package com.microsoft.aad.adal;

import android.net.Uri;
import android.os.Build;
import android.text.TextUtils;
import android.util.Base64;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.URL;
import java.net.URLEncoder;
import java.util.GregorianCalendar;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.UUID;
import org.json.JSONException;
import org.json.JSONObject;

/* compiled from: Oauth2.java */
/* loaded from: classes.dex */
final class am {
    private g a;
    private ag b;
    private ae c;

    /* JADX INFO: Access modifiers changed from: package-private */
    public am(g gVar) {
        this.c = new ak();
        this.a = gVar;
        this.b = null;
        this.c = null;
    }

    public am(g gVar, ag agVar) {
        this.c = new ak();
        this.a = gVar;
        this.b = agVar;
        this.c = null;
    }

    public am(g gVar, ag agVar, ae aeVar) {
        this.c = new ak();
        this.a = gVar;
        this.b = agVar;
        this.c = aeVar;
    }

    private i a(aa aaVar) {
        List<String> list;
        String str = (aaVar.b() == null || !aaVar.b().containsKey("client-request-id") || (list = aaVar.b().get("client-request-id")) == null || list.size() <= 0) ? null : list.get(0);
        switch (aaVar.a()) {
            case 200:
            case 400:
            case 401:
                try {
                    String c = aaVar.c();
                    HashMap hashMap = new HashMap();
                    a((HashMap<String, String>) hashMap, c);
                    i a = a((HashMap<String, String>) hashMap);
                    if (str != null && !str.isEmpty()) {
                        try {
                            if (!UUID.fromString(str).equals(this.a.f())) {
                                al.a("Oauth", "CorrelationId is not matching", "", a.CORRELATION_ID_NOT_MATCHING_REQUEST_RESPONSE);
                            }
                            al.b("Oauth", "Response correlationId:" + str);
                        } catch (IllegalArgumentException e) {
                            al.a("Oauth", "Wrong format of the correlation ID:" + str, "", a.CORRELATION_ID_FORMAT, e);
                        }
                    }
                    return a;
                } catch (JSONException e2) {
                    throw new f(a.SERVER_INVALID_JSON_RESPONSE, "Can't parse server response " + aaVar.c(), e2);
                }
            default:
                throw new f(a.SERVER_ERROR, "Unexpected server response " + aaVar.c());
        }
    }

    private i a(String str, HashMap<String, String> hashMap) {
        i iVar;
        URL c = as.c(this.a.a() + "/oauth2/token");
        try {
            if (c == null) {
                throw new f(a.DEVELOPER_AUTHORITY_IS_NOT_VALID_URL);
            }
            try {
                this.b.a(this.a.f());
                q.INSTANCE.a(c, this.a.f(), hashMap);
                aa a = this.b.a(c, hashMap, str.getBytes("UTF_8"), "application/x-www-form-urlencoded");
                if (a.a() == 401) {
                    if (a.b() == null || !a.b().containsKey("WWW-Authenticate")) {
                        al.b("Oauth", "401 http status code is returned without authorization header");
                    } else {
                        String str2 = a.b().get("WWW-Authenticate").get(0);
                        al.b("Oauth", "Device certificate challenge request:" + str2);
                        if (as.a(str2)) {
                            throw new f(a.DEVICE_CERTIFICATE_REQUEST_INVALID, "Challenge header is empty");
                        }
                        if (as.b(str2, "PKeyAuth")) {
                            al.b("Oauth", "Challenge is related to device certificate");
                            o oVar = new o(this.c);
                            al.b("Oauth", "Processing device challenge");
                            hashMap.put("Authorization", oVar.a(str2, c.toString()).b);
                            al.b("Oauth", "Sending request with challenge response");
                            a = this.b.a(c, hashMap, str.getBytes("UTF_8"), "application/x-www-form-urlencoded");
                        }
                    }
                }
                boolean isEmpty = TextUtils.isEmpty(a.c());
                if (isEmpty) {
                    iVar = null;
                } else {
                    al.b("Oauth", "Token request does not have exception");
                    iVar = a(a);
                    q.INSTANCE.a((String) null);
                }
                if (iVar != null) {
                    q.INSTANCE.a(iVar.n());
                    return iVar;
                }
                String c2 = isEmpty ? "Status code:" + a.a() : a.c();
                al.b("Oauth", "Server error message", c2, a.SERVER_ERROR);
                throw new f(a.SERVER_ERROR, c2);
            } catch (UnsupportedEncodingException e) {
                q.INSTANCE.a((String) null);
                al.a("Oauth", e.getMessage(), "", a.ENCODING_IS_NOT_SUPPORTED, e);
                throw e;
            } catch (IOException e2) {
                q.INSTANCE.a((String) null);
                al.a("Oauth", e2.getMessage(), "", a.SERVER_ERROR, e2);
                throw e2;
            }
        } finally {
            q.INSTANCE.a("token", this.a.f());
        }
    }

