package com.amazon.identity.auth.device.token;

import android.content.Context;
import android.os.Bundle;
import android.text.TextUtils;
import com.amazon.identity.auth.accounts.DelegatedAccountHelper;
import com.amazon.identity.auth.device.api.MAPAccountManager;
import com.amazon.identity.auth.device.api.TokenKeys;
import com.amazon.identity.auth.device.framework.AuthEndpointErrorParser;
import com.amazon.identity.auth.device.framework.ServiceWrappingContext;
import com.amazon.identity.auth.device.framework.SystemWrapper;
import com.amazon.identity.auth.device.metrics.SSOMetrics;
import com.amazon.identity.auth.device.storage.LocalAppDataAwareDataStorage;
import com.amazon.identity.auth.device.storage.StorageKeyUtils;
import com.amazon.identity.auth.device.utils.AuthPortalHelper;
import com.amazon.identity.auth.device.utils.BuildInfo;
import com.amazon.identity.auth.device.utils.JSONHelpers;
import com.amazon.identity.auth.device.utils.KeyInfo;
import com.amazon.identity.auth.device.utils.MAPLog;
import com.amazon.identity.auth.device.utils.StringConversionHelpers;
import com.amazon.identity.auth.device.utils.TimeUtil;
import com.amazon.identity.auth.device.utils.UnitTestUtils;
import com.amazon.identity.platform.metric.PlatformMetricsTimer;
import com.amazon.identity.platform.setting.PlatformSettingLong;
import com.amazon.identity.platform.setting.PlatformSettingString;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.HttpURLConnection;
import java.net.MalformedURLException;
import java.net.URL;
import java.text.ParseException;
import java.util.ArrayList;
import java.util.List;
import java.util.concurrent.TimeUnit;
import org.apache.http.NameValuePair;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.message.BasicNameValuePair;
import org.json.JSONException;
import org.json.JSONObject;

/* loaded from: classes.dex */
public class OAuthTokenManager {
    private final AuthPortalHelper mAuthPortalHelper;
    private final Context mContext;
    private final DelegatedAccountHelper mDelegatedAccountHelper = new DelegatedAccountHelper();
    private final LocalAppDataAwareDataStorage mLocalAppDataAwareDataStorage;
    private final MAPAccountManager mMapAccountManager;
    private final ServerRegistrationSyncHelper mServerRegSync;
    private final SystemWrapper mSystemWrapper;
    private static final PlatformSettingString AMAZON_DEFAULT_ENDPOINT_SETTING = PlatformSettingString.getInstance("host.amazon.com", "www.amazon.com");
    private static final PlatformSettingLong FUDGE_FACTOR = PlatformSettingLong.getInstance("com.amazon.identity.auth.device.token.OAuthToken.ExpirationFudgeFactor", TimeUtil.fromMinutesTo(1, TimeUnit.MILLISECONDS));
    private static final String TAG = OAuthTokenManager.class.getName();
    private static final String METRICS_COMPONENT_NAME = OAuthTokenManager.class.getSimpleName();

    /* loaded from: classes.dex */
    public static final class OAuthTokenManagerException extends Exception {
        private final int mErrorCode;
        private final String mErrorMsg;

        public OAuthTokenManagerException(int i, String str) {
            super(str);
            this.mErrorCode = i;
            this.mErrorMsg = str;
        }

        public int getErrorCode() {
            return this.mErrorCode;
        }

        public String getErrorMsg() {
            return this.mErrorMsg;
        }
    }

    public OAuthTokenManager(Context context) {
        this.mContext = ServiceWrappingContext.create(context);
        this.mSystemWrapper = (SystemWrapper) this.mContext.getSystemService("dcp_system");
        this.mLocalAppDataAwareDataStorage = new LocalAppDataAwareDataStorage(this.mContext);
        this.mAuthPortalHelper = new AuthPortalHelper(this.mContext);
        this.mMapAccountManager = new MAPAccountManager(this.mContext);
        this.mServerRegSync = new ServerRegistrationSyncHelper(this.mContext, this.mLocalAppDataAwareDataStorage);
    }

