package com.amazon.atozm.auth;

import android.content.Context;
import android.content.Intent;
import android.content.SharedPreferences;
import android.os.Build;
import android.util.Base64;
import com.amazon.atozm.MainApplication;
import com.amazon.atozm.exceptions.FailedToDecryptPreferenceValue;
import com.amazon.atozm.exceptions.FailedToEncryptPreferenceValue;
import com.amazon.atozm.lifecycle.ReloadManager;
import com.amazon.atozm.logging.Logger;
import com.amazon.atozm.login.BaseIdentityPickerFragment;
import com.amazon.atozm.login.IdentityPreference;
import com.amazon.atozm.login.IdentityPreferenceStore;
import com.amazon.atozm.login.LoginPreference;
import com.amazon.atozm.metrics.ESSMMetric;
import com.amazon.atozm.metrics.Metrics;
import com.amazon.atozm.net.ConnectionMonitor;
import com.amazon.atozm.weblab.ESSMFeature;
import com.amazon.atozm.weblab.WeblabWrapper;
import com.amazonaws.mobileconnectors.cognitoidentityprovider.util.CognitoJWTParser;
import com.facebook.react.modules.core.DeviceEventManagerModule;
import com.google.common.base.Strings;
import java.io.IOException;
import java.security.KeyStoreException;
import java.util.Date;
import java.util.Map;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicBoolean;
import java.util.concurrent.atomic.AtomicInteger;
import java.util.concurrent.atomic.AtomicReference;
import java.util.concurrent.locks.ReentrantLock;
import net.openid.appauth.AuthState;
import net.openid.appauth.AuthorizationException;
import net.openid.appauth.AuthorizationResponse;
import net.openid.appauth.TokenRequest;
import net.openid.appauth.TokenResponse;
import okhttp3.Call;
import okhttp3.MediaType;
import okhttp3.OkHttpClient;
import okhttp3.Request;
import okhttp3.RequestBody;
import org.json.JSONException;

/* loaded from: classes.dex */
public class AuthenticationStateManager {
    private static final String ALUMNI_STRING = "alumni";
    private static final String APP_KEY = "app_key";
    private static final String CLIENT_SECRET_KEY = "client_secret";
    private static final String PERSON_ID_PATTERN = "^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}$";
    private static final String SHARED_PREFERENCES_NAME = "AtoZSharedPreferences";
    private static final String STATE_KEY = "auth_state";
    private static WeblabWrapper weblabWrapper;
    private KeyStoreAdapter keyStoreAdapter;
    private SharedPreferences sharedPreferences;
    private static final Long REFRESH_EARLY_MS = Long.valueOf(TimeUnit.MINUTES.toMillis(5));
    private static final AtomicReference<AuthenticationStateManager> INSTANCE = new AtomicReference<>(null);
    private final Logger logger = new Logger("AuthenticationStateManager");
    private final Metrics metrics = Metrics.getInstance();
    private final AtomicReference<DeviceEventManagerModule.RCTDeviceEventEmitter> eventEmitter = new AtomicReference<>(null);
    private final AtomicReference<AuthenticationTimeoutHandler> timeoutHandler = new AtomicReference<>(null);
    private AtomicReference<String> inMemoryAppKey = new AtomicReference<>();
    private AtomicReference<AuthState> inMemoryAuthState = new AtomicReference<>();
    private AtomicReference<String> inMemoryClientSecret = new AtomicReference<>();
    private final ReentrantLock sharedPreferencesLock = new ReentrantLock();
    private final ReentrantLock refreshLock = new ReentrantLock();

    private AuthenticationStateManager(Context context) {
        this.keyStoreAdapter = null;
        this.sharedPreferences = null;
        if (Build.VERSION.SDK_INT >= 23) {
            try {
                this.keyStoreAdapter = new KeyStoreAdapter();
            } catch (KeyStoreException e) {
                throw new RuntimeException("Failed to initialize keystore adapter", e);
            }
        }
        this.sharedPreferences = context.getSharedPreferences(SHARED_PREFERENCES_NAME, 0);
    }

