package com.okta.oidc.clients.web;

import android.annotation.SuppressLint;
import android.app.Activity;
import android.content.Context;
import android.content.Intent;
import android.content.pm.ActivityInfo;
import android.content.pm.PackageManager;
import android.content.pm.ResolveInfo;
import android.net.Uri;
import android.text.TextUtils;
import android.util.Log;
import androidx.fragment.app.FragmentActivity;
import androidx.lifecycle.Lifecycle;
import com.okta.oidc.AuthenticationPayload;
import com.okta.oidc.AuthenticationResultHandler;
import com.okta.oidc.CustomTabOptions;
import com.okta.oidc.OIDCConfig;
import com.okta.oidc.OktaRedirectActivity;
import com.okta.oidc.OktaResultFragment;
import com.okta.oidc.clients.AuthAPI;
import com.okta.oidc.clients.State;
import com.okta.oidc.clients.sessions.SyncSessionClient;
import com.okta.oidc.clients.sessions.SyncSessionClientFactoryImpl;
import com.okta.oidc.net.OktaHttpClient;
import com.okta.oidc.net.request.ProviderConfiguration;
import com.okta.oidc.net.request.TokenRequest;
import com.okta.oidc.net.request.web.AuthorizeRequest;
import com.okta.oidc.net.request.web.LogoutRequest;
import com.okta.oidc.net.request.web.WebRequest;
import com.okta.oidc.net.response.web.AuthorizeResponse;
import com.okta.oidc.results.Result;
import com.okta.oidc.storage.OktaRepository;
import com.okta.oidc.storage.OktaStorage;
import com.okta.oidc.storage.security.EncryptionManager;
import com.okta.oidc.util.AuthorizationException;
import com.okta.oidc.util.CodeVerifierUtil;
import java.io.IOException;
import java.lang.ref.WeakReference;
import java.util.Iterator;
import java.util.List;
import java.util.concurrent.CountDownLatch;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.atomic.AtomicReference;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes4.dex */
public class SyncWebAuthClientImpl extends AuthAPI implements SyncWebAuthClient {
    private static final String TAG = "SyncWebAuthClientImpl";
    private CustomTabOptions mCustomTabOptions;
    private AuthenticationResultHandler mHandler;
    private SyncSessionClient mSessionClient;
    private String[] mSupportedBrowsers;

    /* renamed from: com.okta.oidc.clients.web.SyncWebAuthClientImpl$1, reason: invalid class name */
    /* loaded from: classes4.dex */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$com$okta$oidc$AuthenticationResultHandler$ResultType;
        static final /* synthetic */ int[] $SwitchMap$com$okta$oidc$AuthenticationResultHandler$Status;

        static {
            int[] iArr = new int[AuthenticationResultHandler.ResultType.values().length];
            $SwitchMap$com$okta$oidc$AuthenticationResultHandler$ResultType = iArr;
            try {
                iArr[AuthenticationResultHandler.ResultType.SIGN_IN.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                $SwitchMap$com$okta$oidc$AuthenticationResultHandler$ResultType[AuthenticationResultHandler.ResultType.SIGN_OUT.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            int[] iArr2 = new int[AuthenticationResultHandler.Status.values().length];
            $SwitchMap$com$okta$oidc$AuthenticationResultHandler$Status = iArr2;
            try {
                iArr2[AuthenticationResultHandler.Status.CANCELED.ordinal()] = 1;
            } catch (NoSuchFieldError unused3) {
            }
            try {
                $SwitchMap$com$okta$oidc$AuthenticationResultHandler$Status[AuthenticationResultHandler.Status.ERROR.ordinal()] = 2;
            } catch (NoSuchFieldError unused4) {
            }
            try {
                $SwitchMap$com$okta$oidc$AuthenticationResultHandler$Status[AuthenticationResultHandler.Status.AUTHORIZED.ordinal()] = 3;
            } catch (NoSuchFieldError unused5) {
            }
            try {
                $SwitchMap$com$okta$oidc$AuthenticationResultHandler$Status[AuthenticationResultHandler.Status.LOGGED_OUT.ordinal()] = 4;
            } catch (NoSuchFieldError unused6) {
            }
        }
    }

