package com.appian.android.service;

import android.content.Context;
import android.graphics.Bitmap;
import android.graphics.BitmapFactory;
import android.net.Uri;
import com.appian.android.AppianConfigurations;
import com.appian.android.AppianPreferences;
import com.appian.android.DeviceAttributes;
import com.appian.android.Throwables2;
import com.appian.android.Utils;
import com.appian.android.model.Account;
import com.appian.android.model.AppianSiteResourceAccessException;
import com.appian.android.model.DiscoverableSiteInfo;
import com.appian.android.model.Feed;
import com.appian.android.model.VerificationResult;
import com.appian.android.service.http.AppianRequestFactory;
import com.appian.android.service.http.BasicCookieJar;
import com.appian.android.service.http.HttpUtils;
import com.appian.android.service.http.InAppBrowserAuthResponseException;
import com.appian.android.service.http.MaintenanceWindowException;
import com.appian.android.service.okhttp.AppianOkHttpClientFactory;
import com.appian.android.ui.ApplicationConstants;
import com.appian.android.utils.LocaleProvider;
import com.facebook.common.internal.Throwables;
import java.net.SocketTimeoutException;
import java.net.URI;
import java.net.UnknownHostException;
import java.security.cert.CertPathValidatorException;
import java.util.Iterator;
import java.util.List;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.inject.Inject;
import javax.net.ssl.SSLException;
import org.springframework.http.HttpMethod;
import org.springframework.http.client.ClientHttpRequest;
import org.springframework.http.client.ClientHttpRequestFactory;
import org.springframework.web.client.ResourceAccessException;
import timber.log.Timber;

/* loaded from: classes3.dex */
public class AppianAccountValidationService implements AccountValidationService {
    private static final String HEADER_SIGN_OUT_PUSH_TOKEN = "X-App-Token";
    private static final Pattern SITES_PATTERN = Pattern.compile("(.*)/sites/([^/]+)/?");
    private static final String SUITE_URL_SUFFIX = "suite";
    private AccountsProvider accounts;
    private AnalyticsService analyticsService;
    private AppianConfigurations appConfig;
    private Context context;
    private DeviceAttributes deviceAttributes;
    private FeedService feedService;
    private FirebaseRegistrationService firebaseRegistrationService;
    private LocaleProvider localeProvider;
    private AppianOkHttpClientFactory okHttpClientFactory;
    private AppianPreferences preferences;
    private SessionManager session;
    private SitesService sitesService;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: com.appian.android.service.AppianAccountValidationService$1, reason: invalid class name */
    /* loaded from: classes3.dex */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$com$appian$android$model$VerificationResult$Outcome;

        static {
            int[] iArr = new int[VerificationResult.Outcome.values().length];
            $SwitchMap$com$appian$android$model$VerificationResult$Outcome = iArr;
            try {
                iArr[VerificationResult.Outcome.Valid.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                $SwitchMap$com$appian$android$model$VerificationResult$Outcome[VerificationResult.Outcome.InAppBrowserAuthChallenge.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            try {
                $SwitchMap$com$appian$android$model$VerificationResult$Outcome[VerificationResult.Outcome.MaintenanceWindowActive.ordinal()] = 3;
            } catch (NoSuchFieldError unused3) {
            }
            try {
                $SwitchMap$com$appian$android$model$VerificationResult$Outcome[VerificationResult.Outcome.InvalidSite.ordinal()] = 4;
            } catch (NoSuchFieldError unused4) {
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Inject
    public AppianAccountValidationService(SessionManager sessionManager, AccountsProvider accountsProvider, AppianPreferences appianPreferences, DeviceAttributes deviceAttributes, Context context, FeedService feedService, SitesService sitesService, FirebaseRegistrationService firebaseRegistrationService, AppianOkHttpClientFactory appianOkHttpClientFactory, AppianConfigurations appianConfigurations, AnalyticsService analyticsService, LocaleProvider localeProvider) {
        this.session = sessionManager;
        this.preferences = appianPreferences;
        this.accounts = accountsProvider;
        this.deviceAttributes = deviceAttributes;
        this.context = context;
        this.feedService = feedService;
        this.sitesService = sitesService;
        this.firebaseRegistrationService = firebaseRegistrationService;
        this.okHttpClientFactory = appianOkHttpClientFactory;
        this.appConfig = appianConfigurations;
        this.analyticsService = analyticsService;
        this.localeProvider = localeProvider;
    }

