package com.paypal.android.foundation.auth.operations;

import android.support.annotation.NonNull;
import android.support.annotation.Nullable;
import android.text.TextUtils;
import com.paypal.android.foundation.auth.AccountCredentials;
import com.paypal.android.foundation.auth.AccountCredentialsSecurityMetadata;
import com.paypal.android.foundation.auth.AuthDeveloperConfigState;
import com.paypal.android.foundation.auth.BiometricTransactionProvider;
import com.paypal.android.foundation.auth.model.AccountCredentialsChallenge;
import com.paypal.android.foundation.auth.model.AuthenticationTokens;
import com.paypal.android.foundation.auth.model.ConsentChallenge;
import com.paypal.android.foundation.auth.model.Token;
import com.paypal.android.foundation.auth.model.TokenResult;
import com.paypal.android.foundation.auth.model.UriChallenge;
import com.paypal.android.foundation.auth.model.UserBindTokenResult;
import com.paypal.android.foundation.auth.operations.SecurityOperation;
import com.paypal.android.foundation.auth.state.AccountState;
import com.paypal.android.foundation.core.CommonContracts;
import com.paypal.android.foundation.core.CoreConstants;
import com.paypal.android.foundation.core.DesignByContract;
import com.paypal.android.foundation.core.FoundationCore;
import com.paypal.android.foundation.core.data.DataRequest;
import com.paypal.android.foundation.core.data.method.FormUrlEncodedRequestMethod;
import com.paypal.android.foundation.core.log.DebugLogger;
import com.paypal.android.foundation.core.message.ClientMessage;
import com.paypal.android.foundation.core.model.BoundedAttestationData;
import com.paypal.android.foundation.core.model.Challenge;
import com.paypal.android.foundation.core.model.SecurityChallenge;
import com.paypal.android.foundation.core.operations.OperationListener;
import com.paypal.android.foundation.paypalcore.FoundationPayPalCore;
import com.paypal.android.foundation.paypalcore.FoundationServiceRequestHelper;
import com.paypal.android.foundation.paypalcore.model.AuthenticationTier;
import java.util.Arrays;
import java.util.List;
import java.util.Map;

/* loaded from: classes.dex */
public class UserAccessTokenOperation extends TokenOperation {
    private static final String KEY_ADS_CREATE_PAGE_DATA = "adsCreatePageData";
    private static final String KEY_COUNTRY_CODE = "countryCode";
    private static final String KEY_EMAIL = "email";
    private static final String KEY_FIDO_OSTP = "fidoOstp";
    private static final String KEY_FIDO_UAF = "fidoUaf";
    private static final String KEY_PASSWORD = "password";
    private static final String KEY_PHONE = "phone";
    private static final String KEY_PIN = "pin";
    private static final String KEY_PRIMARY_EMAIL = "primaryEmail";
    private static DebugLogger L = DebugLogger.getLogger(UserAccessTokenOperation.class);
    private static DebugLogger l = DebugLogger.getLogger(UserAccessTokenOperation.class);
    private AccountCredentials credentials;
    private SecurityOperation.GrantType grantType;
    private String mAdsChallengeId;
    private String mAuthNonce;
    private Token refreshToken;
    protected ThirdPartyOperationParams thirdPartyOperationParams;

    /* JADX INFO: Access modifiers changed from: protected */
    public UserAccessTokenOperation() {
    }

    public UserAccessTokenOperation(AccountCredentials accountCredentials) {
        CommonContracts.requireNonNull(accountCredentials);
        setCredentials(accountCredentials);
    }

    public UserAccessTokenOperation(AccountCredentials accountCredentials, ThirdPartyOperationParams thirdPartyOperationParams) {
        CommonContracts.requireNonNull(accountCredentials);
        setCredentials(accountCredentials);
        this.thirdPartyOperationParams = thirdPartyOperationParams;
    }

    public UserAccessTokenOperation(Token token) {
        this(SecurityOperation.GrantType.RefreshToken);
        CommonContracts.requireNonNull(token);
        this.refreshToken = token;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public UserAccessTokenOperation(SecurityOperation.GrantType grantType) {
        CommonContracts.requireNonNull(grantType);
        this.grantType = grantType;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public UserAccessTokenOperation(ThirdPartyOperationParams thirdPartyOperationParams) {
        CommonContracts.requireNonNull(thirdPartyOperationParams);
        this.grantType = SecurityOperation.GrantType.UniqueDeviceIdentifier;
        this.thirdPartyOperationParams = thirdPartyOperationParams;
    }

