package oracle.idm.mobile.auth;

import android.net.Uri;
import android.text.TextUtils;
import java.io.UnsupportedEncodingException;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.Collections;
import java.util.Comparator;
import java.util.Date;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.WeakHashMap;
import oracle.idm.mobile.OMErrorCode;
import oracle.idm.mobile.OMMobileSecurityException;
import oracle.idm.mobile.OMMobileSecurityService;
import oracle.idm.mobile.OMSecurityConstants;
import oracle.idm.mobile.auth.OAuthConnectionsUtil;
import oracle.idm.mobile.auth.OMAuthenticationContext;
import oracle.idm.mobile.configuration.OMMobileSecurityConfiguration;
import org.json.JSONException;
import org.json.JSONObject;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes.dex */
public abstract class m extends AuthenticationService {

    /* renamed from: i, reason: collision with root package name */
    private static String f6439i = "m";

    /* renamed from: e, reason: collision with root package name */
    private WeakHashMap<String, Object> f6440e;

    /* renamed from: f, reason: collision with root package name */
    protected oracle.idm.mobile.configuration.e f6441f;

    /* renamed from: g, reason: collision with root package name */
    protected boolean f6442g;

    /* renamed from: h, reason: collision with root package name */
    private String f6443h;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public class b implements Comparator<OAuthToken> {
        private b() {
        }

        @Override // java.util.Comparator
        /* renamed from: a, reason: merged with bridge method [inline-methods] */
        public int compare(OAuthToken oAuthToken, OAuthToken oAuthToken2) {
            if (oAuthToken.h().size() == oAuthToken2.h().size()) {
                return 0;
            }
            return oAuthToken.h().size() < oAuthToken2.h().size() ? -1 : 1;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public m(d dVar, x xVar) {
        super(dVar, xVar);
        this.f6442g = false;
        this.f6441f = (oracle.idm.mobile.configuration.e) dVar.q().n();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public m(d dVar, x xVar, w2.c cVar) {
        super(dVar, xVar, cVar);
        this.f6442g = false;
        this.f6441f = (oracle.idm.mobile.configuration.e) dVar.q().n();
    }

    private List<OAuthToken> A(List<OAuthToken> list, Set<String> set) {
        ArrayList arrayList = new ArrayList();
        Iterator<OAuthToken> it = list.iterator();
        while (it.hasNext()) {
            OAuthToken next = it.next();
            if (F(next) && (set == null || set.size() <= 0 || (next.h().size() > 0 && next.h().containsAll(set)))) {
                arrayList.add(next);
                it.remove();
            }
        }
        return arrayList;
    }

    private w D() {
        if (this.f6441f.q0() == OMMobileSecurityConfiguration.BrowserMode.EMBEDDED) {
            return new w(OMAuthenticationChallengeType.EMBEDDED_WEBVIEW_REQUIRED);
        }
        w wVar = new w(OMAuthenticationChallengeType.EXTERNAL_BROWSER_INVOCATION_REQUIRED);
        wVar.a("external_browser_load_url_key", this.f6123a.r().p(this.f6123a.l()));
        return wVar;
    }

    private boolean I(OMAuthenticationContext oMAuthenticationContext) {
        Date u3 = oMAuthenticationContext.u();
        Date time = Calendar.getInstance().getTime();
        if (u3 == null || oMAuthenticationContext.t() == 0) {
            return true;
        }
        if (!time.after(u3) && !time.equals(u3)) {
            return oMAuthenticationContext.t() <= 0 || oMAuthenticationContext.X();
        }
        k3.a.a(f6439i + "_isValid", "Idle time is expired.");
        return false;
    }

    private void N(JSONObject jSONObject) {
        OMErrorCode oMErrorCode;
        String optString = jSONObject.optString(OAuthConnectionsUtil.OAuthResponseParameters.ERROR.i());
        String optString2 = jSONObject.optString(OAuthConnectionsUtil.OAuthResponseParameters.ERROR_DESCRIPTION.i());
        StringBuilder sb = new StringBuilder();
        if (optString == null) {
            throw new OMMobileSecurityException(OMErrorCode.OAUTH_AUTHENTICATION_FAILED);
        }
        OMErrorCode[] l4 = OMErrorCode.l();
        int length = l4.length;
        int i4 = 0;
        while (true) {
            if (i4 >= length) {
                oMErrorCode = null;
                break;
            }
            oMErrorCode = l4[i4];
            if (oMErrorCode.k().equalsIgnoreCase(optString)) {
                if (TextUtils.isEmpty(optString2)) {
                    optString2 = oMErrorCode.j();
                }
                if (optString2 == null) {
                    optString2 = "undefined";
                }
                sb.append(optString2);
            } else {
                i4++;
            }
        }
        if (oMErrorCode != null) {
            throw new OMMobileSecurityException(oMErrorCode, sb.toString());
        }
        if (!TextUtils.isEmpty(optString) && "IDAAS-62001".equals(optString)) {
            throw new OMMobileSecurityException(OMErrorCode.OAUTH_AUTHENTICATION_FAILED);
        }
    }

