package de.telekom.auth.sso;

import android.accounts.Account;
import android.accounts.AccountManager;
import android.content.Context;
import android.content.Intent;
import android.net.ConnectivityManager;
import android.net.NetworkInfo;
import android.net.Uri;
import android.os.Build;
import android.os.Bundle;
import android.util.Log;
import de.d360.android.sdk.v2.net.RequestUtils;
import de.telekom.auth.sso.lib.ErrorCode;
import de.telekom.auth.sso.lib.SSOClientIdentifier;
import de.telekom.auth.sso.util.StringUtils;
import java.io.BufferedReader;
import java.io.BufferedWriter;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.io.OutputStreamWriter;
import java.net.HttpURLConnection;
import java.net.InetSocketAddress;
import java.net.Proxy;
import java.net.URL;
import java.net.URLEncoder;
import java.util.AbstractMap;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import org.json.JSONException;

/* loaded from: classes.dex */
public class AuthenticatorTools {
    public static final int CONNECT_TIMEOUT = 5000;
    public static final String OAUTH_CLAIMS_KEY_EMAIL = "urn:telekom.com:email";
    public static final String OAUTH_CLAIMS_LOGIN = "{\"id_token\":{\"urn:telekom.com:email\":{\"required\":true}}}";
    public static final String OAUTH_GRANT_TYPE_PASSWORD = "password";
    public static final String OAUTH_GRANT_TYPE_PIN = "urn:telekom:com:grant-type:pin";
    public static final String OAUTH_GRANT_TYPE_REFRESH_TOKEN = "refresh_token";
    public static final String OAUTH_KEY_APP_CLIENT_ID = "x_telekom.azp";
    public static final String OAUTH_KEY_APP_CLIENT_SECRET = "x_telekom.azp_secret";
    public static final String OAUTH_KEY_CLAIMS = "claims";
    public static final String OAUTH_KEY_CLIENT_ID = "client_id";
    public static final String OAUTH_KEY_GRANT_TYPE = "grant_type";
    public static final String OAUTH_KEY_PASSWORD = "password";
    public static final String OAUTH_KEY_PIN = "pin";
    public static final String OAUTH_KEY_REFRESH_TOKEN = "refresh_token";
    public static final String OAUTH_KEY_SCOPE = "scope";
    public static final String OAUTH_KEY_SID = "sid";
    public static final String OAUTH_KEY_TOKEN = "token";
    public static final String OAUTH_KEY_USER_NAME = "username";
    public static final int READ_TIMEOUT = 5000;
    public static final String RECOVERY_URL = "recovery_url";
    public static final String REGISTER_MAIL_URL = "register_mail_url";
    private TbsConfig config;
    private Context context;
    private String discoveryEndpoint;

    /* loaded from: classes.dex */
    public enum HTTP_METHOD {
        GET(RequestUtils.GET),
        POST(RequestUtils.POST);

        private String value;

        HTTP_METHOD(String str) {
            this.value = str;
        }

        @Override // java.lang.Enum
        public String toString() {
            return this.value;
        }
    }

    public AuthenticatorTools(Context context, String str) {
        this.context = context;
        this.discoveryEndpoint = StringUtils.isEmpty(str) ? getString(R.string.tbs_discovery_endpoint) : str;
    }

    private String appendSid(String str) {
        return Uri.parse(str).buildUpon().appendQueryParameter(OAUTH_KEY_SID, getString(R.string.sso_sid_parameter)).build().toString();
    }

    private void broadcastAccountUpdate(Account account, Account account2) {
        Intent intent = new Intent(Authenticator.ACTION_UPDATE_ACCOUNT);
        intent.putExtra(Authenticator.KEY_ACCOUNT, account);
        intent.putExtra(Authenticator.KEY_UPDATED_ACCOUNT, account2);
        this.context.sendBroadcast(intent);
    }

    private String executeRequest(String str, List<Map.Entry> list) {
        return getHttpConnectionResponse(str, HTTP_METHOD.POST, list);
    }

    private TokenResponse executeTokenRequest(List<Map.Entry> list) {
        loadConfig();
        try {
            return new TokenResponse(executeRequest(this.config.tokenEndpoint, list));
        } catch (JSONException e) {
            throw new AuthenticatorException(ErrorCode.INVALID_RESPONSE, "Malformed JSON response", e);
        }
    }

