package oracle.idm.mobile;

import android.os.AsyncTask;
import android.util.Base64;
import android.util.Log;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.lang.ref.WeakReference;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URL;
import java.security.cert.X509Certificate;
import java.util.HashMap;
import java.util.StringTokenizer;
import oracle.idm.mobile.OMSecurityConstants;
import oracle.idm.mobile.callback.OMHTTPRequestCallback;
import oracle.idm.mobile.callback.SSLCertCallback;
import org.apache.http.HttpHost;
import org.apache.http.HttpRequest;
import org.apache.http.HttpResponse;
import org.apache.http.client.ClientProtocolException;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.client.methods.HttpUriRequest;
import org.apache.http.client.params.HttpClientParams;
import org.apache.http.impl.client.DefaultHttpClient;
import org.apache.http.impl.cookie.BasicClientCookie;
import org.apache.http.protocol.HTTP;
import org.json.JSONException;
import org.json.JSONObject;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes.dex */
public class OAMAuthorizationService extends AuthorizationService {
    private static final String ACCESSTOKEN = "ACCESSTOKEN";
    private static final String APPLICATION_CONTEXT = "X-Idaas-Rest-Application-Context";
    private static final String APPLICATION_RESOURCE = "X-Idaas-Rest-Application-Resource";
    private static final String AUTHORIZATION = "Authorization";
    private static final String OAM_AUTH = "OAM-Auth";
    private static final String OAM_AUTHZ_ACESS_TOKEN = "OAMAuthzToken_";
    private static final String REQUEST_CONTEXT = "request-ctx";
    private static final String className = OAMAuthorizationService.class.getName();

    /* loaded from: classes.dex */
    private static class ExecuteRequestTask extends AsyncTask<Void, Void, HttpResponse> {
        private OMAuthenticationContext authContext;
        private OMHTTPRequestCallback callback;
        private HttpRequest httpRequest;
        private OMHTTPRequest omRequest;
        private WeakReference<OAMAuthorizationService> wReference;
        private final String TAG = ExecuteRequestTask.class.getName();
        private OMMobileSecurityException exception = null;

        ExecuteRequestTask(HttpRequest httpRequest, OMAuthenticationContext oMAuthenticationContext, OMHTTPRequest oMHTTPRequest, OMHTTPRequestCallback oMHTTPRequestCallback, OAMAuthorizationService oAMAuthorizationService) {
            this.httpRequest = httpRequest;
            this.authContext = oMAuthenticationContext;
            this.omRequest = oMHTTPRequest;
            this.callback = oMHTTPRequestCallback;
            this.wReference = new WeakReference<>(oAMAuthorizationService);
        }

        /* JADX INFO: Access modifiers changed from: protected */
        @Override // android.os.AsyncTask
        public HttpResponse doInBackground(Void... voidArr) {
            OAMAuthorizationService oAMAuthorizationService;
            try {
                oAMAuthorizationService = this.wReference.get();
            } catch (OMMobileSecurityException e) {
                this.exception = e;
            }
            if (oAMAuthorizationService != null) {
                return oAMAuthorizationService.executeRequest(this.httpRequest, this.authContext);
            }
            Log.d(this.TAG, "can not get instance of AuthZ service");
            return null;
        }

        /* JADX INFO: Access modifiers changed from: protected */
        @Override // android.os.AsyncTask
        public void onPostExecute(HttpResponse httpResponse) {
            final OAMAuthorizationService oAMAuthorizationService;
            X509Certificate certificate;
            if (httpResponse == null) {
                Log.d(this.TAG, "Execute Request failed!!", this.exception);
                if (this.exception != null && (oAMAuthorizationService = this.wReference.get()) != null && (certificate = oAMAuthorizationService.mss.getConnectionHandler().getCertificate()) != null) {
                    try {
                        Log.d(this.TAG, "showing the certificate warning!");
                        oAMAuthorizationService.mss.showSSLWarning(certificate, new SSLCertCallback() { // from class: oracle.idm.mobile.OAMAuthorizationService.ExecuteRequestTask.1
                            @Override // oracle.idm.mobile.callback.SSLCertCallback
                            public void cancelSSLCertificate() {
                                oAMAuthorizationService.mss.getConnectionHandler().setSSLCertificateAccepted(false);
                                oAMAuthorizationService.mss.getConnectionHandler().clearCertificate();
                                ExecuteRequestTask.this.callback.processHTTPResponse(ExecuteRequestTask.this.omRequest, null, new OMMobileSecurityException(OMErrorCode.USER_CANCELED_CERTIFICATE, (String) null, oAMAuthorizationService.mss.getApplicationContext()));
                            }

