package oracle.idm.mobile;

import android.text.TextUtils;
import android.util.Log;
import java.net.URL;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import oracle.idm.mobile.OAuthConnectionsUtil;
import oracle.idm.mobile.OMAuthenticationContext;
import oracle.idm.mobile.ids.OMUser;
import org.json.JSONArray;
import org.json.JSONException;
import org.json.JSONObject;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes.dex */
public class DefaultStateTransition implements OMStateTransition {
    private static final String MULTI_STEP_CHALLENGE_QUES = "multi-step-challenge-question";
    private static final String TOKENS_LIST = "TokensList";
    private static final String className = DefaultStateTransition.class.getName();
    private OMAuthenticationServiceManager asm;
    private Map<OMAuthenticationScheme, OMAuthenticationServiceType> initialState = new HashMap();

    public DefaultStateTransition(OMAuthenticationServiceManager oMAuthenticationServiceManager) {
        this.asm = oMAuthenticationServiceManager;
        this.initialState.put(OMAuthenticationScheme.REST, OMAuthenticationServiceType.DEVICE_AUTHENTICATION);
        this.initialState.put(OMAuthenticationScheme.MOBILE_SSO, OMAuthenticationServiceType.SSO_AUTHENTICATION);
        this.initialState.put(OMAuthenticationScheme.BASIC, OMAuthenticationServiceType.BASIC_AUTHENTICATION);
        this.initialState.put(OMAuthenticationScheme.SSO_AGENT, OMAuthenticationServiceType.SSO_AGENT_AUTHENTICATION);
        this.initialState.put(OMAuthenticationScheme.RP, OMAuthenticationServiceType.IDP_AUTHENTICATION);
        this.initialState.put(OMAuthenticationScheme.OFFLINE, OMAuthenticationServiceType.OFFLINE_AUTHENTICATION);
        this.initialState.put(OMAuthenticationScheme.FEDERATED, OMAuthenticationServiceType.FEDERATED_AUTHENTICATION);
        this.initialState.put(OMAuthenticationScheme.OAUTH20, OMAuthenticationServiceType.OAUTH20);
        if (oMAuthenticationServiceManager.getOAuthConnUtil() != null && oMAuthenticationServiceManager.getOAuthConnUtil().getOAuthType() == OAuthConnectionsUtil.OAuthType.MSOAUTH) {
            this.initialState.put(OMAuthenticationScheme.OAUTH20, OMAuthenticationServiceType.OAUTH_MS_PREAUTHZ);
        }
        this.initialState.put(OMAuthenticationScheme.CCBA, OMAuthenticationServiceType.CCBA);
    }

    private AuthenticationService doBusinessAppDeviceRegistration(OMAuthenticationRequest oMAuthenticationRequest, OMAuthenticationContext oMAuthenticationContext) throws OMMobileSecurityException {
        OMToken oMToken;
        boolean z = true;
        Map<String, String> inputParams = oMAuthenticationRequest.getInputParams();
        if (!inputParams.isEmpty() && inputParams.containsKey(OMSecurityConstants.HANDLES)) {
            OMAuthenticationContext oMAuthenticationContext2 = new OMAuthenticationContext(this.asm, inputParams.get(OMSecurityConstants.HANDLES), (String) null);
            if (this.asm.getAuthenticationService(OMAuthenticationServiceType.DEVICE_AUTHENTICATION).isValid(oMAuthenticationContext2, true)) {
                oMAuthenticationContext.setHandles(oMAuthenticationContext2.getHandles());
                z = false;
                oMAuthenticationContext.setStatus(OMAuthenticationContext.AuthContextStatus.COMPLETED);
            }
        }
        if (!z) {
            return null;
        }
        oMAuthenticationContext.setStatus(OMAuthenticationContext.AuthContextStatus.BUSIAPP_CRH_IN_PROGRESS);
        Map<String, Object> inputParams2 = oMAuthenticationContext.getInputParams();
        String str = (String) inputParams2.get(OMSecurityConstants.APPLICATION_ID);
        String str2 = (String) inputParams2.get("username");
        if (str2 != null && str2.length() != 0) {
            oMAuthenticationContext.setUserName(str2);
