package com.worklight.wlclient.auth;

import com.worklight.common.Logger;
import com.worklight.common.WLConfig;
import com.worklight.common.security.WLDeviceAuthManager;
import com.worklight.common.security.WLOAuthCertManager;
import com.worklight.nativeandroid.common.WLUtils;
import com.worklight.wlclient.AsynchronousRequestSender;
import com.worklight.wlclient.RequestMethod;
import com.worklight.wlclient.WLClientInstanceRegistrationRequest;
import com.worklight.wlclient.WLRequest;
import com.worklight.wlclient.WLRequestListener;
import com.worklight.wlclient.api.WLAccessTokenListener;
import com.worklight.wlclient.api.WLClient;
import com.worklight.wlclient.api.WLConstants;
import com.worklight.wlclient.api.WLErrorCode;
import com.worklight.wlclient.api.WLFailResponse;
import com.worklight.wlclient.api.WLLoginResponseListener;
import com.worklight.wlclient.api.WLLogoutResponseListener;
import com.worklight.wlclient.api.WLRequestOptions;
import com.worklight.wlclient.api.WLResponse;
import com.worklight.wlclient.api.WLResponseListener;
import java.io.IOException;
import java.net.HttpURLConnection;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.regex.Pattern;
import okhttp3.Request;
import okhttp3.Response;
import org.codehaus.jackson.util.MinimalPrettyPrinter;
import org.json.JSONException;
import org.json.JSONObject;

/* loaded from: classes.dex */
public class WLAuthorizationManagerInternal {
    private static final String API_VERSION = "v1";
    private static final String BASE_AUTHORIZATION = "az";
    private static final String BASE_PREAUTH = "preauth";
    private static final String BASE_REGISTRATION = "registration";
    private static final String BEARER = "Bearer";
    private static final String CLIENT_ID_OAUTH_LABEL = "com.worklight.oauth.clientid";
    private static final String CLIENT_REGISTRATION_DATA_KEY = "com.worklight.oauth.application.data";
    private static final String HEADER_AUTHORIZATION = "Authorization";
    private static final String HEADER_LOCATION = "Location";
    private static final String JSON_ERROR_DESCRIPTION_KEY = "errorMsg";
    private static final String JSON_ERROR_KEY = "errorCode";
    private static final String JSON_SCOPE_KEY = "scope";
    private static final String PARAM_AUTHORIZATION_CODE_VALUE = "authorization_code";
    private static final String PARAM_CLIENT_ASSERTION_KEY = "client_assertion";
    private static final String PARAM_CLIENT_ASSERTION_TYPE_KEY = "client_assertion_type";
    private static final String PARAM_CLIENT_ASSERTION_TYPE_VALUE = "urn:ietf:params:oauth:client-assertion-type:jwt-bearer";
    private static final String PARAM_CLIENT_ID_KEY = "client_id";
    private static final String PARAM_CODE_KEY = "code";
    private static final String PARAM_CODE_VALUE = "code";
    private static final String PARAM_GRANT_TYPE_KEY = "grant_type";
    private static final String PARAM_REDIRECT_URI_KEY = "redirect_uri";
    private static final String PARAM_REDIRECT_URI_VALUE = "://mfpredirecturi";
    private static final String PARAM_RESPONSE_TYPE_KEY = "response_type";
    private static final String PARAM_SCOPE_KEY = "scope";
    private static final String PARAM_SECURITY_CHECK_KEY = "security_check";
    private static final String PATH_LOGOUT = "logout";
    private static final String PATH_OAUTH_AUTHORIZATION = "authorization";
    private static final String PATH_OAUTH_TOKEN = "token";
    private static final String PATH_PREAUTHORIZE = "preauthorize";
    private static final String PATH_REGISTER_CLIENTS_ON_SUCCESS = "clients";
    private static final String PATH_REGISTER_SELF = "self";
    private static final int RESOURCE_TO_SCOPE_CACHE_SIZE = 100;
    private static final String WWW_AUTHENTICATE_HEADER = "WWW-Authenticate";
    private static WLAuthorizationManagerInternal instance = null;
    private static Logger logger;
    private URL authorizationServerUrl;
    private String clientId = null;
    private final Object registrationQueueLock = new Object();
    private final Object authorizationInProgressLock = new Object();
    private boolean shouldCallRegistrationAfterUnknownClientError = true;
    private Map<String, AccessToken> scopeToToken = Collections.synchronizedMap(new HashMap());
    private Map<String, String> resourceToScopeCache = new LRUCache(100);
    private List<WLRequestListener> registrationQueue = new ArrayList();
    private WLAuthQueue obtainAccessTokenQueue = new WLAuthQueue();
    private boolean authorizationInProgress = false;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public final class WLAuthorizationRequestListener implements WLResponseListener {
        private final String scope;

        /* loaded from: classes.dex */
        private final class WLTokenRequestListener implements WLResponseListener {
            private WLTokenRequestListener() {
            }

            @Override // com.worklight.wlclient.api.WLResponseListener
            public void onFailure(WLFailResponse wLFailResponse) {
                WLAuthorizationManagerInternal.this.onObtainAccessTokenFailure(WLAuthorizationRequestListener.this.scope, wLFailResponse);
            }

