package com.auth0.android.provider;

import android.app.Activity;
import android.app.Dialog;
import android.net.Uri;
import android.text.TextUtils;
import android.util.Base64;
import android.util.Log;
import androidx.annotation.NonNull;
import androidx.annotation.Nullable;
import androidx.annotation.VisibleForTesting;
import com.auth0.android.Auth0;
import com.auth0.android.authentication.AuthenticationAPIClient;
import com.auth0.android.authentication.AuthenticationException;
import com.auth0.android.authentication.ParameterBuilder;
import com.auth0.android.jwt.DecodeException;
import com.auth0.android.jwt.JWT;
import com.auth0.android.result.Credentials;
import java.security.SecureRandom;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes.dex */
public class f {
    private static final String a = "f";
    private final Auth0 b;
    private final AuthCallback c;
    private final Map<String, String> d;
    private boolean e;
    private boolean f = true;
    private int g;
    private g h;
    private Long i;
    private CustomTabsOptions j;

    /* JADX INFO: Access modifiers changed from: package-private */
    public f(@NonNull Auth0 auth0, @NonNull AuthCallback authCallback, @NonNull Map<String, String> map) {
        this.b = auth0;
        this.c = authCallback;
        this.d = new HashMap(map);
    }

    private long a() {
        return this.i != null ? this.i.longValue() : System.currentTimeMillis();
    }

    @VisibleForTesting
    static Credentials a(Credentials credentials, Credentials credentials2) {
        return new Credentials(TextUtils.isEmpty(credentials2.getIdToken()) ? credentials.getIdToken() : credentials2.getIdToken(), TextUtils.isEmpty(credentials2.getAccessToken()) ? credentials.getAccessToken() : credentials2.getAccessToken(), TextUtils.isEmpty(credentials2.getType()) ? credentials.getType() : credentials2.getType(), TextUtils.isEmpty(credentials2.getRefreshToken()) ? credentials.getRefreshToken() : credentials2.getRefreshToken(), credentials2.getExpiresAt() != null ? credentials2.getExpiresAt() : credentials.getExpiresAt(), TextUtils.isEmpty(credentials2.getScope()) ? credentials.getScope() : credentials2.getScope());
    }

    @VisibleForTesting
    static String a(@Nullable String str) {
        return str != null ? str : d();
    }

    @VisibleForTesting
    static void a(@NonNull String str, @Nullable String str2) throws AuthenticationException {
        if (str.equals(str2)) {
            return;
        }
        Log.e(a, String.format("Received state doesn't match. Received %s but expected %s", str2, str));
        throw new AuthenticationException("access_denied", "The received state is invalid. Try again.");
    }

    private void a(Map<String, String> map) {
        map.put("state", a(map.get("state")));
        if (map.containsKey("response_type") && map.get("response_type").contains(ParameterBuilder.ID_TOKEN_KEY)) {
            map.put("nonce", a(map.get("nonce")));
        }
    }

    private void a(Map<String, String> map, String str) {
        if (c()) {
            try {
                b(str);
                map.put("code_challenge", this.h.a());
                map.put("code_challenge_method", "S256");
                Log.v(a, "Using PKCE authentication flow");
            } catch (IllegalStateException e) {
                Log.e(a, "Some algorithms aren't available on this device and PKCE can't be used. Defaulting to token response_type.", e);
            }
        }
    }

    private Uri b() {
        Uri.Builder buildUpon = Uri.parse(this.b.getAuthorizeUrl()).buildUpon();
        for (Map.Entry<String, String> entry : this.d.entrySet()) {
            buildUpon.appendQueryParameter(entry.getKey(), entry.getValue());
        }
        Uri build = buildUpon.build();
        c("Using the following AuthorizeURI: " + build.toString());
        return build;
    }

    private void b(String str) {
        if (this.h == null) {
            this.h = new g(new AuthenticationAPIClient(this.b), str);
        }
    }

