synthetic */ l1 val$handler;
        final /* synthetic */ n0 val$listener;
        final /* synthetic */ String val$refreshToken;
        final /* synthetic */ j2 val$sessionToken;

        public b(n0 n0Var, l1 l1Var, j2 j2Var, String str) {
            this.val$listener = n0Var;
            this.val$handler = l1Var;
            this.val$sessionToken = j2Var;
            this.val$refreshToken = str;
        }

        @Override // okhttp3.Callback
        public void onFailure(Call call, IOException iOException) {
            this.val$listener.onException(iOException);
        }

        @Override // okhttp3.Callback
        public void onResponse(Call call, Response response) {
            this.val$handler.handleTokenResponse(this.val$sessionToken, response, this.val$refreshToken, this.val$listener);
        }
    }

    /* compiled from: OAuth2Client.java */
    /* loaded from: classes3.dex */
    public class c implements Callback {
        final /* synthetic */ l1 val$handler;
        final /* synthetic */ n0 val$listener;

        public c(n0 n0Var, l1 l1Var) {
            this.val$listener = n0Var;
            this.val$handler = l1Var;
        }

        @Override // okhttp3.Callback
        public void onFailure(Call call, IOException iOException) {
            c1.onException(this.val$listener, iOException);
        }

        @Override // okhttp3.Callback
        public void onResponse(Call call, Response response) {
            this.val$handler.handleRevokeResponse(response, this.val$listener);
        }
    }

    /* compiled from: OAuth2Client.java */
    /* loaded from: classes3.dex */
    public class d implements Callback {
        final /* synthetic */ l1 val$handler;
        final /* synthetic */ n0 val$listener;

        public d(n0 n0Var, l1 l1Var) {
            this.val$listener = n0Var;
            this.val$handler = l1Var;
        }

        @Override // okhttp3.Callback
        public void onFailure(Call call, IOException iOException) {
            e1.debug(k1.TAG, "Revoke session with id token failed: %s", iOException.getMessage());
            c1.onException(this.val$listener, iOException);
        }

        @Override // okhttp3.Callback
        public void onResponse(Call call, Response response) {
            this.val$handler.handleRevokeResponse(response, this.val$listener);
        }
    }

    /* compiled from: OAuth2Client.java */
    /* loaded from: classes3.dex */
    public class e implements Callback {
        final /* synthetic */ l1 val$handler;
        final /* synthetic */ n0 val$listener;
        final /* synthetic */ j2 val$sessionToken;

        public e(n0 n0Var, l1 l1Var, j2 j2Var) {
            this.val$listener = n0Var;
            this.val$handler = l1Var;
            this.val$sessionToken = j2Var;
        }

        @Override // okhttp3.Callback
        public void onFailure(Call call, IOException iOException) {
            e1.debug(k1.TAG, "Exchange Access Token with Authorization Code failed: %s", iOException.getMessage());
            this.val$listener.onException(iOException);
        }

        @Override // okhttp3.Callback
        public void onResponse(Call call, Response response) {
            this.val$handler.handleTokenResponse(this.val$sessionToken, response, null, this.val$listener);
        }
    }

    /* compiled from: OAuth2Client.java */
    /* loaded from: classes3.dex */
    public static class f {
        private String clientId;
        private String redirectUri;
        private String scope;
        private r2 serverConfig;

        public k1 build() {
            return new k1(this.clientId, this.scope, this.redirectUri, this.serverConfig);
        }

        public f clientId(@NonNull String str) {
            if (str == null) {
                throw new NullPointerException("clientId is marked non-null but is null");
            }
            this.clientId = str;
            return this;
        }

        public f redirectUri(@NonNull String str) {
            if (str == null) {
                throw new NullPointerException("redirectUri is marked non-null but is null");
            }
            this.redirectUri = str;
            return this;
        }

        public f scope(@NonNull String str) {
            if (str == null) {
                throw new NullPointerException("scope is marked non-null but is null");
            }
            this.scope = str;
            return this;
        }

        public f serverConfig(@NonNull r2 r2Var) {
            if (r2Var == null) {
                throw new NullPointerException("serverConfig is marked non-null but is null");
            }
            this.serverConfig = r2Var;
            return this;
        }

        public String toString() {
            return "OAuth2Client.OAuth2ClientBuilder(clientId=" + this.clientId + ", scope=" + this.scope + ", redirectUri=" + this.redirectUri + ", serverConfig=" + this.serverConfig + ")";
        }
    }

    public k1(@NonNull String str, @NonNull String str2, @NonNull String str3, @NonNull r2 r2Var) {
        if (str == null) {
            throw new NullPointerException("clientId is marked non-null but is null");
        }
        if (str2 == null) {
            throw new NullPointerException("scope is marked non-null but is null");
        }
        if (str3 == null) {
            throw new NullPointerException("redirectUri is marked non-null but is null");
        }
        if (r2Var == null) {
            throw new NullPointerException("serverConfig is marked non-null but is null");
        }
        this.clientId = str;
        this.scope = str2;
        this.redirectUri = str3;
        this.serverConfig = r2Var;
    }

