package mobilecontrol.android.auth;

import android.content.Context;
import android.net.Uri;
import android.os.AsyncTask;
import android.os.Handler;
import android.util.Base64;
import androidx.browser.customtabs.CustomTabColorSchemeParams;
import androidx.browser.customtabs.CustomTabsIntent;
import androidx.browser.trusted.sharing.ShareTarget;
import androidx.constraintlayout.core.widgets.analyzer.BasicMeasure;
import androidx.work.WorkRequest;
import java.io.BufferedInputStream;
import java.io.BufferedReader;
import java.io.DataOutputStream;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.UnsupportedEncodingException;
import java.net.HttpURLConnection;
import java.net.MalformedURLException;
import java.net.ProtocolException;
import java.net.URL;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.Locale;
import java.util.UUID;
import mobilecontrol.android.app.AppUtility;
import mobilecontrol.android.app.ClientLog;
import mobilecontrol.android.app.MobileClientApp;
import mobilecontrol.android.app.ServerInfo;
import mobilecontrol.android.app.UserInfo;
import mobilecontrol.android.service.PalServiceListener;
import org.jivesoftware.smack.util.StringUtils;
import org.json.JSONException;
import org.json.JSONObject;

/* loaded from: classes.dex */
public class OAuth2 {
    private static final String CHECK_PATH = "/c5oidc/oauth/pre-auth-check";
    private static final String CLIENTID = "c5authpkce";
    private static final String LOGOUT_PATH = "/c5oidc/oauth/logout";
    private static final String LOG_TAG = "OAuth2";
    private static final String REDIRECT_URL = "mcapp://localhost/oauth/auth-code-callback";
    private static final String RETROSPECT_PATH = "/c5oidc/oauth/introspect";
    private static final String TOKEN_PATH = "/c5oidc/oauth/token";
    private static OAuth2 instance;
    private String codeChallenge;
    private String codeVerifier;
    public String state = UUID.randomUUID().toString().replace("-", "");
    public String accessToken = UserInfo.getAccessToken();
    public String refreshToken = UserInfo.getRefreshToken();
    public Long expires = 0L;
    public String host = "";
    private Handler refreshHandler = new Handler();

    /* loaded from: classes.dex */
    public interface OAUth2CheckHostResponse {
        void onSuccess(boolean z);
    }

    /* loaded from: classes3.dex */
    public interface OAuth2Response {
        void onComplete(boolean z);
    }

    private OAuth2() {
    }

    private String anonymizedJsonString(JSONObject jSONObject) {
        String jSONObject2;
        try {
            jSONObject2 = jSONObject.toString(2);
        } catch (JSONException unused) {
            jSONObject2 = jSONObject.toString();
        }
        return AppUtility.isUC1000() ? jSONObject2 : jSONObject2.replaceAll("(_token\": \"\\S\\S\\S)\\S*(\\S\\S\\S)\"", "$1...$2\"");
    }

    private void cancelRefreshTimer() {
        ClientLog.i(LOG_TAG, "cancelRefreshTimer");
        this.refreshHandler.removeCallbacksAndMessages(null);
    }

    private URL getAuthServerUrl(String str) {
        try {
            return new URL("https://" + this.host + str);
        } catch (MalformedURLException e) {
            ClientLog.e(LOG_TAG, "getAuthServerUrl failed. " + e.getMessage());
            return null;
        }
    }

