package com.lastpass.lpandroid.domain.account.federated;

import android.net.Uri;
import android.util.Base64;
import com.auth0.android.jwt.JWT;
import com.lastpass.lpandroid.api.federated.OpenIdApi;
import com.lastpass.lpandroid.api.federated.dto.OpenIdConfigurationResponse;
import com.lastpass.lpandroid.api.federated.dto.OpenIdK2Response;
import com.lastpass.lpandroid.api.federated.dto.OpenIdTokenRequestInfo;
import com.lastpass.lpandroid.api.federated.dto.OpenIdTokenResponse;
import com.lastpass.lpandroid.api.lmiapi.LmiApiCallback;
import com.lastpass.lpandroid.app.Globals;
import com.lastpass.lpandroid.domain.LpLog;
import com.lastpass.lpandroid.domain.account.federated.FederatedLoginFlow;
import com.lastpass.lpandroid.domain.account.federated.exception.InvalidFederatedProviderException;
import com.lastpass.lpandroid.domain.account.federated.exception.InvalidFlowStateException;
import com.lastpass.lpandroid.domain.account.federated.helper.FederatedLoginFlowHelper;
import com.lastpass.lpandroid.utils.FormattingExtensionsKt;
import com.lastpass.lpandroid.utils.security.CryptoUtils;
import com.lastpass.lpandroid.utils.security.KeyGenerator;
import java.util.Map;
import javax.inject.Inject;
import kotlin.Metadata;
import kotlin.TuplesKt;
import kotlin.Unit;
import kotlin.collections.MapsKt__MapsKt;
import kotlin.jvm.functions.Function1;
import kotlin.jvm.functions.Function2;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.Intrinsics;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import retrofit2.Response;

@Metadata
/* loaded from: classes2.dex */
public abstract class OpenIdFederatedLoginFlow extends FederatedLoginFlow {

    @NotNull
    public static final Companion k = new Companion(null);

    @Inject
    public OpenIdApi j;

    @Metadata
    /* loaded from: classes2.dex */
    public static final class Companion {
        private Companion() {
        }

        public /* synthetic */ Companion(DefaultConstructorMarker defaultConstructorMarker) {
            this();
        }
    }

    private OpenIdFederatedLoginFlow() {
        this("");
    }

    /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
    public OpenIdFederatedLoginFlow(@NotNull String username) {
        super(username);
        Intrinsics.e(username, "username");
        Globals.a().f(this);
    }

    private final String C(String str) {
        Map<String, String> g;
        FederatedLoginFlowHelper g2 = g();
        String d2 = h().d();
        Intrinsics.c(d2);
        g = MapsKt__MapsKt.g(TuplesKt.a("client_id", h().j().e()), TuplesKt.a("login_hint", q()), TuplesKt.a("redirect_uri", h().p()), TuplesKt.a("prompt", "login"), TuplesKt.a("response_type", "code"), TuplesKt.a("scope", g().h(h().j().f(), h().j().h())), TuplesKt.a("state", FormattingExtensionsKt.i(h().r())), TuplesKt.a("nonce", FormattingExtensionsKt.i(h().m())), TuplesKt.a("code_challenge", g2.c(d2)), TuplesKt.a("code_challenge_method", "S256"));
        if (!g().b(h().j().f(), h().j().i())) {
            g.remove("login_hint");
        }
        if (!g().f(h().j().f())) {
            g.remove("prompt");
        }
        return g().e(str, g);
    }

    private final String D(String str) {
        Map<String, String> f;
        FederatedLoginFlowHelper g = g();
        f = MapsKt__MapsKt.f(TuplesKt.a("client_id", h().j().e()), TuplesKt.a("login_hint", q()), TuplesKt.a("redirect_uri", h().p()), TuplesKt.a("response_type", "id_token token"), TuplesKt.a("scope", g().h(h().j().f(), h().j().h())), TuplesKt.a("state", FormattingExtensionsKt.i(h().r())), TuplesKt.a("nonce", FormattingExtensionsKt.i(h().m())));
        return g.e(str, f);
    }