    /* loaded from: classes4.dex */
    public interface ResultListener {
        void postResult(Result result, AuthenticationResultHandler.ResultType resultType);
    }

    public SyncWebAuthClientImpl(OIDCConfig oIDCConfig, Context context, OktaStorage oktaStorage, EncryptionManager encryptionManager, OktaHttpClient oktaHttpClient, boolean z, boolean z2, CustomTabOptions customTabOptions, String... strArr) {
        super(oIDCConfig, context, oktaStorage, encryptionManager, z, z2);
        this.mSupportedBrowsers = strArr;
        this.mCustomTabOptions = customTabOptions;
        this.mHttpClient = oktaHttpClient;
        this.mSessionClient = new SyncSessionClientFactoryImpl().createClient(oIDCConfig, this.mOktaState, this.mHttpClient);
        this.mHandler = AuthenticationResultHandler.handler();
    }

    private boolean isRedirectUrisRegistered(Uri uri, Activity activity) {
        List<ResolveInfo> list;
        PackageManager packageManager = activity.getPackageManager();
        if (packageManager != null) {
            Intent intent = new Intent();
            intent.setAction("android.intent.action.VIEW");
            intent.addCategory("android.intent.category.BROWSABLE");
            intent.setData(uri);
            list = packageManager.queryIntentActivities(intent, 64);
        } else {
            list = null;
        }
        if (list == null) {
            return false;
        }
        Iterator<ResolveInfo> it = list.iterator();
        boolean z = false;
        while (it.hasNext()) {
            ActivityInfo activityInfo = it.next().activityInfo;
            if (activityInfo.name.equals(OktaRedirectActivity.class.getCanonicalName()) && activityInfo.packageName.equals(activity.getPackageName())) {
                z = true;
            } else if (!uri.getScheme().equals("https")) {
                Log.w(TAG, "Warning! Multiple applications found registered with same scheme");
                return false;
            }
        }
        return z;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public /* synthetic */ void lambda$registerCallbackIfInterrupt$0(AuthenticationResultHandler.ResultType resultType, AuthenticationResultHandler.StateResult stateResult, ResultListener resultListener) {
        int i = AnonymousClass1.$SwitchMap$com$okta$oidc$AuthenticationResultHandler$ResultType[resultType.ordinal()];
        if (i == 1) {
            Result processSignInResult = processSignInResult(stateResult);
            resetCurrentState();
            if (resultListener != null) {
                resultListener.postResult(processSignInResult, resultType);
                return;
            }
            return;
        }
        if (i != 2) {
            return;
        }
        Result processSignOutResult = processSignOutResult(stateResult);
        resetCurrentState();
        if (resultListener != null) {
            resultListener.postResult(processSignOutResult, resultType);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public /* synthetic */ void lambda$registerCallbackIfInterrupt$1(ExecutorService executorService, final ResultListener resultListener, final AuthenticationResultHandler.StateResult stateResult, final AuthenticationResultHandler.ResultType resultType) {
        if (executorService.isShutdown()) {
            return;
        }
        executorService.execute(new Runnable() { // from class: com.okta.oidc.clients.web.SyncWebAuthClientImpl$$ExternalSyntheticLambda0
            @Override // java.lang.Runnable
            public final void run() {
                SyncWebAuthClientImpl.this.lambda$registerCallbackIfInterrupt$0(resultType, stateResult, resultListener);
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public /* synthetic */ void lambda$startSignIn$2(WebRequest webRequest, Activity activity) {
        OktaResultFragment.addLoginFragment(webRequest, this.mCustomTabOptions, (FragmentActivity) activity, this.mSupportedBrowsers);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static /* synthetic */ void lambda$startSignIn$3(AtomicReference atomicReference, CountDownLatch countDownLatch, AuthenticationResultHandler.StateResult stateResult, AuthenticationResultHandler.ResultType resultType) {
        atomicReference.set(stateResult);
        countDownLatch.countDown();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public /* synthetic */ void lambda$startSignOut$4(WebRequest webRequest, Activity activity) {
        OktaResultFragment.addLogoutFragment(webRequest, this.mCustomTabOptions, (FragmentActivity) activity, this.mSupportedBrowsers);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static /* synthetic */ void lambda$startSignOut$5(AtomicReference atomicReference, CountDownLatch countDownLatch, AuthenticationResultHandler.StateResult stateResult, AuthenticationResultHandler.ResultType resultType) {
        atomicReference.set(stateResult);
        countDownLatch.countDown();
    }