                            @Override // oracle.idm.mobile.callback.SSLCertCallback
                            public void confirmSSLCertificate() {
                                oAMAuthorizationService.mss.getConnectionHandler().setSSLCertificateAccepted(true);
                                oAMAuthorizationService.mss.getConnectionHandler().clearCertificate();
                                new ExecuteRequestTask(ExecuteRequestTask.this.httpRequest, ExecuteRequestTask.this.authContext, ExecuteRequestTask.this.omRequest, ExecuteRequestTask.this.callback, oAMAuthorizationService).execute(new Void[0]);
                            }
                        });
                        return;
                    } catch (OMMobileSecurityException e) {
                        oAMAuthorizationService.mss.getConnectionHandler().clearCertificate();
                        this.callback.processHTTPResponse(this.omRequest, httpResponse, e);
                        return;
                    }
                }
            }
            this.callback.processHTTPResponse(this.omRequest, httpResponse, this.exception);
        }
    }

    public OAMAuthorizationService(OMMobileSecurityService oMMobileSecurityService) {
        super(oMMobileSecurityService);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public HttpResponse executeRequest(HttpRequest httpRequest, OMAuthenticationContext oMAuthenticationContext) throws OMMobileSecurityException {
        HttpHost httpHost;
        try {
            if (!oMAuthenticationContext.isValid()) {
                throw new OMMobileSecurityException(OMErrorCode.USER_NOT_YET_AUTHENTICATED, (String) null, this.mss.getApplicationContext());
            }
            OMMobileSecurityConfiguration mobileSecurityConfig = this.mss.getMobileSecurityConfig();
            OMApplicationProfile applicationProfile = mobileSecurityConfig.getApplicationProfile();
            DefaultHttpClient httpClient = this.mss.getConnectionHandler().getHttpClient();
            HttpClientParams.setRedirecting(httpClient.getParams(), false);
            String uri = httpRequest.getRequestLine().getUri();
            URI uri2 = new URI(uri);
            String host = uri2.getHost();
            int port = uri2.getPort();
            if (port != -1) {
                httpHost = new HttpHost(host, port);
            } else {
                if (uri2.getScheme().equals(HttpHost.DEFAULT_SCHEME_NAME)) {
                    port = 80;
                }
                if (uri2.getScheme().equals("https")) {
                    port = 443;
                }
                httpHost = new HttpHost(host);
            }
            String str = host + ":" + port;
            String str2 = this.mss.getAccessTokens().get(OAM_AUTHZ_ACESS_TOKEN + str);
            if (str2 != null) {
                httpRequest.setHeader("Authorization", "OAM-Auth " + str2);
            }
            OMToken handle = oMAuthenticationContext.getHandle(OMSecurityConstants.OAM_ID);
            if (handle != null) {
                BasicClientCookie basicClientCookie = new BasicClientCookie(OMSecurityConstants.OAM_ID, handle.getValue());
                basicClientCookie.setDomain(host);
                httpClient.getCookieStore().addCookie(basicClientCookie);
            }
            HttpResponse execute = httpRequest instanceof HttpPost ? httpClient.execute((HttpUriRequest) httpRequest) : httpClient.execute(httpHost, httpRequest);
            if (execute.getStatusLine().getStatusCode() != 401) {
                return execute;
            }
            String value = execute.getFirstHeader("WWW-Authenticate").getValue();
            if (!value.startsWith(OAM_AUTH)) {
                return execute;
            }
            StringTokenizer stringTokenizer = new StringTokenizer(value.substring(OAM_AUTH.length() + 1, value.length()), ",");
            String str3 = null;
            while (stringTokenizer.hasMoreTokens()) {
                String trim = stringTokenizer.nextToken().trim();
                int indexOf = trim.indexOf(61) + 2;
                int length = trim.length() - 1;
                if (trim.startsWith(REQUEST_CONTEXT)) {
                    str3 = trim.substring(indexOf, length);
                }
            }
            String parseAccessToken = parseAccessToken(fetchAccessTokenFromServer(applicationProfile, mobileSecurityConfig, this.mss, oMAuthenticationContext, str3, uri, mobileSecurityConfig.getAccessServiceURL()));
            this.mss.getAccessTokens().put(OAM_AUTHZ_ACESS_TOKEN + str, parseAccessToken);
            httpRequest.setHeader("Authorization", "OAM-Auth " + parseAccessToken);
            execute.getEntity().consumeContent();
            return httpRequest instanceof HttpPost ? httpClient.execute((HttpUriRequest) httpRequest) : httpClient.execute(httpHost, httpRequest);
        } catch (IOException e) {
            throw new OMMobileSecurityException(e);
        } catch (URISyntaxException e2) {
            throw new OMMobileSecurityException(e2);
        } catch (ClientProtocolException e3) {
            throw new OMMobileSecurityException(e3);
        } catch (JSONException e4) {
            throw new OMMobileSecurityException(e4);
        }
    }

