package ca.loblaw.pcid.login;

import android.net.Uri;
import ca.loblaw.pcid.login.extension.MapExtensionsKt;
import ca.loblaw.pcid.login.factory.FailedToLoginResult;
import ca.loblaw.pcid.login.factory.IssuerFactoryKt;
import ca.loblaw.pcid.login.factory.LoginSuccessResult;
import ca.loblaw.pcid.login.factory.NonceFactoryKt;
import ca.loblaw.pcid.login.factory.PcidLoginWebViewListener;
import ca.loblaw.pcid.login.internal.PcidAuthorizationValidator;
import ca.loblaw.pcid.login.internal.PcidGrantType;
import ca.loblaw.pcid.login.internal.PcidIntent;
import ca.loblaw.pcid.login.internal.PcidJwtClaims;
import ca.loblaw.pcid.login.internal.PcidRefreshToken;
import ca.loblaw.pcid.login.model.PcidAuthorization;
import ca.loblaw.pcid.login.model.PcidToken;
import ca.loblaw.pcid.login.network.PcidApi;
import ca.loblaw.pcid.login.network.PcidApiService;
import ca.loblaw.pcid.login.util.PcidWebServiceResponse;
import gp.g;
import gp.i;
import gp.m;
import gp.s;
import java.net.URLDecoder;
import java.nio.charset.Charset;
import java.util.HashMap;
import java.util.Map;
import java.util.Objects;
import java.util.UUID;
import kotlin.Metadata;
import kotlin.collections.n0;
import kotlin.jvm.internal.h;
import kotlin.jvm.internal.n;
import kotlin.text.d;
import kotlin.text.v;
import okhttp3.HttpUrl;
import org.json.JSONObject;
import retrofit2.b;

