package com.lastpass.lpandroid.domain.account.federated;

import android.net.Uri;
import android.util.Base64;
import androidx.compose.runtime.internal.StabilityInferred;
import com.auth0.android.jwt.JWT;
import com.lastpass.lpandroid.api.federated.OpenIdApi;
import com.lastpass.lpandroid.api.federated.dto.OpenIdConfigurationResponse;
import com.lastpass.lpandroid.api.federated.dto.OpenIdK2Response;
import com.lastpass.lpandroid.api.federated.dto.OpenIdTokenRequestInfo;
import com.lastpass.lpandroid.api.federated.dto.OpenIdTokenResponse;
import com.lastpass.lpandroid.api.lmiapi.LmiApiCallback;
import com.lastpass.lpandroid.app.Globals;
import com.lastpass.lpandroid.domain.LpLog;
import com.lastpass.lpandroid.domain.account.federated.FederatedLoginFlow;
import com.lastpass.lpandroid.domain.account.federated.exception.InvalidFederatedProviderException;
import com.lastpass.lpandroid.domain.account.federated.exception.InvalidFlowStateException;
import com.lastpass.lpandroid.domain.account.federated.helper.FederatedLoginFlowHelper;
import com.lastpass.lpandroid.utils.FormattingExtensionsKt;
import com.lastpass.lpandroid.utils.security.CryptoUtils;
import com.lastpass.lpandroid.utils.security.KeyGenerator;
import java.util.Map;
import javax.inject.Inject;
import kotlin.Metadata;
import kotlin.TuplesKt;
import kotlin.Unit;
import kotlin.collections.MapsKt__MapsKt;
import kotlin.jvm.functions.Function1;
import kotlin.jvm.functions.Function2;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.Intrinsics;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import retrofit2.Response;

@StabilityInferred
@Metadata
/* loaded from: classes2.dex */
public abstract class OpenIdFederatedLoginFlow extends FederatedLoginFlow {

    /* renamed from: m, reason: collision with root package name */
    @NotNull
    public static final Companion f22257m = new Companion(null);

    /* renamed from: n, reason: collision with root package name */
    public static final int f22258n = 8;

    /* renamed from: j, reason: collision with root package name */
    @Inject
    public OpenIdApi f22259j;

    /* renamed from: k, reason: collision with root package name */
    private final boolean f22260k;

    /* renamed from: l, reason: collision with root package name */
    @Nullable
    private final String f22261l;

    @Metadata
    /* loaded from: classes2.dex */
    public static final class Companion {
        private Companion() {
        }

        public /* synthetic */ Companion(DefaultConstructorMarker defaultConstructorMarker) {
            this();
        }
    }

    private OpenIdFederatedLoginFlow() {
        this("");
    }

    /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
    public OpenIdFederatedLoginFlow(@NotNull String username) {
        super(username);
        Intrinsics.h(username, "username");
        this.f22260k = true;
        Globals.a().d(this);
    }

    private final String D(String str) {
        Map<String, String> l2;
        FederatedLoginFlowHelper h2 = h();
        String d2 = i().d();
        Intrinsics.e(d2);
        l2 = MapsKt__MapsKt.l(TuplesKt.a("client_id", i().j().e()), TuplesKt.a("login_hint", r()), TuplesKt.a("redirect_uri", i().p()), TuplesKt.a("prompt", "login"), TuplesKt.a("response_type", "code"), TuplesKt.a("scope", h().h(i().j().f(), i().j().h())), TuplesKt.a("state", FormattingExtensionsKt.j(i().r())), TuplesKt.a("nonce", FormattingExtensionsKt.j(i().m())), TuplesKt.a("code_challenge", h2.c(d2)), TuplesKt.a("code_challenge_method", "S256"));
        if (!h().b(i().j().f(), i().j().i())) {
            l2.remove("login_hint");
        }
        if (!h().f(i().j().f())) {
            l2.remove("prompt");
        }
        return h().e(str, l2);
    }