    private String fetchAccessTokenFromServer(OMApplicationProfile oMApplicationProfile, OMMobileSecurityConfiguration oMMobileSecurityConfiguration, OMMobileSecurityService oMMobileSecurityService, OMAuthenticationContext oMAuthenticationContext, String str, String str2, URL url) throws OMMobileSecurityException {
        String value;
        try {
            String identityClaims = oMMobileSecurityConfiguration.getIdentityClaims(oMMobileSecurityService.getApplicationContext(), oMMobileSecurityService.getCredentialStoreService());
            String value2 = oMAuthenticationContext.getTokens().get(OMSecurityConstants.USER_TOKEN).getValue();
            JSONObject handlesJSONFromList = oMAuthenticationContext.getHandlesJSONFromList(oMAuthenticationContext.getHandles());
            JSONObject jSONObject = new JSONObject(identityClaims);
            jSONObject.put(OMSecurityConstants.SUBJECT_TYPE, OMSecurityConstants.TOKEN);
            jSONObject.put(OMSecurityConstants.SUBJECT_VALUE, value2);
            jSONObject.put(OMSecurityConstants.NEW_TOKEN_TYPE_TO_CREATE, ACCESSTOKEN);
            jSONObject.put(APPLICATION_CONTEXT, str);
            jSONObject.put(APPLICATION_RESOURCE, str2);
            jSONObject.put(OMSecurityConstants.HANDLES, handlesJSONFromList);
            HashMap hashMap = new HashMap();
            hashMap.put(OMSecurityConstants.ConnectionConstants.CONTENT_TYPE.getValue(), OMSecurityConstants.ConnectionConstants.JSON_CONTENT_TYPE.getValue());
            hashMap.put(OMSecurityConstants.X_IDAAS_SERVICEDOMAIN, oMMobileSecurityConfiguration.getServiceDomain());
            OMToken handle = oMAuthenticationContext.getHandle(OMSecurityConstants.CLIENT_REG_HANDLE);
            if (handle != null && (value = handle.getValue()) != null) {
                hashMap.put(OMSecurityConstants.REST_AUTH, "UIDPASSWORD cred=\"" + Base64.encodeToString((oMApplicationProfile.getApplicationId() + ":" + value).getBytes(HTTP.UTF_8), 2) + "\"");
            }
            String httpPost = oMMobileSecurityService.getConnectionHandler().httpPost(url, hashMap, jSONObject.toString(), OMSecurityConstants.ConnectionConstants.JSON_CONTENT_TYPE.getValue());
            Log.d(className, "Access token request response:" + httpPost);
            return httpPost;
        } catch (UnsupportedEncodingException e) {
            throw new OMMobileSecurityException(e);
        } catch (JSONException e2) {
            throw new OMMobileSecurityException(e2);
        }
    }

    private String parseAccessToken(String str) throws JSONException {
        JSONObject jSONObject = new JSONObject(str);
        String optString = jSONObject.optString(OMSecurityConstants.OIC_TOKEN_TYPE);
        String optString2 = jSONObject.optString(OMSecurityConstants.OIC_TOKEN_VALUE);
        if (optString == null || optString2 == null || !optString.equals(ACCESSTOKEN)) {
            return null;
        }
        return optString2;
    }

    @Override // oracle.idm.mobile.AuthorizationService
    public HttpResponse handleAuthorization(HttpRequest httpRequest, OMAuthenticationContext oMAuthenticationContext) throws OMMobileSecurityException {
        return executeRequest(httpRequest, oMAuthenticationContext);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // oracle.idm.mobile.AuthorizationService
    public HttpResponse handleAuthorization(HttpRequest httpRequest, OMAuthenticationContext oMAuthenticationContext, OMHTTPRequest oMHTTPRequest, OMHTTPRequestCallback oMHTTPRequestCallback) {
        new ExecuteRequestTask(httpRequest, oMAuthenticationContext, oMHTTPRequest, oMHTTPRequestCallback, this).execute(new Void[0]);
        return null;
    }
}
