package com.ca.mas.core.context;

import android.content.Context;
import android.os.Build;
import android.os.Bundle;
import android.util.Log;
import com.ca.mas.core.EventDispatcher;
import com.ca.mas.core.MobileSsoConfig;
import com.ca.mas.core.auth.AuthenticationException;
import com.ca.mas.core.conf.ConfigurationManager;
import com.ca.mas.core.conf.ConfigurationProvider;
import com.ca.mas.core.datasource.DataSourceException;
import com.ca.mas.core.error.MAGErrorCode;
import com.ca.mas.core.error.MAGServerException;
import com.ca.mas.core.http.MAGHttpClient;
import com.ca.mas.core.policy.PolicyManager;
import com.ca.mas.core.policy.RequestInfo;
import com.ca.mas.core.policy.exceptions.CertificateExpiredException;
import com.ca.mas.core.policy.exceptions.InvalidClientCredentialException;
import com.ca.mas.core.policy.exceptions.RetryRequestException;
import com.ca.mas.core.registration.RegistrationClient;
import com.ca.mas.core.request.MAGInternalRequest;
import com.ca.mas.core.request.internal.LocalRequest;
import com.ca.mas.core.store.ClientCredentialContainer;
import com.ca.mas.core.store.OAuthTokenContainer;
import com.ca.mas.core.store.StorageProvider;
import com.ca.mas.core.store.TokenManager;
import com.ca.mas.core.store.TokenStoreException;
import com.ca.mas.core.token.ClientCredentials;
import com.ca.mas.core.token.IdToken;
import com.ca.mas.core.token.JWTValidation;
import com.ca.mas.core.token.JWTValidationException;
import com.ca.mas.foundation.MAS;
import com.ca.mas.foundation.MASAuthCredentials;
import com.ca.mas.foundation.MASConfiguration;
import com.ca.mas.foundation.MASRequest;
import com.ca.mas.foundation.MASResponse;
import java.io.IOException;
import java.util.Date;

/* loaded from: classes2.dex */
public class MssoContext {
    private static final int MAX_REQUEST_ATTEMPTS = 4;
    private static final String MSSO_CONTEXT_NOT_INITIALIZED = "MssoContext not initialized, no token manager.";
    private Context appContext;
    private ClientCredentialContainer clientCredentialTokens;
    private ConfigurationProvider configurationProvider;
    private volatile MASAuthCredentials credentials;
    private String deviceName;
    private volatile MAGHttpClient magHttpClient;
    private PolicyManager policyManager;
    private OAuthTokenContainer privateTokens;
    private boolean skipTokenRenewal;
    private TokenManager tokenManager;

    private MssoContext() {
    }

    private boolean isSsoEnabled() {
        Boolean bool = (Boolean) this.configurationProvider.getProperty(MobileSsoConfig.PROP_SSO_ENABLED);
        return bool != null && bool.booleanValue();
    }

    public static MssoContext newContext() {
        return new MssoContext();
    }

    private void rethrow(MAGServerException mAGServerException) throws RetryRequestException, MAGServerException {
        if (getCredentials() != null && !getCredentials().isReusable()) {
            clearCredentials();
        }
        String num = Integer.toString(mAGServerException.getErrorCode());
        if (num.endsWith(InvalidClientCredentialException.INVALID_CLIENT_CREDENTIAL_SUFFIX)) {
            throw new InvalidClientCredentialException(mAGServerException);
        }
        if (num.endsWith(AuthenticationException.INVALID_RESOURCE_OWNER_SUFFIX)) {
            clearCredentials();
            throw new AuthenticationException(mAGServerException);
        }
        if (num.endsWith(CertificateExpiredException.CERTIFICATE_EXPIRED_SUFFIX)) {
            throw new CertificateExpiredException(mAGServerException);
        }
        clearCredentials();
        throw mAGServerException;
    }

    private void setIdToken(IdToken idToken) {
        if (isSsoEnabled()) {
            try {
                this.tokenManager.saveIdToken(idToken);
            } catch (TokenStoreException e10) {
                throw new MssoException("Unable to store ID token: " + e10.getMessage(), e10);
            }
        }
    }

    public void clearAccessAndRefreshTokens() {
        this.privateTokens.clear();
    }

    public void clearAccessToken() {
        this.privateTokens.clearAccessToken();
    }

    public void clearClientCredentials() {
        this.clientCredentialTokens.clear();
    }

    public void clearCredentials() {
        MASAuthCredentials credentials = getCredentials();
        if (credentials != null) {
            credentials.clear();
        }
        this.credentials = null;
    }

