package com.citrix.auth.client;

import com.citrix.auth.client.CallbackExecutor;
import com.citrix.auth.client.persist.CommonMessage;
import com.citrix.auth.client.persist.IAuthStateSerializer;
import com.citrix.auth.client.persist.IPersistCryptoAgent;
import com.citrix.foundation.AsyncTaskSerializedRunner;
import com.citrix.foundation.IAsyncTask;
import com.citrix.foundation.IAsyncTaskCompletionCallback;
import com.citrix.proto.comm.http.auth.AuthPersistence;
import com.citrixonline.platform.MCAPI.MSessionEvent;
import com.google.api.client.auth.oauth2.Credential;
import com.google.api.client.auth.oauth2.CredentialRefreshListener;
import com.google.api.client.auth.oauth2.TokenErrorResponse;
import com.google.api.client.auth.oauth2.TokenResponse;
import com.google.api.client.auth.oauth2.TokenResponseException;
import com.google.api.client.http.GenericUrl;
import com.google.api.client.http.HttpExecuteInterceptor;
import com.google.api.client.http.HttpRequest;
import com.google.api.client.http.HttpRequestFactory;
import com.google.api.client.http.HttpResponse;
import com.google.api.client.http.HttpResponseInterceptor;
import com.google.api.client.http.UrlEncodedContent;
import com.google.api.client.json.GenericJson;
import com.google.api.client.json.JsonFactory;
import com.google.api.client.json.JsonObjectParser;
import com.google.api.client.util.Key;
import com.google.protobuf.InvalidProtocolBufferException;
import java.io.IOException;
import java.lang.reflect.Method;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.concurrent.Executor;
import java.util.logging.Logger;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes.dex */
public class OAuthAuthorizer implements IHttpAuthorizer, ITokenAgentListener, CredentialRefreshListener, IAuthFlowCompletion {
    static final /* synthetic */ boolean $assertionsDisabled;
    private static Logger _log = null;
    static final long kExpirationClockErrorMargin = 5;
    private final Credential.AccessMethod _accessMethod;
    private IAuthorizationFlow _authFlow;
    private final Executor _callbackExecutor;
    private final HttpExecuteInterceptor _clientAuthentication;
    private Credential _credential;
    private final IPersistCryptoAgent _cryptoAgent;
    private boolean _dead;
    private final com.google.api.client.http.HttpTransport _httpTransport;
    private final IOAuthInitialFlowFactory _initialFlowFactory;
    private final JsonFactory _jsonFactory;
    private final Executor _offThreadExecutor;
    private final RevokeCallbackErrorHandler _revokeCallbackErrorHandler;
    private final String _revokeUri;
    private String[] _scopes;
    private final IAuthStateSerializer _serializer;
    private AsyncTaskSerializedRunner _taskRunner;
    private final TokenConsumerErrorHandler _tokConsumerErrorHandler;
    private IHttpTokenAgent _tokenAgent;
    private final TokenAgentFactory _tokenAgentFactory;
    private final String _tokenUri;
    private final UpdateListenerErrorHandler _updateListenerErrorHandler;
    private final HashMap<IHttpAuthUpdateListener, IHttpAuthUpdateListener> _updateListeners;
    private IHttpTokenConsumer _waitingConsumer;

    /* loaded from: classes.dex */
    class RequestTokenAgentTask implements IAsyncTask, Runnable, IAsyncTaskCompletionCallback, IAuthFlowCompletion {
        private IAsyncTaskCompletionCallback _completionCallback;
        private final IHttpTokenConsumer _tokenConsumer;

        public RequestTokenAgentTask(IHttpTokenConsumer iHttpTokenConsumer) {
            this._tokenConsumer = iHttpTokenConsumer;
        }

        @Override // com.citrix.foundation.IAsyncTaskCompletionCallback
        public void complete() {
            completeTask();
        }

        void completeTask() {
            synchronized (OAuthAuthorizer.this) {
                OAuthAuthorizer.this._waitingConsumer = null;
            }
            this._completionCallback.complete();
        }

        IAuthorizationFlow createTokenFlow() {
            if (OAuthAuthorizer.this._waitingConsumer != null) {
                throw new IllegalStateException("Unrecoverable inconsistent authorizer state.");
            }
            OAuthAuthorizer.this._waitingConsumer = this._tokenConsumer;
            if (OAuthAuthorizer.this._authFlow != null) {
                throw new IllegalStateException("Authorizer already has flow in progress.");
            }
            return OAuthAuthorizer.this._credential != null ? new OAuthRefreshTokenFlow(OAuthAuthorizer.this._credential, OAuthAuthorizer.this._offThreadExecutor, OAuthAuthorizer.this, this) : OAuthAuthorizer.this._initialFlowFactory.createInitialFlow(this);
        }

