package com.okta.oidc.clients;

import android.content.Context;
import android.net.Uri;
import android.text.TextUtils;
import android.util.Log;
import com.okta.oidc.OIDCConfig;
import com.okta.oidc.OktaState;
import com.okta.oidc.Tokens;
import com.okta.oidc.clients.sessions.SyncSessionClient;
import com.okta.oidc.net.OktaHttpClient;
import com.okta.oidc.net.request.BaseRequest;
import com.okta.oidc.net.request.ConfigurationRequest;
import com.okta.oidc.net.request.HttpRequestBuilder;
import com.okta.oidc.net.request.ProviderConfiguration;
import com.okta.oidc.net.request.TokenRequest;
import com.okta.oidc.net.request.web.AuthorizeRequest;
import com.okta.oidc.net.request.web.WebRequest;
import com.okta.oidc.net.response.web.AuthorizeResponse;
import com.okta.oidc.net.response.web.WebResponse;
import com.okta.oidc.storage.OktaRepository;
import com.okta.oidc.storage.OktaStorage;
import com.okta.oidc.storage.security.EncryptionManager;
import com.okta.oidc.util.AuthorizationException;
import java.io.IOException;
import java.lang.ref.WeakReference;
import java.util.concurrent.atomic.AtomicBoolean;
import java.util.concurrent.atomic.AtomicReference;

/* loaded from: classes14.dex */
public class AuthAPI {
    private static final String TAG = "AuthClientImpl";
    protected AtomicBoolean mCancel = new AtomicBoolean();
    protected AtomicReference<WeakReference<BaseRequest>> mCurrentRequest = new AtomicReference<>(new WeakReference(null));
    protected OktaHttpClient mHttpClient;
    protected OIDCConfig mOidcConfig;
    protected OktaState mOktaState;
    protected int mSignOutFlags;
    protected int mSignOutStatus;

    /* JADX INFO: Access modifiers changed from: protected */
    public AuthAPI(OIDCConfig oIDCConfig, Context context, OktaStorage oktaStorage, EncryptionManager encryptionManager, boolean z, boolean z2) {
        this.mOktaState = new OktaState(new OktaRepository(oktaStorage, context, encryptionManager, z, z2));
        this.mOidcConfig = oIDCConfig;
    }

    private int revoke(SyncSessionClient syncSessionClient, int i) {
        try {
            Tokens tokens = syncSessionClient.getTokens();
            if (tokens == null) {
                return 0;
            }
            syncSessionClient.revokeToken(i == 1 ? tokens.getAccessToken() : tokens.getRefreshToken());
            return 0;
        } catch (AuthorizationException e) {
            Log.w(TAG, "Revoke token failure", e);
            int i2 = i != 1 ? 2 : 1;
            return e.type == 5 ? i2 | 16 : i2;
        }
    }

    public void cancel() {
        this.mCancel.set(true);
        this.mHttpClient.cancel();
        if (this.mCurrentRequest.get().get() != null) {
            this.mCurrentRequest.get().get().cancelRequest();
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void checkIfCanceled() throws IOException {
        if (this.mCancel.get()) {
            throw new IOException("Canceled");
        }
    }

    public ConfigurationRequest configurationRequest() throws AuthorizationException {
        return ((HttpRequestBuilder.Configuration) HttpRequestBuilder.newConfigurationRequest().config(this.mOidcConfig)).createRequest();
    }

    public OktaState getOktaState() {
        return this.mOktaState;
    }

    public int getSignOutFlags() {
        return this.mSignOutFlags;
    }

    public int getSignOutStatus() {
        return this.mSignOutStatus;
    }

    public boolean isVerificationFlow(AuthorizeResponse authorizeResponse) throws AuthorizationException {
        if (!TextUtils.isEmpty(authorizeResponse.getError())) {
            throw new AuthorizationException(authorizeResponse.getErrorDescription(), null);
        }
        String typeHint = authorizeResponse.getTypeHint();
        return !TextUtils.isEmpty(typeHint) && typeHint.equals(AuthorizeResponse.ACTIVATION);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public ProviderConfiguration obtainNewConfiguration() throws AuthorizationException {
        try {
            ProviderConfiguration providerConfiguration = this.mOktaState.getProviderConfiguration();
            Uri discoveryUri = this.mOidcConfig.getDiscoveryUri();
            if (discoveryUri == null) {
                ProviderConfiguration providerConfiguration2 = new ProviderConfiguration(this.mOidcConfig.getCustomConfiguration());
                this.mOktaState.save(providerConfiguration2);
                return providerConfiguration2;
            }
            if (providerConfiguration != null && discoveryUri.toString().contains(providerConfiguration.issuer)) {
                return providerConfiguration;
            }
            this.mOktaState.setCurrentState(State.OBTAIN_CONFIGURATION);
            ConfigurationRequest configurationRequest = configurationRequest();
            this.mCurrentRequest.set(new WeakReference<>(configurationRequest));
            ProviderConfiguration executeRequest = configurationRequest.executeRequest(this.mHttpClient);
            this.mOktaState.save(executeRequest);
            return executeRequest;
        } catch (OktaRepository.EncryptionException e) {
            throw AuthorizationException.EncryptionErrors.byEncryptionException(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void removeTokens(SyncSessionClient syncSessionClient) {
        if ((this.mSignOutFlags & 4) == 4) {
            int i = this.mSignOutStatus;
            if ((i & 2) == 0 && (i & 1) == 0) {
                syncSessionClient.clear();
            } else {
                this.mSignOutStatus = i | 4;
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void resetCurrentState() {
        this.mCancel.set(false);
        this.mOktaState.setCurrentState(State.IDLE);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void revokeTokens(SyncSessionClient syncSessionClient) throws IOException {
        if ((this.mSignOutFlags & 1) == 1) {
            this.mSignOutStatus |= revoke(syncSessionClient, 1);
        }
        checkIfCanceled();
        if ((this.mSignOutFlags & 2) == 2) {
            this.mSignOutStatus = revoke(syncSessionClient, 2) | this.mSignOutStatus;
        }
        checkIfCanceled();
    }

    public TokenRequest tokenExchange(AuthorizeResponse authorizeResponse, ProviderConfiguration providerConfiguration, AuthorizeRequest authorizeRequest) throws AuthorizationException {
        return ((HttpRequestBuilder.TokenExchange) ((HttpRequestBuilder.TokenExchange) HttpRequestBuilder.newTokenRequest().providerConfiguration(providerConfiguration)).config(this.mOidcConfig)).authRequest(authorizeRequest).authResponse(authorizeResponse).createRequest();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void validateResult(WebResponse webResponse, WebRequest webRequest) throws AuthorizationException {
        if (webRequest == null) {
            throw AuthorizationException.GeneralErrors.USER_CANCELED_AUTH_FLOW;
        }
        String state = webRequest.getState();
        String state2 = webResponse.getState();
        if ((state == null && state2 != null) || (state != null && !state.equals(state2))) {
            throw AuthorizationException.AuthorizationRequestErrors.STATE_MISMATCH;
        }
    }
}
