package com.wps.multiwindow.ui.login.openid;

import android.content.ActivityNotFoundException;
import android.content.Context;
import android.content.Intent;
import android.text.TextUtils;
import androidx.browser.customtabs.CustomTabsIntent;
import com.kingsoft.email.EmailApplication;
import com.kingsoft.email.mail.internet.OAuthAuthenticator;
import com.kingsoft.emailcommon.utility.Utility;
import com.kingsoft.log.utils.LogUtils;
import com.kingsoft.mail.utils.ThreadPoolUtil;
import com.wps.multiwindow.ui.login.oauthview.PadGmailWebView2;
import java.util.Collections;
import java.util.concurrent.CountDownLatch;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.atomic.AtomicReference;
import net.openid.appauth.AppAuthConfiguration;
import net.openid.appauth.AuthState;
import net.openid.appauth.AuthorizationException;
import net.openid.appauth.AuthorizationRequest;
import net.openid.appauth.AuthorizationResponse;
import net.openid.appauth.AuthorizationService;
import net.openid.appauth.AuthorizationServiceConfiguration;
import net.openid.appauth.ClientAuthentication;
import net.openid.appauth.ClientSecretBasic;
import net.openid.appauth.RegistrationRequest;
import net.openid.appauth.RegistrationResponse;
import net.openid.appauth.TokenRequest;
import net.openid.appauth.TokenResponse;

/* loaded from: classes2.dex */
public class OpenIdAuthRequest {
    private static final String TAG = "OpenIdInit";
    private AuthorizationService mAuthService;
    private AuthStateManager mAuthStateManager;
    private Configuration mConfiguration;
    private Context mContext;
    private ExecutorService mExecutor;
    private AuthRequestListener mListener;
    private final AtomicReference<String> mClientId = new AtomicReference<>();
    private final AtomicReference<AuthorizationRequest> mAuthRequest = new AtomicReference<>();
    private final AtomicReference<CustomTabsIntent> mAuthIntent = new AtomicReference<>();
    private CountDownLatch mAuthIntentLatch = new CountDownLatch(1);

    public OpenIdAuthRequest(Context context, AuthRequestListener authRequestListener) {
        this.mListener = authRequestListener;
        Context applicationContext = context.getApplicationContext();
        this.mContext = applicationContext;
        this.mAuthStateManager = AuthStateManager.getInstance(applicationContext);
        this.mConfiguration = Configuration.getInstance(this.mContext);
        this.mExecutor = ThreadPoolUtil.getCommonThreadPool();
    }

    private void createAuthRequest(String str) {
        LogUtils.i(TAG, "Creating auth request for login hint: " + str, new Object[0]);
        AuthorizationRequest.Builder scope = new AuthorizationRequest.Builder(this.mAuthStateManager.getCurrent().getAuthorizationServiceConfiguration(), this.mClientId.get(), "code", this.mConfiguration.getRedirectUri()).setScope(this.mConfiguration.getScope());
        if (!TextUtils.isEmpty(str)) {
            scope.setLoginHint(str);
        }
        this.mAuthRequest.set(scope.build());
    }

    private AuthorizationService createAuthorizationService() {
        LogUtils.i(TAG, "Creating authorization service", new Object[0]);
        AppAuthConfiguration.Builder builder = new AppAuthConfiguration.Builder();
        builder.setConnectionBuilder(this.mConfiguration.getConnectionBuilder());
        return new AuthorizationService(this.mContext, builder.build());
    }

    private void displayAuthOptions() {
        AuthRequestListener authRequestListener = this.mListener;
        if (authRequestListener != null) {
            try {
                authRequestListener.onRequestSuccess(doAuth());
            } catch (ActivityNotFoundException unused) {
                this.mListener.onRequestError(PadGmailWebView2.REQUEST_FIND_BROWSER_ERROR);
                LogUtils.w(TAG, PadGmailWebView2.REQUEST_FIND_BROWSER_ERROR, new Object[0]);
            }
        }
    }

