package com.kaldorgroup.pugpig.net.auth;

import android.content.Context;
import android.content.Intent;
import android.content.SharedPreferences;
import android.net.Uri;
import android.text.TextUtils;
import android.util.Base64;
import androidx.security.crypto.EncryptedSharedPreferences;
import androidx.security.crypto.MasterKeys;
import com.facebook.internal.ServerProtocol;
import com.kaldorgroup.pugpig.net.AsynchronousDownloadCompletionHandler;
import com.kaldorgroup.pugpig.net.AsynchronousDownloader;
import com.kaldorgroup.pugpig.net.URLRequest;
import com.kaldorgroup.pugpig.net.URLResponse;
import com.kaldorgroup.pugpig.net.auth.LoginProvider;
import com.kaldorgroup.pugpig.net.auth.PugpigAuthorisation;
import com.kaldorgroup.pugpig.net.auth.RenewProvider;
import com.kaldorgroup.pugpig.util.DataUtils;
import com.kaldorgroup.pugpig.util.Log;
import com.kaldorgroup.pugpig.util.StringUtils;
import com.kaldorgroup.pugpigbolt.App;
import com.kaldorgroup.pugpigbolt.domain.BoltConfig;
import com.kaldorgroup.pugpigbolt.util.JSONUtils;
import java.io.IOException;
import java.net.URL;
import java.security.GeneralSecurityException;
import java.security.SecureRandom;
import java.util.Map;
import org.json.JSONException;
import org.json.JSONObject;

/* loaded from: classes2.dex */
public class KGOAuth2PKCELoginProvider extends WebLoginProvider implements RenewProvider {
    private SharedPreferences _sharedPreferences;
    private String codeVerifier;
    private final SecureRandom secureRandom;
    private final Map<String, String> tokenExchangeQueryParams;
    private final URL tokenExchangeURL;

    /* renamed from: com.kaldorgroup.pugpig.net.auth.KGOAuth2PKCELoginProvider$3, reason: invalid class name */
    /* loaded from: classes2.dex */
    static /* synthetic */ class AnonymousClass3 {
        static final /* synthetic */ int[] $SwitchMap$com$kaldorgroup$pugpig$net$auth$PugpigAuthorisation$AuthSessionType;

        static {
            int[] iArr = new int[PugpigAuthorisation.AuthSessionType.values().length];
            $SwitchMap$com$kaldorgroup$pugpig$net$auth$PugpigAuthorisation$AuthSessionType = iArr;
            try {
                iArr[PugpigAuthorisation.AuthSessionType.requiredAuth.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                $SwitchMap$com$kaldorgroup$pugpig$net$auth$PugpigAuthorisation$AuthSessionType[PugpigAuthorisation.AuthSessionType.register.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            try {
                $SwitchMap$com$kaldorgroup$pugpig$net$auth$PugpigAuthorisation$AuthSessionType[PugpigAuthorisation.AuthSessionType.signIn.ordinal()] = 3;
            } catch (NoSuchFieldError unused3) {
            }
        }
    }

    public KGOAuth2PKCELoginProvider(BoltConfig.PKCEAuthConfig pKCEAuthConfig) {
        super(pKCEAuthConfig);
        this.codeVerifier = null;
        this.tokenExchangeURL = pKCEAuthConfig.tokenExchangeEndpoint;
        this.tokenExchangeQueryParams = pKCEAuthConfig.tokenExchangePostParams;
        this.secureRandom = new SecureRandom();
    }

    private Uri appendCodeChallenge(Uri uri, String str) {
        Uri.Builder buildUpon = uri.buildUpon();
        buildUpon.clearQuery();
        for (String str2 : uri.getQueryParameterNames()) {
            if (!str2.equals(ServerProtocol.DIALOG_PARAM_CODE_CHALLENGE)) {
                buildUpon.appendQueryParameter(str2, uri.getQueryParameter(str2));
            }
        }
        buildUpon.appendQueryParameter(ServerProtocol.DIALOG_PARAM_CODE_CHALLENGE, str);
        return buildUpon.build();
    }

    private Uri.Builder formBuilderWithDefaults() {
        Uri.Builder builder = new Uri.Builder();
        for (Map.Entry<String, String> entry : this.tokenExchangeQueryParams.entrySet()) {
            builder.appendQueryParameter(entry.getKey(), entry.getValue());
        }
        return builder;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public SharedPreferences getSharedPreferences() {
        String string;
        if (this._sharedPreferences == null) {
            try {
                SharedPreferences create = EncryptedSharedPreferences.create("oidc_store", MasterKeys.getOrCreate(MasterKeys.AES256_GCM_SPEC), App.getContext(), EncryptedSharedPreferences.PrefKeyEncryptionScheme.AES256_SIV, EncryptedSharedPreferences.PrefValueEncryptionScheme.AES256_GCM);
                this._sharedPreferences = create;
                if (create.getString("refresh_token", null) == null && (string = App.getSharedPreferences().getString("refresh_token", null)) != null) {
                    this._sharedPreferences.edit().putString("refresh_token", string).commit();
                }
                App.getSharedPreferences().edit().remove("refresh_token").commit();
            } catch (IOException | GeneralSecurityException e) {
                App.trackNonFatalException(e);
                this._sharedPreferences = App.getSharedPreferences();
            }
        }
        return this._sharedPreferences;
    }