    private void P(OMAuthenticationContext oMAuthenticationContext) {
        if (this.f6123a.q().n().L()) {
            String F = oMAuthenticationContext.F() != null ? oMAuthenticationContext.F() : this.f6123a.g();
            String p02 = oMAuthenticationContext.p0(true);
            this.f6123a.q().l().a(F, p02);
            k3.a.f(f6439i, "Stored the authContext persistently which is updated with expired access tokens(which do not have refresh token) being removed and / or  new token(s) being added.");
            if (p02 == null || !OMSecurityConstants.f6087a) {
                return;
            }
            try {
                l3.e.a("AuthContext persisted: " + new JSONObject(p02).toString(3));
            } catch (JSONException e4) {
                k3.a.d(f6439i, e4.getMessage(), e4);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public WeakHashMap<String, Object> B() {
        if (this.f6440e == null) {
            this.f6440e = new WeakHashMap<>();
        }
        this.f6440e.clear();
        return this.f6440e;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String C() {
        OMMobileSecurityService q3 = this.f6123a.q();
        if (this.f6443h == null) {
            this.f6443h = new JSONObject(q3.n().w(q3.g(), q3.l())).optString("deviceProfile");
        }
        return this.f6443h;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String E(String str, oracle.idm.mobile.configuration.e eVar, String str2) {
        HashMap hashMap = new HashMap();
        if (eVar.B0() || eVar.y0()) {
            k3.a.a(f6439i, "Client Auth Header Added!");
            try {
                hashMap.put("Authorization", "Basic " + this.f6123a.r().k());
            } catch (UnsupportedEncodingException e4) {
                k3.a.d(f6439i, e4.getMessage(), e4);
            }
        }
        if (eVar.k0() && !TextUtils.isEmpty(str2)) {
            hashMap.put(eVar.y(), str2);
            k3.a.a(f6439i, "Identity Domain header " + eVar.y() + " : " + str2 + " set!");
        }
        if (!eVar.o().isEmpty()) {
            hashMap.putAll(eVar.o());
            k3.a.a(f6439i, "Custom Auth headers added!");
        }
        oracle.idm.mobile.connection.b s3 = this.f6123a.q().j().s(eVar.w0(), hashMap, str, OMSecurityConstants.ConnectionConstants.OAUTH20_CONTENT_TYPE.i(), i3.b.f4832a | i3.b.f4834c);
        if (s3 != null && s3.b() == 200) {
            return s3.e();
        }
        if (s3 == null) {
            return null;
        }
        try {
            k3.a.c(f6439i, "Error getting the token response : " + s3.d());
            N(new JSONObject(s3.d()));
            return null;
        } catch (JSONException e5) {
            k3.a.d(f6439i, "Error while parsing OAuth error string", e5);
            throw new OMMobileSecurityException(OMErrorCode.INTERNAL_ERROR);
        }
    }

