package com.auth0.android.provider;

import android.content.Context;
import android.net.Uri;
import android.text.TextUtils;
import android.util.Base64;
import android.util.Log;
import com.auth0.android.Auth0Exception;
import com.auth0.android.authentication.AuthenticationException;
import com.auth0.android.request.internal.Jwt;
import com.auth0.android.result.Credentials;
import ig.j0;
import java.security.SecureRandom;
import java.util.Arrays;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
import kotlin.jvm.internal.k0;
import kotlin.jvm.internal.s;

/* compiled from: OAuthManager.kt */
/* loaded from: classes.dex */
public final class k extends m {
    private static final String DEFAULT_SCOPE = "openid profile email";
    private static final String ERROR_VALUE_ACCESS_DENIED = "access_denied";
    private static final String ERROR_VALUE_ID_TOKEN_VALIDATION_FAILED = "Could not verify the ID token";
    private static final String ERROR_VALUE_INVALID_CONFIGURATION = "a0.invalid_configuration";
    private static final String ERROR_VALUE_LOGIN_REQUIRED = "login_required";
    private static final String ERROR_VALUE_UNAUTHORIZED = "unauthorized";
    private static final String KEY_AUTH0_CLIENT_INFO = "auth0Client";
    private static final String KEY_CLIENT_ID = "client_id";
    private static final String KEY_CODE = "code";
    private static final String KEY_CODE_CHALLENGE = "code_challenge";
    private static final String KEY_CODE_CHALLENGE_METHOD = "code_challenge_method";
    private static final String KEY_ERROR = "error";
    private static final String KEY_ERROR_DESCRIPTION = "error_description";
    private static final String KEY_REDIRECT_URI = "redirect_uri";
    private static final String METHOD_SHA_256 = "S256";
    private static final String REQUIRED_SCOPE = "openid";
    private Long _currentTimeInMillis;
    private final r3.a account;
    private final s3.a apiClient;
    private final u3.a<Credentials, AuthenticationException> callback;
    private final CustomTabsOptions ctOptions;
    private final Map<String, String> headers;
    private String idTokenVerificationIssuer;
    private Integer idTokenVerificationLeeway;
    private final boolean launchAsTwa;
    private final Map<String, String> parameters;
    private l pkce;
    private int requestCode;

    /* renamed from: a, reason: collision with root package name */
    public static final a f5464a = new a(null);
    private static final String TAG = k.class.getSimpleName();

    /* compiled from: OAuthManager.kt */
    /* loaded from: classes.dex */
    public static final class a {
        private a() {
        }

        public /* synthetic */ a(kotlin.jvm.internal.k kVar) {
            this();
        }

        private final String c() {
            byte[] bArr = new byte[32];
            new SecureRandom().nextBytes(bArr);
            String encodeToString = Base64.encodeToString(bArr, 11);
            s.f(encodeToString, "encodeToString(\n        ….NO_PADDING\n            )");
            return encodeToString;
        }

        public final void a(String requestState, String str) {
            s.g(requestState, "requestState");
            if (s.b(requestState, str)) {
                return;
            }
            String str2 = k.TAG;
            k0 k0Var = k0.f13118a;
            String format = String.format("Received state doesn't match. Received %s but expected %s", Arrays.copyOf(new Object[]{str, requestState}, 2));
            s.f(format, "format(format, *args)");
            Log.e(str2, format);
            throw new AuthenticationException(k.ERROR_VALUE_ACCESS_DENIED, "The received state is invalid. Try again.");
        }

        public final String b(String str) {
            return str == null ? c() : str;
        }
    }

    /* compiled from: OAuthManager.kt */
    /* loaded from: classes.dex */
    public static final class b implements u3.a<n, TokenValidationException> {

        /* renamed from: a, reason: collision with root package name */
        final /* synthetic */ u3.a<Void, Auth0Exception> f5465a;

        /* renamed from: b, reason: collision with root package name */
        final /* synthetic */ k f5466b;

        /* renamed from: c, reason: collision with root package name */
        final /* synthetic */ Jwt f5467c;

        b(u3.a<Void, Auth0Exception> aVar, k kVar, Jwt jwt) {
            this.f5465a = aVar;
            this.f5466b = kVar;
            this.f5467c = jwt;
        }

        @Override // u3.a
        /* renamed from: a, reason: merged with bridge method [inline-methods] */
        public void onFailure(TokenValidationException error) {
            s.g(error, "error");
            this.f5465a.onFailure(error);
        }

