package com.couchbase.lite.auth;

import com.couchbase.lite.CouchbaseLiteException;
import com.couchbase.lite.Status;
import com.couchbase.lite.auth.LoginAuthorizer;
import com.couchbase.lite.replicator.RemoteRequestResponseException;
import com.couchbase.lite.util.Log;
import com.couchbase.lite.util.URIUtils;
import com.couchbase.lite.util.URLUtils;
import com.facebook.internal.ServerProtocol;
import java.io.UnsupportedEncodingException;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import oauth.signpost.OAuth;
import okhttp3.Headers;
import okhttp3.Request;

/* loaded from: classes.dex */
public class OpenIDConnectAuthorizer extends BaseAuthorizer implements CustomHeadersAuthorizer, SessionCookieAuthorizer {
    private static final String TAG = "Sync";
    protected String IDToken;
    protected URL authURL;
    protected boolean haveSessionCookie;
    protected OIDCLoginCallback loginCallback;
    protected String refreshToken;
    protected TokenStore tokenStore;
    private String username;

    public OpenIDConnectAuthorizer(OIDCLoginCallback oIDCLoginCallback, TokenStore tokenStore) {
        this.loginCallback = oIDCLoginCallback;
        this.tokenStore = tokenStore;
    }

    private void continueAsyncLoginWithURL(URL url, final LoginAuthorizer.ContinuationBlock continuationBlock) {
        Log.v("Sync", "OpenIDConnectAuthorizer: Calling app login callback block...");
        final URL remoteURL = getRemoteURL();
        URL extractRedirectURL = extractRedirectURL(url);
        if (this.loginCallback != null) {
            this.loginCallback.callback(url, extractRedirectURL, new OIDCLoginContinuation() { // from class: com.couchbase.lite.auth.OpenIDConnectAuthorizer.1
                @Override // com.couchbase.lite.auth.OIDCLoginContinuation
                public void callback(URL url2, Throwable th) {
                    if (url2 != null) {
                        Log.v("Sync", "OpenIDConnectAuthorizer: App login callback returned authURL <%s>", url2.toExternalForm());
                        if (remoteURL == null || url2.getHost().compareToIgnoreCase(remoteURL.getHost()) != 0 || url2.getPort() != remoteURL.getPort()) {
                            Log.w("Sync", "OpenIDConnectAuthorizer: App-provided authURL <%s> doesn't match server URL; ignoring it", url2.toExternalForm());
                            url2 = null;
                            th = new RemoteRequestResponseException(RemoteRequestResponseException.BAD_URL, null, null);
                        }
                    }
                    if (url2 != null) {
                        OpenIDConnectAuthorizer.this.authURL = url2;
                        continuationBlock.call(true, null);
                    } else {
                        if (th == null) {
                            th = new RemoteRequestResponseException(RemoteRequestResponseException.USER_DENIED_AUTH, null, null);
                        }
                        Log.w("Sync", "OpenIDConnectAuthorizer: App login callback returned error=" + th);
                        continuationBlock.call(false, th);
                    }
                }
            });
        }
    }

    private static URL extractRedirectURL(URL url) {
        URL url2;
        try {
            Map<String, List<String>> splitQuery = URLUtils.splitQuery(url);
            if (!splitQuery.containsKey(ServerProtocol.DIALOG_PARAM_REDIRECT_URI) || splitQuery.get(ServerProtocol.DIALOG_PARAM_REDIRECT_URI).size() <= 0) {
                url2 = null;
            } else {
                try {
                    url2 = new URL(splitQuery.get(ServerProtocol.DIALOG_PARAM_REDIRECT_URI).get(0));
                } catch (MalformedURLException e) {
                    Log.w("Sync", "Invalid URL: redirect_uri=<%s>", e, splitQuery.get(ServerProtocol.DIALOG_PARAM_REDIRECT_URI).get(0));
                    url2 = null;
                }
            }
            return url2;
        } catch (UnsupportedEncodingException e2) {
            Log.w("Sync", "Invalid URL: loginURL=<%s>", e2, url);
            return null;
        }
    }

    public static boolean forgetIDTokensForServer(URL url, TokenStore tokenStore) {
        OpenIDConnectAuthorizer openIDConnectAuthorizer = new OpenIDConnectAuthorizer(null, tokenStore);
        openIDConnectAuthorizer.setRemoteURL(url);
        return openIDConnectAuthorizer.deleteTokens();
    }

    private boolean parseTokens(Map<String, String> map) {
        if (map == null) {
            return false;
        }
        String str = map.get("id_token");
        if (str == null) {
            Log.v("Sync", "OpenIDConnectAuthorizer: the parsed token doesn't have the ID Token");
            return false;
        }
        this.IDToken = str;
        this.refreshToken = map.get("refresh_token");
        this.username = map.get("name");
        this.haveSessionCookie = map.containsKey("session_id");
        return true;
    }

