package com.worklight.wlclient;

import android.os.Build;
import android.util.Base64;
import com.android.tools.r8.GeneratedOutlineSupport;
import com.worklight.common.Logger;
import com.worklight.common.WLConfig;
import com.worklight.common.security.WLDeviceAuthManager;
import com.worklight.common.security.WLOAuthCertManager;
import com.worklight.nativeandroid.common.WLUtils;
import com.worklight.wlclient.api.WLAuthorizationException;
import com.worklight.wlclient.api.WLAuthorizationPersistencePolicy;
import com.worklight.wlclient.api.WLClient;
import com.worklight.wlclient.api.WLErrorCode;
import com.worklight.wlclient.api.WLFailResponse;
import com.worklight.wlclient.api.WLRequestOptions;
import com.worklight.wlclient.api.WLResponse;
import com.worklight.wlclient.api.WLResponseListener;
import java.io.ByteArrayInputStream;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.UnrecoverableEntryException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.UUID;
import org.apache.http.HttpRequest;
import org.codehaus.jackson.util.MinimalPrettyPrinter;
import org.json.JSONException;
import org.json.JSONObject;

/* loaded from: classes.dex */
public class WLAuthorizationManagerInternal {
    private String accessToken;
    private HashMap<String, ArrayList<WLResponseListener>> authorizationQueue;
    private String clientId = null;
    private String idToken;
    private WLAuthorizationPersistencePolicy persistencePolicy;
    private ArrayList<WLResponseListener> registrationQueue;
    private String wlSessionID;
    private static Logger logger = Logger.getInstance(WLAuthorizationManagerInternal.class.getSimpleName());
    private static WLAuthorizationManagerInternal instance = null;

    private WLAuthorizationManagerInternal() {
        String readWLPref = WLConfig.getInstance().readWLPref("com.worklight.oauth.token.persistence.policy");
        if (readWLPref != null) {
            this.persistencePolicy = WLAuthorizationPersistencePolicy.valueOf(readWLPref);
        } else {
            this.persistencePolicy = WLAuthorizationPersistencePolicy.ALWAYS;
        }
        this.registrationQueue = new ArrayList<>();
        this.authorizationQueue = new HashMap<>();
        addNewSessionGlobalHeader();
    }

    private void abortAuthorization(WLFailResponse wLFailResponse) {
        Iterator<String> it = this.authorizationQueue.keySet().iterator();
        while (it.hasNext()) {
            Iterator<WLResponseListener> it2 = this.authorizationQueue.get(it.next()).iterator();
            while (it2.hasNext()) {
                it2.next().onFailure(wLFailResponse);
            }
        }
        this.authorizationQueue.clear();
    }

    private void addNewSessionGlobalHeader() {
        if (AsynchronousRequestSender.getInstance().getGlobalHeaders().keySet().contains("X-WL-Session")) {
            return;
        }
        this.wlSessionID = UUID.randomUUID().toString();
        WLClient.getInstance().addGlobalHeader("X-WL-Session", this.wlSessionID);
    }

    private String getIdToken() {
        if (this.idToken == null && this.persistencePolicy == WLAuthorizationPersistencePolicy.ALWAYS) {
            this.idToken = WLConfig.getInstance().readWLPref("com.worklight.oauth.idtoken");
        }
        return this.idToken;
    }

    private JSONObject getIdTokenJSON() {
        if (getIdToken() != null) {
            try {
                return new JSONObject(new String(Base64.decode(this.idToken.split("\\.")[1], 0)));
            } catch (JSONException unused) {
            }
        }
        return null;
    }

    public static synchronized WLAuthorizationManagerInternal getInstance() {
        WLAuthorizationManagerInternal wLAuthorizationManagerInternal;
        synchronized (WLAuthorizationManagerInternal.class) {
            if (instance == null) {
                instance = new WLAuthorizationManagerInternal();
            }
            wLAuthorizationManagerInternal = instance;
        }
        return wLAuthorizationManagerInternal;
    }