            @Override // com.worklight.wlclient.api.WLResponseListener
            public void onSuccess(WLResponse wLResponse) {
                try {
                    WLAuthorizationManagerInternal.this.onTokenSuccess(wLResponse);
                } catch (JSONException e) {
                    onFailure(new WLFailResponse(wLResponse));
                }
            }
        }

        private WLAuthorizationRequestListener(String str) {
            this.scope = str;
        }

        @Override // com.worklight.wlclient.api.WLResponseListener
        public void onFailure(WLFailResponse wLFailResponse) {
            WLAuthorizationManagerInternal.this.onObtainAccessTokenFailure(this.scope, wLFailResponse);
        }

        @Override // com.worklight.wlclient.api.WLResponseListener
        public void onSuccess(WLResponse wLResponse) {
            WLAuthorizationManagerInternal.this.onAuthorizationSuccess(this.scope, wLResponse, new WLTokenRequestListener());
        }
    }

    protected WLAuthorizationManagerInternal() {
        logger = Logger.getInstance(WLAuthorizationManagerInternal.class.getSimpleName());
    }

    private void abortAuthorization(WLFailResponse wLFailResponse) {
        synchronized (this.authorizationInProgressLock) {
            this.obtainAccessTokenQueue.abortAuthorization(wLFailResponse);
            this.authorizationInProgress = false;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void addToObtainAccessTokenQueue(String str, WLResponseListener wLResponseListener) {
        this.obtainAccessTokenQueue.addToAuthorizationQueue(sortScope(str), wLResponseListener);
    }

    private String createRelativePath(String str, String str2, String str3) {
        return String.format("%s/%s/%s", str, str2, str3);
    }

    private String getAuthorizationScope(String str) {
        int indexOf = str.indexOf("scope=");
        if (indexOf >= 0) {
            return str.substring(indexOf + 6).replaceAll(Pattern.quote("\""), "");
        }
        return null;
    }

    private String getAuthorizationScope(List list) {
        if (list == null) {
            return null;
        }
        if (list.size() > 1) {
            throw new Error("Multiple values for 'WWW-Authenticate' header were detected");
        }
        return getAuthorizationScope((String) list.get(0));
    }

    private HashMap<String, Object> getAuthorizationsParams(String str) {
        HashMap<String, Object> hashMap = new HashMap<>();
        hashMap.put(PARAM_RESPONSE_TYPE_KEY, "code");
        hashMap.put(PARAM_CLIENT_ID_KEY, getClientId());
        hashMap.put(PARAM_REDIRECT_URI_KEY, WLConfig.getInstance().getProtocol() + "://mfpredirecturi");
        if (str == null) {
            str = WLConstants.DEFAULT_SCOPE;
        }
        hashMap.put("scope", str);
        return hashMap;
    }

    private String getErrorDescription(WLFailResponse wLFailResponse, WLErrorCode wLErrorCode) {
        if (wLFailResponse.getHeader("Location").size() == 0) {
            return wLFailResponse.getResponseText();
        }
        String str = WLUtils.extractParametersFromURL(wLFailResponse.getHeader("Location").get(0)).get(JSON_ERROR_DESCRIPTION_KEY);
        if (str == null) {
            str = wLErrorCode.getDescription();
        }
        new WLFailResponse(wLErrorCode, str, null);
        return str;
    }

    public static synchronized WLAuthorizationManagerInternal getInstance() {
        WLAuthorizationManagerInternal wLAuthorizationManagerInternal;
        synchronized (WLAuthorizationManagerInternal.class) {
            if (instance == null) {
                instance = new WLAuthorizationManagerInternal();
            }
            wLAuthorizationManagerInternal = instance;
        }
        return wLAuthorizationManagerInternal;
    }

    private Map<String, Object> getLogoutParams(String str) {
        HashMap hashMap = new HashMap();
        String str2 = null;
        try {
            str2 = WLOAuthCertManager.getInstance().signJWS(new JWT().toJson(), getClientId());
        } catch (Exception e) {
            logger.debug("unable to convert JWT to json" + e.getMessage());
        }
        hashMap.put(PARAM_SECURITY_CHECK_KEY, str);
        hashMap.put("client_assertion", str2);
        hashMap.put("client_assertion_type", "urn:ietf:params:oauth:client-assertion-type:jwt-bearer");
        return hashMap;
    }

    private HashMap<String, Object> getPreAuthorizationsParams(String str, JSONObject jSONObject) {
        HashMap<String, Object> hashMap = new HashMap<>();
        hashMap.put(PARAM_CLIENT_ID_KEY, getClientId());
        if (str == null) {
            str = WLConstants.DEFAULT_SCOPE;
        }
        hashMap.put("scope", str);
        if (jSONObject != null) {
            try {
                hashMap.put("challengeResponse", new JSONObject().put(str, jSONObject));
            } catch (JSONException e) {
                logger.debug("Failed to create JSONObject with credentials");
            }
        }
        return hashMap;
    }

    private JSONObject getRegistrationDataJson() throws JSONException {
        JSONObject jSONObject = new JSONObject();
        jSONObject.put("device", WLDeviceAuthManager.getInstance().getDeviceData());
        jSONObject.put("application", WLConfig.getInstance().getApplicationData());
        jSONObject.put("attributes", WLConfig.getInstance().getRegistrationAttributesData());
        return jSONObject;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void invokeNextAuthorizationRequest() {
        synchronized (this.authorizationInProgressLock) {
            if (this.obtainAccessTokenQueue.isEmpty()) {
                this.authorizationInProgress = false;
            } else {
                String nextScopeToObtain = this.obtainAccessTokenQueue.getNextScopeToObtain();
                if (nextScopeToObtain != null) {
                    obtainAccessTokenWithoutRegistration(nextScopeToObtain, this.obtainAccessTokenQueue.get(nextScopeToObtain).get(0));
                }
            }
        }
    }