    private int getAccountVersion(String str) {
        String substring = str.substring(str.lastIndexOf(".") + 1);
        if (substring.matches("^\\d+$")) {
            return Integer.parseInt(substring);
        }
        return 0;
    }

    private List<Map.Entry> getBaseRequestOptions() {
        ArrayList arrayList = new ArrayList();
        arrayList.add(new AbstractMap.SimpleEntry(OAUTH_KEY_CLIENT_ID, getString(R.string.telekom_sso_client_id)));
        return arrayList;
    }

    private String getHttpConnectionResponse(String str, HTTP_METHOD http_method, List<Map.Entry> list) {
        HttpURLConnection httpURLConnection = null;
        checkOnlineStatus();
        try {
            try {
                switch (http_method) {
                    case GET:
                        httpURLConnection = sendGet(str, list);
                        break;
                    case POST:
                        httpURLConnection = sendPost(str, list);
                        break;
                }
                httpURLConnection.connect();
                try {
                    String readInputStream = readInputStream(httpURLConnection.getInputStream());
                    httpURLConnection.disconnect();
                    return readInputStream;
                } catch (IOException e) {
                    throw new AuthenticatorException(new ErrorResponse(readInputStream(httpURLConnection.getErrorStream())));
                }
            } catch (JSONException e2) {
                throw new AuthenticatorException(ErrorCode.INTERNAL_ERROR, e2.getLocalizedMessage(), e2);
            }
        } catch (IOException e3) {
            throw new AuthenticatorException(ErrorCode.IO_ERROR, "IO problem during token request", e3);
        }
    }

    private int getLibraryAccountVersion() {
        return getAccountVersion(getString(R.string.sso_account_type));
    }

    private String getQuery(List<Map.Entry> list) {
        StringBuilder sb = new StringBuilder();
        boolean z = true;
        for (Map.Entry entry : list) {
            if (z) {
                z = false;
            } else {
                sb.append("&");
            }
            sb.append(URLEncoder.encode(entry.getKey().toString(), "UTF-8"));
            sb.append("=");
            sb.append(URLEncoder.encode(entry.getValue().toString(), "UTF-8"));
        }
        return sb.toString();
    }

    private String getString(int i) {
        return this.context.getResources().getString(i);
    }

    private Proxy getSystemProxy() {
        String host;
        int port;
        if (Build.VERSION.SDK_INT >= 14) {
            String property = System.getProperty("http.proxyHost");
            String property2 = System.getProperty("http.proxyPort");
            if (property2 == null) {
                property2 = "-1";
            }
            host = property;
            port = Integer.parseInt(property2);
        } else {
            host = android.net.Proxy.getHost(this.context);
            port = android.net.Proxy.getPort(this.context);
        }
        if (host == null || host.equals("")) {
            return null;
        }
        return new Proxy(Proxy.Type.HTTP, new InetSocketAddress(host, port));
    }

    private List<Map.Entry> getTokenRequestOptions(String str, String str2, SSOClientIdentifier sSOClientIdentifier, String str3) {
        if (str == null) {
            throw new IllegalArgumentException("Grant type must not be null.");
        }
        if (str2 == null || str2.trim().length() == 0) {
            throw new IllegalArgumentException("Scope must not be empty.");
        }
        List<Map.Entry> baseRequestOptions = getBaseRequestOptions();
        baseRequestOptions.add(new AbstractMap.SimpleEntry(OAUTH_KEY_GRANT_TYPE, str));
        baseRequestOptions.add(new AbstractMap.SimpleEntry(OAUTH_KEY_SCOPE, str2));
        if (sSOClientIdentifier != null) {
            baseRequestOptions.add(new AbstractMap.SimpleEntry(OAUTH_KEY_APP_CLIENT_ID, sSOClientIdentifier.clientId));
            if (sSOClientIdentifier.clientSecret != null) {
                baseRequestOptions.add(new AbstractMap.SimpleEntry(OAUTH_KEY_APP_CLIENT_SECRET, sSOClientIdentifier.clientSecret));
            }
        }
        if (!StringUtils.isEmpty(str3)) {
            baseRequestOptions.add(new AbstractMap.SimpleEntry(OAUTH_KEY_CLAIMS, str3));
        }
        return baseRequestOptions;
    }

    private boolean isTelekomAccount(Account account) {
        String string = getString(R.string.sso_account_type);
        return account != null && account.type.startsWith(string.substring(0, string.lastIndexOf(".") + 1));
    }