    public static OAuth2 getInstance() {
        if (instance == null) {
            instance = new OAuth2();
        }
        return instance;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public JSONObject sendRequest(String str, String str2, boolean z) {
        URL authServerUrl = getAuthServerUrl(str);
        if (authServerUrl == null) {
            ClientLog.e(LOG_TAG, "sendRequest: no auth url for " + str);
            return null;
        }
        try {
            HttpURLConnection httpURLConnection = (HttpURLConnection) authServerUrl.openConnection();
            if (z) {
                try {
                    httpURLConnection.setDoOutput(true);
                    httpURLConnection.setRequestMethod(ShareTarget.METHOD_POST);
                    httpURLConnection.setRequestProperty("Content-Type", ShareTarget.ENCODING_TYPE_URL_ENCODED);
                } catch (ProtocolException e) {
                    ClientLog.e(LOG_TAG, "sendRequest exception " + e.getMessage());
                    return null;
                }
            }
            httpURLConnection.setRequestProperty("Accept-Charset", StringUtils.UTF8);
            httpURLConnection.setReadTimeout(10000);
            httpURLConnection.setConnectTimeout(15000);
            httpURLConnection.connect();
            if (z) {
                DataOutputStream dataOutputStream = new DataOutputStream(httpURLConnection.getOutputStream());
                dataOutputStream.writeBytes(str2);
                dataOutputStream.flush();
                dataOutputStream.close();
            }
            int responseCode = httpURLConnection.getResponseCode();
            String str3 = LOG_TAG;
            ClientLog.i(str3, "sendRequest POST " + authServerUrl.toString());
            ClientLog.i(str3, "sendRequest params " + str2);
            ClientLog.i(str3, "sendRequest response HTTP " + responseCode);
            if (responseCode >= 200 && responseCode < 300) {
                BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(new BufferedInputStream(httpURLConnection.getInputStream())));
                String str4 = "";
                while (true) {
                    String readLine = bufferedReader.readLine();
                    if (readLine == null) {
                        try {
                            JSONObject jSONObject = new JSONObject(str4);
                            ClientLog.i(LOG_TAG, anonymizedJsonString(jSONObject));
                            return jSONObject;
                        } catch (JSONException e2) {
                            String str5 = LOG_TAG;
                            ClientLog.w(str5, "sendRequest json exception " + e2.getMessage());
                            ClientLog.w(str5, "response=" + str4);
                            return null;
                        }
                    }
                    str4 = str4 + readLine;
                }
            }
            ClientLog.w(str3, "sendRequest: error response " + responseCode);
            return null;
        } catch (IOException e3) {
            ClientLog.e(LOG_TAG, "sendRequest IOException " + e3.getMessage());
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void setRefreshTimer(int i) {
        this.refreshHandler.removeCallbacksAndMessages(null);
        Runnable runnable = new Runnable() { // from class: mobilecontrol.android.auth.OAuth2.6
            @Override // java.lang.Runnable
            public void run() {
                ClientLog.i(OAuth2.LOG_TAG, "token refresh timer");
                OAuth2.this.refreshToken(new OAuth2Response() { // from class: mobilecontrol.android.auth.OAuth2.6.1
                    @Override // mobilecontrol.android.auth.OAuth2.OAuth2Response
                    public void onComplete(boolean z) {
                        MobileClientApp.sPalService.palSetOAuthToken(new PalServiceListener());
                    }
                });
            }
        };
        int max = Math.max(i - 10, 2);
        ClientLog.i(LOG_TAG, "setRefreshTimer delay=" + max);
        this.refreshHandler.postDelayed(runnable, ((long) max) * 1000);
    }

    public void browserLogin(Context context, String str) {
        ClientLog.i(LOG_TAG, "browserLogin user=" + str);
        byte[] bArr = new byte[64];
        new SecureRandom().nextBytes(bArr);
        String encodeToString = Base64.encodeToString(bArr, 11);
        this.codeVerifier = encodeToString;
        try {
            byte[] bytes = encodeToString.getBytes(StringUtils.USASCII);
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
            messageDigest.update(bytes, 0, bytes.length);
            this.codeChallenge = Base64.encodeToString(messageDigest.digest(), 11);
        } catch (UnsupportedEncodingException | NoSuchAlgorithmException e) {
            ClientLog.e(LOG_TAG, "challenge exception " + e.getMessage());
            this.codeVerifier = "HhOpC7QRgDNYpQAp5QdZYh-pcNwxFnKXhnEFXpexNRE";
            this.codeChallenge = "sijfXSDYKoPLY570hGP0jNFtrIOShyLYWY_e1l6KFlU";
        }
        String str2 = "https://" + this.host + "/c5oidc/oauth/authorization-code?client_id=c5authpkce&response_type=code&scope=openid%20offline_access&redirect_uri=mcapp://localhost/oauth/auth-code-callback/" + AppUtility.getOEM() + "&state=" + this.state + "&code_challenge_method=S256&code_challenge=" + this.codeChallenge;
        if (str != null) {
            str2 = str2 + "&user=" + str;
        }
        String str3 = str2 + "&kc_locale=" + Locale.getDefault().getLanguage();
        ClientLog.i(LOG_TAG, "browserLogin url=" + str3);
        CustomTabsIntent build = new CustomTabsIntent.Builder().setInitialActivityHeightPx(300).setDefaultColorSchemeParams(new CustomTabColorSchemeParams.Builder().build()).build();
        build.intent.addFlags(BasicMeasure.EXACTLY);
        build.launchUrl(context, Uri.parse(str3));
    }