    private void invokePreAuthorizationRequest(String str, JSONObject jSONObject, WLResponseListener wLResponseListener) {
        sendRequest(createRelativePath(BASE_PREAUTH, API_VERSION, PATH_PREAUTHORIZE), getPreAuthorizationsParams(str, jSONObject), null, RequestMethod.POST, true, false, wLResponseListener);
    }

    private void invokeRegistrationRequest() {
        if (this.registrationQueue.size() == 1) {
            try {
                Map<String, Object> registrationParams = getRegistrationParams();
                String createRelativePath = createRelativePath(BASE_REGISTRATION, API_VERSION, PATH_REGISTER_SELF);
                RequestMethod requestMethod = RequestMethod.POST;
                if (getClientId() != null) {
                    logger.debug("Client exists, application data has changed, call updateRegistration endpoint");
                    requestMethod = RequestMethod.PUT;
                    createRelativePath = createRelativePath + "/" + getClientId();
                }
                sendRequest(createRelativePath, registrationParams, null, requestMethod, true, false, new WLResponseListener() { // from class: com.worklight.wlclient.auth.WLAuthorizationManagerInternal.4
                    @Override // com.worklight.wlclient.api.WLResponseListener
                    public void onFailure(WLFailResponse wLFailResponse) {
                        synchronized (WLAuthorizationManagerInternal.this.registrationQueueLock) {
                            WLAuthorizationManagerInternal.this.onRegistrationFailure(wLFailResponse);
                            Iterator it = WLAuthorizationManagerInternal.this.registrationQueue.iterator();
                            while (it.hasNext()) {
                                ((WLRequestListener) it.next()).onFailure(wLFailResponse);
                            }
                            WLAuthorizationManagerInternal.this.registrationQueue.clear();
                        }
                    }

                    @Override // com.worklight.wlclient.api.WLResponseListener
                    public void onSuccess(WLResponse wLResponse) {
                        synchronized (WLAuthorizationManagerInternal.this.registrationQueueLock) {
                            try {
                                WLAuthorizationManagerInternal.this.onRegistrationSuccess(wLResponse);
                            } catch (Exception e) {
                                WLAuthorizationManagerInternal.logger.error("Unable to finish client instance registration process. ", e);
                                onFailure(new WLFailResponse(wLResponse));
                            }
                            Iterator it = WLAuthorizationManagerInternal.this.registrationQueue.iterator();
                            while (it.hasNext()) {
                                ((WLRequestListener) it.next()).onSuccess(wLResponse);
                            }
                            WLAuthorizationManagerInternal.this.registrationQueue.clear();
                        }
                    }
                });
            } catch (Exception e) {
                throw new Error(e);
            }
        }
    }

    private void invokeTokenRequest(String str, WLResponseListener wLResponseListener) {
        try {
            String createRelativePath = createRelativePath(BASE_AUTHORIZATION, API_VERSION, PATH_OAUTH_TOKEN);
            String authorizationServerRootPath = getAuthorizationServerRootPath();
            JWT jwt = new JWT();
            jwt.aud = authorizationServerRootPath + "/" + createRelativePath;
            jwt.jti = str;
            String signJWS = WLOAuthCertManager.getInstance().signJWS(jwt.toJson(), getClientId());
            HashMap hashMap = new HashMap();
            hashMap.put("client_assertion", signJWS);
            hashMap.put("code", str);
            hashMap.put(PARAM_CLIENT_ID_KEY, getClientId());
            hashMap.put(PARAM_GRANT_TYPE_KEY, PARAM_AUTHORIZATION_CODE_VALUE);
            hashMap.put(PARAM_REDIRECT_URI_KEY, WLConfig.getInstance().getProtocol() + "://mfpredirecturi");
            hashMap.put("client_assertion_type", "urn:ietf:params:oauth:client-assertion-type:jwt-bearer");
            sendRequest(createRelativePath, hashMap, null, RequestMethod.POST, false, true, wLResponseListener);
        } catch (Exception e) {
            throw new Error(e);
        }
    }

    private Boolean isAuthorizationRequired(List<String> list) {
        if (list.size() == 0) {
            return false;
        }
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            if (it.next().contains("Bearer")) {
                return true;
            }
        }
        return null;
    }

    private boolean isMfpConflict(Response response) {
        return response.code() == 409 && response.headers().toMultimap().containsKey("MFP-Conflict");
    }

    private boolean isUnknownClientError(WLResponse wLResponse) {
        JSONObject responseJSON = wLResponse.getResponseJSON();
        if (responseJSON != null) {
            try {
                if (wLResponse.getStatus() == 400) {
                    if (responseJSON.getString(JSON_ERROR_KEY).equals("INVALID_CLIENT_ID")) {
                        return true;
                    }
                }
            } catch (JSONException e) {
                logger.debug("couldn't get: errorCode from response's JSON");
            }
        }
        return false;
    }

    private void loginWithRegistration(final String str, final JSONObject jSONObject, final WLLoginResponseListener wLLoginResponseListener) {
        invokeRegistrationRequest(new WLRequestListener() { // from class: com.worklight.wlclient.auth.WLAuthorizationManagerInternal.9
            @Override // com.worklight.wlclient.WLRequestListener
            public void onFailure(WLFailResponse wLFailResponse) {
                WLAuthorizationManagerInternal.this.onLoginFailure(str, jSONObject, wLFailResponse, wLLoginResponseListener);
            }

