package com.microsoft.aad.adal;

import admost.sdk.base.b;
import admost.sdk.d;
import android.net.Uri;
import android.os.Build;
import android.util.Base64;
import com.appsflyer.internal.c;
import com.microsoft.identity.client.internal.MsalUtils;
import com.microsoft.identity.common.adal.internal.AuthenticationConstants;
import java.io.UnsupportedEncodingException;
import java.net.URL;
import java.net.URLEncoder;
import java.util.GregorianCalendar;
import java.util.HashMap;
import java.util.Iterator;
import java.util.UUID;
import org.json.JSONException;
import org.json.JSONObject;

/* JADX INFO: Access modifiers changed from: package-private */
/* compiled from: src */
/* loaded from: classes3.dex */
public class Oauth2 {
    private static final String DEFAULT_AUTHORIZE_ENDPOINT = "/oauth2/authorize";
    private static final String DEFAULT_TOKEN_ENDPOINT = "/oauth2/token";
    private static final String JSON_PARSING_ERROR = "It failed to parse response as json";
    private static final String TAG = "Oauth";
    private IJWSBuilder mJWSBuilder;
    private AuthenticationRequest mRequest;
    private IWebRequestHandler mWebRequestHandler;

    public Oauth2(AuthenticationRequest authenticationRequest) {
        this.mJWSBuilder = new JWSBuilder();
        this.mRequest = authenticationRequest;
        this.mWebRequestHandler = null;
        this.mJWSBuilder = null;
    }

    public Oauth2(AuthenticationRequest authenticationRequest, IWebRequestHandler iWebRequestHandler) {
        this.mJWSBuilder = new JWSBuilder();
        this.mRequest = authenticationRequest;
        this.mWebRequestHandler = iWebRequestHandler;
        this.mJWSBuilder = null;
    }

    public Oauth2(AuthenticationRequest authenticationRequest, IWebRequestHandler iWebRequestHandler, IJWSBuilder iJWSBuilder) {
        this.mJWSBuilder = new JWSBuilder();
        this.mRequest = authenticationRequest;
        this.mWebRequestHandler = iWebRequestHandler;
        this.mJWSBuilder = iJWSBuilder;
    }

    public static String decodeProtocolState(String str) {
        if (StringExtensions.IsNullOrBlank(str)) {
            return null;
        }
        return new String(Base64.decode(str, 9));
    }

    private static void extractJsonObjects(HashMap<String, String> hashMap, String str) throws JSONException {
        JSONObject jSONObject = new JSONObject(str);
        Iterator<String> keys = jSONObject.keys();
        while (keys.hasNext()) {
            String next = keys.next();
            hashMap.put(next, jSONObject.getString(next));
        }
    }

    private HashMap<String, String> getRequestHeaders() {
        return c.a("Accept", "application/json");
    }

    private static IdToken parseIdToken(String str) {
        try {
            int indexOf = str.indexOf(".");
            int i10 = indexOf + 1;
            int indexOf2 = str.indexOf(".", i10);
            if (str.indexOf(".", indexOf2 + 1) == -1 && indexOf > 0 && indexOf2 > 0) {
                String str2 = new String(Base64.decode(str.substring(i10, indexOf2), 8), "UTF-8");
                HashMap hashMap = new HashMap();
                extractJsonObjects(hashMap, str2);
                if (!hashMap.isEmpty()) {
                    IdToken idToken = new IdToken();
                    idToken.mSubject = (String) hashMap.get("sub");
                    idToken.mTenantId = (String) hashMap.get("tid");
                    idToken.mUpn = (String) hashMap.get("upn");
                    idToken.mEmail = (String) hashMap.get("email");
                    idToken.mGivenName = (String) hashMap.get("given_name");
                    idToken.mFamilyName = (String) hashMap.get("family_name");
                    idToken.mIdentityProvider = (String) hashMap.get("idp");
                    idToken.mObjectId = (String) hashMap.get("oid");
                    String str3 = (String) hashMap.get("pwd_exp");
                    if (!StringExtensions.IsNullOrBlank(str3)) {
                        idToken.mPasswordExpiration = Long.parseLong(str3);
                    }
                    idToken.mPasswordChangeUrl = (String) hashMap.get("pwd_url");
                    Logger.v(TAG, "IdToken is extracted from token response");
                    return idToken;
                }
            }
        } catch (Exception e10) {
            Logger.e(TAG, "Error in parsing user id token", null, ADALError.IDTOKEN_PARSING_FAILURE, e10);
        }
        return null;
    }

