package com.ca.mas.core.oauth;

import android.content.Context;
import android.net.Uri;
import android.util.Base64;
import android.util.Pair;
import com.ca.mas.core.MobileSsoConfig;
import com.ca.mas.core.client.ServerClient;
import com.ca.mas.core.conf.ConfigurationManager;
import com.ca.mas.core.conf.ConfigurationProvider;
import com.ca.mas.core.context.MssoContext;
import com.ca.mas.core.error.MAGException;
import com.ca.mas.core.io.Charsets;
import com.ca.mas.core.io.IoUtils;
import com.ca.mas.core.service.AuthenticationProvider;
import com.ca.mas.core.service.Provider;
import com.ca.mas.core.token.IdToken;
import com.ca.mas.foundation.FoundationConsts;
import com.ca.mas.foundation.MASRequest;
import com.ca.mas.foundation.MASRequestBody;
import com.ca.mas.foundation.MASResponse;
import com.ca.mas.foundation.MASResponseBody;
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import java.security.SecureRandom;
import java.util.ArrayList;
import org.json.JSONArray;
import org.json.JSONException;
import org.json.JSONObject;

/* loaded from: classes.dex */
public class OAuthClient extends ServerClient {
    public static final String AUTHORIZATION = "authorization";
    public static final String AUTH_URL = "auth_url";
    public static final String CODE = "code";
    public static final String CODE_CHALLENGE = "code_challenge";
    public static final String CODE_CHALLENGE_METHOD = "code_challenge_method";
    private static final String DEFAULT_DISPLAY = "social_login";
    public static final String DISPLAY = "display";
    public static final String ID = "id";
    public static final String IDP = "idp";
    public static final String ID_TOKEN = "id_token";
    public static final String ID_TOKEN_TYPE = "id_token_type";
    private static final int INVALID_CLIENT_CREDENTIALS = 3000201;
    public static final String LOGOUT_APPS = "logout_apps";
    public static final String MSSO_REGISTER = "msso_register";
    public static final String POLL_URL = "poll_url";
    public static final String PROVIDER = "provider";
    public static final String PROVIDERS = "providers";
    public static final String REDIRECT_URI = "redirect_uri";
    public static final String RESPONSE_TYPE = "response_type";
    public static final String STATE = "state";
    public static final String TOKEN = "token";
    public static final String TOKEN_TYPE = "token_type_hint";