    protected boolean F(OMToken oMToken) {
        return "oauth_access_token".equals(oMToken.getName());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Multi-variable type inference failed */
    public boolean G(OMAuthenticationContext oMAuthenticationContext, Set<String> set, boolean z3) {
        k3.a.a(f6439i, "isValid(scopes)");
        OMAuthenticationContext.AuthenticationProvider o3 = oMAuthenticationContext.o();
        boolean z4 = true;
        if (o3 != OMAuthenticationContext.AuthenticationProvider.OPENIDCONNECT10 && o3 != OMAuthenticationContext.AuthenticationProvider.OAUTH20) {
            k3.a.a(f6439i, "Not an openID or OAuth config returning true!");
            return true;
        }
        List<OAuthToken> arrayList = new ArrayList<>(oMAuthenticationContext.y());
        OMAuthenticationContext.AuthenticationMode m3 = oMAuthenticationContext.m();
        k3.a.a(f6439i, "authenticated mode: " + m3);
        boolean z5 = false;
        if (oMAuthenticationContext.y().isEmpty() && m3 == OMAuthenticationContext.AuthenticationMode.ONLINE) {
            return false;
        }
        List<OAuthToken> A = A(arrayList, set);
        if (A.isEmpty()) {
            k3.a.a(f6439i, "No Valid access tokens, so return false");
            return false;
        }
        OAuthToken oAuthToken = null;
        Object[] objArr = 0;
        if (A.size() > 1) {
            Collections.sort(A, new b());
        }
        Iterator<OAuthToken> it = A.iterator();
        boolean z6 = false;
        while (it.hasNext()) {
            OAuthToken next = it.next();
            if (F(next)) {
                if (next.b()) {
                    k3.a.a(f6439i, "Access Token is expired!");
                    if (!TextUtils.isEmpty(next.g())) {
                        if (!z3) {
                            break;
                        }
                        String g4 = next.g();
                        String f4 = next.f();
                        WeakHashMap<String, Object> weakHashMap = new WeakHashMap<>();
                        weakHashMap.put("ParamOAuthRefreshTokenValue", g4);
                        try {
                            String E = E(this.f6123a.r().i(weakHashMap), (oracle.idm.mobile.configuration.e) this.f6123a.q().n(), oMAuthenticationContext.s());
                            if (E == null || (oAuthToken = J(E)) == null) {
                                z6 = true;
                            } else {
                                oAuthToken.o(next.h());
                                if (TextUtils.isEmpty(oAuthToken.g())) {
                                    oAuthToken.n(g4);
                                }
                                if (TextUtils.isEmpty(oAuthToken.f())) {
                                    oAuthToken.m(f4);
                                }
                                it.remove();
                            }
                        } catch (UnsupportedEncodingException unused) {
                            throw new OMMobileSecurityException(OMErrorCode.INTERNAL_ERROR);
                        } catch (JSONException unused2) {
                            throw new OMMobileSecurityException(OMErrorCode.INTERNAL_ERROR);
                        }
                    } else {
                        k3.a.a(f6439i, "No refresh token available for the expired access token!");
                        it.remove();
                    }
                } else {
                    k3.a.a(f6439i, "Access Token not expired!");
                    z4 = z6;
                }
                z5 = true;
                break;
            }
        }
        z4 = z6;
        if (z4 && oAuthToken != null) {
            k3.a.a(f6439i, "Refreshed the expired access token!");
            A.add(oAuthToken);
            if (oMAuthenticationContext.m() == OMAuthenticationContext.AuthenticationMode.OFFLINE) {
                k3.a.a(f6439i, "Changed the authenticate mode from LOCAL to REMOTE, since the expired access token was refreshed.");
                oMAuthenticationContext.Y(OMAuthenticationContext.AuthenticationMode.ONLINE);
            }
        }
        arrayList.addAll(A);
        oMAuthenticationContext.g0(arrayList);
        k3.a.a(f6439i, "isValidResult = " + z5);
