package com.amazon.identity.auth.device.token;

import android.content.Context;
import android.os.Bundle;
import android.text.TextUtils;
import com.amazon.identity.auth.accounts.DelegatedAccountHelper;
import com.amazon.identity.auth.device.api.MAPAccountManager;
import com.amazon.identity.auth.device.api.TokenKeys;
import com.amazon.identity.auth.device.callback.CallbackFuture;
import com.amazon.identity.auth.device.features.Feature;
import com.amazon.identity.auth.device.features.FeatureSet;
import com.amazon.identity.auth.device.framework.AuthEndpointErrorParser;
import com.amazon.identity.auth.device.framework.PlatformWrapper;
import com.amazon.identity.auth.device.framework.ServiceWrappingContext;
import com.amazon.identity.auth.device.framework.SystemWrapper;
import com.amazon.identity.auth.device.framework.Tracer;
import com.amazon.identity.auth.device.recovery.AccountRecoverContext;
import com.amazon.identity.auth.device.storage.LocalAppDataAwareDataStorage;
import com.amazon.identity.auth.device.storage.StorageKeyUtils;
import com.amazon.identity.auth.device.utils.AuthPortalExchangeTokenHelper;
import com.amazon.identity.auth.device.utils.AuthPortalHelper;
import com.amazon.identity.auth.device.utils.DeviceTypeHelpers;
import com.amazon.identity.auth.device.utils.JSONHelpers;
import com.amazon.identity.auth.device.utils.KeyInfo;
import com.amazon.identity.auth.device.utils.MAPLog;
import com.amazon.identity.auth.device.utils.StringConversionHelpers;
import com.amazon.identity.auth.device.utils.TimeUtil;
import com.amazon.identity.auth.device.utils.UnitTestUtils;
import com.amazon.identity.platform.metric.MetricsHelper;
import com.amazon.identity.platform.metric.PlatformMetricsTimer;
import com.amazon.identity.platform.util.PlatformUtils;
import java.io.IOException;
import java.net.HttpURLConnection;
import java.net.URL;
import java.text.ParseException;
import java.util.Collections;
import java.util.EnumSet;
import java.util.HashMap;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.TimeUnit;
import org.json.JSONException;
import org.json.JSONObject;

/* loaded from: classes.dex */
public class OAuthTokenManager {
    public static final String ACCESS_TOKEN = "access_token";
    public static final String AUTH_COOKIES = "auth_cookies";
    public static final String BEARER_TOKEN = "bearer_token";
    public static final String DELEGATED_ACCESS_TOKEN = "delegated_access_token";
    private static final long DEREGISTER_TIMEOUT_SECONDS = 5;
    public static final String DIRECTED_ID = "directed_id";
    public static final String DMS_TOKEN = "dms_token";
    public static final String DOMAIN = "domain";
    private static final String EXCHANGE_DMS_CREDENTIALS_FOR_OAUTH_TOKEN_FAILURE = "exchangeDMSCredentialsForOAuthTokenFailure";
    public static final String EXPIRES_IN = "expires_in";
    private static final String FETCH_COOKIES_FROM_SERVER_FAILURE = "fetchCookiesFromServerFailure";
    public static final String FORCE_REFRESH_DMS_TO_OAUTH_DONE_ONCE_TRUE = "true";
    private static final String INVALID_ERROR_RESPONSE = "InvalidErrorResponse";
    public static final String KEY_FORCE_REFRESH_DMS_TO_OAUTH_DONE_ONCE = "force_refresh_dms_to_oauth_done_once";
    private static final String KEY_OAUTH_EXPIRE_IN = "com.amazon.dcp.sso.token.oauth.amazon.access_token.expires_at";
    public static final String KEY_OAUTH_REFRESHED_AT = "com.amazon.dcp.sso.token.oauth.amazon.access_token.refreshed_at";
    private static final String KEY_REFRESH_TOKEN = "com.amazon.dcp.sso.token.oauth.amazon.refresh_token";
    private static final String REFRESH_DELEGATED_OAUTH_TOKEN_FAILURE = "refreshDelegatedOAuthTokenFailure";
    private static final String REFRESH_NORMAL_OAUTH_TOKEN_FAILURE = "refreshNormalOAuthTokenFailure";
    public static final String REFRESH_TOKEN = "refresh_token";
    public static final String REQUESTED_TOKEN_TYPE = "requested_token_type";
    public static final String SOURCE_TOKEN = "source_token";
    public static final String SOURCE_TOKEN_TYPE = "source_token_type";
    public static final String TOKEN = "token";
    public static final String TOKEN_EXPIRES_IN = "token_expires_in";
    public static final String TOKEN_TYPE = "token_type";
    private final AuthEndpointErrorParser mAuthEndpointErrorParser;
    private final AuthPortalExchangeTokenHelper mAuthPortalExchangeTokenHelper;
    private final AuthPortalHelper mAuthPortalHelper;
    private final ServiceWrappingContext mContext;
    private final DelegatedAccountHelper mDelegatedAccountHelper;
    private final FeatureSet mFeatureSet;
    private final LocalAppDataAwareDataStorage mLocalAppDataAwareDataStorage;
    private final MAPAccountManager mMapAccountManager;
    private final ServerRegistrationSyncHelper mServerRegSync;
    private final SystemWrapper mSystemWrapper;
    private static final long FUDGE_FACTOR = TimeUtil.fromMinutesTo(1, TimeUnit.MILLISECONDS);
    private static final String TAG = OAuthTokenManager.class.getName();
    private static final String METRICS_COMPONENT_NAME = OAuthTokenManager.class.getSimpleName();
    private static final Set<AuthTokenExchangeType> EXCHANGE_TYPES_REQUIRE_DEREGISTER_WHEN_INVALID_TOKEN = EnumSet.allOf(AuthTokenExchangeType.class);