            @Override // com.worklight.wlclient.WLRequestListener
            public void onSuccess(WLResponse wLResponse) {
                WLAuthorizationManagerInternal.this.loginWithoutRegistration(str, jSONObject, wLLoginResponseListener);
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void loginWithoutRegistration(final String str, final JSONObject jSONObject, final WLLoginResponseListener wLLoginResponseListener) {
        invokePreAuthorizationRequest(str, jSONObject, new WLResponseListener() { // from class: com.worklight.wlclient.auth.WLAuthorizationManagerInternal.10
            @Override // com.worklight.wlclient.api.WLResponseListener
            public void onFailure(WLFailResponse wLFailResponse) {
                WLAuthorizationManagerInternal.this.onLoginFailure(str, jSONObject, wLFailResponse, wLLoginResponseListener);
            }

            @Override // com.worklight.wlclient.api.WLResponseListener
            public void onSuccess(WLResponse wLResponse) {
                synchronized (WLAuthorizationManagerInternal.this.authorizationInProgressLock) {
                    WLAuthorizationManagerInternal.logger.debug("Succeeded to login to securityCheck");
                    wLLoginResponseListener.onSuccess();
                    WLAuthorizationManagerInternal.this.authorizationInProgress = false;
                }
                WLAuthorizationManagerInternal.this.invokeNextAuthorizationRequest();
            }
        });
    }

    private void obtainAccessToken(String str, WLResponseListener wLResponseListener) {
        if (str == null) {
            str = WLConstants.DEFAULT_SCOPE;
        }
        if (this.authorizationInProgress) {
            addToObtainAccessTokenQueue(str, wLResponseListener);
            return;
        }
        this.authorizationInProgress = true;
        if (shouldRegister()) {
            obtainAccessTokenWithRegistration(str, wLResponseListener);
        } else {
            obtainAccessTokenWithoutRegistration(str, wLResponseListener);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void obtainAccessTokenWithPreAZ(final String str) {
        invokePreAuthorizationRequest(str, null, new WLResponseListener() { // from class: com.worklight.wlclient.auth.WLAuthorizationManagerInternal.7
            @Override // com.worklight.wlclient.api.WLResponseListener
            public void onFailure(WLFailResponse wLFailResponse) {
                WLAuthorizationManagerInternal.this.onObtainAccessTokenFailure(str, wLFailResponse);
            }

            @Override // com.worklight.wlclient.api.WLResponseListener
            public void onSuccess(WLResponse wLResponse) {
                WLAuthorizationManagerInternal.logger.debug("Finished pre-authorization process - Sending request to Authorization Endpoint");
                WLAuthorizationManagerInternal.this.invokeAuthorizationRequest(str, new WLAuthorizationRequestListener(str));
            }
        });
    }

    private void obtainAccessTokenWithRegistration(final String str, final WLResponseListener wLResponseListener) {
        invokeRegistrationRequest(new WLRequestListener() { // from class: com.worklight.wlclient.auth.WLAuthorizationManagerInternal.8
            @Override // com.worklight.wlclient.WLRequestListener
            public void onFailure(WLFailResponse wLFailResponse) {
                WLAuthorizationManagerInternal.logger.debug("Authorization failed with status code: " + wLFailResponse.getStatus() + " and error message: " + wLFailResponse.getErrorMsg());
                wLResponseListener.onFailure(wLFailResponse);
            }

            @Override // com.worklight.wlclient.WLRequestListener
            public void onSuccess(WLResponse wLResponse) {
                WLAuthorizationManagerInternal.this.addToObtainAccessTokenQueue(str, wLResponseListener);
                WLAuthorizationManagerInternal.this.obtainAccessTokenWithPreAZ(str);
            }
        });
    }