    private void addAppParams(List<NameValuePair> list) {
        list.add(new BasicNameValuePair("app_name", this.mContext.getPackageName()));
        list.add(new BasicNameValuePair("app_version", String.valueOf(BuildInfo.getVersion())));
    }

    private String createErrorMsg(AuthEndpointErrorParser.AuthEndpointError authEndpointError) {
        return authEndpointError != null ? String.format("Received Error code %s from the server. Message: %s .Detail: %s", authEndpointError.getAuthTypeError().getCode(), authEndpointError.getMessage(), authEndpointError.getDetail()) : "Invalid error response received from the token exchange endpoint";
    }

    private String exchangeDMSCredentialsForOAuthTokenAndStore(String str, String str2, boolean z) throws OAuthTokenManagerException {
        if (str == null) {
            throw new OAuthTokenManagerException(8, "Given Account is currently not valid");
        }
        MAPLog.i(TAG, "Exchange DMS token to OAuth token for package" + str2);
        HttpURLConnection httpURLConnection = null;
        try {
            try {
                try {
                    PlatformMetricsTimer startPeriodicTimer = SSOMetrics.startPeriodicTimer(METRICS_COMPONENT_NAME, "exchangeDMSCredentialsForOAuthToken");
                    URL exchangeTokenURL = getExchangeTokenURL(str);
                    MAPLog.i(TAG, "Exchanging tokens with exchange token endpoint: " + exchangeTokenURL);
                    HttpURLConnection startIdentityRequest = this.mAuthPortalHelper.startIdentityRequest(this.mContext, exchangeTokenURL, getExchangeTokenBody(), true, null, str, str2);
                    int responseCode = startIdentityRequest.getResponseCode();
                    MAPLog.i(TAG, "Response received for exchange DMS to OAuth end-point");
                    JSONObject json = JSONHelpers.toJson(startIdentityRequest);
                    startPeriodicTimer.stop();
                    if (this.mAuthPortalHelper.isFailure(responseCode)) {
                        throw new OAuthTokenManagerException(MAPAccountManager.RegistrationError.PARSE_ERROR.value(), createErrorMsg(this.mAuthPortalHelper.handleTokenExchangeError(str, str2, json, responseCode, AuthPortalHelper.AuthTokenExchangeType.DMSTokenToOauthTokenExchange, this.mMapAccountManager)));
                    }
                    String receiveAndStoreUpdatedTokensForDMSTokenExchange = receiveAndStoreUpdatedTokensForDMSTokenExchange(str, str2, json, z);
                    if (startIdentityRequest != null) {
                        startIdentityRequest.disconnect();
                    }
                    return receiveAndStoreUpdatedTokensForDMSTokenExchange;
                } catch (ParseException e) {
                    throw new OAuthTokenManagerException(5, e.getMessage());
                }
            } catch (IOException e2) {
                throw new OAuthTokenManagerException(3, e2.getMessage());
            } catch (JSONException e3) {
                throw new OAuthTokenManagerException(5, e3.getMessage());
            }
        } catch (Throwable th) {
            if (0 != 0) {
                httpURLConnection.disconnect();
            }
            throw th;
        }
    }

    private String getDirectedIdDelegatee(String str, Bundle bundle) {
        String string = bundle.getString("com.amazon.dcp.sso.property.account.delegateeaccount");
        return TextUtils.isEmpty(string) ? this.mDelegatedAccountHelper.getDelegateeAccountForTheDelegatedAccount(str, this.mLocalAppDataAwareDataStorage) : string;
    }

    private UrlEncodedFormEntity getExchangeTokenBody() throws UnsupportedEncodingException {
        ArrayList arrayList = new ArrayList();
        arrayList.add(new BasicNameValuePair("source_token_type", "dms_token"));
        arrayList.add(new BasicNameValuePair("source_token", "source_token"));
        arrayList.add(new BasicNameValuePair("requested_token_type", "refresh_token"));
        addAppParams(arrayList);
        return new UrlEncodedFormEntity(arrayList, "UTF-8");
    }