    /* loaded from: classes.dex */
    public enum AuthTokenExchangeType {
        DMSTokenToOauthTokenExchange(OAuthTokenManager.EXCHANGE_DMS_CREDENTIALS_FOR_OAUTH_TOKEN_FAILURE),
        OauthRefreshToAccessExchange(OAuthTokenManager.REFRESH_NORMAL_OAUTH_TOKEN_FAILURE),
        OauthRefreshToCookieExchange(OAuthTokenManager.FETCH_COOKIES_FROM_SERVER_FAILURE),
        OauthRefreshToDelegationAccessExchange(OAuthTokenManager.REFRESH_DELEGATED_OAUTH_TOKEN_FAILURE);

        final String mFailureMetric;

        AuthTokenExchangeType(String str) {
            this.mFailureMetric = str;
        }
    }

    /* loaded from: classes.dex */
    public static class ExchangeTokenResponse {
        final String mAccessToken;
        final int mExpiresIn;
        final String mRefreshToken;

        public ExchangeTokenResponse(String str, int i) {
            this(str, i, null);
        }

        public ExchangeTokenResponse(String str, int i, String str2) {
            this.mAccessToken = str;
            this.mExpiresIn = i;
            this.mRefreshToken = str2;
        }
    }

    /* loaded from: classes.dex */
    public static final class OAuthTokenManagerException extends Exception {
        private static final long serialVersionUID = -7354549861193710767L;
        private AccountRecoverContext mAccountRecoverContext;
        private AuthEndpointErrorParser.AuthEndpointError mAuthEndpointError;
        private final int mErrorCode;
        private final String mErrorMsg;

        public OAuthTokenManagerException(int i, String str) {
            super(str);
            this.mErrorCode = i;
            this.mErrorMsg = str;
            this.mAccountRecoverContext = null;
        }

        public OAuthTokenManagerException(int i, String str, AuthEndpointErrorParser.AuthEndpointError authEndpointError) {
            super(str);
            this.mErrorCode = i;
            this.mErrorMsg = str;
            this.mAuthEndpointError = authEndpointError;
            this.mAccountRecoverContext = null;
        }

        public OAuthTokenManagerException(int i, String str, AuthEndpointErrorParser.AuthEndpointError authEndpointError, AccountRecoverContext accountRecoverContext) {
            super(str);
            this.mErrorCode = i;
            this.mErrorMsg = str;
            this.mAuthEndpointError = authEndpointError;
            this.mAccountRecoverContext = accountRecoverContext;
        }

        public OAuthTokenManagerException(int i, String str, Throwable th) {
            super(str, th);
            this.mErrorCode = i;
            this.mErrorMsg = str;
            this.mAccountRecoverContext = null;
        }

        public AccountRecoverContext getAccountRecoverContext() {
            return this.mAccountRecoverContext;
        }

        public AuthEndpointErrorParser.AuthEndpointError getAuthEndpointError() {
            return this.mAuthEndpointError;
        }

        public int getErrorCode() {
            return this.mErrorCode;
        }

        public String getErrorMsg() {
            return this.mErrorMsg;
        }
    }

    public OAuthTokenManager(Context context) {
        this(context, new AuthPortalHelper(), new MAPAccountManager(context), new DelegatedAccountHelper());
    }

