package com.gabrielittner.noos.auth.android.openid;

import com.gabrielittner.noos.auth.AuthenticationException;
import com.gabrielittner.noos.auth.TokenManager;
import com.gabrielittner.noos.auth.User;
import com.gabrielittner.noos.auth.UserNotAuthenticatedException;
import com.gabrielittner.noos.auth.UserService;
import com.gabrielittner.noos.auth.UserType;
import com.gabrielittner.noos.auth.android.account.AndroidAccountManager;
import com.gabrielittner.noos.auth.android.openid.lib.CustomAuthState;
import com.gabrielittner.noos.auth.android.openid.lib.CustomAuthorizationService;
import java.util.ArrayList;
import java.util.EnumSet;
import java.util.Iterator;
import java.util.Set;
import kotlin.collections.ArraysKt___ArraysKt;
import kotlin.collections.CollectionsKt__IterablesKt;
import kotlin.collections.SetsKt__SetsKt;
import kotlin.collections.SetsKt___SetsKt;
import kotlin.jvm.internal.Intrinsics;
import net.openid.appauth.AuthorizationException;
import net.openid.appauth.TokenResponse;
import timber.log.Timber;
import timber.log.Tree;

/* loaded from: classes.dex */
public abstract class OpenIdAuth implements TokenManager {
    private final Tree TREE;
    private final AndroidAccountManager accountManager;
    private final CustomAuthorizationService authService;

    public OpenIdAuth(UserType userType, AndroidAccountManager accountManager, CustomAuthorizationService authService) {
        Intrinsics.checkParameterIsNotNull(userType, "userType");
        Intrinsics.checkParameterIsNotNull(accountManager, "accountManager");
        Intrinsics.checkParameterIsNotNull(authService, "authService");
        this.accountManager = accountManager;
        this.authService = authService;
        this.TREE = Timber.tagged("noos/auth/token/" + userType.name());
    }

    private final void saveState(String str, CustomAuthState customAuthState) {
        this.accountManager.saveUserExtra$auth_android_release(str, OpenIdUtilsKt.serialize(customAuthState));
    }

    private final CustomAuthState state(String str) {
        String userExtra$auth_android_release = this.accountManager.userExtra$auth_android_release(str);
        if (userExtra$auth_android_release != null) {
            return OpenIdUtilsKt.deserializeAuthState(userExtra$auth_android_release);
        }
        return null;
    }