    private void displayAuthorized(TokenResponse tokenResponse) {
        String parseEmailFromIdToken = OAuthAuthenticator.parseEmailFromIdToken(tokenResponse.idToken);
        long currentTimeMillis = System.currentTimeMillis();
        OAuthAuthenticator.AuthenticationResult authenticationResult = new OAuthAuthenticator.AuthenticationResult(tokenResponse.accessToken, tokenResponse.refreshToken, (int) ((tokenResponse.accessTokenExpirationTime.longValue() - currentTimeMillis) / 1000), parseEmailFromIdToken, currentTimeMillis);
        authenticationResult.mAccountDuplicateName = Utility.findExistingAccount(EmailApplication.getInstance(), parseEmailFromIdToken, -1);
        AuthRequestListener authRequestListener = this.mListener;
        if (authRequestListener != null) {
            authRequestListener.displayAuthorized(authenticationResult);
        }
    }

    private void displayError(String str) {
        AuthRequestListener authRequestListener = this.mListener;
        if (authRequestListener != null) {
            authRequestListener.onRequestError(str);
        }
    }

    private void displayNotAuthorized(String str) {
        LogUtils.d(TAG, "displayNotAuthorized :" + str, new Object[0]);
        AuthRequestListener authRequestListener = this.mListener;
        if (authRequestListener != null) {
            authRequestListener.displayNotAuthorized(str);
        }
    }

    private Intent doAuth() {
        try {
            this.mAuthIntentLatch.await();
        } catch (InterruptedException unused) {
            LogUtils.w(TAG, "Interrupted while waiting for auth intent", new Object[0]);
        }
        CustomTabsIntent customTabsIntent = this.mAuthIntent.get();
        if (customTabsIntent != null) {
            return this.mAuthService.getAuthorizationRequestIntent(this.mAuthRequest.get(), customTabsIntent);
        }
        LogUtils.w(TAG, "doAuth tabsIntent is null", new Object[0]);
        return null;
    }

    private void exchangeAuthorizationCode(AuthorizationResponse authorizationResponse) {
        performTokenRequest(authorizationResponse.createTokenExchangeRequest(), new AuthorizationService.TokenResponseCallback() { // from class: com.wps.multiwindow.ui.login.openid.-$$Lambda$OpenIdAuthRequest$htMPpRWzEpmKfP-Lll0_RsE1sfQ
            @Override // net.openid.appauth.AuthorizationService.TokenResponseCallback
            public final void onTokenRequestCompleted(TokenResponse tokenResponse, AuthorizationException authorizationException) {
                OpenIdAuthRequest.this.handleCodeExchangeResponse(tokenResponse, authorizationException);
            }
        });
    }

    private String getLoginHint() {
        return "";
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void handleAccessTokenResponse(TokenResponse tokenResponse, AuthorizationException authorizationException) {
        this.mAuthStateManager.updateAfterTokenResponse(tokenResponse, authorizationException);
        if (authorizationException != null) {
            displayError("Authorization refresh token Code exchange failed:" + authorizationException.toString());
        } else {
            LogUtils.d(TAG, "refresh token is success", new Object[0]);
            displayAuthorized(tokenResponse);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void handleCodeExchangeResponse(TokenResponse tokenResponse, AuthorizationException authorizationException) {
        this.mAuthStateManager.updateAfterTokenResponse(tokenResponse, authorizationException);
        if (this.mAuthStateManager.getCurrent().isAuthorized()) {
            displayAuthorized(tokenResponse);
        } else {
            displayNotAuthorized("Authorization Code exchange failed" + (authorizationException != null ? authorizationException.error : ""));
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void handleConfigurationRetrievalResult(AuthorizationServiceConfiguration authorizationServiceConfiguration, AuthorizationException authorizationException) {
        if (authorizationServiceConfiguration == null) {
            LogUtils.i(TAG, "Failed to retrieve discovery document", authorizationException);
            displayError("Failed to retrieve discovery document: " + authorizationException.getMessage());
        } else {
            LogUtils.i(TAG, "Discovery document retrieved", new Object[0]);
            this.mAuthStateManager.replace(new AuthState(authorizationServiceConfiguration));
            this.mExecutor.submit(new Runnable() { // from class: com.wps.multiwindow.ui.login.openid.-$$Lambda$OpenIdAuthRequest$MTK8G8XkoMWA5e3QsCIZFhKO028
                @Override // java.lang.Runnable
                public final void run() {
                    OpenIdAuthRequest.this.initializeClient();
                }
            });
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void handleRegistrationResponse(RegistrationResponse registrationResponse, AuthorizationException authorizationException) {
        this.mAuthStateManager.updateAfterRegistration(registrationResponse, authorizationException);
        if (registrationResponse == null) {
            LogUtils.i(TAG, "Failed to dynamically register client", authorizationException);
            displayError("Failed to register client: " + authorizationException.getMessage());
        } else {
            LogUtils.i(TAG, "Dynamically registered client: " + registrationResponse.clientId, new Object[0]);
            this.mClientId.set(registrationResponse.clientId);
            initializeAuthRequest();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void initializeAuthRequest() {
        createAuthRequest(getLoginHint());
        warmUpBrowser();
        displayAuthOptions();
    }

