package com.lnikkila.oidc;

import android.support.annotation.NonNull;
import android.text.TextUtils;
import android.util.Log;
import com.github.kevinsawicki.http.HttpRequest;
import com.google.api.client.auth.oauth2.AuthorizationCodeRequestUrl;
import com.google.api.client.auth.oauth2.AuthorizationCodeTokenRequest;
import com.google.api.client.auth.oauth2.AuthorizationRequestUrl;
import com.google.api.client.auth.oauth2.PasswordTokenRequest;
import com.google.api.client.auth.oauth2.RefreshTokenRequest;
import com.google.api.client.auth.oauth2.TokenResponse;
import com.google.api.client.auth.openidconnect.IdToken;
import com.google.api.client.auth.openidconnect.IdTokenResponse;
import com.google.api.client.auth.openidconnect.IdTokenVerifier;
import com.google.api.client.extensions.android.http.AndroidHttp;
import com.google.api.client.http.BasicAuthentication;
import com.google.api.client.http.GenericUrl;
import com.google.api.client.http.HttpExecuteInterceptor;
import com.google.api.client.json.JsonFactory;
import com.google.api.client.json.gson.GsonFactory;
import com.google.gson.Gson;
import java.io.IOException;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import java.util.Map;

/* loaded from: classes.dex */
public class OIDCUtils {

    /* loaded from: classes.dex */
    public enum Flows {
        Code,
        Implicit,
        Hybrid,
        Password
    }

    public static String codeFlowAuthenticationUrl(String str, String str2, String str3, String[] strArr, Map<String, String> map) {
        List asList = Arrays.asList(strArr);
        AuthorizationCodeRequestUrl authorizationCodeRequestUrl = new AuthorizationCodeRequestUrl(str, str2).setRedirectUri(str3).setScopes((Collection<String>) asList).setState("xyz").set("nonce", (Object) "");
        if (map != null) {
            for (Map.Entry<String, String> entry : map.entrySet()) {
                authorizationCodeRequestUrl.set(entry.getKey(), (Object) entry.getValue());
            }
        }
        if (asList.contains("offline_access")) {
            authorizationCodeRequestUrl.set("prompt", (Object) "consent");
        } else {
            authorizationCodeRequestUrl.set("prompt", (Object) "login");
        }
        authorizationCodeRequestUrl.set("display", (Object) "touch");
        return authorizationCodeRequestUrl.build();
    }

    public static String getTokenNameForClient(@NonNull String str, String str2) {
        if (TextUtils.isEmpty(str)) {
            throw new IllegalArgumentException("Parameter 'defaultTokenName' is null or empty");
        }
        return !TextUtils.isEmpty(str2) ? String.format("%1$s.%2$s", str, str2) : str;
    }

    public static Map getUserInfo(String str, String str2) {
        return getUserInfo(str, str2, null);
    }

    public static Map getUserInfo(String str, String str2, Map<String, String> map) {
        if (map != null) {
            HttpRequest.append(str, map);
        }
        HttpRequest prepareApiRequest = prepareApiRequest(new HttpRequest(str, "GET"), str2);
        if (!prepareApiRequest.ok()) {
            throw new IOException(prepareApiRequest.message());
        }
        return (Map) new Gson().fromJson(prepareApiRequest.body(), Map.class);
    }

    public static String hybridFlowAuthenticationUrl(String str, String str2, String str3, String[] strArr, Map<String, String> map) {
        List asList = Arrays.asList(strArr);
        AuthorizationRequestUrl authorizationRequestUrl = new AuthorizationRequestUrl(str, str2, Arrays.asList("code", "id_token")).setRedirectUri(str3).setScopes(asList).setState("xyz").set("nonce", (Object) "");
        if (map != null) {
            for (Map.Entry<String, String> entry : map.entrySet()) {
                authorizationRequestUrl.set(entry.getKey(), (Object) entry.getValue());
            }
        }
        if (asList.contains("offline_access")) {
            authorizationRequestUrl.set("prompt", (Object) "consent");
        } else {
            authorizationRequestUrl.set("prompt", (Object) "login");
        }
        authorizationRequestUrl.set("display", (Object) "touch");
        return authorizationRequestUrl.build();
    }