    private URL getExchangeTokenURL(String str) {
        String userData = this.mLocalAppDataAwareDataStorage.getUserData(str, "authDomain");
        if (userData == null) {
            userData = AMAZON_DEFAULT_ENDPOINT_SETTING.getValue();
        }
        try {
            return new URL(String.format("https://%s:443/ap/exchangetoken", userData));
        } catch (MalformedURLException e) {
            throw new AssertionError("Should never happen; hardcoded constant.");
        }
    }

    private String getLocalAccessToken(String str, String str2) {
        return this.mLocalAppDataAwareDataStorage.peekToken(str, getLocalAccessTokenKey(str2));
    }

    private String getLocalAccessTokenKey(String str) {
        return TokenKeys.getAccessTokenKeyForPackage(str);
    }

    private String getLocalExpireInKey(String str) {
        return StorageKeyUtils.getKeyWithPackageNamespace(str, "com.amazon.dcp.sso.token.oauth.amazon.access_token.expires_at");
    }

    private String getLocalRefreshToken(String str, String str2) {
        return this.mLocalAppDataAwareDataStorage.peekToken(str, getLocalRefreshTokenKey(str2));
    }

    private String getLocalRefreshTokenKey(String str) {
        return StorageKeyUtils.getKeyWithPackageNamespace(str, "com.amazon.dcp.sso.token.oauth.amazon.refresh_token");
    }

    private UrlEncodedFormEntity getRefreshDelegatedOAuthTokenBody(String str, String str2) throws UnsupportedEncodingException {
        ArrayList arrayList = new ArrayList();
        addAppParams(arrayList);
        arrayList.add(new BasicNameValuePair("source_token_type", "refresh_token"));
        arrayList.add(new BasicNameValuePair("source_token", str));
        arrayList.add(new BasicNameValuePair("requested_token_type", "delegated_access_token"));
        arrayList.add(new BasicNameValuePair("directed_id", str2));
        return new UrlEncodedFormEntity(arrayList, "UTF-8");
    }

    private UrlEncodedFormEntity getRefreshOAuthTokenBody(String str) throws UnsupportedEncodingException {
        ArrayList arrayList = new ArrayList();
        addAppParams(arrayList);
        arrayList.add(new BasicNameValuePair("source_token_type", "refresh_token"));
        arrayList.add(new BasicNameValuePair("source_token", str));
        arrayList.add(new BasicNameValuePair("requested_token_type", "access_token"));
        return new UrlEncodedFormEntity(arrayList, "UTF-8");
    }

    private String handleGetAccessTokenForDelegatedAccount(String str, String str2, KeyInfo keyInfo, Bundle bundle) throws OAuthTokenManagerException {
        if (TextUtils.isEmpty(str) || TextUtils.isEmpty(str2)) {
            throw new OAuthTokenManagerException(8, "Given account or delegated account is currently not valid");
        }
        String packageName = keyInfo.getPackageName();
        MAPLog.i(TAG, "Getting delegated access token for package " + packageName);
        if (!this.mMapAccountManager.isAccountRegistered(str) && !UnitTestUtils.isRunningInUnitTest()) {
            MAPLog.e(TAG, String.format("The delegatee account %s is already deregistered.", str));
            throw new OAuthTokenManagerException(MAPAccountManager.RegistrationError.DELEGATEE_ACCOUNT_ALREADY_DEREGISTERED.value(), "The delegatee account is already deregistered on this device");
        }
        if (requireExchangeDMSTokenForOAuthToken(bundle)) {
            return refreshDelegatedOAuthTokenAndStore(str, str2, exchangeDMSCredentialsForOAuthTokenAndStore(str, keyInfo.getPackageName(), true), keyInfo.getPackageName());
        }
        if (!requireRefreshOauthToken(str2, keyInfo, bundle)) {
            return null;
        }
        String refreshToken = getRefreshToken(str, packageName);
        if (TextUtils.isEmpty(refreshToken)) {
            refreshToken = exchangeDMSCredentialsForOAuthTokenAndStore(str, keyInfo.getPackageName(), true);
        }
        return refreshDelegatedOAuthTokenAndStore(str, str2, refreshToken, keyInfo.getPackageName());
    }

