package com.auth0.android.provider;

import android.content.Intent;
import android.net.Uri;
import android.text.TextUtils;
import com.auth0.android.Auth0;
import com.auth0.android.Auth0Exception;
import com.auth0.android.authentication.AuthenticationAPIClient;
import com.auth0.android.authentication.AuthenticationException;
import com.auth0.android.authentication.ParameterBuilder;
import com.auth0.android.callback.AuthenticationCallback;
import com.auth0.android.callback.Callback;
import com.auth0.android.request.HttpMethod;
import com.auth0.android.request.internal.BaseRequest;
import com.auth0.android.request.internal.GsonAdapter;
import com.auth0.android.request.internal.Jwt;
import com.auth0.android.request.internal.RequestFactory;
import com.auth0.android.result.Credentials;
import com.facebook.stetho.websocket.CloseCodes;
import com.google.gson.Gson;
import com.google.gson.reflect.TypeToken;
import io.sentry.android.core.SentryLogcatAdapter;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.Signature;
import java.util.Arrays;
import java.util.Calendar;
import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.Objects;
import kotlin.Metadata;
import kotlin.collections.MapsKt;
import kotlin.jvm.internal.Intrinsics;
import kotlin.text.StringsKt;
import okhttp3.HttpUrl;

@Metadata
/* loaded from: classes.dex */
public final class OAuthManager extends ResumableManager {

    /* renamed from: a, reason: collision with root package name */
    public final Callback f8217a;

    /* renamed from: b, reason: collision with root package name */
    public final LinkedHashMap f8218b;

    /* renamed from: c, reason: collision with root package name */
    public final HashMap f8219c;
    public final CustomTabsOptions d;
    public final AuthenticationAPIClient e;
    public PKCE f;
    public Integer g;
    public String h;

    @Metadata
    /* loaded from: classes.dex */
    public static final class Companion {
    }

    public OAuthManager(Auth0 account, Callback callback, Map parameters, CustomTabsOptions ctOptions) {
        Intrinsics.f(account, "account");
        Intrinsics.f(parameters, "parameters");
        Intrinsics.f(ctOptions, "ctOptions");
        this.f8217a = callback;
        this.f8219c = new HashMap();
        LinkedHashMap q = MapsKt.q(parameters);
        this.f8218b = q;
        q.put("response_type", "code");
        this.e = new AuthenticationAPIClient(account);
        this.d = ctOptions;
    }

    public static void c(String str, String str2) {
        if (str == null) {
            return;
        }
        SentryLogcatAdapter.b("OAuthManager", "Error, access denied. Check that the required Permissions are granted and that the Application has this Connection configured in Auth0 Dashboard.");
        if ("access_denied".equalsIgnoreCase(str)) {
            if (str2 == null) {
                str2 = "Permissions were not granted. Try again.";
            }
            throw new AuthenticationException("access_denied", str2);
        }
        if ("unauthorized".equalsIgnoreCase(str)) {
            if (str2 == null) {
                str2 = "An unexpected error occurred.";
            }
            throw new AuthenticationException("unauthorized", str2);
        }
        if ("login_required".equals(str)) {
            if (str2 == null) {
                str2 = "An unexpected error occurred.";
            }
            throw new AuthenticationException(str, str2);
        }
        if (str2 == null) {
            str2 = "An unexpected error occurred.";
        }
        throw new AuthenticationException(str, str2);
    }

    @Override // com.auth0.android.provider.ResumableManager
    public final void a(AuthenticationException authenticationException) {
        this.f8217a.a(authenticationException);
    }