    private final String E(String str) {
        Map<String, String> k2;
        FederatedLoginFlowHelper h2 = h();
        k2 = MapsKt__MapsKt.k(TuplesKt.a("client_id", i().j().e()), TuplesKt.a("login_hint", r()), TuplesKt.a("redirect_uri", i().p()), TuplesKt.a("response_type", "id_token token"), TuplesKt.a("scope", h().h(i().j().f(), i().j().h())), TuplesKt.a("state", FormattingExtensionsKt.j(i().r())), TuplesKt.a("nonce", FormattingExtensionsKt.j(i().m())));
        return h2.e(str, k2);
    }

    private final void G() {
        i().x(FederatedLoginFlowHelper.DefaultImpls.a(h(), null, 1, null));
    }

    private final void H() {
        i().G(KeyGenerator.a(32));
        i().L(KeyGenerator.a(32));
    }

    private final void L() {
        OpenIdApi J = J();
        String c2 = i().j().c();
        if (c2 == null) {
            c2 = "https://accounts.lastpass.com/";
        }
        J.a(c2);
        LpLog.d("TagLogin", "Federated login getting K2 from: " + J().y());
        OpenIdApi J2 = J();
        Long a2 = i().j().a();
        J2.x(a2 != null ? a2.longValue() : 0L, i().f(), new FederatedLoginFlow.FederatedApiCallback<OpenIdK2Response>() { // from class: com.lastpass.lpandroid.domain.account.federated.OpenIdFederatedLoginFlow$getOpenIdK2$1
            /* JADX INFO: Access modifiers changed from: package-private */
            {
                super();
            }

            @Override // com.lastpass.lpandroid.domain.account.federated.FederatedLoginFlow.FederatedApiCallback, com.lastpass.lpandroid.api.lmiapi.LmiApiCallback
            /* renamed from: f, reason: merged with bridge method [inline-methods] */
            public void d(@Nullable OpenIdK2Response openIdK2Response, @Nullable Response<OpenIdK2Response> response) {
                boolean Q;
                LpLog.d("TagLogin", "Federated login: Getting K2 from response");
                String b2 = openIdK2Response != null ? openIdK2Response.b() : null;
                if (b2 == null || b2.length() == 0) {
                    LpLog.d("TagLogin", "Federated login: Getting K2 failed as response was null or empty");
                    throw new IllegalStateException("k2 not found in response");
                }
                LpLog.d("TagLogin", "Federated login: Decoding K2");
                OpenIdFederatedLoginFlow.this.i().B(Base64.decode(b2, 2));
                if (OpenIdFederatedLoginFlow.this.i().h() == null) {
                    LpLog.d("TagLogin", "Federated login: Getting K2 failed as response could not be decoded");
                }
                if (openIdK2Response.a() == null) {
                    LpLog.d("TagLogin", "Federated login: Getting K2 failed as response fragmentId was null");
                }
                FederatedLoginFlowData i2 = OpenIdFederatedLoginFlow.this.i();
                String a3 = openIdK2Response.a();
                if (a3 == null) {
                    a3 = "";
                }
                i2.y(a3);
                LpLog.d("TagLogin", "Federated login: Validating K2");
                Q = OpenIdFederatedLoginFlow.this.Q();
                if (Q) {
                    super.d(openIdK2Response, response);
                } else {
                    LpLog.d("TagLogin", "Federated login: Getting K2 failed as response fragmentId could not be validated");
                    throw new IllegalArgumentException("Fragment ids mismatch");
                }
            }
        });
    }

    private final void P() {
        String d2 = i().j().d();
        if (d2 == null || d2.length() == 0) {
            LpLog.E("TagLogin", "Empty connect authority");
            a();
        } else {
            OpenIdApi J = J();
            String d3 = i().j().d();
            Intrinsics.e(d3);
            J.H(d3, new FederatedLoginFlow.FederatedApiCallback<OpenIdConfigurationResponse>() { // from class: com.lastpass.lpandroid.domain.account.federated.OpenIdFederatedLoginFlow$retrieveOpenIdConfiguration$1
                /* JADX INFO: Access modifiers changed from: package-private */
                {
                    super();
                }