    /* JADX WARN: Type inference failed for: r0v0, types: [mobilecontrol.android.auth.OAuth2$1] */
    public void checkHost(final String str, final String str2, final OAUth2CheckHostResponse oAUth2CheckHostResponse) {
        new AsyncTask<Void, Void, Boolean>() { // from class: mobilecontrol.android.auth.OAuth2.1
            /* JADX INFO: Access modifiers changed from: protected */
            @Override // android.os.AsyncTask
            public Boolean doInBackground(Void... voidArr) {
                return Boolean.valueOf(OAuth2.this.checkHost(str, str2));
            }

            /* JADX INFO: Access modifiers changed from: protected */
            @Override // android.os.AsyncTask
            public void onPostExecute(Boolean bool) {
                oAUth2CheckHostResponse.onSuccess(bool.booleanValue());
            }
        }.execute(new Void[0]);
    }

    public boolean checkHost(String str) {
        return true;
    }

    public boolean checkHost(String str, String str2) {
        String str3;
        String str4 = LOG_TAG;
        ClientLog.i(str4, "checkHost host=" + str + " user=" + str2);
        setHost(str);
        if (str2.isEmpty()) {
            str3 = "";
        } else {
            str3 = "?user=" + str2;
        }
        JSONObject sendRequest = sendRequest(CHECK_PATH + str3, "", false);
        if (sendRequest == null) {
            ClientLog.i(str4, "checkHost: OAuth2 unavailable");
            ServerInfo.setHasOAuth2(false);
            return false;
        }
        boolean hasOAuth2 = ServerInfo.hasOAuth2();
        try {
            hasOAuth2 = sendRequest.getBoolean("oauthEnabled");
            sendRequest.getString("error");
            sendRequest.getString("errorDescription");
        } catch (JSONException e) {
            ClientLog.w(LOG_TAG, "checkHost exception: " + e.getMessage());
        }
        ServerInfo.setHasOAuth2(hasOAuth2);
        if (UserInfo.getRefreshToken().isEmpty()) {
            UserInfo.setRefreshToken("invalid");
        }
        ClientLog.i(LOG_TAG, "checkHost enabled=" + ServerInfo.hasOAuth2());
        return hasOAuth2;
    }

    public void logout() {
        String str = LOG_TAG;
        ClientLog.i(str, "logout");
        if (this.refreshToken.isEmpty()) {
            ClientLog.i(str, "logout: no token to revoke");
            return;
        }
        this.accessToken = "";
        this.refreshToken = "";
        UserInfo.setAccessToken("");
        UserInfo.setAccessTokenExpires(0L);
        UserInfo.setRefreshToken("");
        UserInfo.makePersistant();
    }

    public void onPause() {
        if (ServerInfo.hasOAuth2()) {
            cancelRefreshTimer();
        }
    }