    private void clearBrowserSession(Context context) {
        IdentityPreference identityPreference = new IdentityPreferenceStore().getIdentityPreference(context);
        if (identityPreference == null) {
            this.logger.warn("Cannot clear OAuth session because identity preference is unknown");
            System.exit(0);
        } else {
            Intent intent = new Intent(context, (Class<?>) LogoutActivity.class);
            intent.addFlags(268435456);
            intent.putExtra(mapToLogoutExtra(identityPreference), true);
            context.startActivity(intent);
        }
    }

    private String decryptValueIfSupported(String str) throws FailedToDecryptPreferenceValue {
        return Build.VERSION.SDK_INT >= 23 ? this.keyStoreAdapter.decryptPreferenceValue(str) : str;
    }

    private void emitRefreshFailure(boolean z, boolean z2, boolean z3, int i, ConnectionMonitor connectionMonitor) {
        if (z || z2) {
            this.metrics.logAndPut(ESSMMetric.FEDERATE_REFRESH_TOKEN_FAILURE);
            if (z3) {
                this.metrics.logAndPut(ESSMMetric.FEDERATE_REFRESH_TOKEN_PKCE_FAILURE);
            }
            if (z) {
                this.metrics.logAndPut(ESSMMetric.FEDERATE_REFRESH_TOKEN_FAILURE_REJECTED);
                return;
            }
            if (z2) {
                this.logger.warn("Failed to replace expired access token");
                this.metrics.logAndPut(ESSMMetric.FEDERATE_REFRESH_TOKEN_FAILURE_EXPIRED);
                if (i != AuthorizationException.GeneralErrors.NETWORK_ERROR.code) {
                    if (i == AuthorizationException.GeneralErrors.SERVER_ERROR.code) {
                        this.metrics.logAndPut(ESSMMetric.FEDERATE_REFRESH_TOKEN_FAILURE_SERVER);
                        return;
                    } else {
                        if (i == AuthorizationException.GeneralErrors.JSON_DESERIALIZATION_ERROR.code) {
                            this.metrics.logAndPut(ESSMMetric.FEDERATE_REFRESH_TOKEN_FAILURE_JSON);
                            return;
                        }
                        return;
                    }
                }
                this.metrics.logAndPut(ESSMMetric.FEDERATE_REFRESH_TOKEN_FAILURE_NETWORK);
                if (connectionMonitor != null) {
                    if (connectionMonitor.isStateChanged()) {
                        this.metrics.logAndPut(ESSMMetric.FEDERATE_REFRESH_TOKEN_NETWORK_UNAVAILABLE);
                    } else if (connectionMonitor.isTypeChanged()) {
                        this.metrics.logAndPut(ESSMMetric.FEDERATE_REFRESH_TOKEN_NETWORK_CHANGE);
                    }
                }
            }
        }
    }

    private String encryptValueIfSupported(String str) throws FailedToEncryptPreferenceValue {
        return Build.VERSION.SDK_INT >= 23 ? this.keyStoreAdapter.encryptPreferenceValue(str) : str;
    }

    public static AuthenticationStateManager getInstance(Context context) {
        AtomicReference<AuthenticationStateManager> atomicReference = INSTANCE;
        AuthenticationStateManager authenticationStateManager = atomicReference.get();
        if (authenticationStateManager == null) {
            authenticationStateManager = new AuthenticationStateManager(context);
            atomicReference.set(authenticationStateManager);
        }
        weblabWrapper = WeblabWrapper.getInstance(context);
        return authenticationStateManager;
    }

    public static boolean isEmployeeIdValid(String str) {
        return (str == null || "NULL".equalsIgnoreCase(str) || str.matches(PERSON_ID_PATTERN)) ? false : true;
    }

