package org.forgerock.android.auth;

import android.net.Uri;
import android.util.Base64;
import hg1.a0;
import hg1.q;
import hg1.w;
import hg1.y;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.MalformedURLException;
import java.net.URL;
import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.Objects;
import lombok.NonNull;
import org.apache.commons.codec.digest.MessageDigestAlgorithms;

/* loaded from: classes5.dex */
public class OAuth2Client {
    private static final String APPLICATION_X_WWW_FORM_URLENCODED = "application/x-www-form-urlencoded";
    private static final String CONTENT_TYPE = "Content-Type";
    private static final String TAG = "OAuth2Client";
    private String clientId;
    private w okHttpClient;
    private String redirectUri;
    private String responseType = OAuth2.CODE;
    private String scope;
    private ServerConfig serverConfig;
    private static final Action AUTHORIZE = new Action(Action.AUTHORIZE);
    private static final Action EXCHANGE_TOKEN = new Action(Action.EXCHANGE_TOKEN);
    private static final Action REFRESH_TOKEN = new Action(Action.REFRESH_TOKEN);
    private static final Action REVOKE_TOKEN = new Action(Action.REVOKE_TOKEN);

    /* loaded from: classes5.dex */
    public static class OAuth2ClientBuilder {
        private String clientId;
        private String redirectUri;
        private String scope;
        private ServerConfig serverConfig;

        public OAuth2Client build() {
            return new OAuth2Client(this.clientId, this.scope, this.redirectUri, this.serverConfig);
        }

        public OAuth2ClientBuilder clientId(@NonNull String str) {
            Objects.requireNonNull(str, "clientId is marked non-null but is null");
            this.clientId = str;
            return this;
        }

        public OAuth2ClientBuilder redirectUri(@NonNull String str) {
            Objects.requireNonNull(str, "redirectUri is marked non-null but is null");
            this.redirectUri = str;
            return this;
        }

        public OAuth2ClientBuilder scope(@NonNull String str) {
            Objects.requireNonNull(str, "scope is marked non-null but is null");
            this.scope = str;
            return this;
        }

        public OAuth2ClientBuilder serverConfig(@NonNull ServerConfig serverConfig) {
            Objects.requireNonNull(serverConfig, "serverConfig is marked non-null but is null");
            this.serverConfig = serverConfig;
            return this;
        }

        public String toString() {
            return "OAuth2Client.OAuth2ClientBuilder(clientId=" + this.clientId + ", scope=" + this.scope + ", redirectUri=" + this.redirectUri + ", serverConfig=" + this.serverConfig + ")";
        }
    }

    public OAuth2Client(@NonNull String str, @NonNull String str2, @NonNull String str3, @NonNull ServerConfig serverConfig) {
        Objects.requireNonNull(str, "clientId is marked non-null but is null");
        Objects.requireNonNull(str2, "scope is marked non-null but is null");
        Objects.requireNonNull(str3, "redirectUri is marked non-null but is null");
        Objects.requireNonNull(serverConfig, "serverConfig is marked non-null but is null");
        this.clientId = str;
        this.scope = str2;
        this.redirectUri = str3;
        this.serverConfig = serverConfig;
        this.okHttpClient = OkHttpClientProvider.getInstance().lookup(serverConfig);
    }

    public static OAuth2ClientBuilder builder() {
        return new OAuth2ClientBuilder();
    }

    private PKCE generateCodeChallenge() throws UnsupportedEncodingException {
        byte[] bArr = new byte[64];
        new SecureRandom().nextBytes(bArr);
        String encodeToString = Base64.encodeToString(bArr, 11);
        try {
            MessageDigest messageDigest = MessageDigest.getInstance(MessageDigestAlgorithms.SHA_256);
            messageDigest.update(encodeToString.getBytes(StandardCharsets.ISO_8859_1));
            return new PKCE(Base64.encodeToString(messageDigest.digest(), 11), "S256", encodeToString);
        } catch (NoSuchAlgorithmException unused) {
            return new PKCE("plain", encodeToString, encodeToString);
        }
    }

    private URL getAuthorizeUrl(Token token, PKCE pkce) throws MalformedURLException, UnsupportedEncodingException {
        Uri.Builder buildUpon = Uri.parse(this.serverConfig.getUrl()).buildUpon();
        if (StringUtils.isNotEmpty(this.serverConfig.getAuthorizeEndpoint())) {
            buildUpon.appendEncodedPath(this.serverConfig.getAuthorizeEndpoint());
        } else {
            buildUpon.appendPath("oauth2").appendPath("realms").appendPath(this.serverConfig.getRealm()).appendPath("authorize");
        }
        return new URL(buildUpon.appendQueryParameter(this.serverConfig.getCookieName(), token.getValue()).appendQueryParameter("client_id", this.clientId).appendQueryParameter("scope", this.scope).appendQueryParameter("response_type", this.responseType).appendQueryParameter("redirect_uri", this.redirectUri).appendQueryParameter(OAuth2.CODE_CHALLENGE, pkce.getCodeChallenge()).appendQueryParameter(OAuth2.CODE_CHALLENGE_METHOD, pkce.getCodeChallengeMethod()).build().toString());
    }