    OAuthTokenManager(Context context, AuthPortalHelper authPortalHelper, MAPAccountManager mAPAccountManager, DelegatedAccountHelper delegatedAccountHelper) {
        this.mContext = ServiceWrappingContext.create(context);
        this.mSystemWrapper = (SystemWrapper) this.mContext.getSystemService(ServiceWrappingContext.SYSTEM);
        this.mLocalAppDataAwareDataStorage = new LocalAppDataAwareDataStorage(this.mContext);
        this.mAuthPortalHelper = authPortalHelper;
        this.mMapAccountManager = mAPAccountManager;
        this.mDelegatedAccountHelper = delegatedAccountHelper;
        this.mServerRegSync = new ServerRegistrationSyncHelper(this.mContext, this.mLocalAppDataAwareDataStorage);
        this.mFeatureSet = this.mContext.getFeatureSet();
        this.mAuthEndpointErrorParser = new AuthEndpointErrorParser();
        this.mAuthPortalExchangeTokenHelper = new AuthPortalExchangeTokenHelper();
    }

    private boolean checkDMSForceRefreshStateFor3PCentralDeviceType(String str, String str2) {
        if (PlatformUtils.isThirdPartyDevice(this.mContext) && DeviceTypeHelpers.isPackageUsingCentralDeviceType(this.mContext, str2) && !this.mFeatureSet.hasFeature(Feature.IsolateApplication)) {
            return TextUtils.equals(FORCE_REFRESH_DMS_TO_OAUTH_DONE_ONCE_TRUE, this.mLocalAppDataAwareDataStorage.getUserData(str, KEY_FORCE_REFRESH_DMS_TO_OAUTH_DONE_ONCE));
        }
        return true;
    }

    private void cleanRefreshToken(String str, String str2) {
        this.mLocalAppDataAwareDataStorage.expireToken(str, getLocalRefreshTokenKey(str2));
    }

    private String createErrorMsg(AuthEndpointErrorParser.AuthEndpointError authEndpointError) {
        return authEndpointError != null ? String.format("Received Error code %s from the server. Message: %s Detail: %s", authEndpointError.getAuthTypeError().getCode(), authEndpointError.getMessage(), authEndpointError.getDetail()) : "Invalid error response received from the token exchange endpoint";
    }

    private String exchangeDMSCredentialsForOAuthTokenAndStore(String str, String str2, boolean z, Tracer tracer) throws OAuthTokenManagerException {
        String str3;
        if (str == null) {
            throw new OAuthTokenManagerException(8, "Given Account is currently not valid");
        }
        MAPLog.i(TAG, "Exchange DMS token to OAuth token for package " + str2 + " due to " + tracer.getPackageToBlame(this.mContext));
        HttpURLConnection httpURLConnection = null;
        try {
            try {
                PlatformMetricsTimer startTimer = MetricsHelper.startTimer(METRICS_COMPONENT_NAME, "exchangeDMSCredentialsForOAuthToken");
                URL exchangeTokenURL = this.mAuthPortalExchangeTokenHelper.getExchangeTokenURL(this.mContext, str);
                MAPLog.i(TAG, "Exchanging DMS token with exchange token endpoint: " + exchangeTokenURL.toString());
                HttpURLConnection startIdentityRequestURLEncoded = this.mAuthPortalHelper.startIdentityRequestURLEncoded(this.mContext, exchangeTokenURL, this.mAuthPortalExchangeTokenHelper.getDMSExchangeTokenBody(this.mContext), true, null, str, str2, tracer);
                int responseCode = startIdentityRequestURLEncoded.getResponseCode();
                MAPLog.i(TAG, "Response received for exchange DMS to OAuth end-point");
                JSONObject json = JSONHelpers.toJson(startIdentityRequestURLEncoded);
                startTimer.stop();
                if (this.mAuthPortalHelper.isFailure(responseCode) || json == null) {
                    String str4 = TAG;
                    Object[] objArr = new Object[1];
                    objArr[0] = json != null ? json.toString() : "Null Json Response";
                    MAPLog.formattedDebug(str4, "Error Response: %s", objArr);
                    throw handleTokenExchangeError(str, str2, this.mAuthEndpointErrorParser.parse(json), responseCode, AuthTokenExchangeType.DMSTokenToOauthTokenExchange);
                }
                MetricsHelper.incrementCounter("exchangeDMSCredentialsForOAuthTokenSuccess", new String[0]);
                ExchangeTokenResponse handleDMSExchangeTokenSuccess = this.mAuthPortalExchangeTokenHelper.handleDMSExchangeTokenSuccess(json);
                receiveAndStoreUpdatedTokensForOAuthRefresh(str, str2, handleDMSExchangeTokenSuccess);
                if (z) {
                    str3 = handleDMSExchangeTokenSuccess.mRefreshToken;
                    if (startIdentityRequestURLEncoded != null) {
                        startIdentityRequestURLEncoded.disconnect();
                    }
                } else {
                    str3 = handleDMSExchangeTokenSuccess.mAccessToken;
                    if (startIdentityRequestURLEncoded != null) {
                        startIdentityRequestURLEncoded.disconnect();
                    }
                }
                return str3;
            } catch (IOException e) {
                MetricsHelper.incrementCounter("exchangeDMSCredentialsForOAuthTokenFailure:IOException", new String[0]);
                throw new OAuthTokenManagerException(3, e.getMessage());
            } catch (ParseException e2) {
                MetricsHelper.incrementCounter("exchangeDMSCredentialsForOAuthTokenFailure:ParseException", new String[0]);
                throw new OAuthTokenManagerException(5, e2.getMessage());
            } catch (JSONException e3) {
                MetricsHelper.incrementCounter("exchangeDMSCredentialsForOAuthTokenFailure:JSONException", new String[0]);
                throw new OAuthTokenManagerException(5, e3.getMessage());
            }
        } catch (Throwable th) {
            if (0 != 0) {
                httpURLConnection.disconnect();
            }
            throw th;
        }
    }