    private void addAdsChallengeIdInParams(@NonNull Map<String, String> map) {
        CommonContracts.requireNonNull(map);
        if (TextUtils.isEmpty(this.mAdsChallengeId)) {
            return;
        }
        DesignByContract.ensure(("auth-" + FoundationPayPalCore.serviceConfig().getAppGuid()).equals(this.mAdsChallengeId), "ADS challenge ID should be valid", new Object[0]);
        map.put("adsChallengeId", this.mAdsChallengeId);
    }

    private void addAttestationResult(@NonNull Map<String, String> map) {
        CommonContracts.requireNonNull(map);
        BoundedAttestationData popAttestationDataAndRefresh = FoundationCore.getDeviceCompatibilityAssessor().popAttestationDataAndRefresh();
        if (popAttestationDataAndRefresh != null) {
            if (!TextUtils.isEmpty(popAttestationDataAndRefresh.getValue())) {
                map.put("attestationResult", popAttestationDataAndRefresh.getValue());
            }
            map.put("compatProgress", popAttestationDataAndRefresh.getStateDescription());
        }
    }

    private String getMfsRequestParamFidoKey(String str) {
        CommonContracts.ensureNonEmptyString(str);
        if (BiometricTransactionProvider.BIOMETRIC_FIDO_PROTOCOL_OSTP.equals(str)) {
            return KEY_FIDO_OSTP;
        }
        if (BiometricTransactionProvider.BIOMETRIC_FIDO_PROTOCOL_UAF.equals(str)) {
            return KEY_FIDO_UAF;
        }
        CommonContracts.requireShouldNeverReachHere();
        l.debug("should never reach here! invalid biometric protocol error", new Object[0]);
        return null;
    }

    private AuthenticationTier getPromoteTierBasedOnGrantType() {
        switch (this.grantType) {
            case RefreshToken:
                return AuthenticationTier.UserAccessToken_RememberedState;
            case Password:
            case FidoBiometric:
            case BiometricFingerprint:
            case PartnerPin:
            case TwoLa:
            case UniqueDeviceIdentifier:
            case FuturePaymentConsent:
                return AuthenticationTier.UserAccessToken_AuthenticatedState;
            case ClientCredentials:
                return AuthenticationTier.ClientAccessToken;
            default:
                return AuthenticationTier.Unknown;
        }
    }

    private void setAdaptiveTokenInParams(Map<String, String> map) {
        CommonContracts.requireNonNull(map);
        String adaptiveToken = AuthenticationTokens.getInstance().getAdaptiveToken();
        if (TextUtils.isEmpty(adaptiveToken)) {
            return;
        }
        map.put(TokenResult.TokenResultPropertySet.KEY_TokenResult_adaptiveToken, adaptiveToken);
    }

    private void setCredentials(AccountCredentials accountCredentials) {
        this.credentials = accountCredentials;
        updateGrantTypeBasedOnCredentials(accountCredentials);
    }

    private void setPrimaryEmailInParams(Map<String, String> map) {
        CommonContracts.requireNonNull(map);
        if (this.credentials == null || !(this.credentials instanceof AccountCredentialsSecurityMetadata)) {
            return;
        }
        String primaryEmail = ((AccountCredentialsSecurityMetadata) this.credentials).getPrimaryEmail();
        if (TextUtils.isEmpty(primaryEmail)) {
            return;
        }
        map.put(KEY_PRIMARY_EMAIL, primaryEmail);
    }

    private void updateGrantTypeBasedOnCredentials(AccountCredentials accountCredentials) {
        switch (accountCredentials.getType()) {
            case EMAIL_PASSWORD:
            case PHONE_PIN:
            case PHONE_PASSWORD:
                this.grantType = SecurityOperation.GrantType.Password;
                return;
            case FIDO_BIOMETRIC:
                this.grantType = SecurityOperation.GrantType.FidoBiometric;
                return;
            case PARTNER_PIN:
                this.grantType = SecurityOperation.GrantType.PartnerPin;
                return;
            case NATIVE_BIOMETRIC:
                this.grantType = SecurityOperation.GrantType.BiometricFingerprint;
                return;
            default:
                l.error("unrecognized credential type: %s", accountCredentials.getType());
                CommonContracts.requireShouldNeverReachHere();
                return;
        }
    }