    private String mapToLogoutExtra(IdentityPreference identityPreference) {
        return identityPreference.isDspAssociate() ? LogoutActivity.SHOULD_LOGOUT_OF_LWA : identityPreference.isAlumni() ? LogoutActivity.SHOULD_LOGOUT_OF_IDPRISM : identityPreference.isPreboarder() ? LogoutActivity.SHOULD_LOGOUT_OF_PPV2 : LogoutActivity.CALL_PASSPORT_LOGOUT_ENDPOINT;
    }

    private void revokeRefreshToken() {
        TokenResponse lastTokenResponse = getInMemoryAuthState().getLastTokenResponse();
        if (lastTokenResponse == null) {
            return;
        }
        revokeRefreshToken(lastTokenResponse);
    }

    private void revokeRefreshToken(TokenResponse tokenResponse) {
        ExecutorService newSingleThreadExecutor = Executors.newSingleThreadExecutor();
        try {
            String str = tokenResponse.request.clientId;
            String str2 = tokenResponse.refreshToken;
            Request.Builder post = new Request.Builder().url("https://" + tokenResponse.request.configuration.tokenEndpoint.getHost() + "/api/oauth2/v1/revoke").post(RequestBody.create(MediaType.parse("application/x-www-form-urlencoded"), String.format("token=%s&token_type_hint=refresh_token", str2)));
            if (!PKCEModule.isClientPKCE(MainApplication.getAppContext(), str)) {
                post.addHeader("Authorization", String.format("Basic %s", new String(Base64.encode(String.format("%s:%s", str, getClientSecret()).getBytes(), 2))));
            }
            final Call newCall = new OkHttpClient().newCall(post.build());
            this.metrics.put(ESSMMetric.FEDERATE_REVOKE_TOKEN_COUNT);
            newSingleThreadExecutor.submit(new Runnable() { // from class: com.amazon.atozm.auth.-$$Lambda$AuthenticationStateManager$WagSPAz_Q9leEdendUcvwmWLbB4
                @Override // java.lang.Runnable
                public final void run() {
                    AuthenticationStateManager.this.lambda$revokeRefreshToken$1$AuthenticationStateManager(newCall);
                }
            });
        } finally {
            newSingleThreadExecutor.shutdown();
        }
    }

    private void setAuthState(AuthState authState) {
        setValue(STATE_KEY, authState.jsonSerializeString());
        this.inMemoryAuthState.set(authState);
    }

    private void setValue(String str, String str2) {
        this.sharedPreferencesLock.lock();
        try {
            try {
                SharedPreferences.Editor edit = this.sharedPreferences.edit();
                edit.putString(str, encryptValueIfSupported(str2));
                edit.apply();
            } catch (FailedToEncryptPreferenceValue e) {
                this.logger.warn("Failed to encrypt preference value, proceeding as if nothing happened", e);
            }
        } finally {
            this.sharedPreferencesLock.unlock();
        }
    }

    private void updateLoginReason(boolean z) {
        LoginPreference.getInstance(MainApplication.getAppContext()).setLoginReason(z ? ESSMMetric.LOGIN_REASON_INVALID_SESSION.name() : ESSMMetric.LOGIN_REASON_ACCESS_EXPIRED.name());
    }

    public void applyAuthorizationCodeResponse(AuthorizationResponse authorizationResponse, AuthorizationException authorizationException) {
        AuthState inMemoryAuthState = getInMemoryAuthState();
        inMemoryAuthState.update(authorizationResponse, authorizationException);
        setAuthState(inMemoryAuthState);
    }

    public void applyTokenResponse(TokenResponse tokenResponse, AuthorizationException authorizationException) {
        AuthState inMemoryAuthState = getInMemoryAuthState();
        inMemoryAuthState.update(tokenResponse, authorizationException);
        setAuthState(inMemoryAuthState);
        AuthTokenModule.signalEmployeeIdIsReady();
    }

