package com.couchbase.lite.auth;

import com.couchbase.lite.CouchbaseLiteException;
import com.couchbase.lite.Status;
import com.couchbase.lite.auth.LoginAuthorizer;
import com.couchbase.lite.replicator.RemoteRequestResponseException;
import com.couchbase.lite.util.Log;
import com.couchbase.lite.util.URIUtils;
import com.couchbase.lite.util.URLUtils;
import e.A;
import e.J;
import java.io.UnsupportedEncodingException;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Locale;
import java.util.Map;

/* loaded from: classes.dex */
public class OpenIDConnectAuthorizer extends BaseAuthorizer implements CustomHeadersAuthorizer, SessionCookieAuthorizer {
    private static final String TAG = "Sync";
    protected String IDToken;
    protected URL authURL;
    protected boolean haveSessionCookie;
    protected OIDCLoginCallback loginCallback;
    protected String refreshToken;
    protected TokenStore tokenStore;
    private String username;

    public OpenIDConnectAuthorizer(OIDCLoginCallback oIDCLoginCallback, TokenStore tokenStore) {
        this.loginCallback = oIDCLoginCallback;
        this.tokenStore = tokenStore;
    }

    private void continueAsyncLoginWithURL(URL url, LoginAuthorizer.ContinuationBlock continuationBlock) {
        Log.v("Sync", "OpenIDConnectAuthorizer: Calling app login callback block...");
        URL remoteURL = getRemoteURL();
        URL extractRedirectURL = extractRedirectURL(url);
        OIDCLoginCallback oIDCLoginCallback = this.loginCallback;
        if (oIDCLoginCallback != null) {
            oIDCLoginCallback.callback(url, extractRedirectURL, new a(this, remoteURL, continuationBlock));
        }
    }

    private static URL extractRedirectURL(URL url) {
        try {
            Map<String, List<String>> splitQuery = URLUtils.splitQuery(url);
            if (!splitQuery.containsKey("redirect_uri") || splitQuery.get("redirect_uri").size() <= 0) {
                return null;
            }
            try {
                return new URL(splitQuery.get("redirect_uri").get(0));
            } catch (MalformedURLException e2) {
                Log.w("Sync", "Invalid URL: redirect_uri=<%s>", e2, splitQuery.get("redirect_uri").get(0));
                return null;
            }
        } catch (UnsupportedEncodingException e3) {
            Log.w("Sync", "Invalid URL: loginURL=<%s>", e3, url);
            return null;
        }
    }

    public static boolean forgetIDTokensForServer(URL url, TokenStore tokenStore) {
        OpenIDConnectAuthorizer openIDConnectAuthorizer = new OpenIDConnectAuthorizer(null, tokenStore);
        openIDConnectAuthorizer.setRemoteURL(url);
        return openIDConnectAuthorizer.deleteTokens();
    }

    private boolean parseTokens(Map<String, String> map) {
        if (map == null) {
            return false;
        }
        String str = map.get("id_token");
        if (str == null) {
            Log.v("Sync", "OpenIDConnectAuthorizer: the parsed token doesn't have the ID Token");
            return false;
        }
        this.IDToken = str;
        this.refreshToken = map.get("refresh_token");
        this.username = map.get("name");
        this.haveSessionCookie = map.containsKey("session_id");
        return true;
    }

    @Override // com.couchbase.lite.auth.CustomHeadersAuthorizer
    public boolean authorizeURLRequest(J.a aVar) {
        loadTokens();
        String str = this.IDToken;
        if (str == null || this.haveSessionCookie) {
            return false;
        }
        aVar.a("Authorization", String.format(Locale.ENGLISH, "Bearer ", str));
        return true;
    }

    boolean deleteTokens() {
        TokenStore tokenStore = this.tokenStore;
        if (tokenStore == null) {
            return false;
        }
        return tokenStore.deleteTokens(getRemoteURL(), getLocalUUID());
    }

    public String getIDToken() {
        return this.IDToken;
    }

    public String getRefreshToken() {
        return this.refreshToken;
    }

    public TokenStore getTokenStore() {
        return this.tokenStore;
    }

    @Override // com.couchbase.lite.auth.BaseAuthorizer, com.couchbase.lite.auth.Authorizer
    public String getUsername() {
        return this.username;
    }