        if (this.f6123a.q().n().L()) {
            P(oMAuthenticationContext);
        }
        return z5;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean H(OMAuthenticationContext oMAuthenticationContext, boolean z3) {
        String str = f6439i + "_isValidInternalAT";
        OMAuthenticationContext.AuthenticationMode m3 = oMAuthenticationContext.m();
        if (m3 == OMAuthenticationContext.AuthenticationMode.OFFLINE) {
            return I(oMAuthenticationContext);
        }
        boolean z4 = false;
        if (m3 == OMAuthenticationContext.AuthenticationMode.ONLINE && oMAuthenticationContext.y().isEmpty()) {
            return false;
        }
        Iterator<OAuthToken> it = oMAuthenticationContext.y().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            OAuthToken next = it.next();
            if (F(next) && !next.b()) {
                z4 = true;
                break;
            }
        }
        k3.a.a(str, "Authenticated Mode: " + m3 + ", isValid : " + z4);
        return z4;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public OAuthToken J(String str) {
        Set<String> m3;
        try {
            OAuthToken oAuthToken = new OAuthToken(str);
            Set<String> r3 = this.f6123a.r().r();
            if (r3 == null || r3.size() == 0) {
                m3 = this.f6123a.r().m();
            } else {
                m3 = new HashSet<>();
                m3.addAll(r3);
            }
            oAuthToken.c("oauth_access_token");
            oAuthToken.o(m3);
            k3.a.a(f6439i, "onAccessToken");
            return oAuthToken;
        } catch (JSONException e4) {
            k3.a.c(f6439i, "Error while parsing the access token : " + str);
            throw e4;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void K(OMAuthenticationContext oMAuthenticationContext, OAuthToken oAuthToken, OMAuthenticationContext.AuthenticationProvider authenticationProvider) {
        k3.a.a(f6439i, "onAuthSuccess!");
        ArrayList arrayList = new ArrayList();
        arrayList.add(oAuthToken);
        for (Map.Entry<String, OMToken> entry : oMAuthenticationContext.J().entrySet()) {
            if ((entry.getValue() instanceof OAuthToken) && !entry.getValue().b()) {
                arrayList.add((OAuthToken) entry.getValue());
                k3.a.a(f6439i, "Added auxiliary token : " + entry.getKey() + " to the token list!");
            }
        }
        OMAuthenticationContext y3 = this.f6123a.q().y();
        if (y3 != null) {
            Iterator it = ((ArrayList) y3.y()).iterator();
            while (it.hasNext()) {
                OAuthToken oAuthToken2 = (OAuthToken) it.next();
                if (oAuthToken2 != null && "oauth_access_token".equals(oAuthToken2.getName()) && !oAuthToken2.b()) {
                    arrayList.add(oAuthToken2);
                    k3.a.a(f6439i, "Added access token from prev context to the token list!");
                }
            }
        }
        oMAuthenticationContext.a0(authenticationProvider);
        oMAuthenticationContext.g0(arrayList);
        oMAuthenticationContext.l0(OMAuthenticationContext.Status.SUCCESS);
        k3.a.a(f6439i, "Done!");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public OMMobileSecurityException L(Map<String, Object> map) {
        OMErrorCode oMErrorCode;
        Object obj = map.get(OAuthConnectionsUtil.OAuthResponseParameters.ERROR.i());
        Object obj2 = map.get(OAuthConnectionsUtil.OAuthResponseParameters.ERROR_DESCRIPTION.i());
        k3.a.c(f6439i, "Error Response from Server -> error: " + obj + " error_description: " + obj2);
        String str = null;
        if (obj == null) {
            return null;
        }
        String str2 = (String) obj;
        OMErrorCode[] l4 = OMErrorCode.l();
        int length = l4.length;
        int i4 = 0;
        while (true) {
            if (i4 >= length) {
                oMErrorCode = null;
                break;
            }
            oMErrorCode = l4[i4];
            if (str2.equals(oMErrorCode.k())) {
                str = obj2 == null ? oMErrorCode.j() : (String) obj2;
            } else {
                i4++;
            }
        }
        return new OMMobileSecurityException(oMErrorCode, str);
    }