    public static f builder() {
        return new f();
    }

    private s1 generateCodeChallenge() throws UnsupportedEncodingException {
        byte[] bArr = new byte[64];
        new SecureRandom().nextBytes(bArr);
        String encodeToString = Base64.encodeToString(bArr, 11);
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
            messageDigest.update(encodeToString.getBytes(StandardCharsets.ISO_8859_1));
            return new s1(Base64.encodeToString(messageDigest.digest(), 11), "S256", encodeToString);
        } catch (NoSuchAlgorithmException unused) {
            return new s1("plain", encodeToString, encodeToString);
        }
    }

    public static String generateState() {
        byte[] bArr = new byte[16];
        new SecureRandom().nextBytes(bArr);
        return Base64.encodeToString(bArr, 11);
    }

    private URL getAuthorizeUrl(c3 c3Var, s1 s1Var, String str, Map<String, String> map) throws MalformedURLException, UnsupportedEncodingException {
        Uri.Builder buildUpon = Uri.parse(getAuthorizeUrl().toString()).buildUpon();
        for (Map.Entry<String, String> entry : map.entrySet()) {
            buildUpon.appendQueryParameter(entry.getKey(), entry.getValue());
        }
        return new URL(buildUpon.appendQueryParameter("client_id", this.clientId).appendQueryParameter("scope", this.scope).appendQueryParameter("response_type", this.responseType).appendQueryParameter("redirect_uri", this.redirectUri).appendQueryParameter("code_challenge", s1Var.getCodeChallenge()).appendQueryParameter("code_challenge_method", s1Var.getCodeChallengeMethod()).appendQueryParameter(Constant.STATE_PROP, str).build().toString());
    }

    private OkHttpClient getOkHttpClient() {
        if (this.okHttpClient == null) {
            this.okHttpClient = q1.getInstance().lookup(this.serverConfig);
        }
        return this.okHttpClient;
    }

    public void endSession(@NonNull String str, n0<Void> n0Var) {
        if (str == null) {
            throw new NullPointerException("idToken is marked non-null but is null");
        }
        try {
            Request build = new Request.Builder().url(getEndSessionUrl(this.clientId, str)).get().tag(END_SESSION).build();
            l1 l1Var = new l1();
            e1.debug(TAG, "End session with id token", new Object[0]);
            FirebasePerfOkHttpClient.enqueue(getOkHttpClient().newCall(build), new d(n0Var, l1Var));
        } catch (MalformedURLException e10) {
            c1.onException(n0Var, e10);
        }
    }

    public void exchangeToken(@NonNull j2 j2Var, @NonNull Map<String, String> map, n0<org.forgerock.android.auth.b> n0Var) {
        if (j2Var == null) {
            throw new NullPointerException("token is marked non-null but is null");
        }
        if (map == null) {
            throw new NullPointerException("additionalParameters is marked non-null but is null");
        }
        e1.debug(TAG, "Exchanging Access Token with SSO Token.", new Object[0]);
        l1 l1Var = new l1();
        try {
            FormBody.Builder builder = new FormBody.Builder();
            String str = this.scope;
            if (str != null) {
                builder.add("scope", str);
            }
            s1 generateCodeChallenge = generateCodeChallenge();
            String generateState = generateState();
            e1.debug(TAG, "Exchanging Authorization Code with SSO Token.", new Object[0]);
            FirebasePerfOkHttpClient.enqueue(getOkHttpClient().newCall(new Request.Builder().url(getAuthorizeUrl(j2Var, generateCodeChallenge, generateState, map)).get().header(r2.ACCEPT_API_VERSION, r2.API_VERSION_2_1).header(this.serverConfig.getCookieName(), j2Var.getValue()).tag(AUTHORIZE).build()), new a(n0Var, l1Var, generateState, j2Var, generateCodeChallenge, map));
        } catch (IOException e10) {
            n0Var.onException(e10);
        }
    }

    public URL getAuthorizeUrl() throws MalformedURLException {
        Uri.Builder buildUpon = Uri.parse(this.serverConfig.getUrl()).buildUpon();
        if (a3.isNotEmpty(this.serverConfig.getAuthorizeEndpoint())) {
            buildUpon.appendEncodedPath(this.serverConfig.getAuthorizeEndpoint());
        } else {
            buildUpon.appendPath("oauth2").appendPath("realms").appendPath(this.serverConfig.getRealm()).appendPath("authorize");
        }
        return new URL(buildUpon.build().toString());
    }

    public String getClientId() {
        return this.clientId;
    }

    public URL getEndSessionUrl(String str, String str2) throws MalformedURLException {
        Uri.Builder buildUpon = Uri.parse(this.serverConfig.getUrl()).buildUpon();
        if (a3.isNotEmpty(this.serverConfig.getEndSessionEndpoint())) {
            buildUpon.appendEncodedPath(this.serverConfig.getEndSessionEndpoint());
        } else {
            buildUpon.appendPath("oauth2").appendPath("realms").appendPath(this.serverConfig.getRealm()).appendPath("connect").appendPath("endSession");
        }
        buildUpon.appendQueryParameter("id_token_hint", str2);
        buildUpon.appendQueryParameter("client_id", str);
        return new URL(buildUpon.build().toString());
    }