        @Override // com.citrix.auth.client.IAuthFlowCompletion
        public void handleAuthFailure(Exception exc) {
            OAuthAuthorizer.this.handleAuthFailure(exc);
            completeTask();
        }

        @Override // com.citrix.auth.client.IAuthFlowCompletion
        public void handleAuthSuccess(TokenResponse tokenResponse) {
            OAuthAuthorizer.this.handleAuthSuccess(tokenResponse);
            completeTask();
        }

        @Override // java.lang.Runnable
        public void run() {
            IHttpTokenAgent iHttpTokenAgent = null;
            IAuthorizationFlow iAuthorizationFlow = null;
            Exception exc = null;
            try {
                synchronized (OAuthAuthorizer.this) {
                    if (OAuthAuthorizer.this._dead) {
                        throw new IllegalStateException("Token revoked.");
                    }
                    if (OAuthAuthorizer.this._credential != null && OAuthAuthorizer._isExpired(OAuthAuthorizer.this._credential, 5L)) {
                        OAuthAuthorizer.this._tokenAgent = null;
                    }
                    iHttpTokenAgent = OAuthAuthorizer.this._tokenAgent;
                    if (OAuthAuthorizer.this._tokenAgent == null) {
                        OAuthAuthorizer.this._authFlow = createTokenFlow();
                        iAuthorizationFlow = OAuthAuthorizer.this._authFlow;
                    }
                }
            } catch (Exception e) {
                exc = e;
            }
            if (iAuthorizationFlow != null) {
                iAuthorizationFlow.activate();
                return;
            }
            if (exc == null) {
                this._tokenConsumer.acceptTokenAgent(iHttpTokenAgent);
            } else {
                this._tokenConsumer.authorizationFailed(exc);
            }
            completeTask();
        }

        @Override // com.citrix.foundation.IAsyncTask
        public void start(IAsyncTaskCompletionCallback iAsyncTaskCompletionCallback) {
            this._completionCallback = iAsyncTaskCompletionCallback;
            try {
                OAuthAuthorizer.this._offThreadExecutor.execute(this);
            } catch (Throwable th) {
                this._tokenConsumer.authorizationFailed(ExceptionUtils.toException(th));
                completeTask();
            }
        }
    }

    /* loaded from: classes.dex */
    class RevokeCallbackErrorHandler implements CallbackExecutor.IErrorHandler {
        RevokeCallbackErrorHandler() {
        }

        @Override // com.citrix.auth.client.CallbackExecutor.IErrorHandler
        public void onError(Exception exc, Object obj, Method method, Object[] objArr) {
            ((IRevokeTokenCallback) obj).onFailure(exc);
        }
    }

    /* loaded from: classes.dex */
    protected static class RevokeErrorResponse extends GenericJson {

        @Key(MSessionEvent.ERROR)
        private String _error;

        @Key("error_description")
        private String _errorDescription;

        @Key("error_uri")
        private String _errorUri;

        protected String getError() {
            return this._error;
        }

        protected String getErrorDescription() {
            return this._errorDescription;
        }

        protected String getErrorUri() {
            return this._errorUri;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public class RevokeResponseInterceptor implements HttpResponseInterceptor {
        private RevokeResponseInterceptor() {
        }

        @Override // com.google.api.client.http.HttpResponseInterceptor
        public void interceptResponse(HttpResponse httpResponse) throws IOException {
            RevokeErrorResponse revokeErrorResponse;
            AuthorizationFailureException createSpecific;
            if (httpResponse.getStatusCode() != 200 && (revokeErrorResponse = (RevokeErrorResponse) httpResponse.parseAs(RevokeErrorResponse.class)) != null && (createSpecific = AuthorizationFailureException.createSpecific(revokeErrorResponse.getError(), revokeErrorResponse.getErrorDescription(), null, true)) != null) {
                throw new IOException(createSpecific);
            }
        }
    }

    /* loaded from: classes.dex */
    class RevokeTokenTask implements IAsyncTask, Runnable {
        private IRevokeTokenCallback _revokeCallback;
        private IAsyncTaskCompletionCallback _taskCompletion;

        RevokeTokenTask(IRevokeTokenCallback iRevokeTokenCallback) {
            this._revokeCallback = iRevokeTokenCallback;
        }

        @Override // java.lang.Runnable
        public void run() {
            OAuthAuthorizer.this._revokeToken(this._revokeCallback);
            this._taskCompletion.complete();
        }

