package oracle.idm.mobile.auth;

import android.os.Handler;
import android.os.Looper;
import android.webkit.WebView;
import android.webkit.WebViewClient;
import java.io.UnsupportedEncodingException;
import java.security.NoSuchAlgorithmException;
import java.util.HashMap;
import java.util.Map;
import java.util.WeakHashMap;
import oracle.idm.mobile.OMAuthenticationRequest;
import oracle.idm.mobile.OMErrorCode;
import oracle.idm.mobile.OMMobileSecurityException;
import oracle.idm.mobile.OMSecurityConstants;
import oracle.idm.mobile.auth.AuthenticationService;
import oracle.idm.mobile.auth.OAuthConnectionsUtil;
import oracle.idm.mobile.auth.OMAuthenticationContext;
import oracle.idm.mobile.auth.logout.OMLogoutCompletionHandler;
import oracle.idm.mobile.auth.webview.LogoutWebViewClient;
import oracle.idm.mobile.configuration.OAuthAuthorizationGrantType;
import oracle.idm.mobile.configuration.OMMobileSecurityConfiguration;
import oracle.idm.mobile.connection.OMHTTPResponse;
import oracle.idm.mobile.logging.OMLog;
import org.json.JSONException;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes.dex */
public class OAuthAuthorizationCodeService extends OAuthAuthenticationService implements ChallengeBasedService {
    private static final String TAG = "OAuthAuthorizationCodeService";
    protected boolean isClientRegistration;

    /* JADX INFO: Access modifiers changed from: protected */
    public OAuthAuthorizationCodeService(AuthenticationServiceManager authenticationServiceManager, OMAuthenticationCompletionHandler oMAuthenticationCompletionHandler, OMLogoutCompletionHandler oMLogoutCompletionHandler) {
        super(authenticationServiceManager, oMAuthenticationCompletionHandler, oMLogoutCompletionHandler);
        this.isClientRegistration = false;
        OMLog.trace(TAG, "initialized");
    }

    @Override // oracle.idm.mobile.auth.AuthenticationService
    public void collectLoginChallengeInput(Map<String, Object> map, final ASMInputController aSMInputController) {
        OMLog.trace(TAG, "collectChallengeInput");
        if (!isChallengeInputRequired(map)) {
            aSMInputController.onInputAvailable(map);
            return;
        }
        try {
            this.mAuthCompletionHandler.createChallengeRequest(this.mASM.getMSS(), createLoginChallenge(), new AuthServiceInputCallback() { // from class: oracle.idm.mobile.auth.OAuthAuthorizationCodeService.1
                @Override // oracle.idm.mobile.auth.AuthServiceInputCallback
                public void onCancel() {
                    aSMInputController.onCancel();
                }

                @Override // oracle.idm.mobile.auth.AuthServiceInputCallback
                public void onError(OMErrorCode oMErrorCode) {
                    aSMInputController.onInputError(oMErrorCode);
                }

                @Override // oracle.idm.mobile.auth.AuthServiceInputCallback
                public void onInput(Map<String, Object> map2) {
                    aSMInputController.onInputAvailable(map2);
                }
            });
        } catch (OMMobileSecurityException unused) {
            aSMInputController.onInputError(OMErrorCode.INTERNAL_ERROR);
        }
    }