    @Override // com.auth0.android.provider.ResumableManager
    public final boolean b(AuthorizeResult authorizeResult) {
        Map map;
        int i;
        if (!authorizeResult.a() && authorizeResult.f8207a != -1) {
            SentryLogcatAdapter.f("OAuthManager", "The Authorize Result is invalid.");
            return false;
        }
        boolean a2 = authorizeResult.a();
        Callback callback = this.f8217a;
        if (a2) {
            callback.a(new AuthenticationException("a0.authentication_canceled", "The user closed the browser app and the authentication was canceled."));
            return true;
        }
        Intent intent = authorizeResult.f8208b;
        Uri data = intent == null ? null : intent.getData();
        if (data == null) {
            map = Collections.emptyMap();
        } else {
            String query = data.getQuery() != null ? data.getQuery() : data.getFragment();
            if (query == null) {
                map = new HashMap();
            } else {
                String[] split = query.length() > 0 ? query.split("&") : new String[0];
                HashMap hashMap = new HashMap(split.length);
                for (String str : split) {
                    int indexOf = str.indexOf("=");
                    String substring = indexOf > 0 ? str.substring(0, indexOf) : str;
                    String substring2 = (indexOf <= 0 || str.length() <= (i = indexOf + 1)) ? null : str.substring(i);
                    if (substring2 != null) {
                        hashMap.put(substring, substring2);
                    }
                }
                map = hashMap;
            }
        }
        Intrinsics.e(map, "getValuesFromUri(result.intentData)");
        if (map.isEmpty()) {
            SentryLogcatAdapter.f("OAuthManager", "The response didn't contain any of these values: code, state");
            return false;
        }
        Objects.toString(map.keySet());
        try {
            c((String) map.get("error"), (String) map.get("error_description"));
            Object obj = this.f8218b.get("state");
            Intrinsics.c(obj);
            String str2 = (String) obj;
            String str3 = (String) map.get("state");
            if (!str2.equals(str3)) {
                SentryLogcatAdapter.b("OAuthManager", String.format("Received state doesn't match. Received %s but expected %s", Arrays.copyOf(new Object[]{str3, str2}, 2)));
                throw new AuthenticationException("access_denied", "The received state is invalid. Try again.");
            }
            PKCE pkce = this.f;
            Intrinsics.c(pkce);
            String authorizationCode = (String) map.get("code");
            Callback<Credentials, AuthenticationException> callback2 = new Callback<Credentials, AuthenticationException>() { // from class: com.auth0.android.provider.OAuthManager$resume$1
                @Override // com.auth0.android.callback.Callback
                public final void a(Auth0Exception auth0Exception) {
                    AuthenticationException error = (AuthenticationException) auth0Exception;
                    Intrinsics.f(error, "error");
                    boolean equals = "Unauthorized".equals(error.b());
                    OAuthManager oAuthManager = OAuthManager.this;
                    if (equals) {
                        SentryLogcatAdapter.b("PKCE", "Unable to complete authentication with PKCE. PKCE support can be enabled by setting Application Type to 'Native' and Token Endpoint Authentication Method to 'None' for this app at 'https://manage.auth0.com/#/applications/" + oAuthManager.e.f8188a.f8185a + "/settings'.");
                    }
                    oAuthManager.f8217a.a(error);
                }

                /* JADX WARN: Type inference failed for: r0v2, types: [java.lang.RuntimeException, com.auth0.android.Auth0Exception] */
                /* JADX WARN: Type inference failed for: r0v3, types: [com.auth0.android.provider.OAuthManager$assertValidIdToken$signatureVerifierCallback$1] */
                /* JADX WARN: Type inference failed for: r1v0, types: [com.auth0.android.provider.OAuthManager$resume$1$onSuccess$1] */
                @Override // com.auth0.android.callback.Callback
                public final void onSuccess(Object obj2) {
                    final Credentials credentials = (Credentials) obj2;
                    Intrinsics.f(credentials, "credentials");
                    String c2 = credentials.c();
                    final OAuthManager oAuthManager = OAuthManager.this;
                    final ?? r1 = new Callback<Void, Auth0Exception>() { // from class: com.auth0.android.provider.OAuthManager$resume$1$onSuccess$1
                        /* JADX WARN: Multi-variable type inference failed */
                        /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.RuntimeException, com.auth0.android.Auth0Exception] */
                        @Override // com.auth0.android.callback.Callback
                        public final void a(Auth0Exception error) {
                            Intrinsics.f(error, "error");
                            OAuthManager.this.f8217a.a(new RuntimeException("Could not verify the ID token", error));
                        }

