package com.l7tech.msso.token;

import android.util.Base64;
import android.util.Log;
import android.util.Pair;
import com.healthagen.iTriage.newsAlerts.NewsAlertsConstants;
import com.l7tech.msso.MobileSsoConfig;
import com.l7tech.msso.cert.CertUtils;
import com.l7tech.msso.conf.ConfigurationProvider;
import com.l7tech.msso.context.MssoContext;
import com.l7tech.msso.context.MssoException;
import com.l7tech.msso.io.Charsets;
import com.l7tech.msso.io.IoUtils;
import com.l7tech.msso.io.http.HttpUtils;
import com.l7tech.msso.policy.exceptions.ClientCredentialCreateException;
import java.io.IOException;
import java.io.InputStream;
import java.io.UnsupportedEncodingException;
import java.net.URI;
import java.net.URLEncoder;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import org.apache.http.Header;
import org.apache.http.HttpEntity;
import org.apache.http.HttpResponse;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.client.methods.HttpDelete;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.client.methods.HttpUriRequest;
import org.apache.http.entity.ByteArrayEntity;
import org.apache.http.message.BasicNameValuePair;
import org.apache.http.util.EntityUtils;
import org.json.JSONException;
import org.json.JSONObject;
import org.spongycastle.asn1.cmp.PKIFailureInfo;

/* loaded from: classes.dex */
public class TokenServerClient {
    static final int MAX_CHAIN_BYTES = 102400;
    static final int MAX_JSON_BYTES = 102400;
    private static final String TAG = "Msso.TokenServerClient";
    final ConfigurationProvider conf;
    final MssoContext mssoContext;

    /* loaded from: classes.dex */
    public interface DeviceRegistrationResult {
        X509Certificate[] getClientCertificateChain();

        String getDeviceIdentifier();

        DeviceStatus getDeviceStatus();

        IdToken getIdToken();
    }

    /* loaded from: classes.dex */
    public enum DeviceStatus {
        ACTIVATED,
        REGISTERED
    }

    public TokenServerClient(MssoContext mssoContext) {
        if (mssoContext == null) {
            throw new NullPointerException("mssoContext");
        }
        this.mssoContext = mssoContext;
        this.conf = mssoContext.getConfigurationProvider();
        if (this.conf == null) {
            throw new IllegalArgumentException("mssoContext contains no configurationProvider");
        }
    }

    private String findDeviceIdentifier(HttpResponse httpResponse) {
        Header[] headers = httpResponse.getHeaders("device-identifier");
        if (headers == null || headers.length != 1) {
            throw new MssoException("register_device response did not include exactly one device identifier header.");
        }
        String value = headers[0].getValue();
        byte[] decode = Base64.decode(value, 0);
        if (decode == null || decode.length < 1) {
            throw new MssoException("register_device response did not include a valid device identifier.");
        }
        return value;
    }

    private static DeviceStatus findDeviceStatus(HttpResponse httpResponse) {
        Header[] headers = httpResponse.getHeaders("device-status");
        if (headers == null || headers.length != 1) {
            throw new MssoException("register_device response did not include exactly one device status header.");
        }
        String value = headers[0].getValue();
        if ("activated".equalsIgnoreCase(value)) {
            return DeviceStatus.ACTIVATED;
        }
        if ("registered".equalsIgnoreCase(value)) {
            return DeviceStatus.REGISTERED;
        }
        throw new MssoException("register_device response did not include a recognized device status.  Status was: " + value);
    }

    private IdToken findIdToken(HttpResponse httpResponse, boolean z) {
        Header[] headers = httpResponse.getHeaders("id-token");
        Header[] headers2 = httpResponse.getHeaders("id-token-type");
        if (headers == null || headers.length != 1 || headers2 == null || headers2.length != 1) {
            if (z) {
                throw new MssoException("register_device response did not include exactly one ID token and ID Token type header.");
            }
            return null;
        }
        String value = headers[0].getValue();
        if (value.trim().length() < 1) {
            throw new MssoException("register_device response did not include a valid ID token.");
        }
        String value2 = headers2[0].getValue();
        if (value2.trim().length() < 1) {
            throw new MssoException("register_device response did not include a valid ID token type.");
        }
        return new IdToken(value, value2);
    }