        @Override // com.citrix.foundation.IAsyncTask
        public void start(IAsyncTaskCompletionCallback iAsyncTaskCompletionCallback) {
            this._taskCompletion = iAsyncTaskCompletionCallback;
            try {
                OAuthAuthorizer.this._offThreadExecutor.execute(this);
            } catch (Throwable th) {
                this._revokeCallback.onFailure(ExceptionUtils.toException(th));
                this._taskCompletion.complete();
            }
        }
    }

    /* loaded from: classes.dex */
    class TokenConsumerErrorHandler implements CallbackExecutor.IErrorHandler {
        TokenConsumerErrorHandler() {
        }

        @Override // com.citrix.auth.client.CallbackExecutor.IErrorHandler
        public void onError(Exception exc, Object obj, Method method, Object[] objArr) {
            ((IHttpTokenConsumer) obj).authorizationFailed(exc);
        }
    }

    /* loaded from: classes.dex */
    class UpdateListenerErrorHandler implements CallbackExecutor.IErrorHandler {
        UpdateListenerErrorHandler() {
        }

        @Override // com.citrix.auth.client.CallbackExecutor.IErrorHandler
        public void onError(Exception exc, Object obj, Method method, Object[] objArr) {
            OAuthAuthorizer._log.severe("ERROR: Uncaught exception occured within IHttpAuthUpdateListener.handleUpdate()\n\n" + ExceptionUtils.getStackTraceAsString(exc));
            exc.printStackTrace();
        }
    }

    static {
        $assertionsDisabled = !OAuthAuthorizer.class.desiredAssertionStatus();
        _log = AuthLogger.get();
    }

    public OAuthAuthorizer(OAuthAuthorizerBuilder<?> oAuthAuthorizerBuilder, IOAuthInitialFlowFactory iOAuthInitialFlowFactory) throws InvalidPersistentStateException {
        this._callbackExecutor = oAuthAuthorizerBuilder.callbackExecutor();
        this._offThreadExecutor = oAuthAuthorizerBuilder.offThreadExecutor();
        this._taskRunner = new AsyncTaskSerializedRunner(this._offThreadExecutor, _log);
        this._httpTransport = oAuthAuthorizerBuilder.transport();
        this._jsonFactory = oAuthAuthorizerBuilder.jsonFactory();
        this._cryptoAgent = oAuthAuthorizerBuilder.cryptoAgent();
        this._serializer = oAuthAuthorizerBuilder.serializer();
        this._tokenUri = oAuthAuthorizerBuilder.tokenUri();
        this._revokeUri = oAuthAuthorizerBuilder.revokeUri();
        _setScopes(oAuthAuthorizerBuilder.scopes());
        this._clientAuthentication = oAuthAuthorizerBuilder.clientAuthentication();
        this._accessMethod = oAuthAuthorizerBuilder.accessMethod();
        this._initialFlowFactory = iOAuthInitialFlowFactory;
        this._tokenAgentFactory = (TokenAgentFactory) oAuthAuthorizerBuilder.tokenAgentFactory();
        this._updateListeners = new HashMap<>();
        this._tokConsumerErrorHandler = new TokenConsumerErrorHandler();
        this._revokeCallbackErrorHandler = new RevokeCallbackErrorHandler();
        this._updateListenerErrorHandler = new UpdateListenerErrorHandler();
        processPersistentState(oAuthAuthorizerBuilder.persistedState(), oAuthAuthorizerBuilder.requiresValidPersistedState());
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static boolean _isExpired(Credential credential, long j) {
        Long expiresInSeconds = credential.getExpiresInSeconds();
        return expiresInSeconds != null && expiresInSeconds.longValue() <= j;
    }

    private void _notifyUpdateListeners() {
        Iterator<Map.Entry<IHttpAuthUpdateListener, IHttpAuthUpdateListener>> it = this._updateListeners.entrySet().iterator();
        while (it.hasNext()) {
            it.next().getValue().handleAuthUpdate(this);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void _revokeToken(IRevokeTokenCallback iRevokeTokenCallback) {
        String refreshToken;
        String str;
        try {
            synchronized (this) {
                if (this._dead) {
                    throw new IllegalStateException("Token already revoked.");
                }
                this._dead = true;
                if (this._revokeUri == null) {
                    throw new IllegalStateException("No revoke URI provided.");
                }
                if (this._credential == null) {
                    throw new IllegalStateException("No token to revoke.");
                }
                refreshToken = this._credential.getRefreshToken();
                if (refreshToken != null) {
                    str = "refresh_token";
                } else {
                    refreshToken = this._credential.getAccessToken();
                    if (refreshToken == null) {
                        throw new IllegalStateException("No token to revoke.");
                    }
                    str = "access_token";
                }
            }
            _sendRevokeTokenRequest(refreshToken, str);
            iRevokeTokenCallback.onSuccess();
        } catch (IOException e) {
            Throwable cause = e.getCause();
            if (cause instanceof AuthorizationFailureException) {
                iRevokeTokenCallback.onFailure((AuthorizationFailureException) cause);
            } else {
                iRevokeTokenCallback.onFailure(e);
            }
        } catch (Exception e2) {
            iRevokeTokenCallback.onFailure(e2);
        }
    }