    public static String implicitFlowAuthenticationUrl(String str, String str2, String str3, String[] strArr, Map<String, String> map) {
        List asList = Arrays.asList(strArr);
        AuthorizationRequestUrl authorizationRequestUrl = new AuthorizationRequestUrl(str, str2, Arrays.asList("id_token", "token")).setRedirectUri(str3).setScopes(asList).setState("xyz").set("nonce", (Object) "");
        if (map != null) {
            for (Map.Entry<String, String> entry : map.entrySet()) {
                authorizationRequestUrl.set(entry.getKey(), (Object) entry.getValue());
            }
        }
        if (asList.contains("offline_access")) {
            authorizationRequestUrl.set("prompt", (Object) "consent");
        } else {
            authorizationRequestUrl.set("prompt", (Object) "login");
        }
        authorizationRequestUrl.set("display", (Object) "touch");
        return authorizationRequestUrl.build();
    }

    public static boolean isSupportedFlow(String str) {
        for (Flows flows : Flows.values()) {
            if (flows.name().equals(str)) {
                return true;
            }
        }
        return false;
    }

    public static boolean isValidIdToken(String str, String str2) {
        return new IdTokenVerifier.Builder().setAudience(Collections.singletonList(str)).setAcceptableTimeSkewSeconds(1000L).build().verify(IdToken.parse((JsonFactory) new GsonFactory(), str2));
    }

    public static String newAuthenticationUrl(String str, Flows flows, String str2, String str3, String[] strArr) {
        return newAuthenticationUrl(str, flows, str2, str3, strArr, null);
    }

    public static String newAuthenticationUrl(String str, Flows flows, String str2, String str3, String[] strArr, Map<String, String> map) {
        switch (flows) {
            case Implicit:
                return implicitFlowAuthenticationUrl(str, str2, str3, strArr, map);
            case Hybrid:
                return hybridFlowAuthenticationUrl(str, str2, str3, strArr, map);
            default:
                return codeFlowAuthenticationUrl(str, str2, str3, strArr, map);
        }
    }

    public static HttpRequest prepareApiRequest(HttpRequest httpRequest, String str) {
        return httpRequest.authorization("Bearer " + str).acceptJson();
    }

    public static TokenResponse refreshTokens(String str, String str2, String str3, String[] strArr, String str4) {
        return refreshTokens(str, str2, str3, strArr, str4, null);
    }

    public static TokenResponse refreshTokens(String str, String str2, String str3, String[] strArr, String str4, Map<String, String> map) {
        List asList = Arrays.asList(strArr);
        RefreshTokenRequest refreshTokenRequest = new RefreshTokenRequest(AndroidHttp.newCompatibleTransport(), new GsonFactory(), new GenericUrl(str), str4);
        if (!asList.isEmpty()) {
            refreshTokenRequest.setScopes((Collection<String>) asList);
        }
        if (map != null) {
            for (Map.Entry<String, String> entry : map.entrySet()) {
                refreshTokenRequest.set(entry.getKey(), (Object) entry.getValue());
            }
        }
        if (TextUtils.isEmpty(str3)) {
            refreshTokenRequest.set("client_id", (Object) str2);
        } else {
            refreshTokenRequest.setClientAuthentication((HttpExecuteInterceptor) new BasicAuthentication(str2, str3));
        }
        return asList.contains("openid") ? IdTokenResponse.execute(refreshTokenRequest) : (TokenResponse) refreshTokenRequest.executeUnparsed().parseAs(TokenResponse.class);
    }

    public static TokenResponse requestTokensWithCodeGrant(String str, String str2, String str3, String str4, String str5, boolean z) {
        return requestTokensWithCodeGrant(str, str2, str3, str4, str5, z, null);
    }