        @Override // u3.a
        /* renamed from: b, reason: merged with bridge method [inline-methods] */
        public void onSuccess(n result) {
            s.g(result, "result");
            String str = this.f5466b.idTokenVerificationIssuer;
            s.d(str);
            h hVar = new h(str, this.f5466b.apiClient.c(), result);
            String str2 = (String) this.f5466b.parameters.get("max_age");
            if (!TextUtils.isEmpty(str2)) {
                s.d(str2);
                hVar.k(Integer.valueOf(str2));
            }
            hVar.j(this.f5466b.idTokenVerificationLeeway);
            hVar.l((String) this.f5466b.parameters.get("nonce"));
            hVar.i(new Date(this.f5466b.q()));
            hVar.m((String) this.f5466b.parameters.get("organization"));
            try {
                new i().a(this.f5467c, hVar, true);
                this.f5465a.onSuccess(null);
            } catch (TokenValidationException e10) {
                this.f5465a.onFailure(e10);
            }
        }
    }

    /* compiled from: OAuthManager.kt */
    /* loaded from: classes.dex */
    public static final class c implements u3.a<Credentials, AuthenticationException> {

        /* compiled from: OAuthManager.kt */
        /* loaded from: classes.dex */
        public static final class a implements u3.a<Void, Auth0Exception> {

            /* renamed from: a, reason: collision with root package name */
            final /* synthetic */ k f5469a;

            /* renamed from: b, reason: collision with root package name */
            final /* synthetic */ Credentials f5470b;

            a(k kVar, Credentials credentials) {
                this.f5469a = kVar;
                this.f5470b = credentials;
            }

            @Override // u3.a
            /* renamed from: a, reason: merged with bridge method [inline-methods] */
            public void onSuccess(Void r22) {
                this.f5469a.callback.onSuccess(this.f5470b);
            }

            @Override // u3.a
            public void onFailure(Auth0Exception error) {
                s.g(error, "error");
                this.f5469a.callback.onFailure(new AuthenticationException(k.ERROR_VALUE_ID_TOKEN_VALIDATION_FAILED, error));
            }
        }

        c() {
        }

        @Override // u3.a
        /* renamed from: a, reason: merged with bridge method [inline-methods] */
        public void onFailure(AuthenticationException error) {
            s.g(error, "error");
            if (s.b("Unauthorized", error.g())) {
                Log.e(l.f5471b, "Unable to complete authentication with PKCE. PKCE support can be enabled by setting Application Type to 'Native' and Token Endpoint Authentication Method to 'None' for this app at 'https://manage.auth0.com/#/applications/" + k.this.apiClient.c() + "/settings'.");
            }
            k.this.callback.onFailure(error);
        }

        @Override // u3.a
        /* renamed from: b, reason: merged with bridge method [inline-methods] */
        public void onSuccess(Credentials credentials) {
            s.g(credentials, "credentials");
            k.this.n(credentials.c(), new a(k.this, credentials));
        }
    }

    public k(r3.a account, u3.a<Credentials, AuthenticationException> callback, Map<String, String> parameters, CustomTabsOptions ctOptions, boolean z10) {
        s.g(account, "account");
        s.g(callback, "callback");
        s.g(parameters, "parameters");
        s.g(ctOptions, "ctOptions");
        this.account = account;
        this.callback = callback;
        this.launchAsTwa = z10;
        this.headers = new HashMap();
        Map<String, String> t10 = j0.t(parameters);
        this.parameters = t10;
        t10.put("response_type", KEY_CODE);
        this.apiClient = new s3.a(account);
        this.ctOptions = ctOptions;
    }

    private final void j(Map<String, String> map, String str) {
        map.put(KEY_AUTH0_CLIENT_INFO, this.account.d().a());
        map.put(KEY_CLIENT_ID, this.account.f());
        map.put(KEY_REDIRECT_URI, str);
    }

    private final void k(Map<String, String> map, String str, Map<String, String> map2) {
        p(str, map2);
        l lVar = this.pkce;
        s.d(lVar);
        String codeChallenge = lVar.a();
        s.f(codeChallenge, "codeChallenge");
        map.put(KEY_CODE_CHALLENGE, codeChallenge);
        map.put(KEY_CODE_CHALLENGE_METHOD, METHOD_SHA_256);
        Log.v(TAG, "Using PKCE authentication flow");
    }

    private final void l(Map<String, String> map) {
        a aVar = f5464a;
        String b10 = aVar.b(map.get("state"));
        String b11 = aVar.b(map.get("nonce"));
        map.put("state", b10);
        map.put("nonce", b11);
    }