    private String getDirectedIdDelegatee(String str, Bundle bundle) {
        String string = bundle.getString("com.amazon.dcp.sso.property.account.delegateeaccount");
        return TextUtils.isEmpty(string) ? this.mDelegatedAccountHelper.getDelegateeAccountForTheDelegatedAccount(str, this.mLocalAppDataAwareDataStorage) : string;
    }

    private String getLocalAccessToken(String str, String str2) {
        return this.mLocalAppDataAwareDataStorage.peekToken(str, getLocalAccessTokenKey(str2));
    }

    private String getLocalAccessTokenKey(String str) {
        return TokenKeys.getAccessTokenKeyForPackage(str);
    }

    private String getLocalExpireInKey(String str) {
        return StorageKeyUtils.getKeyWithPackageNamespace(str, "com.amazon.dcp.sso.token.oauth.amazon.access_token.expires_at");
    }

    private String getLocalRefreshToken(String str, String str2) {
        return this.mLocalAppDataAwareDataStorage.peekToken(str, getLocalRefreshTokenKey(str2));
    }

    private String getLocalRefreshTokenKey(String str) {
        return StorageKeyUtils.getKeyWithPackageNamespace(str, "com.amazon.dcp.sso.token.oauth.amazon.refresh_token");
    }

    private String getLocalRefreshedTimeInKey(String str) {
        return StorageKeyUtils.getKeyWithPackageNamespace(str, "com.amazon.dcp.sso.token.oauth.amazon.access_token.refreshed_at");
    }

    private String handleGetAccessTokenForDelegatedAccount(String str, String str2, KeyInfo keyInfo, Bundle bundle, Tracer tracer) throws OAuthTokenManagerException {
        if (TextUtils.isEmpty(str) || TextUtils.isEmpty(str2)) {
            throw new OAuthTokenManagerException(8, "Given account or delegated account is currently not valid");
        }
        String packageName = keyInfo.getPackageName();
        if (!this.mMapAccountManager.isAccountRegistered(str)) {
            MAPLog.w(TAG, "The delegatee account is already deregistered.");
            MAPLog.pii(TAG, String.format("The delegatee account %s is already deregistered.", str));
            throw new OAuthTokenManagerException(MAPAccountManager.RegistrationError.DELEGATEE_ACCOUNT_ALREADY_DEREGISTERED.value(), "The delegatee account is already deregistered on this device");
        }
        if (requireExchangeDMSTokenForOAuthToken(bundle)) {
            return refreshDelegatedOAuthTokenAndStore(str, str2, exchangeDMSCredentialsForOAuthTokenAndStore(str, keyInfo.getPackageName(), true, tracer), keyInfo.getPackageName(), bundle, tracer);
        }
        if (!requireOAuthRefreshTokenExchange(str2, keyInfo, bundle)) {
            return null;
        }
        String refreshToken = getRefreshToken(str, packageName, tracer);
        if (TextUtils.isEmpty(refreshToken)) {
            refreshToken = exchangeDMSCredentialsForOAuthTokenAndStore(str, keyInfo.getPackageName(), true, tracer);
        }
        return refreshDelegatedOAuthTokenAndStore(str, str2, refreshToken, keyInfo.getPackageName(), bundle, tracer);
    }

    private String handleGetAccessTokenForNormalAccount(String str, KeyInfo keyInfo, Bundle bundle, Tracer tracer) throws OAuthTokenManagerException {
        String packageName = keyInfo.getPackageName();
        MAPLog.d(TAG, "Getting access token for package " + packageName);
        tryToCorrectTheOAuthTokensFor3PCentralDevicetype(str, packageName, false, tracer);
        if (!hasLocalOAuthRefreshToken(str, packageName) || requireExchangeDMSTokenForOAuthToken(bundle)) {
            return exchangeDMSCredentialsForOAuthTokenAndStore(str, keyInfo.getPackageName(), false, tracer);
        }
        if (requireOAuthRefreshTokenExchange(str, keyInfo, bundle)) {
            return refreshOAuthTokenAndStore(str, keyInfo.getPackageName(), tracer);
        }
        return null;
    }