    private final void F() {
        h().x(FederatedLoginFlowHelper.DefaultImpls.a(g(), null, 1, null));
    }

    private final void G() {
        h().G(KeyGenerator.a(32));
        h().L(KeyGenerator.a(32));
    }

    private final void J() {
        OpenIdApi openIdApi = this.j;
        if (openIdApi == null) {
            Intrinsics.u("openIdApi");
        }
        String c2 = h().j().c();
        if (c2 == null) {
            c2 = "https://accounts.lastpass.com/";
        }
        openIdApi.a(c2);
        StringBuilder sb = new StringBuilder();
        sb.append("Federated login getting K2 from: ");
        OpenIdApi openIdApi2 = this.j;
        if (openIdApi2 == null) {
            Intrinsics.u("openIdApi");
        }
        sb.append(openIdApi2.y());
        LpLog.d("TagLogin", sb.toString());
        OpenIdApi openIdApi3 = this.j;
        if (openIdApi3 == null) {
            Intrinsics.u("openIdApi");
        }
        Long a2 = h().j().a();
        openIdApi3.x(a2 != null ? a2.longValue() : 0L, h().f(), new FederatedLoginFlow.FederatedApiCallback<OpenIdK2Response>() { // from class: com.lastpass.lpandroid.domain.account.federated.OpenIdFederatedLoginFlow$getOpenIdK2$1
            /* JADX INFO: Access modifiers changed from: package-private */
            {
                super();
            }

            @Override // com.lastpass.lpandroid.domain.account.federated.FederatedLoginFlow.FederatedApiCallback, com.lastpass.lpandroid.api.lmiapi.LmiApiCallback
            /* renamed from: e, reason: merged with bridge method [inline-methods] */
            public void d(@Nullable OpenIdK2Response openIdK2Response, @Nullable Response<OpenIdK2Response> response) {
                boolean N;
                LpLog.d("TagLogin", "Federated login: Getting K2 from response");
                String b2 = openIdK2Response != null ? openIdK2Response.b() : null;
                if (b2 == null || b2.length() == 0) {
                    LpLog.d("TagLogin", "Federated login: Getting K2 failed as response was null or empty");
                    throw new IllegalStateException("k2 not found in response");
                }
                LpLog.d("TagLogin", "Federated login: Decoding K2");
                OpenIdFederatedLoginFlow.this.h().B(Base64.decode(b2, 2));
                if (OpenIdFederatedLoginFlow.this.h().h() == null) {
                    LpLog.d("TagLogin", "Federated login: Getting K2 failed as response could not be decoded");
                }
                if (openIdK2Response.a() == null) {
                    LpLog.d("TagLogin", "Federated login: Getting K2 failed as response fragmentId was null");
                }
                FederatedLoginFlowData h = OpenIdFederatedLoginFlow.this.h();
                String a3 = openIdK2Response.a();
                if (a3 == null) {
                    a3 = "";
                }
                h.y(a3);
                LpLog.d("TagLogin", "Federated login: Validating K2");
                N = OpenIdFederatedLoginFlow.this.N();
                if (N) {
                    super.d(openIdK2Response, response);
                } else {
                    LpLog.d("TagLogin", "Federated login: Getting K2 failed as response fragmentId could not be validated");
                    throw new IllegalArgumentException("Fragment ids mismatch");
                }
            }
        });
    }

    private final void M() {
        String d2 = h().j().d();
        if (d2 == null || d2.length() == 0) {
            LpLog.E("TagLogin", "Empty connect authority");
            a();
            return;
        }
        OpenIdApi openIdApi = this.j;
        if (openIdApi == null) {
            Intrinsics.u("openIdApi");
        }
        String d3 = h().j().d();
        Intrinsics.c(d3);
        openIdApi.H(d3, new FederatedLoginFlow.FederatedApiCallback<OpenIdConfigurationResponse>() { // from class: com.lastpass.lpandroid.domain.account.federated.OpenIdFederatedLoginFlow$retrieveOpenIdConfiguration$1
            /* JADX INFO: Access modifiers changed from: package-private */
            {
                super();
            }

