package com.paypal.authcore.authentication;

import android.app.PendingIntent;
import android.content.ActivityNotFoundException;
import android.content.BroadcastReceiver;
import android.content.Context;
import android.content.Intent;
import android.content.IntentFilter;
import android.net.Uri;
import android.os.Build;
import android.text.TextUtils;
import android.util.Base64;
import android.util.Log;
import android.webkit.WebSettings;
import androidx.browser.customtabs.CustomTabsClient;
import androidx.browser.customtabs.CustomTabsIntent;
import androidx.browser.customtabs.CustomTabsSession;
import androidx.localbroadcastmanager.content.LocalBroadcastManager;
import com.paypal.android.platform.authsdk.authcommon.utils.ConstantsKt;
import com.paypal.android.platform.authsdk.authcommon.utils.UriChallengeConstantKt;
import com.paypal.authcore.authentication.model.AuthClientConfig;
import com.paypal.authcore.security.BaseSecureKeyWrapper;
import com.paypal.authcore.util.BasePreferences;
import com.paypal.openid.AuthorizationException;
import com.paypal.openid.AuthorizationManagementActivity;
import com.paypal.openid.AuthorizationRequest;
import com.paypal.openid.AuthorizationService;
import com.paypal.openid.AuthorizationServiceConfiguration;
import com.paypal.openid.CodeVerifierUtil;
import com.paypal.openid.Preconditions;
import com.paypal.openid.TokenRequest;
import com.paypal.openid.TokenResponse;
import com.paypal.openid.browser.BrowserDescriptor;
import com.paypal.openid.browser.CustomTabManager;
import com.paypal.openid.internal.Logger;
import com.paypal.openid.internal.UriUtil;
import com.paypal.pyplcheckout.flavorauth.ThirdPartyAuth$getFullAuthenticatedAccessToken$1;
import java.security.InvalidKeyException;
import java.security.Signature;
import java.security.SignatureException;
import java.text.SimpleDateFormat;
import java.util.Arrays;
import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
import java.util.Random;
import java.util.TimeZone;
import java.util.concurrent.CountDownLatch;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicReference;

/* loaded from: classes3.dex */
public class Authenticator {
    public final com.paypal.authcore.authentication.a C;
    public final AuthorizationService a;
    public final RiskDelegate e;
    public final AuthClientConfig f;
    public AuthenticationDelegate g;
    public AuthStateManager i;
    public final Context j;
    public String y;
    public final AtomicReference b = new AtomicReference();
    public final AtomicReference c = new AtomicReference();
    public final String k = "asymmetricKeyAlias";
    public final String l = "response_type";
    public final String m = "token";
    public final String n = "code_challenge_method";
    public final String o = "code_challenge";
    public final String p = "visitor_id";
    public final String r = "risk_data";
    public String v = "";
    public TokenResponse w = null;
    public final String x = ConstantsKt.CHALLENGE_METHOD_ES256;
    public String z = null;
    public String A = null;
    public String B = null;
    public final String J = ConstantsKt.PAYPAL_ENTRY_POINT;
    public final String K = ConstantsKt.PAYPAL_ENTRY_POINT_VALUE;

    /* loaded from: classes3.dex */
    class a extends BroadcastReceiver {
        public a() {
        }

        @Override // android.content.BroadcastReceiver
        public final void onReceive(Context context, Intent intent) {
            Authenticator authenticator = Authenticator.this;
            authenticator.getClass();
            if (intent != null && intent.getExtras() != null) {
                intent.getExtras().containsKey("authCancelled");
            }
            authenticator.i = AuthStateManager.getInstance(context);
            boolean booleanExtra = intent != null ? intent.getBooleanExtra("TokenRequestSuccess", false) : false;
            TokenResponse tokenResponse = authenticator.i.getCurrent().e;
            AuthenticationDelegate authenticationDelegate = authenticator.g;
            if (authenticationDelegate == null) {
                return;
            }
            if (!booleanExtra || tokenResponse == null) {
                authenticationDelegate.completeWithFailure(authenticator.i.getCurrent().g);
                return;
            }
            authenticator.v = "loggedIn";
            authenticator.w = tokenResponse;
            authenticationDelegate.completeWithSuccess(tokenResponse);
            Intent intent2 = new Intent("accessTokenReceiver");
            intent2.putExtra(UriChallengeConstantKt.ACCESS_TOKEN, tokenResponse.accessToken);
            Long l = tokenResponse.accessTokenExpirationTime;
            if (l == null) {
                intent2.putExtra("tokenExpireTime", -1L);
            } else {
                intent2.putExtra("tokenExpireTime", l);
            }
            intent2.putExtra("authenticationState", AuthenticationState.LoggedIn);
            LocalBroadcastManager.getInstance(context).sendBroadcast(intent2);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes3.dex */
    public class b implements AuthorizationService.TokenResponseCallback {
        public final /* synthetic */ AuthorizationServiceConfiguration a;

        public b(AuthorizationServiceConfiguration authorizationServiceConfiguration) {
            this.a = authorizationServiceConfiguration;
        }