    private JsonResponse obtainJsonResponse(HttpUriRequest httpUriRequest) throws MssoException {
        URI uri = httpUriRequest.getURI();
        try {
            HttpResponse execute = this.mssoContext.getHttpClient().execute(httpUriRequest);
            Log.d(TAG, "JWT response status: " + execute.getStatusLine().toString());
            HttpEntity entity = execute.getEntity();
            if (entity == null) {
                throw new MssoException("Response from " + uri + " did not contain an entity");
            }
            try {
                InputStream content = entity.getContent();
                byte[] slurpStream = content == null ? null : IoUtils.slurpStream(content, 102400);
                String str = slurpStream != null ? new String(slurpStream) : null;
                int statusCode = execute.getStatusLine().getStatusCode();
                if (str == null) {
                    throw new MssoException("response from " + uri + " was empty, with status=" + statusCode);
                }
                return new JsonResponse(statusCode, str);
            } catch (IOException e) {
                throw new MssoException("I/O error obtaining token from " + uri + ": " + e.getMessage(), e);
            } catch (JSONException e2) {
                throw new MssoException("response from " + uri + " was not valid JSON: " + e2.getMessage(), e2);
            }
        } catch (IOException e3) {
            throw new MssoException("Unable to post to " + uri + ": " + e3.getMessage(), e3);
        }
    }

    private JsonResponse obtainJsonResponseToPostedForm(String str, String str2, HttpPost httpPost) {
        if (httpPost == null) {
            httpPost = new HttpPost();
        }
        URI tokenUri = this.conf.getTokenUri(str);
        ByteArrayEntity byteArrayEntity = new ByteArrayEntity(str2.getBytes(Charsets.UTF8));
        byteArrayEntity.setContentType("application/x-www-form-urlencoded");
        httpPost.setURI(tokenUri);
        httpPost.setEntity(byteArrayEntity);
        return obtainJsonResponse(httpPost);
    }

    private static String urlEncode(String str) {
        if (str == null) {
            return null;
        }
        try {
            return URLEncoder.encode(str, "utf-8");
        } catch (UnsupportedEncodingException e) {
            throw new MssoException(e);
        }
    }

    public ClientCredentials getClientCredentials(String str, String str2, String str3, String str4) {
        if (str == null) {
            throw new NullPointerException("clientId");
        }
        if (str == null) {
            throw new NullPointerException("clientId");
        }
        if (str3 == null) {
            throw new NullPointerException(NewsAlertsConstants.DEVICE_ID_VAR);
        }
        HttpPost httpPost = new HttpPost(this.conf.getTokenUri(MobileSsoConfig.PROP_TOKEN_URL_SUFFIX_CLIENT_CREDENTIALS));
        httpPost.addHeader("device-id", IoUtils.base64(str3, Charsets.ASCII));
        httpPost.addHeader("device-identifier", str4);
        httpPost.setHeader("Content-Type", "application/x-www-form-urlencoded");
        ArrayList arrayList = new ArrayList();
        arrayList.add(new BasicNameValuePair("client_id", str));
        arrayList.add(new BasicNameValuePair("nonce", str2));
        try {
            httpPost.setEntity(new UrlEncodedFormEntity(arrayList));
            try {
                HttpResponse execute = this.mssoContext.getHttpClient().execute(httpPost);
                int statusCode = execute.getStatusLine().getStatusCode();
                if (statusCode != 200) {
                    String responseBodyToString = HttpUtils.responseBodyToString(execute, PKIFailureInfo.certRevoked, null);
                    Log.d(TAG, "create client credentials error response: " + responseBodyToString);
                    try {
                        JsonResponse jsonResponse = new JsonResponse(statusCode, responseBodyToString);
                        if (jsonResponse.isError()) {
                            throw new ClientCredentialCreateException(statusCode, jsonResponse.getError(), jsonResponse.getErrorDescription());
                        }
                    } catch (JSONException e) {
                        throw new MssoException("create client credentials response status failed; status=" + statusCode + "; error response was not valid JSON object: " + e.getMessage(), e);
                    }
                }
                try {
                    JSONObject jSONObject = new JSONObject(EntityUtils.toString(execute.getEntity()));
                    return new ClientCredentials(jSONObject.getString("client_id"), jSONObject.getString("client_secret"), Long.valueOf(jSONObject.getLong("client_expiration")));
                } catch (Exception e2) {
                    return null;
                }
            } catch (IOException e3) {
                throw new MssoException("Unable to post to register_device: " + e3.getMessage(), e3);
            }
        } catch (UnsupportedEncodingException e4) {
            throw new MssoException("Unable to set post for client credentials: " + e4.getMessage(), e4);
        }
    }