/* compiled from: PCIDClient.kt */
@Metadata(bv = {}, d1 = {"\u0000d\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0002\u0010\u000e\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010$\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0005\n\u0002\u0018\u0002\n\u0002\b\u0007\n\u0002\u0018\u0002\n\u0002\b\u000e\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\u000b\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\f\b&\u0018\u00002\u00020\u0001B+\u0012\u0006\u0010.\u001a\u00020+\u0012\u0006\u00101\u001a\u00020/\u0012\b\b\u0002\u00104\u001a\u000202\u0012\b\b\u0002\u00107\u001a\u000205¢\u0006\u0004\b?\u0010@J\b\u0010\u0003\u001a\u00020\u0002H\u0002J0\u0010\u0007\u001a\"\u0012\u0004\u0012\u00020\u0002\u0012\u0004\u0012\u00020\u0002\u0018\u00010\u0005j\u0010\u0012\u0004\u0012\u00020\u0002\u0012\u0004\u0012\u00020\u0002\u0018\u0001`\u00062\u0006\u0010\u0004\u001a\u00020\u0002H\u0002J(\u0010\r\u001a\u00020\f2\b\u0010\t\u001a\u0004\u0018\u00010\b2\u0014\u0010\u000b\u001a\u0010\u0012\u0004\u0012\u00020\u0002\u0012\u0004\u0012\u00020\u0001\u0018\u00010\nH\u0002J\u001e\u0010\u0010\u001a\u00020\f2\u0006\u0010\t\u001a\u00020\b2\f\u0010\u000f\u001a\b\u0012\u0004\u0012\u00020\b0\u000eH\u0002J\u0012\u0010\u0011\u001a\u0004\u0018\u00010\u00022\u0006\u0010\u0004\u001a\u00020\u0002H\u0004J \u0010\u0016\u001a\u00020\f2\u0006\u0010\u0012\u001a\u00020\u00022\u0006\u0010\u0013\u001a\u00020\u00022\b\u0010\u0015\u001a\u0004\u0018\u00010\u0014R\u001a\u0010\u001b\u001a\u00020\u00028\u0006X\u0086D¢\u0006\f\n\u0004\b\u0017\u0010\u0018\u001a\u0004\b\u0019\u0010\u001aR\u0018\u0010\u001f\u001a\u0004\u0018\u00010\u001c8\u0002@\u0002X\u0082\u000e¢\u0006\u0006\n\u0004\b\u001d\u0010\u001eR\u0014\u0010!\u001a\u00020\u00028\u0002X\u0082D¢\u0006\u0006\n\u0004\b \u0010\u0018R$\u0010\u000b\u001a\u0010\u0012\u0004\u0012\u00020\u0002\u0012\u0004\u0012\u00020\u0001\u0018\u00010\n8\u0002@\u0002X\u0082\u000e¢\u0006\u0006\n\u0004\b\"\u0010#R\u0018\u0010\t\u001a\u0004\u0018\u00010\b8\u0002@\u0002X\u0082\u000e¢\u0006\u0006\n\u0004\b$\u0010%R\u0016\u0010\u0013\u001a\u00020\u00028\u0002@\u0002X\u0082\u000e¢\u0006\u0006\n\u0004\b&\u0010\u0018R\u0016\u0010(\u001a\u00020\u00028\u0002@\u0002X\u0082\u000e¢\u0006\u0006\n\u0004\b'\u0010\u0018R\u0018\u0010\u0015\u001a\u0004\u0018\u00010\u00148\u0002@\u0002X\u0082\u000e¢\u0006\u0006\n\u0004\b)\u0010*R\u0014\u0010.\u001a\u00020+8\u0002X\u0082\u0004¢\u0006\u0006\n\u0004\b,\u0010-R\u0014\u00101\u001a\u00020/8\u0002X\u0082\u0004¢\u0006\u0006\n\u0004\b\u0019\u00100R\u0014\u00104\u001a\u0002028\u0002X\u0082\u0004¢\u0006\u0006\n\u0004\b\u0016\u00103R\u0014\u00107\u001a\u0002058\u0002X\u0082\u0004¢\u0006\u0006\n\u0004\b\u0010\u00106R#\u0010<\u001a\n 8*\u0004\u0018\u00010\u00020\u00028BX\u0082\u0084\u0002¢\u0006\f\n\u0004\b9\u0010:\u001a\u0004\b;\u0010\u001aR\u001b\u0010>\u001a\u00020\u00028BX\u0082\u0084\u0002¢\u0006\f\n\u0004\b=\u0010:\u001a\u0004\b,\u0010\u001a¨\u0006A"}, d2 = {"Lca/loblaw/pcid/login/PCIDClient;", HttpUrl.FRAGMENT_ENCODE_SET, HttpUrl.FRAGMENT_ENCODE_SET, "i", "scopes", "Ljava/util/HashMap;", "Lkotlin/collections/HashMap;", "o", "Lca/loblaw/pcid/login/model/PcidAuthorization;", "authorization", HttpUrl.FRAGMENT_ENCODE_SET, "jwkSet", "Lgp/u;", "q", "Lca/loblaw/pcid/login/util/PcidWebServiceResponse;", "response", "n", "p", "code", "state", "Lca/loblaw/pcid/login/internal/PcidIntent;", "lastOp", "m", "a", "Ljava/lang/String;", "l", "()Ljava/lang/String;", "redirectUri", "Lca/loblaw/pcid/login/network/PcidApi;", "b", "Lca/loblaw/pcid/login/network/PcidApi;", "pcidApiService", "c", "path", "d", "Ljava/util/Map;", "e", "Lca/loblaw/pcid/login/model/PcidAuthorization;", "f", "g", "nonce", "h", "Lca/loblaw/pcid/login/internal/PcidIntent;", "Lca/loblaw/pcid/login/PcidLoginWebViewConfiguration;", "k", "Lca/loblaw/pcid/login/PcidLoginWebViewConfiguration;", "configuration", "Lca/loblaw/pcid/login/factory/PcidLoginWebViewListener;", "Lca/loblaw/pcid/login/factory/PcidLoginWebViewListener;", "listener", HttpUrl.FRAGMENT_ENCODE_SET, "Z", "useCustomRedirectUri", "Lca/loblaw/pcid/login/internal/PcidAuthorizationValidator;", "Lca/loblaw/pcid/login/internal/PcidAuthorizationValidator;", "pcidAuthorizationValidator", "kotlin.jvm.PlatformType", "codeChallenge$delegate", "Lgp/g;", "j", "codeChallenge", "codeVerifier$delegate", "codeVerifier", "<init>", "(Lca/loblaw/pcid/login/PcidLoginWebViewConfiguration;Lca/loblaw/pcid/login/factory/PcidLoginWebViewListener;ZLca/loblaw/pcid/login/internal/PcidAuthorizationValidator;)V", "pcid-login-kit_release"}, k = 1, mv = {1, 4, 0})
/* loaded from: classes.dex */
public abstract class PCIDClient {