    private AuthenticationResult postMessage(String str, HashMap<String, String> hashMap) throws Exception {
        AuthenticationResult authenticationResult;
        String str2;
        URL url = StringExtensions.getUrl(getTokenEndpoint());
        if (url == null) {
            throw new AuthenticationException(ADALError.DEVELOPER_AUTHORITY_IS_NOT_VALID_URL);
        }
        try {
            try {
                this.mWebRequestHandler.setRequestCorrelationId(this.mRequest.getCorrelationId());
                ClientMetrics clientMetrics = ClientMetrics.INSTANCE;
                clientMetrics.beginClientMetricsRecord(url, this.mRequest.getCorrelationId(), hashMap);
                HttpWebResponse sendPost = this.mWebRequestHandler.sendPost(url, hashMap, str.getBytes("UTF_8"), "application/x-www-form-urlencoded");
                if (sendPost.getStatusCode() == 401) {
                    if (sendPost.getResponseHeaders() == null || !sendPost.getResponseHeaders().containsKey("WWW-Authenticate")) {
                        Logger.v(TAG, "401 http status code is returned without authorization header");
                    } else {
                        String str3 = sendPost.getResponseHeaders().get("WWW-Authenticate").get(0);
                        Logger.v(TAG, "Device certificate challange request:" + str3);
                        if (StringExtensions.IsNullOrBlank(str3)) {
                            throw new AuthenticationException(ADALError.DEVICE_CERTIFICATE_REQUEST_INVALID, "Challange header is empty");
                        }
                        if (StringExtensions.hasPrefixInHeader(str3, "PKeyAuth")) {
                            Logger.v(TAG, "Challange is related to device certificate");
                            ChallangeResponseBuilder challangeResponseBuilder = new ChallangeResponseBuilder(this.mJWSBuilder);
                            Logger.v(TAG, "Processing device challange");
                            hashMap.put("Authorization", challangeResponseBuilder.getChallangeResponseFromHeader(str3, url.toString()).mAuthorizationHeaderValue);
                            Logger.v(TAG, "Sending request with challenge response");
                            sendPost = this.mWebRequestHandler.sendPost(url, hashMap, str.getBytes("UTF_8"), "application/x-www-form-urlencoded");
                        }
                    }
                }
                if (sendPost.getBody() != null) {
                    Logger.v(TAG, "Token request does not have exception");
                    authenticationResult = processTokenResponse(sendPost);
                    clientMetrics.setLastError(null);
                } else {
                    authenticationResult = null;
                }
                if (authenticationResult == null) {
                    byte[] body = sendPost.getBody();
                    if (body != null) {
                        str2 = new String(body);
                    } else {
                        str2 = "Status code:" + String.valueOf(sendPost.getStatusCode());
                    }
                    Logger.v(TAG, "Server error message:" + str2);
                    if (sendPost.getResponseException() != null) {
                        throw sendPost.getResponseException();
                    }
                } else {
                    clientMetrics.setLastErrorCodes(authenticationResult.getErrorCodes());
                }
                clientMetrics.endClientMetricsRecord("token", this.mRequest.getCorrelationId());
                return authenticationResult;
            } catch (UnsupportedEncodingException e10) {
                ClientMetrics.INSTANCE.setLastError(null);
                Logger.e(TAG, e10.getMessage(), "", ADALError.ENCODING_IS_NOT_SUPPORTED, e10);
                throw e10;
            } catch (IllegalArgumentException e11) {
                ClientMetrics.INSTANCE.setLastError(null);
                Logger.e(TAG, e11.getMessage(), "", ADALError.ARGUMENT_EXCEPTION, e11);
                throw e11;
            } catch (Exception e12) {
                ClientMetrics.INSTANCE.setLastError(null);
                Logger.e(TAG, e12.getMessage(), "", ADALError.SERVER_ERROR, e12);
                throw e12;
            }
        } catch (Throwable th) {
            ClientMetrics.INSTANCE.endClientMetricsRecord("token", this.mRequest.getCorrelationId());
            throw th;
        }
    }