        }
        inputParams2.clear();
        inputParams2.put(OMSecurityConstants.APPLICATION_ID, str);
        String mobileCredLevelForRegApp = this.asm.getMobileSecurityService().getMobileSecurityConfig().getMobileCredLevelForRegApp();
        Log.d(className + "_doBusinessAppDeviceRegistration", "The Mobile Credential level for registering application : " + mobileCredLevelForRegApp);
        if (mobileCredLevelForRegApp.equals(OMSecurityConstants.USER_TOKEN) && (oMToken = oMAuthenticationContext.getTokens().get(OMSecurityConstants.USER_TOKEN)) != null) {
            inputParams2.put(OMSecurityConstants.RP_MOBILE_ASSERTION_TOKEN, oMToken.getValue());
        }
        OMToken handle = oMAuthenticationContext.getHandle(OMSecurityConstants.CLIENT_REG_HANDLE);
        if (handle != null) {
            inputParams2.put(OMSecurityConstants.CLIENT_REG_HANDLE, handle.getValue());
        }
        return this.asm.getAuthenticationService(OMAuthenticationServiceType.DEVICE_AUTHENTICATION);
    }

    private boolean populateAuthHandles(JSONObject jSONObject, OMAuthenticationContext oMAuthenticationContext) {
        boolean z = false;
        ArrayList arrayList = new ArrayList();
        String optString = jSONObject.optString(OMSecurityConstants.OIC_TOKEN_VALUE, null);
        String optString2 = jSONObject.optString(OMSecurityConstants.OIC_TOKEN_TYPE, null);
        if (optString != null && optString2 != null && optString2.equals(OMSecurityConstants.CLIENT_REG_HANDLE)) {
            arrayList.add(new OMToken(optString2, optString, 0));
            z = true;
        }
        JSONObject optJSONObject = jSONObject.optJSONObject(OMSecurityConstants.HANDLES);
        if (optJSONObject != null) {
            Iterator<String> keys = optJSONObject.keys();
            while (keys.hasNext()) {
                String next = keys.next();
                JSONObject optJSONObject2 = optJSONObject.optJSONObject(next);
                if (optJSONObject2 != null) {
                    String optString3 = optJSONObject2.optString("value", null);
                    int optInt = optJSONObject2.optInt(OMSecurityConstants.EXPIRY_SECS, -1);
                    if (optString3 != null) {
                        arrayList.add(new OMToken(next, optString3, optInt));
                    }
                }
            }
        }
        if (arrayList.size() > 0) {
            OMToken handle = oMAuthenticationContext.getHandle(OMSecurityConstants.CLIENT_REG_HANDLE);
            if (handle != null) {
                arrayList.add(handle);
            }
            oMAuthenticationContext.setHandles(arrayList);
            if (oMAuthenticationContext.getStatus() != null && oMAuthenticationContext.getStatus() != OMAuthenticationContext.AuthContextStatus.RP_IN_PROGRESS && oMAuthenticationContext.getStatus() != OMAuthenticationContext.AuthContextStatus.BUSIAPP_CRH_IN_PROGRESS) {
                oMAuthenticationContext.setStatus(OMAuthenticationContext.AuthContextStatus.IN_PROGRESS);
            }
        }
        return z;
    }

    private boolean populateChallengeResponse(JSONObject jSONObject, OMAuthenticationContext oMAuthenticationContext) {
        JSONObject optJSONObject = jSONObject.optJSONObject(MULTI_STEP_CHALLENGE_QUES);
        if (optJSONObject == null) {
            return false;
        }
        String optString = optJSONObject.optString(OMSecurityConstants.CHALLENGE_TYPE);
        String optString2 = optJSONObject.optString(OMSecurityConstants.LOCALE);
        String optString3 = optJSONObject.optString(OMSecurityConstants.QUESTION_REF_ID);
        String optString4 = optJSONObject.optString(OMSecurityConstants.QUESTION_STR);
        Map<String, Object> inputParams = oMAuthenticationContext.getInputParams();
        inputParams.put(OMSecurityConstants.CHALLENGE_TYPE, optString);