    private static i a(HashMap<String, String> hashMap) {
        String str;
        String str2;
        ay ayVar;
        if (hashMap.containsKey("error")) {
            String str3 = hashMap.get("correlation_id");
            if (!as.a(str3)) {
                try {
                    al.a(UUID.fromString(str3));
                } catch (IllegalArgumentException e) {
                    al.b("Oauth", "CorrelationId is malformed: " + str3, "", a.CORRELATION_ID_FORMAT);
                }
            }
            al.b("Oauth", "OAuth2 error:" + hashMap.get("error") + " Description:" + hashMap.get("error_description"));
            return new i(hashMap.get("error"), hashMap.get("error_description"), hashMap.get("error_codes"));
        }
        if (hashMap.containsKey("code")) {
            return new i(hashMap.get("code"));
        }
        if (!hashMap.containsKey("access_token")) {
            return null;
        }
        String str4 = hashMap.get("expires_in");
        GregorianCalendar gregorianCalendar = new GregorianCalendar();
        gregorianCalendar.add(13, (str4 == null || str4.isEmpty()) ? 3600 : Integer.parseInt(str4));
        boolean z = hashMap.containsKey("resource");
        if (hashMap.containsKey("id_token")) {
            String str5 = hashMap.get("id_token");
            if (as.a(str5)) {
                al.b("Oauth", "IdToken is not provided");
                str = str5;
                str2 = null;
                ayVar = null;
            } else {
                ai aiVar = new ai(str5);
                str2 = aiVar.b();
                ayVar = new ay(aiVar);
                str = str5;
            }
        } else {
            str = null;
            str2 = null;
            ayVar = null;
        }
        String str6 = hashMap.containsKey("foci") ? hashMap.get("foci") : null;
        i iVar = new i(hashMap.get("access_token"), hashMap.get("refresh_token"), gregorianCalendar.getTime(), z, ayVar, str2, str);
        iVar.d(str6);
        return iVar;
    }

    private static void a(HashMap<String, String> hashMap, String str) {
        JSONObject jSONObject = new JSONObject(str);
        Iterator<String> keys = jSONObject.keys();
        while (keys.hasNext()) {
            String next = keys.next();
            hashMap.put(next, jSONObject.getString(next));
        }
    }

    private i c(String str) {
        if (this.b == null) {
            throw new IllegalArgumentException("webRequestHandler");
        }
        try {
            return a(String.format("%s=%s&%s=%s&%s=%s&%s=%s", "grant_type", URLEncoder.encode("authorization_code", "UTF_8"), "code", URLEncoder.encode(str, "UTF_8"), "client_id", URLEncoder.encode(this.a.d(), "UTF_8"), "redirect_uri", URLEncoder.encode(this.a.b(), "UTF_8")), c());
        } catch (UnsupportedEncodingException e) {
            al.a("Oauth", e.getMessage(), "", a.ENCODING_IS_NOT_SUPPORTED, e);
            return null;
        }
    }

    private static HashMap<String, String> c() {
        HashMap<String, String> hashMap = new HashMap<>();
        hashMap.put("Accept", "application/json");
        return hashMap;
    }