    private void invokeInstanceRegistrationRequest(WLResponseListener wLResponseListener) {
        this.registrationQueue.add(wLResponseListener);
        if (this.registrationQueue.size() == 1) {
            JSONObject jSONObject = new JSONObject();
            try {
                jSONObject.put("deviceId", WLDeviceAuthManager.getInstance().getDeviceUUID(WLClient.getInstance().getContext()));
                jSONObject.put("deviceOs", "" + Build.VERSION.RELEASE);
                jSONObject.put("deviceModel", Build.MODEL);
                jSONObject.put("applicationId", WLConfig.getInstance().getAppId());
                jSONObject.put("applicationVersion", WLConfig.getInstance().getApplicationVersion());
                jSONObject.put("environment", WLConfig.getInstance().getWLEnvironment());
                WLOAuthCertManager.getInstance().generateKeyPair(null, 512);
                String signCsr = WLOAuthCertManager.getInstance().signCsr(jSONObject, null);
                HashMap<String, Object> hashMap = new HashMap<>();
                hashMap.put("CSR", signCsr);
                sendRequest("clients/instance", hashMap, null, RequestMethod.POST, new WLResponseListener() { // from class: com.worklight.wlclient.WLAuthorizationManagerInternal.3
                    @Override // com.worklight.wlclient.api.WLResponseListener
                    public void onFailure(WLFailResponse wLFailResponse) {
                        synchronized (WLAuthorizationManagerInternal.this) {
                            WLAuthorizationManagerInternal.this.onRegistrationFailure(wLFailResponse);
                            Iterator it = WLAuthorizationManagerInternal.this.registrationQueue.iterator();
                            while (it.hasNext()) {
                                ((WLResponseListener) it.next()).onFailure(wLFailResponse);
                            }
                            WLAuthorizationManagerInternal.this.registrationQueue.clear();
                        }
                    }

                    @Override // com.worklight.wlclient.api.WLResponseListener
                    public void onSuccess(WLResponse wLResponse) {
                        synchronized (WLAuthorizationManagerInternal.this) {
                            try {
                                WLAuthorizationManagerInternal.this.onRegistrationSuccess(wLResponse);
                            } catch (Exception e) {
                                WLAuthorizationManagerInternal.logger.error("Unable to finish client instance registration process. ", null, e);
                                onFailure(new WLFailResponse(WLErrorCode.AUTHORIZATION_FAILURE, e.getMessage(), null));
                            }
                            Iterator it = WLAuthorizationManagerInternal.this.registrationQueue.iterator();
                            while (it.hasNext()) {
                                ((WLResponseListener) it.next()).onSuccess(wLResponse);
                            }
                            WLAuthorizationManagerInternal.this.registrationQueue.clear();
                        }
                    }
                });
            } catch (NoSuchAlgorithmException e) {
                throw new Error(e);
            } catch (JSONException e2) {
                throw new Error(e2);
            } catch (Exception e3) {
                throw new Error(e3);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public synchronized void onRegistrationFailure(WLFailResponse wLFailResponse) {
        clearRegistration();
        abortAuthorization(wLFailResponse);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public synchronized void onRegistrationSuccess(WLResponse wLResponse) throws Exception {
        JSONObject convertStringToJSON = WLUtils.convertStringToJSON(wLResponse.getResponseText());
        if (convertStringToJSON.getString("certificate") == null) {
            throw new Exception("Saving certificate failed");
        }
        saveCertificate(convertStringToJSON);
    }

    private void persistToken(String str, String str2) {
        WLConfig.getInstance().writeWLPref("com.worklight.oauth.accesstoken", str);
        WLConfig.getInstance().writeWLPref("com.worklight.oauth.idtoken", str2);
    }

    private void saveCertificate(JSONObject jSONObject) throws JSONException, Exception {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(com.worklight.utils.Base64.decode(jSONObject.getString("certificate").getBytes()));
        X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(byteArrayInputStream);
        byteArrayInputStream.close();
        try {
            x509Certificate.checkValidity();
        } catch (CertificateNotYetValidException unused) {
        }
        try {
            PublicKey publicKey = WLOAuthCertManager.getInstance().getKeyPair("WLAuthorizationManagerProvisioningEntity").getPublic();
            PublicKey publicKey2 = x509Certificate.getPublicKey();
            if (publicKey2 == null || !publicKey2.equals(publicKey)) {
                throw new CertificateException("Invalid certificate received, public keys do not match.");
            }
            this.clientId = WLOAuthCertManager.getInstance().extractClientIdFromCertificate(x509Certificate);
            WLConfig.getInstance().writeWLPref("com.worklight.oauth.clientid", this.clientId);
            WLOAuthCertManager.getInstance().saveCertificate("WLAuthorizationManagerProvisioningEntity", x509Certificate, (String) null);
        } catch (KeyStoreException e) {
            throw new RuntimeException(e);
        } catch (NoSuchAlgorithmException e2) {
            throw new Error(e2);
        } catch (UnrecoverableEntryException e3) {
            throw new RuntimeException(e3);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public synchronized void saveToken(JSONObject jSONObject) throws JSONException {
        if (jSONObject.has("access_token") && jSONObject.has("id_token")) {
            String string = jSONObject.getString("access_token");
            String string2 = jSONObject.getString("id_token");
            this.accessToken = string;
            this.idToken = string2;
            if (this.persistencePolicy == WLAuthorizationPersistencePolicy.ALWAYS) {
                persistToken(string, string2);
            }
        }
    }

