package com.dropbox.core;

import com.dropbox.core.DbxRequestUtil;
import com.dropbox.core.DbxWebAuth;
import com.dropbox.core.http.HttpRequestor;
import com.dropbox.core.util.LangUtil;
import com.dropbox.core.util.StringUtil;
import com.dropbox.core.v2.DbxRawClientV2;
import java.io.UnsupportedEncodingException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.HashMap;
import java.util.Map;
import mf.org.apache.xerces.impl.Constants;

/* loaded from: classes.dex */
public class DbxPKCEWebAuth {
    private static final String CODE_CHALLENGE_METHODS = "S256";
    private static final String CODE_VERIFIER_CHAR_SET = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-._~";
    private static final int CODE_VERIFIER_SIZE = 128;
    private static final SecureRandom RAND = new SecureRandom();
    private final DbxAppInfo appInfo;
    private String codeVerifier;
    private boolean consumed;
    private final DbxWebAuth dbxWebAuth;
    private final DbxRequestConfig requestConfig;

    public DbxPKCEWebAuth(DbxRequestConfig dbxRequestConfig, DbxAppInfo dbxAppInfo) {
        if (dbxAppInfo.hasSecret()) {
            throw new IllegalStateException("PKCE cdoe flow doesn't require app secret, if you decide to embed it in your app, please use regular DbxWebAuth instead.");
        }
        this.requestConfig = dbxRequestConfig;
        this.appInfo = dbxAppInfo;
        this.dbxWebAuth = new DbxWebAuth(dbxRequestConfig, dbxAppInfo);
        this.codeVerifier = null;
        this.consumed = false;
    }

    private String generateCodeVerifier() {
        StringBuilder sb = new StringBuilder();
        for (int i = 0; i < 128; i++) {
            sb.append(CODE_VERIFIER_CHAR_SET.charAt(RAND.nextInt(66)));
        }
        return sb.toString();
    }

    public String authorize(DbxWebAuth.Request request) {
        if (this.consumed) {
            throw new IllegalStateException("This DbxPKCEWebAuth instance has been consumed already. To start a new PKCE OAuth flow, please create a new instance.");
        }
        if (this.codeVerifier != null) {
            throw new IllegalStateException("This DbxPKCEWebAuth instance has started an OAuth flow already. To restart a new PKCE OAuth flow, please create a new instance.");
        }
        this.codeVerifier = generateCodeVerifier();
        HashMap hashMap = new HashMap();
        hashMap.put("code_challenge", generateCodeChallenge(this.codeVerifier));
        hashMap.put("code_challenge_method", CODE_CHALLENGE_METHODS);
        return this.dbxWebAuth.authorizeImpl(request, hashMap);
    }

    DbxAuthFinish finish(String str, String str2, final String str3) throws DbxException {
        if (str == null) {
            throw new NullPointerException("code");
        }
        if (this.codeVerifier == null) {
            throw new IllegalStateException("Must initialize the PKCE flow by calling authorize first.");
        }
        if (this.consumed) {
            throw new IllegalStateException("This DbxPKCEWebAuth instance has been consumed already. To start a new PKCE OAuth flow, please create a new instance.");
        }
        HashMap hashMap = new HashMap();
        hashMap.put("grant_type", "authorization_code");
        hashMap.put("code", str);
        hashMap.put(Constants.LOCALE_PROPERTY, this.requestConfig.getUserLocale());
        hashMap.put("client_id", this.appInfo.getKey());
        hashMap.put("code_verifier", this.codeVerifier);
        if (str2 != null) {
            hashMap.put("redirect_uri", str2);
        }
        DbxAuthFinish dbxAuthFinish = (DbxAuthFinish) DbxRequestUtil.doPostNoAuth(this.requestConfig, DbxRawClientV2.USER_AGENT_ID, this.appInfo.getHost().getApi(), "oauth2/token", DbxRequestUtil.toParamsArray(hashMap), null, new DbxRequestUtil.ResponseHandler<DbxAuthFinish>() { // from class: com.dropbox.core.DbxPKCEWebAuth.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // com.dropbox.core.DbxRequestUtil.ResponseHandler
            public DbxAuthFinish handle(HttpRequestor.Response response) throws DbxException {
                if (response.getStatusCode() == 200) {
                    return ((DbxAuthFinish) DbxRequestUtil.readJsonFromResponse(DbxAuthFinish.Reader, response)).withUrlState(str3);
                }
                throw DbxRequestUtil.unexpectedStatus(response);
            }
        });
        this.codeVerifier = null;
        return dbxAuthFinish;
    }

    public DbxAuthFinish finishFromCode(String str) throws DbxException {
        return finish(str, null, null);
    }

    public DbxAuthFinish finishFromRedirect(String str, DbxSessionStore dbxSessionStore, Map<String, String[]> map) throws DbxException, DbxWebAuth.BadRequestException, DbxWebAuth.BadStateException, DbxWebAuth.CsrfException, DbxWebAuth.NotApprovedException, DbxWebAuth.ProviderException {
        return finish(DbxWebAuth.getParam(map, "code"), str, DbxWebAuth.validateRedirectUri(str, dbxSessionStore, map));
    }

    String generateCodeChallenge(String str) {
        try {
            return StringUtil.urlSafeBase64Encode(MessageDigest.getInstance("SHA-256").digest(str.getBytes("US-ASCII"))).replaceAll("=+$", "");
        } catch (UnsupportedEncodingException e) {
            throw LangUtil.mkAssert("Impossible", e);
        } catch (NoSuchAlgorithmException e2) {
            throw LangUtil.mkAssert("Impossible", e2);
        }
    }
}
