package com.worklight.wlclient;

import android.os.Build;
import com.worklight.common.Logger;
import com.worklight.common.WLConfig;
import com.worklight.common.security.WLDeviceAuthManager;
import com.worklight.common.security.WLOAuthCertManager;
import com.worklight.nativeandroid.common.WLUtils;
import com.worklight.utils.Base64;
import com.worklight.wlclient.api.WLAuthorizationException;
import com.worklight.wlclient.api.WLAuthorizationPersistencePolicy;
import com.worklight.wlclient.api.WLClient;
import com.worklight.wlclient.api.WLErrorCode;
import com.worklight.wlclient.api.WLFailResponse;
import com.worklight.wlclient.api.WLRequestOptions;
import com.worklight.wlclient.api.WLResponse;
import com.worklight.wlclient.api.WLResponseListener;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.net.URLConnection;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.UnrecoverableEntryException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.UUID;
import java.util.regex.Pattern;
import org.apache.http.Header;
import org.apache.http.HttpRequest;
import org.apache.http.HttpResponse;
import org.apache.http.client.methods.HttpUriRequest;
import org.json.JSONException;
import org.json.JSONObject;
import org.npci.upi.security.pinactivitycomponent.CLConstants;

/* loaded from: classes6.dex */
public class WLAuthorizationManagerInternal {
    private static final String AUTHORIZATION_HEADER = "Authorization";
    private static final String BEARER = "Bearer";
    private static final String CLIENT_ID_HEADER = "X-WL-ClientId";
    private static final String CLIENT_ID_OAUTH_LABEL = "com.worklight.oauth.clientid";
    private static final String INSTANCE_REG_PATH = "clients/instance";
    private static final String JSON_ACCESS_TOKEN_KEY = "access_token";
    private static final String JSON_APPLICATION_ID_KEY = "applicationId";
    private static final String JSON_APPLICATION_VERSION_KEY = "applicationVersion";
    private static final String JSON_CERTIFICATE_KEY = "certificate";
    private static final String JSON_DEVICE_ID_KEY = "deviceId";
    private static final String JSON_ENVIRONMENT_KEY = "environment";
    private static final String JSON_ERROR_DESCRIPTION_KEY = "error_description";
    private static final String JSON_ERROR_KEY = "error";
    private static final String JSON_ID_TOKEN_KEY = "id_token";
    private static final String JSON_MODEL_KEY = "deviceModel";
    private static final String JSON_OS_KEY = "deviceOs";
    private static final String LOCATION = "location";
    private static final String LOCATION_HEADER = "Location";
    private static final String OAUTH_ACCESS_TOKEN_LABEL = "com.worklight.oauth.accesstoken";
    private static final String OAUTH_AUTHORIZATION_PATH = "authorization";
    private static final String OAUTH_ID_TOKEN_LABEL = "com.worklight.oauth.idtoken";
    private static final String OAUTH_PREVENT_REDIRECT = "wl-oauth-prevent-redirect";
    private static final int OAUTH_REDIRECT_STATUS = 222;
    private static final String OAUTH_TOKEN_PATH = "token";
    private static final String PARAM_AUTHORIZATION_CODE_VALUE = "authorization_code";
    private static final String PARAM_CLIENT_ID_KEY = "client_id";
    private static final String PARAM_CODE_KEY = "code";
    private static final String PARAM_CODE_VALUE = "code";
    private static final String PARAM_CSR_KEY = "CSR";
    private static final String PARAM_GRANT_TYPE_KEY = "grant_type";
    private static final String PARAM_REDIRECT_URI_KEY = "redirect_uri";
    private static final String PARAM_REDIRECT_URI_VALUE = "http://mfpredirecturi";
    private static final String PARAM_RESPONSE_TYPE_KEY = "response_type";
    private static final String PARAM_SCOPE_KEY = "scope";
    private static final String PROVISIONING_ENTITY_FOR_KEYS = "WLAuthorizationManagerProvisioningEntity";
    private static final String REALM_IMF_AUTHENTICATION = "realm=\"imfAuthentication\"";
    private static final String SIGNED_CLIENT_ID_HEADER = "X-WL-S-ClientID";
    private static final String SIGNED_CLIENT_ID_JWS_KEY = "clientId";
    private static final String TOKEN_PERSISTENCE_POLICY = "com.worklight.oauth.token.persistence.policy";
    private static final String UNAUTHORIZED_CLIENT_ERROR = "unauthorized_client";
    private static final String UNKNOWN_CLIENT_ERROR_DESCRIPTION = "Unknown client";
    private static final String WL_RESULT = "wl_result";
    private static final String WL_X_SESSION_ID_HEADER = "X-WL-Session";
    private static final String WWW_AUTHENTICATE_HEADER = "WWW-Authenticate";
    private static final String X_WL_AUTHENTICATE_HEADER = "X-WL-Authenticate";
    private String accessToken;
    private boolean authorizationInProgress;
    private HashMap<String, ArrayList<WLResponseListener>> authorizationQueue;
    private String idToken;
    private WLAuthorizationPersistencePolicy persistencePolicy;
    private ArrayList<WLResponseListener> registrationQueue;
    private String wlSessionID;
    private static Logger logger = Logger.I(WLAuthorizationManagerInternal.class.getSimpleName());
    private static WLAuthorizationManagerInternal instance = null;
    private String clientId = null;
    private boolean shouldCallRegistrationAfterUnknowClientError = true;

