package com.couchbase.lite.auth;

import com.couchbase.lite.auth.LoginAuthorizer;
import com.couchbase.lite.i;
import com.couchbase.lite.util.j;
import com.couchbase.lite.util.s;
import com.couchbase.lite.util.t;
import com.persianswitch.apmb.app.model.ModelStatics;
import java.io.UnsupportedEncodingException;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import z8.a0;

/* loaded from: classes.dex */
public class OpenIDConnectAuthorizer extends BaseAuthorizer implements CustomHeadersAuthorizer, SessionCookieAuthorizer {
    private static final String TAG = "Sync";
    public String IDToken;
    public URL authURL;
    public boolean haveSessionCookie;
    public d loginCallback;
    public String refreshToken;
    public f tokenStore;
    private String username;

    public OpenIDConnectAuthorizer(d dVar, f fVar) {
        this.loginCallback = dVar;
        this.tokenStore = fVar;
    }

    private void continueAsyncLoginWithURL(URL url, final LoginAuthorizer.a aVar) {
        j.l("Sync", "OpenIDConnectAuthorizer: Calling app login callback block...");
        final URL remoteURL = getRemoteURL();
        URL extractRedirectURL = extractRedirectURL(url);
        d dVar = this.loginCallback;
        if (dVar != null) {
            dVar.a(url, extractRedirectURL, new e() { // from class: com.couchbase.lite.auth.OpenIDConnectAuthorizer.1
                public void callback(URL url2, Throwable th) {
                    if (url2 != null) {
                        j.m("Sync", "OpenIDConnectAuthorizer: App login callback returned authURL <%s>", url2.toExternalForm());
                        if (remoteURL == null || url2.getHost().compareToIgnoreCase(remoteURL.getHost()) != 0 || url2.getPort() != remoteURL.getPort()) {
                            j.q("Sync", "OpenIDConnectAuthorizer: App-provided authURL <%s> doesn't match server URL; ignoring it", url2.toExternalForm());
                            th = new com.couchbase.lite.replicator.f(com.couchbase.lite.replicator.f.f4530h, null, null);
                            url2 = null;
                        }
                    }
                    if (url2 != null) {
                        OpenIDConnectAuthorizer.this.authURL = url2;
                        aVar.call(true, null);
                        return;
                    }
                    if (th == null) {
                        th = new com.couchbase.lite.replicator.f(com.couchbase.lite.replicator.f.f4531i, null, null);
                    }
                    j.n("Sync", "OpenIDConnectAuthorizer: App login callback returned error=" + th);
                    aVar.call(false, th);
                }
            });
        }
    }

    private static URL extractRedirectURL(URL url) {
        try {
            Map<String, List<String>> b10 = t.b(url);
            if (b10.containsKey("redirect_uri") && b10.get("redirect_uri").size() > 0) {
                try {
                    return new URL(b10.get("redirect_uri").get(0));
                } catch (MalformedURLException e10) {
                    j.p("Sync", "Invalid URL: redirect_uri=<%s>", e10, b10.get("redirect_uri").get(0));
                }
            }
            return null;
        } catch (UnsupportedEncodingException e11) {
            j.p("Sync", "Invalid URL: loginURL=<%s>", e11, url);
            return null;
        }
    }

    public static boolean forgetIDTokensForServer(URL url, f fVar) {
        OpenIDConnectAuthorizer openIDConnectAuthorizer = new OpenIDConnectAuthorizer(null, fVar);
        openIDConnectAuthorizer.setRemoteURL(url);
        return openIDConnectAuthorizer.deleteTokens();
    }

    private boolean parseTokens(Map<String, String> map) {
        if (map == null) {
            return false;
        }
        String str = map.get("id_token");
        if (str == null) {
            j.l("Sync", "OpenIDConnectAuthorizer: the parsed token doesn't have the ID Token");
            return false;
        }
        this.IDToken = str;
        this.refreshToken = map.get("refresh_token");
        this.username = map.get(ModelStatics.BRANCH_INFO_NAME);
        this.haveSessionCookie = map.containsKey("session_id");
        return true;
    }

    @Override // com.couchbase.lite.auth.CustomHeadersAuthorizer
    public boolean authorizeURLRequest(a0.a aVar) {
        loadTokens();
        String str = this.IDToken;
        if (str == null || this.haveSessionCookie) {
            return false;
        }
        aVar.a("Authorization", String.format(Locale.ENGLISH, "Bearer ", str));
        return true;
    }

    public boolean deleteTokens() {
        f fVar = this.tokenStore;
        if (fVar == null) {
            return false;
        }
        return fVar.deleteTokens(getRemoteURL(), getLocalUUID());
    }

    public String getIDToken() {
        return this.IDToken;
    }

    public String getRefreshToken() {
        return this.refreshToken;
    }

    public f getTokenStore() {
        return this.tokenStore;
    }

    @Override // com.couchbase.lite.auth.BaseAuthorizer, com.couchbase.lite.auth.Authorizer
    public String getUsername() {
        return this.username;
    }

