package com.salesforce.androidsdk.ui;

import android.annotation.TargetApi;
import android.app.Activity;
import android.content.Context;
import android.net.Uri;
import android.net.http.SslError;
import android.os.AsyncTask;
import android.os.Bundle;
import android.security.KeyChain;
import android.security.KeyChainAliasCallback;
import android.security.KeyChainException;
import android.text.TextUtils;
import android.util.Log;
import android.webkit.ClientCertRequest;
import android.webkit.SslErrorHandler;
import android.webkit.WebChromeClient;
import android.webkit.WebView;
import android.webkit.WebViewClient;
import android.widget.Toast;
import com.localytics.android.SessionHandler;
import com.salesforce.androidsdk.R;
import com.salesforce.androidsdk.accounts.UserAccount;
import com.salesforce.androidsdk.app.SalesforceSDKManager;
import com.salesforce.androidsdk.auth.HttpAccess;
import com.salesforce.androidsdk.auth.OAuth2;
import com.salesforce.androidsdk.config.BootConfig;
import com.salesforce.androidsdk.config.RuntimeConfig;
import com.salesforce.androidsdk.push.PushMessaging;
import com.salesforce.androidsdk.rest.ClientManager;
import com.salesforce.androidsdk.security.PasscodeManager;
import com.salesforce.androidsdk.util.EventsObservable;
import com.salesforce.androidsdk.util.UriFragmentParser;
import java.net.URI;
import java.net.URISyntaxException;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.util.Locale;
import java.util.Map;

/* loaded from: classes.dex */
public class OAuthWebviewHelper implements KeyChainAliasCallback {
    static final /* synthetic */ boolean $assertionsDisabled;
    private static final String ACCOUNT_OPTIONS = "accountOptions";
    public static final String MUST_BE_MANAGED_APP_PERM = "must_be_managed_app";
    private AccountOptions accountOptions;
    private Activity activity;
    private final OAuthWebviewHelperEvents callback;
    private X509Certificate[] certChain;
    private PrivateKey key;
    protected final ClientManager.LoginOptions loginOptions;
    private final WebView webview;

    /* loaded from: classes.dex */
    public static class AccountOptions {
        private static final String AUTH_TOKEN = "authToken";
        private static final String COMMUNITY_ID = "communityId";
        private static final String COMMUNITY_URL = "communityUrl";
        private static final String IDENTITY_URL = "identityUrl";
        private static final String INSTANCE_URL = "instanceUrl";
        private static final String ORG_ID = "orgId";
        private static final String REFRESH_TOKEN = "refreshToken";
        private static final String USERNAME = "username";
        private static final String USER_ID = "userId";
        public final String authToken;
        private final Bundle bundle = new Bundle();
        public final String communityId;
        public final String communityUrl;
        public final String identityUrl;
        public final String instanceUrl;
        public final String orgId;
        public final String refreshToken;
        public final String userId;
        public final String username;

        public AccountOptions(String str, String str2, String str3, String str4, String str5, String str6, String str7, String str8, String str9) {
            this.username = str;
            this.refreshToken = str2;
            this.authToken = str3;
            this.identityUrl = str4;
            this.instanceUrl = str5;
            this.orgId = str6;
            this.userId = str7;
            this.communityId = str8;
            this.communityUrl = str9;
            this.bundle.putString("username", str);
            this.bundle.putString("refreshToken", str2);
            this.bundle.putString("authToken", str3);
            this.bundle.putString("instanceUrl", str5);
            this.bundle.putString("orgId", str6);
            this.bundle.putString("userId", str7);
            this.bundle.putString("communityId", str8);
            this.bundle.putString("communityUrl", str9);
        }

        public static AccountOptions fromBundle(Bundle bundle) {
            if (bundle == null) {
                return null;
            }
            return new AccountOptions(bundle.getString("username"), bundle.getString("refreshToken"), bundle.getString("authToken"), bundle.getString(IDENTITY_URL), bundle.getString("instanceUrl"), bundle.getString("orgId"), bundle.getString("userId"), bundle.getString("communityId"), bundle.getString("communityUrl"));
        }

        public Bundle asBundle() {
            return this.bundle;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: classes.dex */
    public class AuthWebChromeClient extends WebChromeClient {
        /* JADX INFO: Access modifiers changed from: protected */
        public AuthWebChromeClient() {
        }