    private WLAuthorizationManagerInternal() {
        String w = WLConfig.k().w(TOKEN_PERSISTENCE_POLICY);
        if (w != null) {
            this.persistencePolicy = WLAuthorizationPersistencePolicy.valueOf(w);
        } else {
            this.persistencePolicy = WLAuthorizationPersistencePolicy.ALWAYS;
        }
        this.registrationQueue = new ArrayList<>();
        this.authorizationQueue = new HashMap<>();
        this.authorizationInProgress = false;
        addNewSessionGlobalHeader();
    }

    private void abortAuthorization(WLFailResponse wLFailResponse) {
        Iterator<String> it = this.authorizationQueue.keySet().iterator();
        while (it.hasNext()) {
            Iterator<WLResponseListener> it2 = this.authorizationQueue.get(it.next()).iterator();
            while (it2.hasNext()) {
                it2.next().onFailure(wLFailResponse);
            }
        }
        this.authorizationQueue.clear();
        this.authorizationInProgress = false;
    }

    private void addNewSessionGlobalHeader() {
        if (AsynchronousRequestSender.getInstance().getGlobalHeaders().keySet().contains(WL_X_SESSION_ID_HEADER)) {
            return;
        }
        this.wlSessionID = UUID.randomUUID().toString();
        WLClient.getInstance().addGlobalHeader(WL_X_SESSION_ID_HEADER, this.wlSessionID);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void addToAuthorizationQueue(String str, WLResponseListener wLResponseListener) {
        if (str == null) {
            str = "";
        }
        ArrayList<WLResponseListener> arrayList = this.authorizationQueue.get(str);
        if (arrayList == null) {
            arrayList = new ArrayList<>();
            this.authorizationQueue.put(str, arrayList);
        }
        arrayList.add(wLResponseListener);
    }

    private void clearPersistedToken() {
        persistToken(null, null);
    }

    private X509Certificate createCertificateFromString(String str) throws CertificateException, IOException {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(Base64.a(str.getBytes()));
        X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(byteArrayInputStream);
        byteArrayInputStream.close();
        return x509Certificate;
    }

    private String getAccessToken() {
        if (this.accessToken == null && this.persistencePolicy == WLAuthorizationPersistencePolicy.ALWAYS) {
            this.accessToken = WLConfig.k().w(OAUTH_ACCESS_TOKEN_LABEL);
        }
        return this.accessToken;
    }

    private Header[] getAuthenticationHeaders(HttpResponse httpResponse) {
        return httpResponse.getHeaders("WWW-Authenticate");
    }

    private HashMap<String, Object> getAuthorizationsParams(String str) {
        HashMap<String, Object> hashMap = new HashMap<>();
        hashMap.put(PARAM_RESPONSE_TYPE_KEY, CLConstants.FIELD_CODE);
        hashMap.put(PARAM_CLIENT_ID_KEY, getClientId());
        hashMap.put(PARAM_REDIRECT_URI_KEY, PARAM_REDIRECT_URI_VALUE);
        hashMap.put(PARAM_SCOPE_KEY, str);
        return hashMap;
    }

    private String getIdToken() {
        if (this.idToken == null && this.persistencePolicy == WLAuthorizationPersistencePolicy.ALWAYS) {
            this.idToken = WLConfig.k().w(OAUTH_ID_TOKEN_LABEL);
        }
        return this.idToken;
    }