        @Override // com.paypal.openid.AuthorizationService.TokenResponseCallback
        public final void onTokenRequestCompleted(TokenResponse tokenResponse, AuthorizationException authorizationException) {
            Authenticator authenticator = Authenticator.this;
            if (tokenResponse != null) {
                authenticator.v = "remembered";
                authenticator.w = tokenResponse;
                authenticator.g.completeWithSuccess(tokenResponse);
            } else {
                authenticator.C.a.edit().clear().commit();
                authenticator.C.encryptAndAddToPreference("authUrl", authenticator.f.c);
                authenticator.a(this.a, new Intent(authenticator.j, (Class<?>) TokenActivity.class), new Intent(authenticator.j, (Class<?>) TokenActivity.class));
            }
        }
    }

    /* JADX WARN: Type inference failed for: r4v3, types: [com.paypal.authcore.authentication.a, com.paypal.authcore.util.BasePreferences] */
    public Authenticator(Context context, AuthClientConfig authClientConfig, RiskDelegate riskDelegate) {
        this.j = context;
        this.f = authClientConfig;
        this.a = new AuthorizationService(context);
        this.e = riskDelegate;
        LocalBroadcastManager.getInstance(context).registerReceiver(new a(), new IntentFilter("com.paypal.authcore.authentication"));
        this.C = new BasePreferences(context, "com.paypal.android.authcore.refreshToken");
    }

    /* JADX WARN: Type inference failed for: r0v19, types: [com.paypal.authcore.security.BaseSecureKeyWrapper, java.lang.Object] */
    public final void a(AuthorizationServiceConfiguration authorizationServiceConfiguration, Intent intent, Intent intent2) {
        Context context = this.j;
        CustomTabsSession customTabsSession = null;
        try {
            this.A = BaseSecureKeyWrapper.base64AndUrlSafeEncodedStringFromBytes(new Object().generatePublicKey(this.k, context.getApplicationContext()).getEncoded());
            if (!a()) {
                Log.d("Authenticator", "Exception in generating Nonce and signature");
                this.g.completeWithFailure(null);
            }
        } catch (RuntimeException e) {
            Log.d("Authenticator", "Exception in generating Nonce and signature " + e);
            this.g.completeWithFailure(AuthorizationException.fromTemplate(AuthorizationException.GeneralErrors.AUTH_FLOW_ERROR, e.getCause()));
        }
        AuthClientConfig authClientConfig = this.f;
        AuthorizationRequest.Builder builder = new AuthorizationRequest.Builder(authorizationServiceConfiguration, authClientConfig.a, "code", Uri.parse(authClientConfig.b), this.y);
        String str = authClientConfig.e;
        if (TextUtils.isEmpty(str)) {
            builder.i = null;
        } else {
            String[] split = str.split(" +");
            if (split == null) {
                split = new String[0];
            }
            builder.setScopes(Arrays.asList(split));
        }
        String str2 = this.A;
        String str3 = this.z;
        String str4 = this.B;
        if (str2 != null) {
            CodeVerifierUtil.checkCodeVerifier(str2);
            Preconditions.checkNotEmpty(str3, "code verifier challenge cannot be null or empty if verifier is set");
            Preconditions.checkNotEmpty(str4, "code verifier challenge method cannot be null or empty if verifier is set");
        } else {
            Preconditions.checkArgument("code verifier challenge must be null if verifier is null", str3 == null);
            Preconditions.checkArgument("code verifier challenge method must be null if verifier is null", str4 == null);
        }
        builder.k = str2;
        builder.l = str3;
        builder.m = str4;
        AtomicReference atomicReference = this.b;
        atomicReference.set(builder.build());
        Uri.Builder buildUpon = ((AuthorizationRequest) atomicReference.get()).toUri().buildUpon();
        Map map = authClientConfig.f;
        if (map != null) {
            for (Map.Entry entry : map.entrySet()) {
                if (entry != null) {
                    UriUtil.appendQueryParameterIfNotNull(buildUpon, (String) entry.getKey(), entry.getValue());
                }
            }
        }
        Uri[] uriArr = {buildUpon.build()};
        AuthorizationService authorizationService = this.a;
        CustomTabManager customTabManager = authorizationService.c;
        CountDownLatch countDownLatch = customTabManager.c;
        try {
            countDownLatch.await(1L, TimeUnit.SECONDS);
        } catch (InterruptedException unused) {
            Logger.getInstance().log(4, null, "Interrupted while waiting for browser connection", new Object[0]);
            countDownLatch.countDown();
        }
        CustomTabsClient customTabsClient = (CustomTabsClient) customTabManager.b.get();
        if (customTabsClient != null) {
            customTabsSession = customTabsClient.newSession(null);
            customTabsSession.mayLaunchUrl(uriArr[0], Collections.emptyList());
        }
        CustomTabsIntent.Builder builder2 = new CustomTabsIntent.Builder(customTabsSession);
        AtomicReference atomicReference2 = this.c;
        atomicReference2.set(builder2.build());
        int i = Build.VERSION.SDK_INT >= 31 ? 33554432 : 0;
        AuthorizationRequest authorizationRequest = (AuthorizationRequest) atomicReference.get();
        PendingIntent activity = PendingIntent.getActivity(context, 0, intent, i);
        PendingIntent activity2 = PendingIntent.getActivity(context, 0, intent2, i);
        CustomTabsIntent customTabsIntent = (CustomTabsIntent) atomicReference2.get();
        Log.d("Authenticator", "In performAuthorizationRequest of Authorization Service");
        authorizationRequest.getClass();
        activity.getClass();
        customTabsIntent.getClass();
        BrowserDescriptor browserDescriptor = authorizationService.d;
        if (browserDescriptor == null) {
            throw new ActivityNotFoundException();
        }
        Uri uri = authorizationRequest.toUri();
        Boolean bool = browserDescriptor.useCustomTab;
        Intent intent3 = bool.booleanValue() ? customTabsIntent.intent : new Intent("android.intent.action.VIEW");
        intent3.setPackage(browserDescriptor.packageName);
        intent3.setData(uri);
        Logger.debug("Using %s as browser for auth, custom tab = %s", intent3.getPackage(), bool.toString());
        intent3.putExtra("android.support.customtabs.extra.TITLE_VISIBILITY", 0);
        Logger.debug("Initiating authorization request to %s", authorizationRequest.configuration.authorizationEndpoint);
        Context context2 = authorizationService.a;
        int i2 = AuthorizationManagementActivity.$r8$clinit;
        Intent intent4 = new Intent(context2, (Class<?>) AuthorizationManagementActivity.class);
        intent4.putExtra("authIntent", intent3);
        intent4.putExtra("authRequest", authorizationRequest.jsonSerialize().toString());
        intent4.putExtra("completeIntent", activity);
        intent4.putExtra("cancelIntent", activity2);
        intent4.setFlags(268435456);
        context2.startActivity(intent4);
    }