    private boolean isAccessTokenExpiring(Long l, Long l2, Bundle bundle) {
        return (l2.longValue() + bundle.getLong(TokenKeys.Options.KEY_OAUTH_TTL_MS_LONG, 0L)) + FUDGE_FACTOR >= l.longValue();
    }

    private boolean isClockSkew(long j, String str) {
        Long l;
        return (TextUtils.isEmpty(str) || (l = StringConversionHelpers.toLong(str)) == null || j >= l.longValue()) ? false : true;
    }

    private void receiveAndStoreUpdatedTokensForOAuthRefresh(String str, String str2, ExchangeTokenResponse exchangeTokenResponse) {
        if (this.mMapAccountManager.isAccountRegistered(str) || UnitTestUtils.isRunningInUnitTest()) {
            storeOAuthTokens(str, str2, exchangeTokenResponse.mExpiresIn, exchangeTokenResponse.mRefreshToken, exchangeTokenResponse.mAccessToken);
            this.mServerRegSync.recordRegistrationCheckTime(str);
        }
    }

    private String refreshDelegatedOAuthTokenAndStore(String str, String str2, String str3, String str4, Bundle bundle, Tracer tracer) throws OAuthTokenManagerException {
        HttpURLConnection httpURLConnection = null;
        try {
            try {
                PlatformMetricsTimer startTimer = MetricsHelper.startTimer(METRICS_COMPONENT_NAME, "refreshDelegatedOAuthToken");
                URL delegationExchangeTokenURL = this.mAuthPortalExchangeTokenHelper.getDelegationExchangeTokenURL(this.mContext, str2, bundle);
                MAPLog.i(TAG, "Refreshing Delegated Oauth token with exchange token endpoint " + delegationExchangeTokenURL.toString() + " due to " + tracer.getPackageToBlame(this.mContext));
                HttpURLConnection startIdentityRequestURLEncoded = this.mAuthPortalHelper.startIdentityRequestURLEncoded(this.mContext, delegationExchangeTokenURL, this.mAuthPortalExchangeTokenHelper.getRefreshDelegatedOAuthTokenBody(this.mContext, str3, str2), false, null, str2, str4, tracer);
                int responseCode = startIdentityRequestURLEncoded.getResponseCode();
                MAPLog.i(TAG, "Response received from OAuth refresh to delegated access exchange end-point");
                JSONObject json = JSONHelpers.toJson(startIdentityRequestURLEncoded);
                startTimer.stop();
                if (this.mAuthPortalHelper.isFailure(responseCode) || json == null) {
                    String str5 = TAG;
                    Object[] objArr = new Object[1];
                    objArr[0] = json != null ? json.toString() : "Null Json Response";
                    MAPLog.formattedDebug(str5, "Error Response: %s", objArr);
                    throw handleTokenExchangeError(str2, str4, this.mAuthEndpointErrorParser.parse(json), responseCode, AuthTokenExchangeType.OauthRefreshToDelegationAccessExchange);
                }
                MetricsHelper.incrementCounter("refreshDelegatedOAuthTokenSuccess", new String[0]);
                ExchangeTokenResponse handleExchangeTokenSuccess = this.mAuthPortalExchangeTokenHelper.handleExchangeTokenSuccess(json);
                receiveAndStoreUpdatedTokensForOAuthRefresh(str2, str4, handleExchangeTokenSuccess);
                String str6 = handleExchangeTokenSuccess.mAccessToken;
                if (startIdentityRequestURLEncoded != null) {
                    startIdentityRequestURLEncoded.disconnect();
                }
                return str6;
            } catch (IOException e) {
                MetricsHelper.incrementCounter("refreshDelegatedOAuthTokenFailure:IOException", new String[0]);
                throw new OAuthTokenManagerException(3, e.getMessage(), e);
            } catch (ParseException e2) {
                MetricsHelper.incrementCounter("refreshDelegatedOAuthTokenFailure:ParseException", new String[0]);
                throw new OAuthTokenManagerException(5, e2.getMessage(), e2);
            } catch (JSONException e3) {
                MetricsHelper.incrementCounter("refreshDelegatedOAuthTokenFailure:JSONException", new String[0]);
                throw new OAuthTokenManagerException(5, e3.getMessage(), e3);
            }
        } catch (Throwable th) {
            if (0 != 0) {
                httpURLConnection.disconnect();
            }
            throw th;
        }
    }