    /* JADX WARN: Removed duplicated region for block: B:22:0x00cb A[Catch: Exception -> 0x00e7, TryCatch #1 {Exception -> 0x00e7, blocks: (B:20:0x00bb, B:22:0x00cb, B:23:0x00d2), top: B:19:0x00bb }] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private com.microsoft.aad.adal.AuthenticationResult processTokenResponse(com.microsoft.aad.adal.HttpWebResponse r8) {
        /*
            r7 = this;
            com.microsoft.aad.adal.AuthenticationResult r0 = new com.microsoft.aad.adal.AuthenticationResult
            r0.<init>()
            java.util.HashMap r0 = new java.util.HashMap
            r0.<init>()
            java.util.Map r1 = r8.getResponseHeaders()
            r2 = 0
            if (r1 == 0) goto L37
            java.util.Map r1 = r8.getResponseHeaders()
            java.lang.String r3 = "client-request-id"
            boolean r1 = r1.containsKey(r3)
            if (r1 == 0) goto L37
            java.util.Map r1 = r8.getResponseHeaders()
            java.lang.Object r1 = r1.get(r3)
            java.util.List r1 = (java.util.List) r1
            if (r1 == 0) goto L37
            int r3 = r1.size()
            if (r3 <= 0) goto L37
            r3 = 0
            java.lang.Object r1 = r1.get(r3)
            java.lang.String r1 = (java.lang.String) r1
            goto L38
        L37:
            r1 = r2
        L38:
            byte[] r3 = r8.getBody()
            java.lang.String r4 = ""
            java.lang.String r5 = "Oauth"
            if (r3 == 0) goto L70
            byte[] r3 = r8.getBody()
            int r3 = r3.length
            if (r3 <= 0) goto L70
            java.lang.String r3 = new java.lang.String     // Catch: java.lang.Exception -> L5a
            byte[] r8 = r8.getBody()     // Catch: java.lang.Exception -> L5a
            r3.<init>(r8)     // Catch: java.lang.Exception -> L5a
            extractJsonObjects(r0, r3)     // Catch: java.lang.Exception -> L5a
            com.microsoft.aad.adal.AuthenticationResult r8 = processUIResponseParams(r0)     // Catch: java.lang.Exception -> L5a
            goto Lb3
        L5a:
            r8 = move-exception
            java.lang.String r0 = r8.getMessage()
            com.microsoft.aad.adal.ADALError r3 = com.microsoft.aad.adal.ADALError.SERVER_INVALID_JSON_RESPONSE
            com.microsoft.aad.adal.Logger.e(r5, r0, r4, r3, r8)
            com.microsoft.aad.adal.AuthenticationResult r0 = new com.microsoft.aad.adal.AuthenticationResult
            java.lang.String r8 = r8.getMessage()
            java.lang.String r3 = "It failed to parse response as json"
            r0.<init>(r3, r8, r2)
            goto Lb2
        L70:
            byte[] r0 = r8.getBody()
            if (r0 == 0) goto L7c
            java.lang.String r3 = new java.lang.String
            r3.<init>(r0)
            goto L91
        L7c:
            java.lang.String r0 = "Status code:"
            java.lang.StringBuilder r0 = admost.sdk.b.a(r0)
            int r3 = r8.getStatusCode()
            java.lang.String r3 = java.lang.String.valueOf(r3)
            r0.append(r3)
            java.lang.String r3 = r0.toString()
        L91:
            java.lang.StringBuilder r0 = new java.lang.StringBuilder
            r0.<init>()
            java.lang.String r6 = "Server error message:"
            r0.append(r6)
            r0.append(r3)
            java.lang.String r0 = r0.toString()
            com.microsoft.aad.adal.Logger.v(r5, r0)
            com.microsoft.aad.adal.AuthenticationResult r0 = new com.microsoft.aad.adal.AuthenticationResult
            int r8 = r8.getStatusCode()
            java.lang.String r8 = java.lang.String.valueOf(r8)
            r0.<init>(r8, r3, r2)
        Lb2:
            r8 = r0
        Lb3:
            if (r1 == 0) goto Lf3
            boolean r0 = r1.isEmpty()
            if (r0 != 0) goto Lf3
            java.util.UUID r0 = java.util.UUID.fromString(r1)     // Catch: java.lang.Exception -> Le7
            com.microsoft.aad.adal.AuthenticationRequest r2 = r7.mRequest     // Catch: java.lang.Exception -> Le7
            java.util.UUID r2 = r2.getCorrelationId()     // Catch: java.lang.Exception -> Le7
            boolean r0 = r0.equals(r2)     // Catch: java.lang.Exception -> Le7
            if (r0 != 0) goto Ld2
            java.lang.String r0 = "CorrelationId is not matching"
            com.microsoft.aad.adal.ADALError r2 = com.microsoft.aad.adal.ADALError.CORRELATION_ID_NOT_MATCHING_REQUEST_RESPONSE     // Catch: java.lang.Exception -> Le7
            com.microsoft.aad.adal.Logger.w(r5, r0, r4, r2)     // Catch: java.lang.Exception -> Le7
        Ld2:
            java.lang.StringBuilder r0 = new java.lang.StringBuilder     // Catch: java.lang.Exception -> Le7
            r0.<init>()     // Catch: java.lang.Exception -> Le7
            java.lang.String r2 = "Response correlationId:"
            r0.append(r2)     // Catch: java.lang.Exception -> Le7
            r0.append(r1)     // Catch: java.lang.Exception -> Le7
            java.lang.String r0 = r0.toString()     // Catch: java.lang.Exception -> Le7
            com.microsoft.aad.adal.Logger.v(r5, r0)     // Catch: java.lang.Exception -> Le7
            goto Lf3
        Le7:
            r0 = move-exception
            java.lang.String r2 = "Wrong format of the correlation ID:"
            java.lang.String r1 = admost.sdk.base.b.a(r2, r1)
            com.microsoft.aad.adal.ADALError r2 = com.microsoft.aad.adal.ADALError.CORRELATION_ID_FORMAT
            com.microsoft.aad.adal.Logger.e(r5, r1, r4, r2, r0)
        Lf3:
            return r8
        */
        throw new UnsupportedOperationException("Method not decompiled: com.microsoft.aad.adal.Oauth2.processTokenResponse(com.microsoft.aad.adal.HttpWebResponse):com.microsoft.aad.adal.AuthenticationResult");
    }