    private static Uri cleanAccountUrl(Account account) {
        return Uri.parse(account.getServer().buildUpon().query("").build().toString().replaceAll("/$", ""));
    }

    private void clearAccountCookieStore(Account account) {
        account.setCookieJar(new BasicCookieJar());
        this.accounts.updateAccount(account);
    }

    private Bitmap getAvatarUsingAccount(Uri uri, Account account) {
        try {
            ClientHttpRequest createRequest = getValidationRequestFactory(account.getCookieJar()).createRequest(Utils.androidUriToJavaUri(uri), HttpMethod.GET);
            createRequest.getHeaders().add("Accept", FileService.ACCEPT_IMAGE);
            return BitmapFactory.decodeStream(createRequest.execute().getBody());
        } catch (Exception unused) {
            Timber.e("Could not download user avatar", new Object[0]);
            Timber.d("User: %s URL: %s", account.getIdentity(), uri.toString());
            return null;
        }
    }

    private static Uri getServerFromUriString(String str) {
        int indexOf = str.indexOf("?");
        return indexOf != -1 ? Uri.parse(str.substring(0, indexOf)) : Uri.parse(str);
    }

    private ClientHttpRequestFactory getValidationRequestFactory(BasicCookieJar basicCookieJar) {
        return AppianRequestFactory.getCustomFactory(basicCookieJar, this.preferences, this.deviceAttributes, this.context, this.okHttpClientFactory, this.localeProvider, this.session);
    }

    private VerificationResult getVerificationResultForServerInformation(Account account) {
        VerificationResult resolveServer = resolveServer(account);
        if (resolveServer.getOutcome() != VerificationResult.Outcome.Invalid && resolveServer.getOutcome() != VerificationResult.Outcome.UntrustedServerCA && resolveServer.getOutcome() != VerificationResult.Outcome.InvalidCertificate) {
            account.setRequiresServerValidation(false);
        }
        return resolveServer;
    }

    private VerificationResult getVerificationResultForUserInformation(Account account) {
        initializeCookiesForAccount(account);
        boolean z = account.getId() != null;
        if (z) {
            String path = account.getServer().getPath();
            if (path.endsWith(HttpUtils.removeLeadingSlash(FeedService.TEMPO_DEFAULT_FEED_URL_PATH)) || path.endsWith(HttpUtils.removeLeadingSlash(FeedService.BOOTSTRAP_FEED_PATH))) {
                VerificationResult resolveServer = resolveServer(account);
                int i = AnonymousClass1.$SwitchMap$com$appian$android$model$VerificationResult$Outcome[resolveServer.getOutcome().ordinal()];
                if (i != 1 && i != 2 && i != 3) {
                    return resolveServer;
                }
                account.setServer(resolveServer.getServerUri());
            }
            if (!account.isRememberMeEnabled()) {
                signOutFromAccount(account);
                clearAccountCookieStore(account);
            }
        }
        VerificationResult validateBootstrapUri = validateBootstrapUri(account.getServer(), account.getCookieJar());
        Timber.d("User auth result: %s", validateBootstrapUri.getOutcome());
        updateTemporaryAccountCookieStore(account, z);
        return validateBootstrapUri;
    }

    private static Account initializeAccountWithBaseAndSiteUrl(Account account) {
        String queryParameter = account.getServer().getQueryParameter(ApplicationConstants.WebAuth.SIGNIN_PARAMETER_KEY);
        if (!Utils.isStringBlank(queryParameter)) {
            account.setSignInToken(queryParameter);
        }
        Matcher matcher = SITES_PATTERN.matcher(getServerFromUriString(account.getServer().toString()).toString());
        if (matcher.find()) {
            String group = matcher.group(1);
            String group2 = matcher.group(2);
            account.setServer(Uri.parse(group));
            account.setSiteUrlStub(group2);
        } else {
            account.setServer(cleanAccountUrl(account));
        }
        account.setCurrentDiscoverableSiteStub(null);
        return account;
    }

    private void initializeCookiesForAccount(Account account) {
        account.setCookieJar(new BasicCookieJar());
    }

    private boolean isSSLHandshakeError(Throwable th) {
        return Throwables2.isSSLHandshakeException(th);
    }

    private boolean isServerUnavailable(Throwable th) {
        if (!(th instanceof ResourceAccessException)) {
            return false;
        }
        Throwable cause = th.getCause();
        return (cause instanceof UnknownHostException) || (cause instanceof SocketTimeoutException) || (cause instanceof SSLException);
    }