    public final i a(String str) {
        if (this.b == null) {
            al.b("Oauth", "Web request is not set correctly");
            throw new IllegalArgumentException("webRequestHandler is null.");
        }
        try {
            String format = String.format("%s=%s&%s=%s&%s=%s", "grant_type", URLEncoder.encode("refresh_token", "UTF_8"), "refresh_token", URLEncoder.encode(str, "UTF_8"), "client_id", URLEncoder.encode(this.a.d(), "UTF_8"));
            if (!as.a(this.a.c())) {
                format = String.format("%s&%s=%s", format, "resource", URLEncoder.encode(this.a.c(), "UTF_8"));
            }
            HashMap<String, String> c = c();
            c.put("x-ms-PKeyAuth", "1.0");
            return a(format, c);
        } catch (UnsupportedEncodingException e) {
            al.a("Oauth", e.getMessage(), "", a.ENCODING_IS_NOT_SUPPORTED, e);
            return null;
        }
    }

    public final String a() {
        String format = String.format("response_type=%s&client_id=%s&resource=%s&redirect_uri=%s&state=%s", "code", URLEncoder.encode(this.a.d(), "UTF_8"), URLEncoder.encode(this.a.c(), "UTF_8"), URLEncoder.encode(this.a.b(), "UTF_8"), Base64.encodeToString(String.format("a=%s&r=%s", this.a.a(), this.a.c()).getBytes(), 9));
        if (this.a.e() != null && !this.a.e().isEmpty()) {
            format = String.format("%s&%s=%s", format, "login_hint", URLEncoder.encode(this.a.e(), "UTF_8"));
        }
        String format2 = String.format("%s&%s=%s", String.format("%s&%s=%s", String.format("%s&%s=%s", String.format("%s&%s=%s", format, "x-client-SKU", "Android"), "x-client-Ver", URLEncoder.encode(AuthenticationContext.b(), "UTF_8")), "x-client-OS", URLEncoder.encode(new StringBuilder().append(Build.VERSION.SDK_INT).toString(), "UTF_8")), "x-client-DM", URLEncoder.encode(Build.MODEL, "UTF_8"));
        if (this.a.f() != null) {
            format2 = String.format("%s&%s=%s", format2, "client-request-id", URLEncoder.encode(this.a.f().toString(), "UTF_8"));
        }
        if (this.a.i() == ap.Always) {
            format2 = String.format("%s&%s=%s", format2, "prompt", URLEncoder.encode("login", "UTF_8"));
        } else if (this.a.i() == ap.REFRESH_SESSION) {
            format2 = String.format("%s&%s=%s", format2, "prompt", URLEncoder.encode("refresh_session", "UTF_8"));
        }
        if (as.a(this.a.g())) {
            return format2;
        }
        String g = this.a.g();
        if (!g.startsWith("&")) {
            g = "&" + g;
        }
        return format2 + g;
    }

    public final i b(String str) {
        if (as.a(str)) {
            throw new IllegalArgumentException("authorizationUrl");
        }
        HashMap<String, String> d = as.d(str);
        String str2 = d.get("state");
        String str3 = !as.a(str2) ? new String(Base64.decode(str2, 9)) : null;
        if (as.a(str3)) {
            throw new f(a.AUTH_FAILED_NO_STATE);
        }
        Uri parse = Uri.parse("http://state/path?" + str3);
        String queryParameter = parse.getQueryParameter("a");
        String queryParameter2 = parse.getQueryParameter("r");
        if (as.a(queryParameter) || as.a(queryParameter2) || !queryParameter2.equalsIgnoreCase(this.a.c())) {
            throw new f(a.AUTH_FAILED_BAD_STATE);
        }
        i a = a(d);
        return (a == null || a.i() == null || a.i().isEmpty()) ? a : c(a.i());
    }

    public final String b() {
        return String.format("%s?%s", this.a.a() + "/oauth2/authorize", a());
    }
}
