package com.ca.mas.foundation;

import android.app.KeyguardManager;
import android.content.Context;
import android.graphics.Bitmap;
import android.os.Handler;
import android.os.Parcel;
import android.security.keystore.UserNotAuthenticatedException;
import android.util.Log;
import com.ca.mas.core.EventDispatcher;
import com.ca.mas.core.MAGResultReceiver;
import com.ca.mas.core.MobileSsoFactory;
import com.ca.mas.core.datasource.DataSourceException;
import com.ca.mas.core.error.MAGError;
import com.ca.mas.core.oauth.OAuthClientUtil;
import com.ca.mas.core.security.LockableEncryptionProvider;
import com.ca.mas.core.security.SecureLockException;
import com.ca.mas.core.store.StorageProvider;
import com.ca.mas.core.store.TokenManager;
import com.ca.mas.core.store.TokenStoreException;
import com.ca.mas.core.token.IdToken;
import com.ca.mas.core.token.JWTValidation;
import com.ca.mas.core.util.Functions;
import com.ca.mas.foundation.notify.Callback;
import com.ca.mas.identity.common.MASFilteredRequest;
import com.ca.mas.identity.user.MASUserIdentity;
import com.ca.mas.identity.user.MASUserRepository;
import com.ca.mas.identity.user.ScimUser;
import com.ca.mas.identity.user.User;
import com.ca.mas.identity.user.UserAttributes;
import com.ca.mas.identity.util.IdentityConsts;
import com.ca.mas.identity.util.IdentityUtil;
import java.util.LinkedList;
import java.util.List;
import java.util.NoSuchElementException;
import java.util.Observable;
import java.util.Observer;
import org.json.JSONException;
import org.json.JSONObject;

/* loaded from: classes2.dex */
public abstract class MASUser implements MASUserIdentity, ScimUser {
    private static final String SESSION_LOCK_ALIAS = "com.ca.mas.SESSION_LOCK";
    private static MASUser current;

    static {
        EventDispatcher.STOP.addObserver(new Observer() { // from class: com.ca.mas.foundation.MASUser.1
            @Override // java.util.Observer
            public void update(Observable observable, Object obj) {
                MASUser unused = MASUser.current = null;
            }
        });
    }

    private static MASUser createMASUser() {
        User user = new User() { // from class: com.ca.mas.foundation.MASUser.4

            @MASExtension
            private MASUserRepository userRepository;

            private void execute(final Functions.NullaryVoid nullaryVoid, final MASCallback<Void> mASCallback) {
                if (getUserName() == null) {
                    MASUser.login(new MASCallback<MASUser>() { // from class: com.ca.mas.foundation.MASUser.4.1
                        @Override // com.ca.mas.foundation.MASCallback
                        public Handler getHandler() {
                            return Callback.getHandler(mASCallback);
                        }

                        @Override // com.ca.mas.foundation.MASCallback
                        public void onError(Throwable th2) {
                            Callback.onError(mASCallback, th2);
                        }

                        @Override // com.ca.mas.foundation.MASCallback
                        public void onSuccess(MASUser mASUser) {
                            nullaryVoid.call();
                        }
                    });
                } else {
                    nullaryVoid.call();
                }
            }

            /* JADX INFO: Access modifiers changed from: private */
            public void fetch(final LinkedList<UserRepository> linkedList, final MASCallback<Void> mASCallback, Throwable th2) {
                try {
                    try {
                        linkedList.pop().getCurrentUser(new MASCallback<MASUser>() { // from class: com.ca.mas.foundation.MASUser.4.4
                            @Override // com.ca.mas.foundation.MASCallback
                            public void onError(Throwable th3) {
                                fetch(linkedList, mASCallback, th3);
                            }