    public static AuthenticationResult processUIResponseParams(HashMap<String, String> hashMap) {
        UserInfo userInfo;
        String str;
        String str2;
        UserInfo userInfo2;
        String str3 = null;
        if (hashMap.containsKey("error")) {
            String str4 = hashMap.get("correlation_id");
            if (!StringExtensions.IsNullOrBlank(str4)) {
                try {
                    Logger.setCorrelationId(UUID.fromString(str4));
                } catch (IllegalArgumentException unused) {
                    Logger.e(TAG, b.a("CorrelationId is malformed: ", str4), "", ADALError.CORRELATION_ID_FORMAT);
                }
            }
            StringBuilder a10 = admost.sdk.b.a("OAuth2 error:");
            a10.append(hashMap.get("error"));
            a10.append(" Description:");
            a10.append(hashMap.get("error_description"));
            Logger.v(TAG, a10.toString());
            return new AuthenticationResult(hashMap.get("error"), hashMap.get("error_description"), hashMap.get("error_codes"));
        }
        if (hashMap.containsKey("code")) {
            return new AuthenticationResult(hashMap.get("code"));
        }
        if (!hashMap.containsKey("access_token")) {
            return null;
        }
        String str5 = hashMap.get("expires_in");
        GregorianCalendar gregorianCalendar = new GregorianCalendar();
        gregorianCalendar.add(13, (str5 == null || str5.isEmpty()) ? 3600 : Integer.parseInt(str5));
        boolean containsKey = hashMap.containsKey("resource");
        if (hashMap.containsKey("id_token")) {
            String str6 = hashMap.get("id_token");
            if (StringExtensions.IsNullOrBlank(str6)) {
                Logger.v(TAG, "IdToken is not provided");
                str2 = str6;
                userInfo = null;
                str = null;
            } else {
                IdToken parseIdToken = parseIdToken(str6);
                if (parseIdToken != null) {
                    str3 = parseIdToken.mTenantId;
                    userInfo2 = new UserInfo(parseIdToken);
                } else {
                    userInfo2 = null;
                }
                str2 = str6;
                str = str3;
                userInfo = userInfo2;
            }
        } else {
            userInfo = null;
            str = null;
            str2 = null;
        }
        return new AuthenticationResult(hashMap.get("access_token"), hashMap.get("refresh_token"), gregorianCalendar.getTime(), containsKey, userInfo, str, str2);
    }