    public void onResume() {
        if (AppUtility.canSendPalRequests() && ServerInfo.hasOAuth2() && !UserInfo.getAccessToken().isEmpty()) {
            long accessTokenExpires = UserInfo.getAccessTokenExpires() - System.currentTimeMillis();
            if (accessTokenExpires <= WorkRequest.MIN_BACKOFF_MILLIS) {
                ClientLog.i(LOG_TAG, "onResume: token expired. ms=" + accessTokenExpires);
                getInstance().refreshToken(new OAuth2Response() { // from class: mobilecontrol.android.auth.OAuth2.5
                    @Override // mobilecontrol.android.auth.OAuth2.OAuth2Response
                    public void onComplete(boolean z) {
                        MobileClientApp.sPalService.palSetOAuthToken(new PalServiceListener());
                    }
                });
                return;
            }
            ClientLog.i(LOG_TAG, "onResume: token valid ms=" + accessTokenExpires);
            setRefreshTimer((int) (accessTokenExpires / 1000));
        }
    }

    /* JADX WARN: Type inference failed for: r0v1, types: [mobilecontrol.android.auth.OAuth2$4] */
    public void refreshToken(final OAuth2Response oAuth2Response) {
        String str = LOG_TAG;
        ClientLog.i(str, "refreshToken");
        if (!this.refreshToken.isEmpty()) {
            new AsyncTask<Void, Void, Boolean>() { // from class: mobilecontrol.android.auth.OAuth2.4
                /* JADX INFO: Access modifiers changed from: protected */
                @Override // android.os.AsyncTask
                public Boolean doInBackground(Void... voidArr) {
                    JSONObject sendRequest = OAuth2.this.sendRequest(OAuth2.TOKEN_PATH, "grant_type=refresh_token&client_id=c5authpkce&refresh_token=" + OAuth2.this.refreshToken, true);
                    if (sendRequest == null) {
                        ClientLog.w(OAuth2.LOG_TAG, "refreshToken no success");
                        return false;
                    }
                    try {
                        OAuth2.this.accessToken = sendRequest.getString("access_token");
                        OAuth2.this.refreshToken = sendRequest.getString("refresh_token");
                        int i = sendRequest.getInt("expires_in");
                        UserInfo.setAccessToken(OAuth2.this.accessToken);
                        UserInfo.setAccessTokenExpires(System.currentTimeMillis() + (i * 1000));
                        UserInfo.setRefreshToken(OAuth2.this.refreshToken);
                        UserInfo.makePersistant();
                        OAuth2.this.setRefreshTimer(i);
                        return true;
                    } catch (JSONException e) {
                        ClientLog.i(OAuth2.LOG_TAG, "refreshToken json " + e.getMessage());
                        try {
                            sendRequest.getString("error");
                        } catch (JSONException unused) {
                            ClientLog.e(OAuth2.LOG_TAG, "no error value " + e.getMessage());
                        }
                        UserInfo.setRefreshToken("invalid");
                        return false;
                    }
                }

                /* JADX INFO: Access modifiers changed from: protected */
                @Override // android.os.AsyncTask
                public void onPostExecute(Boolean bool) {
                    oAuth2Response.onComplete(bool.booleanValue());
                }
            }.execute(new Void[0]);
        } else {
            ClientLog.w(str, "refreshToken: no refreshToken");
            oAuth2Response.onComplete(false);
        }
    }