    private URL getRevokeUrl() throws MalformedURLException {
        Uri.Builder buildUpon = Uri.parse(this.serverConfig.getUrl()).buildUpon();
        if (StringUtils.isNotEmpty(this.serverConfig.getRevokeEndpoint())) {
            buildUpon.appendEncodedPath(this.serverConfig.getRevokeEndpoint());
        } else {
            buildUpon.appendPath("oauth2").appendPath("realms").appendPath(this.serverConfig.getRealm()).appendPath(OAuth2.TOKEN).appendPath("revoke");
        }
        return new URL(buildUpon.build().toString());
    }

    private URL getTokenUrl() throws MalformedURLException {
        Uri.Builder buildUpon = Uri.parse(this.serverConfig.getUrl()).buildUpon();
        if (StringUtils.isNotEmpty(this.serverConfig.getTokenEndpoint())) {
            buildUpon.appendEncodedPath(this.serverConfig.getTokenEndpoint());
        } else {
            buildUpon.appendPath("oauth2").appendPath("realms").appendPath(this.serverConfig.getRealm()).appendPath("access_token");
        }
        return new URL(buildUpon.build().toString());
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void token(@NonNull final SSOToken sSOToken, @NonNull String str, PKCE pkce, final OAuth2ResponseHandler oAuth2ResponseHandler, final FRListener<AccessToken> fRListener) {
        Objects.requireNonNull(sSOToken, "sessionToken is marked non-null but is null");
        Objects.requireNonNull(str, "code is marked non-null but is null");
        Logger.debug(TAG, "Exchange Access Token with Authorization Code", new Object[0]);
        try {
            com.dynatrace.android.callback.d.a(this.okHttpClient.a(new y.a().r(getTokenUrl()).k(new q.a().a("client_id", this.clientId).a(OAuth2.CODE, str).a("redirect_uri", this.redirectUri).a(OAuth2.GRANT_TYPE, OAuth2.AUTHORIZATION_CODE).a(OAuth2.CODE_VERIFIER, pkce.getCodeVerifier()).c()).g("Content-Type", APPLICATION_X_WWW_FORM_URLENCODED).g(ServerConfig.ACCEPT_API_VERSION, ServerConfig.API_VERSION_2_1).o(EXCHANGE_TOKEN).b()), new hg1.f() { // from class: org.forgerock.android.auth.OAuth2Client.4
                @Override // hg1.f
                public void onFailure(hg1.e eVar, IOException iOException) {
                    com.dynatrace.android.callback.d.d(eVar, iOException);
                    try {
                        fRListener.onException(iOException);
                    } finally {
                        com.dynatrace.android.callback.d.e();
                    }
                }

                @Override // hg1.f
                public void onResponse(hg1.e eVar, a0 a0Var) {
                    com.dynatrace.android.callback.d.f(eVar, a0Var);
                    try {
                        oAuth2ResponseHandler.handleTokenResponse(sSOToken, a0Var, fRListener);
                    } finally {
                        com.dynatrace.android.callback.d.g();
                    }
                }
            });
        } catch (IOException e12) {
            fRListener.onException(e12);
        }
    }

    public void exchangeToken(@NonNull final SSOToken sSOToken, final FRListener<AccessToken> fRListener) {
        Objects.requireNonNull(sSOToken, "token is marked non-null but is null");
        Logger.debug(TAG, "Exchanging Access Token with SSO Token.", new Object[0]);
        final OAuth2ResponseHandler oAuth2ResponseHandler = new OAuth2ResponseHandler();
        try {
            q.a aVar = new q.a();
            String str = this.scope;
            if (str != null) {
                aVar.a("scope", str);
            }
            final PKCE generateCodeChallenge = generateCodeChallenge();
            com.dynatrace.android.callback.d.a(this.okHttpClient.a(new y.a().r(getAuthorizeUrl(sSOToken, generateCodeChallenge)).f().g(ServerConfig.ACCEPT_API_VERSION, ServerConfig.API_VERSION_2_1).o(AUTHORIZE).b()), new hg1.f() { // from class: org.forgerock.android.auth.OAuth2Client.1
                @Override // hg1.f
                public void onFailure(hg1.e eVar, IOException iOException) {
                    com.dynatrace.android.callback.d.d(eVar, iOException);
                    try {
                        fRListener.onException(iOException);
                    } finally {
                        com.dynatrace.android.callback.d.e();
                    }
                }