    private void initializeAuthRequestOnMain() {
        Utility.getMainThreadHandler().post(new Runnable() { // from class: com.wps.multiwindow.ui.login.openid.-$$Lambda$OpenIdAuthRequest$ciFLbqO65qkOs3HKjKqIuyiK680
            @Override // java.lang.Runnable
            public final void run() {
                OpenIdAuthRequest.this.initializeAuthRequest();
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void initializeClient() {
        if (this.mConfiguration.getClientId() != null) {
            LogUtils.i(TAG, "Using static client ID: " + this.mConfiguration.getClientId(), new Object[0]);
            this.mClientId.set(this.mConfiguration.getClientId());
            initializeAuthRequestOnMain();
            return;
        }
        RegistrationResponse lastRegistrationResponse = this.mAuthStateManager.getCurrent().getLastRegistrationResponse();
        if (lastRegistrationResponse != null) {
            LogUtils.i(TAG, "Using dynamic client ID: " + lastRegistrationResponse.clientId, new Object[0]);
            this.mClientId.set(lastRegistrationResponse.clientId);
            initializeAuthRequestOnMain();
        } else {
            LogUtils.i(TAG, "Dynamically registering client", new Object[0]);
            this.mAuthService.performRegistrationRequest(new RegistrationRequest.Builder(this.mAuthStateManager.getCurrent().getAuthorizationServiceConfiguration(), Collections.singletonList(this.mConfiguration.getRedirectUri())).setTokenEndpointAuthenticationMethod(ClientSecretBasic.NAME).build(), new AuthorizationService.RegistrationResponseCallback() { // from class: com.wps.multiwindow.ui.login.openid.-$$Lambda$OpenIdAuthRequest$GCrSv50iOe1KozqT437g_qZ9F1o
                @Override // net.openid.appauth.AuthorizationService.RegistrationResponseCallback
                public final void onRegistrationRequestCompleted(RegistrationResponse registrationResponse, AuthorizationException authorizationException) {
                    OpenIdAuthRequest.this.handleRegistrationResponse(registrationResponse, authorizationException);
                }
            });
        }
    }

    private void performTokenRequest(TokenRequest tokenRequest, AuthorizationService.TokenResponseCallback tokenResponseCallback) {
        try {
            ClientAuthentication clientAuthentication = this.mAuthStateManager.getCurrent().getClientAuthentication();
            if (this.mAuthService == null) {
                recreateAuthorizationService();
            }
            this.mAuthService.performTokenRequest(tokenRequest, clientAuthentication, tokenResponseCallback);
        } catch (ClientAuthentication.UnsupportedAuthenticationMethod e) {
            LogUtils.d(TAG, "Token request cannot be made, client authentication for the token endpoint could not be constructed (%s)", e);
            displayNotAuthorized("Client authentication method is unsupported");
        }
    }

    private void recreateAuthorizationService() {
        if (this.mAuthService != null) {
            LogUtils.i(TAG, "Discarding existing AuthService instance", new Object[0]);
            this.mAuthService.dispose();
        }
        this.mAuthService = createAuthorizationService();
        this.mAuthRequest.set(null);
        this.mAuthIntent.set(null);
    }

    private void warmUpBrowser() {
        this.mAuthIntentLatch = new CountDownLatch(1);
        this.mExecutor.execute(new Runnable() { // from class: com.wps.multiwindow.ui.login.openid.-$$Lambda$OpenIdAuthRequest$Wsh_4OMvHS2b87qnlZvkqKx66Fo
            @Override // java.lang.Runnable
            public final void run() {
                OpenIdAuthRequest.this.lambda$warmUpBrowser$0$OpenIdAuthRequest();
            }
        });
    }