    private String handleGetAccessTokenForNormalAccount(String str, KeyInfo keyInfo, Bundle bundle) throws OAuthTokenManagerException {
        String packageName = keyInfo.getPackageName();
        MAPLog.d(TAG, "Getting access token for package " + packageName);
        if (!hasLocalOAuthRefreshToken(str, packageName) || requireExchangeDMSTokenForOAuthToken(bundle)) {
            return exchangeDMSCredentialsForOAuthTokenAndStore(str, keyInfo.getPackageName(), false);
        }
        if (requireRefreshOauthToken(str, keyInfo, bundle)) {
            return refreshOAuthTokenAndStore(str, keyInfo.getPackageName());
        }
        return null;
    }

    private boolean isAccessTokenExpiring(Long l, Long l2, Bundle bundle) {
        return (l2.longValue() + bundle.getLong("com.amazon.identity.auth.device.api.TokenKeys.Options.OAuthAccessTokenTTLInMilliSec", 0L)) + FUDGE_FACTOR.getValue() >= l.longValue();
    }

    private String receiveAndStoreUpdatedTokensForDMSTokenExchange(String str, String str2, JSONObject jSONObject, boolean z) throws ParseException, JSONException {
        JSONObject jSONObject2 = jSONObject.getJSONObject("response");
        int i = jSONObject2.getInt("expires_in");
        String string = jSONObject2.getString("token_type");
        String string2 = jSONObject2.getString("refresh_token");
        String string3 = jSONObject2.getString("access_token");
        if (!"bearer_token".equals(string)) {
            throw new ParseException("Unexpected token type.", 0);
        }
        if (string3 == null || string2 == null) {
            throw new ParseException("Incomplete response.", 0);
        }
        long currentTimeMillis = System.currentTimeMillis() + TimeUnit.MILLISECONDS.convert(i, TimeUnit.SECONDS);
        this.mLocalAppDataAwareDataStorage.setToken(str, getLocalRefreshTokenKey(str2), string2);
        this.mLocalAppDataAwareDataStorage.setToken(str, getLocalAccessTokenKey(str2), string3);
        this.mLocalAppDataAwareDataStorage.setToken(str, getLocalExpireInKey(str2), Long.toString(currentTimeMillis));
        this.mServerRegSync.recordRegistrationCheckTime(str);
        return z ? string2 : string3;
    }

    private String receiveAndStoreUpdatedTokensForOAuthRefresh(String str, String str2, JSONObject jSONObject) throws ParseException, JSONException {
        JSONObject jSONObject2 = jSONObject.getJSONObject("response");
        long j = jSONObject2.getLong("token_expires_in");
        String string = jSONObject2.getString("token_type");
        String string2 = jSONObject2.getString("token");
        if (!"bearer_token".equals(string)) {
            throw new ParseException("Unexpected token type.", 0);
        }
        if (string2 == null) {
            throw new ParseException("Incomplete response.", 0);
        }
        if (this.mMapAccountManager.isAccountRegistered(str) || UnitTestUtils.isRunningInUnitTest()) {
            long currentTimeMillis = System.currentTimeMillis() + TimeUnit.MILLISECONDS.convert(j, TimeUnit.SECONDS);
            this.mLocalAppDataAwareDataStorage.setToken(str, getLocalAccessTokenKey(str2), string2);
            this.mLocalAppDataAwareDataStorage.setToken(str, getLocalExpireInKey(str2), Long.toString(currentTimeMillis));
            this.mServerRegSync.recordRegistrationCheckTime(str);
        }
        return string2;
    }