    @Override // com.couchbase.lite.auth.CustomHeadersAuthorizer
    public boolean authorizeURLRequest(Request.Builder builder) {
        loadTokens();
        if (this.IDToken == null || this.haveSessionCookie) {
            return false;
        }
        builder.addHeader(OAuth.HTTP_AUTHORIZATION_HEADER, String.format(Locale.ENGLISH, "Bearer ", this.IDToken));
        return true;
    }

    boolean deleteTokens() {
        if (this.tokenStore == null) {
            return false;
        }
        return this.tokenStore.deleteTokens(getRemoteURL(), getLocalUUID());
    }

    public String getIDToken() {
        return this.IDToken;
    }

    public String getRefreshToken() {
        return this.refreshToken;
    }

    public TokenStore getTokenStore() {
        return this.tokenStore;
    }

    @Override // com.couchbase.lite.auth.BaseAuthorizer, com.couchbase.lite.auth.Authorizer
    public String getUsername() {
        return this.username;
    }

    @Override // com.couchbase.lite.auth.LoginAuthorizer
    public boolean implementedLoginResponse() {
        return true;
    }

    boolean loadTokens() {
        if (this.tokenStore == null) {
            return false;
        }
        try {
            return parseTokens(this.tokenStore.loadTokens(getRemoteURL(), getLocalUUID()));
        } catch (Exception e) {
            Log.w("Sync", "Error in loadTokens()", e);
            return false;
        }
    }

    @Override // com.couchbase.lite.auth.LoginAuthorizer
    public List<Object> loginRequest() {
        loadTokens();
        this.IDToken = null;
        this.haveSessionCookie = false;
        return Arrays.asList("GET", this.refreshToken != null ? String.format(Locale.ENGLISH, "_oidc_refresh?refresh_token=%s", URIUtils.encode(this.refreshToken)) : this.authURL != null ? String.format(Locale.ENGLISH, "_oidc_callback?%s", this.authURL.getQuery()) : "_oidc_challenge?offline=true");
    }

    @Override // com.couchbase.lite.auth.LoginAuthorizer
    public void loginResponse(Object obj, Headers headers, Throwable th, LoginAuthorizer.ContinuationBlock continuationBlock) {
        if (th != null && (!(th instanceof RemoteRequestResponseException) || ((RemoteRequestResponseException) th).getCode() != 401)) {
            continuationBlock.call(false, th);
            return;
        }
        if (this.refreshToken == null && this.authURL == null) {
            String str = null;
            RemoteRequestResponseException remoteRequestResponseException = (RemoteRequestResponseException) th;
            Map map = remoteRequestResponseException.getUserInfo() != null ? (Map) remoteRequestResponseException.getUserInfo().get("AuthChallenge") : null;
            if (map != null && "OIDC".equals(map.get("Scheme"))) {
                str = (String) map.get("login");
            }
            if (str != null) {
                Log.v("Sync", "OpenIDConnectAuthorizer: Got OpenID Connect login URL: <%s>", str);
                try {
                    try {
                        continueAsyncLoginWithURL(new URL(str), continuationBlock);
                        return;
                    } catch (MalformedURLException e) {
                        e = e;
                        Log.e("Sync", "Unknown Error", e);
                        th = new CouchbaseLiteException(-1);
                        continuationBlock.call(false, th);
                    }
                } catch (MalformedURLException e2) {
                    e = e2;
                }
            } else {
                th = new CouchbaseLiteException("Server didn't provide an OpenID login URL", Status.UPSTREAM_ERROR);
            }
        } else if (th != null) {
            this.authURL = null;
            if (this.refreshToken != null) {
                this.refreshToken = null;
                this.username = null;
                deleteTokens();
                continuationBlock.call(true, null);
            }
        } else {
            Map<String, String> map2 = (Map) obj;
            if (this.refreshToken != null && map2.get("refresh_token") == null) {
                HashMap hashMap = new HashMap(map2);
                hashMap.put("refresh_token", this.refreshToken);
                map2 = hashMap;
            }
            if (parseTokens(map2)) {
                Log.v("Sync", "%s: Logged in as %s !", getClass().getName(), this.username);
                saveTokens(map2);
            } else {
                th = new CouchbaseLiteException("Server didn't return a refreshed ID token", Status.UPSTREAM_ERROR);
            }
        }
        continuationBlock.call(false, th);
    }

    @Override // com.couchbase.lite.auth.BaseAuthorizer, com.couchbase.lite.auth.Authorizer
    public boolean removeStoredCredentials() {
        if (!deleteTokens()) {
            return false;
        }
        this.IDToken = null;
        this.refreshToken = null;
        this.haveSessionCookie = false;
        this.authURL = null;
        return true;
    }

    boolean saveTokens(Map<String, String> map) {
        if (this.tokenStore == null) {
            return false;
        }
        return this.tokenStore.saveTokens(getRemoteURL(), getLocalUUID(), map);
    }

    public void setIDToken(String str) {
        this.IDToken = str;
    }

    public void setRefreshToken(String str) {
        this.refreshToken = str;
    }

    public void setTokenStore(TokenStore tokenStore) {
        this.tokenStore = tokenStore;
    }

    public void setUsername(String str) {
        this.username = str;
    }

    public String toString() {
        return String.format(Locale.ENGLISH, "OpenIDConnectAuthorizer[%s]", getRemoteURL());
    }
}