    private Result processSignInResult(AuthenticationResultHandler.StateResult stateResult) {
        if (stateResult == null) {
            return Result.error(new AuthorizationException("Result is empty", new NullPointerException()));
        }
        int i = AnonymousClass1.$SwitchMap$com$okta$oidc$AuthenticationResultHandler$Status[stateResult.getStatus().ordinal()];
        if (i == 1) {
            return Result.cancel();
        }
        if (i == 2) {
            return Result.error(stateResult.getException());
        }
        if (i != 3) {
            return Result.error(new AuthorizationException("StateResult with invalid status: " + stateResult.getStatus().name(), new IllegalStateException()));
        }
        this.mOktaState.setCurrentState(State.TOKEN_EXCHANGE);
        try {
            WebRequest authorizeRequest = this.mOktaState.getAuthorizeRequest();
            ProviderConfiguration providerConfiguration = this.mOktaState.getProviderConfiguration();
            AuthorizeResponse authorizeResponse = (AuthorizeResponse) stateResult.getAuthorizationResponse();
            if (isVerificationFlow(authorizeResponse)) {
                return processEmailVerification(authorizeResponse);
            }
            validateResult(stateResult.getAuthorizationResponse(), authorizeRequest);
            TokenRequest tokenRequest = tokenExchange((AuthorizeResponse) stateResult.getAuthorizationResponse(), providerConfiguration, (AuthorizeRequest) authorizeRequest);
            this.mCurrentRequest.set(new WeakReference<>(tokenRequest));
            this.mOktaState.save(tokenRequest.executeRequest(this.mHttpClient));
            return Result.success();
        } catch (OktaRepository.EncryptionException e) {
            return Result.error(AuthorizationException.EncryptionErrors.byEncryptionException(e));
        } catch (AuthorizationException e2) {
            return Result.error(e2);
        }
    }

    private Result processSignOutResult(AuthenticationResultHandler.StateResult stateResult) {
        if (stateResult == null) {
            return Result.error(new AuthorizationException("Result is empty", new NullPointerException()));
        }
        int i = AnonymousClass1.$SwitchMap$com$okta$oidc$AuthenticationResultHandler$Status[stateResult.getStatus().ordinal()];
        if (i == 1) {
            return Result.error(AuthorizationException.RegistrationRequestErrors.INVALID_REDIRECT_URI);
        }
        if (i == 2) {
            return Result.error(stateResult.getException());
        }
        if (i == 4) {
            removeTokens(getSessionClient());
            return Result.success();
        }
        return Result.error(new AuthorizationException("StateResult with invalid status: " + stateResult.getStatus().name(), new IllegalStateException()));
    }

    private AuthenticationResultHandler.StateResult startSignIn(final Activity activity, final WebRequest webRequest) throws InterruptedException {
        final AtomicReference atomicReference = new AtomicReference();
        final CountDownLatch countDownLatch = new CountDownLatch(1);
        if (!(activity instanceof FragmentActivity)) {
            activity.startActivityForResult(OktaResultFragment.createAuthIntent(activity, webRequest.toUri(), this.mCustomTabOptions, this.mSupportedBrowsers), 100);
        } else {
            if (!((FragmentActivity) activity).getLifecycleRegistry().getState().isAtLeast(Lifecycle.State.RESUMED)) {
                resetCurrentState();
                return AuthenticationResultHandler.StateResult.canceled();
            }
            activity.runOnUiThread(new Runnable() { // from class: com.okta.oidc.clients.web.SyncWebAuthClientImpl$$ExternalSyntheticLambda4
                @Override // java.lang.Runnable
                public final void run() {
                    SyncWebAuthClientImpl.this.lambda$startSignIn$2(webRequest, activity);
                }
            });
        }
        this.mHandler.setAuthenticationListener(new AuthenticationResultHandler.AuthResultListener() { // from class: com.okta.oidc.clients.web.SyncWebAuthClientImpl$$ExternalSyntheticLambda5
            @Override // com.okta.oidc.AuthenticationResultHandler.AuthResultListener
            public final void postResult(AuthenticationResultHandler.StateResult stateResult, AuthenticationResultHandler.ResultType resultType) {
                SyncWebAuthClientImpl.lambda$startSignIn$3(atomicReference, countDownLatch, stateResult, resultType);
            }
        });
        countDownLatch.await();
        return (AuthenticationResultHandler.StateResult) atomicReference.get();
    }