        inputParams.put(OMSecurityConstants.LOCALE, optString2);
        inputParams.put(OMSecurityConstants.QUESTION_REF_ID, optString3);
        inputParams.put(OMSecurityConstants.QUESTION_STR, optString4);
        inputParams.remove(OMSecurityConstants.ANSWER_STR);
        if (oMAuthenticationContext.getStatus() != null && oMAuthenticationContext.getStatus() != OMAuthenticationContext.AuthContextStatus.RP_IN_PROGRESS && oMAuthenticationContext.getStatus() != OMAuthenticationContext.AuthContextStatus.BUSIAPP_CRH_IN_PROGRESS) {
            oMAuthenticationContext.setStatus(OMAuthenticationContext.AuthContextStatus.IN_PROGRESS);
        }
        return true;
    }

    private boolean populateRestResponse(JSONObject jSONObject, OMAuthenticationContext oMAuthenticationContext) {
        JSONArray optJSONArray = jSONObject.optJSONArray(TOKENS_LIST);
        if (optJSONArray == null) {
            return false;
        }
        HashMap hashMap = new HashMap(2);
        for (int i = 0; i < optJSONArray.length(); i++) {
            JSONObject optJSONObject = optJSONArray.optJSONObject(i);
            if (optJSONObject != null) {
                String optString = optJSONObject.optString(OMSecurityConstants.OIC_TOKEN_VALUE, null);
                String optString2 = optJSONObject.optString(OMSecurityConstants.OIC_TOKEN_TYPE, null);
                int optInt = optJSONObject.optInt(OMSecurityConstants.EXPIRY_SECS, -1);
                String optString3 = optJSONObject.optString(OMSecurityConstants.OIC_TOKEN_PROVIDER);
                if (optString2 != null && optString != null && optString2.trim().length() != 0 && optString.trim().length() != 0) {
                    if (optString2.equals(OMSecurityConstants.USER_TOKEN)) {
                        hashMap.put(OMSecurityConstants.USER_TOKEN, new OMToken(OMSecurityConstants.USER_TOKEN, optString, optInt));
                        oMAuthenticationContext.setAuthenticationProvider(OMAuthenticationContext.AuthenticationProvider.JWT);
                        if (optString3 != null) {
                            oMAuthenticationContext.setTokenProvider(optString3);
                        }
                    } else if (optString2.equals(OMSecurityConstants.USER_TOKEN_MT)) {
                        URL serverURL = this.asm.getMobileSecurityService().getMobileSecurityConfig().getServerURL();
                        hashMap.put(OMSecurityConstants.OAM_ID, new OMToken(serverURL.toString(), OMSecurityConstants.OAM_ID, optString, serverURL.getHost(), "/", optInt, true, false));
                        oMAuthenticationContext.setAuthenticationProvider(OMAuthenticationContext.AuthenticationProvider.OAM);
                        if (optString3 != null) {
                            oMAuthenticationContext.setTokenProvider(optString3);
                        }
                    }
                }
            }
        }
        if (hashMap.size() <= 0) {
            return false;
        }
        oMAuthenticationContext.getTokens().putAll(hashMap);
        oMAuthenticationContext.setStatus(OMAuthenticationContext.AuthContextStatus.COMPLETED);
        return true;
    }

    @Override // oracle.idm.mobile.OMStateTransition
    public AuthenticationService doStateTransition(String str, OMAuthenticationContext oMAuthenticationContext) throws OMMobileSecurityException {
        try {
            if (str != null) {
                JSONObject jSONObject = new JSONObject(str);
                boolean populateAuthHandles = populateAuthHandles(jSONObject, oMAuthenticationContext);
                boolean populateRestResponse = populateRestResponse(jSONObject, oMAuthenticationContext);
                if (populateChallengeResponse(jSONObject, oMAuthenticationContext)) {