    private void obtainAccessTokenWithoutRegistration(String str, WLResponseListener wLResponseListener) {
        addToObtainAccessTokenQueue(str, wLResponseListener);
        obtainAccessTokenWithPreAZ(str);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void onAuthorizationSuccess(String str, WLResponse wLResponse, WLResponseListener wLResponseListener) {
        String str2 = wLResponse.getHeader("Location").get(0);
        if (str2 == null) {
            onObtainAccessTokenFailure(str, new WLFailResponse(wLResponse));
            return;
        }
        String str3 = WLUtils.extractParametersFromURL(str2).get("code");
        if (str3 == null) {
            onObtainAccessTokenFailure(str, new WLFailResponse(wLResponse));
        } else {
            invokeTokenRequest(str3, wLResponseListener);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void onLoginFailure(String str, JSONObject jSONObject, WLFailResponse wLFailResponse, WLLoginResponseListener wLLoginResponseListener) {
        if (isUnknownClientError(wLFailResponse) && this.shouldCallRegistrationAfterUnknownClientError) {
            this.shouldCallRegistrationAfterUnknownClientError = false;
            logger.error("Client instance registration information is incorrect, attempting to re-register client instance.");
            clearRegistration();
            loginWithRegistration(str, jSONObject, wLLoginResponseListener);
        } else {
            wLLoginResponseListener.onFailure(wLFailResponse);
            this.authorizationInProgress = false;
            invokeNextAuthorizationRequest();
        }
        logger.debug("Login failed with status code: " + wLFailResponse.getStatus() + " and error message: " + wLFailResponse.getErrorMsg());
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void onLogoutFailure(WLFailResponse wLFailResponse, WLLogoutResponseListener wLLogoutResponseListener) {
        if (isUnknownClientError(wLFailResponse) && this.shouldCallRegistrationAfterUnknownClientError) {
            this.shouldCallRegistrationAfterUnknownClientError = false;
            logger.error("Client instance registration information is incorrect.");
            clearRegistration();
            this.authorizationInProgress = false;
        } else {
            this.authorizationInProgress = false;
            invokeNextAuthorizationRequest();
        }
        logger.debug("Logout failed with status code: " + wLFailResponse.getStatus() + " and error message: " + wLFailResponse.getErrorMsg());
        wLLogoutResponseListener.onFailure(wLFailResponse);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void onObtainAccessTokenFailure(final String str, WLFailResponse wLFailResponse) {
        String errorMsg = wLFailResponse.getErrorMsg();
        if (isUnknownClientError(wLFailResponse) && this.shouldCallRegistrationAfterUnknownClientError) {
            this.shouldCallRegistrationAfterUnknownClientError = false;
            logger.error("Client instance registration information is incorrect, attempting to re-register client instance.");
            clearRegistration();
            invokeRegistrationRequest(new WLRequestListener() { // from class: com.worklight.wlclient.auth.WLAuthorizationManagerInternal.5
                @Override // com.worklight.wlclient.WLRequestListener
                public void onFailure(WLFailResponse wLFailResponse2) {
                    WLAuthorizationManagerInternal.this.obtainAccessTokenQueue.releaseQueueOnFailure(WLAuthorizationManagerInternal.this.sortScope(str), wLFailResponse2);
                    WLAuthorizationManagerInternal.this.invokeNextAuthorizationRequest();
                }

                @Override // com.worklight.wlclient.WLRequestListener
                public void onSuccess(WLResponse wLResponse) {
                    WLAuthorizationManagerInternal.this.obtainAccessTokenWithPreAZ(str);
                }
            });
        } else {
            if (errorMsg == null) {
                errorMsg = getErrorDescription(wLFailResponse, WLErrorCode.AUTHORIZATION_FAILURE);
            }
            this.obtainAccessTokenQueue.releaseQueueOnFailure(sortScope(str), wLFailResponse);
            invokeNextAuthorizationRequest();
        }
        logger.debug("Obtain AccessToken failed with status code: " + wLFailResponse.getStatus() + " and error message: " + errorMsg);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void onRegistrationFailure(WLFailResponse wLFailResponse) {
        clearRegistration();
        abortAuthorization(wLFailResponse);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void onRegistrationSuccess(WLResponse wLResponse) throws Exception {
        if (wLResponse.getStatus() == 200) {
            logger.debug("Registration update success");
        } else {
            String firstHeader = wLResponse.getFirstHeader("Location");
            if (firstHeader == null) {
                throw new Exception("Registration Response failure - Missing Location Header");
            }
            if (!firstHeader.contains(String.format("%s/%s/%s", WLConfig.getInstance().getServerContext(), BASE_REGISTRATION, PATH_REGISTER_CLIENTS_ON_SUCCESS))) {
                throw new Exception("Registration Response failure - Incorrect Location Header");
            }
            String str = firstHeader.split("/")[r3.length - 1];
            this.clientId = str;
            WLConfig.getInstance().writeSecurityPref(CLIENT_ID_OAUTH_LABEL, str);
        }
        setClientRegisteredData();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void onTokenSuccess(WLResponse wLResponse) throws JSONException {
        JSONObject responseJSON = wLResponse.getResponseJSON();
        if (responseJSON == null) {
            throw new JSONException("response.getResponseJSON() returned null");
        }
        AccessToken accessToken = new AccessToken(responseJSON);
        String sortScope = sortScope(accessToken.getScope());
        this.scopeToToken.put(sortScope, accessToken);
        this.obtainAccessTokenQueue.releaseQueueOnSuccess(sortScope, wLResponse);
        invokeNextAuthorizationRequest();
    }

    private void sendLogoutRequest(final String str, final WLLogoutResponseListener wLLogoutResponseListener, Map<String, Object> map, String str2) {
        sendRequest(str2, map, null, RequestMethod.POST, false, true, new WLResponseListener() { // from class: com.worklight.wlclient.auth.WLAuthorizationManagerInternal.3
            @Override // com.worklight.wlclient.api.WLResponseListener
            public void onFailure(WLFailResponse wLFailResponse) {
                WLAuthorizationManagerInternal.this.onLogoutFailure(wLFailResponse, wLLogoutResponseListener);
            }