        @Override // android.webkit.WebChromeClient
        public void onProgressChanged(WebView webView, int i) {
            OAuthWebviewHelper.this.callback.onLoadingProgress(i * 100);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: classes.dex */
    public class AuthWebViewClient extends WebViewClient {
        /* JADX INFO: Access modifiers changed from: protected */
        public AuthWebViewClient() {
        }

        @Override // android.webkit.WebViewClient
        public void onPageFinished(WebView webView, String str) {
            EventsObservable.get().notifyEvent(EventsObservable.EventType.AuthWebViewPageFinished, str);
            super.onPageFinished(webView, str);
        }

        @Override // android.webkit.WebViewClient
        @TargetApi(SessionHandler.MESSAGE_HANDLE_PUSH_RECEIVED)
        public void onReceivedClientCertRequest(WebView webView, ClientCertRequest clientCertRequest) {
            clientCertRequest.proceed(OAuthWebviewHelper.this.key, OAuthWebviewHelper.this.certChain);
        }

        @Override // android.webkit.WebViewClient
        public void onReceivedSslError(WebView webView, SslErrorHandler sslErrorHandler, SslError sslError) {
            int primaryError = sslError.getPrimaryError();
            SalesforceR salesforceR = SalesforceSDKManager.getInstance().getSalesforceR();
            int stringSSLUnknownError = salesforceR.stringSSLUnknownError();
            switch (primaryError) {
                case 0:
                    stringSSLUnknownError = salesforceR.stringSSLNotYetValid();
                    break;
                case 1:
                    stringSSLUnknownError = salesforceR.stringSSLExpired();
                    break;
                case 2:
                    stringSSLUnknownError = salesforceR.stringSSLIdMismatch();
                    break;
                case 3:
                    stringSSLUnknownError = salesforceR.stringSSLUntrusted();
                    break;
            }
            Toast.makeText(OAuthWebviewHelper.this.getContext(), OAuthWebviewHelper.this.getContext().getString(salesforceR.stringSSLError(), OAuthWebviewHelper.this.getContext().getString(stringSSLUnknownError)), 1).show();
            sslErrorHandler.cancel();
        }

        @Override // android.webkit.WebViewClient
        public boolean shouldOverrideUrlLoading(WebView webView, String str) {
            boolean startsWith = str.replace("///", "/").toLowerCase(Locale.US).startsWith(OAuthWebviewHelper.this.loginOptions.oauthCallbackUrl.replace("///", "/").toLowerCase(Locale.US));
            if (startsWith) {
                Map<String, String> parse = UriFragmentParser.parse(Uri.parse(str));
                String str2 = parse.get("error");
                if (str2 != null) {
                    OAuthWebviewHelper.this.onAuthFlowError(str2, parse.get("error_description"));
                } else {
                    OAuthWebviewHelper.this.onAuthFlowComplete(new OAuth2.TokenEndpointResponse(parse));
                }
            }
            return startsWith;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: classes.dex */
    public abstract class BaseFinishAuthFlowTask<RequestType> extends AsyncTask<RequestType, Boolean, OAuth2.TokenEndpointResponse> {
        protected volatile Exception backgroundException;
        protected volatile OAuth2.IdServiceResponse id = null;

        public BaseFinishAuthFlowTask() {
        }

        /* JADX INFO: Access modifiers changed from: protected */
        /* JADX WARN: Can't rename method to resolve collision */
        @Override // android.os.AsyncTask
        public final OAuth2.TokenEndpointResponse doInBackground(RequestType... requesttypeArr) {
            try {
                publishProgress(true);
                return performRequest(requesttypeArr[0]);
            } catch (Exception e) {
                handleException(e);
                return null;
            }
        }

        protected void handleException(Exception exc) {
            if (exc.getMessage() != null) {
                Log.w("BaseFinishAuthFlowTask", "handleException", exc);
            }
            this.backgroundException = exc;
        }

