package org.forgerock.android.auth;

import android.net.Uri;
import android.util.Base64;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.MalformedURLException;
import java.net.URL;
import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.Map;
import net.openid.appauth.AuthorizationRequest;
import net.openid.appauth.GrantTypeValues;
import net.openid.appauth.ResponseTypeValues;
import okhttp3.Call;
import okhttp3.Callback;
import okhttp3.FormBody;
import okhttp3.OkHttpClient;
import okhttp3.Request;
import okhttp3.Response;
import org.forgerock.android.auth.exception.AuthorizeException;
import org.forgerock.android.auth.idp.IdPHandler;

/* loaded from: classes2.dex */
public class OAuth2Client {
    private static final String APPLICATION_X_WWW_FORM_URLENCODED = "application/x-www-form-urlencoded";
    private static final String CONTENT_TYPE = "Content-Type";
    private static final int STATE_LENGTH = 16;
    private static final String TAG = "OAuth2Client";
    private String clientId;
    private OkHttpClient okHttpClient;
    private String redirectUri;
    private String responseType = "code";
    private String scope;
    private ServerConfig serverConfig;
    private static final Action AUTHORIZE = new Action(Action.AUTHORIZE);
    private static final Action EXCHANGE_TOKEN = new Action(Action.EXCHANGE_TOKEN);
    private static final Action REFRESH_TOKEN = new Action(Action.REFRESH_TOKEN);
    private static final Action REVOKE_TOKEN = new Action(Action.REVOKE_TOKEN);
    private static final Action END_SESSION = new Action(Action.END_SESSION);

    /* loaded from: classes2.dex */
    public static class OAuth2ClientBuilder {
        private String clientId;
        private String redirectUri;
        private String scope;
        private ServerConfig serverConfig;

        OAuth2ClientBuilder() {
        }

        public OAuth2Client build() {
            return new OAuth2Client(this.clientId, this.scope, this.redirectUri, this.serverConfig);
        }

        public OAuth2ClientBuilder clientId(String str) {
            if (str == null) {
                throw new NullPointerException("clientId is marked non-null but is null");
            }
            this.clientId = str;
            return this;
        }

        public OAuth2ClientBuilder redirectUri(String str) {
            if (str == null) {
                throw new NullPointerException("redirectUri is marked non-null but is null");
            }
            this.redirectUri = str;
            return this;
        }

        public OAuth2ClientBuilder scope(String str) {
            if (str == null) {
                throw new NullPointerException("scope is marked non-null but is null");
            }
            this.scope = str;
            return this;
        }

        public OAuth2ClientBuilder serverConfig(ServerConfig serverConfig) {
            if (serverConfig == null) {
                throw new NullPointerException("serverConfig is marked non-null but is null");
            }
            this.serverConfig = serverConfig;
            return this;
        }

        public String toString() {
            return "OAuth2Client.OAuth2ClientBuilder(clientId=" + this.clientId + ", scope=" + this.scope + ", redirectUri=" + this.redirectUri + ", serverConfig=" + this.serverConfig + ")";
        }
    }

    public OAuth2Client(String str, String str2, String str3, ServerConfig serverConfig) {
        if (str == null) {
            throw new NullPointerException("clientId is marked non-null but is null");
        }
        if (str2 == null) {
            throw new NullPointerException("scope is marked non-null but is null");
        }
        if (str3 == null) {
            throw new NullPointerException("redirectUri is marked non-null but is null");
        }
        if (serverConfig == null) {
            throw new NullPointerException("serverConfig is marked non-null but is null");
        }
        this.clientId = str;
        this.scope = str2;
        this.redirectUri = str3;
        this.serverConfig = serverConfig;
    }

    public static OAuth2ClientBuilder builder() {
        return new OAuth2ClientBuilder();
    }

    private PKCE generateCodeChallenge() throws UnsupportedEncodingException {
        byte[] bArr = new byte[64];
        new SecureRandom().nextBytes(bArr);
        String encodeToString = Base64.encodeToString(bArr, 11);
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
            messageDigest.update(encodeToString.getBytes(StandardCharsets.ISO_8859_1));
            return new PKCE(Base64.encodeToString(messageDigest.digest(), 11), AuthorizationRequest.CODE_CHALLENGE_METHOD_S256, encodeToString);
        } catch (NoSuchAlgorithmException unused) {
            return new PKCE(AuthorizationRequest.CODE_CHALLENGE_METHOD_PLAIN, encodeToString, encodeToString);
        }
    }