    @Override // oracle.idm.mobile.auth.ChallengeBasedService
    public OMAuthenticationChallenge createLoginChallenge() throws OMMobileSecurityException {
        OMAuthenticationChallenge oMAuthenticationChallenge;
        OMMobileSecurityConfiguration.BrowserMode oAuthBrowserMode = this.mConfig.getOAuthBrowserMode();
        OMLog.info(TAG, "Creating Challenge for browser mode: " + oAuthBrowserMode.name());
        if (oAuthBrowserMode == OMMobileSecurityConfiguration.BrowserMode.EMBEDDED) {
            oMAuthenticationChallenge = new OMAuthenticationChallenge(OMAuthenticationChallengeType.EMBEDDED_WEBVIEW_REQUIRED);
        } else {
            oMAuthenticationChallenge = new OMAuthenticationChallenge(OMAuthenticationChallengeType.EXTERNAL_BROWSER_INVOCATION_REQUIRED);
            OAuthConnectionsUtil oAuthConnectionsUtil = this.mASM.getOAuthConnectionsUtil();
            try {
                oMAuthenticationChallenge.addChallengeField(OMSecurityConstants.Challenge.EXTERNAL_BROWSER_LOAD_URL, this.isClientRegistration ? oAuthConnectionsUtil.getFrontChannelRequestForClientRegistration() : oAuthConnectionsUtil.getFrontChannelRequestForAccessToken(true));
                oMAuthenticationChallenge.addChallengeField(OMSecurityConstants.Challenge.REDIRECT_RESPONSE_KEY, "");
            } catch (UnsupportedEncodingException e) {
                OMLog.error(TAG, "error while getting the front channel request", e);
                throw new OMMobileSecurityException(OMErrorCode.INTERNAL_ERROR, e);
            } catch (NoSuchAlgorithmException e2) {
                OMLog.error(TAG, "error while getting the front channel request", e2);
                throw new OMMobileSecurityException(OMErrorCode.INTERNAL_ERROR, e2);
            }
        }
        updateChallengeWithException(oMAuthenticationChallenge);
        OMLog.info(TAG, "Challenge : " + oMAuthenticationChallenge.toString());
        return oMAuthenticationChallenge;
    }

    @Override // oracle.idm.mobile.auth.ChallengeBasedService
    public OMAuthenticationChallenge createLogoutChallenge() {
        return null;
    }

    @Override // oracle.idm.mobile.auth.ChallengeBasedService
    public OMAuthenticationCompletionHandler getCompletionHandlerImpl() {
        return null;
    }

    @Override // oracle.idm.mobile.auth.AuthenticationService
    public AuthenticationService.Type getType() {
        return AuthenticationService.Type.OAUTH20_AC_SERVICE;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void handle3LeggedLogout(final OMAuthenticationContext oMAuthenticationContext, final boolean z) {
        OMLog.info(TAG, "Since user agent was involved during authentication, the provided logout url needs to be loaded in the same.");
        collectLogoutChallengeInput(oMAuthenticationContext.getInputParams(), new AuthServiceInputCallback() { // from class: oracle.idm.mobile.auth.OAuthAuthorizationCodeService.2
            @Override // oracle.idm.mobile.auth.AuthServiceInputCallback
            public void onCancel() {
                OAuthAuthorizationCodeService.this.removeSessionCookies();
                OAuthAuthorizationCodeService.this.clearOAuthTokens(oMAuthenticationContext, true);
                OAuthAuthorizationCodeService.this.reportLogoutCompleted(OAuthAuthorizationCodeService.this.mASM.getMSS(), true, OMErrorCode.LOGOUT_URL_NOT_LOADED);
            }

            @Override // oracle.idm.mobile.auth.AuthServiceInputCallback
            public void onError(OMErrorCode oMErrorCode) {
                if (OAuthAuthorizationCodeService.this.mConfig.getOAuthBrowserMode() == OMMobileSecurityConfiguration.BrowserMode.EMBEDDED) {
                    OAuthAuthorizationCodeService.this.removeSessionCookies();
                }
                OAuthAuthorizationCodeService.this.clearOAuthTokens(oMAuthenticationContext, true);
                OAuthAuthorizationCodeService.this.reportLogoutCompleted(OAuthAuthorizationCodeService.this.mASM.getMSS(), true, oMErrorCode);
            }

