package com.auth0.android.provider;

import android.content.Context;
import android.net.Uri;
import android.text.TextUtils;
import android.util.Base64;
import android.util.Log;
import com.auth0.android.Auth0;
import com.auth0.android.Auth0Exception;
import com.auth0.android.authentication.AuthenticationAPIClient;
import com.auth0.android.authentication.AuthenticationException;
import com.auth0.android.callback.Callback;
import com.auth0.android.request.internal.Jwt;
import com.auth0.android.request.internal.OidcUtils;
import com.auth0.android.result.Credentials;
import java.security.SecureRandom;
import java.util.Arrays;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
import je.c0;
import je.g;
import je.l;
import kotlin.text.x;
import zd.j0;

/* compiled from: OAuthManager.kt */
/* loaded from: classes.dex */
public final class OAuthManager extends ResumableManager {
    public static final Companion Companion = new Companion(null);
    private static final String TAG = OAuthManager.class.getSimpleName();
    private Long _currentTimeInMillis;
    private final Auth0 account;
    private final AuthenticationAPIClient apiClient;
    private final Callback<Credentials, AuthenticationException> callback;
    private final CustomTabsOptions ctOptions;
    private final Map<String, String> headers;
    private String idTokenVerificationIssuer;
    private Integer idTokenVerificationLeeway;
    private final boolean launchAsTwa;
    private final Map<String, String> parameters;
    private PKCE pkce;
    private int requestCode;

    /* compiled from: OAuthManager.kt */
    /* loaded from: classes.dex */
    public static final class Companion {
        private Companion() {
        }

        public /* synthetic */ Companion(g gVar) {
            this();
        }

        private final String secureRandomString() {
            byte[] bArr = new byte[32];
            new SecureRandom().nextBytes(bArr);
            String encodeToString = Base64.encodeToString(bArr, 11);
            l.e(encodeToString, "encodeToString(\n        ….NO_PADDING\n            )");
            return encodeToString;
        }

        public final void assertValidState(String str, String str2) throws AuthenticationException {
            l.f(str, "requestState");
            if (l.a(str, str2)) {
                return;
            }
            String str3 = OAuthManager.TAG;
            c0 c0Var = c0.f27744a;
            String format = String.format("Received state doesn't match. Received %s but expected %s", Arrays.copyOf(new Object[]{str2, str}, 2));
            l.e(format, "format(format, *args)");
            Log.e(str3, format);
            throw new AuthenticationException("access_denied", "The received state is invalid. Try again.");
        }

        public final String getRandomString(String str) {
            return str == null ? secureRandomString() : str;
        }
    }

    public OAuthManager(Auth0 auth0, Callback<Credentials, AuthenticationException> callback, Map<String, String> map, CustomTabsOptions customTabsOptions, boolean z10) {
        Map<String, String> s10;
        l.f(auth0, "account");
        l.f(callback, "callback");
        l.f(map, "parameters");
        l.f(customTabsOptions, "ctOptions");
        this.account = auth0;
        this.callback = callback;
        this.launchAsTwa = z10;
        this.headers = new HashMap();
        s10 = j0.s(map);
        this.parameters = s10;
        s10.put("response_type", "code");
        this.apiClient = new AuthenticationAPIClient(auth0);
        this.ctOptions = customTabsOptions;
    }

    private final void addClientParameters(Map<String, String> map, String str) {
        map.put("auth0Client", this.account.getAuth0UserAgent().getValue());
        map.put("client_id", this.account.getClientId());
        map.put("redirect_uri", str);
    }

    private final void addPKCEParameters(Map<String, String> map, String str, Map<String, String> map2) {
        createPKCE(str, map2);
        PKCE pkce = this.pkce;
        l.c(pkce);
        String codeChallenge = pkce.getCodeChallenge();
        l.e(codeChallenge, "codeChallenge");
        map.put("code_challenge", codeChallenge);
        map.put("code_challenge_method", "S256");
        Log.v(TAG, "Using PKCE authentication flow");
    }

    private final void addValidationParameters(Map<String, String> map) {
        Companion companion = Companion;
        String randomString = companion.getRandomString(map.get("state"));
        String randomString2 = companion.getRandomString(map.get("nonce"));
        map.put("state", randomString);
        map.put("nonce", randomString2);
    }