    static String generateState() {
        byte[] bArr = new byte[16];
        new SecureRandom().nextBytes(bArr);
        return Base64.encodeToString(bArr, 11);
    }

    private URL getAuthorizeUrl(Token token, PKCE pkce, String str, Map<String, String> map) throws MalformedURLException, UnsupportedEncodingException {
        Uri.Builder buildUpon = Uri.parse(getAuthorizeUrl().toString()).buildUpon();
        for (Map.Entry<String, String> entry : map.entrySet()) {
            buildUpon.appendQueryParameter(entry.getKey(), entry.getValue());
        }
        return new URL(buildUpon.appendQueryParameter("client_id", this.clientId).appendQueryParameter("scope", this.scope).appendQueryParameter(OAuth2.RESPONSE_TYPE, this.responseType).appendQueryParameter(OAuth2.REDIRECT_URI, this.redirectUri).appendQueryParameter(OAuth2.CODE_CHALLENGE, pkce.getCodeChallenge()).appendQueryParameter(OAuth2.CODE_CHALLENGE_METHOD, pkce.getCodeChallengeMethod()).appendQueryParameter(OAuth2.STATE, str).build().toString());
    }

    private OkHttpClient getOkHttpClient() {
        if (this.okHttpClient == null) {
            this.okHttpClient = OkHttpClientProvider.getInstance().lookup(this.serverConfig);
        }
        return this.okHttpClient;
    }

    public void endSession(String str, final FRListener<Void> fRListener) {
        if (str == null) {
            throw new NullPointerException("idToken is marked non-null but is null");
        }
        try {
            okhttp3.Request build = new Request.Builder().url(getEndSessionUrl(this.clientId, str)).get().tag(END_SESSION).build();
            final OAuth2ResponseHandler oAuth2ResponseHandler = new OAuth2ResponseHandler();
            Logger.debug(TAG, "End session with id token", new Object[0]);
            getOkHttpClient().newCall(build).enqueue(new Callback() { // from class: org.forgerock.android.auth.OAuth2Client.4
                @Override // okhttp3.Callback
                public void onFailure(Call call, IOException iOException) {
                    Logger.debug(OAuth2Client.TAG, "Revoke session with id token failed: %s", iOException.getMessage());
                    Listener.onException(fRListener, iOException);
                }

                @Override // okhttp3.Callback
                public void onResponse(Call call, Response response) {
                    oAuth2ResponseHandler.handleRevokeResponse(response, fRListener);
                }
            });
        } catch (MalformedURLException e) {
            Listener.onException(fRListener, e);
        }
    }

    public void exchangeToken(final SSOToken sSOToken, final Map<String, String> map, final FRListener<AccessToken> fRListener) {
        if (sSOToken == null) {
            throw new NullPointerException("token is marked non-null but is null");
        }
        if (map == null) {
            throw new NullPointerException("additionalParameters is marked non-null but is null");
        }
        Logger.debug(TAG, "Exchanging Access Token with SSO Token.", new Object[0]);
        final OAuth2ResponseHandler oAuth2ResponseHandler = new OAuth2ResponseHandler();
        try {
            FormBody.Builder builder = new FormBody.Builder();
            String str = this.scope;
            if (str != null) {
                builder.add("scope", str);
            }
            final PKCE generateCodeChallenge = generateCodeChallenge();
            final String generateState = generateState();
            Logger.debug(TAG, "Exchanging Authorization Code with SSO Token.", new Object[0]);
            getOkHttpClient().newCall(new Request.Builder().url(getAuthorizeUrl(sSOToken, generateCodeChallenge, generateState, map)).get().header(ServerConfig.ACCEPT_API_VERSION, ServerConfig.API_VERSION_2_1).header(this.serverConfig.getCookieName(), sSOToken.getValue()).tag(AUTHORIZE).build()).enqueue(new Callback() { // from class: org.forgerock.android.auth.OAuth2Client.1
                @Override // okhttp3.Callback
                public void onFailure(Call call, IOException iOException) {
                    Logger.debug(OAuth2Client.TAG, "Failed to exchange for Authorization Code: %s", iOException.getMessage());
                    fRListener.onException(iOException);
                }