    public void logout(String str, IdToken idToken, String str2, String str3, boolean z) {
        if (idToken == null) {
            throw new NullPointerException("idToken");
        }
        if (str2 == null) {
            throw new NullPointerException("clientId");
        }
        if (str3 == null) {
            throw new NullPointerException("clientSecret");
        }
        if (str == null) {
            throw new NullPointerException("deviceIdentifier");
        }
        String str4 = "id_token=" + urlEncode(idToken.getValue()) + "&id_token_type=" + urlEncode(idToken.getType()) + "&logout_apps=" + urlEncode(Boolean.toString(z));
        HttpPost httpPost = new HttpPost();
        httpPost.addHeader("authorization", "Basic " + IoUtils.base64(str2 + ":" + str3, Charsets.ASCII));
        httpPost.addHeader("device-identifier", str);
        JsonResponse obtainJsonResponseToPostedForm = obtainJsonResponseToPostedForm(MobileSsoConfig.PROP_TOKEN_URL_SUFFIX_RESOURCE_OWNER_LOGOUT, str4, httpPost);
        if (!obtainJsonResponseToPostedForm.isError()) {
            if (200 != obtainJsonResponseToPostedForm.getStatus()) {
                throw new MssoException("resource_owner_logout response failed with status " + obtainJsonResponseToPostedForm.getStatus() + " with no error description");
            }
        } else {
            if (!obtainJsonResponseToPostedForm.getError().contains("invalid_client") || obtainJsonResponseToPostedForm.getStatus() != 401) {
                throw new TokenServerException(obtainJsonResponseToPostedForm.getStatus(), obtainJsonResponseToPostedForm.getError(), obtainJsonResponseToPostedForm.getErrorDescription());
            }
            this.mssoContext.clearClientCredentials();
            throw new ClientCredentialCreateException(obtainJsonResponseToPostedForm.getStatus(), obtainJsonResponseToPostedForm.getError(), obtainJsonResponseToPostedForm.getErrorDescription());
        }
    }