                        @Override // com.auth0.android.callback.Callback
                        public final void onSuccess(Object obj3) {
                            OAuthManager.this.f8217a.onSuccess(credentials);
                        }
                    };
                    oAuthManager.getClass();
                    if (TextUtils.isEmpty(c2)) {
                        r1.a(new IdTokenMissingException());
                        return;
                    }
                    try {
                        Intrinsics.c(c2);
                        final Jwt jwt = new Jwt(c2);
                        ?? r0 = new Callback<SignatureVerifier, TokenValidationException>() { // from class: com.auth0.android.provider.OAuthManager$assertValidIdToken$signatureVerifierCallback$1
                            @Override // com.auth0.android.callback.Callback
                            public final void a(Auth0Exception auth0Exception) {
                                TokenValidationException error = (TokenValidationException) auth0Exception;
                                Intrinsics.f(error, "error");
                                r1.a(error);
                            }

                            /* JADX WARN: Type inference failed for: r3v1, types: [com.auth0.android.provider.IdTokenVerificationOptions, java.lang.Object] */
                            @Override // com.auth0.android.callback.Callback
                            public final void onSuccess(Object obj3) {
                                String str4;
                                SignatureVerifier result = (SignatureVerifier) obj3;
                                Callback callback3 = r1;
                                Intrinsics.f(result, "result");
                                OAuthManager oAuthManager2 = oAuthManager;
                                String issuer = oAuthManager2.h;
                                Intrinsics.c(issuer);
                                String expected = oAuthManager2.e.f8188a.f8185a;
                                Intrinsics.f(issuer, "issuer");
                                Intrinsics.f(expected, "audience");
                                ?? obj4 = new Object();
                                LinkedHashMap linkedHashMap = oAuthManager2.f8218b;
                                String str5 = (String) linkedHashMap.get("max_age");
                                if (!TextUtils.isEmpty(str5)) {
                                    Intrinsics.c(str5);
                                    obj4.f8213c = Integer.valueOf(str5);
                                }
                                obj4.d = oAuthManager2.g;
                                obj4.f8212b = (String) linkedHashMap.get("nonce");
                                obj4.e = new Date(System.currentTimeMillis());
                                obj4.f8211a = (String) linkedHashMap.get("organization");
                                try {
                                    Jwt token = jwt;
                                    Intrinsics.f(token, "token");
                                    List list = result.f8229a;
                                    String tokenAlgorithm = token.d;
                                    if (list.contains(tokenAlgorithm) && !"none".equalsIgnoreCase(tokenAlgorithm)) {
                                        result.a(token.f8269c);
                                        String str6 = token.g;
                                        if (TextUtils.isEmpty(str6)) {
                                            throw new IssClaimMissingException();
                                        }
                                        if (!Intrinsics.a(str6, issuer)) {
                                            throw new TokenValidationException("Issuer (iss) claim mismatch in the ID token, expected \"" + issuer + "\", found \"" + str6 + '\"', null);
                                        }
                                        if (TextUtils.isEmpty(token.f)) {
                                            throw new SubClaimMissingException();
                                        }
                                        List list2 = token.o;
                                        if (list2.isEmpty()) {
                                            throw new AudClaimMissingException();
                                        }
                                        if (!list2.contains(expected)) {
                                            Intrinsics.f(expected, "expected");
                                            throw new TokenValidationException("Audience (aud) claim mismatch in the ID token; expected \"" + expected + "\" but was not one of \"" + list2 + '\"', null);
                                        }
                                        Calendar calendar = Calendar.getInstance();
                                        Date date = obj4.e;
                                        if (date == null) {
                                            date = calendar.getTime();
                                        }
                                        Integer num = obj4.d;
                                        int intValue = num != null ? num.intValue() : 60;
                                        Date date2 = token.l;
                                        if (date2 == null) {
                                            throw new ExpClaimMissingException();
                                        }
                                        calendar.setTime(date2);
                                        calendar.add(13, intValue);
                                        Date time = calendar.getTime();
                                        Intrinsics.c(date);
                                        if (date.after(time)) {
                                            long time2 = date.getTime();
                                            long j = CloseCodes.NORMAL_CLOSURE;
                                            throw new TokenValidationException("Expiration Time (exp) claim error in the ID token; current time (" + (time2 / j) + ") is after expiration time (" + Long.valueOf(time.getTime() / j) + ')', null);
                                        }
                                        if (token.k == null) {
                                            throw new IatClaimMissingException();
                                        }
                                        if (obj4.f8212b != null) {
                                            String str7 = token.h;
                                            if (TextUtils.isEmpty(str7)) {
                                                throw new NonceClaimMissingException();
                                            }
                                            if (!Intrinsics.a(obj4.f8212b, str7)) {