            @Override // oracle.idm.mobile.auth.AuthServiceInputCallback
            public void onInput(Map<String, Object> map) {
                boolean z2;
                if (map != null) {
                    if (OAuthAuthorizationCodeService.this.mConfig.getOAuthBrowserMode() != OMMobileSecurityConfiguration.BrowserMode.EMBEDDED) {
                        if (OAuthAuthorizationCodeService.this.mConfig.getOAuthBrowserMode() == OMMobileSecurityConfiguration.BrowserMode.EXTERNAL) {
                            OAuthAuthorizationCodeService.this.clearOAuthTokens(oMAuthenticationContext, true);
                            if (z) {
                                OAuthAuthorizationCodeService.this.reportLogoutCompleted(OAuthAuthorizationCodeService.this.mASM.getMSS(), true, (OMMobileSecurityException) null);
                                return;
                            }
                            return;
                        }
                        return;
                    }
                    final WebView webView = (WebView) map.get(OMSecurityConstants.Challenge.WEBVIEW_KEY);
                    final WebViewClient webViewClient = (WebViewClient) map.get(OMSecurityConstants.Challenge.WEBVIEW_CLIENT_KEY);
                    final String logoutUrl = OAuthAuthorizationCodeService.this.mASM.getOAuthConnectionsUtil().getLogoutUrl(OAuthAuthorizationCodeService.this.mASM.getAuthenticationContext());
                    if (webView == null || logoutUrl == null) {
                        z2 = false;
                        OMLog.error(OAuthAuthorizationCodeService.TAG, "logout_onInput()- WebView is null or logoutURL is null");
                    } else {
                        final Handler handler = new Handler(Looper.getMainLooper());
                        handler.post(new Runnable() { // from class: oracle.idm.mobile.auth.OAuthAuthorizationCodeService.2.1
                            @Override // java.lang.Runnable
                            public void run() {
                                OAuthAuthorizationCodeService.this.loadLogoutURL(webView, new LogoutWebViewClient(webView, webViewClient, OAuthAuthorizationCodeService.this.mASM.getMSS(), handler, OAuthAuthorizationCodeService.this.mConfig, oMAuthenticationContext.getLogoutTimeout(), z), logoutUrl);
                            }
                        });
                        z2 = true;
                    }
                    if (z2) {
                        return;
                    }
                    OMLog.info(OAuthAuthorizationCodeService.TAG, "Unable to load logout URL, so removing all session cookies");
                    OAuthAuthorizationCodeService.this.removeSessionCookies();
                    OAuthAuthorizationCodeService.this.clearOAuthTokens(oMAuthenticationContext, true);
                    if (z) {
                        OAuthAuthorizationCodeService.this.reportLogoutCompleted(OAuthAuthorizationCodeService.this.mASM.getMSS(), true, OMErrorCode.LOGOUT_URL_NOT_LOADED);
                    }
                }
            }
        });
    }

    @Override // oracle.idm.mobile.auth.AuthenticationService
    public OMHTTPResponse handleAuthentication(OMAuthenticationRequest oMAuthenticationRequest, OMAuthenticationContext oMAuthenticationContext) throws OMMobileSecurityException {
        OMLog.info(TAG, "handleAuthentication");
        HashMap<String, Object> hashMap = (HashMap) oMAuthenticationContext.getInputParams();
        validateAndUpdateInputParams(hashMap);
        oMAuthenticationContext.setAuthenticationProvider(OMAuthenticationContext.AuthenticationProvider.OAUTH20);
        if (hashMap.containsKey(OAuthConnectionsUtil.OAuthResponseParameters.CODE.getValue())) {
            WeakHashMap<String, Object> emptyParamHashMap = getEmptyParamHashMap();
            emptyParamHashMap.put(OAuthConnectionsUtil.OAuthResponseParameters.CODE.getValue(), hashMap.get(OAuthConnectionsUtil.OAuthResponseParameters.CODE.getValue()));
            try {
                OAuthToken onAccessToken = onAccessToken(onAuthZCode(oMAuthenticationContext, emptyParamHashMap, (String) oMAuthenticationContext.getInputParams().get(OMSecurityConstants.Challenge.IDENTITY_DOMAIN_KEY)));
                if (onAccessToken != null) {
                    if (this.isClientRegistration) {
                        OMLog.debug(TAG, "Obtained AT for the client registration service (updating params)");
                        oMAuthenticationContext.getInputParams().put(OMSecurityConstants.Param.IDCS_CLIENT_REGISTRATION_ACCESS_TOKEN, onAccessToken);
                    } else {
                        onAuthSuccess(oMAuthenticationContext, onAccessToken, OMAuthenticationContext.AuthenticationProvider.OAUTH20);
                    }
                    return null;
                }
            } catch (JSONException e) {
                if (this.isClientRegistration) {
                    OMLog.error(TAG, "Unable to parse AT for the client registration service!", e);
                    throw new OMMobileSecurityException(OMErrorCode.IDCS_CLIENT_REGISTRATION_UNABLE_TO_OBTAIN_AT, e);
                }
                OMLog.error(TAG, "Access Token Parsing failed!", e);
                throw new OMMobileSecurityException(OMErrorCode.OAUTH_AUTHENTICATION_FAILED, e);
            }
        } else if (hashMap.containsKey(OAuthConnectionsUtil.OAuthResponseParameters.ERROR.getValue())) {
            OMMobileSecurityException onError = onError(hashMap);
            if (this.isClientRegistration) {
                OMLog.error(TAG, "Error obtaining the AT for the client registration service");
            }
            if (onError == null) {
                new OMMobileSecurityException(this.isClientRegistration ? OMErrorCode.IDCS_CLIENT_REGISTRATION_UNABLE_TO_OBTAIN_AT : OMErrorCode.OAUTH_AUTHENTICATION_FAILED);
                return null;
            }
            oMAuthenticationContext.setException(onError);
            oMAuthenticationContext.setStatus(OMAuthenticationContext.Status.FAILURE);
        }
        return null;
    }