    private final void assertNoError(String str, String str2) throws AuthenticationException {
        boolean z10;
        boolean z11;
        if (str == null) {
            return;
        }
        Log.e(TAG, "Error, access denied. Check that the required Permissions are granted and that the Application has this Connection configured in Auth0 Dashboard.");
        z10 = x.z("access_denied", str, true);
        if (z10) {
            if (str2 == null) {
                str2 = "Permissions were not granted. Try again.";
            }
            throw new AuthenticationException("access_denied", str2);
        }
        z11 = x.z("unauthorized", str, true);
        if (z11) {
            l.c(str2);
            throw new AuthenticationException("unauthorized", str2);
        }
        if (l.a("login_required", str)) {
            l.c(str2);
            throw new AuthenticationException(str, str2);
        }
        if (str2 == null) {
            str2 = "An unexpected error occurred.";
        }
        throw new AuthenticationException(str, str2);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public final void assertValidIdToken(String str, final Callback<Void, Auth0Exception> callback) {
        if (TextUtils.isEmpty(str)) {
            callback.onFailure(new IdTokenMissingException());
            return;
        }
        try {
            l.c(str);
            final Jwt jwt = new Jwt(str);
            SignatureVerifier.forAsymmetricAlgorithm(jwt.getKeyId(), this.apiClient, new Callback<SignatureVerifier, TokenValidationException>() { // from class: com.auth0.android.provider.OAuthManager$assertValidIdToken$signatureVerifierCallback$1
                @Override // com.auth0.android.callback.Callback
                public void onFailure(TokenValidationException tokenValidationException) {
                    l.f(tokenValidationException, "error");
                    callback.onFailure(tokenValidationException);
                }

                @Override // com.auth0.android.callback.Callback
                public void onSuccess(SignatureVerifier signatureVerifier) {
                    String str2;
                    AuthenticationAPIClient authenticationAPIClient;
                    Map map;
                    Integer num;
                    Map map2;
                    Map map3;
                    l.f(signatureVerifier, "result");
                    str2 = this.idTokenVerificationIssuer;
                    l.c(str2);
                    authenticationAPIClient = this.apiClient;
                    IdTokenVerificationOptions idTokenVerificationOptions = new IdTokenVerificationOptions(str2, authenticationAPIClient.getClientId(), signatureVerifier);
                    map = this.parameters;
                    String str3 = (String) map.get("max_age");
                    if (!TextUtils.isEmpty(str3)) {
                        l.c(str3);
                        idTokenVerificationOptions.setMaxAge(Integer.valueOf(str3));
                    }
                    num = this.idTokenVerificationLeeway;
                    idTokenVerificationOptions.setClockSkew(num);
                    map2 = this.parameters;
                    idTokenVerificationOptions.setNonce((String) map2.get("nonce"));
                    idTokenVerificationOptions.setClock(new Date(this.getCurrentTimeInMillis$auth0_release()));
                    map3 = this.parameters;
                    idTokenVerificationOptions.setOrganization((String) map3.get("organization"));
                    try {
                        new IdTokenVerifier().verify(jwt, idTokenVerificationOptions, true);
                        callback.onSuccess(null);
                    } catch (TokenValidationException e10) {
                        callback.onFailure(e10);
                    }
                }
            });
        } catch (Exception e10) {
            callback.onFailure(new UnexpectedIdTokenException(e10));
        }
    }

    private final Uri buildAuthorizeUri() {
        Uri.Builder buildUpon = Uri.parse(this.account.getAuthorizeUrl()).buildUpon();
        for (Map.Entry<String, String> entry : this.parameters.entrySet()) {
            buildUpon.appendQueryParameter(entry.getKey(), entry.getValue());
        }
        Uri build = buildUpon.build();
        Log.d(TAG, "Using the following Authorize URI: " + build);
        l.e(build, "uri");
        return build;
    }

    private final void createPKCE(String str, Map<String, String> map) {
        if (this.pkce == null) {
            this.pkce = new PKCE(this.apiClient, str, map);
        }
    }

    public final long getCurrentTimeInMillis$auth0_release() {
        Long l10 = this._currentTimeInMillis;
        if (l10 == null) {
            return System.currentTimeMillis();
        }
        l.c(l10);
        return l10.longValue();
    }