                                                throw new TokenValidationException("Nonce (nonce) claim mismatch in the ID token; expected \"" + obj4.f8212b + "\", found \"" + str7 + '\"', null);
                                            }
                                        }
                                        String str8 = obj4.f8211a;
                                        if (str8 != null) {
                                            if (StringsKt.M(str8, "org_", false)) {
                                                String str9 = token.i;
                                                if (TextUtils.isEmpty(str9)) {
                                                    throw new OrgClaimMissingException();
                                                }
                                                if (!str8.equals(str9)) {
                                                    throw new TokenValidationException("Organization Id (org_id) claim mismatch in the ID token; expected \"" + str8 + "\", found \"" + str9 + '\"', null);
                                                }
                                            } else {
                                                String str10 = token.j;
                                                if (TextUtils.isEmpty(str10)) {
                                                    throw new OrgNameClaimMissingException();
                                                }
                                                String lowerCase = str8.toLowerCase(Locale.ROOT);
                                                Intrinsics.e(lowerCase, "this as java.lang.String).toLowerCase(Locale.ROOT)");
                                                if (!lowerCase.equals(str10)) {
                                                    throw new TokenValidationException("Organization Name (org_name) claim mismatch in the ID token; expected \"" + str8 + "\", found \"" + str10 + '\"', null);
                                                }
                                            }
                                        }
                                        if (list2.size() > 1) {
                                            String str11 = token.m;
                                            if (TextUtils.isEmpty(str11)) {
                                                throw new AzpClaimMissingException();
                                            }
                                            if (!Intrinsics.a(expected, str11)) {
                                                Intrinsics.f(expected, "expected");
                                                throw new TokenValidationException("Authorized Party (azp) claim mismatch in the ID token; expected \"" + expected + "\", found \"" + str11 + '\"', null);
                                            }
                                        }
                                        if (obj4.f8213c != null) {
                                            Date date3 = token.n;
                                            if (date3 == null) {
                                                throw new AuthTimeClaimMissingException();
                                            }
                                            calendar.setTime(date3);
                                            Integer num2 = obj4.f8213c;
                                            Intrinsics.c(num2);
                                            calendar.add(13, num2.intValue());
                                            calendar.add(13, intValue);
                                            Date time3 = calendar.getTime();
                                            if (date.after(time3)) {
                                                long time4 = date.getTime();
                                                long j2 = CloseCodes.NORMAL_CLOSURE;
                                                throw new TokenValidationException("Authentication Time (auth_time) claim in the ID token indicates that too much time has passed since the last end-user authentication. Current time (" + (time4 / j2) + ") is after last auth at (" + Long.valueOf(time3.getTime() / j2) + ')', null);
                                            }
                                        }
                                        callback3.onSuccess(null);
                                        return;
                                    }
                                    Intrinsics.f(tokenAlgorithm, "tokenAlgorithm");
                                    if (list.size() == 1) {
                                        str4 = "Signature algorithm of \"" + tokenAlgorithm + "\" is not supported. Expected the ID token to be signed with " + ((String) list.get(0)) + '.';
                                    } else {
                                        str4 = "Signature algorithm of \"" + tokenAlgorithm + "\" is not supported. Expected the ID token to be signed with any of " + list + '.';
                                    }
                                    throw new TokenValidationException(str4, null);
                                } catch (TokenValidationException e) {
                                    callback3.a(e);
                                }
                            }
                        };
                        AuthenticationAPIClient authenticationAPIClient = oAuthManager.e;
                        authenticationAPIClient.getClass();
                        HttpUrl build = HttpUrl.Companion.get(String.valueOf(authenticationAPIClient.f8188a.f8186b)).newBuilder().addPathSegment(".well-known").addPathSegment("jwks.json").build();
                        Gson gson = authenticationAPIClient.f8190c;
                        Intrinsics.f(gson, "gson");
                        TypeToken<?> parameterized = TypeToken.getParameterized(Map.class, String.class, PublicKey.class);
                        Intrinsics.d(parameterized, "null cannot be cast to non-null type com.google.gson.reflect.TypeToken<kotlin.collections.Map<kotlin.String, T of com.auth0.android.request.internal.GsonAdapter.Companion.forMapOf>>");
                        GsonAdapter gsonAdapter = new GsonAdapter(gson, parameterized);
                        String url = build.toString();
                        RequestFactory requestFactory = authenticationAPIClient.f8189b;
                        requestFactory.getClass();
                        Intrinsics.f(url, "url");
                        BaseRequest a3 = requestFactory.a(HttpMethod.GET.f8247a, url, gsonAdapter, requestFactory.f8271b);
                        a3.e.b(new androidx.constraintlayout.motion.widget.a(8, a3, new AuthenticationCallback<Map<String, PublicKey>>() { // from class: com.auth0.android.provider.SignatureVerifier.1