    private String refreshNormalOAuthTokenAndStore(String str, String str2, Tracer tracer) throws OAuthTokenManagerException {
        String str3;
        HttpURLConnection httpURLConnection = null;
        try {
            try {
                try {
                    try {
                        String token = this.mLocalAppDataAwareDataStorage.getToken(str, getLocalRefreshTokenKey(str2));
                        if (token == null) {
                            str3 = exchangeDMSCredentialsForOAuthTokenAndStore(str, str2, false, tracer);
                        } else {
                            PlatformMetricsTimer startTimer = MetricsHelper.startTimer(METRICS_COMPONENT_NAME, "refreshNormalOAuthToken");
                            ExchangeTokenRequestHelperDefinition pandaOAuthExchangeRequestHelper = this.mFeatureSet.hasFeature(Feature.PandaExchangeRefreshToAccess) ? new PandaOAuthExchangeRequestHelper(this.mContext, this.mAuthPortalHelper) : new AuthPortalOAuthExchangeRequestHelper(this.mContext, this.mAuthPortalHelper);
                            HttpURLConnection startExchangeTokenRequest = pandaOAuthExchangeRequestHelper.startExchangeTokenRequest(token, str, str2, tracer);
                            int responseCode = startExchangeTokenRequest.getResponseCode();
                            MAPLog.i(TAG, "Response received from OAuth refresh to access exchange end-point");
                            JSONObject json = JSONHelpers.toJson(startExchangeTokenRequest);
                            startTimer.stop();
                            if (pandaOAuthExchangeRequestHelper.isFailure(responseCode) || json == null) {
                                String str4 = TAG;
                                Object[] objArr = new Object[1];
                                objArr[0] = json != null ? json.toString() : "Null Json Response";
                                MAPLog.formattedDebug(str4, "Error Response: %s", objArr);
                                throw handleTokenExchangeError(str, str2, pandaOAuthExchangeRequestHelper.parseExchangeTokenFailure(json), responseCode, AuthTokenExchangeType.OauthRefreshToAccessExchange);
                            }
                            ExchangeTokenResponse parseExchangeTokenSuccess = pandaOAuthExchangeRequestHelper.parseExchangeTokenSuccess(json);
                            MetricsHelper.incrementCounter("refreshNormalOAuthTokenSuccess", new String[0]);
                            receiveAndStoreUpdatedTokensForOAuthRefresh(str, str2, parseExchangeTokenSuccess);
                            str3 = parseExchangeTokenSuccess.mAccessToken;
                            if (startExchangeTokenRequest != null) {
                                startExchangeTokenRequest.disconnect();
                            }
                        }
                        return str3;
                    } catch (IOException e) {
                        MetricsHelper.incrementCounter("refreshNormalOAuthTokenFailure:IOException", new String[0]);
                        throw new OAuthTokenManagerException(3, e.getMessage());
                    }
                } catch (ParseException e2) {
                    MetricsHelper.incrementCounter("refreshNormalOAuthTokenFailure:ParseException", new String[0]);
                    throw new OAuthTokenManagerException(5, e2.getMessage());
                }
            } catch (JSONException e3) {
                MetricsHelper.incrementCounter("refreshNormalOAuthTokenFailure:JSONException", new String[0]);
                throw new OAuthTokenManagerException(5, e3.getMessage());
            }
        } finally {
            if (0 != 0) {
                httpURLConnection.disconnect();
            }
        }
    }

    private boolean requireExchangeDMSTokenForOAuthToken(Bundle bundle) {
        if (!(bundle != null ? bundle : new Bundle()).getBoolean(TokenKeys.Options.KEY_FORCE_REFRESH_DMS_TO_OAUTH)) {
            return false;
        }
        MAPLog.i(TAG, "Force refresh the DMS token for OAuth token.");
        return true;
    }

    private boolean requireOAuthRefreshTokenExchange(String str, KeyInfo keyInfo, Bundle bundle) {
        if (hasLocalOAuthAccessToken(str, keyInfo.getPackageName())) {
            return shouldRefreshExistingAccessToken(str, keyInfo, bundle);
        }
        return true;
    }

    private void tryToCorrectTheOAuthTokensFor3PCentralDevicetype(String str, String str2, boolean z, Tracer tracer) throws OAuthTokenManagerException {
        if (checkDMSForceRefreshStateFor3PCentralDeviceType(str, str2)) {
            return;
        }
        exchangeDMSCredentialsForOAuthTokenAndStore(str, str2, z, tracer);
        this.mLocalAppDataAwareDataStorage.setUserData(str, KEY_FORCE_REFRESH_DMS_TO_OAUTH_DONE_ONCE, FORCE_REFRESH_DMS_TO_OAUTH_DONE_ONCE_TRUE);
        MetricsHelper.incrementCounter("fixCentralTokenOn3PDevices", new String[0]);
    }

