package com.tomtom.navcloud.client.iam;

import com.google.a.a.av;
import com.google.a.c.df;
import com.google.a.f.a;
import com.google.b.ab;
import com.google.b.d;
import com.google.b.k;
import com.google.b.r;
import com.tomtom.navcloud.client.CredentialException;
import com.tomtom.navcloud.client.domain.OAuth;
import com.tomtom.navcloud.client.domain.ProviderToken;
import com.tomtom.navcloud.client.security.Authorities;
import com.tomtom.navcloud.client.security.PinningTrustManager;
import com.tomtom.navcloud.common.PropertiesLoader;
import com.tomtom.navcloud.common.iam.BadCredentialException;
import com.tomtom.navcloud.common.iam.Base64Encoder;
import com.tomtom.navcloud.common.iam.IamClient;
import com.tomtom.navcloud.common.iam.IamException;
import com.tomtom.navcloud.common.iam.IamToken;
import com.tomtom.navcloud.common.iam.IdentityProviderResponseParser;
import com.tomtom.navcloud.common.security.SSLSocketFactoryUtils;
import com.tomtom.navcloud.common.security.SubjectPublicKeyInfo;
import java.io.IOException;
import java.io.StringReader;
import java.net.ConnectException;
import java.net.MalformedURLException;
import java.net.URL;
import javax.net.ssl.SSLSocketFactory;

/* loaded from: classes.dex */
public class AuthenticationManager {
    private final IamClient oauthClient;
    private final URL oauthLogonUrl;
    private final URL oauthTokeninfoUrl;
    private df<SubjectPublicKeyInfo> pinnedAuthorities;
    private final String providerId;
    private static final URL DEFAULT_ACCESS_TOKEN_URL = getUrl(PropertiesLoader.getProperty("oauth.accesstoken.url"));
    private static final URL DEFAULT_TOKENINFO_URL = getUrl(PropertiesLoader.getProperty("oauth.tokeninfo.url"));
    private static final String DEFAULT_CLIENT_ID = PropertiesLoader.getProperty("oauth.client.id");
    private static final String DEFAULT_CLIENT_SECRET = PropertiesLoader.getProperty("oauth.client.secret");
    private static final String DEFAULT_PROVIDER_ID = PropertiesLoader.getProperty("oauth.provider.id");
    private static final k GSON = new r().a().a(d.f5224d).b();

    public AuthenticationManager() {
        this(DEFAULT_ACCESS_TOKEN_URL, DEFAULT_TOKENINFO_URL, DEFAULT_CLIENT_ID, DEFAULT_CLIENT_SECRET, DEFAULT_PROVIDER_ID);
    }

    public AuthenticationManager(URL url, URL url2, String str, String str2) {
        this(url, url2, str, str2, DEFAULT_PROVIDER_ID);
    }

    public AuthenticationManager(URL url, URL url2, String str, String str2, String str3) {
        this.pinnedAuthorities = df.a(SubjectPublicKeyInfo.valueOf(Authorities.DIGICERT_HIGH_ASSURANCE_ROOT), SubjectPublicKeyInfo.valueOf(Authorities.VERISIGN_ROOT));
        this.oauthTokeninfoUrl = (URL) av.a(url2);
        this.oauthLogonUrl = (URL) av.a(url);
        this.oauthClient = createIamClient(str, str2, SSLSocketFactoryUtils.createSSLSocketFactory(PinningTrustManager.create(this.pinnedAuthorities)));
        this.providerId = str3;
    }

    private ProviderToken getProviderToken(IamToken iamToken) {
        return new ProviderToken(iamToken.getAccessToken(), iamToken.getRefreshToken());
    }

    private static URL getUrl(String str) {
        try {
            return new URL(str);
        } catch (MalformedURLException e2) {
            throw new IllegalArgumentException(e2);
        }
    }

    private ConnectException newConnectionException(Exception exc, String str) {
        ConnectException connectException = new ConnectException(str);
        connectException.initCause(exc);
        return connectException;
    }

    IamClient createIamClient(String str, String str2, SSLSocketFactory sSLSocketFactory) {
        return IamClient.create(this.oauthLogonUrl, this.oauthTokeninfoUrl, str, str2, new Base64Encoder() { // from class: com.tomtom.navcloud.client.iam.AuthenticationManager.1
            @Override // com.tomtom.navcloud.common.iam.Base64Encoder
            public String encode(byte[] bArr) {
                return a.c().a(bArr);
            }
        }, new IdentityProviderResponseParser() { // from class: com.tomtom.navcloud.client.iam.AuthenticationManager.2
            @Override // com.tomtom.navcloud.common.iam.IdentityProviderResponseParser
            public IamToken getToken(String str3) {
                return (IamToken) AuthenticationManager.GSON.a(str3, IamToken.class);
            }

            @Override // com.tomtom.navcloud.common.iam.IdentityProviderResponseParser
            public String getUserId(String str3) {
                new ab();
                return ab.a(new StringReader(str3)).g().b("ID").b();
            }
        }, sSLSocketFactory);
    }

    public OAuth logon(String str, String str2) {
        try {
            IamToken logon = this.oauthClient.logon(str, str2);
            return new OAuth(this.providerId, this.oauthClient.getUserId(logon.getAccessToken()), getProviderToken(logon), str);
        } catch (BadCredentialException e2) {
            throw new CredentialException("Logon failed", e2);
        } catch (IamException e3) {
            throw newConnectionException(e3, "Authentication provider is not reachable");
        } catch (IOException e4) {
            throw newConnectionException(e4, "Reading from Authentication provider failed");
        }
    }

    public OAuth refreshToken(OAuth oAuth) {
        try {
            return oAuth.withProviderToken(getProviderToken(this.oauthClient.refreshAccessToken(oAuth.getToken().getRefreshToken())));
        } catch (BadCredentialException e2) {
            throw new CredentialException("Refresh failed", e2);
        } catch (IamException e3) {
            throw newConnectionException(e3, "Authentication provider is not reachable");
        } catch (IOException e4) {
            throw newConnectionException(e4, "Reading from Authentication provider failed");
        }
    }
}