    public JsonResponse obtainAccessTokenUsingIdToken(String str, IdToken idToken, String str2, String str3, String str4) {
        if (str == null) {
            throw new NullPointerException("deviceIdentifier");
        }
        if (idToken == null) {
            throw new NullPointerException("idToken");
        }
        if (str2 == null) {
            throw new NullPointerException("clientId");
        }
        if (str3 == null) {
            throw new NullPointerException("clientSecret");
        }
        if (str4 == null) {
            str4 = "openid phone email";
        }
        String str5 = "assertion=" + urlEncode(idToken.getValue()) + "&client_id=" + urlEncode(str2) + "&client_secret=" + urlEncode(str3) + "&scope=" + urlEncode(str4) + "&grant_type=" + urlEncode(idToken.getType());
        HttpPost httpPost = new HttpPost();
        httpPost.addHeader("device-identifier", str);
        JsonResponse obtainJsonResponseToPostedForm = obtainJsonResponseToPostedForm(MobileSsoConfig.PROP_TOKEN_URL_SUFFIX_REQUEST_TOKEN_SSO, str5, httpPost);
        if (obtainJsonResponseToPostedForm.isError()) {
            if (!obtainJsonResponseToPostedForm.getError().contains("invalid_client") || obtainJsonResponseToPostedForm.getStatus() != 401) {
                throw new TokenServerException(obtainJsonResponseToPostedForm.getStatus(), obtainJsonResponseToPostedForm.getError(), obtainJsonResponseToPostedForm.getErrorDescription());
            }
            this.mssoContext.clearClientCredentials();
            throw new ClientCredentialCreateException(obtainJsonResponseToPostedForm.getStatus(), obtainJsonResponseToPostedForm.getError(), obtainJsonResponseToPostedForm.getErrorDescription());
        }
        if (200 != obtainJsonResponseToPostedForm.getStatus()) {
            throw new MssoException("request_token_sso response failed with status " + obtainJsonResponseToPostedForm.getStatus() + " with no error description");
        }
        if (!obtainJsonResponseToPostedForm.isBearer()) {
            throw new MssoException("request_token_sso response was token type other than bearer");
        }
        String accessToken = obtainJsonResponseToPostedForm.getAccessToken();
        if (accessToken == null || accessToken.length() < 1) {
            throw new MssoException("request_token_sso response did not include an access_token");
        }
        return obtainJsonResponseToPostedForm;
    }

    public JsonResponse obtainTokenUsingRefreshToken(String str, String str2, String str3, String str4) {
        if (str == null) {
            throw new NullPointerException("deviceIdentifier");
        }
        if (str2 == null) {
            throw new NullPointerException("refreshToken");
        }
        if (str3 == null) {
            throw new NullPointerException("clientId");
        }
        if (str4 == null) {
            throw new NullPointerException("clientSecret");
        }
        String str5 = "refresh_token=" + urlEncode(str2) + "&client_id=" + urlEncode(str3) + "&client_secret=" + urlEncode(str4) + "&grant_type=" + urlEncode("refresh_token");
        HttpPost httpPost = new HttpPost();
        httpPost.addHeader("device-identifier", str);
        JsonResponse obtainJsonResponseToPostedForm = obtainJsonResponseToPostedForm(MobileSsoConfig.PROP_TOKEN_URL_SUFFIX_REQUEST_TOKEN, str5, httpPost);
        this.mssoContext.takeRefreshToken();
        if (obtainJsonResponseToPostedForm.isError()) {
            if (!obtainJsonResponseToPostedForm.getError().contains("invalid_client") || obtainJsonResponseToPostedForm.getStatus() != 401) {
                throw new TokenServerException(obtainJsonResponseToPostedForm.getStatus(), obtainJsonResponseToPostedForm.getError(), obtainJsonResponseToPostedForm.getErrorDescription());
            }
            this.mssoContext.clearClientCredentials();
            throw new ClientCredentialCreateException(obtainJsonResponseToPostedForm.getStatus(), obtainJsonResponseToPostedForm.getError(), obtainJsonResponseToPostedForm.getErrorDescription());
        }
        if (200 != obtainJsonResponseToPostedForm.getStatus()) {
            throw new MssoException("request_token(refresh) response failed with status " + obtainJsonResponseToPostedForm.getStatus() + " with no error description");
        }
        if (!obtainJsonResponseToPostedForm.isBearer()) {
            throw new MssoException("request_token(refresh) response was token type other than bearer");
        }
        String accessToken = obtainJsonResponseToPostedForm.getAccessToken();
        if (accessToken == null || accessToken.length() < 1) {
            throw new MssoException("request_token(refresh) response did not include an access_token");
        }
        return obtainJsonResponseToPostedForm;
    }