    private void loadConfig() {
        if (this.config == null) {
            try {
                this.config = new TbsConfig(getHttpConnectionResponse(this.discoveryEndpoint, HTTP_METHOD.GET, null));
            } catch (JSONException e) {
                throw new AuthenticatorException(ErrorCode.INTERNAL_ERROR, e.getLocalizedMessage(), e);
            }
        }
    }

    private String readInputStream(InputStream inputStream) {
        BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(inputStream, "UTF-8"));
        StringBuilder sb = new StringBuilder();
        while (true) {
            String readLine = bufferedReader.readLine();
            if (readLine == null) {
                bufferedReader.close();
                return sb.toString();
            }
            sb.append(readLine);
        }
    }

    private HttpURLConnection sendGet(String str, List<Map.Entry> list) {
        if (list != null && list.size() > 0) {
            str = str + "?" + getQuery(list);
        }
        HttpURLConnection httpURLConnection = (HttpURLConnection) new URL(str).openConnection();
        httpURLConnection.setReadTimeout(5000);
        httpURLConnection.setConnectTimeout(5000);
        httpURLConnection.setRequestMethod(HTTP_METHOD.GET.toString());
        httpURLConnection.setDoInput(true);
        return httpURLConnection;
    }

    private HttpURLConnection sendPost(String str, List<Map.Entry> list) {
        HttpURLConnection httpURLConnection = (HttpURLConnection) new URL(str).openConnection();
        httpURLConnection.setReadTimeout(5000);
        httpURLConnection.setConnectTimeout(5000);
        httpURLConnection.setRequestMethod(HTTP_METHOD.POST.toString());
        httpURLConnection.setDoInput(true);
        httpURLConnection.setDoOutput(true);
        if (list.size() > 0) {
            OutputStream outputStream = httpURLConnection.getOutputStream();
            BufferedWriter bufferedWriter = new BufferedWriter(new OutputStreamWriter(outputStream, "UTF-8"));
            bufferedWriter.write(getQuery(list));
            bufferedWriter.flush();
            bufferedWriter.close();
            outputStream.close();
        }
        return httpURLConnection;
    }

    public boolean accountExists(Account account) {
        for (Account account2 : AccountManager.get(this.context).getAccounts()) {
            if (account2.equals(account)) {
                return true;
            }
        }
        return false;
    }

    public void checkOnlineStatus() {
        NetworkInfo activeNetworkInfo = ((ConnectivityManager) this.context.getSystemService("connectivity")).getActiveNetworkInfo();
        if (activeNetworkInfo == null || !activeNetworkInfo.isConnectedOrConnecting()) {
            throw new AuthenticatorException(ErrorCode.NO_NETWORK, getString(R.string.sso_error_no_network), null);
        }
    }

    public Account findAccountByName(String str) {
        for (Account account : getAccounts()) {
            if (account.name.equals(str)) {
                return account;
            }
        }
        return null;
    }

    public Account findUpgradedAccount(Account account) {
        if (isTelekomAccount(account)) {
            return findAccountByName(account.name);
        }
        return null;
    }

    public Account[] getAccounts() {
        Account[] accounts = AccountManager.get(this.context).getAccounts();
        ArrayList arrayList = new ArrayList();
        for (Account account : accounts) {
            if (isTelekomAccount(account)) {
                arrayList.add(account);
            }
        }
        return (Account[]) arrayList.toArray(new Account[arrayList.size()]);
    }

    public Account getFirstAccount() {
        if (getAccounts().length > 0) {
            return getAccounts()[0];
        }
        return null;
    }