                @Override // com.lastpass.lpandroid.domain.account.federated.FederatedLoginFlow.FederatedApiCallback, com.lastpass.lpandroid.api.lmiapi.LmiApiCallback
                /* renamed from: f, reason: merged with bridge method [inline-methods] */
                public void d(@Nullable OpenIdConfigurationResponse openIdConfigurationResponse, @Nullable Response<OpenIdConfigurationResponse> response) {
                    String str;
                    String str2;
                    String str3;
                    String b2;
                    String a2 = openIdConfigurationResponse != null ? openIdConfigurationResponse.a() : null;
                    if (a2 == null || a2.length() == 0) {
                        throw new IllegalStateException("Failed to retrieve openid authority url");
                    }
                    FederatedLoginFlowData i2 = OpenIdFederatedLoginFlow.this.i();
                    String str4 = "";
                    if (openIdConfigurationResponse == null || (str = openIdConfigurationResponse.a()) == null) {
                        str = "";
                    }
                    i2.H(str);
                    FederatedLoginFlowData i3 = OpenIdFederatedLoginFlow.this.i();
                    if (openIdConfigurationResponse == null || (str2 = openIdConfigurationResponse.d()) == null) {
                        str2 = "";
                    }
                    i3.K(str2);
                    FederatedLoginFlowData i4 = OpenIdFederatedLoginFlow.this.i();
                    if (openIdConfigurationResponse == null || (str3 = openIdConfigurationResponse.e()) == null) {
                        str3 = "";
                    }
                    i4.M(str3);
                    FederatedLoginFlowData i5 = OpenIdFederatedLoginFlow.this.i();
                    if (openIdConfigurationResponse != null && (b2 = openIdConfigurationResponse.b()) != null) {
                        str4 = b2;
                    }
                    i5.I(str4);
                    OpenIdFederatedLoginFlow.this.i().F(openIdConfigurationResponse != null ? openIdConfigurationResponse.c() : null);
                    super.d(openIdConfigurationResponse, response);
                }
            });
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public final boolean Q() {
        return !(i().e().length() == 0) && Intrinsics.c(i().e(), i().c());
    }

    /* JADX WARN: Removed duplicated region for block: B:41:0x00c0 A[Catch: DecodeException -> 0x0171, TryCatch #0 {DecodeException -> 0x0171, blocks: (B:3:0x0006, B:6:0x001e, B:9:0x0027, B:11:0x002d, B:12:0x0033, B:14:0x0045, B:16:0x004e, B:18:0x0056, B:22:0x0069, B:24:0x0072, B:26:0x0078, B:29:0x0082, B:31:0x008c, B:33:0x0095, B:35:0x009f, B:37:0x00a9, B:41:0x00c0, B:44:0x00c9, B:46:0x00d3, B:49:0x00ef, B:51:0x00f9, B:55:0x010c, B:57:0x0116, B:61:0x0129, B:64:0x013c, B:67:0x0153, B:69:0x0161, B:70:0x0165, B:73:0x0147, B:76:0x0169), top: B:2:0x0006 }] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private final com.lastpass.lpandroid.domain.account.federated.FederatedLoginFlow.ErrorType R() {
        /*
            Method dump skipped, instructions count: 372
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.lastpass.lpandroid.domain.account.federated.OpenIdFederatedLoginFlow.R():com.lastpass.lpandroid.domain.account.federated.FederatedLoginFlow$ErrorType");
    }

    protected void C() {
        LpLog.d("TagLogin", "Assembling master password from federated key elements");
        FederatedLoginFlowData i2 = i();
        CryptoUtils cryptoUtils = CryptoUtils.f24891a;
        byte[] g = i().g();
        Intrinsics.e(g);
        byte[] h2 = i().h();
        Intrinsics.e(h2);
        i2.E(cryptoUtils.g(cryptoUtils.j(g, h2)));
        x();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Nullable
    public final String F(@NotNull String authToken) {
        Intrinsics.h(authToken, "authToken");
        JWT jwt = new JWT(authToken);
        if (jwt.f().containsKey("LastPassK1")) {
            return jwt.e("LastPassK1").a();
        }
        return null;
    }