    public OAuthClient(MssoContext mssoContext) {
        super(mssoContext);
    }

    public AuthenticationProvider getSocialPlatformProvider(Context context) throws OAuthException, OAuthServerException {
        String str;
        PKCE generateCodeChallenge;
        ConfigurationProvider configurationProvider = this.mssoContext.getConfigurationProvider();
        String str2 = (String) configurationProvider.getProperty(MobileSsoConfig.PROP_AUTHORIZE_REDIRECT_URI);
        ArrayList arrayList = new ArrayList();
        if (str2 != null) {
            Uri.Builder buildUpon = Uri.parse(configurationProvider.getTokenUri(MobileSsoConfig.PROP_TOKEN_URL_SUFFIX_AUTHORIZE).toString()).buildUpon();
            buildUpon.appendQueryParameter(ServerClient.CLIENT_ID, this.mssoContext.getClientId());
            buildUpon.appendQueryParameter(RESPONSE_TYPE, CODE);
            buildUpon.appendQueryParameter("display", DEFAULT_DISPLAY);
            Boolean bool = (Boolean) configurationProvider.getProperty(MobileSsoConfig.PROP_SSO_ENABLED);
            if (bool == null) {
                bool = Boolean.TRUE;
            }
            String clientScope = configurationProvider.getClientScope();
            if (clientScope == null) {
                clientScope = "";
            }
            if (bool.booleanValue() && !clientScope.contains(ServerClient.OPENID)) {
                clientScope = clientScope + FoundationConsts.SPACE + ServerClient.OPENID;
            }
            if (!this.mssoContext.isDeviceRegistered() && !clientScope.contains("msso_register")) {
                clientScope = clientScope + FoundationConsts.SPACE + "msso_register";
            }
            if (this.mssoContext.isDeviceRegistered()) {
                clientScope = clientScope.replace("msso_register", "");
            }
            if (clientScope.length() > 0) {
                buildUpon.appendQueryParameter("scope", clientScope.trim());
            }
            buildUpon.appendQueryParameter(REDIRECT_URI, str2);
            if (ConfigurationManager.getInstance().isPKCEEnabled() && (generateCodeChallenge = OAuthClientUtil.generateCodeChallenge()) != null) {
                buildUpon.appendQueryParameter(CODE_CHALLENGE, generateCodeChallenge.codeChallenge);
                buildUpon.appendQueryParameter(CODE_CHALLENGE_METHOD, generateCodeChallenge.codeChallengeMethod);
                byte[] bArr = new byte[16];
                new SecureRandom().nextBytes(bArr);
                String encodeToString = Base64.encodeToString(bArr, 11);
                CodeVerifierCache.getInstance().store(encodeToString, generateCodeChallenge.codeVerifier);
                buildUpon.appendQueryParameter(STATE, encodeToString);
            }
            try {
                MASResponse execute = this.mssoContext.getMAGHttpClient().execute(new MASRequest.MASRequestBuilder(new URI(buildUpon.build().toString())).responseBody(MASResponseBody.jsonBody()).build());
                if (execute.getResponseCode() != 200) {
                    if (ServerClient.findErrorCode(execute) == INVALID_CLIENT_CREDENTIALS) {
                        this.mssoContext.clearClientCredentials();
                    }
                    throw ((OAuthServerException) ServerClient.createServerException(execute, OAuthServerException.class));
                }
                JSONObject jSONObject = (JSONObject) execute.getBody().getContent();
                str = jSONObject.getString(IDP);
                JSONArray jSONArray = jSONObject.getJSONArray(PROVIDERS);
                for (int i10 = 0; i10 < jSONArray.length(); i10++) {
                    JSONObject jSONObject2 = jSONArray.getJSONObject(i10).getJSONObject(PROVIDER);
                    String string = jSONObject2.getString("id");
                    arrayList.add(new Provider(string, jSONObject2.getString(AUTH_URL), jSONObject2.optString(POLL_URL), Integer.valueOf(context.getResources().getIdentifier("drawable/" + string.toLowerCase(), null, context.getPackageName()))));
                }
            } catch (IOException e10) {
                throw new OAuthException(-1, "Unable to retrieve Social Login Providers: " + e10.getMessage(), e10);
            } catch (URISyntaxException e11) {
                throw new OAuthException(-1, e11);
            } catch (JSONException e12) {
                throw new OAuthException(-1, "response from " + buildUpon.toString() + " was not valid response: " + e12.getMessage(), e12);
            }
        } else {
            str = AuthenticationProvider.ENTERPRISE;
        }
        return new AuthenticationProvider(str, arrayList);
    }

    public void logout(IdToken idToken, String str, String str2, boolean z10) throws OAuthServerException, OAuthException {
        ArrayList arrayList = new ArrayList();
        arrayList.add(new Pair(ID_TOKEN, idToken.getValue()));
        arrayList.add(new Pair(ID_TOKEN_TYPE, idToken.getType()));
        arrayList.add(new Pair(LOGOUT_APPS, Boolean.toString(z10)));
        try {
            obtainServerResponseToPostedForm(new MASRequest.MASRequestBuilder(this.conf.getTokenUri(MobileSsoConfig.PROP_TOKEN_URL_SUFFIX_RESOURCE_OWNER_LOGOUT)).post(MASRequestBody.urlEncodedFormBody(arrayList)).responseBody(MASResponseBody.stringBody()).header(AUTHORIZATION, "Basic " + IoUtils.base64(str + FoundationConsts.COLON + str2, Charsets.ASCII)).build());
        } catch (MAGException e10) {
            throw new OAuthException(-1, e10);
        } catch (OAuthServerException e11) {
            if (e11.getErrorCode() == INVALID_CLIENT_CREDENTIALS) {
                this.mssoContext.clearClientCredentials();
            }
            throw e11;
        }
    }
}
