package com.ibm.mobilefirstplatform.clientsdk.android.security.mca.internal;

import android.content.Context;
import android.provider.Settings;
import android.util.Base64;
import com.ibm.bluemix.appid.android.internal.registrationmanager.RegistrationManager;
import com.ibm.mobilefirstplatform.clientsdk.android.core.api.Response;
import com.ibm.mobilefirstplatform.clientsdk.android.core.api.ResponseListener;
import com.ibm.mobilefirstplatform.clientsdk.android.core.internal.BaseRequest;
import com.ibm.mobilefirstplatform.clientsdk.android.core.internal.ResponseImpl;
import com.ibm.mobilefirstplatform.clientsdk.android.logger.api.Logger;
import com.ibm.mobilefirstplatform.clientsdk.android.security.identity.BaseAppIdentity;
import com.ibm.mobilefirstplatform.clientsdk.android.security.identity.BaseDeviceIdentity;
import com.ibm.mobilefirstplatform.clientsdk.android.security.mca.internal.AuthorizationRequestManager;
import com.ibm.mobilefirstplatform.clientsdk.android.security.mca.internal.certificate.CertificateStore;
import com.ibm.mobilefirstplatform.clientsdk.android.security.mca.internal.certificate.CertificatesUtility;
import com.ibm.mobilefirstplatform.clientsdk.android.security.mca.internal.certificate.DefaultJSONSigner;
import com.ibm.mobilefirstplatform.clientsdk.android.security.mca.internal.certificate.KeyPairUtility;
import com.ibm.mobilefirstplatform.clientsdk.android.security.mca.internal.preferences.AuthorizationManagerPreferences;
import java.io.File;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.KeyPair;
import java.security.cert.X509Certificate;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.UUID;
import java.util.concurrent.ConcurrentLinkedQueue;
import org.json.JSONObject;

/* loaded from: classes.dex */
public class AuthorizationProcessManager {
    private static final String HTTP_LOCALHOST = "http://localhost";
    private CertificateStore certificateStore;
    private AuthorizationManagerPreferences preferences;
    private KeyPair registrationKeyPair;
    private String sessionId;
    private Logger logger = Logger.getLogger(Logger.INTERNAL_PREFIX + AuthorizationProcessManager.class.getSimpleName());
    private ConcurrentLinkedQueue<ResponseListener> authorizationQueue = new ConcurrentLinkedQueue<>();
    private DefaultJSONSigner jsonSigner = new DefaultJSONSigner();

    /* loaded from: classes.dex */
    private abstract class InnerAuthorizationResponseListener implements ResponseListener {
        private InnerAuthorizationResponseListener() {
        }

        public abstract void handleAuthorizationSuccessResponse(Response response) throws Exception;

        @Override // com.ibm.mobilefirstplatform.clientsdk.android.core.api.ResponseListener
        public void onFailure(Response response, Throwable th, JSONObject jSONObject) {
            AuthorizationProcessManager.this.handleAuthorizationFailure(response, th, jSONObject);
        }

        @Override // com.ibm.mobilefirstplatform.clientsdk.android.core.api.ResponseListener
        public void onSuccess(Response response) {
            try {
                handleAuthorizationSuccessResponse(response);
            } catch (Exception e) {
                AuthorizationProcessManager.this.handleAuthorizationFailure(e);
            }
        }
    }

    public AuthorizationProcessManager(Context context, AuthorizationManagerPreferences authorizationManagerPreferences) {
        this.preferences = authorizationManagerPreferences;
        this.certificateStore = new CertificateStore(new File(context.getFilesDir().getAbsolutePath(), "mfp.keystore"), Settings.Secure.getString(context.getContentResolver(), "android_id"));
        if (authorizationManagerPreferences.clientId.get() == null && this.certificateStore.isCertificateStored()) {
            try {
                authorizationManagerPreferences.clientId.set(CertificatesUtility.getClientIdFromCertificate(this.certificateStore.getCertificate()));
            } catch (Exception e) {
                e.printStackTrace();
            }
        }
        this.sessionId = UUID.randomUUID().toString();
    }

    private void addSessionIdHeader(HashMap<String, String> hashMap) {
        hashMap.put("X-WL-Session", this.sessionId);
    }

    private void authorizationRequestSend(Context context, String str, AuthorizationRequestManager.RequestOptions requestOptions, ResponseListener responseListener) {
        try {
            AuthorizationRequestManager authorizationRequestManager = new AuthorizationRequestManager();
            authorizationRequestManager.initialize(context, responseListener);
            authorizationRequestManager.sendRequest(str, requestOptions);
        } catch (Exception e) {
            throw new RuntimeException("Failed to send authorization request", e);
        }
    }