    @Override // com.couchbase.lite.auth.LoginAuthorizer
    public boolean implementedLoginResponse() {
        return true;
    }

    boolean loadTokens() {
        TokenStore tokenStore = this.tokenStore;
        if (tokenStore == null) {
            return false;
        }
        try {
            return parseTokens(tokenStore.loadTokens(getRemoteURL(), getLocalUUID()));
        } catch (Exception e2) {
            Log.w("Sync", "Error in loadTokens()", e2);
            return false;
        }
    }

    @Override // com.couchbase.lite.auth.LoginAuthorizer
    public List<Object> loginRequest() {
        String format;
        loadTokens();
        this.IDToken = null;
        this.haveSessionCookie = false;
        String str = this.refreshToken;
        if (str != null) {
            format = String.format(Locale.ENGLISH, "_oidc_refresh?refresh_token=%s", URIUtils.encode(str));
        } else {
            URL url = this.authURL;
            format = url != null ? String.format(Locale.ENGLISH, "_oidc_callback?%s", url.getQuery()) : "_oidc_challenge?offline=true";
        }
        return Arrays.asList("GET", format);
    }

    @Override // com.couchbase.lite.auth.LoginAuthorizer
    public void loginResponse(Object obj, A a2, Throwable th, LoginAuthorizer.ContinuationBlock continuationBlock) {
        if (th != null && (!(th instanceof RemoteRequestResponseException) || ((RemoteRequestResponseException) th).getCode() != 401)) {
            continuationBlock.call(false, th);
            return;
        }
        String str = null;
        if (this.refreshToken == null && this.authURL == null) {
            RemoteRequestResponseException remoteRequestResponseException = (RemoteRequestResponseException) th;
            Map map = remoteRequestResponseException.getUserInfo() != null ? (Map) remoteRequestResponseException.getUserInfo().get("AuthChallenge") : null;
            if (map != null && "OIDC".equals(map.get("Scheme"))) {
                str = (String) map.get("login");
            }
            if (str != null) {
                Log.v("Sync", "OpenIDConnectAuthorizer: Got OpenID Connect login URL: <%s>", str);
                try {
                    continueAsyncLoginWithURL(new URL(str), continuationBlock);
                    return;
                } catch (MalformedURLException e2) {
                    Log.e("Sync", "Unknown Error", e2);
                    th = new CouchbaseLiteException(-1);
                }
            } else {
                th = new CouchbaseLiteException("Server didn't provide an OpenID login URL", Status.UPSTREAM_ERROR);
            }
        } else if (th != null) {
            this.authURL = null;
            if (this.refreshToken != null) {
                this.refreshToken = null;
                this.username = null;
                deleteTokens();
                continuationBlock.call(true, null);
            }
        } else {
            Map<String, String> map2 = (Map) obj;
            if (this.refreshToken != null && map2.get("refresh_token") == null) {
                HashMap hashMap = new HashMap(map2);
                hashMap.put("refresh_token", this.refreshToken);
                map2 = hashMap;
            }
            if (parseTokens(map2)) {
                Log.v("Sync", "%s: Logged in as %s !", getClass().getName(), this.username);
                saveTokens(map2);
            } else {
                th = new CouchbaseLiteException("Server didn't return a refreshed ID token", Status.UPSTREAM_ERROR);
            }
        }
        continuationBlock.call(false, th);
    }

    @Override // com.couchbase.lite.auth.BaseAuthorizer, com.couchbase.lite.auth.Authorizer
    public boolean removeStoredCredentials() {
        if (!deleteTokens()) {
            return false;
        }
        this.IDToken = null;
        this.refreshToken = null;
        this.haveSessionCookie = false;
        this.authURL = null;
        return true;
    }

    boolean saveTokens(Map<String, String> map) {
        TokenStore tokenStore = this.tokenStore;
        if (tokenStore == null) {
            return false;
        }
        return tokenStore.saveTokens(getRemoteURL(), getLocalUUID(), map);
    }

    public void setIDToken(String str) {
        this.IDToken = str;
    }

    public void setRefreshToken(String str) {
        this.refreshToken = str;
    }

    public void setTokenStore(TokenStore tokenStore) {
        this.tokenStore = tokenStore;
    }

    public void setUsername(String str) {
        this.username = str;
    }

    public String toString() {
        return String.format(Locale.ENGLISH, "OpenIDConnectAuthorizer[%s]", getRemoteURL());
    }
}