    /* renamed from: a, reason: collision with root package name and from kotlin metadata */
    private final String redirectUri;

    /* renamed from: b, reason: collision with root package name and from kotlin metadata */
    private PcidApi pcidApiService;

    /* renamed from: c, reason: collision with root package name and from kotlin metadata */
    private final String path;

    /* renamed from: d, reason: collision with root package name and from kotlin metadata */
    private Map<String, ? extends Object> jwkSet;

    /* renamed from: e, reason: collision with root package name and from kotlin metadata */
    private PcidAuthorization authorization;

    /* renamed from: f, reason: collision with root package name and from kotlin metadata */
    private String state;

    /* renamed from: g, reason: collision with root package name and from kotlin metadata */
    private String nonce;

    /* renamed from: h, reason: collision with root package name and from kotlin metadata */
    private PcidIntent lastOp;

    /* renamed from: i, reason: collision with root package name */
    private final g f6568i;

    /* renamed from: j, reason: collision with root package name */
    private final g f6569j;

    /* renamed from: k, reason: collision with root package name and from kotlin metadata */
    private final PcidLoginWebViewConfiguration configuration;

    /* renamed from: l, reason: collision with root package name and from kotlin metadata */
    private final PcidLoginWebViewListener listener;

    /* renamed from: m, reason: collision with root package name and from kotlin metadata */
    private final boolean useCustomRedirectUri;

    /* renamed from: n, reason: collision with root package name and from kotlin metadata */
    private final PcidAuthorizationValidator pcidAuthorizationValidator;

    public PCIDClient(PcidLoginWebViewConfiguration configuration, PcidLoginWebViewListener listener, boolean z10, PcidAuthorizationValidator pcidAuthorizationValidator) {
        g b10;
        g b11;
        n.g(configuration, "configuration");
        n.g(listener, "listener");
        n.g(pcidAuthorizationValidator, "pcidAuthorizationValidator");
        this.configuration = configuration;
        this.listener = listener;
        this.useCustomRedirectUri = z10;
        this.pcidAuthorizationValidator = pcidAuthorizationValidator;
        this.redirectUri = "https://www.pcid.ca/login/appredirect/";
        this.path = "oauth2/v1/authorize";
        this.state = HttpUrl.FRAGMENT_ENCODE_SET;
        this.nonce = HttpUrl.FRAGMENT_ENCODE_SET;
        this.lastOp = configuration.getPcidIntent();
        this.pcidApiService = new PcidApiService().a(configuration.getBaseUrl());
        this.state = i();
        this.nonce = NonceFactoryKt.a();
        b10 = i.b(new PCIDClient$codeChallenge$2(this));
        this.f6568i = b10;
        b11 = i.b(PCIDClient$codeVerifier$2.f6578d);
        this.f6569j = b11;
    }

    public /* synthetic */ PCIDClient(PcidLoginWebViewConfiguration pcidLoginWebViewConfiguration, PcidLoginWebViewListener pcidLoginWebViewListener, boolean z10, PcidAuthorizationValidator pcidAuthorizationValidator, int i10, h hVar) {
        this(pcidLoginWebViewConfiguration, pcidLoginWebViewListener, (i10 & 4) != 0 ? false : z10, (i10 & 8) != 0 ? new PcidAuthorizationValidator() : pcidAuthorizationValidator);
    }

    private final String i() {
        Map n10;
        String E;
        n10 = n0.n(s.a("csrf", UUID.randomUUID().toString()), s.a("relyingParty", this.configuration.getRelyingParty()), s.a("intent", this.configuration.getPcidIntent().a()), s.a("language", this.configuration.getLanguage().a()), s.a("keepMeSignedIn", this.configuration.getKeepMeSignedIn()), s.a("clientId", this.configuration.getClientId()));
        String jSONObject = new JSONObject((Map<?, ?>) n10).toString();
        n.c(jSONObject, "json.toString()");
        Charset charset = d.UTF_8;
        Objects.requireNonNull(jSONObject, "null cannot be cast to non-null type java.lang.String");
        byte[] bytes = jSONObject.getBytes(charset);
        n.e(bytes, "(this as java.lang.String).getBytes(charset)");
        E = v.E(MapExtensionsKt.b(bytes), "\n", HttpUrl.FRAGMENT_ENCODE_SET, false, 4, null);
        return E;
    }