    private JSONObject getIdTokenJSON() {
        if (getIdToken() != null) {
            try {
                return new JSONObject(new String(android.util.Base64.decode(this.idToken.split("\\.")[1], 0)));
            } catch (JSONException unused) {
            }
        }
        return null;
    }

    public static synchronized WLAuthorizationManagerInternal getInstance() {
        WLAuthorizationManagerInternal wLAuthorizationManagerInternal;
        synchronized (WLAuthorizationManagerInternal.class) {
            if (instance == null) {
                instance = new WLAuthorizationManagerInternal();
            }
            wLAuthorizationManagerInternal = instance;
        }
        return wLAuthorizationManagerInternal;
    }

    private String getNextScopeToObtain() {
        String str = "";
        for (String str2 : this.authorizationQueue.keySet()) {
            if (str2.length() > str.length()) {
                str = str2;
            }
        }
        return str;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void invokeAuthorizationRequest(final String str) {
        sendRequest(OAUTH_AUTHORIZATION_PATH, getAuthorizationsParams(str), null, RequestMethod.GET, new WLResponseListener() { // from class: com.worklight.wlclient.WLAuthorizationManagerInternal.5
            @Override // com.worklight.wlclient.api.WLResponseListener
            public void onFailure(WLFailResponse wLFailResponse) {
                WLAuthorizationManagerInternal.this.onAuthFailure(str, wLFailResponse);
            }

            @Override // com.worklight.wlclient.api.WLResponseListener
            public void onSuccess(WLResponse wLResponse) {
                Header header = wLResponse.getHeader("location");
                if (header == null) {
                    WLAuthorizationManagerInternal.this.onAuthFailure(str, new WLFailResponse(wLResponse));
                    return;
                }
                String str2 = WLUtils.i(header.getValue()).get(CLConstants.FIELD_CODE);
                if (str2 == null) {
                    WLAuthorizationManagerInternal.this.onAuthFailure(str, new WLFailResponse(wLResponse));
                } else {
                    WLAuthorizationManagerInternal.this.invokeTokenRequest(str2, new WLResponseListener() { // from class: com.worklight.wlclient.WLAuthorizationManagerInternal.5.1
                        @Override // com.worklight.wlclient.api.WLResponseListener
                        public void onFailure(WLFailResponse wLFailResponse) {
                            AnonymousClass5 anonymousClass5 = AnonymousClass5.this;
                            WLAuthorizationManagerInternal.this.onAuthFailure(str, wLFailResponse);
                        }

                        @Override // com.worklight.wlclient.api.WLResponseListener
                        public void onSuccess(WLResponse wLResponse2) {
                            try {
                                WLAuthorizationManagerInternal.this.onTokenSuccess(wLResponse2);
                            } catch (JSONException unused) {
                                onFailure(new WLFailResponse(wLResponse2));
                            }
                        }
                    });
                }
            }
        });
    }

    private void invokeInstanceRegistrationRequest(WLResponseListener wLResponseListener) {
        this.registrationQueue.add(wLResponseListener);
        invokeRegistrationRequest();
    }

    private synchronized void invokeInstanceRegistrationRequest(final String str, final WLResponseListener wLResponseListener) {
        invokeInstanceRegistrationRequest(new WLResponseListener() { // from class: com.worklight.wlclient.WLAuthorizationManagerInternal.1
            @Override // com.worklight.wlclient.api.WLResponseListener
            public void onFailure(WLFailResponse wLFailResponse) {
                wLResponseListener.onFailure(wLFailResponse);
            }

            @Override // com.worklight.wlclient.api.WLResponseListener
            public void onSuccess(WLResponse wLResponse) {
                WLAuthorizationManagerInternal.this.addToAuthorizationQueue(str, wLResponseListener);
                WLAuthorizationManagerInternal.this.invokeAuthorizationRequest(str);
            }
        });
    }

    private void invokeNextAuthorizationRequest() {
        if (this.authorizationQueue.isEmpty()) {
            this.authorizationInProgress = false;
        } else {
            invokeAuthorizationRequest(getNextScopeToObtain());
        }
    }