                    return this.asm.getAuthenticationService(OMAuthenticationServiceType.KBA_AUTHENTICATION);
                }
                if (populateRestResponse) {
                    if (oMAuthenticationContext.getAuthRequest() == null || !oMAuthenticationContext.getAuthRequest().isSsoAgentRequest()) {
                        return null;
                    }
                    this.asm.handleAuthenticationCompleted(oMAuthenticationContext.getAuthRequest(), oMAuthenticationContext, true, true, true);
                    this.asm.setAuthenticationContext(oMAuthenticationContext.clone());
                    return doBusinessAppDeviceRegistration(oMAuthenticationContext.getAuthRequest(), oMAuthenticationContext);
                }
                if (!populateAuthHandles) {
                    Log.d(className + "_doStateTransition", "Response String is " + str);
                    oMAuthenticationContext.setStatus(OMAuthenticationContext.AuthContextStatus.FAILURE);
                    oMAuthenticationContext.setMobileException(new OMMobileSecurityException(OMErrorCode.USER_AUTHENTICATION_FAILED, (String) null, this.asm.getApplicationContext()));
                    return null;
                }
                if (oMAuthenticationContext.getStatus() == OMAuthenticationContext.AuthContextStatus.BUSIAPP_CRH_IN_PROGRESS) {
                    oMAuthenticationContext.setStatus(OMAuthenticationContext.AuthContextStatus.COMPLETED);
                    return null;
                }
                if (oMAuthenticationContext.getStatus() != OMAuthenticationContext.AuthContextStatus.RP_IN_PROGRESS) {
                    return this.asm.getAuthenticationService(OMAuthenticationServiceType.REST_AUTHENTICATION);
                }
                if (oMAuthenticationContext.getAuthRequest().isSsoAgentRequest()) {
                    this.asm.handleAuthenticationCompleted(oMAuthenticationContext.getAuthRequest(), oMAuthenticationContext, true, true, true);
                    this.asm.setAuthenticationContext(oMAuthenticationContext.clone());
                    return doBusinessAppDeviceRegistration(oMAuthenticationContext.getAuthRequest(), oMAuthenticationContext);
                }
                oMAuthenticationContext.setAuthenticationProvider(OMAuthenticationContext.AuthenticationProvider.IDP);
                oMAuthenticationContext.setStatus(OMAuthenticationContext.AuthContextStatus.COMPLETED);
                return null;
            }
            if (oMAuthenticationContext.getStatus() == OMAuthenticationContext.AuthContextStatus.BUSIAPP_CRH_IN_PROGRESS) {
                this.asm.setAuthenticationContext(oMAuthenticationContext.clone());
                return doBusinessAppDeviceRegistration(oMAuthenticationContext.getAuthRequest(), oMAuthenticationContext);
            }
            if (oMAuthenticationContext.getStatus() == OMAuthenticationContext.AuthContextStatus.SSO_AGENT_IN_PROGRESS) {
                oMAuthenticationContext.setStatus(OMAuthenticationContext.AuthContextStatus.IN_PROGRESS);
                return getAuthenticationService(oMAuthenticationContext.getAuthRequest().getAuthenticationScheme());
            }
            if (oMAuthenticationContext.getStatus() == OMAuthenticationContext.AuthContextStatus.RP_IN_PROGRESS) {
                Map<String, Object> inputParams = oMAuthenticationContext.getInputParams();
                String str2 = (String) inputParams.get(OMSecurityConstants.RP_MOBILE_ASSERTION_TOKEN);
                OMAuthenticationContext.IdentityProvider identityProvider = oMAuthenticationContext.getIdentityProvider();
                identityProvider.setName((String) inputParams.get(OMSecurityConstants.IDENTITY_PROVIDER));
                identityProvider.setProtocol((String) inputParams.get(OMSecurityConstants.PROTOCOL));