            @Override // com.lastpass.lpandroid.domain.account.federated.FederatedLoginFlow.FederatedApiCallback, com.lastpass.lpandroid.api.lmiapi.LmiApiCallback
            /* renamed from: e, reason: merged with bridge method [inline-methods] */
            public void d(@Nullable OpenIdConfigurationResponse openIdConfigurationResponse, @Nullable Response<OpenIdConfigurationResponse> response) {
                String str;
                String str2;
                String str3;
                String b2;
                String a2 = openIdConfigurationResponse != null ? openIdConfigurationResponse.a() : null;
                if (a2 == null || a2.length() == 0) {
                    throw new IllegalStateException("Failed to retrieve openid authority url");
                }
                FederatedLoginFlowData h = OpenIdFederatedLoginFlow.this.h();
                String str4 = "";
                if (openIdConfigurationResponse == null || (str = openIdConfigurationResponse.a()) == null) {
                    str = "";
                }
                h.H(str);
                FederatedLoginFlowData h2 = OpenIdFederatedLoginFlow.this.h();
                if (openIdConfigurationResponse == null || (str2 = openIdConfigurationResponse.d()) == null) {
                    str2 = "";
                }
                h2.K(str2);
                FederatedLoginFlowData h3 = OpenIdFederatedLoginFlow.this.h();
                if (openIdConfigurationResponse == null || (str3 = openIdConfigurationResponse.e()) == null) {
                    str3 = "";
                }
                h3.M(str3);
                FederatedLoginFlowData h4 = OpenIdFederatedLoginFlow.this.h();
                if (openIdConfigurationResponse != null && (b2 = openIdConfigurationResponse.b()) != null) {
                    str4 = b2;
                }
                h4.I(str4);
                OpenIdFederatedLoginFlow.this.h().F(openIdConfigurationResponse != null ? openIdConfigurationResponse.c() : null);
                super.d(openIdConfigurationResponse, response);
            }
        });
    }

    /* JADX INFO: Access modifiers changed from: private */
    public final boolean N() {
        return !(h().e().length() == 0) && Intrinsics.a(h().e(), h().c());
    }

    /* JADX WARN: Code restructure failed: missing block: B:35:0x00ae, code lost:
    
        if (r4 != true) goto L35;
     */
    /* JADX WARN: Code restructure failed: missing block: B:68:0x0141, code lost:
    
        if (r0 != null) goto L59;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private final com.lastpass.lpandroid.domain.account.federated.FederatedLoginFlow.ErrorType O() {
        /*
            Method dump skipped, instructions count: 370
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.lastpass.lpandroid.domain.account.federated.OpenIdFederatedLoginFlow.O():com.lastpass.lpandroid.domain.account.federated.FederatedLoginFlow$ErrorType");
    }

    protected void B() {
        LpLog.d("TagLogin", "Assembling master password from federated key elements");
        FederatedLoginFlowData h = h();
        CryptoUtils cryptoUtils = CryptoUtils.f14513a;
        byte[] g = h().g();
        Intrinsics.c(g);
        byte[] h2 = h().h();
        Intrinsics.c(h2);
        h.E(cryptoUtils.f(cryptoUtils.h(g, h2)));
        w();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Nullable
    public final String E(@NotNull String authToken) {
        Intrinsics.e(authToken, "authToken");
        JWT jwt = new JWT(authToken);
        if (jwt.f().containsKey("LastPassK1")) {
            return jwt.e("LastPassK1").a();
        }
        return null;
    }

    @NotNull
    public final OpenIdApi H() {
        OpenIdApi openIdApi = this.j;
        if (openIdApi == null) {
            Intrinsics.u("openIdApi");
        }
        return openIdApi;
    }

    protected abstract void I();