    public String getAccessToken(String str, KeyInfo keyInfo, Bundle bundle, Tracer tracer) throws OAuthTokenManagerException {
        if (TextUtils.isEmpty(str)) {
            throw new OAuthTokenManagerException(8, "Given Account is currently not valid");
        }
        if (!"com.amazon.dcp.sso.token.oauth.amazon.access_token".equals(keyInfo.getKey())) {
            throw new OAuthTokenManagerException(7, String.format("Token key %s is not a valid key", keyInfo.getRawKey()));
        }
        Bundle bundle2 = bundle == null ? new Bundle() : bundle;
        String directedIdDelegatee = getDirectedIdDelegatee(str, bundle2);
        String handleGetAccessTokenForDelegatedAccount = !TextUtils.isEmpty(directedIdDelegatee) ? handleGetAccessTokenForDelegatedAccount(directedIdDelegatee, str, keyInfo, bundle2, tracer) : handleGetAccessTokenForNormalAccount(str, keyInfo, bundle2, tracer);
        return TextUtils.isEmpty(handleGetAccessTokenForDelegatedAccount) ? this.mLocalAppDataAwareDataStorage.getToken(str, keyInfo.getRawKey()) : handleGetAccessTokenForDelegatedAccount;
    }

    public String getOAuthToken(String str, KeyInfo keyInfo, Tracer tracer) throws OAuthTokenManagerException {
        if ("com.amazon.dcp.sso.token.oauth.amazon.access_token".equals(keyInfo.getKey())) {
            return getAccessToken(str, keyInfo, null, tracer);
        }
        if ("com.amazon.dcp.sso.token.oauth.amazon.refresh_token".equals(keyInfo.getKey())) {
            return getRefreshToken(str, keyInfo.getPackageName(), tracer);
        }
        throw new OAuthTokenManagerException(7, String.format("Token key %s is not a valid key", keyInfo.getRawKey()));
    }

    public String getRefreshToken(String str, String str2, Tracer tracer) throws OAuthTokenManagerException {
        tryToCorrectTheOAuthTokensFor3PCentralDevicetype(str, str2, true, tracer);
        String localRefreshToken = getLocalRefreshToken(str, str2);
        return localRefreshToken != null ? localRefreshToken : exchangeDMSCredentialsForOAuthTokenAndStore(str, str2, true, tracer);
    }

    public Map<String, String> getTokenMapFromRegistrationData(Bundle bundle) {
        if (bundle == null || bundle.size() <= 0) {
            return Collections.emptyMap();
        }
        HashMap hashMap = new HashMap();
        String string = bundle.getString("com.amazon.dcp.sso.token.oauth.amazon.access_token");
        int i = 0;
        try {
            i = Integer.parseInt(bundle.getString("com.amazon.dcp.sso.token.oauth.amazon.access_token.expires_at"));
        } catch (NumberFormatException e) {
            MAPLog.e(TAG, "NumberFormatException fetching expiresInSeconds data");
        }
        String string2 = bundle.getString("com.amazon.dcp.sso.token.oauth.amazon.refresh_token");
        long currentTimeMillis = System.currentTimeMillis();
        long convert = currentTimeMillis + TimeUnit.MILLISECONDS.convert(i, TimeUnit.SECONDS);
        hashMap.put(getLocalAccessTokenKey(null), string);
        hashMap.put(getLocalExpireInKey(null), Long.toString(convert));
        hashMap.put(getLocalRefreshTokenKey(null), string2);
        hashMap.put(getLocalRefreshedTimeInKey(null), Long.toString(currentTimeMillis));
        return hashMap;
    }

    public OAuthTokenManagerException handleTokenExchangeError(String str, String str2, AuthEndpointErrorParser.AuthEndpointError authEndpointError, int i, AuthTokenExchangeType authTokenExchangeType) {
        String createErrorMsg = createErrorMsg(authEndpointError);
        String str3 = authTokenExchangeType.mFailureMetric;
        String[] strArr = new String[1];
        strArr[0] = authEndpointError == null ? INVALID_ERROR_RESPONSE : authEndpointError.getAuthTypeError().name();
        MetricsHelper.incrementCounter(str3, strArr);
        if (authEndpointError == null) {
            MAPLog.e(TAG, String.format("Received unrecognized error from the server with status code %d", Integer.valueOf(i)));
        } else {
            MAPLog.e(TAG, String.format("Received error code: %s %n Message: %s %n Detail: %s", authEndpointError.getAuthTypeError().getCode(), authEndpointError.getMessage(), authEndpointError.getDetail()));
            cleanRefreshToken(str, str2);
            if (isInvalidTokenError(authEndpointError)) {
                if (!isAccountDeregistrationRequired(new PlatformWrapper(this.mContext), authTokenExchangeType)) {
                    return new OAuthTokenManagerException(MAPAccountManager.RegistrationError.PARSE_ERROR.value(), createErrorMsg, authEndpointError, AccountRecoverContext.buildFromScratch().setDirectedId(str).setRecoverReason(authTokenExchangeType.name() + ":" + authEndpointError.getAuthTypeError().name()));
                }
                try {
                    this.mMapAccountManager.deregisterAccount(str, new CallbackFuture()).get(5L, TimeUnit.SECONDS);
                } catch (Exception e) {
                    MAPLog.e(TAG, "Exception while waiting for deregistration as the result of an invalid token to complete", e);
                }
            }
        }
        return new OAuthTokenManagerException(MAPAccountManager.RegistrationError.PARSE_ERROR.value(), createErrorMsg, authEndpointError);
    }