    public void clearLoginTimeout() {
        AuthenticationTimeoutHandler timeoutHandler = getTimeoutHandler();
        if (timeoutHandler != null) {
            timeoutHandler.onNavigationEvent(6, null);
        }
        setTimeoutHandler(null);
    }

    public String getAppKey() {
        String str;
        this.sharedPreferencesLock.lock();
        try {
            try {
                str = this.inMemoryAppKey.get();
            } catch (Exception e) {
                this.logger.warn("Failed to retrieve app-key", e);
            }
            if (!Strings.isNullOrEmpty(str)) {
                return str;
            }
            String string = this.sharedPreferences.getString(APP_KEY, null);
            if (!Strings.isNullOrEmpty(string)) {
                return decryptValueIfSupported(string);
            }
            return null;
        } finally {
            this.sharedPreferencesLock.unlock();
        }
    }

    public String getAuthorizationCode() {
        AuthorizationResponse lastAuthorizationResponse = getInMemoryAuthState().getLastAuthorizationResponse();
        if (lastAuthorizationResponse != null) {
            return lastAuthorizationResponse.authorizationCode;
        }
        return null;
    }

    public String getClientIdFromIdToken() {
        String idToken = getInMemoryAuthState().getIdToken();
        if (idToken == null) {
            return null;
        }
        return getPropertyFromIdToken(idToken, "aud");
    }

    @Deprecated
    public String getClientSecret() {
        String str;
        this.sharedPreferencesLock.lock();
        String str2 = null;
        try {
            try {
                str = this.inMemoryClientSecret.get();
            } catch (FailedToDecryptPreferenceValue e) {
                this.logger.warn("Failed to parse or decrypt auth state, proceeding as if it did not exist", e);
            }
            if (!Strings.isNullOrEmpty(str)) {
                return str;
            }
            String string = this.sharedPreferences.getString(CLIENT_SECRET_KEY, null);
            if (!Strings.isNullOrEmpty(string)) {
                str2 = decryptValueIfSupported(string);
            }
            return str2;
        } finally {
            this.sharedPreferencesLock.unlock();
        }
    }

    public String getCurrentAccessToken() {
        String accessToken = getInMemoryAuthState().getAccessToken();
        if (Strings.isNullOrEmpty(accessToken)) {
            return null;
        }
        return accessToken;
    }

    public String getEmployeeIdFromIdToken() {
        String idToken = getInMemoryAuthState().getIdToken();
        if (idToken == null) {
            return null;
        }
        return getEmployeeIdFromIdToken(idToken);
    }

    public String getEmployeeIdFromIdToken(String str) {
        return getPropertyFromIdToken(str, "sub");
    }

    public String getFreshAccessToken(Context context) {
        return getFreshAccessToken(context, false);
    }

    /* JADX WARN: Removed duplicated region for block: B:44:0x0116 A[Catch: all -> 0x0160, TRY_ENTER, TryCatch #0 {all -> 0x0160, blocks: (B:42:0x00fd, B:45:0x0124, B:44:0x0116), top: B:41:0x00fd }] */
    /* JADX WARN: Removed duplicated region for block: B:50:0x014b A[Catch: all -> 0x015e, TryCatch #8 {all -> 0x015e, blocks: (B:48:0x0138, B:50:0x014b, B:52:0x014f, B:53:0x0154, B:55:0x0152), top: B:47:0x0138 }] */
    /* JADX WARN: Removed duplicated region for block: B:60:0x01a4 A[Catch: all -> 0x01cf, TryCatch #9 {all -> 0x01cf, blocks: (B:5:0x0016, B:8:0x0029, B:10:0x002f, B:14:0x0043, B:16:0x004e, B:18:0x0054, B:20:0x0065, B:22:0x006b, B:25:0x0071, B:28:0x009f, B:34:0x00b0, B:36:0x00e5, B:57:0x015a, B:58:0x018a, B:60:0x01a4, B:80:0x01c1, B:81:0x01c4, B:89:0x01c5, B:40:0x00f6, B:56:0x0157, B:69:0x0169, B:70:0x016c, B:87:0x0170, B:83:0x0179, B:85:0x0182), top: B:4:0x0016, inners: #6, #7 }] */
    /* JADX WARN: Removed duplicated region for block: B:72:0x0106 A[EXC_TOP_SPLITTER, SYNTHETIC] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public java.lang.String getFreshAccessToken(android.content.Context r18, java.lang.Boolean r19) {
        /*
            Method dump skipped, instructions count: 470
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.amazon.atozm.auth.AuthenticationStateManager.getFreshAccessToken(android.content.Context, java.lang.Boolean):java.lang.String");
    }