        /* JADX INFO: Access modifiers changed from: protected */
        @Override // android.os.AsyncTask
        public void onPostExecute(OAuth2.TokenEndpointResponse tokenEndpointResponse) {
            SalesforceSDKManager salesforceSDKManager = SalesforceSDKManager.getInstance();
            if (this.backgroundException != null) {
                Log.w("LoginActiviy.onAuthFlowComplete", this.backgroundException);
                OAuthWebviewHelper.this.onAuthFlowError(OAuthWebviewHelper.this.getContext().getString(salesforceSDKManager.getSalesforceR().stringGenericAuthenticationErrorTitle()), OAuthWebviewHelper.this.getContext().getString(salesforceSDKManager.getSalesforceR().stringGenericAuthenticationErrorBody()));
                OAuthWebviewHelper.this.callback.finish();
                return;
            }
            if (this.id.customPermissions != null && this.id.customPermissions.optBoolean(OAuthWebviewHelper.MUST_BE_MANAGED_APP_PERM) && !RuntimeConfig.getRuntimeConfig(OAuthWebviewHelper.this.getContext()).isManagedApp()) {
                OAuthWebviewHelper.this.onAuthFlowError(OAuthWebviewHelper.this.getContext().getString(salesforceSDKManager.getSalesforceR().stringGenericAuthenticationErrorTitle()), OAuthWebviewHelper.this.getContext().getString(salesforceSDKManager.getSalesforceR().stringManagedAppError()));
                OAuthWebviewHelper.this.callback.finish();
                return;
            }
            OAuthWebviewHelper.this.accountOptions = new AccountOptions(this.id.username, tokenEndpointResponse.refreshToken, tokenEndpointResponse.authToken, tokenEndpointResponse.idUrl, tokenEndpointResponse.instanceUrl, tokenEndpointResponse.orgId, tokenEndpointResponse.userId, tokenEndpointResponse.communityId, tokenEndpointResponse.communityUrl);
            UserAccount userAccount = new UserAccount(OAuthWebviewHelper.this.accountOptions.authToken, OAuthWebviewHelper.this.accountOptions.refreshToken, OAuthWebviewHelper.this.loginOptions.loginUrl, OAuthWebviewHelper.this.accountOptions.identityUrl, OAuthWebviewHelper.this.accountOptions.instanceUrl, OAuthWebviewHelper.this.accountOptions.orgId, OAuthWebviewHelper.this.accountOptions.userId, OAuthWebviewHelper.this.accountOptions.username, OAuthWebviewHelper.this.buildAccountName(OAuthWebviewHelper.this.accountOptions.username, OAuthWebviewHelper.this.accountOptions.instanceUrl), OAuthWebviewHelper.this.loginOptions.clientSecret, OAuthWebviewHelper.this.accountOptions.communityId, OAuthWebviewHelper.this.accountOptions.communityUrl);
            if (this.id.customAttributes != null) {
                salesforceSDKManager.getAdminSettingsManager().setPrefs(this.id.customAttributes, userAccount);
            }
            if (this.id.customPermissions != null) {
                salesforceSDKManager.getAdminPermsManager().setPrefs(this.id.customPermissions, userAccount);
            }
            if (this.id.screenLockTimeout <= 0) {
                salesforceSDKManager.getPasscodeManager().storeMobilePolicyForOrg(userAccount, 0, 4);
                OAuthWebviewHelper.this.loginOptions.passcodeHash = salesforceSDKManager.getPasscodeHash();
                OAuthWebviewHelper.this.addAccount();
                OAuthWebviewHelper.this.callback.finish();
                return;
            }
            PasscodeManager passcodeManager = salesforceSDKManager.getPasscodeManager();
            passcodeManager.storeMobilePolicyForOrg(userAccount, this.id.screenLockTimeout * 1000 * 60, this.id.pinLength);
            passcodeManager.setTimeoutMs(this.id.screenLockTimeout * 1000 * 60);
            passcodeManager.setMinPasscodeLength(this.id.pinLength);
            if (!passcodeManager.hasStoredPasscode(salesforceSDKManager.getAppContext())) {
                salesforceSDKManager.getPasscodeManager().setEnabled(true);
                salesforceSDKManager.getPasscodeManager().lockIfNeeded((Activity) OAuthWebviewHelper.this.getContext(), true);
            } else {
                OAuthWebviewHelper.this.loginOptions.passcodeHash = salesforceSDKManager.getPasscodeHash();
                OAuthWebviewHelper.this.addAccount();
                OAuthWebviewHelper.this.callback.finish();
            }
        }