    private void invokeRegistrationRequest() {
        if (this.registrationQueue.size() == 1) {
            JSONObject jSONObject = new JSONObject();
            try {
                jSONObject.put("deviceId", WLDeviceAuthManager.q().p(WLClient.getInstance().getContext()));
                jSONObject.put(JSON_OS_KEY, "" + Build.VERSION.RELEASE);
                jSONObject.put(JSON_MODEL_KEY, Build.MODEL);
                jSONObject.put("applicationId", WLConfig.k().b());
                jSONObject.put(JSON_APPLICATION_VERSION_KEY, WLConfig.k().d());
                jSONObject.put(JSON_ENVIRONMENT_KEY, WLConfig.k().t());
                WLOAuthCertManager.s().q();
                String u = WLOAuthCertManager.s().u(jSONObject);
                HashMap<String, Object> hashMap = new HashMap<>();
                hashMap.put(PARAM_CSR_KEY, u);
                sendRequest(INSTANCE_REG_PATH, hashMap, null, RequestMethod.POST, new WLResponseListener() { // from class: com.worklight.wlclient.WLAuthorizationManagerInternal.3
                    @Override // com.worklight.wlclient.api.WLResponseListener
                    public void onFailure(WLFailResponse wLFailResponse) {
                        synchronized (WLAuthorizationManagerInternal.this) {
                            WLAuthorizationManagerInternal.this.onRegistrationFailure(wLFailResponse);
                            Iterator it = WLAuthorizationManagerInternal.this.registrationQueue.iterator();
                            while (it.hasNext()) {
                                ((WLResponseListener) it.next()).onFailure(wLFailResponse);
                            }
                            WLAuthorizationManagerInternal.this.registrationQueue.clear();
                        }
                    }

                    @Override // com.worklight.wlclient.api.WLResponseListener
                    public void onSuccess(WLResponse wLResponse) {
                        synchronized (WLAuthorizationManagerInternal.this) {
                            try {
                                WLAuthorizationManagerInternal.this.onRegistrationSuccess(wLResponse);
                            } catch (Exception e) {
                                WLAuthorizationManagerInternal.logger.B("Unable to finish client instance registration process. ", e);
                                onFailure(new WLFailResponse(WLErrorCode.AUTHORIZATION_FAILURE, e.getMessage(), null));
                            }
                            Iterator it = WLAuthorizationManagerInternal.this.registrationQueue.iterator();
                            while (it.hasNext()) {
                                ((WLResponseListener) it.next()).onSuccess(wLResponse);
                            }
                            WLAuthorizationManagerInternal.this.registrationQueue.clear();
                        }
                    }
                });
            } catch (NoSuchAlgorithmException e) {
                throw new Error(e);
            } catch (JSONException e2) {
                throw new Error(e2);
            } catch (Exception e3) {
                throw new Error(e3);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void invokeTokenRequest(String str, WLResponseListener wLResponseListener) {
        try {
            JSONObject jSONObject = new JSONObject();
            jSONObject.put(CLConstants.FIELD_CODE, str);
            HashMap<String, Object> hashMap = new HashMap<>();
            hashMap.put(CLConstants.FIELD_CODE, str);
            hashMap.put(PARAM_CLIENT_ID_KEY, getClientId());
            hashMap.put(PARAM_GRANT_TYPE_KEY, PARAM_AUTHORIZATION_CODE_VALUE);
            hashMap.put(PARAM_REDIRECT_URI_KEY, PARAM_REDIRECT_URI_VALUE);
            String v = WLOAuthCertManager.s().v(jSONObject);
            HashMap<String, String> hashMap2 = new HashMap<>();
            hashMap2.put(X_WL_AUTHENTICATE_HEADER, v);
            sendRequest("token", hashMap, hashMap2, RequestMethod.POST, wLResponseListener);
        } catch (JSONException e) {
            throw new Error(e);
        } catch (Exception e2) {
            throw new Error(e2);
        }
    }

    private boolean isContainedScope(String str, String str2) {
        if (str.equals("")) {
            return true;
        }
        return Arrays.asList(str2.split(" ")).containsAll(Arrays.asList(str.split(" ")));
    }

    private boolean isUnknownClientError(WLResponse wLResponse) {
        JSONObject responseJSON = wLResponse.getResponseJSON();
        if (responseJSON == null) {
            return false;
        }
        try {
            if (responseJSON.getString("error").equals(UNAUTHORIZED_CLIENT_ERROR)) {
                return responseJSON.getString("error_description").equals(UNKNOWN_CLIENT_ERROR_DESCRIPTION);
            }
            return false;
        } catch (JSONException unused) {
            return false;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public synchronized void onAuthFailure(final String str, WLFailResponse wLFailResponse) {
        if (isUnknownClientError(wLFailResponse) && this.shouldCallRegistrationAfterUnknowClientError) {
            this.shouldCallRegistrationAfterUnknowClientError = false;
            logger.A("Client instance registration information is incorrect, attempting to re-register client instance.");
            clearRegistration();
            invokeInstanceRegistrationRequest(new WLResponseListener() { // from class: com.worklight.wlclient.WLAuthorizationManagerInternal.4
                @Override // com.worklight.wlclient.api.WLResponseListener
                public void onFailure(WLFailResponse wLFailResponse2) {
                    WLAuthorizationManagerInternal.this.releaseAuthorizationQueueOnFailure(str, wLFailResponse2);
                }