    public void clearIdToken() {
        try {
            this.tokenManager.deleteIdToken();
        } catch (TokenStoreException e10) {
            throw new MssoException("Failed to remove ID token: " + e10.getMessage(), e10);
        }
    }

    public void clearUserProfile() {
        try {
            this.tokenManager.deleteUserProfile();
        } catch (TokenStoreException e10) {
            throw new MssoException("Failed to remove User Profile: " + e10.getMessage(), e10);
        }
    }

    public void close() {
        PolicyManager policyManager = this.policyManager;
        if (policyManager != null) {
            policyManager.close();
        }
    }

    public void destroyAllPersistentTokens() {
        if (this.tokenManager == null) {
            throw new IllegalStateException(MSSO_CONTEXT_NOT_INITIALIZED);
        }
        clearCredentials();
        try {
            try {
                this.privateTokens.clearAll();
                this.clientCredentialTokens.clearAll();
                this.tokenManager.clearAll();
            } finally {
                resetHttpClient();
            }
        } catch (DataSourceException | TokenStoreException e10) {
            throw new MssoException(e10);
        }
    }

    public void destroyPersistentTokens() {
        try {
            if (this.tokenManager == null) {
                throw new IllegalStateException(MSSO_CONTEXT_NOT_INITIALIZED);
            }
            try {
                this.privateTokens.clear();
                this.clientCredentialTokens.clear();
                this.tokenManager.clear();
            } catch (DataSourceException | TokenStoreException e10) {
                throw new MssoException(e10);
            }
        } finally {
            resetHttpClient();
        }
    }

    public MASResponse executeRequest(Bundle bundle, MASRequest mASRequest) throws Exception {
        RequestInfo requestInfo = new RequestInfo(this, mASRequest, bundle);
        final MAGInternalRequest request = requestInfo.getRequest();
        RetryRequestException e10 = null;
        while (requestInfo.getNumAttempts() < 4) {
            try {
                return mASRequest.isPublic() ? getMAGHttpClient().execute(request) : this.policyManager.execute(requestInfo, new PolicyManager.Route<MASResponse>() { // from class: com.ca.mas.core.context.MssoContext.1
                    /* JADX WARN: Can't rename method to resolve collision */
                    @Override // com.ca.mas.core.policy.PolicyManager.Route
                    public MASResponse invoke() throws IOException {
                        return request.isLocalRequest() ? ((LocalRequest) request.getRequest()).send(MssoContext.this) : MssoContext.this.getMAGHttpClient().execute(request);
                    }
                });
            } catch (MAGServerException e11) {
                if (MAS.DEBUG) {
                    Log.d(MAS.TAG, String.format("Server returned x-ca-err %d", Integer.valueOf(e11.getErrorCode())));
                }
                try {
                    rethrow(e11);
                } catch (RetryRequestException e12) {
                    e10 = e12;
                    e10.recover(this);
                    if (MAS.DEBUG) {
                        Log.d(MAS.TAG, "Attempting to retry request. " + e11.getClass());
                    }
                }
                requestInfo.incrementNumAttempts();
            } catch (RetryRequestException e13) {
                e10 = e13;
                e10.recover(this);
                if (MAS.DEBUG) {
                    Log.d(MAS.TAG, "Attempting to retry request. " + e10.getClass());
                }
                requestInfo.incrementNumAttempts();
            } catch (Exception e14) {
                clearCredentials();
                throw e14;
            }
        }
        clearCredentials();
        if (e10 != null) {
            throw e10;
        }
        throw new IOException("Too many attempts, giving up");
    }

    public String getAccessToken() {
        return this.privateTokens.getAccessToken();
    }

    public long getAccessTokenExpiry() {
        return this.privateTokens.getExpiry();
    }

    public Long getClientExpiration() {
        return this.clientCredentialTokens.getClientExpiration();
    }

    public String getClientId() {
        String clientId = this.clientCredentialTokens.getClientId();
        return clientId == null ? this.configurationProvider.getClientId() : clientId;
    }

    public String getClientSecret() {
        String clientSecret = this.clientCredentialTokens.getClientSecret();
        return clientSecret == null ? this.configurationProvider.getClientSecret() : clientSecret;
    }

    public ConfigurationProvider getConfigurationProvider() {
        return this.configurationProvider;
    }

    public MASAuthCredentials getCredentials() {
        return this.credentials;
    }

    public String getDeviceName() {
        return this.deviceName;
    }

    public boolean getDonotLogoutTokenRenewalOnServerErrors() {
        return this.skipTokenRenewal;
    }

    public String getGrantedScope() {
        return this.privateTokens.getGrantedScope();
    }