    private AuthenticationResultHandler.StateResult startSignOut(final Activity activity, final WebRequest webRequest) throws InterruptedException {
        final CountDownLatch countDownLatch = new CountDownLatch(1);
        final AtomicReference atomicReference = new AtomicReference();
        if (!(activity instanceof FragmentActivity)) {
            activity.startActivityForResult(OktaResultFragment.createAuthIntent(activity, webRequest.toUri(), this.mCustomTabOptions, this.mSupportedBrowsers), 200);
        } else {
            if (!((FragmentActivity) activity).getLifecycleRegistry().getState().isAtLeast(Lifecycle.State.RESUMED)) {
                resetCurrentState();
                return AuthenticationResultHandler.StateResult.canceled();
            }
            activity.runOnUiThread(new Runnable() { // from class: com.okta.oidc.clients.web.SyncWebAuthClientImpl$$ExternalSyntheticLambda1
                @Override // java.lang.Runnable
                public final void run() {
                    SyncWebAuthClientImpl.this.lambda$startSignOut$4(webRequest, activity);
                }
            });
        }
        this.mHandler.setAuthenticationListener(new AuthenticationResultHandler.AuthResultListener() { // from class: com.okta.oidc.clients.web.SyncWebAuthClientImpl$$ExternalSyntheticLambda2
            @Override // com.okta.oidc.AuthenticationResultHandler.AuthResultListener
            public final void postResult(AuthenticationResultHandler.StateResult stateResult, AuthenticationResultHandler.ResultType resultType) {
                SyncWebAuthClientImpl.lambda$startSignOut$5(atomicReference, countDownLatch, stateResult, resultType);
            }
        });
        countDownLatch.await();
        return (AuthenticationResultHandler.StateResult) atomicReference.get();
    }

    public int getFlags() {
        return this.mSignOutFlags;
    }

    /* JADX WARN: Can't rename method to resolve collision */
    @Override // com.okta.oidc.clients.BaseAuth
    public SyncSessionClient getSessionClient() {
        return this.mSessionClient;
    }

    @Override // com.okta.oidc.clients.AuthAPI
    @SuppressLint({"RestrictedApi"})
    public int getSignOutStatus() {
        return this.mSignOutStatus;
    }

    @Override // com.okta.oidc.clients.web.SyncWebAuthClient
    public void handleActivityResult(int i, int i2, Intent intent) {
        this.mHandler.onActivityResult(i, i2, intent);
    }

    @Override // com.okta.oidc.clients.web.SyncWebAuthClient
    public boolean isInProgress() {
        return this.mOktaState.getCurrentState() != State.IDLE;
    }

    @Override // com.okta.oidc.clients.web.SyncWebAuthClient
    public void migrateTo(EncryptionManager encryptionManager) throws AuthorizationException {
        this.mSessionClient.migrateTo(encryptionManager);
    }

    public Result processEmailVerification(AuthorizeResponse authorizeResponse) {
        try {
            ProviderConfiguration providerConfiguration = this.mOktaState.getProviderConfiguration();
            return providerConfiguration == null ? Result.error(new AuthorizationException("No provider configuration found", null)) : !providerConfiguration.issuer.equals(authorizeResponse.getIssuer()) ? Result.error(new AuthorizationException(String.format("Email verification issuer mismatch expected %s, received %s", providerConfiguration.issuer, authorizeResponse.getIssuer()), null)) : !TextUtils.isEmpty(authorizeResponse.getSessionHint()) ? authorizeResponse.getSessionHint().equals(AuthorizeResponse.AUTHENTICATED) ? Result.authenticated() : Result.unauthenticated(authorizeResponse.getLoginHint()) : Result.error(new AuthorizationException("Email verification unknown error", null));
        } catch (OktaRepository.EncryptionException e) {
            return Result.error(AuthorizationException.EncryptionErrors.byEncryptionException(e));
        }
    }