                @Override // com.worklight.wlclient.api.WLResponseListener
                public void onSuccess(WLResponse wLResponse) {
                    WLAuthorizationManagerInternal.this.invokeAuthorizationRequest(str);
                }
            });
        } else {
            if (wLFailResponse.getHeader("location") != null) {
                String str2 = WLUtils.i(wLFailResponse.getHeader("location").getValue()).get("error_description");
                if (str2 == null) {
                    str2 = WLErrorCode.AUTHORIZATION_FAILURE.getDescription();
                }
                wLFailResponse = new WLFailResponse(WLErrorCode.AUTHORIZATION_FAILURE, str2, null);
            }
            releaseAuthorizationQueueOnFailure(str, wLFailResponse);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public synchronized void onRegistrationFailure(WLFailResponse wLFailResponse) {
        clearRegistration();
        abortAuthorization(wLFailResponse);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public synchronized void onRegistrationSuccess(WLResponse wLResponse) throws Exception {
        JSONObject e = WLUtils.e(wLResponse.getResponseText());
        if (e.getString(JSON_CERTIFICATE_KEY) == null) {
            throw new Exception("Saving certificate failed");
        }
        saveCertificate(e);
        this.shouldCallRegistrationAfterUnknowClientError = true;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public synchronized void onTokenSuccess(WLResponse wLResponse) throws JSONException {
        JSONObject responseJSON = wLResponse.getResponseJSON();
        if (responseJSON != null) {
            saveToken(responseJSON);
            String string = responseJSON.has(PARAM_SCOPE_KEY) ? responseJSON.getString(PARAM_SCOPE_KEY) : null;
            if (string == null) {
                string = "";
            }
            releaseAuthorizationQueueOnSuccess(string, wLResponse);
        }
    }

    private void persistToken(String str, String str2) {
        WLConfig.k().A(OAUTH_ACCESS_TOKEN_LABEL, str);
        WLConfig.k().A(OAUTH_ID_TOKEN_LABEL, str2);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void releaseAuthorizationQueueOnFailure(String str, WLFailResponse wLFailResponse) {
        Iterator<String> it = this.authorizationQueue.keySet().iterator();
        while (it.hasNext()) {
            String next = it.next();
            if (scopesEqual(str, next)) {
                Iterator<WLResponseListener> it2 = this.authorizationQueue.get(next).iterator();
                while (it2.hasNext()) {
                    it2.next().onFailure(wLFailResponse);
                }
                it.remove();
            }
        }
        invokeNextAuthorizationRequest();
    }

    private void releaseAuthorizationQueueOnSuccess(String str, WLResponse wLResponse) {
        Iterator<String> it = this.authorizationQueue.keySet().iterator();
        while (it.hasNext()) {
            String next = it.next();
            if (isContainedScope(next, str)) {
                Iterator<WLResponseListener> it2 = this.authorizationQueue.get(next).iterator();
                while (it2.hasNext()) {
                    it2.next().onSuccess(wLResponse);
                }
                it.remove();
            }
        }
        invokeNextAuthorizationRequest();
    }

    private void saveCertificate(JSONObject jSONObject) throws JSONException, Exception {
        X509Certificate createCertificateFromString = createCertificateFromString(jSONObject.getString(JSON_CERTIFICATE_KEY));
        validateCertificate(createCertificateFromString);
        this.clientId = WLOAuthCertManager.s().p(createCertificateFromString);
        WLConfig.k().A(CLIENT_ID_OAUTH_LABEL, this.clientId);
        WLOAuthCertManager.s().k(PROVISIONING_ENTITY_FOR_KEYS, createCertificateFromString, null);
    }