    protected JSONObject M(Map<String, Object> map, String str) {
        JSONObject jSONObject = new JSONObject();
        for (String str2 : str.split("&")) {
            String[] split = str2.split("=");
            map.put(split[0], split[1]);
            jSONObject.put(split[0], split[1]);
        }
        return jSONObject;
    }

    protected JSONObject O(Map<String, Object> map, Uri uri) {
        JSONObject jSONObject = new JSONObject();
        for (OAuthConnectionsUtil.OAuthResponseParameters oAuthResponseParameters : OAuthConnectionsUtil.OAuthResponseParameters.values()) {
            String queryParameter = uri.getQueryParameter(oAuthResponseParameters.i());
            if (queryParameter != null) {
                map.put(oAuthResponseParameters.i(), queryParameter);
                jSONObject.put(oAuthResponseParameters.i(), queryParameter);
            }
        }
        return jSONObject;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean Q(OMAuthenticationContext oMAuthenticationContext, WeakHashMap<String, Object> weakHashMap) {
        OAuthMSToken r02 = this.f6441f.r0();
        OAuthConnectionsUtil.OAuthClientAssertionType z3 = z();
        if (OAuthConnectionsUtil.OAuthClientAssertionType.MS_OAUTH == z3) {
            OAuthMSToken M = this.f6123a.M();
            if (M == null) {
                throw new OMMobileSecurityException(OMErrorCode.OAUTH_MS_CLIENT_ASSERTION_INVALID);
            }
            weakHashMap.put("OAuthClientAssertion", M);
            return true;
        }
        if (OAuthConnectionsUtil.OAuthClientAssertionType.IDCS != z3) {
            if (r02 == null) {
                return false;
            }
            weakHashMap.put("OAuthClientAssertion", r02);
            return true;
        }
        IDCSClientRegistrationToken iDCSClientRegistrationToken = (IDCSClientRegistrationToken) oMAuthenticationContext.J().get("client_registration_token");
        if (iDCSClientRegistrationToken == null) {
            throw new OMMobileSecurityException(OMErrorCode.IDCS_CLIENT_REGISTRATION_TOKEN_NOT_AVAILABLE);
        }
        weakHashMap.put("OAuthClientAssertion", iDCSClientRegistrationToken);
        return true;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void R(HashMap<String, Object> hashMap) {
        JSONObject M;
        String str;
        if (hashMap == null || hashMap.isEmpty() || !hashMap.containsKey("redirect_response_key")) {
            throw new OMMobileSecurityException(OMErrorCode.OAUTH_AUTHENTICATION_FAILED);
        }
        Object obj = hashMap.get("redirect_response_key");
        Uri uri = null;
        if (obj instanceof String) {
            uri = Uri.parse((String) obj);
        } else if (obj instanceof Uri) {
            uri = (Uri) obj;
        }
        if (uri == null) {
            k3.a.c(f6439i, "Unable to retrieve redirect response ");
            throw new OMMobileSecurityException(OMErrorCode.OAUTH_AUTHENTICATION_FAILED);
        }
        String encodedFragment = uri.getEncodedFragment();
        try {
            if (uri.getEncodedQuery() == null) {
                if (encodedFragment != null) {
                    M = M(hashMap, encodedFragment);
                }
                str = (String) hashMap.get(OAuthConnectionsUtil.OAuthResponseParameters.STATE.i());
                if (str == null && str.equals(this.f6123a.r().s())) {
                    return;
                }
                k3.a.c(f6439i, "Invalid state recovered from the response.");
                throw new OMMobileSecurityException(OMErrorCode.OAUTH_AUTHENTICATION_FAILED);
            }
            M = O(hashMap, uri);
            hashMap.put("ParamFrontChannelResponseJSON", M);
            str = (String) hashMap.get(OAuthConnectionsUtil.OAuthResponseParameters.STATE.i());
            if (str == null) {
            }
            k3.a.c(f6439i, "Invalid state recovered from the response.");
            throw new OMMobileSecurityException(OMErrorCode.OAUTH_AUTHENTICATION_FAILED);
        } catch (JSONException e4) {
            k3.a.c(f6439i, "Error while processing JSON response " + e4.getMessage());
            throw new OMMobileSecurityException(OMErrorCode.OAUTH_AUTHENTICATION_FAILED);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void x(OMAuthenticationContext oMAuthenticationContext, boolean z3) {
        ArrayList arrayList = new ArrayList();
        if (!this.f6123a.q().n().R() || z3) {
            arrayList.addAll(oMAuthenticationContext.y());
        } else {
            for (OAuthToken oAuthToken : oMAuthenticationContext.y()) {
                if (!oAuthToken.k()) {
                    arrayList.add(oAuthToken);
                }
            }
            k3.a.a(f6439i, "Since Offline authentication is allowed retaining " + (oMAuthenticationContext.y().size() - arrayList.size()) + " access token(s), having a refresh token.");
        }
        k3.a.a(f6439i, "Cleared " + arrayList.size() + " OAuth access token(s)!");
        oMAuthenticationContext.y().removeAll(arrayList);
        oMAuthenticationContext.J().clear();
    }

    public void y(Map<String, Object> map, oracle.idm.mobile.auth.b bVar) {
        k3.a.a(f6439i, "CollectionLogoutChallengeInput - if application wants to invoke the logout URL");
        this.f6125c.a(this.f6123a.q(), D(), bVar);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public OAuthConnectionsUtil.OAuthClientAssertionType z() {
        OAuthConnectionsUtil.OAuthClientAssertionType oAuthClientAssertionType = (this.f6441f.A0() && this.f6123a.r().t() == OAuthConnectionsUtil.OAuthType.STANDARD) ? OAuthConnectionsUtil.OAuthClientAssertionType.IDCS : this.f6123a.r().t() == OAuthConnectionsUtil.OAuthType.MSOAUTH ? OAuthConnectionsUtil.OAuthClientAssertionType.MS_OAUTH : null;
        k3.a.a(f6439i, "determineClientAssertionType : " + oAuthClientAssertionType);
        return oAuthClientAssertionType;
    }
}