    private void updateParamsBasedOnGrantType(Map<String, String> map) {
        CommonContracts.ensureNonNull(this.grantType);
        map.put("grantType", this.grantType.a());
        switch (this.grantType) {
            case RefreshToken:
                if (this.refreshToken != null) {
                    map.put(TokenResult.TokenResultPropertySet.KEY_TokenResult_firstPartyRefreshToken, this.refreshToken.getTokenValue());
                    return;
                }
                return;
            case Password:
            case FidoBiometric:
            case BiometricFingerprint:
            case PartnerPin:
                if (this.credentials == null || !this.credentials.isComplete()) {
                    CommonContracts.requireShouldNeverReachHere();
                    return;
                }
                switch (this.credentials.getType()) {
                    case EMAIL_PASSWORD:
                        map.put("email", this.credentials.getUsername());
                        map.put(KEY_PASSWORD, this.credentials.getPassword());
                        return;
                    case PHONE_PIN:
                        map.put("countryCode", this.credentials.getCountryCode());
                        map.put("phone", this.credentials.getPhone());
                        map.put("pin", this.credentials.getPin());
                        return;
                    case PHONE_PASSWORD:
                        map.put("phone", this.credentials.getPhone().replaceAll("-", ""));
                        map.put(KEY_PASSWORD, this.credentials.getPassword());
                        return;
                    case FIDO_BIOMETRIC:
                        map.put(getMfsRequestParamFidoKey(this.credentials.getBiometricProtocol()), this.credentials.getBiometricMessage());
                        return;
                    case PARTNER_PIN:
                        map.put("partnerAppName", this.credentials.getPartnerName());
                        map.put("credentialsVerifiedByPartner", this.credentials.getPartnerCredential());
                        return;
                    case NATIVE_BIOMETRIC:
                        map.put(UserBindTokenResult.BiometricBindResultPropertySet.KEY_biometricBind_userBindToken, this.credentials.getUserBindToken());
                        return;
                    default:
                        l.error("unrecognized credential type: %s", this.credentials.getType());
                        CommonContracts.requireShouldNeverReachHere();
                        return;
                }
            default:
                return;
        }
    }

    private void updateParamsWithAdsLoaderData(@NonNull Map<String, String> map) {
        CommonContracts.requireNonNull(map);
        if (this.credentials == null || !(this.credentials instanceof AccountCredentialsSecurityMetadata)) {
            return;
        }
        String adsCreatePageData = ((AccountCredentialsSecurityMetadata) this.credentials).getAdsCreatePageData();
        if (TextUtils.isEmpty(adsCreatePageData)) {
            adsCreatePageData = CoreConstants.EMPTY_JSON;
        }
        map.put(KEY_ADS_CREATE_PAGE_DATA, adsCreatePageData);
    }

    @Nullable
    public String getAdsChallengeId() {
        return this.mAdsChallengeId;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.paypal.android.foundation.paypalcore.operations.ServiceOperation
    public DataRequest getDataRequestWithPath(String str, Map<String, String> map, Map<String, String> map2) {
        CommonContracts.requireNonEmptyString(str);
        CommonContracts.requireNonEmptyMap(map);
        CommonContracts.requireNonEmptyMap(map2);
        return DataRequest.createFormUrlEncodedRequest(FormUrlEncodedRequestMethod.Post(), str, map, map2);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.paypal.android.foundation.core.operations.Operation
    public List<String> getSanitizationKeys() {
        return Arrays.asList("email", KEY_PASSWORD, "countryCode", "phone", "pin", KEY_FIDO_OSTP, KEY_FIDO_UAF, TokenResult.TokenResultPropertySet.KEY_TokenResult_firstPartyClientAccessToken, TokenResult.TokenResultPropertySet.KEY_TokenResult_firstPartyRefreshToken, TokenResult.TokenResultPropertySet.KEY_TokenResult_idToken, KEY_PRIMARY_EMAIL);
    }