    private String refreshDelegatedOAuthTokenAndStore(String str, String str2, String str3, String str4) throws OAuthTokenManagerException {
        MAPLog.i(TAG, String.format("Refreshing delegated access token for package %s", str4));
        HttpURLConnection httpURLConnection = null;
        try {
            try {
                try {
                    PlatformMetricsTimer startPeriodicTimer = SSOMetrics.startPeriodicTimer(METRICS_COMPONENT_NAME, "refreshDelegatedOAuthToken");
                    HttpURLConnection startIdentityRequest = this.mAuthPortalHelper.startIdentityRequest(this.mContext, getExchangeTokenURL(str), getRefreshDelegatedOAuthTokenBody(str3, str2), false, null, str2, str4);
                    int responseCode = startIdentityRequest.getResponseCode();
                    MAPLog.i(TAG, "Response received from OAuth refresh to delegated access exchange end-point");
                    JSONObject json = JSONHelpers.toJson(startIdentityRequest);
                    startPeriodicTimer.stop();
                    if (this.mAuthPortalHelper.isFailure(responseCode)) {
                        AuthEndpointErrorParser.AuthEndpointError handleTokenExchangeError = this.mAuthPortalHelper.handleTokenExchangeError(str, str4, json, responseCode, AuthPortalHelper.AuthTokenExchangeType.OauthRefreshToDelegationAccessExchange, this.mMapAccountManager);
                        throw new OAuthTokenManagerException(MAPAccountManager.RegistrationError.PARSE_ERROR.value(), String.format("Received Error code %s from the server. Message: %s .Detail: %s", handleTokenExchangeError.getAuthTypeError().getCode(), handleTokenExchangeError.getMessage(), handleTokenExchangeError.getDetail()));
                    }
                    String receiveAndStoreUpdatedTokensForOAuthRefresh = receiveAndStoreUpdatedTokensForOAuthRefresh(str2, str4, json);
                    if (startIdentityRequest != null) {
                        startIdentityRequest.disconnect();
                    }
                    return receiveAndStoreUpdatedTokensForOAuthRefresh;
                } catch (ParseException e) {
                    throw new OAuthTokenManagerException(5, e.getMessage());
                }
            } catch (IOException e2) {
                throw new OAuthTokenManagerException(3, e2.getMessage());
            } catch (JSONException e3) {
                throw new OAuthTokenManagerException(5, e3.getMessage());
            }
        } catch (Throwable th) {
            if (0 != 0) {
                httpURLConnection.disconnect();
            }
            throw th;
        }
    }

    private String refreshNormalOAuthTokenAndStore(String str, String str2) throws OAuthTokenManagerException {
        String receiveAndStoreUpdatedTokensForOAuthRefresh;
        HttpURLConnection httpURLConnection = null;
        try {
            try {
                try {
                    String token = this.mLocalAppDataAwareDataStorage.getToken(str, getLocalRefreshTokenKey(str2));
                    if (token == null) {
                        receiveAndStoreUpdatedTokensForOAuthRefresh = exchangeDMSCredentialsForOAuthTokenAndStore(str, str2, false);
                    } else {
                        PlatformMetricsTimer startPeriodicTimer = SSOMetrics.startPeriodicTimer(METRICS_COMPONENT_NAME, "refreshNormalOAuthToken");
                        HttpURLConnection startIdentityRequest = this.mAuthPortalHelper.startIdentityRequest(this.mContext, getExchangeTokenURL(str), getRefreshOAuthTokenBody(token), false, null, str, str2);
                        int responseCode = startIdentityRequest.getResponseCode();
                        MAPLog.i(TAG, "Response received from OAuth refresh to access exchange end-point");
                        JSONObject json = JSONHelpers.toJson(startIdentityRequest);
                        startPeriodicTimer.stop();
                        if (this.mAuthPortalHelper.isFailure(responseCode)) {
                            throw new OAuthTokenManagerException(MAPAccountManager.RegistrationError.PARSE_ERROR.value(), createErrorMsg(this.mAuthPortalHelper.handleTokenExchangeError(str, str2, json, responseCode, AuthPortalHelper.AuthTokenExchangeType.OauthRefreshToAccessExchange, this.mMapAccountManager)));
                        }
                        receiveAndStoreUpdatedTokensForOAuthRefresh = receiveAndStoreUpdatedTokensForOAuthRefresh(str, str2, json);
                        if (startIdentityRequest != null) {
                            startIdentityRequest.disconnect();
                        }
                    }
                    return receiveAndStoreUpdatedTokensForOAuthRefresh;
                } catch (JSONException e) {
                    throw new OAuthTokenManagerException(5, e.getMessage());
                }
            } catch (IOException e2) {
                throw new OAuthTokenManagerException(3, e2.getMessage());
            } catch (ParseException e3) {
                throw new OAuthTokenManagerException(5, e3.getMessage());
            }
        } finally {
            if (0 != 0) {
                httpURLConnection.disconnect();
            }
        }
    }