                @Override // hg1.f
                public void onResponse(hg1.e eVar, a0 a0Var) {
                    com.dynatrace.android.callback.d.f(eVar, a0Var);
                    try {
                        oAuth2ResponseHandler.handleAuthorizeResponse(a0Var, new FRListener<String>() { // from class: org.forgerock.android.auth.OAuth2Client.1.1
                            @Override // org.forgerock.android.auth.FRListener
                            public void onException(Exception exc) {
                                fRListener.onException(exc);
                            }

                            @Override // org.forgerock.android.auth.FRListener
                            public void onSuccess(String str2) {
                                AnonymousClass1 anonymousClass1 = AnonymousClass1.this;
                                OAuth2Client.this.token(sSOToken, str2, generateCodeChallenge, oAuth2ResponseHandler, fRListener);
                            }
                        });
                    } finally {
                        com.dynatrace.android.callback.d.g();
                    }
                }
            });
        } catch (IOException e12) {
            fRListener.onException(e12);
        }
    }

    public ServerConfig getServerConfig() {
        return this.serverConfig;
    }

    public void refresh(@NonNull final SSOToken sSOToken, @NonNull String str, final FRListener<AccessToken> fRListener) {
        Objects.requireNonNull(sSOToken, "sessionToken is marked non-null but is null");
        Objects.requireNonNull(str, "refreshToken is marked non-null but is null");
        Logger.debug(TAG, "Refreshing Access Token", new Object[0]);
        final OAuth2ResponseHandler oAuth2ResponseHandler = new OAuth2ResponseHandler();
        try {
            q.a aVar = new q.a();
            String str2 = this.scope;
            if (str2 != null) {
                aVar.a("scope", str2);
            }
            com.dynatrace.android.callback.d.a(this.okHttpClient.a(new y.a().r(getTokenUrl()).k(aVar.a("client_id", this.clientId).a(OAuth2.GRANT_TYPE, OAuth2.REFRESH_TOKEN).a("response_type", this.responseType).a(OAuth2.REFRESH_TOKEN, str).c()).g("Content-Type", APPLICATION_X_WWW_FORM_URLENCODED).g(ServerConfig.ACCEPT_API_VERSION, ServerConfig.API_VERSION_2_1).o(REFRESH_TOKEN).b()), new hg1.f() { // from class: org.forgerock.android.auth.OAuth2Client.2
                @Override // hg1.f
                public void onFailure(hg1.e eVar, IOException iOException) {
                    com.dynatrace.android.callback.d.d(eVar, iOException);
                    try {
                        fRListener.onException(iOException);
                    } finally {
                        com.dynatrace.android.callback.d.e();
                    }
                }

                @Override // hg1.f
                public void onResponse(hg1.e eVar, a0 a0Var) {
                    com.dynatrace.android.callback.d.f(eVar, a0Var);
                    try {
                        oAuth2ResponseHandler.handleTokenResponse(sSOToken, a0Var, fRListener);
                    } finally {
                        com.dynatrace.android.callback.d.g();
                    }
                }
            });
        } catch (IOException e12) {
            fRListener.onException(e12);
        }
    }

    public void revoke(@NonNull AccessToken accessToken, final FRListener<Void> fRListener) {
        Objects.requireNonNull(accessToken, "accessToken is marked non-null but is null");
        Logger.debug(TAG, "Revoking Access Token & Refresh Token", new Object[0]);
        final OAuth2ResponseHandler oAuth2ResponseHandler = new OAuth2ResponseHandler();
        try {
            com.dynatrace.android.callback.d.a(this.okHttpClient.a(new y.a().r(getRevokeUrl()).k(new q.a().a("client_id", this.clientId).a(OAuth2.TOKEN, accessToken.getRefreshToken() == null ? accessToken.getValue() : accessToken.getRefreshToken()).c()).g("Content-Type", APPLICATION_X_WWW_FORM_URLENCODED).g(ServerConfig.ACCEPT_API_VERSION, ServerConfig.API_VERSION_2_1).o(REVOKE_TOKEN).b()), new hg1.f() { // from class: org.forgerock.android.auth.OAuth2Client.3
                @Override // hg1.f
                public void onFailure(hg1.e eVar, IOException iOException) {
                    com.dynatrace.android.callback.d.d(eVar, iOException);
                    try {
                        Listener.onException(fRListener, iOException);
                    } finally {
                        com.dynatrace.android.callback.d.e();
                    }
                }

                @Override // hg1.f
                public void onResponse(hg1.e eVar, a0 a0Var) {
                    com.dynatrace.android.callback.d.f(eVar, a0Var);
                    try {
                        oAuth2ResponseHandler.handleRevokeResponse(a0Var, fRListener);
                    } finally {
                        com.dynatrace.android.callback.d.g();
                    }
                }
            });
        } catch (IOException e12) {
            Listener.onException(fRListener, e12);
        }
    }
}