    public JsonResponse obtainTokensUsingCredentials(String str, Credentials credentials, String str2, String str3, boolean z, String str4) {
        if (str == null) {
            throw new NullPointerException("deviceIdentifier");
        }
        if (credentials == null) {
            throw new NullPointerException("credentials");
        }
        if (str2 == null) {
            throw new NullPointerException("clientId");
        }
        if (str3 == null) {
            throw new NullPointerException("clientSecret");
        }
        String str5 = str4 == null ? "openid" : str4;
        String str6 = (!z || str5.contains("msso")) ? str5 : str5 + " msso";
        StringBuilder sb = new StringBuilder();
        List<Pair<String, String>> params = credentials.getParams(this.conf);
        if (params != null) {
            for (Pair<String, String> pair : params) {
                sb.append(((String) pair.first) + "=" + ((String) pair.second) + "&");
            }
        }
        sb.append("client_id=" + urlEncode(str2) + "&");
        sb.append("client_secret=" + urlEncode(str3) + "&");
        sb.append("scope=" + urlEncode(str6) + "&");
        sb.append("grant_type=" + credentials.getGrantType());
        HttpPost httpPost = new HttpPost();
        httpPost.addHeader("device-identifier", str);
        JsonResponse obtainJsonResponseToPostedForm = obtainJsonResponseToPostedForm(MobileSsoConfig.PROP_TOKEN_URL_SUFFIX_REQUEST_TOKEN, sb.toString(), httpPost);
        if (obtainJsonResponseToPostedForm.isError()) {
            if (!obtainJsonResponseToPostedForm.getError().contains("invalid_client") || obtainJsonResponseToPostedForm.getStatus() != 401) {
                throw new TokenServerException(obtainJsonResponseToPostedForm.getStatus(), obtainJsonResponseToPostedForm.getError(), obtainJsonResponseToPostedForm.getErrorDescription());
            }
            this.mssoContext.clearClientCredentials();
            throw new ClientCredentialCreateException(obtainJsonResponseToPostedForm.getStatus(), obtainJsonResponseToPostedForm.getError(), obtainJsonResponseToPostedForm.getErrorDescription());
        }
        if (200 != obtainJsonResponseToPostedForm.getStatus()) {
            throw new MssoException("request_token response failed with status " + obtainJsonResponseToPostedForm.getStatus() + " with no error description");
        }
        if (!obtainJsonResponseToPostedForm.isBearer()) {
            throw new MssoException("request_token response was token_type other than bearer");
        }
        String accessToken = obtainJsonResponseToPostedForm.getAccessToken();
        if (accessToken == null || accessToken.length() < 1) {
            throw new MssoException("request_token response did not include an access_token");
        }
        return obtainJsonResponseToPostedForm;
    }