    private void sendRequest(String str, HashMap<String, Object> hashMap, HashMap<String, String> hashMap2, RequestMethod requestMethod, final WLResponseListener wLResponseListener) {
        String outline5 = GeneratedOutlineSupport.outline5("authorization/v1/", str);
        WLRequestOptions wLRequestOptions = new WLRequestOptions();
        for (String str2 : hashMap.keySet()) {
            wLRequestOptions.addParameter(str2, hashMap.get(str2).toString());
        }
        if (hashMap2 != null) {
            for (String str3 : hashMap2.keySet()) {
                wLRequestOptions.addHeader(str3, hashMap2.get(str3));
            }
        }
        wLRequestOptions.setResponseListener(wLResponseListener);
        WLRequestListener wLRequestListener = new WLRequestListener(this) { // from class: com.worklight.wlclient.WLAuthorizationManagerInternal.7
            @Override // com.worklight.wlclient.WLRequestListener
            public void onFailure(WLFailResponse wLFailResponse) {
                wLResponseListener.onFailure(wLFailResponse);
            }

            @Override // com.worklight.wlclient.WLRequestListener
            public void onSuccess(WLResponse wLResponse) {
                wLResponseListener.onSuccess(wLResponse);
            }
        };
        WLRequest wLRequest = getClientId() != null ? new WLRequest(wLRequestListener, wLRequestOptions, WLConfig.getInstance(), WLClient.getInstance().getContext(), true) : new WLClientInstanceRegistrationRequest(wLRequestListener, wLRequestOptions, WLConfig.getInstance(), WLClient.getInstance().getContext());
        wLRequest.setMethod(requestMethod);
        wLRequest.makeRequest(outline5, true);
    }

    public void addClientIdHeaderToRequest(HttpRequest httpRequest) {
        String clientId = getClientId();
        if (clientId != null) {
            httpRequest.addHeader("X-WL-ClientId", clientId);
            try {
                httpRequest.addHeader("X-WL-S-ClientID", getSignedClientId());
            } catch (Exception e) {
                e.printStackTrace();
            }
        }
        if (httpRequest.getFirstHeader("X-WL-Session") == null) {
            httpRequest.addHeader("X-WL-Session", this.wlSessionID);
        }
    }

    public synchronized void clearRegistration() {
        this.accessToken = null;
        this.idToken = null;
        if (this.persistencePolicy == WLAuthorizationPersistencePolicy.ALWAYS) {
            persistToken(null, null);
        }
        this.clientId = null;
        WLConfig.getInstance().writeWLPref("com.worklight.oauth.clientid", null);
        try {
            WLOAuthCertManager.getInstance().clearKeystore("WLAuthorizationManagerProvisioningEntity");
            addNewSessionGlobalHeader();
        } catch (Exception e) {
            logger.error("Unable to clear registration data from keystore.", null, null);
            throw new RuntimeException(e);
        }
    }

    public synchronized void deleteTokens() {
        this.idToken = null;
        this.accessToken = null;
        persistToken(null, null);
    }

    public JSONObject getAppIdentity() {
        try {
            JSONObject idTokenJSON = getIdTokenJSON();
            if (idTokenJSON != null) {
                return idTokenJSON.getJSONObject("imf.application");
            }
            return null;
        } catch (JSONException unused) {
            return null;
        }
    }

    public synchronized String getCachedAuthorizationHeader() {
        if (this.accessToken == null && this.persistencePolicy == WLAuthorizationPersistencePolicy.ALWAYS) {
            this.accessToken = WLConfig.getInstance().readWLPref("com.worklight.oauth.accesstoken");
        }
        String str = this.accessToken;
        String idToken = getIdToken();
        if (str == null || idToken == null) {
            return "";
        }
        return "Bearer " + str + MinimalPrettyPrinter.DEFAULT_ROOT_VALUE_SEPARATOR + idToken;
    }

    public String getClientId() {
        if (this.clientId == null) {
            String readWLPref = WLConfig.getInstance().readWLPref("com.worklight.oauth.clientid");
            this.clientId = readWLPref;
            if (readWLPref == null) {
                try {
                    this.clientId = WLOAuthCertManager.getInstance().getClientIdFromCertificate();
                } catch (Exception unused) {
                    this.clientId = null;
                }
            }
        }
        return this.clientId;
    }