    @Nullable
    protected String I() {
        return this.f22261l;
    }

    @NotNull
    public final OpenIdApi J() {
        OpenIdApi openIdApi = this.f22259j;
        if (openIdApi != null) {
            return openIdApi;
        }
        Intrinsics.z("openIdApi");
        return null;
    }

    protected abstract void K();

    protected boolean M() {
        return this.f22260k;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final void N(@NotNull byte[] k1) {
        Intrinsics.h(k1, "k1");
        FederatedLoginFlowData i2 = i();
        String encodeToString = Base64.encodeToString(CryptoUtils.f24891a.g(k1), 2);
        Intrinsics.g(encodeToString, "encodeToString(k1.sha256(), Base64.NO_WRAP)");
        i2.w(encodeToString);
    }

    public abstract void O();

    /* JADX INFO: Access modifiers changed from: protected */
    public final void S() {
        FederatedLoginFlow.ErrorType R = R();
        if (R != null) {
            LpLog.E("TagLogin", "Invalid id token, validation failed " + R);
            w(R, "");
        }
        y();
    }

    @Override // com.lastpass.lpandroid.domain.account.federated.FederatedLoginFlow
    @NotNull
    protected String b() {
        if ((j().f() instanceof FederatedLoginFlow.FlowState.Undefined) || (j().f() instanceof FederatedLoginFlow.FlowState.NotFederatedUser)) {
            throw new IllegalStateException("Invalid state");
        }
        String d2 = h().d(k().f(), i().n());
        return Intrinsics.c(i().j().k(), Boolean.TRUE) ? D(d2) : E(d2);
    }

    @Override // com.lastpass.lpandroid.domain.account.federated.FederatedLoginFlow
    public void p(@Nullable String str, @NotNull final Function2<? super String, ? super String, Unit> onSuccess, @NotNull final Function1<? super FederatedLoginFlow.ErrorType, Unit> onError) {
        Intrinsics.h(onSuccess, "onSuccess");
        Intrinsics.h(onError, "onError");
        if (str == null) {
            v("OpenId authCode cannot be null!");
            onError.invoke(FederatedLoginFlow.ErrorType.LoginFailed.f22220a);
            return;
        }
        String e2 = k().e();
        if (e2 == null) {
            v("OpenId openIdConnectClientId cannot be null!");
            onError.invoke(FederatedLoginFlow.ErrorType.LoginFailed.f22220a);
            return;
        }
        String d2 = i().d();
        if (d2 != null) {
            J().d(new OpenIdTokenRequestInfo(h().k(i().j().f(), i().q()), M() ? "lastpass-mobile-client://android" : null, e2, i().p(), "authorization_code", d2, str, I()), new LmiApiCallback<OpenIdTokenResponse>() { // from class: com.lastpass.lpandroid.domain.account.federated.OpenIdFederatedLoginFlow$getTokensForAuthCode$1
                @Override // com.lastpass.lpandroid.api.lmiapi.LmiApiCallback
                public void c(int i2, @Nullable Throwable th, @Nullable Response<OpenIdTokenResponse> response) {
                    this.v("OpenId token call response error with " + i2);
                    onError.invoke(FederatedLoginFlow.ErrorType.LoginFailed.f22220a);
                }

                @Override // com.lastpass.lpandroid.api.lmiapi.LmiApiCallback
                /* renamed from: e, reason: merged with bridge method [inline-methods] */
                public void d(@Nullable OpenIdTokenResponse openIdTokenResponse, @Nullable Response<OpenIdTokenResponse> response) {
                    if (openIdTokenResponse != null) {
                        onSuccess.invoke(openIdTokenResponse.a(), openIdTokenResponse.b());
                    } else {
                        this.v("OpenId token call response object cannot be null!");
                        onError.invoke(FederatedLoginFlow.ErrorType.GeneralFailure.f22219a);
                    }
                }
            });
        } else {
            v("OpenId codeVerifier cannot be null!");
            onError.invoke(FederatedLoginFlow.ErrorType.LoginFailed.f22220a);
        }
    }

