package com.pydio.sdk.core.auth;

import com.amazonaws.http.HttpHeader;
import com.google.android.flexbox.BuildConfig;
import com.pydio.sdk.core.api.cells.ApiClient;
import com.pydio.sdk.core.api.cells.ApiException;
import com.pydio.sdk.core.api.cells.api.FrontendServiceApi;
import com.pydio.sdk.core.api.cells.model.RestFrontSessionRequest;
import com.pydio.sdk.core.api.cells.model.RestFrontSessionResponse;
import com.pydio.sdk.core.api.p8.consts.Action;
import com.pydio.sdk.core.auth.Token;
import com.pydio.sdk.core.auth.jwt.JWT;
import com.pydio.sdk.core.common.errors.SDKException;
import com.pydio.sdk.core.common.http.HttpClient;
import com.pydio.sdk.core.common.http.HttpRequest;
import com.pydio.sdk.core.model.ServerNode;
import com.pydio.sdk.core.security.Credentials;
import com.pydio.sdk.core.utils.Log;
import com.pydio.sdk.core.utils.Params;
import com.squareup.okhttp.OkHttpClient;
import java.io.IOException;
import java.text.ParseException;
import java.util.HashMap;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import org.apache.commons.codec.binary.Base64;

/* loaded from: classes.dex */
public class TokenService {
    private static TokenService instance;
    private Token.Store store;

    private TokenService() {
    }

    public static Token get(ServerNode serverNode, Credentials credentials, boolean z) throws SDKException {
        return instance.resolve(serverNode, credentials, z);
    }

    public static void init(Token.Store store) {
        TokenService tokenService = new TokenService();
        instance = tokenService;
        tokenService.store = store;
    }

    private Token loginPasswordGetToken(final ServerNode serverNode, Credentials credentials) throws SDKException {
        String password = credentials.getPassword();
        if (password == null) {
            throw new SDKException(25, new IOException("no password provided"));
        }
        ApiClient apiClient = new ApiClient();
        apiClient.setBasePath(serverNode.apiURL());
        if (serverNode.isSSLUnverified()) {
            SSLContext sslContext = serverNode.getSslContext();
            OkHttpClient httpClient = apiClient.getHttpClient();
            httpClient.setSslSocketFactory(sslContext.getSocketFactory());
            httpClient.setHostnameVerifier(new HostnameVerifier() { // from class: com.pydio.sdk.core.auth.-$$Lambda$TokenService$3JeSygN9w1dfXzww2cecYb_w2xI
                @Override // javax.net.ssl.HostnameVerifier
                public final boolean verify(String str, SSLSession sSLSession) {
                    boolean contains;
                    contains = ServerNode.this.url().contains(str);
                    return contains;
                }
            });
        }
        RestFrontSessionRequest restFrontSessionRequest = new RestFrontSessionRequest();
        restFrontSessionRequest.setClientTime(Integer.valueOf((int) System.currentTimeMillis()));
        HashMap hashMap = new HashMap();
        hashMap.put(Action.login, credentials.getLogin());
        hashMap.put("password", password);
        hashMap.put("type", "credentials");
        restFrontSessionRequest.authInfo(hashMap);
        try {
            RestFrontSessionResponse frontSession = new FrontendServiceApi(apiClient).frontSession(restFrontSessionRequest);
            String format = String.format("%s@%s", credentials.getLogin(), serverNode.url());
            Token token = new Token();
            token.subject = format;
            token.value = frontSession.getJWT();
            token.expiry = (System.currentTimeMillis() / 1000) + frontSession.getExpireTime().intValue();
            Token.Store store = this.store;
            if (store != null) {
                store.save(token);
            }
            return token;
        } catch (ApiException unused) {
            throw new SDKException(25, new IOException("no password provided"));
        }
    }

    private Token refresh(ServerNode serverNode, Token token) throws SDKException {
        Log.i("Refresh Token Service", System.currentTimeMillis() + ": refreshing token");
        OauthConfig fromJSON = OauthConfig.fromJSON(serverNode.getOIDCInfo(), BuildConfig.FLAVOR);
        HttpRequest httpRequest = new HttpRequest();
        httpRequest.setParams(Params.create("grant_type", "refresh_token").set("refresh_token", token.refreshToken));
        String str = new String(new Base64().encode((fromJSON.clientID + ":" + fromJSON.clientSecret).getBytes()));
        StringBuilder sb = new StringBuilder();
        sb.append("Basic ");
        sb.append(str);
        httpRequest.setHeaders(Params.create(HttpHeader.AUTHORIZATION, sb.toString()));
        httpRequest.setEndpoint(fromJSON.tokenEndpoint);
        httpRequest.setMethod("POST");
        try {
            try {
                String string = HttpClient.request(httpRequest).getString();
                try {
                    Token decodeOauthJWT = Token.decodeOauthJWT(string);
                    JWT parse = JWT.parse(decodeOauthJWT.idToken);
                    if (parse == null) {
                        throw new SDKException(25);
                    }
                    decodeOauthJWT.subject = String.format("%s@%s", parse.claims.name, serverNode.url());
                    decodeOauthJWT.expiry = (System.currentTimeMillis() / 1000) + decodeOauthJWT.expiry;
                    this.store.save(decodeOauthJWT);
                    return decodeOauthJWT;
                } catch (ParseException e) {
                    Log.e("Refresh Token Service", "Could not parse refreshed token: " + string + ". " + e.getLocalizedMessage());
                    throw new SDKException(25, new IOException("could not decode server response"));
                }
            } catch (IOException e2) {
                Log.e("Refresh Token Service", "Could not get response string body: " + e2.getLocalizedMessage());
                e2.printStackTrace();
                throw new SDKException(25, new IOException("refresh token failed"));
            }
        } catch (Exception e3) {
            Log.w("Token Service", " token request failed: " + e3.getLocalizedMessage());
            throw new SDKException(2);
        }
    }

    private synchronized Token resolve(ServerNode serverNode, Credentials credentials, boolean z) throws SDKException {
        Token token = this.store.get(String.format("%s@%s", credentials.getLogin(), serverNode.url()));
        if (token != null && !token.isExpired()) {
            return token;
        }
        if (!serverNode.supportsOauth() || z) {
            return loginPasswordGetToken(serverNode, credentials);
        }
        if (token == null) {
            throw new SDKException(25, new IOException("no valid token available"));
        }
        return refresh(serverNode, token);
    }
}