    public synchronized void getClientInstanceIdHeader(final WLClientInstanceIdListener wLClientInstanceIdListener) {
        String clientId = getClientId();
        if (clientId != null) {
            wLClientInstanceIdListener.onSuccess(clientId);
        } else {
            invokeInstanceRegistrationRequest(new WLResponseListener() { // from class: com.worklight.wlclient.WLAuthorizationManagerInternal.2
                @Override // com.worklight.wlclient.api.WLResponseListener
                public void onFailure(WLFailResponse wLFailResponse) {
                    wLClientInstanceIdListener.onFailure(new WLAuthorizationException(wLFailResponse));
                }

                @Override // com.worklight.wlclient.api.WLResponseListener
                public void onSuccess(WLResponse wLResponse) {
                    wLClientInstanceIdListener.onSuccess(WLAuthorizationManagerInternal.this.getClientId());
                }
            });
        }
    }

    public JSONObject getDeviceIdentity() {
        try {
            JSONObject idTokenJSON = getIdTokenJSON();
            if (idTokenJSON != null) {
                return idTokenJSON.getJSONObject("imf.device");
            }
            return null;
        } catch (JSONException unused) {
            return null;
        }
    }

    public String getSignedClientId() throws Exception {
        try {
            JSONObject jSONObject = new JSONObject();
            jSONObject.put("clientId", getClientId());
            return WLOAuthCertManager.getInstance().signJWS(jSONObject);
        } catch (JSONException e) {
            throw new Error(e);
        } catch (Exception e2) {
            throw new Exception(e2.getMessage());
        }
    }

    public JSONObject getUserIdentity() {
        try {
            JSONObject idTokenJSON = getIdTokenJSON();
            if (idTokenJSON != null) {
                return idTokenJSON.getJSONObject("imf.user");
            }
            return null;
        } catch (JSONException unused) {
            return null;
        }
    }

    public String getWlSessionId() {
        return this.wlSessionID;
    }

    public void invokeTokenRequestWithGrantCode(String str, final WLResponseListener wLResponseListener) {
        WLResponseListener wLResponseListener2 = new WLResponseListener() { // from class: com.worklight.wlclient.WLAuthorizationManagerInternal.8
            @Override // com.worklight.wlclient.api.WLResponseListener
            public void onFailure(WLFailResponse wLFailResponse) {
                wLResponseListener.onFailure(wLFailResponse);
            }

            @Override // com.worklight.wlclient.api.WLResponseListener
            public void onSuccess(WLResponse wLResponse) {
                try {
                    WLAuthorizationManagerInternal.this.saveToken(wLResponse.getResponseJSON());
                    wLResponseListener.onSuccess(wLResponse);
                } catch (JSONException unused) {
                    wLResponseListener.onFailure(new WLFailResponse(wLResponse));
                }
            }
        };
        try {
            JSONObject jSONObject = new JSONObject();
            jSONObject.put("code", str);
            HashMap<String, Object> hashMap = new HashMap<>();
            hashMap.put("code", str);
            hashMap.put("client_id", getClientId());
            hashMap.put("grant_type", "authorization_code");
            hashMap.put("redirect_uri", "http://mfpredirecturi");
            String signJWS = WLOAuthCertManager.getInstance().signJWS(jSONObject);
            HashMap<String, String> hashMap2 = new HashMap<>();
            hashMap2.put("X-WL-Authenticate", signJWS);
            sendRequest("token", hashMap, hashMap2, RequestMethod.POST, wLResponseListener2);
        } catch (JSONException e) {
            throw new Error(e);
        } catch (Exception e2) {
            throw new Error(e2);
        }
    }

    public void setAuthorizationPersistencePolicy(WLAuthorizationPersistencePolicy wLAuthorizationPersistencePolicy) {
        if (wLAuthorizationPersistencePolicy == null) {
            throw new IllegalArgumentException("The policy argument cannot be null");
        }
        if (this.persistencePolicy != wLAuthorizationPersistencePolicy) {
            this.persistencePolicy = wLAuthorizationPersistencePolicy;
            WLConfig.getInstance().writeWLPref("com.worklight.oauth.token.persistence.policy", wLAuthorizationPersistencePolicy.name());
            if (wLAuthorizationPersistencePolicy == WLAuthorizationPersistencePolicy.ALWAYS) {
                persistToken(this.accessToken, this.idToken);
            } else {
                persistToken(null, null);
            }
        }
    }
}