    public final boolean a() {
        Signature a2;
        SimpleDateFormat simpleDateFormat = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss'Z'");
        simpleDateFormat.setTimeZone(TimeZone.getTimeZone("GMT"));
        String replace = (simpleDateFormat.format(new Date()) + Base64.encodeToString(String.valueOf(new Random(16L).nextInt()).getBytes(), 9)).replace("\n", "");
        if (replace == null) {
            return false;
        }
        if (Build.VERSION.SDK_INT < 23) {
            Log.d("Authenticator", "generateSignature api support required min api level 23");
            return false;
        }
        String str = this.k;
        try {
            a2 = BaseSecureKeyWrapper.a(str, (String) null);
        } catch (RuntimeException e) {
            if (!(e.getCause() instanceof InvalidKeyException)) {
                throw e;
            }
            a2 = BaseSecureKeyWrapper.a(str, "AndroidKeyStoreBCWorkaround");
        }
        try {
            a2.update(replace.getBytes());
            String base64AndUrlSafeEncodedStringFromBytes = BaseSecureKeyWrapper.base64AndUrlSafeEncodedStringFromBytes(a2.sign());
            Log.d("BaseSecureKeyWrapper", "encoded Signature String: ".concat(base64AndUrlSafeEncodedStringFromBytes));
            this.y = replace;
            this.z = base64AndUrlSafeEncodedStringFromBytes;
            return true;
        } catch (SignatureException e2) {
            e2.printStackTrace();
            Log.d("BaseSecureKeyWrapper", "signDataUsingSignatureObject : Exception in signDataUsingSignatureObject", e2);
            throw new RuntimeException(e2);
        }
    }

