package cz.eman.oneconnect.auth.task.validate;

import android.os.AsyncTask;
import androidx.annotation.NonNull;
import androidx.annotation.Nullable;
import com.google.gson.Gson;
import com.google.gson.GsonBuilder;
import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.jwk.source.RemoteJWKSet;
import com.nimbusds.jose.proc.BadJOSEException;
import com.nimbusds.jose.proc.JWSVerificationKeySelector;
import com.nimbusds.jose.proc.SecurityContext;
import com.nimbusds.jose.util.DefaultResourceRetriever;
import com.nimbusds.jwt.proc.BadJWTException;
import com.nimbusds.jwt.proc.ConfigurableJWTProcessor;
import com.nimbusds.jwt.proc.DefaultJWTProcessor;
import cz.eman.core.api.oneconnect.log.L;
import cz.eman.core.api.plugin.user.auth.LoginFailure;
import cz.eman.core.api.plugin.user.auth.configuration.Configuration;
import cz.eman.oneconnect.auth.manager.token.IdpTokenManager;
import cz.eman.oneconnect.auth.model.AuthorizationRequest;
import cz.eman.oneconnect.auth.model.JwtPayload;
import cz.eman.oneconnect.auth.model.Tokens;
import cz.eman.oneconnect.auth.provider.uri.SsoJwksUriProvider;
import cz.eman.oneconnect.auth.utils.JwtPayloadDeserializer;
import java.net.MalformedURLException;
import java.net.URL;
import java.text.ParseException;
import java.util.concurrent.TimeUnit;

/* loaded from: classes2.dex */
public abstract class IdpValidateTokensTask extends AsyncTask<Void, Void, UserData> {

    @Nullable
    protected IdpTokenManager mCallback;

    @Nullable
    protected Configuration mConfiguration;

    @Nullable
    protected String mInitialIdToken;

    @Nullable
    protected AuthorizationRequest mRequest;

    @Nullable
    protected Tokens mSsoTokens;

    @Nullable
    protected Exception mValidationException = null;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes2.dex */
    public class UserData {
        String login;
        String vwId;

        public UserData(String str, String str2) {
            this.login = str2;
            this.vwId = str;
        }
    }

    public IdpValidateTokensTask(@Nullable String str, @NonNull Tokens tokens, @NonNull AuthorizationRequest authorizationRequest, @NonNull IdpTokenManager idpTokenManager, @NonNull Configuration configuration) {
        this.mSsoTokens = tokens;
        this.mRequest = authorizationRequest;
        this.mCallback = idpTokenManager;
        this.mInitialIdToken = str;
        this.mConfiguration = configuration;
    }

    @Nullable
    private JwtPayload getPayload(ConfigurableJWTProcessor<SecurityContext> configurableJWTProcessor, Gson gson, String str) throws ParseException, BadJOSEException, JOSEException {
        try {
            return (JwtPayload) gson.fromJson(configurableJWTProcessor.process(str, (String) null).toString(), JwtPayload.class);
        } catch (NullPointerException unused) {
            return null;
        }
    }

    private LoginFailure getReason(@NonNull Exception exc) {
        return ((exc instanceof BadJWTException) && exc.getMessage().equals("Expired JWT")) ? LoginFailure.TOKENS_EXPIRED : LoginFailure.TOKENS_INVALID;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // android.os.AsyncTask
    @Nullable
    public UserData doInBackground(@Nullable Void... voidArr) {
        try {
            DefaultJWTProcessor defaultJWTProcessor = new DefaultJWTProcessor();
            defaultJWTProcessor.setJWSKeySelector(new JWSVerificationKeySelector(JWSAlgorithm.RS256, new RemoteJWKSet(new URL(new SsoJwksUriProvider().provide(this.mConfiguration)), new DefaultResourceRetriever((int) TimeUnit.MILLISECONDS.convert(20L, TimeUnit.SECONDS), (int) TimeUnit.MILLISECONDS.convert(20L, TimeUnit.SECONDS), 0))));
            Gson create = new GsonBuilder().registerTypeAdapter(JwtPayload.class, new JwtPayloadDeserializer()).create();
            JwtPayload payload = getPayload(defaultJWTProcessor, create, this.mSsoTokens.getIdToken());
            JwtPayload payload2 = getPayload(defaultJWTProcessor, create, this.mSsoTokens.getAccessToken());
            JwtPayload payload3 = getPayload(defaultJWTProcessor, create, this.mInitialIdToken);
            L.d(getClass(), "Tokens are generally valid", new Object[0]);
            if (!validateOtherParams(payload3, payload, payload2)) {
                throw new JOSEException("Validating of (state || nonce || issuer || audience) did not pass");
            }
            String userId = payload != null ? payload.getUserId() : null;
            if (userId != null) {
                this.mCallback.saveTokens(this.mSsoTokens, userId);
            }
            return getUserData(payload3, payload, payload2);
        } catch (JOSEException | BadJOSEException | MalformedURLException | ParseException e) {
            L.d(getClass(), "Tokens are invalid. Aborting login", new Object[0]);
            e.printStackTrace();
            this.mValidationException = e;
            return null;
        }
    }

    @Nullable
    protected abstract UserData getUserData(@Nullable JwtPayload jwtPayload, @Nullable JwtPayload jwtPayload2, @Nullable JwtPayload jwtPayload3);

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // android.os.AsyncTask
    public void onPostExecute(@Nullable UserData userData) {
        super.onPostExecute((IdpValidateTokensTask) userData);
        Exception exc = this.mValidationException;
        if (exc == null) {
            this.mCallback.onSsoTokensValid(this.mSsoTokens, userData.vwId, userData.login);
        } else {
            this.mCallback.onSsoTokensInvalid(getReason(exc));
        }
    }

    protected abstract boolean validateOtherParams(@Nullable JwtPayload jwtPayload, @Nullable JwtPayload jwtPayload2, @Nullable JwtPayload jwtPayload3);
}