            @Override // com.worklight.wlclient.api.WLResponseListener
            public void onSuccess(WLResponse wLResponse) {
                synchronized (WLAuthorizationManagerInternal.this.authorizationInProgressLock) {
                    WLAuthorizationManagerInternal.this.scopeToToken.clear();
                    WLAuthorizationManagerInternal.logger.debug("Logged out successfully from securityCheck" + str);
                    WLAuthorizationManagerInternal.this.authorizationInProgress = false;
                    wLLogoutResponseListener.onSuccess();
                }
                WLAuthorizationManagerInternal.this.invokeNextAuthorizationRequest();
            }
        });
    }

    private void sendRequest(String str, Map<String, Object> map, HashMap<String, String> hashMap, RequestMethod requestMethod, boolean z, boolean z2, final WLResponseListener wLResponseListener) {
        WLRequestOptions wLRequestOptions = new WLRequestOptions();
        for (String str2 : map.keySet()) {
            wLRequestOptions.addParameter(str2, map.get(str2).toString());
        }
        if (hashMap != null) {
            for (String str3 : hashMap.keySet()) {
                wLRequestOptions.addHeader(str3, hashMap.get(str3));
            }
        }
        Map<String, String> globalHeaders = AsynchronousRequestSender.getInstance().getGlobalHeaders();
        if (globalHeaders != null) {
            for (String str4 : globalHeaders.keySet()) {
                wLRequestOptions.addHeader(str4, globalHeaders.get(str4));
            }
        }
        wLRequestOptions.setJsonContentType(z);
        wLRequestOptions.setAZRequest(z2);
        wLRequestOptions.setResponseListener(wLResponseListener);
        WLRequestListener wLRequestListener = new WLRequestListener() { // from class: com.worklight.wlclient.auth.WLAuthorizationManagerInternal.6
            @Override // com.worklight.wlclient.WLRequestListener
            public void onFailure(WLFailResponse wLFailResponse) {
                wLResponseListener.onFailure(wLFailResponse);
            }

            @Override // com.worklight.wlclient.WLRequestListener
            public void onSuccess(WLResponse wLResponse) {
                wLResponseListener.onSuccess(wLResponse);
            }
        };
        WLRequest wLRequest = getClientId() != null ? new WLRequest(wLRequestListener, wLRequestOptions, WLConfig.getInstance(), WLClient.getInstance().getContext(), true) : new WLClientInstanceRegistrationRequest(wLRequestListener, wLRequestOptions, WLConfig.getInstance(), WLClient.getInstance().getContext());
        wLRequest.setMethod(requestMethod);
        wLRequest.makeRequest(str, true);
    }

    private void setClientRegisteredData() throws JSONException {
        WLConfig.getInstance().writeSecurityPref(CLIENT_REGISTRATION_DATA_KEY, String.valueOf(WLConfig.getInstance().getClientData()));
    }

    private JSONObject signRegistrationData(JSONObject jSONObject) throws Exception {
        WLOAuthCertManager.getInstance().generateKeyPair();
        String[] split = WLOAuthCertManager.getInstance().signJWS(jSONObject, null).split("\\.");
        JSONObject jSONObject2 = new JSONObject();
        jSONObject2.put("header", split[0]);
        jSONObject2.put("payload", split[1]);
        jSONObject2.put("signature", split[2]);
        return jSONObject2;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public String sortScope(String str) {
        if (str == null) {
            return WLConstants.DEFAULT_SCOPE;
        }
        if (!str.contains(WLConstants.DEFAULT_SCOPE)) {
            str = str + " RegisteredClient";
        }
        String[] split = str.split("\\s+");
        Arrays.sort(split);
        StringBuilder sb = new StringBuilder();
        for (String str2 : split) {
            sb.append(str2);
            sb.append(MinimalPrettyPrinter.DEFAULT_ROOT_VALUE_SEPARATOR);
        }
        return sb.toString().trim();
    }

    public Request addAuthorizationHeader(Request request, String str) {
        return !str.equals("") ? request.newBuilder().header("Authorization", str).build() : request;
    }

    public void cacheScopeByResource(String str, String str2, String str3) {
        this.resourceToScopeCache.put(String.format("%s_%s", str, str2), sortScope(str3));
    }

    public void cacheScopeByResource(Request request, String str) {
        if (request == null || str == null) {
            return;
        }
        cacheScopeByResource(request.url().toString(), request.method(), str);
    }

    public void clearAccessToken(AccessToken accessToken) {
        if (accessToken != null) {
            removeTokenByScope(accessToken.getScope());
        }
    }

    public void clearCachedResourcesAndToken() {
        this.scopeToToken.clear();
        this.resourceToScopeCache.clear();
    }

    public void clearRegistration() {
        synchronized (this.registrationQueueLock) {
            clearCachedResourcesAndToken();
            this.clientId = null;
            WLConfig.getInstance().writeSecurityPref(CLIENT_ID_OAUTH_LABEL, null);
            WLConfig.getInstance().writeSecurityPref(CLIENT_REGISTRATION_DATA_KEY, null);
            WLOAuthCertManager.getInstance().deleteKeyPair();
        }
    }

    public void clearScopeByResource(Request request) {
        this.resourceToScopeCache.remove(String.format("%s_%s", request.url().toString(), request.method()));
    }

    public String getAuthorizationHeader(Response response) {
        if (response != null) {
            return response.headers().get("WWW-Authenticate");
        }
        return null;
    }

    public String getAuthorizationScope(HttpURLConnection httpURLConnection) {
        return getAuthorizationScope(httpURLConnection.getHeaderFields().get("WWW-Authenticate"));
    }

    public String getAuthorizationScope(Map map) {
        if (map != null) {
            Object obj = map.get("WWW-Authenticate");
            if (obj instanceof List) {
                return getAuthorizationScope(new ArrayList((List) obj));
            }
        }
        return null;
    }