    private final String j() {
        return (String) this.f6568i.getValue();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public final String k() {
        return (String) this.f6569j.getValue();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public final void n(PcidAuthorization pcidAuthorization, PcidWebServiceResponse<PcidAuthorization> pcidWebServiceResponse) {
        if (!(pcidWebServiceResponse instanceof PcidWebServiceResponse.Success)) {
            if (pcidWebServiceResponse instanceof PcidWebServiceResponse.Error) {
                this.listener.l(new FailedToLoginResult(this, PcidErrorCode.PAGE_LOAD_FAILED, ((PcidWebServiceResponse.Error) pcidWebServiceResponse).getError().getMessage()));
                return;
            }
            return;
        }
        if (pcidAuthorization.getRefreshToken() == null) {
            this.listener.l(new FailedToLoginResult(this, PcidErrorCode.INVALID_REFRESH_TOKEN, "refresh token is null"));
            return;
        }
        PcidWebServiceResponse.Success success = (PcidWebServiceResponse.Success) pcidWebServiceResponse;
        this.listener.j(new LoginSuccessResult(this, ((PcidAuthorization) success.a()).getAccessToken(), pcidAuthorization.getIdToken(), ((PcidAuthorization) success.a()).getRefreshToken(), ((PcidAuthorization) success.a()).getType(), pcidAuthorization.getEmail(), pcidAuthorization.getPcid(), pcidAuthorization.getMfaEnabled(), this.lastOp));
    }

    private final HashMap<String, String> o(String scopes) {
        String str;
        HashMap<String, String> m10;
        if (n.b(this.configuration.getAddOfflineAccessToScopes(), Boolean.TRUE)) {
            str = "openid " + scopes + " offline_access";
        } else {
            str = "openid " + scopes;
        }
        m[] mVarArr = new m[8];
        mVarArr[0] = s.a("client_id", this.configuration.getClientId());
        mVarArr[1] = s.a("response_type", "code");
        mVarArr[2] = s.a("code_challenge_method", "S256");
        mVarArr[3] = s.a("code_challenge", j());
        mVarArr[4] = s.a("state", this.state);
        mVarArr[5] = s.a("scope", str);
        mVarArr[6] = s.a("nonce", this.nonce);
        mVarArr[7] = s.a("redirect_uri", this.useCustomRedirectUri ? this.configuration.getRedirectUri() : this.redirectUri);
        m10 = n0.m(mVarArr);
        return m10;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public final void q(PcidAuthorization pcidAuthorization, Map<String, ? extends Object> map) {
        if (pcidAuthorization == null || map == null) {
            return;
        }
        try {
            if (pcidAuthorization.getIdToken() == null) {
                throw new Exception(PcidErrorCode.MALFORMED_JWK_SET.name());
            }
            PcidAuthorization a10 = this.pcidAuthorizationValidator.a(pcidAuthorization, map, this.nonce, this.configuration.getClientId(), this.configuration.getAudience(), IssuerFactoryKt.a());
            PCIDClient$validateAccessToken$callback$1 pCIDClient$validateAccessToken$callback$1 = new PCIDClient$validateAccessToken$callback$1(this, a10);
            if (a10.getRefreshToken() != null) {
                new PcidRefreshToken(this.configuration.getAudience(), this.configuration.getClientId(), this.configuration.getClientSecret(), new PcidApiService().a(this.configuration.getBaseUrl()), null, 16, null).j(a10.getRefreshToken(), pCIDClient$validateAccessToken$callback$1);
            } else {
                this.listener.j(new LoginSuccessResult(this, a10.getAccessToken(), a10.getIdToken(), null, a10.getType(), a10.getEmail(), a10.getPcid(), a10.getMfaEnabled(), this.lastOp));
            }
        } catch (Exception e10) {
            PcidJwtClaims.ParseException parseException = (PcidJwtClaims.ParseException) (!(e10 instanceof PcidJwtClaims.ParseException) ? null : e10);
            if (parseException == null) {
                String message = e10.getMessage();
                if (message == null) {
                    message = e10.toString();
                }
                this.listener.l(new FailedToLoginResult(this, PcidErrorCode.MALFORMED_JWK_SET, message));
                return;
            }
            this.listener.l(new FailedToLoginResult(this, PcidErrorCode.MALFORMED_JWK_SET, "PcidJwtClaims.ParseException: " + parseException.getReason()));
        }
    }