    /* JADX INFO: Access modifiers changed from: protected */
    public final void K(@NotNull byte[] k1) {
        Intrinsics.e(k1, "k1");
        FederatedLoginFlowData h = h();
        String encodeToString = Base64.encodeToString(CryptoUtils.f14513a.f(k1), 2);
        Intrinsics.d(encodeToString, "Base64.encodeToString(k1.sha256(), Base64.NO_WRAP)");
        h.w(encodeToString);
    }

    public abstract void L();

    /* JADX INFO: Access modifiers changed from: protected */
    public final void P() {
        FederatedLoginFlow.ErrorType O = O();
        if (O != null) {
            LpLog.E("TagLogin", "Invalid id token, validation failed " + O);
            v(O, "");
        }
        x();
    }

    @Override // com.lastpass.lpandroid.domain.account.federated.FederatedLoginFlow
    @NotNull
    protected String b() {
        if ((i().e() instanceof FederatedLoginFlow.FlowState.Undefined) || (i().e() instanceof FederatedLoginFlow.FlowState.NotFederatedUser)) {
            throw new IllegalStateException("Invalid state");
        }
        String d2 = g().d(j().f(), h().n());
        return Intrinsics.a(h().j().k(), Boolean.TRUE) ? C(d2) : D(d2);
    }

    @Override // com.lastpass.lpandroid.domain.account.federated.FederatedLoginFlow
    public void o(@Nullable String str, @NotNull final Function2<? super String, ? super String, Unit> onSuccess, @NotNull final Function1<? super FederatedLoginFlow.ErrorType, Unit> onError) {
        Intrinsics.e(onSuccess, "onSuccess");
        Intrinsics.e(onError, "onError");
        if (str == null) {
            u("OpenId authCode cannot be null!");
            onError.invoke(FederatedLoginFlow.ErrorType.LoginFailed.f12218a);
            return;
        }
        String e = j().e();
        if (e == null) {
            u("OpenId openIdConnectClientId cannot be null!");
            onError.invoke(FederatedLoginFlow.ErrorType.LoginFailed.f12218a);
            return;
        }
        String d2 = h().d();
        if (d2 == null) {
            u("OpenId codeVerifier cannot be null!");
            onError.invoke(FederatedLoginFlow.ErrorType.LoginFailed.f12218a);
        } else {
            OpenIdApi openIdApi = this.j;
            if (openIdApi == null) {
                Intrinsics.u("openIdApi");
            }
            openIdApi.d(new OpenIdTokenRequestInfo(g().k(h().j().f(), h().q()), "lastpass-mobile-client://android", e, h().p(), "authorization_code", d2, str), new LmiApiCallback<OpenIdTokenResponse>() { // from class: com.lastpass.lpandroid.domain.account.federated.OpenIdFederatedLoginFlow$getTokensForAuthCode$1
                @Override // com.lastpass.lpandroid.api.lmiapi.LmiApiCallback
                public void c(int i, @Nullable Throwable th, @Nullable Response<OpenIdTokenResponse> response) {
                    OpenIdFederatedLoginFlow.this.u("OpenId token call response error with " + i);
                    onError.invoke(FederatedLoginFlow.ErrorType.LoginFailed.f12218a);
                }

                @Override // com.lastpass.lpandroid.api.lmiapi.LmiApiCallback
                /* renamed from: e, reason: merged with bridge method [inline-methods] */
                public void d(@Nullable OpenIdTokenResponse openIdTokenResponse, @Nullable Response<OpenIdTokenResponse> response) {
                    if (openIdTokenResponse != null) {
                        onSuccess.invoke(openIdTokenResponse.a(), openIdTokenResponse.b());
                    } else {
                        OpenIdFederatedLoginFlow.this.u("OpenId token call response object cannot be null!");
                        onError.invoke(FederatedLoginFlow.ErrorType.GeneralFailure.f12217a);
                    }
                }
            });
        }
    }