        /* JADX INFO: Access modifiers changed from: protected */
        @Override // android.os.AsyncTask
        public void onProgressUpdate(Boolean... boolArr) {
            OAuthWebviewHelper.this.callback.onIndeterminateProgress(boolArr[0].booleanValue());
        }

        protected abstract OAuth2.TokenEndpointResponse performRequest(RequestType requesttype) throws Exception;
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public class FinishAuthTask extends BaseFinishAuthFlowTask<OAuth2.TokenEndpointResponse> {
        private FinishAuthTask() {
            super();
        }

        /* JADX INFO: Access modifiers changed from: protected */
        @Override // com.salesforce.androidsdk.ui.OAuthWebviewHelper.BaseFinishAuthFlowTask
        public OAuth2.TokenEndpointResponse performRequest(OAuth2.TokenEndpointResponse tokenEndpointResponse) throws Exception {
            try {
                this.id = OAuth2.callIdentityService(HttpAccess.DEFAULT, tokenEndpointResponse.idUrlWithInstance, tokenEndpointResponse.authToken);
            } catch (Exception e) {
                this.backgroundException = e;
            }
            return tokenEndpointResponse;
        }
    }

    /* loaded from: classes.dex */
    public interface OAuthWebviewHelperEvents {
        void finish();

        void loadingLoginPage(String str);

        void onAccountAuthenticatorResult(Bundle bundle);

        void onIndeterminateProgress(boolean z);

        void onLoadingProgress(int i);
    }

    static {
        $assertionsDisabled = !OAuthWebviewHelper.class.desiredAssertionStatus();
    }

    public OAuthWebviewHelper(Activity activity, OAuthWebviewHelperEvents oAuthWebviewHelperEvents, ClientManager.LoginOptions loginOptions, WebView webView, Bundle bundle) {
        if (!$assertionsDisabled && (loginOptions == null || oAuthWebviewHelperEvents == null || webView == null || activity == null)) {
            throw new AssertionError();
        }
        this.activity = activity;
        this.callback = oAuthWebviewHelperEvents;
        this.loginOptions = loginOptions;
        this.webview = webView;
        webView.getSettings().setJavaScriptEnabled(true);
        webView.setWebViewClient(makeWebViewClient());
        webView.setWebChromeClient(makeWebChromeClient());
        if (bundle == null) {
            clearCookies();
        } else {
            webView.restoreState(bundle);
            this.accountOptions = AccountOptions.fromBundle(bundle.getBundle(ACCOUNT_OPTIONS));
        }
    }

    @Deprecated
    public OAuthWebviewHelper(OAuthWebviewHelperEvents oAuthWebviewHelperEvents, ClientManager.LoginOptions loginOptions, WebView webView, Bundle bundle) {
        this(new LoginActivity(), oAuthWebviewHelperEvents, loginOptions, webView, bundle);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void addAccount() {
        ClientManager clientManager = new ClientManager(getContext(), SalesforceSDKManager.getInstance().getAccountType(), this.loginOptions, SalesforceSDKManager.getInstance().shouldLogoutWhenTokenRevoked());
        String buildAccountName = buildAccountName(this.accountOptions.username, this.accountOptions.instanceUrl);
        Bundle createNewAccount = clientManager.createNewAccount(buildAccountName, this.accountOptions.username, this.accountOptions.refreshToken, this.accountOptions.authToken, this.accountOptions.instanceUrl, this.loginOptions.loginUrl, this.accountOptions.identityUrl, getOAuthClientId(), this.accountOptions.orgId, this.accountOptions.userId, this.loginOptions.passcodeHash, this.loginOptions.clientSecret, this.accountOptions.communityId, this.accountOptions.communityUrl);
        Context appContext = SalesforceSDKManager.getInstance().getAppContext();
        if (!TextUtils.isEmpty(BootConfig.getBootConfig(appContext).getPushNotificationClientId())) {
            PushMessaging.register(appContext, new UserAccount(this.accountOptions.authToken, this.accountOptions.refreshToken, this.loginOptions.loginUrl, this.accountOptions.identityUrl, this.accountOptions.instanceUrl, this.accountOptions.orgId, this.accountOptions.userId, this.accountOptions.username, buildAccountName, this.loginOptions.clientSecret, this.accountOptions.communityId, this.accountOptions.communityUrl));
        }
        this.callback.onAccountAuthenticatorResult(createNewAccount);
    }

