package com.amazonaws.mobile.client.internal.oauth2;

import android.content.ComponentName;
import android.content.Context;
import android.net.Uri;
import android.os.Bundle;
import android.support.customtabs.b;
import android.support.customtabs.j;
import android.support.customtabs.l;
import android.support.customtabs.p;
import android.support.customtabs.q;
import android.util.Log;
import com.amazonaws.mobile.client.AWSMobileClient;
import com.amazonaws.mobile.client.Callback;
import com.amazonaws.mobile.client.internal.oauth2.OAuth2Constants;
import com.amazonaws.mobileconnectors.cognitoauth.util.Pkce;
import com.facebook.internal.NativeProtocol;
import com.facebook.internal.ServerProtocol;
import java.net.URL;
import java.util.HashMap;
import java.util.Map;

/* loaded from: classes.dex */
public class OAuth2Client {

    /* renamed from: a, reason: collision with root package name */
    public static final String f4929a = "OAuth2Client";

    /* renamed from: b, reason: collision with root package name */
    public static final String f4930b = "com.android.chrome";

    /* renamed from: c, reason: collision with root package name */
    public static final String f4931c = "com.amazonaws.mobile.client.oauth2";

    /* renamed from: d, reason: collision with root package name */
    private static final long f4932d = 60000;

    /* renamed from: e, reason: collision with root package name */
    public static final String f4933e = "tokenUri";

    /* renamed from: f, reason: collision with root package name */
    public static final String f4934f = "createDate";

    /* renamed from: g, reason: collision with root package name */
    public static final String f4935g = "signOutRedirectUri";
    public static final String h = "signInRedirectUri";
    final AWSMobileClient i;
    final Context k;
    j n;
    q o;
    Callback<AuthorizeResponse> r;
    String s;
    private String t;
    private String u;
    private String v;
    private String w;
    private Callback<Void> x;
    private boolean y;
    boolean m = true;
    PKCEMode q = PKCEMode.S256;
    private final OAuth2ClientStore l = new OAuth2ClientStore(this);
    b p = new b() { // from class: com.amazonaws.mobile.client.internal.oauth2.OAuth2Client.1
        @Override // android.support.customtabs.b
        public void a(int i, Bundle bundle) {
            super.a(i, bundle);
            if (i != 6 || OAuth2Client.this.y) {
                return;
            }
            if (OAuth2Client.this.x != null) {
                OAuth2Client.this.x.onError(new Exception("User cancelled flow or flow interrupted."));
                OAuth2Client.this.x = null;
                return;
            }
            Callback<AuthorizeResponse> callback = OAuth2Client.this.r;
            if (callback != null) {
                callback.onError(new Exception("User cancelled flow or flow interrupted."));
                OAuth2Client.this.r = null;
            }
        }
    };
    final p j = new p() { // from class: com.amazonaws.mobile.client.internal.oauth2.OAuth2Client.2
        @Override // android.support.customtabs.p
        public void a(ComponentName componentName, j jVar) {
            OAuth2Client oAuth2Client = OAuth2Client.this;
            oAuth2Client.n = jVar;
            oAuth2Client.n.a(0L);
            OAuth2Client oAuth2Client2 = OAuth2Client.this;
            oAuth2Client2.o = oAuth2Client2.n.a(oAuth2Client2.p);
        }

        @Override // android.content.ServiceConnection
        public void onServiceDisconnected(ComponentName componentName) {
            OAuth2Client.this.n = null;
        }
    };

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: com.amazonaws.mobile.client.internal.oauth2.OAuth2Client$3, reason: invalid class name */
    /* loaded from: classes.dex */
    public static /* synthetic */ class AnonymousClass3 {

        /* renamed from: a, reason: collision with root package name */
        static final /* synthetic */ int[] f4938a = new int[PKCEMode.values().length];

        static {
            try {
                f4938a[PKCEMode.S256.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                f4938a[PKCEMode.NONE.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
        }
    }

    /* loaded from: classes.dex */
    public enum PKCEMode {
        NONE(""),
        S256("S256");

        private String encode;

        PKCEMode(String str) {
            this.encode = str;
        }

        public boolean equals(PKCEMode pKCEMode) {
            return pKCEMode.encode.equals(this.encode);
        }

