package org.forgerock.android.auth;

import android.content.Context;
import android.content.SharedPreferences;
import java.util.Map;
import java.util.concurrent.Executors;
import java.util.concurrent.ScheduledExecutorService;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicReference;
import org.forgerock.android.auth.exception.ApiException;
import org.forgerock.android.auth.exception.AuthenticationRequiredException;
import org.forgerock.android.auth.exception.InvalidGrantException;
import org.forgerock.android.auth.idp.IdPHandler;
import org.json.JSONException;
import org.json.JSONObject;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes4.dex */
public class DefaultTokenManager implements TokenManager {
    static final String ORG_FORGEROCK_V_1_KEYS = "org.forgerock.v1.KEYS";
    static final String ORG_FORGEROCK_V_1_TOKENS = "org.forgerock.v1.TOKENS";
    private static final String TAG = "DefaultTokenManager";
    private static final ScheduledExecutorService worker = Executors.newSingleThreadScheduledExecutor();
    private final AtomicReference<CacheEntry<AccessToken>> accessTokenRef;
    private final long cacheIntervalMillis;
    private final OAuth2Client oAuth2Client;
    private SharedPreferences sharedPreferences;
    private final long threshold;

    /* loaded from: classes4.dex */
    public static class DefaultTokenManagerBuilder {
        private Long cacheIntervalMillis;
        private Context context;
        private OAuth2Client oAuth2Client;
        private SharedPreferences sharedPreferences;
        private Long threshold;

        DefaultTokenManagerBuilder() {
        }

        public DefaultTokenManager build() {
            return new DefaultTokenManager(this.context, this.oAuth2Client, this.sharedPreferences, this.cacheIntervalMillis, this.threshold);
        }

        public DefaultTokenManagerBuilder cacheIntervalMillis(Long l) {
            this.cacheIntervalMillis = l;
            return this;
        }

        public DefaultTokenManagerBuilder context(Context context) {
            if (context == null) {
                throw new NullPointerException("context is marked non-null but is null");
            }
            this.context = context;
            return this;
        }

        public DefaultTokenManagerBuilder oAuth2Client(OAuth2Client oAuth2Client) {
            this.oAuth2Client = oAuth2Client;
            return this;
        }

        public DefaultTokenManagerBuilder sharedPreferences(SharedPreferences sharedPreferences) {
            this.sharedPreferences = sharedPreferences;
            return this;
        }

        public DefaultTokenManagerBuilder threshold(Long l) {
            this.threshold = l;
            return this;
        }

        public String toString() {
            return "DefaultTokenManager.DefaultTokenManagerBuilder(context=" + this.context + ", oAuth2Client=" + this.oAuth2Client + ", sharedPreferences=" + this.sharedPreferences + ", cacheIntervalMillis=" + this.cacheIntervalMillis + ", threshold=" + this.threshold + ")";
        }
    }

    public DefaultTokenManager(Context context, OAuth2Client oAuth2Client, SharedPreferences sharedPreferences, Long l, Long l2) {
        sharedPreferences = sharedPreferences == null ? new SecuredSharedPreferences(context, ORG_FORGEROCK_V_1_TOKENS, ORG_FORGEROCK_V_1_KEYS) : sharedPreferences;
        this.sharedPreferences = sharedPreferences;
        Logger.debug(TAG, "Using SharedPreference: %s", sharedPreferences.getClass().getSimpleName());
        this.oAuth2Client = oAuth2Client;
        this.accessTokenRef = new AtomicReference<>();
        this.cacheIntervalMillis = l == null ? context.getResources().getInteger(R.integer.forgerock_oauth_cache) * 1000 : l.longValue();
        this.threshold = l2 == null ? context.getResources().getInteger(R.integer.forgerock_oauth_threshold) : l2.longValue();
    }

    public static DefaultTokenManagerBuilder builder() {
        return new DefaultTokenManagerBuilder();
    }