    @Override // android.security.KeyChainAliasCallback
    public void alias(String str) {
        try {
            this.certChain = KeyChain.getCertificateChain(this.activity, str);
            this.key = KeyChain.getPrivateKey(this.activity, str);
            this.activity.runOnUiThread(new Runnable() { // from class: com.salesforce.androidsdk.ui.OAuthWebviewHelper.3
                @Override // java.lang.Runnable
                public void run() {
                    OAuthWebviewHelper.this.loadLoginPage();
                }
            });
        } catch (KeyChainException e) {
            e.printStackTrace();
        } catch (InterruptedException e2) {
            e2.printStackTrace();
        }
    }

    protected String buildAccountName(String str, String str2) {
        return String.format("%s (%s) (%s)", str, str2, SalesforceSDKManager.getInstance().getApplicationName());
    }

    public void clearCookies() {
        SalesforceSDKManager.getInstance().removeAllCookies();
    }

    public void clearView() {
        this.webview.loadUrl("about:blank");
    }

    protected String getAuthorizationDisplayType() {
        return getContext().getString(R.string.oauth_display_type);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public URI getAuthorizationUrl() throws URISyntaxException {
        return OAuth2.getAuthorizationUrl(new URI(this.loginOptions.loginUrl), getOAuthClientId(), this.loginOptions.oauthCallbackUrl, this.loginOptions.oauthScopes, null, getAuthorizationDisplayType());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Context getContext() {
        return this.webview.getContext();
    }

    protected String getLoginUrl() {
        return SalesforceSDKManager.getInstance().getLoginServerManager().getSelectedLoginServer().url.trim();
    }

    protected String getOAuthClientId() {
        return this.loginOptions.oauthClientId;
    }

    public WebView getWebView() {
        return this.webview;
    }

    public void loadLoginPage() {
        this.loginOptions.loginUrl = getLoginUrl();
        try {
            URI authorizationUrl = getAuthorizationUrl();
            this.callback.loadingLoginPage(this.loginOptions.loginUrl);
            this.webview.loadUrl(authorizationUrl.toString());
        } catch (URISyntaxException e) {
            showError(e);
        }
    }

    protected WebChromeClient makeWebChromeClient() {
        return new AuthWebChromeClient();
    }

    protected WebViewClient makeWebViewClient() {
        return new AuthWebViewClient();
    }

    protected void onAuthFlowComplete(OAuth2.TokenEndpointResponse tokenEndpointResponse) {
        new FinishAuthTask().execute(new OAuth2.TokenEndpointResponse[]{tokenEndpointResponse});
    }

    protected void onAuthFlowError(String str, String str2) {
        Log.w("LoginActivity:onAuthFlowError", str + ":" + str2);
        if ("access_denied".equals(str) && "end-user denied authorization".equals(str2)) {
            this.webview.post(new Runnable() { // from class: com.salesforce.androidsdk.ui.OAuthWebviewHelper.1
                @Override // java.lang.Runnable
                public void run() {
                    OAuthWebviewHelper.this.clearCookies();
                    OAuthWebviewHelper.this.loadLoginPage();
                }
            });
            return;
        }
        Toast makeText = Toast.makeText(this.webview.getContext(), str + " : " + str2, 1);
        this.webview.postDelayed(new Runnable() { // from class: com.salesforce.androidsdk.ui.OAuthWebviewHelper.2
            @Override // java.lang.Runnable
            public void run() {
                OAuthWebviewHelper.this.callback.finish();
            }
        }, makeText.getDuration());
        makeText.show();
    }

    public void onNewPasscode() {
        if (this.accountOptions != null) {
            this.loginOptions.passcodeHash = SalesforceSDKManager.getInstance().getPasscodeHash();
            addAccount();
            this.callback.finish();
        }
    }

    public void saveState(Bundle bundle) {
        this.webview.saveState(bundle);
        if (this.accountOptions != null) {
            bundle.putBundle(ACCOUNT_OPTIONS, this.accountOptions.asBundle());
        }
    }

    protected void showError(Exception exc) {
        Toast.makeText(getContext(), getContext().getString(SalesforceSDKManager.getInstance().getSalesforceR().stringGenericError(), exc.toString()), 1).show();
    }
}