                            @Override // com.ca.mas.foundation.MASCallback
                            public void onSuccess(MASUser mASUser) {
                                try {
                                    JSONObject source = mASUser.getSource();
                                    source.remove(IdentityConsts.KEY_PASSWORD);
                                    populate(source);
                                    StorageProvider.getInstance().getTokenManager().saveUserProfile(source.toString());
                                } catch (Exception e10) {
                                    if (MAS.DEBUG) {
                                        Log.w(MAS.TAG, "Unable to persist user profile to local storage.", e10);
                                    }
                                }
                                Callback.onSuccess(mASCallback, null);
                            }
                        });
                    } catch (Exception e10) {
                        fetch(linkedList, mASCallback, e10);
                    }
                } catch (NoSuchElementException unused) {
                    Callback.onError(mASCallback, th2);
                }
            }

            private boolean isDeviceSecure() {
                Context context = MAS.getContext();
                MAS.getContext();
                return ((KeyguardManager) context.getSystemService("keyguard")).isDeviceSecure();
            }

            @Override // com.ca.mas.identity.user.User, com.ca.mas.foundation.MASUser
            public String getAccessToken() {
                long expiry = StorageProvider.getInstance().getOAuthTokenContainer().getExpiry();
                if (expiry <= 0 || System.currentTimeMillis() <= expiry) {
                    return StorageProvider.getInstance().getOAuthTokenContainer().getAccessToken();
                }
                return null;
            }

            @Override // com.ca.mas.identity.user.User, com.ca.mas.foundation.MASUser
            public Bitmap getThumbnailImage() {
                return IdentityUtil.getThumbnail(getPhotoList());
            }

            @Override // com.ca.mas.identity.user.User, com.ca.mas.foundation.MASUser, com.ca.mas.identity.user.MASUserIdentity
            public void getUserById(String str, MASCallback<MASUser> mASCallback) {
                this.userRepository.getUserById(str, mASCallback);
            }

            @Override // com.ca.mas.identity.user.User, com.ca.mas.foundation.MASUser, com.ca.mas.identity.user.MASUserIdentity
            public void getUserMetaData(MASCallback<UserAttributes> mASCallback) {
                this.userRepository.getUserMetaData(mASCallback);
            }

            @Override // com.ca.mas.identity.user.User, com.ca.mas.foundation.MASUser, com.ca.mas.identity.user.MASUserIdentity
            public void getUsersByFilter(MASFilteredRequest mASFilteredRequest, MASCallback<List<MASUser>> mASCallback) {
                this.userRepository.getUsersByFilter(mASFilteredRequest, mASCallback);
            }

            @Override // com.ca.mas.identity.user.User, com.ca.mas.foundation.MASUser
            public boolean isAuthenticated() {
                return MobileSsoFactory.getInstance().isLogin();
            }

            @Override // com.ca.mas.identity.user.User, com.ca.mas.foundation.MASUser
            public boolean isCurrentUser() {
                return true;
            }

            @Override // com.ca.mas.identity.user.User, com.ca.mas.foundation.MASUser
            public boolean isSessionLocked() {
                return StorageProvider.getInstance().getTokenManager().getSecureIdToken() != null;
            }

            @Override // com.ca.mas.identity.user.User, com.ca.mas.foundation.MASUser
            public void lockSession(MASCallback<Void> mASCallback) {
                if (MASUser.getCurrentUser() == null) {
                    Callback.onError(mASCallback, new SecureLockException(MASFoundationStrings.USER_NOT_CURRENTLY_AUTHENTICATED));
                    return;
                }
                if (isSessionLocked()) {
                    Callback.onSuccess(mASCallback, null);
                    return;
                }
                if (!isDeviceSecure()) {
                    Callback.onError(mASCallback, new SecureLockException(MASFoundationStrings.SECURE_LOCK_SCREEN_LOCK));
                    return;
                }
                IdToken idToken = StorageProvider.getInstance().getTokenManager().getIdToken();
                if (idToken == null) {
                    Callback.onError(mASCallback, new SecureLockException(MASFoundationStrings.SECURE_LOCK_FAILED_TO_RETRIEVE_ID_TOKEN));
                    return;
                }
                MASRequest revokeRequest = OAuthClientUtil.getRevokeRequest();
                StorageProvider.getInstance().getOAuthTokenContainer().clear();
                MAS.invoke(revokeRequest, null);
                try {
                    Parcel obtain = Parcel.obtain();
                    idToken.writeToParcel(obtain, 0);
                    byte[] marshall = obtain.marshall();
                    LockableEncryptionProvider lockableEncryptionProvider = new LockableEncryptionProvider(MAS.getContext(), MASUser.SESSION_LOCK_ALIAS);
                    lockableEncryptionProvider.clear();
                    try {
                        StorageProvider.getInstance().getTokenManager().saveSecureIdToken(lockableEncryptionProvider.encrypt(marshall));
                        try {
                            StorageProvider.getInstance().getTokenManager().deleteIdToken();
                            obtain.recycle();
                            Callback.onSuccess(mASCallback, null);
                        } catch (TokenStoreException e10) {
                            Callback.onError(mASCallback, new SecureLockException("Failed to delete encrypted ID token.", e10));
                        }
                    } catch (TokenStoreException e11) {
                        Callback.onError(mASCallback, new SecureLockException(MASFoundationStrings.SECURE_LOCK_FAILED_TO_SAVE_SECURE_ID_TOKEN, e11));
                    }
                } catch (Exception e12) {
                    Callback.onError(mASCallback, new SecureLockException(MASFoundationStrings.SECURE_LOCK_FAILED_TO_SAVE_SECURE_ID_TOKEN, e12));
                }
            }

