package com.l7tech.msso.policy;

import android.content.Context;
import android.util.Log;
import com.l7tech.msso.context.MssoContext;
import com.l7tech.msso.context.MssoException;
import com.l7tech.msso.policy.exceptions.CredentialRequiredException;
import com.l7tech.msso.policy.exceptions.JwtValidationException;
import com.l7tech.msso.policy.exceptions.MAGException;
import com.l7tech.msso.policy.exceptions.MssoStateException;
import com.l7tech.msso.policy.exceptions.RetryRequestException;
import com.l7tech.msso.request.LocalRequest;
import com.l7tech.msso.store.TokenProvider;
import com.l7tech.msso.token.Credentials;
import com.l7tech.msso.token.IdToken;
import com.l7tech.msso.token.JsonResponse;
import com.l7tech.msso.token.TokenServerClient;
import com.l7tech.msso.token.TokenServerException;
import org.apache.http.Header;
import org.apache.http.HttpResponse;
import org.apache.http.StatusLine;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes.dex */
public class AccessTokenPolicy implements MssoPolicy {
    private static final String TAG = AccessTokenPolicy.class.getName();
    private TokenProvider tokenProvider;
    private TokenServerClient tokenServerClient;

    /* JADX WARN: Removed duplicated region for block: B:11:? A[RETURN, SYNTHETIC] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private java.lang.String findAccessToken(com.l7tech.msso.context.MssoContext r6) throws com.l7tech.msso.policy.exceptions.CredentialRequiredException, com.l7tech.msso.policy.exceptions.MAGException {
        /*
            r5 = this;
            r1 = 0
            java.lang.String r0 = r6.getAccessToken()
            if (r0 == 0) goto L1a
            boolean r2 = r5.isAccessTokenStillValid(r6)
            if (r2 == 0) goto Le
        Ld:
            return r0
        Le:
            java.lang.String r0 = r6.getRefreshToken()
            if (r0 == 0) goto L45
            java.lang.String r0 = r5.obtainAccessTokenUsingRefreshToken(r6, r0)     // Catch: com.l7tech.msso.token.TokenServerException -> L27
        L18:
            if (r0 != 0) goto Ld
        L1a:
            com.l7tech.msso.token.TokenServerClient r0 = r5.tokenServerClient
            if (r0 != 0) goto L47
            java.lang.IllegalStateException r0 = new java.lang.IllegalStateException
            java.lang.String r1 = "policy not initialized"
            r0.<init>(r1)
            throw r0
        L27:
            r0 = move-exception
            java.lang.String r2 = com.l7tech.msso.policy.AccessTokenPolicy.TAG
            java.lang.StringBuilder r3 = new java.lang.StringBuilder
            r3.<init>()
            java.lang.String r4 = "Refresh token failed, will fall back to ID token or password: "
            java.lang.StringBuilder r3 = r3.append(r4)
            java.lang.String r4 = r0.getMessage()
            java.lang.StringBuilder r3 = r3.append(r4)
            java.lang.String r3 = r3.toString()
            android.util.Log.w(r2, r3, r0)
        L45:
            r0 = r1
            goto L18
        L47:
            com.l7tech.msso.token.IdToken r0 = r6.getIdToken()
            if (r0 == 0) goto L52
            java.lang.String r0 = r5.obtainAccessTokenUsingIdToken(r6, r0)
            goto Ld
        L52:
            com.l7tech.msso.conf.ConfigurationProvider r0 = r6.getConfigurationProvider()
            java.lang.String r1 = "msso.sso.enabled"
            java.lang.Object r0 = r0.getProperty(r1)
            java.lang.Boolean r0 = (java.lang.Boolean) r0
            if (r0 == 0) goto L77
            boolean r0 = r0.booleanValue()
            if (r0 == 0) goto L77
            com.l7tech.msso.token.IdToken r0 = r6.getIdToken()
            if (r0 != 0) goto L77
            r0 = 1
        L6e:
            com.l7tech.msso.token.Credentials r1 = getCredsOrThrow(r6)
            java.lang.String r0 = r5.obtainAccessTokenUsingCredential(r6, r1, r0)
            goto Ld
        L77:
            r0 = 0
            goto L6e
        */
        throw new UnsupportedOperationException("Method not decompiled: com.l7tech.msso.policy.AccessTokenPolicy.findAccessToken(com.l7tech.msso.context.MssoContext):java.lang.String");
    }

    private static Credentials getCredsOrThrow(MssoContext mssoContext) throws CredentialRequiredException {
        Credentials credentials = mssoContext.getCredentials();
        if (credentials == null) {
            throw new CredentialRequiredException();
        }
        if (credentials.isValid()) {
            return credentials;
        }
        throw new CredentialRequiredException();
    }

    private boolean isAccessTokenStillValid(MssoContext mssoContext) {
        long accessTokenExpiry = mssoContext.getAccessTokenExpiry();
        return accessTokenExpiry <= 0 || System.currentTimeMillis() <= accessTokenExpiry;
    }