    public TokenResponse getRefreshToken(String str, String str2, String str3, SSOClientIdentifier sSOClientIdentifier, String str4, String str5) {
        if (!(!StringUtils.isEmpty(str4))) {
            List<Map.Entry> tokenRequestOptions = getTokenRequestOptions("password", str3, sSOClientIdentifier, str5);
            tokenRequestOptions.add(new AbstractMap.SimpleEntry(OAUTH_KEY_USER_NAME, str));
            tokenRequestOptions.add(new AbstractMap.SimpleEntry("password", str2));
            return executeTokenRequest(tokenRequestOptions);
        }
        List<Map.Entry> tokenRequestOptions2 = getTokenRequestOptions("password", getString(R.string.tbs_login_scope), null, OAUTH_CLAIMS_LOGIN);
        tokenRequestOptions2.add(new AbstractMap.SimpleEntry(OAUTH_KEY_PIN, str4));
        tokenRequestOptions2.add(new AbstractMap.SimpleEntry(OAUTH_KEY_USER_NAME, str));
        tokenRequestOptions2.add(new AbstractMap.SimpleEntry("password", str2));
        TokenResponse executeTokenRequest = executeTokenRequest(tokenRequestOptions2);
        TokenResponse token = getToken(str3, executeTokenRequest.refreshToken, sSOClientIdentifier, null, null);
        if (StringUtils.isEmpty(token.refreshToken)) {
            token.refreshToken = executeTokenRequest.refreshToken;
        }
        token.idToken = executeTokenRequest.idToken;
        return token;
    }

    public TokenResponse getToken(String str, String str2, SSOClientIdentifier sSOClientIdentifier, String str3, String str4) {
        List<Map.Entry> tokenRequestOptions;
        if (StringUtils.isEmpty(str3)) {
            tokenRequestOptions = getTokenRequestOptions("refresh_token", str, sSOClientIdentifier, str4);
        } else {
            tokenRequestOptions = getTokenRequestOptions(OAUTH_GRANT_TYPE_PIN, str, sSOClientIdentifier, str4);
            tokenRequestOptions.add(new AbstractMap.SimpleEntry(OAUTH_KEY_PIN, str3));
        }
        tokenRequestOptions.add(new AbstractMap.SimpleEntry("refresh_token", str2));
        return executeTokenRequest(tokenRequestOptions);
    }

    public Bundle getUrls() {
        String str;
        String str2;
        try {
            loadConfig();
            boolean z = this.context.getResources().getBoolean(R.bool.isTablet);
            Bundle bundle = new Bundle();
            if (z) {
                str = this.config.registerMailUrl;
                str2 = this.config.recoveryUrl;
            } else {
                str = this.config.registerMailMobileUrl;
                str2 = this.config.recoveryMobileUrl;
            }
            bundle.putString(REGISTER_MAIL_URL, appendSid(str));
            bundle.putString(RECOVERY_URL, appendSid(str2));
            return bundle;
        } catch (AuthenticatorException e) {
            Log.d(getClass().getName(), getString(R.string.sso_error_ignored_load_form_urls), e);
            return null;
        }
    }

    public void revoke(String str) {
        loadConfig();
        List<Map.Entry> baseRequestOptions = getBaseRequestOptions();
        baseRequestOptions.add(new AbstractMap.SimpleEntry(OAUTH_KEY_TOKEN, str));
        executeRequest(this.config.revocationEndpoint, baseRequestOptions);
    }

    public void setAccountData(Account account, TokenResponse tokenResponse) {
        boolean z = false;
        AccountManager accountManager = AccountManager.get(this.context);
        Account[] accountsByType = accountManager.getAccountsByType(account.type);
        int length = accountsByType.length;
        int i = 0;
        while (true) {
            if (i >= length) {
                break;
            }
            if (accountsByType[i].equals(account)) {
                z = true;
                break;
            }
            i++;
        }
        if (!z) {
            accountManager.addAccountExplicitly(account, tokenResponse.refreshToken, new Bundle());
        } else if (tokenResponse.refreshToken != null) {
            accountManager.setPassword(account, tokenResponse.refreshToken);
        }
    }

    public Account upgrade(Account account, String str) {
        if (account == null) {
            throw new IllegalArgumentException("Account must not be null.");
        }
        if (!isTelekomAccount(account)) {
            throw new IllegalArgumentException("Invalid account type.");
        }
        boolean z = getAccountVersion(account.type) < getLibraryAccountVersion();
        boolean z2 = (StringUtils.isEmpty(str) || account.name.equals(str)) ? false : true;
        if (!z && !z2) {
            return account;
        }
        if (!z2) {
            str = account.name;
        }
        Account account2 = new Account(str, getString(R.string.sso_account_type));
        AccountManager accountManager = AccountManager.get(this.context);
        String password = accountManager.getPassword(account);
        accountManager.setPassword(account, null);
        accountManager.addAccountExplicitly(account2, password, null);
        accountManager.removeAccount(account, null, null);
        broadcastAccountUpdate(account, account2);
        return account2;
    }
}