            @Override // com.ca.mas.identity.user.User, com.ca.mas.foundation.MASUser
            @Deprecated
            public void logout(MASCallback<Void> mASCallback) {
                MASUser unused = MASUser.current = null;
                logout(true, mASCallback);
            }

            @Override // com.ca.mas.identity.user.User, com.ca.mas.foundation.MASUser
            public void logout(final boolean z10, final MASCallback<Void> mASCallback) {
                if (isSessionLocked()) {
                    Callback.onError(mASCallback, new SecureLockException(MASFoundationStrings.SECURE_LOCK_SESSION_CURRENTLY_LOCKED));
                    return;
                }
                MASUser unused = MASUser.current = null;
                final TokenManager tokenManager = StorageProvider.getInstance().getTokenManager();
                MASRequest logoutRequest = tokenManager.getIdToken() != null ? OAuthClientUtil.getLogoutRequest() : OAuthClientUtil.getRevokeRequest();
                if (logoutRequest != null) {
                    MAS.invoke(logoutRequest, new MASCallback<MASResponse<JSONObject>>() { // from class: com.ca.mas.foundation.MASUser.4.2
                        @Override // com.ca.mas.foundation.MASCallback
                        public void onError(Throwable th2) {
                            boolean isSessionLocked = MASUser.getCurrentUser() != null ? MASUser.getCurrentUser().isSessionLocked() : false;
                            if (z10 && !isSessionLocked) {
                                EventDispatcher.LOGOUT.notifyObservers();
                                try {
                                    tokenManager.deleteIdToken();
                                    tokenManager.deleteSecureIdToken();
                                    tokenManager.deleteUserProfile();
                                    try {
                                        StorageProvider.getInstance().getOAuthTokenContainer().clear();
                                    } catch (DataSourceException unused2) {
                                        Callback.onError(mASCallback, th2);
                                    }
                                } catch (TokenStoreException unused3) {
                                    Callback.onError(mASCallback, th2);
                                    return;
                                }
                            }
                            Callback.onError(mASCallback, th2);
                        }

                        @Override // com.ca.mas.foundation.MASCallback
                        public void onSuccess(MASResponse<JSONObject> mASResponse) {
                            EventDispatcher.LOGOUT.notifyObservers();
                            try {
                                tokenManager.deleteIdToken();
                                tokenManager.deleteSecureIdToken();
                                tokenManager.deleteUserProfile();
                            } catch (TokenStoreException e10) {
                                onError(e10);
                            }
                            try {
                                StorageProvider.getInstance().getOAuthTokenContainer().clear();
                            } catch (DataSourceException e11) {
                                onError(e11);
                            }
                            Callback.onSuccess(mASCallback, null);
                        }
                    });
                }
            }

            @Override // com.ca.mas.identity.user.User, com.ca.mas.foundation.MASUser
            public void removeSessionLock(MASCallback<Void> mASCallback) {
                if (!isSessionLocked()) {
                    Callback.onSuccess(mASCallback, null);
                    return;
                }
                try {
                    StorageProvider.getInstance().getTokenManager().deleteSecureIdToken();
                    Callback.onSuccess(mASCallback, null);
                } catch (TokenStoreException e10) {
                    Callback.onError(mASCallback, new SecureLockException("Failed to delete encrypted ID token.", e10));
                }
            }