    @Override // com.lastpass.lpandroid.domain.account.federated.FederatedLoginFlow
    protected void s() {
        FederatedProvider a2 = FederatedLoginFlowFactoryKt.a(k());
        if (Intrinsics.c(a2, Azure.f22202a)) {
            LpLog.d("TagLogin", "Init Federated login type: Azure AD");
            LpLog.d("TagLogin", "MDM Flow: " + i().j().h());
        } else if (Intrinsics.c(a2, Okta.f22252a)) {
            LpLog.d("TagLogin", "Init Federated login type: Okta");
        } else if (Intrinsics.c(a2, OktaHybrid.f22253a)) {
            LpLog.d("TagLogin", "Init Federated login type: Okta (Hybrid)");
        } else if (Intrinsics.c(a2, GoogleWorkspace.f22240a)) {
            LpLog.d("TagLogin", "Init Federated login type: Google Workspace");
        } else if (Intrinsics.c(a2, PingOne.f22269a)) {
            LpLog.d("TagLogin", "Init Federated login type: PingOne");
        } else {
            if (!Intrinsics.c(a2, OneLogin.f22255a)) {
                throw new InvalidFederatedProviderException("The " + FederatedLoginFlowFactoryKt.a(k()).getClass().getSimpleName() + " is invalid for an OpenID provider.");
            }
            LpLog.d("TagLogin", "Init Federated login type: OneLogin");
        }
        if (i().j().c() != null) {
            Uri parse = Uri.parse(i().j().d());
            LpLog.d("TagLogin", "Open ID Connect Authority: " + parse.getAuthority() + parse.getPath());
        }
        LpLog.d("TagLogin", "PKCE enabled: " + i().j().k());
        H();
        if (Intrinsics.c(i().j().k(), Boolean.TRUE)) {
            G();
        }
        j().p(new FederatedLoginFlow.FlowState.RetrieveOpenIdConfig());
        P();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.lastpass.lpandroid.domain.account.federated.FederatedLoginFlow
    public void y() {
        LpLog.d("TagLogin", "Federated state " + j().f() + " completed");
        FederatedLoginFlow.FlowState f2 = j().f();
        if (f2 instanceof FederatedLoginFlow.FlowState.Undefined) {
            s();
        } else if (f2 instanceof FederatedLoginFlow.FlowState.RetrieveOpenIdConfig) {
            j().p(new FederatedLoginFlow.FlowState.UserLogin());
        } else if (f2 instanceof FederatedLoginFlow.FlowState.UserLogin) {
            j().p(new FederatedLoginFlow.FlowState.OpenIdK1());
            K();
        } else if (f2 instanceof FederatedLoginFlow.FlowState.OpenIdK1) {
            j().p(new FederatedLoginFlow.FlowState.OpenIdK2());
            L();
        } else {
            if (!(f2 instanceof FederatedLoginFlow.FlowState.OpenIdK2)) {
                throw new InvalidFlowStateException("The " + j().f() + " state is invalid for the " + FederatedLoginFlowFactoryKt.a(k()).getClass().getSimpleName());
            }
            C();
            j().p(new FederatedLoginFlow.FlowState.Finished(true));
        }
        LpLog.d("TagLogin", "Enter Federated state: " + j().f());
    }

    @Override // com.lastpass.lpandroid.domain.account.federated.FederatedLoginFlow
    public void z(@NotNull UserLoginData userLoginData) {
        Intrinsics.h(userLoginData, "userLoginData");
        LpLog.d("TagLogin", "OpenId user login completed");
        if (!(j().f() instanceof FederatedLoginFlow.FlowState.UserLogin) && !(j().f() instanceof FederatedLoginFlow.FlowState.Finished)) {
            throw new IllegalStateException("Invalid state");
        }
        OpenIdUserLoginData openIdUserLoginData = (OpenIdUserLoginData) userLoginData;
        String a2 = openIdUserLoginData.a();
        String b2 = openIdUserLoginData.b();
        if (!(a2.length() == 0)) {
            if (!(b2.length() == 0)) {
                i().z(b2);
                i().v(a2);
                O();
                return;
            }
        }
        w(FederatedLoginFlow.ErrorType.LoginFailed.f22220a, "Missing auth token or id token");
    }
}