    @Override // com.kaldorgroup.pugpig.net.auth.WebLoginProvider
    protected void continueWithCallbackUrl(String str, final LoginProvider.CompletionHandler completionHandler) {
        String queryParameter = Uri.parse(str).getQueryParameter("code");
        URLRequest uRLRequest = new URLRequest(this.tokenExchangeURL);
        uRLRequest.setHTTPMethod("POST");
        Uri.Builder formBuilderWithDefaults = formBuilderWithDefaults();
        formBuilderWithDefaults.appendQueryParameter("grant_type", "authorization_code");
        formBuilderWithDefaults.appendQueryParameter("code", queryParameter);
        formBuilderWithDefaults.appendQueryParameter("code_verifier", this.codeVerifier);
        uRLRequest.setHTTPBody(StringUtils.stringDataUsingEncoding(formBuilderWithDefaults.build().getEncodedQuery(), "UTF-8"));
        new AsynchronousDownloader(uRLRequest, new AsynchronousDownloadCompletionHandler() { // from class: com.kaldorgroup.pugpig.net.auth.KGOAuth2PKCELoginProvider.1
            @Override // com.kaldorgroup.pugpig.net.AsynchronousDownloadCompletionHandler
            public void run(URLResponse uRLResponse, byte[] bArr, Exception exc) {
                if (exc != null) {
                    Log.log("PKCE login error: ", exc.getLocalizedMessage());
                    completionHandler.run(null, exc);
                    return;
                }
                if (bArr == null) {
                    Log.log("PKCE login error: empty response", new Object[0]);
                    completionHandler.run(null, new Exception("No data"));
                    return;
                }
                try {
                    JSONObject jSONObject = new JSONObject(new String(bArr));
                    String string = jSONObject.getString("access_token");
                    String string2 = JSONUtils.string(jSONObject, "refresh_token");
                    if (string2 != null) {
                        KGOAuth2PKCELoginProvider.this.getSharedPreferences().edit().putString("refresh_token", string2).commit();
                    }
                    completionHandler.run(string, null);
                } catch (JSONException e) {
                    completionHandler.run(null, e);
                }
            }
        });
    }

    @Override // com.kaldorgroup.pugpig.net.auth.WebLoginProvider, com.kaldorgroup.pugpig.net.auth.LoginProvider
    public Intent loginWithCompletionHandler(Context context, PugpigAuthorisation.AuthSessionType authSessionType, LoginProvider.CompletionHandler completionHandler) {
        byte[] bArr = new byte[32];
        this.secureRandom.nextBytes(bArr);
        String encodeToString = Base64.encodeToString(bArr, 11);
        this.codeVerifier = encodeToString;
        String encodeToString2 = Base64.encodeToString(DataUtils.SHA256Digest(encodeToString.getBytes()), 11);
        int i2 = AnonymousClass3.$SwitchMap$com$kaldorgroup$pugpig$net$auth$PugpigAuthorisation$AuthSessionType[authSessionType.ordinal()];
        if (i2 != 1) {
            if (i2 != 2) {
                if (i2 == 3) {
                    this.signInUri = appendCodeChallenge(this.signInUri, encodeToString2);
                }
            } else if (this.registerUri == null || TextUtils.isEmpty(this.registerUri.toString())) {
                this.signInUri = appendCodeChallenge(this.signInUri, encodeToString2);
            } else {
                this.registerUri = appendCodeChallenge(this.registerUri, encodeToString2);
            }
        } else if (this.requiredAuthUri == null || TextUtils.isEmpty(this.requiredAuthUri.toString())) {
            this.signInUri = appendCodeChallenge(this.signInUri, encodeToString2);
        } else {
            this.requiredAuthUri = appendCodeChallenge(this.requiredAuthUri, encodeToString2);
        }
        return super.loginWithCompletionHandler(context, authSessionType, completionHandler);
    }

    @Override // com.kaldorgroup.pugpig.net.auth.RenewProvider
    public void renewTokenWithCompletionHandler(String str, final RenewProvider.CompletionHandler completionHandler) {
        String string = getSharedPreferences().getString("refresh_token", null);
        if (string == null || string.length() == 0) {
            completionHandler.run(null, "No refresh_token", null);
            return;
        }
        URLRequest uRLRequest = new URLRequest(this.tokenExchangeURL);
        uRLRequest.setHTTPMethod("POST");
        Uri.Builder formBuilderWithDefaults = formBuilderWithDefaults();
        formBuilderWithDefaults.appendQueryParameter("grant_type", "refresh_token");
        formBuilderWithDefaults.appendQueryParameter("refresh_token", string);
        uRLRequest.setHTTPBody(StringUtils.stringDataUsingEncoding(formBuilderWithDefaults.build().getEncodedQuery(), "UTF-8"));
        new AsynchronousDownloader(uRLRequest, new AsynchronousDownloadCompletionHandler() { // from class: com.kaldorgroup.pugpig.net.auth.KGOAuth2PKCELoginProvider.2
            @Override // com.kaldorgroup.pugpig.net.AsynchronousDownloadCompletionHandler
            public void run(URLResponse uRLResponse, byte[] bArr, Exception exc) {
                if (exc != null) {
                    Log.log("PKCE renew error: ", exc.getLocalizedMessage());
                    completionHandler.run(null, null, exc);
                    return;
                }
                if (bArr == null) {
                    Log.log("PKCE renew error: empty response", new Object[0]);
                    completionHandler.run(null, null, new Exception("No data"));
                    return;
                }
                try {
                    JSONObject jSONObject = new JSONObject(new String(bArr));
                    String string2 = jSONObject.getString("access_token");
                    String string3 = JSONUtils.string(jSONObject, "refresh_token");
                    if (string3 != null) {
                        KGOAuth2PKCELoginProvider.this.getSharedPreferences().edit().putString("refresh_token", string3).commit();
                    }
                    completionHandler.run(string2, null, null);
                } catch (JSONException e) {
                    completionHandler.run(null, null, e);
                }
            }
        });
    }
}