    public String buildRefreshTokenRequestMessage(String str) throws UnsupportedEncodingException {
        String format = String.format("%s=%s&%s=%s&%s=%s", "grant_type", StringExtensions.URLFormEncode("refresh_token"), "refresh_token", StringExtensions.URLFormEncode(str), "client_id", StringExtensions.URLFormEncode(this.mRequest.getClientId()));
        return !StringExtensions.IsNullOrBlank(this.mRequest.getResource()) ? String.format("%s&%s=%s", format, "resource", StringExtensions.URLFormEncode(this.mRequest.getResource())) : format;
    }

    public String buildTokenRequestMessage(String str) throws UnsupportedEncodingException {
        return String.format("%s=%s&%s=%s&%s=%s&%s=%s", "grant_type", StringExtensions.URLFormEncode("authorization_code"), "code", StringExtensions.URLFormEncode(str), "client_id", StringExtensions.URLFormEncode(this.mRequest.getClientId()), "redirect_uri", StringExtensions.URLFormEncode(this.mRequest.getRedirectUri()));
    }

    public String encodeProtocolState() {
        return Base64.encodeToString(String.format("a=%s&r=%s", this.mRequest.getAuthority(), this.mRequest.getResource()).getBytes(), 9);
    }

    public String getAuthorizationEndpoint() {
        return d.a(new StringBuilder(), this.mRequest.getAuthority(), DEFAULT_AUTHORIZE_ENDPOINT);
    }

    public String getAuthorizationEndpointQueryParameters() throws UnsupportedEncodingException {
        String format = String.format("response_type=%s&client_id=%s&resource=%s&redirect_uri=%s&state=%s", "code", URLEncoder.encode(this.mRequest.getClientId(), "UTF_8"), URLEncoder.encode(this.mRequest.getResource(), "UTF_8"), URLEncoder.encode(this.mRequest.getRedirectUri(), "UTF_8"), encodeProtocolState());
        if (this.mRequest.getLoginHint() != null && !this.mRequest.getLoginHint().isEmpty()) {
            format = String.format("%s&%s=%s", format, "login_hint", URLEncoder.encode(this.mRequest.getLoginHint(), "UTF_8"));
        }
        String format2 = String.format("%s&%s=%s", String.format("%s&%s=%s", format, "x-client-SKU", AuthenticationConstants.AAD.ADAL_ID_PLATFORM_VALUE), "x-client-Ver", URLEncoder.encode(AuthenticationContext.getVersionName(), "UTF_8"));
        StringBuilder a10 = admost.sdk.b.a("");
        a10.append(Build.VERSION.SDK_INT);
        Object[] objArr = {format2, "x-client-OS", URLEncoder.encode(a10.toString(), "UTF_8")};
        StringBuilder a11 = admost.sdk.b.a("");
        a11.append(Build.MODEL);
        String format3 = String.format("%s&%s=%s", String.format("%s&%s=%s", objArr), "x-client-DM", URLEncoder.encode(a11.toString(), "UTF_8"));
        if (this.mRequest.getCorrelationId() != null) {
            format3 = String.format("%s&%s=%s", format3, "client-request-id", URLEncoder.encode(this.mRequest.getCorrelationId().toString(), "UTF_8"));
        }
        if (this.mRequest.getPrompt() == PromptBehavior.Always) {
            format3 = String.format("%s&%s=%s", format3, "prompt", URLEncoder.encode("login", "UTF_8"));
        } else if (this.mRequest.getPrompt() == PromptBehavior.REFRESH_SESSION) {
            format3 = String.format("%s&%s=%s", format3, "prompt", URLEncoder.encode("refresh_session", "UTF_8"));
        }
        if (StringExtensions.IsNullOrBlank(this.mRequest.getExtraQueryParamsAuthentication())) {
            return format3;
        }
        String extraQueryParamsAuthentication = this.mRequest.getExtraQueryParamsAuthentication();
        if (!extraQueryParamsAuthentication.startsWith(MsalUtils.QUERY_STRING_DELIMITER)) {
            extraQueryParamsAuthentication = b.a(MsalUtils.QUERY_STRING_DELIMITER, extraQueryParamsAuthentication);
        }
        return b.a(format3, extraQueryParamsAuthentication);
    }