    private boolean isStopCondition(VerificationResult verificationResult) {
        int i = AnonymousClass1.$SwitchMap$com$appian$android$model$VerificationResult$Outcome[verificationResult.getOutcome().ordinal()];
        if (i == 1 || i == 2 || i == 3 || i == 4) {
            return true;
        }
        return isServerUnavailable(verificationResult.getException());
    }

    private Boolean isValidServer(VerificationResult.Outcome outcome) {
        return Boolean.valueOf((outcome == VerificationResult.Outcome.Invalid || outcome == VerificationResult.Outcome.InvalidSite || outcome == VerificationResult.Outcome.InvalidCertificate) ? false : true);
    }

    private VerificationResult resolveBootstrapUri(Uri uri, BasicCookieJar basicCookieJar) {
        Timber.i("Trying to find Appian server", new Object[0]);
        Timber.d("Server path: %s", uri);
        VerificationResult validateBootstrapUri = validateBootstrapUri(uri, basicCookieJar);
        Throwable exception = validateBootstrapUri.getException();
        VerificationResult.Outcome outcome = validateBootstrapUri.getOutcome();
        if (isValidServer(outcome).booleanValue()) {
            this.analyticsService.setServerUrl(uri.getHost());
        }
        if (outcome == VerificationResult.Outcome.InAppBrowserAuthChallenge) {
            Timber.i(exception, "Result: IAB auth challenge", new Object[0]);
        } else if (outcome == VerificationResult.Outcome.MaintenanceWindowActive) {
            Timber.i(exception, "Result: Maint Window Active", new Object[0]);
        } else if (outcome == VerificationResult.Outcome.UntrustedServerCA) {
            Timber.i(exception, "Result: Server CA untrusted", new Object[0]);
        } else if (outcome == VerificationResult.Outcome.InvalidCertificate) {
            Timber.i(exception, "Result: Invalid or missing certificate", new Object[0]);
        } else {
            Timber.i(exception, "Could not find valid Appian server", new Object[0]);
        }
        return validateBootstrapUri;
    }

    private VerificationResult resolveServer(Account account) {
        Uri cleanAccountUrl = cleanAccountUrl(account);
        BasicCookieJar cookieJar = account.getCookieJar();
        Uri appendSigninToken = account.appendSigninToken(cleanAccountUrl);
        String removeLeadingSlash = HttpUtils.removeLeadingSlash(FeedService.TEMPO_DEFAULT_FEED_URL_PATH);
        String removeLeadingSlash2 = HttpUtils.removeLeadingSlash(FeedService.BOOTSTRAP_FEED_PATH);
        String path = appendSigninToken.getPath();
        if (path.endsWith(removeLeadingSlash) || path.endsWith(removeLeadingSlash2)) {
            appendSigninToken = HttpUtils.removeTrailingSlash(HttpUtils.getAppianServerWithContext(appendSigninToken));
        }
        Uri uriWithContext = getUriWithContext(appendSigninToken);
        VerificationResult resolveBootstrapUri = resolveBootstrapUri(uriWithContext, cookieJar);
        return (isStopCondition(resolveBootstrapUri) || !Utils.isStringBlank(uriWithContext.getPath())) ? resolveBootstrapUri : resolveBootstrapUri(appendSigninToken, cookieJar);
    }

    private void updateTemporaryAccountCookieStore(Account account, boolean z) {
        if (z) {
            this.accounts.updateAccount(account);
        }
    }