    public AuthState getInMemoryAuthState() {
        AuthState authState;
        this.sharedPreferencesLock.lock();
        try {
            try {
                authState = this.inMemoryAuthState.get();
                if (authState == null) {
                    String string = this.sharedPreferences.getString(STATE_KEY, null);
                    authState = Strings.isNullOrEmpty(string) ? new AuthState() : AuthState.jsonDeserialize(decryptValueIfSupported(string));
                }
            } finally {
                this.sharedPreferencesLock.unlock();
            }
        } catch (FailedToDecryptPreferenceValue | JSONException e) {
            this.logger.warn("Failed to parse or decrypt auth state, proceeding as if it did not exist", e);
            authState = new AuthState();
        }
        return authState;
    }

    public String getPasswordExpirationTimeFromIdToken(String str) {
        try {
            return CognitoJWTParser.getPayload(str).getString("pw_exp");
        } catch (JSONException e) {
            this.logger.warn("Failed to retrieve pw_exp (password_expiration_time) from idToken", e);
            return null;
        }
    }

    public String getPropertyFromAccessToken(String str, String str2) {
        try {
            return CognitoJWTParser.getPayload(str).getString(str2);
        } catch (JSONException e) {
            this.logger.warn(String.format("Failed to retrieve %s from access token", str2), e);
            return null;
        }
    }

    public String getPropertyFromIdToken(String str, String str2) {
        try {
            return CognitoJWTParser.getPayload(str).getString(str2);
        } catch (JSONException e) {
            this.logger.warn(String.format("Failed to retrieve %s from idToken", str2), e);
            return null;
        }
    }

    public AuthenticationTimeoutHandler getTimeoutHandler() {
        return this.timeoutHandler.get();
    }

    public TokenRequest getTokenRequest(Map<String, String> map) {
        AuthorizationResponse lastAuthorizationResponse = getInMemoryAuthState().getLastAuthorizationResponse();
        if (lastAuthorizationResponse != null) {
            return map == null ? lastAuthorizationResponse.createTokenExchangeRequest() : lastAuthorizationResponse.createTokenExchangeRequest(map);
        }
        return null;
    }

    public boolean hasAuthenticated() {
        return !Strings.isNullOrEmpty(getInMemoryAuthState().getRefreshToken());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean isAccessTokenExpiredOrMissing() {
        return isAccessTokenExpiredOrMissing(getInMemoryAuthState().getLastTokenResponse());
    }

    protected boolean isAccessTokenExpiredOrMissing(TokenResponse tokenResponse) {
        return isAccessTokenExpiringOrMissing(tokenResponse, 0L);
    }

    protected boolean isAccessTokenExpiringOrMissing(TokenResponse tokenResponse, long j) {
        Long l;
        return tokenResponse == null || (l = tokenResponse.accessTokenExpirationTime) == null || l.longValue() - new Date().getTime() < j;
    }

    public Boolean isAlumni() {
        return getInMemoryAuthState().getLastTokenResponse().request.clientId.contains(ALUMNI_STRING);
    }