    private void saveToken(String str, String str2) {
        this.accessToken = str;
        this.idToken = str2;
        if (this.persistencePolicy == WLAuthorizationPersistencePolicy.ALWAYS) {
            persistToken(str, str2);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public synchronized void saveToken(JSONObject jSONObject) throws JSONException {
        if (jSONObject.has("access_token") && jSONObject.has(JSON_ID_TOKEN_KEY)) {
            saveToken(jSONObject.getString("access_token"), jSONObject.getString(JSON_ID_TOKEN_KEY));
        }
    }

    private boolean scopesEqual(String str, String str2) {
        List asList = Arrays.asList(str.split(" "));
        List asList2 = Arrays.asList(str2.split(" "));
        return asList.containsAll(asList2) && asList2.containsAll(asList);
    }

    private void sendRequest(String str, HashMap<String, Object> hashMap, HashMap<String, String> hashMap2, RequestMethod requestMethod, final WLResponseListener wLResponseListener) {
        String str2 = "authorization/v1/" + str;
        WLRequestOptions wLRequestOptions = new WLRequestOptions();
        for (String str3 : hashMap.keySet()) {
            wLRequestOptions.addParameter(str3, hashMap.get(str3).toString());
        }
        if (hashMap2 != null) {
            for (String str4 : hashMap2.keySet()) {
                wLRequestOptions.addHeader(str4, hashMap2.get(str4));
            }
        }
        wLRequestOptions.setResponseListener(wLResponseListener);
        WLRequestListener wLRequestListener = new WLRequestListener() { // from class: com.worklight.wlclient.WLAuthorizationManagerInternal.7
            @Override // com.worklight.wlclient.WLRequestListener
            public void onFailure(WLFailResponse wLFailResponse) {
                wLResponseListener.onFailure(wLFailResponse);
            }

            @Override // com.worklight.wlclient.WLRequestListener
            public void onSuccess(WLResponse wLResponse) {
                wLResponseListener.onSuccess(wLResponse);
            }
        };
        WLRequest wLRequest = getClientId() != null ? new WLRequest(wLRequestListener, wLRequestOptions, WLConfig.k(), WLClient.getInstance().getContext(), true) : new WLClientInstanceRegistrationRequest(wLRequestListener, wLRequestOptions, WLConfig.k(), WLClient.getInstance().getContext());
        wLRequest.setMethod(requestMethod);
        wLRequest.makeRequest(str2, true);
    }

    private void validateCertificate(X509Certificate x509Certificate) throws CertificateException {
        try {
            x509Certificate.checkValidity();
        } catch (CertificateNotYetValidException unused) {
        }
        try {
            PublicKey publicKey = WLOAuthCertManager.s().t().getPublic();
            PublicKey publicKey2 = x509Certificate.getPublicKey();
            if (publicKey2 == null || !publicKey2.equals(publicKey)) {
                throw new CertificateException("Invalid certificate received, public keys do not match.");
            }
        } catch (KeyStoreException e) {
            throw new RuntimeException(e);
        } catch (NoSuchAlgorithmException e2) {
            throw new Error(e2);
        } catch (UnrecoverableEntryException e3) {
            throw new RuntimeException(e3);
        }
    }

    public void addCachedAuthorizationHeader(URLConnection uRLConnection) {
        String cachedAuthorizationHeader = getCachedAuthorizationHeader();
        if (cachedAuthorizationHeader.equals("")) {
            return;
        }
        uRLConnection.setRequestProperty("Authorization", cachedAuthorizationHeader);
    }

    public void addCachedAuthorizationHeader(HttpUriRequest httpUriRequest) {
        String cachedAuthorizationHeader = getCachedAuthorizationHeader();
        if (cachedAuthorizationHeader.equals("")) {
            return;
        }
        httpUriRequest.setHeader("Authorization", cachedAuthorizationHeader);
    }

    public void addClientIdHeaderToRequest(HttpRequest httpRequest) {
        String clientId = getClientId();
        if (clientId != null) {
            httpRequest.addHeader(CLIENT_ID_HEADER, clientId);
            httpRequest.addHeader(SIGNED_CLIENT_ID_HEADER, getSignedClientId());
        }
        if (httpRequest.getFirstHeader(WL_X_SESSION_ID_HEADER) == null) {
            httpRequest.addHeader(WL_X_SESSION_ID_HEADER, this.wlSessionID);
        }
    }