            @Override // com.ca.mas.identity.user.User, com.ca.mas.foundation.MASUser
            public void requestUserInfo(MASCallback<Void> mASCallback) {
                LinkedList<UserRepository> linkedList = new LinkedList<>();
                if (this.userRepository != null) {
                    linkedList.add(new UserRepository() { // from class: com.ca.mas.foundation.MASUser.4.3
                        @Override // com.ca.mas.foundation.UserRepository
                        public void getCurrentUser(MASCallback<MASUser> mASCallback2) {
                            if (getUserName() == null) {
                                AnonymousClass4.this.userRepository.me(mASCallback2);
                            } else {
                                AnonymousClass4.this.userRepository.getUserById(getUserName(), mASCallback2);
                            }
                        }
                    });
                }
                linkedList.add(new UserInfoRepository());
                fetch(linkedList, mASCallback, null);
            }

            @Override // com.ca.mas.identity.user.User, com.ca.mas.foundation.MASUser
            public void unlockSession(MASSessionUnlockCallback<Void> mASSessionUnlockCallback) {
                if (!isSessionLocked()) {
                    Callback.onSuccess(mASSessionUnlockCallback, null);
                    return;
                }
                byte[] secureIdToken = StorageProvider.getInstance().getTokenManager().getSecureIdToken();
                LockableEncryptionProvider lockableEncryptionProvider = new LockableEncryptionProvider(MAS.getContext(), MASUser.SESSION_LOCK_ALIAS);
                Parcel obtain = Parcel.obtain();
                try {
                    byte[] decrypt = lockableEncryptionProvider.decrypt(secureIdToken);
                    obtain.unmarshall(decrypt, 0, decrypt.length);
                    obtain.setDataPosition(0);
                    IdToken createFromParcel = IdToken.CREATOR.createFromParcel(obtain);
                    try {
                        StorageProvider.getInstance().getTokenManager().saveIdToken(createFromParcel);
                        try {
                            StorageProvider.getInstance().getTokenManager().deleteSecureIdToken();
                            lockableEncryptionProvider.clear();
                            if (!JWTValidation.isIdTokenExpired(createFromParcel)) {
                                Callback.onSuccess(mASSessionUnlockCallback, null);
                            } else {
                                logout(true, null);
                                Callback.onError(mASSessionUnlockCallback, new SecureLockException(MASFoundationStrings.TOKEN_ID_EXPIRED));
                            }
                        } catch (TokenStoreException e10) {
                            Callback.onError(mASSessionUnlockCallback, new SecureLockException("Failed to delete encrypted ID token.", e10));
                        }
                    } catch (TokenStoreException e11) {
                        Callback.onError(mASSessionUnlockCallback, new SecureLockException(MASFoundationStrings.SECURE_LOCK_FAILED_TO_SAVE_ID_TOKEN, e11));
                    }
                } catch (Exception e12) {
                    Throwable cause = e12.getCause();
                    if (cause == null || !((cause instanceof UserNotAuthenticatedException) || (cause.getCause() instanceof UserNotAuthenticatedException))) {
                        Callback.onError(mASSessionUnlockCallback, e12);
                    } else if (mASSessionUnlockCallback != null) {
                        mASSessionUnlockCallback.onUserAuthenticationRequired();
                    }
                }
            }
        };
        try {
            JSONObject localUserProfile = getLocalUserProfile();
            if (localUserProfile != null) {
                user.populate(localUserProfile);
            }
        } catch (JSONException e10) {
            if (MAS.DEBUG) {
                Log.w(MAS.TAG, "Failed to populate MASUser from local storage.", e10);
            }
        }
        Extension.inject(user);
        return user;
    }

    public static MASUser getCurrentUser() {
        if (current == null && StorageProvider.getInstance().getTokenManager().getUserProfile() != null) {
            current = createMASUser();
        }
        MASUser mASUser = current;
        if (mASUser != null && !mASUser.isAuthenticated() && !current.isSessionLocked()) {
            current = null;
        }
        return current;
    }