        @Override // java.lang.Enum
        public String toString() {
            return this.encode;
        }
    }

    public OAuth2Client(Context context, AWSMobileClient aWSMobileClient) {
        this.i = aWSMobileClient;
        this.k = context;
        if (j.a(this.k, f4930b, this.j)) {
            return;
        }
        Log.d(f4929a, "OAuth2Client: Failed to pre-warm custom tab, first page load may be slower");
    }

    public void a() {
        this.l.a();
        this.x = null;
        this.r = null;
        this.q = PKCEMode.S256;
        this.s = null;
        this.t = null;
        this.u = null;
        this.v = null;
        this.w = null;
    }

    public void a(Uri uri, Callback<AuthorizeResponse> callback) {
        this.r = callback;
        try {
            Uri.Builder buildUpon = uri.buildUpon();
            int i = AnonymousClass3.f4938a[this.q.ordinal()];
            if (i == 1) {
                String generateRandom = Pkce.generateRandom();
                String generateHash = Pkce.generateHash(generateRandom);
                this.l.a("proofKey", generateRandom);
                this.l.a("proofKeyHash", generateHash);
                buildUpon.appendQueryParameter("code_challenge_method", this.q.toString()).appendQueryParameter("code_challenge", generateHash).build();
            } else if (i != 2) {
                throw new IllegalArgumentException("Unsupported PKCE mode was chosen, please choose another");
            }
            Uri build = buildUpon.build();
            this.t = build.getQueryParameter("client_id");
            if (this.t == null) {
                throw new IllegalArgumentException("The authorize URI must contain a client_id");
            }
            String queryParameter = build.getQueryParameter(ServerProtocol.DIALOG_PARAM_REDIRECT_URI);
            if (queryParameter == null) {
                throw new IllegalArgumentException("The authorize URI must contain a redirect_uri");
            }
            this.l.a(h, queryParameter);
            Uri.parse(queryParameter);
            if (build.getQueryParameter(ServerProtocol.DIALOG_PARAM_RESPONSE_TYPE) == null) {
                buildUpon.appendQueryParameter(ServerProtocol.DIALOG_PARAM_RESPONSE_TYPE, "code").build();
            }
            this.s = build.getQueryParameter("state");
            if (this.s == null) {
                this.s = Pkce.generateRandom();
                buildUpon.appendQueryParameter("state", this.s).build();
            }
            this.l.a("state", this.s);
            b(buildUpon.build());
        } catch (Exception e2) {
            callback.onError(e2);
        }
    }

    public void a(Uri uri, Map<String, String> map, Map<String, String> map2, Callback<OAuth2Tokens> callback) {
        String a2 = this.l.a(OAuth2Constants.TokenResponseFields.REFRESH_TOKEN.toString());
        if (a2 == null) {
            callback.onError(new IllegalStateException("Refresh called without refresh token available"));
        }
        try {
            if (map2.get("grant_type") == null) {
                map2.put("grant_type", OAuth2Constants.GrantTypes.REFRESH_TOKEN.toString());
            }
            if (map2.get("refresh_token") == null) {
                if (a2 == null) {
                    throw new IllegalArgumentException("The refresh flow must contain a refresh_token");
                }
                map2.put("refresh_token", a2);
            }
            OAuth2Tokens a3 = HTTPUtil.a(HTTPUtil.a(new URL(uri.toString()), map, map2));
            this.l.a(a3);
            callback.a(a3);
        } catch (Exception e2) {
            callback.onError(new Exception("Failed to refresh tokens with service", e2));
        }
    }

    public void a(Uri uri, Map<String, String> map, Map<String, String> map2, String str, Callback<OAuth2Tokens> callback) {
        String a2 = this.l.a("proofKey");
        if (a2 == null && !this.q.equals(PKCEMode.NONE)) {
            callback.onError(new Exception("Proof key could not be found from current session."));
        }
        try {
            if (map2.get("client_id") == null) {
                throw new IllegalArgumentException("The token exchange must contain a client_id");
            }
            if (map2.get(ServerProtocol.DIALOG_PARAM_REDIRECT_URI) == null) {
                throw new IllegalArgumentException("The token exchange must contain a redirect_uri");
            }
            if (map2.get("code") == null) {
                if (str == null) {
                    throw new IllegalArgumentException("The token exchange must contain a code");
                }
                map2.put("code", str);
            }
            if (map2.get("code_verifier") == null) {
                if (a2 == null) {
                    throw new IllegalStateException("The token exchange must contain a code verifier");
                }
                map2.put("code_verifier", a2);
            }
            if (map2.get("grant_type") == null) {
                map2.put("grant_type", OAuth2Constants.GrantTypes.AUTHORIZATION_CODE.toString());
            }
            this.l.a(f4933e, uri.toString());
            OAuth2Tokens a3 = HTTPUtil.a(HTTPUtil.a(new URL(uri.toString()), map, map2));
            this.l.a(a3);
            callback.a(a3);
        } catch (Exception e2) {
            callback.onError(new Exception("Failed to exchange code for tokens", e2));
        }
    }