    public synchronized void clearRegistration() {
        saveToken(null, null);
        this.clientId = null;
        WLConfig.k().A(CLIENT_ID_OAUTH_LABEL, null);
        try {
            WLOAuthCertManager.s().a(PROVISIONING_ENTITY_FOR_KEYS);
            addNewSessionGlobalHeader();
        } catch (Exception e) {
            logger.A("Unable to clear registration data from keystore.");
            throw new RuntimeException(e);
        }
    }

    public synchronized void deleteTokens() {
        this.idToken = null;
        this.accessToken = null;
        clearPersistedToken();
    }

    public JSONObject getAppIdentity() {
        try {
            JSONObject idTokenJSON = getIdTokenJSON();
            if (idTokenJSON != null) {
                return idTokenJSON.getJSONObject("imf.application");
            }
            return null;
        } catch (JSONException unused) {
            return null;
        }
    }

    public WLAuthorizationPersistencePolicy getAuthorizationPersistencePolicy() {
        return this.persistencePolicy;
    }

    public String getAuthorizationScope(String str) {
        int indexOf = str.indexOf("scope=");
        if (indexOf >= 0) {
            return str.substring(indexOf + 6).replaceAll(Pattern.quote("\""), "");
        }
        return null;
    }

    public String getAuthorizationScope(HttpResponse httpResponse) {
        String str = null;
        for (Header header : getAuthenticationHeaders(httpResponse)) {
            if (str != null) {
                throw new Error("Multiple values for 'WWW-Authenticate' header were detected");
            }
            str = getAuthorizationScope(header.getValue());
        }
        return str;
    }

    public synchronized String getCachedAuthorizationHeader() {
        String accessToken = getAccessToken();
        String idToken = getIdToken();
        if (accessToken == null || idToken == null) {
            return "";
        }
        return "Bearer " + accessToken + " " + idToken;
    }

    public String getClientId() {
        if (this.clientId == null) {
            String w = WLConfig.k().w(CLIENT_ID_OAUTH_LABEL);
            this.clientId = w;
            if (w == null) {
                try {
                    this.clientId = WLOAuthCertManager.s().r();
                } catch (Exception unused) {
                    this.clientId = null;
                }
            }
        }
        return this.clientId;
    }

    public synchronized void getClientInstanceIdHeader(final WLClientInstanceIdListener wLClientInstanceIdListener) {
        String clientId = getClientId();
        if (clientId != null) {
            wLClientInstanceIdListener.onSuccess(clientId);
        } else {
            invokeInstanceRegistrationRequest(new WLResponseListener() { // from class: com.worklight.wlclient.WLAuthorizationManagerInternal.2
                @Override // com.worklight.wlclient.api.WLResponseListener
                public void onFailure(WLFailResponse wLFailResponse) {
                    wLClientInstanceIdListener.onFailure(new WLAuthorizationException(wLFailResponse));
                }

                @Override // com.worklight.wlclient.api.WLResponseListener
                public void onSuccess(WLResponse wLResponse) {
                    wLClientInstanceIdListener.onSuccess(WLAuthorizationManagerInternal.this.getClientId());
                }
            });
        }
    }

    public JSONObject getDeviceIdentity() {
        try {
            JSONObject idTokenJSON = getIdTokenJSON();
            if (idTokenJSON != null) {
                return idTokenJSON.getJSONObject("imf.device");
            }
            return null;
        } catch (JSONException unused) {
            return null;
        }
    }

    public String getSignedClientId() {
        try {
            JSONObject jSONObject = new JSONObject();
            jSONObject.put(SIGNED_CLIENT_ID_JWS_KEY, getClientId());
            return WLOAuthCertManager.s().v(jSONObject);
        } catch (JSONException e) {
            throw new Error(e);
        } catch (Exception e2) {
            throw new Error(e2);
        }
    }

    public JSONObject getUserIdentity() {
        try {
            JSONObject idTokenJSON = getIdTokenJSON();
            if (idTokenJSON != null) {
                return idTokenJSON.getJSONObject("imf.user");
            }
            return null;
        } catch (JSONException unused) {
            return null;
        }
    }