    public DeviceRegistrationResult registerDevice(byte[] bArr, Credentials credentials, String str, String str2, String str3, String str4, boolean z) {
        if (bArr == null) {
            throw new NullPointerException("certificateSigningRequest");
        }
        if (credentials == null) {
            throw new NullPointerException("credentials");
        }
        if (str == null) {
            throw new NullPointerException("clientId");
        }
        if (str2 == null) {
            throw new NullPointerException("clientSecret");
        }
        if (str3 == null) {
            throw new NullPointerException(NewsAlertsConstants.DEVICE_ID_VAR);
        }
        if (str4 == null) {
            throw new NullPointerException("deviceName");
        }
        URI tokenUri = this.conf.getTokenUri(MobileSsoConfig.PROP_TOKEN_URL_SUFFIX_REGISTER_DEVICE);
        if (tokenUri == null) {
            throw new MssoException("No device registration URL is configured");
        }
        HttpPost httpPost = new HttpPost(tokenUri);
        Iterator<Header> it = credentials.getHeaders(this.conf).iterator();
        while (it.hasNext()) {
            httpPost.addHeader(it.next());
        }
        httpPost.addHeader("client-authorization", "Basic " + IoUtils.base64(str + ":" + str2, Charsets.ASCII));
        httpPost.addHeader("device-id", IoUtils.base64(str3, Charsets.ASCII));
        httpPost.addHeader("device-name", IoUtils.base64(str4, Charsets.ASCII));
        httpPost.addHeader("create-session", Boolean.toString(z));
        httpPost.addHeader("cert-format", "pem");
        ByteArrayEntity byteArrayEntity = new ByteArrayEntity(Base64.encode(bArr, 0));
        byteArrayEntity.setContentType("text/plain");
        httpPost.setEntity(byteArrayEntity);
        try {
            HttpResponse execute = this.mssoContext.getHttpClient().execute(httpPost);
            Log.d(TAG, "register_device response status: " + execute.getStatusLine().toString());
            int statusCode = execute.getStatusLine().getStatusCode();
            if (statusCode != 200) {
                String responseBodyToString = HttpUtils.responseBodyToString(execute, PKIFailureInfo.certRevoked, null);
                Log.d(TAG, "register_device error response: " + responseBodyToString);
                try {
                    JsonResponse jsonResponse = new JsonResponse(statusCode, responseBodyToString);
                    if (jsonResponse.isError()) {
                        if (!jsonResponse.getError().contains("invalid_client") || jsonResponse.getStatus() != 401) {
                            throw new TokenServerException(statusCode, jsonResponse.getError(), jsonResponse.getErrorDescription());
                        }
                        this.mssoContext.clearClientCredentials();
                        throw new ClientCredentialCreateException(jsonResponse.getStatus(), jsonResponse.getError(), jsonResponse.getErrorDescription());
                    }
                } catch (JSONException e) {
                    throw new MssoException("register_device response status failed; status=" + statusCode + "; error response was not valid JSON object: " + e.getMessage(), e);
                }
            }
            final DeviceStatus findDeviceStatus = findDeviceStatus(execute);
            final String findDeviceIdentifier = findDeviceIdentifier(execute);
            final IdToken findIdToken = findIdToken(execute, z);
            HttpEntity entity = execute.getEntity();
            if (entity == null) {
                throw new MssoException("register_device response did not contain an entity");
            }
            try {
                byte[] slurpStream = IoUtils.slurpStream(entity.getContent(), 102400);
                if (slurpStream.length < 1) {
                    throw new MssoException("register_device response was empty");
                }
                final X509Certificate[] decodeCertificateChain = CertUtils.decodeCertificateChain(slurpStream);
                if (decodeCertificateChain.length < 1) {
                    throw new MssoException("register_device response did not include a certificate chain");
                }
                return new DeviceRegistrationResult() { // from class: com.l7tech.msso.token.TokenServerClient.1
                    @Override // com.l7tech.msso.token.TokenServerClient.DeviceRegistrationResult
                    public X509Certificate[] getClientCertificateChain() {
                        return decodeCertificateChain;
                    }

                    @Override // com.l7tech.msso.token.TokenServerClient.DeviceRegistrationResult
                    public String getDeviceIdentifier() {
                        return findDeviceIdentifier;
                    }

                    @Override // com.l7tech.msso.token.TokenServerClient.DeviceRegistrationResult
                    public DeviceStatus getDeviceStatus() {
                        return findDeviceStatus;
                    }

                    @Override // com.l7tech.msso.token.TokenServerClient.DeviceRegistrationResult
                    public IdToken getIdToken() {
                        return findIdToken;
                    }
                };
            } catch (IOException e2) {
                throw new MssoException("Unable to read response from CSR signer: " + e2.getMessage(), e2);
            }
        } catch (IOException e3) {
            throw new MssoException("Unable to post to register_device: " + e3.getMessage(), e3);
        }
    }

    public void removeDeviceRegistration(String str) {
        HttpDelete httpDelete = new HttpDelete(this.conf.getTokenUri(MobileSsoConfig.PROP_TOKEN_URL_SUFFIX_REMOVE_DEVICE_X509));
        if (str != null) {
            httpDelete.addHeader("device-identifier", str);
        }
        JsonResponse obtainJsonResponse = obtainJsonResponse(httpDelete);
        if (200 != obtainJsonResponse.getStatus()) {
            throw new TokenServerException(obtainJsonResponse.getStatus(), obtainJsonResponse.getError(), obtainJsonResponse.getErrorDescription());
        }
    }
}