    public String getAuthorizationScope(Response response) {
        if (response != null) {
            return getAuthorizationScope(response.headers().values("WWW-Authenticate"));
        }
        return null;
    }

    public String getAuthorizationServerRootPath() {
        return this.authorizationServerUrl != null ? this.authorizationServerUrl.toString() : WLConfig.getInstance().getRootURL();
    }

    public URL getAuthorizationServerRootPathAsURL() {
        try {
            return this.authorizationServerUrl != null ? this.authorizationServerUrl : new URL(WLConfig.getInstance().getRootURL());
        } catch (MalformedURLException e) {
            logger.debug("Failed to create URL from server root path");
            return null;
        }
    }

    public AccessToken getCachedAccessToken(String str) {
        String sortScope = sortScope(str);
        AccessToken accessToken = this.scopeToToken.get(sortScope);
        if (accessToken == null) {
            return null;
        }
        if (accessToken.isValidToken()) {
            return accessToken;
        }
        removeTokenByScope(sortScope);
        return null;
    }

    public String getClientId() {
        if (this.clientId == null) {
            this.clientId = WLConfig.getInstance().readSecurityPref(CLIENT_ID_OAUTH_LABEL);
        }
        return this.clientId;
    }

    protected Map<String, Object> getRegistrationParams() throws Exception {
        JSONObject signRegistrationData = signRegistrationData(getRegistrationDataJson());
        HashMap hashMap = new HashMap();
        hashMap.put("signedRegistrationData", signRegistrationData);
        return hashMap;
    }

    public String getScopeByResource(String str, String str2) {
        return this.resourceToScopeCache.get(String.format("%s_%s", str, str2));
    }

    public void invokeAuthorizationRequest(String str, WLResponseListener wLResponseListener) {
        sendRequest(createRelativePath(BASE_AUTHORIZATION, API_VERSION, PATH_OAUTH_AUTHORIZATION), getAuthorizationsParams(str), null, RequestMethod.GET, false, true, wLResponseListener);
    }

    public void invokeAuthorizationRequestForScope(final String str, final WLResponseListener wLResponseListener) {
        invokeAuthorizationRequest(str, new WLResponseListener() { // from class: com.worklight.wlclient.auth.WLAuthorizationManagerInternal.2
            @Override // com.worklight.wlclient.api.WLResponseListener
            public void onFailure(WLFailResponse wLFailResponse) {
                WLAuthorizationManagerInternal.this.onObtainAccessTokenFailure(str, wLFailResponse);
                wLResponseListener.onFailure(wLFailResponse);
            }

            @Override // com.worklight.wlclient.api.WLResponseListener
            public void onSuccess(WLResponse wLResponse) {
                WLAuthorizationManagerInternal.this.onAuthorizationSuccess(str, wLResponse, new WLResponseListener() { // from class: com.worklight.wlclient.auth.WLAuthorizationManagerInternal.2.1
                    @Override // com.worklight.wlclient.api.WLResponseListener
                    public void onFailure(WLFailResponse wLFailResponse) {
                        WLAuthorizationManagerInternal.this.onObtainAccessTokenFailure(str, wLFailResponse);
                        wLResponseListener.onFailure(wLFailResponse);
                    }

                    @Override // com.worklight.wlclient.api.WLResponseListener
                    public void onSuccess(WLResponse wLResponse2) {
                        try {
                            WLAuthorizationManagerInternal.this.onTokenSuccess(wLResponse2);
                            wLResponseListener.onSuccess(wLResponse2);
                        } catch (JSONException e) {
                            onFailure(new WLFailResponse(wLResponse2));
                        }
                    }
                });
            }
        });
    }

    public void invokeGetRegistrationDataRequest(final WLRequestListener wLRequestListener) {
        try {
            String clientId = getClientId();
            if (clientId == null) {
                wLRequestListener.onFailure(new WLFailResponse(WLErrorCode.APPLICATION_NOT_REGISTERED, "application is not registered yet", null));
                return;
            }
            String signJWS = WLOAuthCertManager.getInstance().signJWS(new JWT().toJson(), clientId);
            HashMap hashMap = new HashMap();
            hashMap.put("client_assertion", signJWS);
            hashMap.put("client_assertion_type", "urn:ietf:params:oauth:client-assertion-type:jwt-bearer");
            sendRequest(createRelativePath(BASE_REGISTRATION, API_VERSION, PATH_REGISTER_SELF) + "/" + clientId, hashMap, null, RequestMethod.GET, true, false, new WLResponseListener() { // from class: com.worklight.wlclient.auth.WLAuthorizationManagerInternal.11
                @Override // com.worklight.wlclient.api.WLResponseListener
                public void onFailure(WLFailResponse wLFailResponse) {
                    wLRequestListener.onFailure(wLFailResponse);
                }