    private String obtainAccessTokenUsingCredential(MssoContext mssoContext, Credentials credentials, boolean z) throws MAGException {
        try {
            JsonResponse obtainTokensUsingCredentials = this.tokenServerClient.obtainTokensUsingCredentials(this.tokenProvider.getDeviceIdentifier(), credentials, mssoContext.getClientId(), mssoContext.getClientSecret(), z, mssoContext.getConfigurationProvider().getClientScope());
            IdToken idToken = obtainTokensUsingCredentials.getIdToken();
            if (idToken != null) {
                try {
                    mssoContext.onIdTokenAvailable(idToken);
                } catch (JwtValidationException e) {
                    throw new JwtValidationException(e.getErrorCode(), e.getMessage(), e);
                }
            }
            String accessToken = obtainTokensUsingCredentials.getAccessToken();
            mssoContext.onAccessTokenAvailable(accessToken, obtainTokensUsingCredentials.getRefreshToken(), obtainTokensUsingCredentials.getExpiresIn());
            if (!(accessToken != null) || !credentials.isReuseable()) {
            }
            return accessToken;
        } finally {
            mssoContext.setCredentials(null);
        }
    }

    private String obtainAccessTokenUsingIdToken(MssoContext mssoContext, IdToken idToken) throws CredentialRequiredException, MAGException {
        try {
            JsonResponse obtainAccessTokenUsingIdToken = this.tokenServerClient.obtainAccessTokenUsingIdToken(this.tokenProvider.getDeviceIdentifier(), idToken, mssoContext.getClientId(), mssoContext.getClientSecret(), mssoContext.getConfigurationProvider().getClientScope());
            String accessToken = obtainAccessTokenUsingIdToken.getAccessToken();
            mssoContext.onAccessTokenAvailable(accessToken, obtainAccessTokenUsingIdToken.getRefreshToken(), obtainAccessTokenUsingIdToken.getExpiresIn());
            return accessToken;
        } catch (TokenServerException e) {
            return obtainAccessTokenUsingCredential(mssoContext, getCredsOrThrow(mssoContext), true);
        }
    }

    private String obtainAccessTokenUsingRefreshToken(MssoContext mssoContext, String str) {
        JsonResponse obtainTokenUsingRefreshToken = this.tokenServerClient.obtainTokenUsingRefreshToken(this.tokenProvider.getDeviceIdentifier(), str, mssoContext.getClientId(), mssoContext.getClientSecret());
        String accessToken = obtainTokenUsingRefreshToken.getAccessToken();
        mssoContext.onAccessTokenAvailable(accessToken, obtainTokenUsingRefreshToken.getRefreshToken(), obtainTokenUsingRefreshToken.getExpiresIn());
        return accessToken;
    }

    @Override // com.l7tech.msso.policy.MssoPolicy
    public void close() {
    }

    @Override // com.l7tech.msso.policy.MssoPolicy
    public void init(MssoContext mssoContext, Context context) throws MssoException {
        this.tokenServerClient = new TokenServerClient(mssoContext);
        this.tokenProvider = mssoContext.getTokenManager();
    }

    @Override // com.l7tech.msso.policy.MssoPolicy
    public void processRequest(MssoContext mssoContext, RequestInfo requestInfo) throws MssoException, CredentialRequiredException, MAGException {
        try {
            if (!(requestInfo.getRequest() instanceof LocalRequest) && !requestInfo.getRequest().getURI().getHost().equals(mssoContext.getConfigurationProvider().getTokenHost())) {
                throw new IllegalArgumentException("This method is valid only for the host that has issued the access_token");
            }
            String findAccessToken = findAccessToken(mssoContext);
            if (findAccessToken != null) {
                requestInfo.getRequest().removeHeaders("Authorization");
                requestInfo.getRequest().addHeader("Authorization", "Bearer " + findAccessToken);
            }
        } catch (NullPointerException e) {
            throw new IllegalArgumentException("Please check your configurations. One or more configuration is wrong or incomplete");
        }
    }

    @Override // com.l7tech.msso.policy.MssoPolicy
    public void processResponse(MssoContext mssoContext, RequestInfo requestInfo, HttpResponse httpResponse) throws MssoStateException {
        int statusCode;
        Header[] headers;
        StatusLine statusLine = httpResponse.getStatusLine();
        if (statusLine == null || (statusCode = statusLine.getStatusCode()) < 400 || statusCode >= 500) {
            return;
        }
        Log.d(TAG, "Application web response had status " + statusCode + "; clearing cached access token");
        mssoContext.clearAccessToken();
        if (statusCode != 401 || (headers = httpResponse.getHeaders("www-authenticate")) == null || headers.length <= 0) {
            return;
        }
        for (Header header : headers) {
            String value = header.getValue();
            if (value != null && value.toLowerCase().contains("bearer")) {
                if (requestInfo.isRepeatable()) {
                    throw new RetryRequestException("Access token rejected by server");
                }
                Log.d(TAG, "Unable to retry request -- request is not repeatable");
            }
        }
    }
}