    private HashMap<String, String> createAuthorizationParams() {
        HashMap<String, String> hashMap = new HashMap<>(3);
        hashMap.put("response_type", "code");
        hashMap.put(RegistrationManager.CLIENT_ID, this.preferences.clientId.get());
        hashMap.put("redirect_uri", HTTP_LOCALHOST);
        return hashMap;
    }

    private HashMap<String, String> createRegistrationHeaders() {
        HashMap<String, String> hashMap = new HashMap<>();
        addSessionIdHeader(hashMap);
        return hashMap;
    }

    private HashMap<String, String> createRegistrationParams() {
        this.registrationKeyPair = KeyPairUtility.generateRandomKeyPair();
        JSONObject jSONObject = new JSONObject();
        try {
            BaseDeviceIdentity baseDeviceIdentity = new BaseDeviceIdentity(this.preferences.deviceIdentity.getAsMap());
            BaseAppIdentity baseAppIdentity = new BaseAppIdentity(this.preferences.appIdentity.getAsMap());
            jSONObject.put("deviceId", baseDeviceIdentity.getId());
            jSONObject.put("deviceOs", "" + baseDeviceIdentity.getOS());
            jSONObject.put("deviceModel", baseDeviceIdentity.getModel());
            jSONObject.put("applicationId", baseAppIdentity.getId());
            jSONObject.put("applicationVersion", baseAppIdentity.getVersion());
            jSONObject.put("environment", "android");
            String sign = this.jsonSigner.sign(this.registrationKeyPair, jSONObject);
            HashMap<String, String> hashMap = new HashMap<>(1);
            hashMap.put("CSR", sign);
            return hashMap;
        } catch (Exception e) {
            throw new RuntimeException("Failed to create registration params", e);
        }
    }

    private HashMap<String, String> createTokenRequestHeaders(String str) {
        JSONObject jSONObject = new JSONObject();
        try {
            jSONObject.put("code", str);
            String sign = this.jsonSigner.sign(this.certificateStore.getStoredKeyPair(), jSONObject);
            HashMap<String, String> hashMap = new HashMap<>(1);
            hashMap.put("X-WL-Authenticate", sign);
            return hashMap;
        } catch (Exception e) {
            throw new RuntimeException("Failed to create token request headers", e);
        }
    }

    private HashMap<String, String> createTokenRequestParams(String str) {
        HashMap<String, String> hashMap = new HashMap<>();
        hashMap.put("code", str);
        hashMap.put(RegistrationManager.CLIENT_ID, this.preferences.clientId.get());
        hashMap.put("grant_type", "authorization_code");
        hashMap.put("redirect_uri", HTTP_LOCALHOST);
        return hashMap;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public String extractGrantCode(String str) throws MalformedURLException {
        String parameterValueFromQuery = Utils.getParameterValueFromQuery(new URL(str).getQuery(), "code");
        if (parameterValueFromQuery == null) {
            throw new RuntimeException("Failed to extract grant code from url");
        }
        this.logger.debug("Grant code extracted successfully");
        return parameterValueFromQuery;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public String extractLocationHeader(Response response) {
        List<String> list = response.getHeaders().get("Location");
        if (list == null) {
            throw new RuntimeException("Failed to find 'Location' header");
        }
        this.logger.debug("Location header extracted successfully");
        return list.get(0);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void handleAuthorizationFailure(Response response, Throwable th, JSONObject jSONObject) {
        this.logger.error("authorization process failed");
        if (th != null) {
            th.printStackTrace();
        }
        Iterator<ResponseListener> it = this.authorizationQueue.iterator();
        while (it.hasNext()) {
            it.next().onFailure(response, th, jSONObject);
            it.remove();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void handleAuthorizationFailure(Throwable th) {
        handleAuthorizationFailure(null, th, null);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void handleAuthorizationSuccess(Response response) {
        Iterator<ResponseListener> it = this.authorizationQueue.iterator();
        while (it.hasNext()) {
            it.next().onSuccess(response);
            it.remove();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void invokeAuthorizationRequest(Context context) {
        AuthorizationRequestManager.RequestOptions requestOptions = new AuthorizationRequestManager.RequestOptions();
        requestOptions.parameters = createAuthorizationParams();
        requestOptions.headers = new HashMap<>(1);
        addSessionIdHeader(requestOptions.headers);
        requestOptions.requestMethod = BaseRequest.GET;
        authorizationRequestSend(context, "authorization", requestOptions, new InnerAuthorizationResponseListener() { // from class: com.ibm.mobilefirstplatform.clientsdk.android.security.mca.internal.AuthorizationProcessManager.2
            @Override // com.ibm.mobilefirstplatform.clientsdk.android.security.mca.internal.AuthorizationProcessManager.InnerAuthorizationResponseListener
            public void handleAuthorizationSuccessResponse(Response response) throws Exception {
                AuthorizationProcessManager.this.invokeTokenRequest(AuthorizationProcessManager.this.extractGrantCode(AuthorizationProcessManager.this.extractLocationHeader(response)));
            }
        });
    }

    private void invokeInstanceRegistrationRequest(final Context context) {
        AuthorizationRequestManager.RequestOptions requestOptions = new AuthorizationRequestManager.RequestOptions();
        requestOptions.parameters = createRegistrationParams();
        requestOptions.headers = createRegistrationHeaders();
        requestOptions.requestMethod = BaseRequest.POST;
        authorizationRequestSend(null, "clients/instance", requestOptions, new InnerAuthorizationResponseListener() { // from class: com.ibm.mobilefirstplatform.clientsdk.android.security.mca.internal.AuthorizationProcessManager.1
            /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
            {
                super();
            }