    private final void m(String str, String str2) {
        if (str == null) {
            return;
        }
        Log.e(TAG, "Error, access denied. Check that the required Permissions are granted and that the Application has this Connection configured in Auth0 Dashboard.");
        if (dh.n.v(ERROR_VALUE_ACCESS_DENIED, str, true)) {
            if (str2 == null) {
                str2 = "Permissions were not granted. Try again.";
            }
            throw new AuthenticationException(ERROR_VALUE_ACCESS_DENIED, str2);
        }
        if (dh.n.v(ERROR_VALUE_UNAUTHORIZED, str, true)) {
            if (str2 == null) {
                str2 = "An unexpected error occurred.";
            }
            throw new AuthenticationException(ERROR_VALUE_UNAUTHORIZED, str2);
        }
        if (s.b(ERROR_VALUE_LOGIN_REQUIRED, str)) {
            if (str2 == null) {
                str2 = "An unexpected error occurred.";
            }
            throw new AuthenticationException(str, str2);
        }
        if (str2 == null) {
            str2 = "An unexpected error occurred.";
        }
        throw new AuthenticationException(str, str2);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public final void n(String str, u3.a<Void, Auth0Exception> aVar) {
        if (TextUtils.isEmpty(str)) {
            aVar.onFailure(new IdTokenMissingException());
            return;
        }
        try {
            s.d(str);
            Jwt jwt = new Jwt(str);
            n.c(jwt.h(), this.apiClient, new b(aVar, this, jwt));
        } catch (Exception e10) {
            aVar.onFailure(new UnexpectedIdTokenException(e10));
        }
    }

    private final Uri o() {
        Uri.Builder buildUpon = Uri.parse(this.account.e()).buildUpon();
        for (Map.Entry<String, String> entry : this.parameters.entrySet()) {
            buildUpon.appendQueryParameter(entry.getKey(), entry.getValue());
        }
        Uri uri = buildUpon.build();
        Log.d(TAG, "Using the following Authorize URI: " + uri);
        s.f(uri, "uri");
        return uri;
    }

    private final void p(String str, Map<String, String> map) {
        if (this.pkce == null) {
            this.pkce = new l(this.apiClient, str, map);
        }
    }

    @Override // com.auth0.android.provider.m
    public void a(AuthenticationException exception) {
        s.g(exception, "exception");
        this.callback.onFailure(exception);
    }

    @Override // com.auth0.android.provider.m
    public boolean b(com.auth0.android.provider.c result) {
        s.g(result, "result");
        if (!result.c(this.requestCode)) {
            Log.w(TAG, "The Authorize Result is invalid.");
            return false;
        }
        if (result.b()) {
            this.callback.onFailure(new AuthenticationException("a0.authentication_canceled", "The user closed the browser app and the authentication was canceled."));
            return true;
        }
        Map<String, String> c10 = d.c(result.a());
        s.f(c10, "getValuesFromUri(result.intentData)");
        if (c10.isEmpty()) {
            Log.w(TAG, "The response didn't contain any of these values: code, state");
            return false;
        }
        Log.d(TAG, "The parsed CallbackURI contains the following parameters: " + c10.keySet());
        try {
            m(c10.get(KEY_ERROR), c10.get(KEY_ERROR_DESCRIPTION));
            a aVar = f5464a;
            String str = this.parameters.get("state");
            s.d(str);
            aVar.a(str, c10.get("state"));
            l lVar = this.pkce;
            s.d(lVar);
            lVar.b(c10.get(KEY_CODE), new c());
            return true;
        } catch (AuthenticationException e10) {
            this.callback.onFailure(e10);
            return true;
        }
    }

    public final long q() {
        Long l10 = this._currentTimeInMillis;
        if (l10 == null) {
            return System.currentTimeMillis();
        }
        s.d(l10);
        return l10.longValue();
    }

    public final void r(Map<String, String> headers) {
        s.g(headers, "headers");
        this.headers.putAll(headers);
    }

    public final void s(String str) {
        if (TextUtils.isEmpty(str)) {
            str = this.apiClient.b();
        }
        this.idTokenVerificationIssuer = str;
    }

    public final void t(Integer num) {
        this.idTokenVerificationLeeway = num;
    }

    public final void u(l lVar) {
        this.pkce = lVar;
    }

    public final void v(Context context, String redirectUri, int i10) {
        s.g(context, "context");
        s.g(redirectUri, "redirectUri");
        com.auth0.android.request.internal.i.f5491a.a(this.parameters);
        k(this.parameters, redirectUri, this.headers);
        j(this.parameters, redirectUri);
        l(this.parameters);
        Uri o10 = o();
        this.requestCode = i10;
        AuthenticationActivity.f5450a.a(context, o10, this.launchAsTwa, this.ctOptions);
    }
}