    public /* synthetic */ void lambda$getFreshAccessToken$0$AuthenticationStateManager(AtomicInteger atomicInteger, AtomicBoolean atomicBoolean, AtomicReference atomicReference, AtomicBoolean atomicBoolean2, boolean z, TokenResponse tokenResponse, AuthorizationException authorizationException) {
        if (authorizationException != null) {
            this.logger.warn(String.format("Error during token refresh: %d %s", Integer.valueOf(authorizationException.code), authorizationException.error), authorizationException);
            atomicInteger.set(authorizationException.code);
            if (authorizationException.type == 2) {
                atomicBoolean.set(true);
                return;
            }
            return;
        }
        if (tokenResponse == null || tokenResponse.accessToken == null) {
            return;
        }
        applyTokenResponse(tokenResponse, authorizationException);
        atomicReference.set(tokenResponse.accessToken);
        atomicBoolean2.set(isAccessTokenExpiredOrMissing(tokenResponse));
        this.metrics.logAndPut(ESSMMetric.FEDERATE_REFRESH_TOKEN_SUCCESS);
        if (z) {
            this.metrics.logAndPut(ESSMMetric.FEDERATE_REFRESH_TOKEN_PKCE_SUCCESS);
        }
    }

    public /* synthetic */ void lambda$revokeRefreshToken$1$AuthenticationStateManager(Call call) {
        try {
            call.execute();
        } catch (IOException e) {
            this.logger.warn("Failed to revoke refresh token", e);
            this.metrics.put(ESSMMetric.FEDERATE_REVOKE_TOKEN_FAILURE);
        }
    }

    public void logout(Context context, boolean z) throws IOException {
        this.refreshLock.lock();
        try {
            TokenResponse lastTokenResponse = getInMemoryAuthState().getLastTokenResponse();
            if (lastTokenResponse == null) {
                return;
            }
            if (z) {
                resetState();
            }
            revokeRefreshToken(lastTokenResponse);
            this.metrics.logAndPut(ESSMMetric.LOGOUT_BUTTON_CLICKED);
            clearBrowserSession(context);
        } finally {
            this.refreshLock.unlock();
        }
    }

    public void resetState() {
        setAuthState(new AuthState());
    }

    public void restartAuth(Context context) {
        restartAuth(context, false);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void restartAuth(Context context, boolean z) {
        revokeRefreshToken();
        resetState();
        if (weblabWrapper.isWeblabEnabled(ESSMFeature.ATOZ_MOBILE_ANDROID_BUNDLE_RELOAD_SESSION_EXPIRATION_891478)) {
            this.metrics.logAndPut(ESSMMetric.SESSION_EXPIRATION_BUNDLE_RELOAD);
            new ReloadManager(weblabWrapper).reloadBundle();
        }
        Intent intent = new Intent(context, (Class<?>) AuthenticationActivity.class);
        intent.addFlags(1342177280);
        intent.putExtra(AuthenticationActivity.CHECK_SESSION_EXTRA, z);
        intent.putExtra(BaseIdentityPickerFragment.USERNAME_EXTRA, AccountSelector.getInstance().fetchUserAlias());
        context.startActivity(intent);
    }

    public void setAppKey(String str) {
        setValue(APP_KEY, str);
        this.inMemoryAppKey.set(str);
    }

    public void setEventEmitter(DeviceEventManagerModule.RCTDeviceEventEmitter rCTDeviceEventEmitter) {
        this.eventEmitter.set(rCTDeviceEventEmitter);
    }

    public void setTimeoutHandler(AuthenticationTimeoutHandler authenticationTimeoutHandler) {
        this.timeoutHandler.set(authenticationTimeoutHandler);
    }

    public boolean shouldExchangeCodeForTokens() {
        AuthState inMemoryAuthState = getInMemoryAuthState();
        return (Strings.isNullOrEmpty(inMemoryAuthState.getIdToken()) || Strings.isNullOrEmpty(getAuthorizationCode()) || !Strings.isNullOrEmpty(inMemoryAuthState.getRefreshToken())) ? false : true;
    }
}