    private void _sendRevokeTokenRequest(String str, String str2) throws IOException {
        HttpRequestFactory createRequestFactory = this._httpTransport.createRequestFactory();
        HashMap hashMap = new HashMap(2);
        hashMap.put("token", str);
        if (str2 != null && !str2.isEmpty()) {
            hashMap.put("token_type_hint", str2);
        }
        HttpRequest buildPostRequest = createRequestFactory.buildPostRequest(new GenericUrl(this._revokeUri), new UrlEncodedContent(hashMap));
        buildPostRequest.getHeaders().setContentType("application/x-www-form-urlencoded");
        buildPostRequest.setParser(new JsonObjectParser(this._jsonFactory));
        buildPostRequest.setInterceptor(this._clientAuthentication);
        buildPostRequest.setResponseInterceptor(new RevokeResponseInterceptor());
        buildPostRequest.execute();
    }

    private void _setScopes(String[] strArr) {
        if (strArr == null || strArr.length == 0) {
            return;
        }
        this._scopes = Scope.makeCanonical(strArr);
    }

    protected void _processPersistentState(AuthPersistence.OAuthState oAuthState) {
        try {
            ITokenType createTokenTypeFor = TokenTypeFactory.createTokenTypeFor(oAuthState);
            Credential createCredential = createTokenTypeFor.createCredential(oAuthState, makeSelfRefreshCredentialBuilder());
            String accessToken = createCredential.getAccessToken();
            String refreshToken = createCredential.getRefreshToken();
            if (_isExpired(createCredential, 5L)) {
                accessToken = null;
            }
            if (refreshToken != null && refreshToken.isEmpty()) {
                refreshToken = null;
            }
            if (accessToken == null && refreshToken == null) {
                return;
            }
            String[] makeCanonical = Scope.makeCanonical(oAuthState.getAuthScope());
            IHttpTokenAgent create = accessToken != null ? this._tokenAgentFactory.create(createCredential, makeCanonical, createTokenTypeFor, this) : null;
            _setScopes(makeCanonical);
            this._credential = createCredential;
            this._tokenAgent = create;
        } catch (InvalidProtocolBufferException e) {
            e.printStackTrace();
        }
    }

    @Override // com.citrix.auth.client.ITokenAgentListener
    public synchronized void accessTokenFailed(IHttpTokenAgent iHttpTokenAgent) {
        if (iHttpTokenAgent == this._tokenAgent) {
            this._tokenAgent = null;
        }
    }

    @Override // com.citrix.auth.client.IHttpAuthorizer
    public String[] getAuthorizedScopes() {
        return this._scopes == null ? this._scopes : (String[]) Arrays.copyOf(this._scopes, this._scopes.length);
    }

    @Override // com.citrix.auth.client.IHttpAuthorizer
    public byte[] getPersistentState() {
        byte[] serializeAuthState;
        synchronized (this) {
            if (this._dead || this._credential == null) {
                throw new IllegalStateException("not authorized");
            }
            TokenAgent tokenAgent = _isExpired(this._credential, 0L) ? null : (TokenAgent) this._tokenAgent;
            serializeAuthState = this._serializer.serializeAuthState(this._credential.getRefreshToken(), tokenAgent != null ? tokenAgent.tokenType().persistAccessInfo(this._credential) : null, this._scopes);
        }
        return CommonMessage.composer().compose(this._cryptoAgent.encryptMessage(serializeAuthState));
    }