    @Override // com.auth0.android.provider.ResumableManager
    public boolean resume(AuthorizeResult authorizeResult) {
        l.f(authorizeResult, "result");
        if (!authorizeResult.isValid(this.requestCode)) {
            Log.w(TAG, "The Authorize Result is invalid.");
            return false;
        }
        if (authorizeResult.isCanceled()) {
            this.callback.onFailure(new AuthenticationException("a0.authentication_canceled", "The user closed the browser app and the authentication was canceled."));
            return true;
        }
        Map<String, String> valuesFromUri = CallbackHelper.getValuesFromUri(authorizeResult.getIntentData());
        l.e(valuesFromUri, "getValuesFromUri(result.intentData)");
        if (valuesFromUri.isEmpty()) {
            Log.w(TAG, "The response didn't contain any of these values: code, state");
            return false;
        }
        Log.d(TAG, "The parsed CallbackURI contains the following parameters: " + valuesFromUri.keySet());
        try {
            assertNoError(valuesFromUri.get("error"), valuesFromUri.get("error_description"));
            Companion companion = Companion;
            String str = this.parameters.get("state");
            l.c(str);
            companion.assertValidState(str, valuesFromUri.get("state"));
            PKCE pkce = this.pkce;
            l.c(pkce);
            pkce.getToken(valuesFromUri.get("code"), new Callback<Credentials, AuthenticationException>() { // from class: com.auth0.android.provider.OAuthManager$resume$1
                @Override // com.auth0.android.callback.Callback
                public void onFailure(AuthenticationException authenticationException) {
                    Callback callback;
                    AuthenticationAPIClient authenticationAPIClient;
                    l.f(authenticationException, "error");
                    if (l.a("Unauthorized", authenticationException.getDescription())) {
                        String str2 = PKCE.TAG;
                        StringBuilder sb2 = new StringBuilder();
                        sb2.append("Unable to complete authentication with PKCE. PKCE support can be enabled by setting Application Type to 'Native' and Token Endpoint Authentication Method to 'None' for this app at 'https://manage.auth0.com/#/applications/");
                        authenticationAPIClient = OAuthManager.this.apiClient;
                        sb2.append(authenticationAPIClient.getClientId());
                        sb2.append("/settings'.");
                        Log.e(str2, sb2.toString());
                    }
                    callback = OAuthManager.this.callback;
                    callback.onFailure(authenticationException);
                }

                @Override // com.auth0.android.callback.Callback
                public void onSuccess(final Credentials credentials) {
                    l.f(credentials, "credentials");
                    OAuthManager oAuthManager = OAuthManager.this;
                    String idToken = credentials.getIdToken();
                    final OAuthManager oAuthManager2 = OAuthManager.this;
                    oAuthManager.assertValidIdToken(idToken, new Callback<Void, Auth0Exception>() { // from class: com.auth0.android.provider.OAuthManager$resume$1$onSuccess$1
                        @Override // com.auth0.android.callback.Callback
                        public void onFailure(Auth0Exception auth0Exception) {
                            Callback callback;
                            l.f(auth0Exception, "error");
                            AuthenticationException authenticationException = new AuthenticationException("Could not verify the ID token", auth0Exception);
                            callback = OAuthManager.this.callback;
                            callback.onFailure(authenticationException);
                        }

                        @Override // com.auth0.android.callback.Callback
                        public void onSuccess(Void r22) {
                            Callback callback;
                            callback = OAuthManager.this.callback;
                            callback.onSuccess(credentials);
                        }
                    });
                }
            });
            return true;
        } catch (AuthenticationException e10) {
            this.callback.onFailure(e10);
            return true;
        }
    }

    public final void setHeaders(Map<String, String> map) {
        l.f(map, "headers");
        this.headers.putAll(map);
    }

    public final void setIdTokenVerificationIssuer(String str) {
        if (TextUtils.isEmpty(str)) {
            str = this.apiClient.getBaseURL();
        }
        this.idTokenVerificationIssuer = str;
    }

    public final void setIdTokenVerificationLeeway(Integer num) {
        this.idTokenVerificationLeeway = num;
    }

    public final void setPKCE(PKCE pkce) {
        this.pkce = pkce;
    }

    public final void startAuthentication(Context context, String str, int i10) {
        l.f(context, "context");
        l.f(str, "redirectUri");
        OidcUtils.INSTANCE.includeDefaultScope(this.parameters);
        addPKCEParameters(this.parameters, str, this.headers);
        addClientParameters(this.parameters, str);
        addValidationParameters(this.parameters);
        Uri buildAuthorizeUri = buildAuthorizeUri();
        this.requestCode = i10;
        AuthenticationActivity.Companion.authenticateUsingBrowser$auth0_release(context, buildAuthorizeUri, this.launchAsTwa, this.ctOptions);
    }
}