    @Override // com.okta.oidc.clients.web.SyncWebAuthClient
    public void registerCallbackIfInterrupt(Activity activity, final ResultListener resultListener, final ExecutorService executorService) {
        this.mHandler.setAuthenticationListener(new AuthenticationResultHandler.AuthResultListener() { // from class: com.okta.oidc.clients.web.SyncWebAuthClientImpl$$ExternalSyntheticLambda3
            @Override // com.okta.oidc.AuthenticationResultHandler.AuthResultListener
            public final void postResult(AuthenticationResultHandler.StateResult stateResult, AuthenticationResultHandler.ResultType resultType) {
                SyncWebAuthClientImpl.this.lambda$registerCallbackIfInterrupt$1(executorService, resultListener, stateResult, resultType);
            }
        });
    }

    @Override // com.okta.oidc.clients.web.SyncWebAuthClient
    public Result signIn(Activity activity, AuthenticationPayload authenticationPayload) {
        this.mCancel.set(false);
        try {
            if (!isRedirectUrisRegistered(this.mOidcConfig.getRedirectUri(), activity)) {
                Log.e(TAG, "No uri registered to handle redirect or multiple applications registered");
                AuthorizationException authorizationException = AuthorizationException.RegistrationRequestErrors.INVALID_REDIRECT_URI;
                throw new AuthorizationException(4, authorizationException.code, authorizationException.error, "No uri registered to handle redirect or multiple applications registered", null, null);
            }
            ProviderConfiguration obtainNewConfiguration = obtainNewConfiguration();
            checkIfCanceled();
            AuthorizeRequest create = new AuthorizeRequest.Builder().config(this.mOidcConfig).providerConfiguration(obtainNewConfiguration).authenticationPayload(authenticationPayload).create();
            this.mOktaState.save(create);
            this.mOktaState.setCurrentState(State.SIGN_IN_REQUEST);
            return processSignInResult(startSignIn(activity, create));
        } catch (IOException | InterruptedException unused) {
            return Result.cancel();
        } catch (OktaRepository.EncryptionException e) {
            return Result.error(AuthorizationException.EncryptionErrors.byEncryptionException(e));
        } catch (AuthorizationException e2) {
            return Thread.currentThread().isInterrupted() ? Result.cancel() : Result.error(e2);
        } finally {
            resetCurrentState();
        }
    }

    @Override // com.okta.oidc.clients.web.SyncWebAuthClient
    public int signOut(Activity activity) {
        return signOut(activity, 15);
    }

    @Override // com.okta.oidc.clients.web.SyncWebAuthClient
    public int signOut(Activity activity, int i) {
        try {
            this.mSignOutStatus = 0;
            this.mSignOutFlags = i;
            revokeTokens(getSessionClient());
            if ((i & 8) == 8) {
                Result signOutOfOkta = signOutOfOkta(activity);
                if (!signOutOfOkta.isSuccess()) {
                    Log.w(TAG, "Failed to clear session", signOutOfOkta.getError());
                    this.mSignOutStatus |= 8;
                }
            }
            return this.mSignOutStatus;
        } catch (IOException e) {
            Log.w(TAG, "Canceled", e);
            return 15;
        }
    }

    @Override // com.okta.oidc.clients.web.SyncWebAuthClient
    public Result signOutOfOkta(Activity activity) {
        try {
            this.mOktaState.setCurrentState(State.SIGN_OUT_REQUEST);
            LogoutRequest create = new LogoutRequest.Builder().provideConfiguration(this.mOktaState.getProviderConfiguration()).config(this.mOidcConfig).tokenResponse(this.mOktaState.getTokenResponse()).state(CodeVerifierUtil.generateRandomState()).create();
            this.mOktaState.save(create);
            return processSignOutResult(startSignOut(activity, create));
        } catch (OktaRepository.EncryptionException e) {
            return Result.error(AuthorizationException.EncryptionErrors.byEncryptionException(e));
        } catch (InterruptedException unused) {
            return Result.cancel();
        } catch (NullPointerException e2) {
            return Result.error(new AuthorizationException(e2.getMessage(), e2));
        } catch (AuthorizationException e3) {
            return Result.error(e3);
        } finally {
            resetCurrentState();
        }
    }

    @Override // com.okta.oidc.clients.web.SyncWebAuthClient
    public void unregisterCallback() {
        this.mHandler.setAuthenticationListener(null);
    }
}