    public void handleAuthorizationComplete(Intent intent) {
        if (intent == null) {
            displayNotAuthorized("Authorization flow failed: intent is null");
            return;
        }
        AuthorizationResponse fromIntent = AuthorizationResponse.fromIntent(intent);
        AuthorizationException fromIntent2 = AuthorizationException.fromIntent(intent);
        if (fromIntent != null || fromIntent2 != null) {
            this.mAuthStateManager.updateAfterAuthorization(fromIntent, fromIntent2);
        }
        if (fromIntent != null && fromIntent.authorizationCode != null) {
            this.mAuthStateManager.updateAfterAuthorization(fromIntent, fromIntent2);
            exchangeAuthorizationCode(fromIntent);
        } else if (fromIntent2 != null) {
            displayNotAuthorized("Authorization flow failed: " + fromIntent2.getMessage());
        } else {
            displayNotAuthorized("No authorization state retained - reauthorization required");
        }
    }

    public void initializeAppAuth() {
        if (this.mAuthStateManager.getCurrent().isAuthorized() && !this.mConfiguration.hasConfigurationChanged()) {
            LogUtils.i(TAG, "User is already authenticated, proceeding to token activity", new Object[0]);
            return;
        }
        recreateAuthorizationService();
        if (this.mAuthStateManager.getCurrent().getAuthorizationServiceConfiguration() != null) {
            LogUtils.i(TAG, "auth config already established", new Object[0]);
            initializeClient();
        } else if (this.mConfiguration.getDiscoveryUri() != null) {
            LogUtils.i(TAG, "Retrieving OpenID discovery doc", new Object[0]);
            AuthorizationServiceConfiguration.fetchFromUrl(this.mConfiguration.getDiscoveryUri(), new AuthorizationServiceConfiguration.RetrieveConfigurationCallback() { // from class: com.wps.multiwindow.ui.login.openid.-$$Lambda$OpenIdAuthRequest$GoqS_XjBabuCzkOje7o7jVjL-Pw
                @Override // net.openid.appauth.AuthorizationServiceConfiguration.RetrieveConfigurationCallback
                public final void onFetchConfigurationCompleted(AuthorizationServiceConfiguration authorizationServiceConfiguration, AuthorizationException authorizationException) {
                    OpenIdAuthRequest.this.handleConfigurationRetrievalResult(authorizationServiceConfiguration, authorizationException);
                }
            }, this.mConfiguration.getConnectionBuilder());
        } else {
            LogUtils.i(TAG, "Creating auth config from res/raw/auth_config.json", new Object[0]);
            this.mAuthStateManager.replace(new AuthState(new AuthorizationServiceConfiguration(this.mConfiguration.getAuthEndpointUri(), this.mConfiguration.getTokenEndpointUri(), this.mConfiguration.getRegistrationEndpointUri(), this.mConfiguration.getEndSessionEndpoint())));
            initializeClient();
        }
    }

    public /* synthetic */ void lambda$warmUpBrowser$0$OpenIdAuthRequest() {
        LogUtils.i(TAG, "Warming up browser instance for auth request", new Object[0]);
        if (this.mAuthService.isDisposed()) {
            this.mAuthIntent.set(null);
        } else {
            this.mAuthIntent.set(this.mAuthService.createCustomTabsIntentBuilder(this.mAuthRequest.get().toUri()).build());
        }
        this.mAuthIntentLatch.countDown();
    }

    public void onDestroy() {
        this.mListener = null;
        AuthorizationService authorizationService = this.mAuthService;
        if (authorizationService != null) {
            authorizationService.dispose();
        }
    }

    public void refreshAccessToken() {
        AuthState current = this.mAuthStateManager.getCurrent();
        if (current.getRefreshToken() == null) {
            displayNotAuthorized("Refresh token is null");
        } else {
            performTokenRequest(current.createTokenRefreshRequest(), new AuthorizationService.TokenResponseCallback() { // from class: com.wps.multiwindow.ui.login.openid.-$$Lambda$OpenIdAuthRequest$Tg0iEMJ38ySTKbQRvohFxS89bAQ
                @Override // net.openid.appauth.AuthorizationService.TokenResponseCallback
                public final void onTokenRequestCompleted(TokenResponse tokenResponse, AuthorizationException authorizationException) {
                    OpenIdAuthRequest.this.handleAccessTokenResponse(tokenResponse, authorizationException);
                }
            });
        }
    }
}