    @Override // com.gabrielittner.noos.auth.TokenManager
    public String authToken(String id, Set<? extends UserService> services) {
        int collectionSizeOrDefault;
        Set<? extends UserService> plus;
        Intrinsics.checkParameterIsNotNull(id, "id");
        Intrinsics.checkParameterIsNotNull(services, "services");
        CustomAuthState state = state(id);
        if (state == null) {
            AndroidAccountManager androidAccountManager = this.accountManager;
            EnumSet allOf = EnumSet.allOf(UserService.class);
            Intrinsics.checkExpressionValueIsNotNull(allOf, "EnumSet.allOf(UserService::class.java)");
            androidAccountManager.needsReAuthentication$auth_android_release(id, allOf);
            Tree tree = this.TREE;
            if (tree.isLoggable(3, null)) {
                tree.rawLog(3, null, null, "no state available; removing access");
            }
            throw new UserNotAuthenticatedException("no state available; removing access");
        }
        Set<String> scopeSet = state.getScopeSet();
        if (scopeSet == null) {
            scopeSet = SetsKt__SetsKt.emptySet();
        }
        Intrinsics.checkExpressionValueIsNotNull(scopeSet, "state.scopeSet ?: emptySet()");
        collectionSizeOrDefault = CollectionsKt__IterablesKt.collectionSizeOrDefault(services, 10);
        ArrayList arrayList = new ArrayList(collectionSizeOrDefault);
        Iterator<T> it = services.iterator();
        while (it.hasNext()) {
            arrayList.add(((UserService) it.next()).getScope());
        }
        if (!scopeSet.containsAll(arrayList)) {
            Tree tree2 = this.TREE;
            if (tree2.isLoggable(3, null)) {
                tree2.rawLog(3, null, null, "user " + id + " doesn't have access to the necessary scopes");
            }
            Tree tree3 = this.TREE;
            if (tree3.isLoggable(3, null)) {
                tree3.rawLog(3, null, null, "requested: " + arrayList + "; has: " + scopeSet);
            }
            ArrayList arrayList2 = new ArrayList();
            for (String it2 : scopeSet) {
                UserService.Companion companion = UserService.Companion;
                Intrinsics.checkExpressionValueIsNotNull(it2, "it");
                UserService fromScope = companion.fromScope(it2);
                if (fromScope != null) {
                    arrayList2.add(fromScope);
                }
            }
            plus = SetsKt___SetsKt.plus(services, arrayList2);
            User userById$auth_android_release = this.accountManager.userById$auth_android_release(id);
            if (userById$auth_android_release != null) {
                plus = SetsKt___SetsKt.plus(plus, userById$auth_android_release.getServices());
            }
            this.accountManager.needsReAuthentication$auth_android_release(id, plus);
            throw new UserNotAuthenticatedException("not all services for user " + id + " not enabled, removing access for all");
        }
        String accessToken = state.getAccessToken();
        if (accessToken != null && !state.getNeedsTokenRefresh()) {
            Tree tree4 = this.TREE;
            if (tree4.isLoggable(3, null)) {
                tree4.rawLog(3, null, null, "cached token " + accessToken);
            }
            return accessToken;
        }
        Tree tree5 = this.TREE;
        if (tree5.isLoggable(3, null)) {
            tree5.rawLog(3, null, null, "refreshing token");
        }
        TokenCallback tokenCallback = new TokenCallback();
        this.authService.performTokenRequestBlocking(state.createTokenRefreshRequest(), tokenCallback);
        TokenResponse await = tokenCallback.await();
        if (await != null) {
            state.update(await, tokenCallback.authException());
            state.setNeedsTokenRefresh(false);
            saveState(id, state);
            String accessToken2 = state.getAccessToken();
            Tree tree6 = this.TREE;
            if (tree6.isLoggable(3, null)) {
                tree6.rawLog(3, null, null, "token refresh ok: " + accessToken2);
            }
            if (accessToken2 != null) {
                return accessToken2;
            }
            throw new AuthenticationException("token null");
        }
        Exception exception = tokenCallback.exception();
        if (exception == null) {
            Tree tree7 = this.TREE;
            if (tree7.isLoggable(6, null)) {
                tree7.rawLog(6, null, null, "unknown error");
            }
            throw new AuthenticationException("unknown error");
        }
        if (!(exception instanceof AuthorizationException)) {
            Tree tree8 = this.TREE;
            if (tree8.isLoggable(6, null)) {
                tree8.rawLog(6, null, exception, "error refreshing token");
            }
            throw new AuthenticationException("error refreshing token", exception);
        }
        int i = ((AuthorizationException) exception).code;
        if (i == AuthorizationException.TokenRequestErrors.INVALID_GRANT.code) {
            this.accountManager.needsReAuthentication$auth_android_release(id, services);
            Tree tree9 = this.TREE;
            if (tree9.isLoggable(3, null)) {
                tree9.rawLog(3, null, exception, "user not authenticated");
            }
            throw new UserNotAuthenticatedException("user not authenticated", exception);
        }
        if (i == AuthorizationException.TokenRequestErrors.UNAUTHORIZED_CLIENT.code) {
            this.accountManager.needsReAuthentication$auth_android_release(id, services);
            Tree tree10 = this.TREE;
            if (tree10.isLoggable(3, null)) {
                tree10.rawLog(3, null, exception, "user not authenticated");
            }
            throw new UserNotAuthenticatedException("user not authenticated", exception);
        }
        Tree tree11 = this.TREE;
        if (!tree11.isLoggable(3, null)) {
            throw exception;
        }
        tree11.rawLog(3, null, exception, "something went wrong");
        throw exception;
    }

    @Override // com.gabrielittner.noos.auth.TokenManager
    public String authToken(String id, UserService... services) {
        Set<? extends UserService> set;
        Intrinsics.checkParameterIsNotNull(id, "id");
        Intrinsics.checkParameterIsNotNull(services, "services");
        set = ArraysKt___ArraysKt.toSet(services);
        return authToken(id, set);
    }

    @Override // com.gabrielittner.noos.auth.TokenManager
    public void invalidateAuthToken(String id, String token) {
        Intrinsics.checkParameterIsNotNull(id, "id");
        Intrinsics.checkParameterIsNotNull(token, "token");
        CustomAuthState state = state(id);
        if (state == null || !Intrinsics.areEqual(state.getAccessToken(), token)) {
            Tree tree = this.TREE;
            if (tree.isLoggable(3, null)) {
                tree.rawLog(3, null, null, "token not in use anymore");
                return;
            }
            return;
        }
        state.setNeedsTokenRefresh(true);
        saveState(id, state);
        Tree tree2 = this.TREE;
        if (tree2.isLoggable(3, null)) {
            tree2.rawLog(3, null, null, "invalidated token");
        }
    }
}