    @Override // com.citrix.auth.client.IAuthFlowCompletion
    public void handleAuthFailure(Exception exc) {
        synchronized (this) {
            if (this._authFlow == null) {
                return;
            }
            this._authFlow = null;
            if (!$assertionsDisabled && (exc instanceof TokenResponseException)) {
                throw new AssertionError();
            }
            if (exc instanceof AuthorizationFailureException) {
                this._dead = true;
            }
            if (this._waitingConsumer != null) {
                this._waitingConsumer.authorizationFailed(exc);
            }
        }
    }

    protected void handleAuthSuccess(Credential credential, IHttpTokenAgent iHttpTokenAgent) {
        synchronized (this) {
            if (this._authFlow == null) {
                return;
            }
            this._authFlow = null;
            this._credential = credential;
            this._tokenAgent = iHttpTokenAgent;
            _setScopes(this._tokenAgent.getAuthorizedScopes());
            _notifyUpdateListeners();
            if (this._waitingConsumer != null) {
                this._waitingConsumer.acceptTokenAgent(iHttpTokenAgent);
            }
        }
    }

    @Override // com.citrix.auth.client.IAuthFlowCompletion
    public void handleAuthSuccess(TokenResponse tokenResponse) {
        handleAuthSuccess(tokenResponse, (Credential) null);
    }

    protected void handleAuthSuccess(TokenResponse tokenResponse, Credential credential) {
        String[] strArr = this._scopes;
        String[] makeCanonical = Scope.makeCanonical(tokenResponse.getScope());
        if (makeCanonical != null && makeCanonical.length > 0) {
            strArr = makeCanonical;
        }
        ITokenType createTokenTypeFor = TokenTypeFactory.createTokenTypeFor(tokenResponse);
        if (credential == null) {
            credential = createTokenTypeFor.createCredential(tokenResponse, makeSelfRefreshCredentialBuilder());
        }
        _log.fine(String.format("new access token expires in %d seconds.", credential.getExpiresInSeconds()));
        handleAuthSuccess(credential, this._tokenAgentFactory.create(credential, strArr, createTokenTypeFor, this));
    }

    protected Credential.Builder makeSelfRefreshCredentialBuilder() {
        return new Credential.Builder(this._accessMethod).setTransport(this._httpTransport).setJsonFactory(this._jsonFactory).setTokenServerEncodedUrl(this._tokenUri).setClientAuthentication(this._clientAuthentication).addRefreshListener(this);
    }

    @Override // com.google.api.client.auth.oauth2.CredentialRefreshListener
    public synchronized void onTokenErrorResponse(Credential credential, TokenErrorResponse tokenErrorResponse) throws IOException {
        if (credential == this._credential) {
            handleAuthFailure(ExceptionUtils.createAuthFailExceptionFor(tokenErrorResponse));
        }
    }

    @Override // com.google.api.client.auth.oauth2.CredentialRefreshListener
    public synchronized void onTokenResponse(Credential credential, TokenResponse tokenResponse) throws IOException {
        if (credential == this._credential) {
            handleAuthSuccess(tokenResponse, credential);
        }
    }

    protected void processPersistentState(AuthPersistence.OAuthState oAuthState, boolean z) throws InvalidPersistentStateException {
        if (oAuthState != null) {
            _processPersistentState(oAuthState);
        }
        if (this._tokenAgent == null && z) {
            throw new InvalidPersistentStateException("persistent state absent or invalid");
        }
    }

    @Override // com.citrix.auth.client.IHttpAuthorizer
    public void registerUpdateListener(IHttpAuthUpdateListener iHttpAuthUpdateListener) {
        this._updateListeners.put(iHttpAuthUpdateListener, (IHttpAuthUpdateListener) CallbackExecutor.proxy(IHttpAuthUpdateListener.class, iHttpAuthUpdateListener, this._callbackExecutor, this._updateListenerErrorHandler));
    }

    @Override // com.citrix.auth.client.IHttpAuthorizer
    public void requestTokenAgent(IHttpTokenConsumer iHttpTokenConsumer) {
        this._taskRunner.addTask(new RequestTokenAgentTask((IHttpTokenConsumer) CallbackExecutor.proxy(IHttpTokenConsumer.class, iHttpTokenConsumer, this._callbackExecutor, this._tokConsumerErrorHandler)));
    }

    @Override // com.citrix.auth.client.IHttpAuthorizer
    public void revoke(IRevokeTokenCallback iRevokeTokenCallback) {
        this._taskRunner.addTask(new RevokeTokenTask((IRevokeTokenCallback) CallbackExecutor.proxy(IRevokeTokenCallback.class, iRevokeTokenCallback, this._callbackExecutor, this._revokeCallbackErrorHandler)));
    }

    @Override // com.citrix.auth.client.IHttpAuthorizer
    public void unregisterUpdateListener(IHttpAuthUpdateListener iHttpAuthUpdateListener) {
        this._updateListeners.remove(iHttpAuthUpdateListener);
    }
}