    public String getWlSessionId() {
        return this.wlSessionID;
    }

    public synchronized void invokeAuthorizationForLogout(final String str, final WLRequestListener wLRequestListener, WLRequestOptions wLRequestOptions) {
        if (this.authorizationInProgress || getClientId() == null) {
            String str2 = getClientId() == null ? "Cannot logout before client is registered." : "Cannot logout while authorization request is in progress.";
            logger.v(str2);
            wLRequestListener.onFailure(new WLFailResponse(WLErrorCode.AUTHORIZATION_FAILURE, str2, wLRequestOptions));
        } else {
            logger.v("Call authorization endpoint - logout");
            sendRequest(OAUTH_AUTHORIZATION_PATH, getAuthorizationsParams(str), null, RequestMethod.GET, new WLResponseListener() { // from class: com.worklight.wlclient.WLAuthorizationManagerInternal.6
                @Override // com.worklight.wlclient.api.WLResponseListener
                public void onFailure(WLFailResponse wLFailResponse) {
                    WLAuthorizationManagerInternal.logger.v("Logout failed from realm " + str + ": " + wLFailResponse.getErrorMsg());
                    wLRequestListener.onFailure(wLFailResponse);
                }

                @Override // com.worklight.wlclient.api.WLResponseListener
                public void onSuccess(WLResponse wLResponse) {
                    WLAuthorizationManagerInternal.this.deleteTokens();
                    WLAuthorizationManagerInternal.logger.v("Logged out successfully from realm " + str);
                    wLRequestListener.onSuccess(wLResponse);
                }
            });
        }
    }

    public void invokeTokenRequestWithGrantCode(String str, final WLResponseListener wLResponseListener) {
        invokeTokenRequest(str, new WLResponseListener() { // from class: com.worklight.wlclient.WLAuthorizationManagerInternal.8
            @Override // com.worklight.wlclient.api.WLResponseListener
            public void onFailure(WLFailResponse wLFailResponse) {
                wLResponseListener.onFailure(wLFailResponse);
            }

            @Override // com.worklight.wlclient.api.WLResponseListener
            public void onSuccess(WLResponse wLResponse) {
                try {
                    WLAuthorizationManagerInternal.this.saveToken(wLResponse.getResponseJSON());
                    wLResponseListener.onSuccess(wLResponse);
                } catch (JSONException unused) {
                    onFailure(new WLFailResponse(wLResponse));
                }
            }
        });
    }

    public boolean isAuthorizationRequired(int i, String str) {
        return (i == 401 || i == 403) && str.contains("Bearer") && str.contains(REALM_IMF_AUTHENTICATION);
    }

    public boolean isAuthorizationRequired(HttpResponse httpResponse) {
        int statusCode = httpResponse.getStatusLine().getStatusCode();
        if (statusCode == 401 || statusCode == 403) {
            Header[] authenticationHeaders = getAuthenticationHeaders(httpResponse);
            if (authenticationHeaders.length == 0) {
                return false;
            }
            for (Header header : authenticationHeaders) {
                String value = header.getValue();
                if (value.contains("Bearer") && value.contains(REALM_IMF_AUTHENTICATION)) {
                    return true;
                }
            }
        }
        return false;
    }

    public synchronized void obtainAuthorizationHeader(String str, WLResponseListener wLResponseListener) {
        if (this.authorizationInProgress) {
            addToAuthorizationQueue(str, wLResponseListener);
        } else {
            this.authorizationInProgress = true;
            if (getClientId() != null) {
                addToAuthorizationQueue(str, wLResponseListener);
                invokeAuthorizationRequest(str);
            } else {
                invokeInstanceRegistrationRequest(str, wLResponseListener);
            }
        }
    }

    public void setAuthorizationPersistencePolicy(WLAuthorizationPersistencePolicy wLAuthorizationPersistencePolicy) {
        if (wLAuthorizationPersistencePolicy == null) {
            throw new IllegalArgumentException("The policy argument cannot be null");
        }
        if (this.persistencePolicy != wLAuthorizationPersistencePolicy) {
            this.persistencePolicy = wLAuthorizationPersistencePolicy;
            WLConfig.k().A(TOKEN_PERSISTENCE_POLICY, wLAuthorizationPersistencePolicy.name());
            if (wLAuthorizationPersistencePolicy == WLAuthorizationPersistencePolicy.ALWAYS) {
                persistToken(this.accessToken, this.idToken);
            } else {
                clearPersistedToken();
            }
        }
    }

    public boolean shouldIgnoreRedirect(HttpResponse httpResponse) {
        String value;
        Header firstHeader = httpResponse.getFirstHeader("Location");
        if (firstHeader == null || (value = firstHeader.getValue()) == null || !value.startsWith(PARAM_REDIRECT_URI_VALUE)) {
            return false;
        }
        httpResponse.setStatusCode(222);
        httpResponse.setReasonPhrase(OAUTH_PREVENT_REDIRECT);
        return true;
    }
}