                if (inputParams.containsKey(OMSecurityConstants.OAUTH_ACCESS_TOKEN)) {
                    identityProvider.setToken((String) inputParams.get(OMSecurityConstants.OAUTH_ACCESS_TOKEN));
                }
                Object obj = inputParams.get("userprofileJSON");
                if (obj != null) {
                    JSONObject jSONObject2 = (JSONObject) obj;
                    OMUser oMUser = new OMUser();
                    oMUser.setFirstName(jSONObject2.optString(OMUser.FIRSTNAME));
                    oMUser.setLastName(jSONObject2.optString(OMUser.LASTNAME));
                    String optString = jSONObject2.optString(OMUser.MAIL);
                    if (TextUtils.isEmpty(optString)) {
                        optString = jSONObject2.optString("email");
                    }
                    oMUser.setMail(optString);
                    identityProvider.setUser(oMUser);
                }
                HashMap hashMap = new HashMap(1);
                hashMap.put(OMSecurityConstants.USER_TOKEN, new OMToken(OMSecurityConstants.USER_TOKEN, str2, -1));
                oMAuthenticationContext.getTokens().putAll(hashMap);
                return this.asm.getAuthenticationService(OMAuthenticationServiceType.DEVICE_AUTHENTICATION);
            }
            if (oMAuthenticationContext.getStatus() == OMAuthenticationContext.AuthContextStatus.IN_PROGRESS) {
                return getAuthenticationService(oMAuthenticationContext.getAuthRequest().getAuthenticationScheme());
            }
            if (oMAuthenticationContext.getStatus() == OMAuthenticationContext.AuthContextStatus.HANDLES_FILLED) {
                oMAuthenticationContext.setStatus(OMAuthenticationContext.AuthContextStatus.IN_PROGRESS);
                return this.asm.getAuthenticationService(OMAuthenticationServiceType.REST_AUTHENTICATION);
            }
            if (oMAuthenticationContext.getStatus() == OMAuthenticationContext.AuthContextStatus.ONLINE_IN_PROGRESS) {
                oMAuthenticationContext.setStatus(OMAuthenticationContext.AuthContextStatus.IN_PROGRESS);
                return oMAuthenticationContext.getAuthRequest().isSsoAgentRequest() ? getAuthenticationService(OMAuthenticationScheme.SSO_AGENT) : getAuthenticationService(OMAuthenticationScheme.MOBILE_SSO);
            }
            if (oMAuthenticationContext.getStatus() == OMAuthenticationContext.AuthContextStatus.OFFLINE_COLLECT_CREDENTIAL) {
                return this.asm.getAuthenticationService(OMAuthenticationServiceType.OFFLINE_AUTHENTICATION);
            }
            if (oMAuthenticationContext.getStatus() == OMAuthenticationContext.AuthContextStatus.OAUTH_PRE_AUTHZ_DONE) {
                oMAuthenticationContext.setStatus(OMAuthenticationContext.AuthContextStatus.OAUTH_DYCR_IN_PROGRESS);
                return this.asm.getAuthenticationService(OMAuthenticationServiceType.OAUTH_MS_DYCR);
            }
            if (oMAuthenticationContext.getStatus() == OMAuthenticationContext.AuthContextStatus.OAUTH_DYCR_IN_PROGRESS) {
                return this.asm.getAuthenticationService(OMAuthenticationServiceType.OAUTH_MS_DYCR);
            }
            if (oMAuthenticationContext.getStatus() == OMAuthenticationContext.AuthContextStatus.OAUTH_DYCR_DONE) {
                oMAuthenticationContext.setStatus(OMAuthenticationContext.AuthContextStatus.IN_PROGRESS);
                return this.asm.getAuthenticationService(OMAuthenticationServiceType.OAUTH20);
            }
            if (oMAuthenticationContext.getStatus() != OMAuthenticationContext.AuthContextStatus.OAUTH_STEPUP) {
                return null;
            }
            oMAuthenticationContext.setStatus(OMAuthenticationContext.AuthContextStatus.OAUTH_DYCR_IN_PROGRESS);