    public String getCodeRequestUrl() throws UnsupportedEncodingException {
        return String.format("%s?%s", getAuthorizationEndpoint(), getAuthorizationEndpointQueryParameters());
    }

    public AuthenticationResult getToken(String str) throws Exception {
        if (StringExtensions.IsNullOrBlank(str)) {
            throw new IllegalArgumentException("authorizationUrl");
        }
        HashMap<String, String> urlParameters = StringExtensions.getUrlParameters(str);
        String decodeProtocolState = decodeProtocolState(urlParameters.get("state"));
        if (StringExtensions.IsNullOrBlank(decodeProtocolState)) {
            throw new AuthenticationException(ADALError.AUTH_FAILED_NO_STATE);
        }
        Uri parse = Uri.parse("http://state/path?" + decodeProtocolState);
        String queryParameter = parse.getQueryParameter("a");
        String queryParameter2 = parse.getQueryParameter("r");
        if (StringExtensions.IsNullOrBlank(queryParameter) || StringExtensions.IsNullOrBlank(queryParameter2) || !queryParameter2.equalsIgnoreCase(this.mRequest.getResource())) {
            throw new AuthenticationException(ADALError.AUTH_FAILED_BAD_STATE);
        }
        AuthenticationResult processUIResponseParams = processUIResponseParams(urlParameters);
        return (processUIResponseParams == null || processUIResponseParams.getCode() == null || processUIResponseParams.getCode().isEmpty()) ? processUIResponseParams : getTokenForCode(processUIResponseParams.getCode());
    }

    public String getTokenEndpoint() {
        return d.a(new StringBuilder(), this.mRequest.getAuthority(), DEFAULT_TOKEN_ENDPOINT);
    }

    public AuthenticationResult getTokenForCode(String str) throws Exception {
        if (this.mWebRequestHandler == null) {
            throw new IllegalArgumentException("webRequestHandler");
        }
        try {
            return postMessage(buildTokenRequestMessage(str), getRequestHeaders());
        } catch (UnsupportedEncodingException e10) {
            Logger.e(TAG, e10.getMessage(), "", ADALError.ENCODING_IS_NOT_SUPPORTED, e10);
            return null;
        }
    }

    public AuthenticationResult refreshToken(String str) throws Exception {
        if (this.mWebRequestHandler == null) {
            Logger.v(TAG, "Web request is not set correctly");
            throw new IllegalArgumentException("webRequestHandler");
        }
        try {
            String buildRefreshTokenRequestMessage = buildRefreshTokenRequestMessage(str);
            HashMap<String, String> requestHeaders = getRequestHeaders();
            requestHeaders.put("x-ms-PKeyAuth", "1.0");
            return postMessage(buildRefreshTokenRequestMessage, requestHeaders);
        } catch (UnsupportedEncodingException e10) {
            Logger.e(TAG, e10.getMessage(), "", ADALError.ENCODING_IS_NOT_SUPPORTED, e10);
            return null;
        }
    }
}