                @Override // com.worklight.wlclient.api.WLResponseListener
                public void onSuccess(WLResponse wLResponse) {
                    wLRequestListener.onSuccess(wLResponse);
                }
            });
        } catch (Exception e) {
            throw new Error(e);
        }
    }

    public void invokeRegistrationRequest(WLRequestListener wLRequestListener) {
        synchronized (this.registrationQueueLock) {
            this.registrationQueue.add(wLRequestListener);
            invokeRegistrationRequest();
        }
    }

    public boolean isAuthorizationRequired(int i, Map map) {
        if (map == null) {
            return false;
        }
        if ((i != 401 && i != 403) || !map.containsKey("WWW-Authenticate")) {
            return false;
        }
        Iterator it = ((List) map.get("WWW-Authenticate")).iterator();
        while (it.hasNext()) {
            if (((String) it.next()).contains("Bearer")) {
                return true;
            }
        }
        return false;
    }

    public boolean isAuthorizationRequired(HttpURLConnection httpURLConnection) {
        Boolean isAuthorizationRequired;
        if (httpURLConnection == null) {
            return false;
        }
        try {
            int responseCode = httpURLConnection.getResponseCode();
            if ((responseCode == 401 || responseCode == 403) && (isAuthorizationRequired = isAuthorizationRequired(httpURLConnection.getHeaderFields().get("WWW-Authenticate"))) != null) {
                return isAuthorizationRequired.booleanValue();
            }
            return false;
        } catch (IOException e) {
            logger.debug("Unable to get HttpURLConnection response code");
            return false;
        }
    }

    public boolean isAuthorizationRequired(Response response) {
        int code = response.code();
        if (code == 401 || code == 403) {
            Boolean isAuthorizationRequired = isAuthorizationRequired(response.headers("WWW-Authenticate"));
            if (isAuthorizationRequired != null) {
                return isAuthorizationRequired.booleanValue();
            }
        } else if (isMfpConflict(response)) {
            return true;
        }
        return false;
    }

    public boolean isForbidden(Response response) {
        return response.code() == 403;
    }

    public boolean isMfpConflict(WLResponse wLResponse) {
        return wLResponse.getStatus() == 409 && wLResponse.getHeaders().containsKey("MFP-Conflict");
    }

    public boolean isRegistrationInProgress() {
        return !this.registrationQueue.isEmpty();
    }

    public void login(String str, JSONObject jSONObject, WLLoginResponseListener wLLoginResponseListener) {
        synchronized (this.authorizationInProgressLock) {
            if (this.authorizationInProgress) {
                wLLoginResponseListener.onFailure(new WLFailResponse(WLErrorCode.LOGIN_ALREADY_IN_PROCESS, WLErrorCode.LOGIN_ALREADY_IN_PROCESS.getDescription(), null));
            } else {
                this.authorizationInProgress = true;
                if (shouldRegister()) {
                    loginWithRegistration(str, jSONObject, wLLoginResponseListener);
                } else {
                    loginWithoutRegistration(str, jSONObject, wLLoginResponseListener);
                }
            }
        }
    }

    public void logout(String str, WLLogoutResponseListener wLLogoutResponseListener) {
        synchronized (this.authorizationInProgressLock) {
            if (str == null) {
                logger.debug("Security Check must be non-null");
                wLLogoutResponseListener.onFailure(new WLFailResponse(WLErrorCode.AUTHORIZATION_FAILURE, "Security Check must be non-null", null));
            }
            if (this.authorizationInProgress) {
                wLLogoutResponseListener.onFailure(new WLFailResponse(WLErrorCode.LOGOUT_ALREADY_IN_PROCESS, WLErrorCode.LOGOUT_ALREADY_IN_PROCESS.getDescription(), null));
            } else {
                this.authorizationInProgress = true;
                if (getClientId() != null) {
                    sendLogoutRequest(str, wLLogoutResponseListener, getLogoutParams(str), createRelativePath(BASE_PREAUTH, API_VERSION, "logout"));
                } else {
                    logger.debug("Cannot logout before client is registered.");
                    this.authorizationInProgress = false;
                    wLLogoutResponseListener.onFailure(new WLFailResponse(WLErrorCode.AUTHORIZATION_FAILURE, "Cannot logout before client is registered.", null));
                }
            }
        }
    }

    public void obtainAccessToken(final String str, final WLAccessTokenListener wLAccessTokenListener) {
        synchronized (this.authorizationInProgressLock) {
            AccessToken cachedAccessToken = getCachedAccessToken(str);
            if (cachedAccessToken != null) {
                wLAccessTokenListener.onSuccess(cachedAccessToken);
            } else {
                obtainAccessToken(str, new WLResponseListener() { // from class: com.worklight.wlclient.auth.WLAuthorizationManagerInternal.1
                    @Override // com.worklight.wlclient.api.WLResponseListener
                    public void onFailure(WLFailResponse wLFailResponse) {
                        wLAccessTokenListener.onFailure(wLFailResponse);
                    }

                    @Override // com.worklight.wlclient.api.WLResponseListener
                    public void onSuccess(WLResponse wLResponse) {
                        wLAccessTokenListener.onSuccess(WLAuthorizationManagerInternal.this.getCachedAccessToken(str));
                    }
                });
            }
        }
    }

    public void removeTokenByScope(String str) {
        this.scopeToToken.remove(sortScope(str));
    }

    public void setAuthorizationServerUrl(URL url) {
        this.authorizationServerUrl = url;
    }

    public boolean shouldRegister() {
        if (getClientId() == null) {
            return true;
        }
        String readSecurityPref = WLConfig.getInstance().readSecurityPref(CLIENT_REGISTRATION_DATA_KEY);
        try {
            return readSecurityPref == null || !readSecurityPref.equalsIgnoreCase(String.valueOf(WLConfig.getInstance().getClientData()));
        } catch (JSONException e) {
            throw new Error("Could not get current device data");
        }
    }
}