    public final void authenticateForAccessTokenWithDelegate(AuthenticationDelegate authenticationDelegate, Context context) {
        this.g = authenticationDelegate;
        context.getApplicationContext();
        AuthClientConfig authClientConfig = this.f;
        AuthorizationServiceConfiguration authorizationServiceConfiguration = new AuthorizationServiceConfiguration(Uri.parse(authClientConfig.d), Uri.parse(authClientConfig.c), null);
        this.B = this.x;
        Context context2 = this.j;
        Intent intent = new Intent(context2, (Class<?>) TokenActivity.class);
        Intent intent2 = new Intent(context2, (Class<?>) TokenActivity.class);
        String str = authClientConfig.c;
        com.paypal.authcore.authentication.a aVar = this.C;
        if (!str.equals(aVar.decryptString("authUrl")) || aVar.decryptString("refreshToken") == null) {
            aVar.a.edit().clear().commit();
            aVar.encryptAndAddToPreference("authUrl", str);
            a(authorizationServiceConfiguration, intent, intent2);
            return;
        }
        try {
            if (!a()) {
                Log.d("Authenticator", "Exception in generating Nonce and signature");
                this.g.completeWithFailure(null);
            }
        } catch (RuntimeException e) {
            Log.d("Authenticator", "Exception in generating Nonce and signature ");
            this.g.completeWithFailure(AuthorizationException.fromTemplate(AuthorizationException.GeneralErrors.AUTH_FLOW_ERROR, e.getCause()));
        }
        String trackingID = this.g.getTrackingID();
        RiskDelegate riskDelegate = this.e;
        riskDelegate.generatePairingIdAndNotifyDyson((trackingID == null || this.g.getTrackingID().length() <= 0) ? "noEcToken" : this.g.getTrackingID());
        String riskPayload = riskDelegate.getRiskPayload();
        HashMap hashMap = new HashMap();
        hashMap.put(this.r, riskPayload);
        String str2 = this.l;
        String str3 = this.m;
        hashMap.put(str2, str3);
        if (aVar.decryptString("riskVisitorId") != null) {
            hashMap.put(this.p, str3);
        }
        hashMap.put(this.n, this.B);
        hashMap.put(this.o, this.z);
        hashMap.put(this.J, this.K);
        try {
            hashMap.put("user-agent", WebSettings.getDefaultUserAgent(context2).concat(" PayPal3PSDK/PayPal"));
        } catch (Exception e2) {
            e2.printStackTrace();
        }
        TokenRequest.Builder builder = new TokenRequest.Builder(authorizationServiceConfiguration, authClientConfig.a);
        Uri parse = Uri.parse(authClientConfig.b);
        if (parse != null) {
            Preconditions.checkNotNull(parse.getScheme(), "redirectUri must have a scheme");
        }
        builder.d = parse;
        Preconditions.checkNotEmpty("refresh_token", "grantType cannot be null or empty");
        builder.c = "refresh_token";
        String decryptString = aVar.decryptString("refreshToken");
        if (decryptString != null) {
            Preconditions.checkNotEmpty(decryptString, "refresh token cannot be empty if defined");
        }
        builder.g = decryptString;
        builder.setAdditionalParameters(hashMap);
        builder.h = null;
        String str4 = this.y;
        if (str4 != null) {
            builder.l = str4;
        }
        TokenRequest build = builder.build();
        Log.d("Token Request: ", build.toString());
        this.a.performTokenRequest(build, new b(authorizationServiceConfiguration));
    }

    public final void getFullAuthenticatedAccessTokenWithDelegate(ThirdPartyAuth$getFullAuthenticatedAccessToken$1 thirdPartyAuth$getFullAuthenticatedAccessToken$1, Context context) {
        TokenResponse tokenResponse;
        String str;
        com.paypal.authcore.authentication.a aVar = this.C;
        Context context2 = this.j;
        AuthClientConfig authClientConfig = this.f;
        this.g = thirdPartyAuth$getFullAuthenticatedAccessToken$1;
        try {
            context.getApplicationContext();
            String str2 = this.v;
            if (str2 == null || str2.compareToIgnoreCase("loggedIn") != 0 || (tokenResponse = this.w) == null || (str = tokenResponse.accessToken) == null || str.isEmpty()) {
                AuthorizationServiceConfiguration authorizationServiceConfiguration = new AuthorizationServiceConfiguration(Uri.parse(authClientConfig.d), Uri.parse(authClientConfig.c), null);
                this.B = this.x;
                Intent intent = new Intent(context2, (Class<?>) TokenActivity.class);
                Intent intent2 = new Intent(context2, (Class<?>) TokenActivity.class);
                String str3 = authClientConfig.c;
                aVar.a.edit().clear().commit();
                aVar.encryptAndAddToPreference("authUrl", str3);
                a(authorizationServiceConfiguration, intent, intent2);
            } else {
                this.g.completeWithSuccess(this.w);
            }
        } catch (Exception unused) {
            this.g.completeWithFailure(null);
        }
    }

    public final void logOutUser() {
        this.w = null;
        this.v = "";
        this.C.a.edit().clear().commit();
    }
}