                            /* renamed from: a */
                            public final /* synthetic */ String f8230a;

                            /* renamed from: b */
                            public final /* synthetic */ Callback f8231b;

                            public AnonymousClass1(String str4, OAuthManager$assertValidIdToken$signatureVerifierCallback$1 r02) {
                                r1 = str4;
                                r2 = r02;
                            }

                            @Override // com.auth0.android.callback.Callback
                            public final void a(Auth0Exception auth0Exception) {
                                r2.a(new PublicKeyNotFoundException(r1));
                            }

                            /* JADX WARN: Multi-variable type inference failed */
                            /* JADX WARN: Type inference failed for: r2v0, types: [com.auth0.android.provider.AsymmetricSignatureVerifier, com.auth0.android.provider.SignatureVerifier, java.lang.Object] */
                            @Override // com.auth0.android.callback.Callback
                            public final void onSuccess(Object obj3) {
                                Callback callback3 = r2;
                                String str4 = r1;
                                PublicKey publicKey = (PublicKey) ((Map) obj3).get(str4);
                                try {
                                    ?? signatureVerifier = new SignatureVerifier(Collections.singletonList("RS256"));
                                    try {
                                        Signature signature = Signature.getInstance("SHA256withRSA");
                                        signatureVerifier.f8204b = signature;
                                        signature.initVerify(publicKey);
                                    } catch (NoSuchAlgorithmException unused) {
                                    }
                                    callback3.onSuccess(signatureVerifier);
                                } catch (InvalidKeyException unused2) {
                                    callback3.a(new PublicKeyNotFoundException(str4));
                                }
                            }
                        }));
                    } catch (Exception e) {
                        r1.a(new RuntimeException("ID token could not be decoded", e));
                    }
                }
            };
            AuthenticationAPIClient authenticationAPIClient = pkce.f8226a;
            authenticationAPIClient.getClass();
            Intrinsics.f(authorizationCode, "authorizationCode");
            String codeVerifier = pkce.f8227b;
            Intrinsics.f(codeVerifier, "codeVerifier");
            String redirectUri = pkce.f8228c;
            Intrinsics.f(redirectUri, "redirectUri");
            ParameterBuilder parameterBuilder = new ParameterBuilder(new LinkedHashMap());
            Auth0 auth0 = authenticationAPIClient.f8188a;
            String clientId = auth0.f8185a;
            Intrinsics.f(clientId, "clientId");
            parameterBuilder.a("client_id", clientId);
            parameterBuilder.a("grant_type", "authorization_code");
            parameterBuilder.a("code", authorizationCode);
            parameterBuilder.a("redirect_uri", redirectUri);
            parameterBuilder.a("code_verifier", codeVerifier);
            Map o = MapsKt.o(parameterBuilder.f8192a);
            HttpUrl build = HttpUrl.Companion.get(String.valueOf(auth0.f8186b)).newBuilder().addPathSegment("oauth").addPathSegment("token").build();
            GsonAdapter gsonAdapter = new GsonAdapter(authenticationAPIClient.f8190c);
            String url = build.toString();
            RequestFactory requestFactory = authenticationAPIClient.f8189b;
            requestFactory.getClass();
            Intrinsics.f(url, "url");
            BaseRequest a3 = requestFactory.a(HttpMethod.POST.f8249a, url, gsonAdapter, requestFactory.f8271b);
            a3.b(o);
            for (Map.Entry entry : pkce.e.entrySet()) {
                a3.a((String) entry.getKey(), (String) entry.getValue());
            }
            a3.e.b(new androidx.constraintlayout.motion.widget.a(8, a3, callback2));
            return true;
        } catch (AuthenticationException e) {
            callback.a(e);
            return true;
        }
    }
}