            @Override // com.ibm.mobilefirstplatform.clientsdk.android.security.mca.internal.AuthorizationProcessManager.InnerAuthorizationResponseListener
            public void handleAuthorizationSuccessResponse(Response response) throws Exception {
                AuthorizationProcessManager.this.saveCertificateFromResponse(response);
                AuthorizationProcessManager.this.invokeAuthorizationRequest(context);
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void invokeTokenRequest(String str) {
        AuthorizationRequestManager.RequestOptions requestOptions = new AuthorizationRequestManager.RequestOptions();
        requestOptions.parameters = createTokenRequestParams(str);
        requestOptions.headers = createTokenRequestHeaders(str);
        addSessionIdHeader(requestOptions.headers);
        requestOptions.requestMethod = BaseRequest.POST;
        authorizationRequestSend(null, "token", requestOptions, new InnerAuthorizationResponseListener() { // from class: com.ibm.mobilefirstplatform.clientsdk.android.security.mca.internal.AuthorizationProcessManager.3
            @Override // com.ibm.mobilefirstplatform.clientsdk.android.security.mca.internal.AuthorizationProcessManager.InnerAuthorizationResponseListener
            public void handleAuthorizationSuccessResponse(Response response) throws Exception {
                AuthorizationProcessManager.this.saveTokenFromResponse(response);
                AuthorizationProcessManager.this.handleAuthorizationSuccess(response);
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void saveCertificateFromResponse(Response response) {
        try {
            JSONObject jSONObject = new JSONObject(response.getResponseText());
            X509Certificate base64StringToCertificate = CertificatesUtility.base64StringToCertificate(jSONObject.getString("certificate"));
            CertificatesUtility.checkValidityWithPublicKey(base64StringToCertificate, this.registrationKeyPair.getPublic());
            this.certificateStore.saveCertificate(this.registrationKeyPair, base64StringToCertificate);
            this.preferences.clientId.set(jSONObject.getString("clientId"));
            this.logger.debug("certificate successfully saved");
        } catch (Exception e) {
            throw new RuntimeException("Failed to save certificate from response", e);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void saveTokenFromResponse(Response response) {
        try {
            JSONObject responseJSON = ((ResponseImpl) response).getResponseJSON();
            String string = responseJSON.getString("access_token");
            String string2 = responseJSON.getString("id_token");
            this.preferences.accessToken.set(string);
            this.preferences.idToken.set(string2);
            JSONObject jSONObject = new JSONObject(new String(Base64.decode(string2.split("\\.")[1], 0)));
            if (jSONObject.has("imf.user")) {
                this.preferences.userIdentity.set(jSONObject.getJSONObject("imf.user"));
            }
            this.logger.debug("token successfully saved");
        } catch (Exception e) {
            throw new RuntimeException("Failed to save token from response", e);
        }
    }

    public void logout(Context context, ResponseListener responseListener) {
        AuthorizationRequestManager.RequestOptions requestOptions = new AuthorizationRequestManager.RequestOptions();
        requestOptions.parameters = new HashMap<>(1);
        requestOptions.parameters.put(RegistrationManager.CLIENT_ID, this.preferences.clientId.get());
        requestOptions.headers = new HashMap<>(1);
        addSessionIdHeader(requestOptions.headers);
        requestOptions.requestMethod = BaseRequest.GET;
        try {
            authorizationRequestSend(context, "logout", requestOptions, responseListener);
        } catch (Exception e) {
            this.logger.debug("Could not log out");
        }
    }

    public void startAuthorizationProcess(Context context, ResponseListener responseListener) {
        this.authorizationQueue.add(responseListener);
        if (this.authorizationQueue.size() != 1) {
            this.logger.info("authorization process already running, adding response listener to the queue");
            this.logger.debug(String.format("authorization process currently handling %d requests", Integer.valueOf(this.authorizationQueue.size())));
            return;
        }
        try {
            if (this.preferences.clientId.get() == null) {
                this.logger.info("starting registration process");
                invokeInstanceRegistrationRequest(context);
            } else {
                this.logger.info("starting authorization process");
                invokeAuthorizationRequest(context);
            }
        } catch (Throwable th) {
            handleAuthorizationFailure(th);
        }
    }
}