    private static JSONObject getLocalUserProfile() throws JSONException {
        String userProfile = StorageProvider.getInstance().getTokenManager().getUserProfile();
        if (userProfile != null) {
            return new JSONObject(userProfile);
        }
        return null;
    }

    public static void login(MASAuthCredentials mASAuthCredentials, final MASCallback<MASUser> mASCallback) {
        if (StorageProvider.getInstance().getTokenManager().getSecureIdToken() != null) {
            Callback.onError(mASCallback, new SecureLockException(MASFoundationStrings.SECURE_LOCK_SESSION_CURRENTLY_LOCKED));
        } else {
            MobileSsoFactory.getInstance().authenticate(mASAuthCredentials, new MAGResultReceiver<JSONObject>() { // from class: com.ca.mas.foundation.MASUser.2
                @Override // com.ca.mas.core.MAGResultReceiver
                public void onError(MAGError mAGError) {
                    MASUser unused = MASUser.current = null;
                    Callback.onError(MASCallback.this, mAGError);
                }

                @Override // com.ca.mas.core.MAGResultReceiver
                public void onSuccess(MASResponse<JSONObject> mASResponse) {
                    MASUser.login(MASCallback.this);
                }
            });
        }
    }

    public static void login(MASAuthorizationRequest mASAuthorizationRequest, MASAuthorizationRequestHandler mASAuthorizationRequestHandler) {
        mASAuthorizationRequestHandler.authorize(mASAuthorizationRequest);
    }

    public static void login(MASAuthorizationResponse mASAuthorizationResponse, MASCallback<MASUser> mASCallback) {
        login(new MASAuthCredentialsAuthorizationCode(mASAuthorizationResponse.getAuthorizationCode(), mASAuthorizationResponse.getState()), mASCallback);
    }

    public static void login(final MASCallback<MASUser> mASCallback) {
        MASUser createMASUser = createMASUser();
        createMASUser.requestUserInfo(new MASCallback<Void>() { // from class: com.ca.mas.foundation.MASUser.3
            @Override // com.ca.mas.foundation.MASCallback
            public void onError(Throwable th2) {
                Callback.onError(mASCallback, th2);
                MAS.processPendingRequests();
            }

            @Override // com.ca.mas.foundation.MASCallback
            public void onSuccess(Void r22) {
                MASUser unused = MASUser.current = MASUser.this;
                Callback.onSuccess(mASCallback, MASUser.current);
                MAS.processPendingRequests();
            }
        });
    }

    public static void login(MASIdToken mASIdToken, MASCallback<MASUser> mASCallback) {
        login(new MASAuthCredentialsJWT(mASIdToken), mASCallback);
    }

    public static void login(String str, char[] cArr, MASCallback<MASUser> mASCallback) {
        login(new MASAuthCredentialsPassword(str, cArr), mASCallback);
    }

    public abstract String getAccessToken();

    public abstract Bitmap getThumbnailImage();

    @Override // com.ca.mas.identity.user.MASUserIdentity
    public abstract void getUserById(String str, MASCallback<MASUser> mASCallback);

    @Override // com.ca.mas.identity.user.MASUserIdentity
    public abstract void getUserMetaData(MASCallback<UserAttributes> mASCallback);

    @Override // com.ca.mas.identity.user.MASUserIdentity
    public abstract void getUsersByFilter(MASFilteredRequest mASFilteredRequest, MASCallback<List<MASUser>> mASCallback);

    public abstract boolean isAuthenticated();

    public abstract boolean isCurrentUser();

    public abstract boolean isSessionLocked();

    public abstract void lockSession(MASCallback<Void> mASCallback);

    @Deprecated
    public abstract void logout(MASCallback<Void> mASCallback);

    public abstract void logout(boolean z10, MASCallback<Void> mASCallback);

    public abstract void removeSessionLock(MASCallback<Void> mASCallback);

    public abstract void requestUserInfo(MASCallback<Void> mASCallback);

    public abstract void unlockSession(MASSessionUnlockCallback<Void> mASSessionUnlockCallback);
}