                @Override // okhttp3.Callback
                public void onResponse(Call call, Response response) {
                    oAuth2ResponseHandler.handleAuthorizeResponse(response, generateState, new FRListener<String>() { // from class: org.forgerock.android.auth.OAuth2Client.1.1
                        @Override // org.forgerock.android.auth.FRListener
                        public void onException(Exception exc) {
                            Logger.debug(OAuth2Client.TAG, "Failed to exchange for Authorization Code: %s", exc.getMessage());
                            fRListener.onException(new AuthorizeException("Failed to exchange authorization code with sso token", exc));
                        }

                        @Override // org.forgerock.android.auth.FRListener
                        public void onSuccess(String str2) {
                            Logger.debug(OAuth2Client.TAG, "Authorization Code received.", new Object[0]);
                            OAuth2Client.this.token(sSOToken, str2, generateCodeChallenge, map, oAuth2ResponseHandler, fRListener);
                        }
                    });
                }
            });
        } catch (IOException e) {
            fRListener.onException(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public URL getAuthorizeUrl() throws MalformedURLException {
        Uri.Builder buildUpon = Uri.parse(this.serverConfig.getUrl()).buildUpon();
        if (StringUtils.isNotEmpty(this.serverConfig.getAuthorizeEndpoint())) {
            buildUpon.appendEncodedPath(this.serverConfig.getAuthorizeEndpoint());
        } else {
            buildUpon.appendPath("oauth2").appendPath("realms").appendPath(this.serverConfig.getRealm()).appendPath("authorize");
        }
        return new URL(buildUpon.build().toString());
    }

    public String getClientId() {
        return this.clientId;
    }

    URL getEndSessionUrl(String str, String str2) throws MalformedURLException {
        Uri.Builder buildUpon = Uri.parse(this.serverConfig.getUrl()).buildUpon();
        if (StringUtils.isNotEmpty(this.serverConfig.getEndSessionEndpoint())) {
            buildUpon.appendEncodedPath(this.serverConfig.getEndSessionEndpoint());
        } else {
            buildUpon.appendPath("oauth2").appendPath("realms").appendPath(this.serverConfig.getRealm()).appendPath("connect").appendPath("endSession");
        }
        buildUpon.appendQueryParameter("id_token_hint", str2);
        buildUpon.appendQueryParameter("client_id", str);
        return new URL(buildUpon.build().toString());
    }

    public String getRedirectUri() {
        return this.redirectUri;
    }

    public String getResponseType() {
        return this.responseType;
    }

    URL getRevokeUrl() throws MalformedURLException {
        Uri.Builder buildUpon = Uri.parse(this.serverConfig.getUrl()).buildUpon();
        if (StringUtils.isNotEmpty(this.serverConfig.getRevokeEndpoint())) {
            buildUpon.appendEncodedPath(this.serverConfig.getRevokeEndpoint());
        } else {
            buildUpon.appendPath("oauth2").appendPath("realms").appendPath(this.serverConfig.getRealm()).appendPath(ResponseTypeValues.TOKEN).appendPath("revoke");
        }
        return new URL(buildUpon.build().toString());
    }

    public String getScope() {
        return this.scope;
    }

    public ServerConfig getServerConfig() {
        return this.serverConfig;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public URL getTokenUrl() throws MalformedURLException {
        Uri.Builder buildUpon = Uri.parse(this.serverConfig.getUrl()).buildUpon();
        if (StringUtils.isNotEmpty(this.serverConfig.getTokenEndpoint())) {
            buildUpon.appendEncodedPath(this.serverConfig.getTokenEndpoint());
        } else {
            buildUpon.appendPath("oauth2").appendPath("realms").appendPath(this.serverConfig.getRealm()).appendPath(IdPHandler.ACCESS_TOKEN);
        }
        return new URL(buildUpon.build().toString());
    }