    public ThirdPartyOperationParams getThirdPartyOperationParams() {
        return this.thirdPartyOperationParams;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.paypal.android.foundation.paypalcore.operations.ServiceOperation
    public void handleChallenge(Challenge challenge, OperationListener<TokenResult> operationListener) {
        if (!(challenge instanceof SecurityChallenge)) {
            CommonContracts.requireShouldNeverReachHere();
            completeWithMessage(ClientMessage.messageWithCode(ClientMessage.Code.Unknown, null), operationListener);
            return;
        }
        l.debug("challenge identified: %s", challenge);
        if (AuthenticationChallengeManager.getInstance().handleChallengeForSecurityOperation(this, (SecurityChallenge) challenge, operationListener, challenge instanceof AccountCredentialsChallenge ? AuthenticationTier.UserAccessToken_AuthenticatedState : getPromoteTierBasedOnGrantType())) {
            return;
        }
        l.debug("%s is not able to handle challenge, failing operation: %s", AuthenticationChallengeManager.class.getSimpleName(), this);
        completeWithMessage(ClientMessage.messageWithCode(ClientMessage.Code.AuthenticationChallengeRequired, null), operationListener);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.paypal.android.foundation.paypalcore.operations.ServiceOperation
    public void handleResult(TokenResult tokenResult, OperationListener operationListener) {
        SecurityChallenge securityChallenge = tokenResult.getSecurityChallenge();
        if (securityChallenge == null) {
            AccountState.getInstance().resetKmliOptOutState();
            super.handleResult((UserAccessTokenOperation) tokenResult, operationListener);
            return;
        }
        String nonce = tokenResult.getNonce();
        CommonContracts.ensureNonNull(nonce);
        securityChallenge.setNonce(nonce);
        if (securityChallenge.needsChallengeReferral()) {
            CommonContracts.requireNonNull(tokenResult);
            ConsentChallenge consentChallenge = (ConsentChallenge) securityChallenge;
            consentChallenge.setChallengeReferral(tokenResult.getChallengeReferral());
            CommonContracts.ensureNonEmptyString(consentChallenge.getChallengeReferral());
        }
        if (securityChallenge.needsPartialAccessToken()) {
            CommonContracts.requireNonNull(tokenResult);
            UriChallenge uriChallenge = (UriChallenge) securityChallenge;
            uriChallenge.setPartialOrFullToken(tokenResult.getPartialAccessToken());
            CommonContracts.ensureNonNull(uriChallenge.getToken());
        }
        handleChallenge(securityChallenge, operationListener);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* JADX WARN: Removed duplicated region for block: B:12:0x003d  */
    /* JADX WARN: Removed duplicated region for block: B:9:0x0033  */
    @Override // com.paypal.android.foundation.paypalcore.operations.ServiceOperation
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public void handleTransactionFailure(com.paypal.android.foundation.core.data.DataTransaction r8, com.paypal.android.foundation.core.operations.OperationListener r9) {
        /*
            r7 = this;
            com.paypal.android.foundation.core.message.FailureMessage r8 = r8.getAnyFailureMessage()
            boolean r0 = r8 instanceof com.paypal.android.foundation.core.model.SecurityFailureMessage
            r1 = 1
            if (r0 == 0) goto L30
            r2 = r8
            com.paypal.android.foundation.core.model.SecurityFailureMessage r2 = (com.paypal.android.foundation.core.model.SecurityFailureMessage) r2
            com.paypal.android.foundation.core.log.DebugLogger r3 = com.paypal.android.foundation.auth.operations.UserAccessTokenOperation.l
            java.lang.String r4 = "Received securityFailureMessage: %s"
            java.lang.Object[] r5 = new java.lang.Object[r1]
            r6 = 0
            r5[r6] = r2
            r3.debug(r4, r5)
            com.paypal.android.foundation.core.model.SecurityChallenge r3 = r2.getSecurityChallenge()
            if (r3 == 0) goto L30
            com.paypal.android.foundation.core.model.SecurityChallenge r3 = r2.getSecurityChallenge()
            java.lang.String r4 = r3.getNonce()
            if (r4 != 0) goto L31
            java.lang.String r2 = r2.getNonce()
            r3.setNonce(r2)
            goto L31
        L30:
            r3 = 0
        L31:
            if (r3 != 0) goto L37
            com.paypal.android.foundation.auth.model.AccountCredentialsChallenge r3 = com.paypal.android.foundation.auth.model.AccountCredentialsChallenge.createEmptyChallengeObject()
        L37:
            com.paypal.android.foundation.core.message.FailureMessage r2 = r3.getFailureMessage()
            if (r2 != 0) goto L48
            if (r0 == 0) goto L45
            com.paypal.android.foundation.core.model.SecurityFailureMessage r8 = (com.paypal.android.foundation.core.model.SecurityFailureMessage) r8
            com.paypal.android.foundation.core.message.FailureMessage r8 = r8.copyWithNoChalllenge()
        L45:
            r3.setFailureMessage(r8)
        L48:
            com.paypal.android.foundation.auth.operations.ThirdPartyOperationParams r8 = r7.thirdPartyOperationParams
            if (r8 == 0) goto L59
            com.paypal.android.foundation.auth.operations.SecurityOperation$GrantType r8 = com.paypal.android.foundation.auth.operations.SecurityOperation.GrantType.UniqueDeviceIdentifier
            com.paypal.android.foundation.auth.operations.SecurityOperation$GrantType r0 = r7.grantType
            boolean r8 = r8.equals(r0)
            if (r8 == 0) goto L59
            r3.setHasThirdPartyOperationFailed(r1)
        L59:
            r7.handleChallenge(r3, r9)
            return
        */
        throw new UnsupportedOperationException("Method not decompiled: com.paypal.android.foundation.auth.operations.UserAccessTokenOperation.handleTransactionFailure(com.paypal.android.foundation.core.data.DataTransaction, com.paypal.android.foundation.core.operations.OperationListener):void");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.paypal.android.foundation.auth.operations.BaseTokenOperation
    public boolean isValidTokenResult(TokenResult tokenResult) {
        boolean z;
        CommonContracts.requireNonNull(tokenResult);
        if (SecurityOperation.GrantType.RefreshToken.equals(this.grantType) || SecurityOperation.GrantType.Password.equals(this.grantType) || SecurityOperation.GrantType.UserPreview.equals(this.grantType) || SecurityOperation.GrantType.FidoBiometric.equals(this.grantType) || SecurityOperation.GrantType.PartnerPin.equals(this.grantType) || SecurityOperation.GrantType.TwoLa.equals(this.grantType) || SecurityOperation.GrantType.BiometricFingerprint.equals(this.grantType) || SecurityOperation.GrantType.UserPreview.equals(this.grantType)) {
            z = Token.isValidToken(AuthenticationTokens.getInstance().getUserAccessToken()) || tokenResult.getNonce() != null;
            if (!z) {
                l.error("invalid userAccessToken: %s; nonce: %s", AuthenticationTokens.getInstance().getUserAccessToken(), tokenResult.getNonce());
            }
        } else {
            z = SecurityOperation.GrantType.RememberMe.equals(this.grantType);
        }
        return this.thirdPartyOperationParams != null ? this.thirdPartyOperationParams.a(tokenResult) : z;
    }