    @VisibleForTesting
    static void b(@NonNull String str, @NonNull String str2) throws AuthenticationException {
        boolean z;
        try {
            z = str.equals(new JWT(str2).getClaim("nonce").asString());
        } catch (DecodeException e) {
            Log.e(a, "An exception occurred when trying to validate the token's 'nonce' claim. " + e.getMessage(), e);
            z = false;
        }
        if (z) {
            return;
        }
        Log.e(a, "Received nonce doesn't match.");
        throw new AuthenticationException("access_denied", "The received nonce is invalid. Try again.");
    }

    private void b(Map<String, String> map, String str) {
        if (this.b.getTelemetry() != null) {
            map.put("auth0Client", this.b.getTelemetry().getValue());
        }
        map.put(ParameterBuilder.CLIENT_ID_KEY, this.b.getClientId());
        map.put("redirect_uri", str);
    }

    private void c(String str) {
        if (this.b.isLoggingEnabled()) {
            Log.d(a, str);
        }
    }

    private void c(String str, String str2) throws AuthenticationException {
        if (str == null) {
            return;
        }
        Log.e(a, "Error, access denied. Check that the required Permissions are granted and that the Application has this Connection configured in Auth0 Dashboard.");
        if ("access_denied".equalsIgnoreCase(str)) {
            throw new AuthenticationException("access_denied", "Permissions were not granted. Try again.");
        }
        if ("unauthorized".equalsIgnoreCase(str)) {
            throw new AuthenticationException("unauthorized", str2);
        }
        if (!"login_required".equals(str)) {
            throw new AuthenticationException("a0.invalid_configuration", "The application isn't configured properly for the social connection. Please check your Auth0's application configuration");
        }
        throw new AuthenticationException(str, str2);
    }

    private boolean c() {
        return this.d.containsKey("response_type") && this.d.get("response_type").contains("code") && g.b();
    }

    private static String d() {
        byte[] bArr = new byte[32];
        new SecureRandom().nextBytes(bArr);
        return Base64.encodeToString(bArr, 11);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void a(Activity activity, String str, int i) {
        a(this.d, str);
        b(this.d, str);
        a(this.d);
        Uri b = b();
        this.g = i;
        if (this.f) {
            AuthenticationActivity.a(activity, b, this.j);
        } else {
            AuthenticationActivity.a(activity, b, i, this.d.get(ParameterBuilder.CONNECTION_KEY), this.e);
        }
    }

    public void a(@Nullable CustomTabsOptions customTabsOptions) {
        this.j = customTabsOptions;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @VisibleForTesting
    public void a(g gVar) {
        this.h = gVar;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void a(boolean z) {
        this.e = z;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean a(b bVar) {
        if (!bVar.a(this.g)) {
            Log.w(a, "The Authorize Result is invalid.");
            return false;
        }
        Map<String, String> a2 = c.a(bVar.a().getData());
        if (a2.isEmpty()) {
            Log.w(a, "The response didn't contain any of these values: code, state, id_token, access_token, token_type, refresh_token");
            return false;
        }
        c("The parsed CallbackURI contains the following values: " + a2);
        try {
            c(a2.get("error"), a2.get("error_description"));
            a(this.d.get("state"), a2.get("state"));
            if (this.d.containsKey("response_type") && this.d.get("response_type").contains(ParameterBuilder.ID_TOKEN_KEY)) {
                b(this.d.get("nonce"), a2.get(ParameterBuilder.ID_TOKEN_KEY));
            }
            Log.d(a, "Authenticated using web flow");
            final Credentials credentials = new Credentials(a2.get(ParameterBuilder.ID_TOKEN_KEY), a2.get(ParameterBuilder.ACCESS_TOKEN_KEY), a2.get("token_type"), a2.get("refresh_token"), !a2.containsKey("expires_in") ? null : new Date(a() + (Long.valueOf(a2.get("expires_in")).longValue() * 1000)), a2.get(ParameterBuilder.SCOPE_KEY));
            if (c()) {
                this.h.a(a2.get("code"), new AuthCallback() { // from class: com.auth0.android.provider.f.1
                    @Override // com.auth0.android.provider.AuthCallback
                    public void onFailure(@NonNull Dialog dialog) {
                        f.this.c.onFailure(dialog);
                    }

                    @Override // com.auth0.android.provider.AuthCallback
                    public void onFailure(AuthenticationException authenticationException) {
                        f.this.c.onFailure(authenticationException);
                    }

                    @Override // com.auth0.android.provider.AuthCallback
                    public void onSuccess(@NonNull Credentials credentials2) {
                        f.this.c.onSuccess(f.a(credentials, credentials2));
                    }
                });
                return true;
            }
            this.c.onSuccess(credentials);
            return true;
        } catch (AuthenticationException e) {
            this.c.onFailure(e);
            return true;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void b(boolean z) {
        this.f = z;
    }
}