    public String getRedirectUri() {
        return this.redirectUri;
    }

    public String getResponseType() {
        return this.responseType;
    }

    public URL getRevokeUrl() throws MalformedURLException {
        Uri.Builder buildUpon = Uri.parse(this.serverConfig.getUrl()).buildUpon();
        if (a3.isNotEmpty(this.serverConfig.getRevokeEndpoint())) {
            buildUpon.appendEncodedPath(this.serverConfig.getRevokeEndpoint());
        } else {
            buildUpon.appendPath("oauth2").appendPath("realms").appendPath(this.serverConfig.getRealm()).appendPath(NotificationUtils.KEY_TOKEN).appendPath("revoke");
        }
        return new URL(buildUpon.build().toString());
    }

    public String getScope() {
        return this.scope;
    }

    public r2 getServerConfig() {
        return this.serverConfig;
    }

    public URL getTokenUrl() throws MalformedURLException {
        Uri.Builder buildUpon = Uri.parse(this.serverConfig.getUrl()).buildUpon();
        if (a3.isNotEmpty(this.serverConfig.getTokenEndpoint())) {
            buildUpon.appendEncodedPath(this.serverConfig.getTokenEndpoint());
        } else {
            buildUpon.appendPath("oauth2").appendPath("realms").appendPath(this.serverConfig.getRealm()).appendPath(org.forgerock.android.auth.idp.e.ACCESS_TOKEN);
        }
        return new URL(buildUpon.build().toString());
    }

    public void refresh(j2 j2Var, @NonNull String str, n0<org.forgerock.android.auth.b> n0Var) {
        if (str == null) {
            throw new NullPointerException("refreshToken is marked non-null but is null");
        }
        e1.debug(TAG, "Refreshing Access Token", new Object[0]);
        l1 l1Var = new l1();
        try {
            FormBody.Builder builder = new FormBody.Builder();
            String str2 = this.scope;
            if (str2 != null) {
                builder.add("scope", str2);
            }
            FirebasePerfOkHttpClient.enqueue(getOkHttpClient().newCall(new Request.Builder().url(getTokenUrl()).post(builder.add("client_id", this.clientId).add("grant_type", "refresh_token").add("response_type", this.responseType).add("refresh_token", str).build()).header("Content-Type", APPLICATION_X_WWW_FORM_URLENCODED).header(r2.ACCEPT_API_VERSION, r2.API_VERSION_2_1).tag(REFRESH_TOKEN).build()), new b(n0Var, l1Var, j2Var, str));
        } catch (IOException e10) {
            n0Var.onException(e10);
        }
    }

    public void revoke(@NonNull org.forgerock.android.auth.b bVar, n0<Void> n0Var) {
        if (bVar == null) {
            throw new NullPointerException("accessToken is marked non-null but is null");
        }
        e1.debug(TAG, "Revoking Access Token & Refresh Token", new Object[0]);
        l1 l1Var = new l1();
        try {
            FirebasePerfOkHttpClient.enqueue(getOkHttpClient().newCall(new Request.Builder().url(getRevokeUrl()).post(new FormBody.Builder().add("client_id", this.clientId).add(NotificationUtils.KEY_TOKEN, bVar.getRefreshToken() == null ? bVar.getValue() : bVar.getRefreshToken()).build()).header("Content-Type", APPLICATION_X_WWW_FORM_URLENCODED).header(r2.ACCEPT_API_VERSION, r2.API_VERSION_2_1).tag(REVOKE_TOKEN).build()), new c(n0Var, l1Var));
        } catch (IOException e10) {
            c1.onException(n0Var, e10);
        }
    }

    public void token(j2 j2Var, @NonNull String str, s1 s1Var, Map<String, String> map, l1 l1Var, n0<org.forgerock.android.auth.b> n0Var) {
        if (str == null) {
            throw new NullPointerException("code is marked non-null but is null");
        }
        e1.debug(TAG, "Exchange Access Token with Authorization Code", new Object[0]);
        try {
            FormBody.Builder builder = new FormBody.Builder();
            for (Map.Entry<String, String> entry : map.entrySet()) {
                builder.add(entry.getKey(), entry.getValue());
            }
            FirebasePerfOkHttpClient.enqueue(getOkHttpClient().newCall(new Request.Builder().url(getTokenUrl()).post(builder.add("client_id", this.clientId).add(org.forgerock.android.auth.idp.a.CODE, str).add("redirect_uri", this.redirectUri).add("grant_type", org.forgerock.android.auth.idp.e.AUTHORIZATION_CODE).add("code_verifier", s1Var.getCodeVerifier()).build()).header("Content-Type", APPLICATION_X_WWW_FORM_URLENCODED).header(r2.ACCEPT_API_VERSION, r2.API_VERSION_2_1).tag(EXCHANGE_TOKEN).build()), new e(n0Var, l1Var, j2Var));
        } catch (IOException e10) {
            n0Var.onException(e10);
        }
    }
}