    private boolean requireExchangeDMSTokenForOAuthToken(Bundle bundle) {
        if (!(bundle != null ? bundle : new Bundle()).getBoolean("com.amazon.identity.auth.device.api.TokenKeys.Options.ForceRefreshDMSTokenForOAuthToken")) {
            return false;
        }
        MAPLog.i(TAG, "Force refresh the DMS token for OAuth token.");
        return true;
    }

    private boolean requireRefreshOauthToken(String str, KeyInfo keyInfo, Bundle bundle) {
        if (!hasLocalOAuthAccessToken(str, keyInfo.getPackageName())) {
            return true;
        }
        Long l = StringConversionHelpers.toLong(this.mLocalAppDataAwareDataStorage.getToken(str, getLocalExpireInKey(keyInfo.getPackageName())));
        long currentTimeMillis = this.mSystemWrapper.currentTimeMillis();
        Bundle bundle2 = bundle != null ? bundle : new Bundle();
        if (l != null && isAccessTokenExpiring(l, Long.valueOf(currentTimeMillis), bundle2)) {
            MAPLog.i(TAG, "OAuth access token near or past expiry. Refreshing...");
            return true;
        }
        if (!bundle2.getBoolean("com.amazon.identity.auth.device.api.TokenKeys.Options.ForceRefreshOAuthToken")) {
            return false;
        }
        MAPLog.i(TAG, "Force refresh the OAuth token.");
        return true;
    }

    public String getAccessToken(String str, KeyInfo keyInfo, Bundle bundle) throws OAuthTokenManagerException {
        if (TextUtils.isEmpty(str)) {
            throw new OAuthTokenManagerException(8, "Given Account is currently not valid");
        }
        if (!"com.amazon.dcp.sso.token.oauth.amazon.access_token".equals(keyInfo.getKey())) {
            throw new OAuthTokenManagerException(7, String.format("Token key %s is not a valid key", keyInfo.getRawKey()));
        }
        Bundle bundle2 = bundle == null ? new Bundle() : bundle;
        String directedIdDelegatee = getDirectedIdDelegatee(str, bundle2);
        String handleGetAccessTokenForDelegatedAccount = !TextUtils.isEmpty(directedIdDelegatee) ? handleGetAccessTokenForDelegatedAccount(directedIdDelegatee, str, keyInfo, bundle2) : handleGetAccessTokenForNormalAccount(str, keyInfo, bundle2);
        return TextUtils.isEmpty(handleGetAccessTokenForDelegatedAccount) ? this.mLocalAppDataAwareDataStorage.getToken(str, keyInfo.getRawKey()) : handleGetAccessTokenForDelegatedAccount;
    }

    public String getRefreshToken(String str, String str2) throws OAuthTokenManagerException {
        String localRefreshToken = getLocalRefreshToken(str, str2);
        return localRefreshToken != null ? localRefreshToken : exchangeDMSCredentialsForOAuthTokenAndStore(str, str2, true);
    }

    public boolean hasLocalOAuthAccessToken(String str, String str2) {
        return getLocalAccessToken(str, str2) != null;
    }

    public boolean hasLocalOAuthRefreshToken(String str, String str2) {
        return getLocalRefreshToken(str, str2) != null;
    }

    public String refreshOAuthTokenAndStore(String str, String str2) throws OAuthTokenManagerException {
        if (str == null) {
            throw new OAuthTokenManagerException(8, "Given Account is currently not valid");
        }
        MAPLog.i(TAG, "Refreshing access token for package " + str2);
        String directedIdDelegatee = getDirectedIdDelegatee(str, new Bundle());
        if (TextUtils.isEmpty(directedIdDelegatee)) {
            return refreshNormalOAuthTokenAndStore(str, str2);
        }
        String token = this.mLocalAppDataAwareDataStorage.getToken(directedIdDelegatee, getLocalRefreshTokenKey(str2));
        if (TextUtils.isEmpty(token)) {
            token = exchangeDMSCredentialsForOAuthTokenAndStore(directedIdDelegatee, str2, true);
        }
        return refreshDelegatedOAuthTokenAndStore(directedIdDelegatee, str, token, str2);
    }
}