    private VerificationResult validateBootstrapUri(Uri uri, BasicCookieJar basicCookieJar) {
        Uri removeQueryParamFromUri = HttpUtils.removeQueryParamFromUri(uri.toString(), ApplicationConstants.WebAuth.SIGNIN_PARAMETER_KEY);
        try {
            Feed fetchBootstrapFeed = this.feedService.fetchBootstrapFeed(uri, getValidationRequestFactory(basicCookieJar));
            if (fetchBootstrapFeed == null) {
                return VerificationResult.invalid(new NullPointerException("Bootstrap Feed was null."));
            }
            if (!this.session.isInitialized()) {
                this.session.initializeSession(fetchBootstrapFeed);
            }
            return VerificationResult.valid(removeQueryParamFromUri, fetchBootstrapFeed.getUserIdentity(), fetchBootstrapFeed.getAvatarLink(), fetchBootstrapFeed.getDefaultFilter());
        } catch (Exception e) {
            if (e instanceof MaintenanceWindowException) {
                return VerificationResult.maintWindowChallenge((MaintenanceWindowException) e, removeQueryParamFromUri);
            }
            if (e instanceof InAppBrowserAuthResponseException) {
                return VerificationResult.inAppBrowserAuthChallenge(removeQueryParamFromUri, e);
            }
            if (!isSSLHandshakeError(e)) {
                return this.appConfig.getIsCertificateBasedAuthEnabled() ? VerificationResult.invalidCertificate(e) : VerificationResult.invalid(e);
            }
            Timber.e(e, "SSLHandshakeError, root cause is: " + ((CertPathValidatorException) Throwables.getRootCause(e)).getCertPath().toString(), new Object[0]);
            return VerificationResult.serverCANotTrusted(e);
        }
    }

    public Uri getUriWithContext(Uri uri) {
        return Utils.isStringBlank(uri.getPath()) ? uri.buildUpon().appendPath(SUITE_URL_SUFFIX).build() : uri;
    }

    @Override // com.appian.android.service.AccountValidationService
    public void signOutFromAccount(Account account) {
        try {
            ClientHttpRequest createRequest = getValidationRequestFactory(account.getCookieJar()).createRequest(new URI(account.getServerRelativeUri(ApplicationConstants.WebAuth.LOG_OUT_URL_SUFFIX).toString()), HttpMethod.POST);
            createRequest.getHeaders().add(HEADER_SIGN_OUT_PUSH_TOKEN, this.firebaseRegistrationService.getLatestFirebaseToken());
            createRequest.execute();
        } catch (Exception e) {
            Timber.d("Server: %s", account.getServerDisplay());
            Timber.e(e, "Could not log out", new Object[0]);
        }
    }

    @Override // com.appian.android.service.AccountValidationService
    public VerificationResult verifyConnectionSettings(Account account) {
        Account initializeAccountWithBaseAndSiteUrl = initializeAccountWithBaseAndSiteUrl(account);
        VerificationResult verificationResultForServerInformation = initializeAccountWithBaseAndSiteUrl.isRequiresServerValidation() ? getVerificationResultForServerInformation(initializeAccountWithBaseAndSiteUrl) : getVerificationResultForUserInformation(initializeAccountWithBaseAndSiteUrl);
        if (verificationResultForServerInformation.getOutcome() == VerificationResult.Outcome.Valid) {
            if (initializeAccountWithBaseAndSiteUrl.isSites() && !verifySite(initializeAccountWithBaseAndSiteUrl)) {
                return VerificationResult.invalidSite(new AppianSiteResourceAccessException(initializeAccountWithBaseAndSiteUrl.appendSigninToken(initializeAccountWithBaseAndSiteUrl.getServer()).toString()));
            }
            if (verificationResultForServerInformation.getAvatarLink() != null) {
                verificationResultForServerInformation.setAvatar(getAvatarUsingAccount(verificationResultForServerInformation.getAvatarLink().getHref(), initializeAccountWithBaseAndSiteUrl));
            }
            verificationResultForServerInformation.setSupportsCookies(true);
            if (Utils.isStringBlank(verificationResultForServerInformation.getIdentity()) && initializeAccountWithBaseAndSiteUrl.getHttpAuth() != null) {
                verificationResultForServerInformation.setIdentity(initializeAccountWithBaseAndSiteUrl.getHttpAuth().getUsername());
            }
        }
        return verificationResultForServerInformation;
    }

    @Override // com.appian.android.service.AccountValidationService
    public boolean verifySite(Account account) {
        try {
            List<DiscoverableSiteInfo> fetchAvailableSitesForAccount = this.sitesService.fetchAvailableSitesForAccount(account, this.context);
            if (fetchAvailableSitesForAccount == null) {
                return false;
            }
            Iterator<DiscoverableSiteInfo> it = fetchAvailableSitesForAccount.iterator();
            while (it.hasNext()) {
                String urlStub = it.next().getUrlStub();
                if (urlStub != null && urlStub.equalsIgnoreCase(account.getSiteUrlStub())) {
                    return true;
                }
            }
            return false;
        } catch (Exception e) {
            Timber.e(e, "Could not verify site", new Object[0]);
            return false;
        }
    }
}