    public static TokenResponse requestTokensWithCodeGrant(String str, String str2, String str3, String str4, String str5, boolean z, Map<String, String> map) {
        TokenResponse tokenResponse;
        AuthorizationCodeTokenRequest authorizationCodeTokenRequest = new AuthorizationCodeTokenRequest(AndroidHttp.newCompatibleTransport(), new GsonFactory(), new GenericUrl(str), str5);
        authorizationCodeTokenRequest.set("redirect_uri", (Object) str2);
        if (map != null) {
            for (Map.Entry<String, String> entry : map.entrySet()) {
                authorizationCodeTokenRequest.set(entry.getKey(), (Object) entry.getValue());
            }
        }
        if (TextUtils.isEmpty(str4)) {
            authorizationCodeTokenRequest.set("client_id", (Object) str3);
        } else {
            authorizationCodeTokenRequest.setClientAuthentication((HttpExecuteInterceptor) new BasicAuthentication(str3, str4));
        }
        if (z) {
            Log.d("OIDCUtils", "tokens request OIDC sent");
            IdTokenResponse execute = IdTokenResponse.execute(authorizationCodeTokenRequest);
            boolean isValidIdToken = isValidIdToken(str3, execute.getIdToken());
            tokenResponse = execute;
            if (!isValidIdToken) {
                throw new IOException("Invalid ID token returned.");
            }
        } else {
            Log.d("OIDCUtils", "tokens request OAuth2 sent");
            TokenResponse tokenResponse2 = (TokenResponse) authorizationCodeTokenRequest.executeUnparsed().parseAs(TokenResponse.class);
            String accessToken = tokenResponse2.getAccessToken();
            if (TextUtils.isEmpty(accessToken)) {
                throw new IOException("Invalid Access Token returned.");
            }
            Log.d("OIDCUtils", String.format("Manage to parse and extract AT : %1$s", accessToken));
            tokenResponse = tokenResponse2;
        }
        return tokenResponse;
    }

    public static TokenResponse requestTokensWithPasswordGrant(String str, String str2, String str3, String[] strArr, String str4, String str5) {
        return requestTokensWithPasswordGrant(str, str2, str3, strArr, str4, str5, null);
    }

    public static TokenResponse requestTokensWithPasswordGrant(String str, String str2, String str3, String[] strArr, String str4, String str5, Map<String, String> map) {
        TokenResponse tokenResponse;
        List asList = Arrays.asList(strArr);
        PasswordTokenRequest passwordTokenRequest = new PasswordTokenRequest(AndroidHttp.newCompatibleTransport(), new GsonFactory(), new GenericUrl(str), str4, str5);
        if (!asList.isEmpty()) {
            passwordTokenRequest.setScopes((Collection<String>) asList);
        }
        if (map != null) {
            for (Map.Entry<String, String> entry : map.entrySet()) {
                passwordTokenRequest.set(entry.getKey(), (Object) entry.getValue());
            }
        }
        if (TextUtils.isEmpty(str3)) {
            passwordTokenRequest.set("client_id", (Object) str2);
        } else {
            passwordTokenRequest.setClientAuthentication((HttpExecuteInterceptor) new BasicAuthentication(str2, str3));
        }
        if (asList.contains("openid")) {
            Log.d("OIDCUtils", "PasswordGrant request OIDC sent");
            IdTokenResponse execute = IdTokenResponse.execute(passwordTokenRequest);
            boolean isValidIdToken = isValidIdToken(str2, execute.getIdToken());
            tokenResponse = execute;
            if (!isValidIdToken) {
                throw new IOException("Invalid ID token returned.");
            }
        } else {
            Log.d("OIDCUtils", "PasswordGrant request OAuth2 sent");
            TokenResponse tokenResponse2 = (TokenResponse) passwordTokenRequest.executeUnparsed().parseAs(TokenResponse.class);
            String accessToken = tokenResponse2.getAccessToken();
            if (TextUtils.isEmpty(accessToken)) {
                throw new IOException("Invalid Access Token returned.");
            }
            Log.d("OIDCUtils", String.format("Manage to parse and extract AT : %1$s", accessToken));
            tokenResponse = tokenResponse2;
        }
        return tokenResponse;
    }
}