    @Override // com.lastpass.lpandroid.domain.account.federated.FederatedLoginFlow
    protected void r() {
        FederatedProvider a2 = FederatedLoginFlowFactoryKt.a(j());
        if (Intrinsics.a(a2, Azure.f12203a)) {
            LpLog.d("TagLogin", "Init Federated login type: Azure AD");
            LpLog.d("TagLogin", "MDM Flow: " + h().j().h());
        } else if (Intrinsics.a(a2, Okta.f12246a)) {
            LpLog.d("TagLogin", "Init Federated login type: Okta");
        } else if (Intrinsics.a(a2, OktaHybrid.f12247a)) {
            LpLog.d("TagLogin", "Init Federated login type: Okta (Hybrid)");
        } else if (Intrinsics.a(a2, GoogleWorkspace.f12230a)) {
            LpLog.d("TagLogin", "Init Federated login type: Google Workspace");
        } else {
            if (!Intrinsics.a(a2, PingOne.f12256a)) {
                throw new InvalidFederatedProviderException("The " + FederatedLoginFlowFactoryKt.a(j()).getClass().getSimpleName() + " is invalid for an OpenID provider.");
            }
            LpLog.d("TagLogin", "Init Federated login type: PingOne");
        }
        if (h().j().c() != null) {
            Uri openIdConnectAuthorityURI = Uri.parse(h().j().d());
            StringBuilder sb = new StringBuilder();
            sb.append("Open ID Connect Authority: ");
            Intrinsics.d(openIdConnectAuthorityURI, "openIdConnectAuthorityURI");
            sb.append(openIdConnectAuthorityURI.getAuthority());
            sb.append(openIdConnectAuthorityURI.getPath());
            LpLog.d("TagLogin", sb.toString());
        }
        LpLog.d("TagLogin", "PKCE enabled: " + h().j().k());
        G();
        if (Intrinsics.a(h().j().k(), Boolean.TRUE)) {
            F();
        }
        i().o(new FederatedLoginFlow.FlowState.RetrieveOpenIdConfig());
        M();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.lastpass.lpandroid.domain.account.federated.FederatedLoginFlow
    public void x() {
        LpLog.d("TagLogin", "Federated state " + i().e() + " completed");
        FederatedLoginFlow.FlowState e = i().e();
        if (e instanceof FederatedLoginFlow.FlowState.Undefined) {
            r();
        } else if (e instanceof FederatedLoginFlow.FlowState.RetrieveOpenIdConfig) {
            i().o(new FederatedLoginFlow.FlowState.UserLogin());
        } else if (e instanceof FederatedLoginFlow.FlowState.UserLogin) {
            i().o(new FederatedLoginFlow.FlowState.OpenIdK1());
            I();
        } else if (e instanceof FederatedLoginFlow.FlowState.OpenIdK1) {
            i().o(new FederatedLoginFlow.FlowState.OpenIdK2());
            J();
        } else {
            if (!(e instanceof FederatedLoginFlow.FlowState.OpenIdK2)) {
                throw new InvalidFlowStateException("The " + i().e() + " state is invalid for the " + FederatedLoginFlowFactoryKt.a(j()).getClass().getSimpleName());
            }
            B();
            i().o(new FederatedLoginFlow.FlowState.Finished(true));
        }
        LpLog.d("TagLogin", "Enter Federated state: " + i().e());
    }

    @Override // com.lastpass.lpandroid.domain.account.federated.FederatedLoginFlow
    public void y(@NotNull UserLoginData userLoginData) {
        Intrinsics.e(userLoginData, "userLoginData");
        LpLog.d("TagLogin", "OpenId user login completed");
        if (!(i().e() instanceof FederatedLoginFlow.FlowState.UserLogin) && !(i().e() instanceof FederatedLoginFlow.FlowState.Finished)) {
            throw new IllegalStateException("Invalid state");
        }
        OpenIdUserLoginData openIdUserLoginData = (OpenIdUserLoginData) userLoginData;
        String a2 = openIdUserLoginData.a();
        String b2 = openIdUserLoginData.b();
        if (!(a2.length() == 0)) {
            if (!(b2.length() == 0)) {
                h().z(b2);
                h().v(a2);
                L();
                return;
            }
        }
        v(FederatedLoginFlow.ErrorType.LoginFailed.f12218a, "Missing auth token or id token");
    }
}