    public void refresh(final SSOToken sSOToken, final String str, final FRListener<AccessToken> fRListener) {
        if (str == null) {
            throw new NullPointerException("refreshToken is marked non-null but is null");
        }
        Logger.debug(TAG, "Refreshing Access Token", new Object[0]);
        final OAuth2ResponseHandler oAuth2ResponseHandler = new OAuth2ResponseHandler();
        try {
            FormBody.Builder builder = new FormBody.Builder();
            String str2 = this.scope;
            if (str2 != null) {
                builder.add("scope", str2);
            }
            getOkHttpClient().newCall(new Request.Builder().url(getTokenUrl()).post(builder.add("client_id", this.clientId).add(OAuth2.GRANT_TYPE, GrantTypeValues.REFRESH_TOKEN).add(OAuth2.RESPONSE_TYPE, this.responseType).add(GrantTypeValues.REFRESH_TOKEN, str).build()).header(CONTENT_TYPE, "application/x-www-form-urlencoded").header(ServerConfig.ACCEPT_API_VERSION, ServerConfig.API_VERSION_2_1).tag(REFRESH_TOKEN).build()).enqueue(new Callback() { // from class: org.forgerock.android.auth.OAuth2Client.2
                @Override // okhttp3.Callback
                public void onFailure(Call call, IOException iOException) {
                    fRListener.onException(iOException);
                }

                @Override // okhttp3.Callback
                public void onResponse(Call call, Response response) {
                    oAuth2ResponseHandler.handleTokenResponse(sSOToken, response, str, fRListener);
                }
            });
        } catch (IOException e) {
            fRListener.onException(e);
        }
    }

    public void revoke(AccessToken accessToken, final FRListener<Void> fRListener) {
        if (accessToken == null) {
            throw new NullPointerException("accessToken is marked non-null but is null");
        }
        Logger.debug(TAG, "Revoking Access Token & Refresh Token", new Object[0]);
        final OAuth2ResponseHandler oAuth2ResponseHandler = new OAuth2ResponseHandler();
        try {
            getOkHttpClient().newCall(new Request.Builder().url(getRevokeUrl()).post(new FormBody.Builder().add("client_id", this.clientId).add(ResponseTypeValues.TOKEN, accessToken.getRefreshToken() == null ? accessToken.getValue() : accessToken.getRefreshToken()).build()).header(CONTENT_TYPE, "application/x-www-form-urlencoded").header(ServerConfig.ACCEPT_API_VERSION, ServerConfig.API_VERSION_2_1).tag(REVOKE_TOKEN).build()).enqueue(new Callback() { // from class: org.forgerock.android.auth.OAuth2Client.3
                @Override // okhttp3.Callback
                public void onFailure(Call call, IOException iOException) {
                    Listener.onException(fRListener, iOException);
                }

                @Override // okhttp3.Callback
                public void onResponse(Call call, Response response) {
                    oAuth2ResponseHandler.handleRevokeResponse(response, fRListener);
                }
            });
        } catch (IOException e) {
            Listener.onException(fRListener, e);
        }
    }

    public void token(final SSOToken sSOToken, String str, PKCE pkce, Map<String, String> map, final OAuth2ResponseHandler oAuth2ResponseHandler, final FRListener<AccessToken> fRListener) {
        if (str == null) {
            throw new NullPointerException("code is marked non-null but is null");
        }
        Logger.debug(TAG, "Exchange Access Token with Authorization Code", new Object[0]);
        try {
            FormBody.Builder builder = new FormBody.Builder();
            for (Map.Entry<String, String> entry : map.entrySet()) {
                builder.add(entry.getKey(), entry.getValue());
            }
            getOkHttpClient().newCall(new Request.Builder().url(getTokenUrl()).post(builder.add("client_id", this.clientId).add("code", str).add(OAuth2.REDIRECT_URI, this.redirectUri).add(OAuth2.GRANT_TYPE, "authorization_code").add(OAuth2.CODE_VERIFIER, pkce.getCodeVerifier()).build()).header(CONTENT_TYPE, "application/x-www-form-urlencoded").header(ServerConfig.ACCEPT_API_VERSION, ServerConfig.API_VERSION_2_1).tag(EXCHANGE_TOKEN).build()).enqueue(new Callback() { // from class: org.forgerock.android.auth.OAuth2Client.5
                @Override // okhttp3.Callback
                public void onFailure(Call call, IOException iOException) {
                    Logger.debug(OAuth2Client.TAG, "Exchange Access Token with Authorization Code failed: %s", iOException.getMessage());
                    fRListener.onException(iOException);
                }

                @Override // okhttp3.Callback
                public void onResponse(Call call, Response response) {
                    oAuth2ResponseHandler.handleTokenResponse(sSOToken, response, null, fRListener);
                }
            });
        } catch (IOException e) {
            fRListener.onException(e);
        }
    }
}