            return this.asm.getAuthenticationService(OMAuthenticationServiceType.OAUTH_STEPUP);
        } catch (JSONException e) {
            oMAuthenticationContext.setStatus(OMAuthenticationContext.AuthContextStatus.FAILURE);
            oMAuthenticationContext.setMobileException(new OMMobileSecurityException(e));
            throw new OMMobileSecurityException(e);
        }
    }

    @Override // oracle.idm.mobile.OMStateTransition
    public AuthenticationService getAuthenticationService(OMAuthenticationScheme oMAuthenticationScheme) throws OMMobileSecurityException {
        if (oMAuthenticationScheme == null) {
            throw new OMMobileSecurityException(OMErrorCode.NO_AUTHENTICATION_SCHEME, (String) null, this.asm.getApplicationContext());
        }
        return this.asm.getAuthenticationService(this.initialState.get(oMAuthenticationScheme));
    }

    @Override // oracle.idm.mobile.OMStateTransition
    public AuthenticationService getInitialState(OMAuthenticationRequest oMAuthenticationRequest) throws OMMobileSecurityException {
        OMMobileSecurityConfiguration mobileSecurityConfig = this.asm.getMobileSecurityService().getMobileSecurityConfig();
        return mobileSecurityConfig.getAuthenticationScheme() == OMAuthenticationScheme.FEDERATED ? getAuthenticationService(OMAuthenticationScheme.FEDERATED) : mobileSecurityConfig.isOfflineAuthenticationAllowed() ? getAuthenticationService(OMAuthenticationScheme.OFFLINE) : oMAuthenticationRequest.isSsoAgentRequest() ? getAuthenticationService(OMAuthenticationScheme.SSO_AGENT) : getAuthenticationService(OMAuthenticationScheme.MOBILE_SSO);
    }

    @Override // oracle.idm.mobile.OMStateTransition
    public AuthenticationService getLogoutState(AuthenticationService authenticationService) {
        String str = className + "_getLogoutState";
        if (this.asm.getMobileSecurityService().getMobileSecurityConfig().getAuthenticationScheme() == OMAuthenticationScheme.OAUTH20) {
            Log.d(str, "State: " + authenticationService);
            if (authenticationService == null) {
                return this.asm.getAuthenticationService(OMAuthenticationServiceType.OAUTH_MS_DYCR);
            }
            if (authenticationService instanceof OAuthMSDYCRService) {
                return this.asm.getAuthenticationService(OMAuthenticationServiceType.OAUTH20);
            }
            if ((authenticationService instanceof OAuthAuthenticationService) && this.asm.getMobileSecurityService().getMobileSecurityConfig().isOfflineAuthenticationAllowed()) {
                return this.asm.getAuthenticationService(OMAuthenticationServiceType.OFFLINE_AUTHENTICATION);
            }
            return null;
        }
        if (authenticationService == null) {
            return this.asm.getAuthenticationService(OMAuthenticationServiceType.FEDERATED_AUTHENTICATION);
        }
        if (authenticationService instanceof FederatedAuthenticationService) {
            return this.asm.getAuthenticationService(OMAuthenticationServiceType.REST_AUTHENTICATION);
        }
        if (authenticationService instanceof RestAuthenticationService) {
            return this.asm.getAuthenticationService(OMAuthenticationServiceType.DEVICE_AUTHENTICATION);
        }
        if (authenticationService instanceof DeviceAuthenticationService) {
            return this.asm.getAuthenticationService(OMAuthenticationServiceType.BASIC_AUTHENTICATION);
        }
        if (authenticationService instanceof BasicAuthenticationService) {
            return this.asm.getAuthenticationService(OMAuthenticationServiceType.CCBA);
        }
        if (authenticationService instanceof CertificateBasedAuthenticationService) {
            return this.asm.getAuthenticationService(OMAuthenticationServiceType.OFFLINE_AUTHENTICATION);
        }
        return null;
    }
}