    @Override // com.couchbase.lite.auth.LoginAuthorizer
    public boolean implementedLoginResponse() {
        return true;
    }

    public boolean loadTokens() {
        f fVar = this.tokenStore;
        if (fVar == null) {
            return false;
        }
        try {
            return parseTokens(fVar.loadTokens(getRemoteURL(), getLocalUUID()));
        } catch (Exception e10) {
            j.o("Sync", "Error in loadTokens()", e10);
            return false;
        }
    }

    @Override // com.couchbase.lite.auth.LoginAuthorizer
    public List<Object> loginRequest() {
        String format;
        loadTokens();
        this.IDToken = null;
        this.haveSessionCookie = false;
        String str = this.refreshToken;
        if (str != null) {
            format = String.format(Locale.ENGLISH, "_oidc_refresh?refresh_token=%s", s.b(str));
        } else {
            URL url = this.authURL;
            format = url != null ? String.format(Locale.ENGLISH, "_oidc_callback?%s", url.getQuery()) : "_oidc_challenge?offline=true";
        }
        return Arrays.asList("GET", format);
    }

    @Override // com.couchbase.lite.auth.LoginAuthorizer
    public void loginResponse(Object obj, z8.s sVar, Throwable th, LoginAuthorizer.a aVar) {
        if (th != null && (!(th instanceof com.couchbase.lite.replicator.f) || ((com.couchbase.lite.replicator.f) th).a() != 401)) {
            aVar.call(false, th);
            return;
        }
        String str = this.refreshToken;
        String str2 = null;
        if (str == null && this.authURL == null) {
            com.couchbase.lite.replicator.f fVar = (com.couchbase.lite.replicator.f) th;
            Map map = fVar.b() != null ? (Map) fVar.b().get("AuthChallenge") : null;
            if (map != null && "OIDC".equals(map.get("Scheme"))) {
                str2 = (String) map.get("login");
            }
            if (str2 != null) {
                j.m("Sync", "OpenIDConnectAuthorizer: Got OpenID Connect login URL: <%s>", str2);
                try {
                    continueAsyncLoginWithURL(new URL(str2), aVar);
                    return;
                } catch (MalformedURLException e10) {
                    j.e("Sync", "Unknown Error", e10);
                    th = new i(-1);
                }
            } else {
                th = new i("Server didn't provide an OpenID login URL", 589);
            }
        } else if (th != null) {
            this.authURL = null;
            if (str != null) {
                this.refreshToken = null;
                this.username = null;
                deleteTokens();
                aVar.call(true, null);
            }
        } else {
            Map<String, String> map2 = (Map) obj;
            if (str != null && map2.get("refresh_token") == null) {
                HashMap hashMap = new HashMap(map2);
                hashMap.put("refresh_token", this.refreshToken);
                map2 = hashMap;
            }
            if (parseTokens(map2)) {
                j.m("Sync", "%s: Logged in as %s !", getClass().getName(), this.username);
                saveTokens(map2);
            } else {
                th = new i("Server didn't return a refreshed ID token", 589);
            }
        }
        aVar.call(false, th);
    }

    @Override // com.couchbase.lite.auth.BaseAuthorizer, com.couchbase.lite.auth.Authorizer
    public boolean removeStoredCredentials() {
        if (!deleteTokens()) {
            return false;
        }
        this.IDToken = null;
        this.refreshToken = null;
        this.haveSessionCookie = false;
        this.authURL = null;
        return true;
    }

    public boolean saveTokens(Map<String, String> map) {
        f fVar = this.tokenStore;
        if (fVar == null) {
            return false;
        }
        return fVar.saveTokens(getRemoteURL(), getLocalUUID(), map);
    }

    public void setIDToken(String str) {
        this.IDToken = str;
    }

    public void setRefreshToken(String str) {
        this.refreshToken = str;
    }

    public void setTokenStore(f fVar) {
        this.tokenStore = fVar;
    }

    public void setUsername(String str) {
        this.username = str;
    }

    public String toString() {
        return String.format(Locale.ENGLISH, "OpenIDConnectAuthorizer[%s]", getRemoteURL());
    }
}