    public IdToken getIdToken() {
        TokenManager tokenManager;
        if (!isSsoEnabled() || (tokenManager = this.tokenManager) == null) {
            return null;
        }
        return tokenManager.getIdToken();
    }

    public MAGHttpClient getMAGHttpClient() {
        if (this.magHttpClient == null) {
            this.magHttpClient = new MAGHttpClient();
        }
        return this.magHttpClient;
    }

    public String getRefreshToken() {
        return this.privateTokens.getRefreshToken();
    }

    public String getStoredClientId() {
        return this.clientCredentialTokens.getClientId();
    }

    public TokenManager getTokenManager() {
        return this.tokenManager;
    }

    public void init(Context context) {
        this.appContext = context.getApplicationContext();
        this.configurationProvider = ConfigurationManager.getInstance().getConnectedGatewayConfigurationProvider();
        if (this.tokenManager == null) {
            this.tokenManager = StorageProvider.getInstance().getTokenManager();
        }
        if (this.privateTokens == null) {
            this.privateTokens = StorageProvider.getInstance().getOAuthTokenContainer();
        }
        if (this.clientCredentialTokens == null) {
            this.clientCredentialTokens = StorageProvider.getInstance().getClientCredentialContainer();
        }
        if (this.deviceName == null) {
            this.deviceName = Build.MODEL;
        }
    }

    public void initPolicyManager() {
        if (this.policyManager == null) {
            this.policyManager = new PolicyManager(this);
        }
        this.policyManager.init(this.appContext);
    }

    public boolean isClientCredentialExpired(Long l10) {
        return l10.longValue() != 0 && l10.longValue() < new Date().getTime() / 1000;
    }

    public boolean isDeviceRegistered() {
        try {
            TokenManager tokenManager = this.tokenManager;
            if (tokenManager == null || !tokenManager.isClientCertificateChainAvailable()) {
                return false;
            }
            return this.tokenManager.getMagIdentifier() != null;
        } catch (DataSourceException e10) {
            if (MAS.DEBUG) {
                Log.w(MAS.TAG, "Device not registered: " + e10);
            }
            return false;
        }
    }

    public boolean isInitialized() {
        return this.configurationProvider != null;
    }

    public boolean isLogin() {
        return (getIdToken() == null && getRefreshToken() == null) ? false : true;
    }

    public void onAccessTokenAvailable(String str, String str2, long j10, String str3) {
        if (str != null) {
            clearCredentials();
        }
        this.privateTokens.saveAccessToken(str, str2, j10, str3);
    }

    public void onDeviceRegistrationCompleted() {
        resetHttpClient();
    }

    public void onIdTokenAvailable(IdToken idToken) throws JWTValidationException {
        clearCredentials();
        String magIdentifier = this.tokenManager.getMagIdentifier();
        String clientId = getClientId();
        String clientSecret = getClientSecret();
        if (!idToken.getType().equals(IdToken.JWT_DEFAULT)) {
            setIdToken(idToken);
        } else {
            if (!JWTValidation.validateIdToken(this, idToken, magIdentifier, clientId, clientSecret)) {
                throw new JWTValidationException(MAGErrorCode.TOKEN_INVALID_ID_TOKEN, "JWT Token is not valid");
            }
            setIdToken(idToken);
        }
    }

    public void removeDeviceRegistration() {
        EventDispatcher.BEFORE_DEREGISTER.notifyObservers();
        if (this.tokenManager == null) {
            throw new IllegalStateException(MSSO_CONTEXT_NOT_INITIALIZED);
        }
        try {
            if (isDeviceRegistered()) {
                new RegistrationClient(this).removeDeviceRegistration();
            }
            EventDispatcher.AFTER_DEREGISTER.notifyObservers();
            resetHttpClient();
        } catch (Exception e10) {
            if (MAS.DEBUG) {
                Log.w(MAS.TAG, "Error in removing device registration details from the server " + e10);
            }
            throw new MssoException(e10);
        }
    }

    public void resetHttpClient() {
        MASConfiguration.SECURITY_CONFIGURATION_RESET.notifyObservers();
    }

    public void setClientCredentials(ClientCredentials clientCredentials) {
        this.clientCredentialTokens.saveClientCredentials(clientCredentials);
    }

    public void setCredentials(MASAuthCredentials mASAuthCredentials) {
        this.credentials = mASAuthCredentials;
    }

    public void setDonotLogoutTokenRenewalOnServerError(boolean z10) {
        this.skipTokenRenewal = z10;
    }

    public String takeRefreshToken() {
        return this.privateTokens.takeRefreshToken();
    }
}