    private void cache(AccessToken accessToken) {
        long j = this.cacheIntervalMillis;
        if (j > 0) {
            this.accessTokenRef.set(new CacheEntry<>(accessToken, j));
            worker.schedule(new Runnable() { // from class: org.forgerock.android.auth.DefaultTokenManager$$ExternalSyntheticLambda0
                @Override // java.lang.Runnable
                public final void run() {
                    DefaultTokenManager.this.lambda$cache$0();
                }
            }, this.cacheIntervalMillis, TimeUnit.MILLISECONDS);
        }
    }

    private AccessToken getAccessTokenLocally() {
        CacheEntry<AccessToken> cacheEntry = this.accessTokenRef.get();
        if (cacheEntry != null) {
            if (!cacheEntry.isExpired()) {
                Logger.debug(TAG, "Retrieving Access Token from cache", new Object[0]);
                return cacheEntry.getValue();
            }
            this.accessTokenRef.set(null);
        }
        String string = this.sharedPreferences.getString(IdPHandler.ACCESS_TOKEN, null);
        if (string == null) {
            return null;
        }
        AccessToken fromJson = AccessToken.fromJson(string);
        cache(fromJson);
        return fromJson;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public /* synthetic */ void lambda$cache$0() {
        Logger.debug(TAG, "Removing Access Token from cache.", new Object[0]);
        this.accessTokenRef.set(null);
    }

    @Override // org.forgerock.android.auth.TokenManager
    public void clear() {
        this.accessTokenRef.set(null);
        this.sharedPreferences.edit().clear().commit();
        EventDispatcher.TOKEN_REMOVED.notifyObservers();
    }

    @Override // org.forgerock.android.auth.TokenManager
    public void exchangeToken(String str, PKCE pkce, Map<String, String> map, FRListener<AccessToken> fRListener) {
        this.oAuth2Client.token(null, str, pkce, map, new OAuth2ResponseHandler(), fRListener);
    }

    @Override // org.forgerock.android.auth.TokenManager
    public void exchangeToken(SSOToken sSOToken, Map<String, String> map, FRListener<AccessToken> fRListener) {
        this.oAuth2Client.exchangeToken(sSOToken, map, fRListener);
    }

    @Override // org.forgerock.android.auth.TokenManager
    public void getAccessToken(AccessTokenVerifier accessTokenVerifier, final FRListener<AccessToken> fRListener) {
        AccessToken accessTokenLocally = getAccessTokenLocally();
        if (accessTokenLocally == null) {
            Listener.onException(fRListener, new AuthenticationRequiredException("No Access Token, authentication is required."));
            return;
        }
        accessTokenLocally.setPersisted(true);
        if (accessTokenVerifier != null && !accessTokenVerifier.isValid(accessTokenLocally)) {
            revoke(new FRListener<Void>() { // from class: org.forgerock.android.auth.DefaultTokenManager.1
                @Override // org.forgerock.android.auth.FRListener
                public void onException(Exception exc) {
                    Listener.onException(fRListener, new AuthenticationRequiredException("Access Token is not valid, authentication is required."));
                }

                @Override // org.forgerock.android.auth.FRListener
                public void onSuccess(Void r3) {
                    Listener.onException(fRListener, new AuthenticationRequiredException("Access Token is not valid, authentication is required."));
                }
            });
        } else if (!accessTokenLocally.isExpired(this.threshold)) {
            Listener.onSuccess(fRListener, accessTokenLocally);
        } else {
            Logger.debug(TAG, "Access Token Expired!", new Object[0]);
            refresh(accessTokenLocally, fRListener);
        }
    }

    @Override // org.forgerock.android.auth.TokenManager
    public boolean hasToken() {
        return this.sharedPreferences.getString(IdPHandler.ACCESS_TOKEN, null) != null;
    }