    /* renamed from: l, reason: from getter */
    public final String getRedirectUri() {
        return this.redirectUri;
    }

    public final void m(final String code, String state, PcidIntent pcidIntent) {
        n.g(code, "code");
        n.g(state, "state");
        this.jwkSet = null;
        this.authorization = null;
        if (pcidIntent != null) {
            this.lastOp = pcidIntent;
        }
        if (!n.b(state, this.state)) {
            this.listener.l(new FailedToLoginResult(this, PcidErrorCode.STATE_IS_DIFFERENT, null));
            return;
        }
        PcidApi pcidApi = this.pcidApiService;
        if (pcidApi != null) {
            pcidApi.a().l(new retrofit2.d<Map<String, ? extends Object>>() { // from class: ca.loblaw.pcid.login.PCIDClient$handleCode$$inlined$let$lambda$1
                @Override // retrofit2.d
                public void b(b<Map<String, ? extends Object>> call, Throwable throwable) {
                    PcidLoginWebViewListener pcidLoginWebViewListener;
                    n.g(call, "call");
                    n.g(throwable, "throwable");
                    FailedToLoginResult failedToLoginResult = new FailedToLoginResult(PCIDClient.this, PcidErrorCode.MALFORMED_JWK_SET, throwable.getMessage());
                    pcidLoginWebViewListener = PCIDClient.this.listener;
                    pcidLoginWebViewListener.l(failedToLoginResult);
                }

                @Override // retrofit2.d
                public void c(b<Map<String, ? extends Object>> call, retrofit2.s<Map<String, ? extends Object>> response) {
                    PcidAuthorization pcidAuthorization;
                    Map map;
                    n.g(call, "call");
                    n.g(response, "response");
                    Map<String, ? extends Object> a10 = response.a();
                    if (a10 != null) {
                        PCIDClient.this.jwkSet = a10;
                        PCIDClient pCIDClient = PCIDClient.this;
                        pcidAuthorization = pCIDClient.authorization;
                        map = PCIDClient.this.jwkSet;
                        pCIDClient.q(pcidAuthorization, map);
                    }
                }
            });
            pcidApi.b(code, this.configuration.getClientId(), this.configuration.getClientSecret(), PcidGrantType.AUTHORIZATION.a(), k()).l(new retrofit2.d<PcidToken>() { // from class: ca.loblaw.pcid.login.PCIDClient$handleCode$$inlined$let$lambda$2
                @Override // retrofit2.d
                public void b(b<PcidToken> call, Throwable throwable) {
                    PcidLoginWebViewListener pcidLoginWebViewListener;
                    n.g(call, "call");
                    n.g(throwable, "throwable");
                    FailedToLoginResult failedToLoginResult = new FailedToLoginResult(PCIDClient.this, PcidErrorCode.MALFORMED_TOKEN_RESPONSE, throwable.getMessage());
                    pcidLoginWebViewListener = PCIDClient.this.listener;
                    pcidLoginWebViewListener.l(failedToLoginResult);
                }

                @Override // retrofit2.d
                public void c(b<PcidToken> call, retrofit2.s<PcidToken> response) {
                    PcidAuthorization pcidAuthorization;
                    Map map;
                    n.g(call, "call");
                    n.g(response, "response");
                    PcidToken a10 = response.a();
                    if (a10 != null) {
                        PCIDClient.this.authorization = new PcidAuthorization(a10.getToken_type(), a10.getId_token(), a10.getAccess_token(), a10.getRefresh_token(), null, null, null, 112, null);
                        PCIDClient pCIDClient = PCIDClient.this;
                        pcidAuthorization = pCIDClient.authorization;
                        map = PCIDClient.this.jwkSet;
                        pCIDClient.q(pcidAuthorization, map);
                    }
                }
            });
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final String p(String scopes) {
        n.g(scopes, "scopes");
        HashMap<String, String> o10 = o(scopes);
        if (o10 == null) {
            return null;
        }
        Uri.Builder buildUpon = Uri.parse(this.configuration.getBaseUrl()).buildUpon();
        buildUpon.appendPath(this.path);
        for (Map.Entry<String, String> entry : o10.entrySet()) {
            buildUpon.appendQueryParameter(entry.getKey(), entry.getValue());
        }
        return URLDecoder.decode(buildUpon.build().toString(), "UTF-8");
    }
}