    public boolean hasLocalOAuthAccessToken(String str, String str2) {
        return getLocalAccessToken(str, str2) != null;
    }

    public boolean hasLocalOAuthRefreshToken(String str, String str2) {
        return getLocalRefreshToken(str, str2) != null;
    }

    boolean isAccountDeregistrationRequired(PlatformWrapper platformWrapper, AuthTokenExchangeType authTokenExchangeType) {
        return EXCHANGE_TYPES_REQUIRE_DEREGISTER_WHEN_INVALID_TOKEN.contains(authTokenExchangeType) && !platformWrapper.isImpPackage();
    }

    boolean isInvalidTokenError(AuthEndpointErrorParser.AuthEndpointError authEndpointError) {
        return authEndpointError.getAuthTypeError() == AuthEndpointErrorParser.AuthErrorType.InvalidToken || authEndpointError.getAuthTypeError() == AuthEndpointErrorParser.AuthErrorType.InvalidValue;
    }

    public String refreshOAuthTokenAndStore(String str, String str2, Tracer tracer) throws OAuthTokenManagerException {
        if (str == null) {
            throw new OAuthTokenManagerException(8, "Given Account is currently not valid");
        }
        MAPLog.i(TAG, "Refreshing access token for " + (str2 != null ? "package " + str2 : "central"));
        String directedIdDelegatee = getDirectedIdDelegatee(str, new Bundle());
        if (TextUtils.isEmpty(directedIdDelegatee)) {
            return refreshNormalOAuthTokenAndStore(str, str2, tracer);
        }
        String token = this.mLocalAppDataAwareDataStorage.getToken(directedIdDelegatee, getLocalRefreshTokenKey(str2));
        if (TextUtils.isEmpty(token)) {
            token = exchangeDMSCredentialsForOAuthTokenAndStore(directedIdDelegatee, str2, true, tracer);
        }
        return refreshDelegatedOAuthTokenAndStore(directedIdDelegatee, str, token, str2, new Bundle(), tracer);
    }

    public boolean shouldRefreshExistingAccessToken(String str, KeyInfo keyInfo, Bundle bundle) {
        Bundle bundle2 = bundle != null ? bundle : new Bundle();
        if (bundle2.getBoolean(TokenKeys.Options.KEY_FORCE_REFRESH_OAUTH)) {
            MAPLog.i(TAG, "Force refresh the OAuth access token.");
            return true;
        }
        String token = this.mLocalAppDataAwareDataStorage.getToken(str, getLocalRefreshedTimeInKey(keyInfo.getPackageName()));
        long currentTimeMillis = this.mSystemWrapper.currentTimeMillis();
        if (isClockSkew(currentTimeMillis, token)) {
            MAPLog.i(TAG, "Clock skew detected. Refreshing...");
            return true;
        }
        Long l = StringConversionHelpers.toLong(this.mLocalAppDataAwareDataStorage.getToken(str, getLocalExpireInKey(keyInfo.getPackageName())));
        if (l == null || !isAccessTokenExpiring(l, Long.valueOf(currentTimeMillis), bundle2)) {
            return false;
        }
        MAPLog.i(TAG, "OAuth access token near or past expiry. Refreshing...");
        return true;
    }

    public void storeOAuthTokens(String str, String str2, int i, String str3, String str4) {
        long currentTimeMillis = System.currentTimeMillis();
        long convert = currentTimeMillis + TimeUnit.MILLISECONDS.convert(i, TimeUnit.SECONDS);
        HashMap hashMap = new HashMap();
        if (!TextUtils.isEmpty(str3)) {
            hashMap.put(getLocalRefreshTokenKey(str2), str3);
        }
        hashMap.put(getLocalAccessTokenKey(str2), str4);
        hashMap.put(getLocalExpireInKey(str2), Long.toString(convert));
        hashMap.put(getLocalRefreshedTimeInKey(str2), Long.toString(currentTimeMillis));
        this.mLocalAppDataAwareDataStorage.setTokens(str, hashMap);
    }
}