    @Override // org.forgerock.android.auth.TokenManager
    public void persist(AccessToken accessToken) {
        cache(accessToken);
        this.sharedPreferences.edit().putString(IdPHandler.ACCESS_TOKEN, accessToken.toJson()).commit();
    }

    @Override // org.forgerock.android.auth.TokenManager
    public void refresh(AccessToken accessToken, final FRListener<AccessToken> fRListener) {
        String refreshToken = accessToken.getRefreshToken();
        if (refreshToken == null) {
            clear();
            Listener.onException(fRListener, new AuthenticationRequiredException("Refresh Token does not exists."));
        } else {
            if (!accessToken.isExpired()) {
                this.oAuth2Client.revoke(accessToken, false, null);
            }
            Logger.debug(TAG, "Exchange AccessToken with Refresh Token", new Object[0]);
            this.oAuth2Client.refresh(accessToken.getSessionToken(), refreshToken, new FRListener<AccessToken>() { // from class: org.forgerock.android.auth.DefaultTokenManager.2
                @Override // org.forgerock.android.auth.FRListener
                public void onException(Exception exc) {
                    Logger.debug(DefaultTokenManager.TAG, "Exchange AccessToken with Refresh Token Failed: %s", exc.getMessage());
                    if ((exc instanceof ApiException) && exc.getMessage() != null && ((ApiException) exc).getStatusCode() == 400) {
                        try {
                            if (new JSONObject(exc.getMessage()).getString("error").equals("invalid_grant")) {
                                DefaultTokenManager.this.clear();
                                Listener.onException(fRListener, new InvalidGrantException("Failed to refresh, due to invalid grant", exc));
                                return;
                            }
                        } catch (JSONException unused) {
                        }
                    }
                    Listener.onException(fRListener, exc);
                }

                @Override // org.forgerock.android.auth.FRListener
                public void onSuccess(AccessToken accessToken2) {
                    Logger.debug(DefaultTokenManager.TAG, "Exchange AccessToken with Refresh Token Success", new Object[0]);
                    DefaultTokenManager.this.persist(accessToken2);
                    accessToken2.setPersisted(true);
                    Listener.onSuccess(fRListener, accessToken2);
                }
            });
        }
    }

    @Override // org.forgerock.android.auth.TokenManager
    public void revoke(final FRListener<Void> fRListener) {
        final AccessToken accessTokenLocally = getAccessTokenLocally();
        clear();
        if (accessTokenLocally == null) {
            Listener.onException(fRListener, new IllegalStateException("Access Token Not found!"));
        } else {
            Logger.debug(TAG, "Revoking AccessToken & Refresh Token.", new Object[0]);
            this.oAuth2Client.revoke(accessTokenLocally, new FRListener<Void>() { // from class: org.forgerock.android.auth.DefaultTokenManager.3
                private boolean endSession(boolean z) {
                    if (accessTokenLocally.getSessionToken() != null || !StringUtils.isNotEmpty(accessTokenLocally.getIdToken())) {
                        return false;
                    }
                    if (z) {
                        DefaultTokenManager.this.oAuth2Client.endSession(accessTokenLocally.getIdToken(), fRListener);
                        return true;
                    }
                    DefaultTokenManager.this.oAuth2Client.endSession(accessTokenLocally.getIdToken(), null);
                    return true;
                }

                @Override // org.forgerock.android.auth.FRListener
                public void onException(Exception exc) {
                    Logger.debug(DefaultTokenManager.TAG, "Revoking AccessToken & Refresh Token failed: %s", exc.getMessage());
                    endSession(false);
                    Listener.onException(fRListener, exc);
                }

                @Override // org.forgerock.android.auth.FRListener
                public void onSuccess(Void r4) {
                    Logger.debug(DefaultTokenManager.TAG, "Revoking AccessToken & Refresh Token Success", new Object[0]);
                    if (endSession(true)) {
                        return;
                    }
                    Listener.onSuccess(fRListener, r4);
                }
            });
        }
    }
}