    public void a(Callback<OAuth2Tokens> callback) {
        String a2;
        try {
            OAuth2Tokens b2 = this.l.b();
            if (b2.f4952f != null && (b2.f4953g.longValue() + b2.f4952f.longValue()) - System.currentTimeMillis() < f4932d) {
                if (b2.f4950d == null || (a2 = this.l.a(f4933e)) == null) {
                    callback.onError(new Exception("No cached tokens available, refresh not available."));
                } else {
                    a(Uri.parse(a2), new HashMap(), new HashMap(), callback);
                }
            }
            callback.a(b2);
        } catch (Exception e2) {
            callback.onError(e2);
        }
    }

    public void a(PKCEMode pKCEMode) {
        this.q = pKCEMode;
    }

    public void a(boolean z) {
        this.m = z;
        this.l.a(z);
    }

    public boolean a(Uri uri) {
        if (uri == null) {
            return false;
        }
        String a2 = this.l.a(h);
        String a3 = this.l.a(f4935g);
        if (a2 != null) {
            Uri parse = Uri.parse(a2);
            if (uri.getScheme().equals(parse.getScheme()) && uri.getAuthority().equals(parse.getAuthority()) && uri.getPath().equals(parse.getPath()) && uri.getQueryParameterNames().containsAll(parse.getQueryParameterNames())) {
                String queryParameter = uri.getQueryParameter("code");
                if (!this.l.a("state").equals(uri.getQueryParameter("state"))) {
                    return false;
                }
                this.u = uri.getQueryParameter("error");
                this.v = uri.getQueryParameter(NativeProtocol.BRIDGE_ARG_ERROR_DESCRIPTION);
                this.w = uri.getQueryParameter("error_uri");
                this.y = true;
                String str = this.u;
                if (str != null) {
                    Callback<AuthorizeResponse> callback = this.r;
                    if (callback != null) {
                        callback.onError(new OAuth2Exception("Authorization call failed with response from authorization server", str, this.v, this.w));
                        this.r = null;
                    }
                    return true;
                }
                if (queryParameter == null) {
                    return false;
                }
                if (this.r != null) {
                    AuthorizeResponse authorizeResponse = new AuthorizeResponse();
                    authorizeResponse.f4928b = queryParameter;
                    authorizeResponse.f4927a = uri;
                    this.r.a(authorizeResponse);
                    this.r = null;
                }
                return true;
            }
        }
        if (a3 != null) {
            Uri parse2 = Uri.parse(a3);
            if (uri.getScheme().equals(parse2.getScheme()) && uri.getAuthority().equals(parse2.getAuthority()) && uri.getPath().equals(parse2.getPath()) && uri.getQueryParameterNames().containsAll(parse2.getQueryParameterNames())) {
                this.y = true;
                Callback<Void> callback2 = this.x;
                if (callback2 != null) {
                    callback2.a(null);
                    this.x = null;
                }
                return true;
            }
        }
        return false;
    }

    public void b(Uri uri) {
        l b2 = new l.a(this.o).b();
        b2.B.setPackage(f4930b);
        b2.B.addFlags(1073741824);
        b2.B.addFlags(268435456);
        this.y = false;
        b2.a(this.k, uri);
    }

    public void b(Uri uri, Callback<Void> callback) {
        this.x = callback;
        String queryParameter = uri.getQueryParameter(ServerProtocol.DIALOG_PARAM_REDIRECT_URI);
        if (queryParameter == null) {
            throw new IllegalArgumentException("The sign-out URI must contain a redirect_uri");
        }
        this.l.a(f4935g, queryParameter);
        Uri.parse(queryParameter);
        b(uri);
    }
}