    public boolean isChallengeInputRequired(Map<String, Object> map) {
        return !map.containsKey(OMSecurityConstants.Challenge.REDIRECT_RESPONSE_KEY) || map.containsKey(OMSecurityConstants.Challenge.MOBILE_SECURITY_EXCEPTION);
    }

    @Override // oracle.idm.mobile.auth.AuthenticationService
    public boolean isValid(OMAuthenticationContext oMAuthenticationContext, boolean z) {
        if (oMAuthenticationContext.getAuthenticationProvider() == OMAuthenticationContext.AuthenticationProvider.OAUTH20) {
            return isValidInternalAccessToken(oMAuthenticationContext, z);
        }
        OMLog.info(TAG, "isValid - Not an OAuth Use case");
        return true;
    }

    @Override // oracle.idm.mobile.auth.AuthenticationService
    public void logout(OMAuthenticationContext oMAuthenticationContext, boolean z, boolean z2, boolean z3, boolean z4) {
        if (oMAuthenticationContext.getAuthenticationProvider() == OMAuthenticationContext.AuthenticationProvider.OAUTH20) {
            OMLog.debug(TAG, "~logout~");
            boolean z5 = false;
            if (z4 && this.mConfig.getLogoutUrl() != null) {
                handle3LeggedLogout(oMAuthenticationContext, true);
                z5 = true;
            }
            if (!z3 || z5) {
                return;
            }
            clearOAuthTokens(oMAuthenticationContext, z4);
            reportLogoutCompleted(this.mASM.getMSS(), z4, (OMMobileSecurityException) null);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String onAuthZCode(OMAuthenticationContext oMAuthenticationContext, WeakHashMap<String, Object> weakHashMap, String str) throws OMMobileSecurityException {
        OMLog.debug(TAG, "onAuthZCode");
        try {
            String backChannelRequestForAccessTokenUsingClientAssertion = !this.isClientRegistration ? updateParamsForClientAssertionForTokenRequest(oMAuthenticationContext, weakHashMap) : false ? this.mASM.getOAuthConnectionsUtil().getBackChannelRequestForAccessTokenUsingClientAssertion(OAuthAuthorizationGrantType.AUTHORIZATION_CODE, weakHashMap, determineClientAssertionType()) : this.mASM.getOAuthConnectionsUtil().getBackChannelRequestForAccessToken(OAuthAuthorizationGrantType.AUTHORIZATION_CODE, weakHashMap);
            if (backChannelRequestForAccessTokenUsingClientAssertion == null) {
                return null;
            }
            try {
                String token = getToken(backChannelRequestForAccessTokenUsingClientAssertion, this.mConfig, str);
                if (this.enableReqResVerbose) {
                    OMLog.debug(TAG, "<--- Response while getting ACCESS token : " + token);
                }
                return token;
            } catch (OMMobileSecurityException e) {
                throw e;
            } catch (Exception unused) {
                throw new OMMobileSecurityException(OMErrorCode.INTERNAL_ERROR);
            }
        } catch (Exception e2) {
            OMLog.error(TAG, "Error while parsing authorization code", e2);
            throw new OMMobileSecurityException(OMErrorCode.OAUTH_AUTHENTICATION_FAILED);
        }
    }
}