    public void setAdsChallengeId(@Nullable String str) {
        CommonContracts.requireNonEmptyString(str);
        this.mAdsChallengeId = str;
    }

    @Override // com.paypal.android.foundation.auth.operations.SecurityOperation
    protected boolean shouldGeneratePairingId() {
        return this.thirdPartyOperationParams == null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.paypal.android.foundation.auth.operations.SecurityOperation, com.paypal.android.foundation.paypalcore.operations.ServiceOperation
    public void updateHeaders(Map<String, String> map) {
        super.updateHeaders(map);
        if (this.thirdPartyOperationParams != null && AccountState.getInstance().getKmliOptOutState()) {
            map.putAll(FoundationServiceRequestHelper.headers().getXFptiHeader());
        }
        if (FoundationCore.appInfo().isDebuggable()) {
            if (AuthDeveloperConfigState.getInstance().isforceCaptchaOnAds()) {
                map.put("TEST_DATA", "{\"captcha_request\":\"ads\"}");
            } else if (AuthDeveloperConfigState.getInstance().isForceCaptchaOnAdaptiveToken()) {
                map.put("TEST_DATA", "{\"captcha_request\":\"adaptive_token\"}");
            } else if (AuthDeveloperConfigState.getInstance().isThrowCaptchaIfADSFailedCheck()) {
                map.put("TEST_DATA", "{\"honor_ads_validation\":\"true\"}");
            }
        }
    }

    @Override // com.paypal.android.foundation.auth.operations.SecurityOperation, com.paypal.android.foundation.paypalcore.operations.ServiceOperation
    public void updateParams(Map<String, String> map) {
        CommonContracts.requireNonNull(map);
        super.updateParams(map);
        setClientAccessTokenInParams(map);
        setIdTokenInParams(map);
        setRememberMeInParams(map);
        setRefreshTokenInParams(map);
        addAdsChallengeIdInParams(map);
        if (SecurityOperation.GrantType.Password.equals(this.grantType)) {
            addAttestationResult(map);
        }
        ChecksumUtil.addMfsAuthCheckSumInParams(this.grantType, this.credentials, map);
        if (SecurityOperation.GrantType.Password.equals(this.grantType)) {
            setAdaptiveTokenInParams(map);
        }
        updateParamsBasedOnGrantType(map);
        setPrimaryEmailInParams(map);
        updateParamsWithAdsLoaderData(map);
        if (this.thirdPartyOperationParams != null) {
            map.putAll(this.thirdPartyOperationParams.a());
        }
    }
}