    /* JADX WARN: Type inference failed for: r0v1, types: [mobilecontrol.android.auth.OAuth2$2] */
    public void requestToken(final String str, final OAuth2Response oAuth2Response) {
        ClientLog.i(LOG_TAG, "requestToken");
        new AsyncTask<Void, Void, Boolean>() { // from class: mobilecontrol.android.auth.OAuth2.2
            /* JADX INFO: Access modifiers changed from: protected */
            @Override // android.os.AsyncTask
            public Boolean doInBackground(Void... voidArr) {
                JSONObject sendRequest = OAuth2.this.sendRequest(OAuth2.TOKEN_PATH, "grant_type=authorization_code&code=" + str + "&client_id=c5authpkce&code_verifier=" + OAuth2.this.codeVerifier + "&redirect_uri=mcapp://localhost/oauth/auth-code-callback/" + AppUtility.getOEM(), true);
                if (sendRequest == null) {
                    ClientLog.w(OAuth2.LOG_TAG, "requestToken no success");
                    return false;
                }
                try {
                    OAuth2.this.accessToken = sendRequest.getString("access_token");
                    OAuth2.this.refreshToken = sendRequest.getString("refresh_token");
                    int i = sendRequest.getInt("expires_in");
                    UserInfo.setAccessToken(OAuth2.this.accessToken);
                    UserInfo.setAccessTokenExpires(System.currentTimeMillis() + (i * 1000));
                    UserInfo.setRefreshToken(OAuth2.this.refreshToken);
                    UserInfo.makePersistant();
                    OAuth2.this.setRefreshTimer(i);
                } catch (JSONException e) {
                    ClientLog.w(OAuth2.LOG_TAG, "requestToken json " + e.getMessage());
                    try {
                        sendRequest.getString("error");
                    } catch (JSONException unused) {
                        ClientLog.e(OAuth2.LOG_TAG, "no error value " + e.getMessage());
                    }
                }
                if (MobileClientApp.getAppStateMachine().isAttachedQuick()) {
                    MobileClientApp.sPalService.palReattach(new PalServiceListener());
                }
                return true;
            }

            /* JADX INFO: Access modifiers changed from: protected */
            @Override // android.os.AsyncTask
            public void onPostExecute(Boolean bool) {
                oAuth2Response.onComplete(bool.booleanValue());
            }
        }.execute(new Void[0]);
    }

    public void setHost(String str) {
        this.host = str;
    }

    public void setRefreshToken(String str) {
        this.refreshToken = str;
    }

    /* JADX WARN: Type inference failed for: r0v1, types: [mobilecontrol.android.auth.OAuth2$3] */
    public void verifyToken(final OAuth2Response oAuth2Response) {
        String str = LOG_TAG;
        ClientLog.i(str, "verifyToken");
        if (!this.accessToken.isEmpty()) {
            new AsyncTask<Void, Void, Boolean>() { // from class: mobilecontrol.android.auth.OAuth2.3
                /* JADX INFO: Access modifiers changed from: protected */
                @Override // android.os.AsyncTask
                public Boolean doInBackground(Void... voidArr) {
                    JSONObject sendRequest = OAuth2.this.sendRequest(OAuth2.TOKEN_PATH, "grant_type=refresh_token&client_id=c5authpkce&refresh_token=" + OAuth2.this.refreshToken, true);
                    if (sendRequest == null) {
                        ClientLog.w(OAuth2.LOG_TAG, "verifyToken no success");
                        return false;
                    }
                    try {
                        OAuth2.this.accessToken = sendRequest.getString("access_token");
                        OAuth2.this.refreshToken = sendRequest.getString("refresh_token");
                        int i = sendRequest.getInt("expires_in");
                        UserInfo.setAccessToken(OAuth2.this.accessToken);
                        UserInfo.setAccessTokenExpires(System.currentTimeMillis() + (i * 1000));
                        UserInfo.setRefreshToken(OAuth2.this.refreshToken);
                        UserInfo.makePersistant();
                        OAuth2.this.setRefreshTimer(i);
                        return true;
                    } catch (JSONException e) {
                        ClientLog.i(OAuth2.LOG_TAG, "refreshToken json " + e.getMessage());
                        try {
                            sendRequest.getString("error");
                        } catch (JSONException unused) {
                            ClientLog.e(OAuth2.LOG_TAG, "no error value " + e.getMessage());
                        }
                        UserInfo.setRefreshToken("invalid");
                        return false;
                    }
                }

                /* JADX INFO: Access modifiers changed from: protected */
                @Override // android.os.AsyncTask
                public void onPostExecute(Boolean bool) {
                    oAuth2Response.onComplete(bool.booleanValue());
                }
            }.execute(new Void[0]);
        } else {
            ClientLog.w(str, "verifyToken: no accessToken");
            oAuth2Response.onComplete(false);
        }
    }
}
