package com.google.identitytoolkit;

import com.google.common.annotations.VisibleForTesting;
import com.google.common.collect.Maps;
import com.google.common.io.BaseEncoding;
import com.google.identitytoolkit.GitkitUser;
import java.io.IOException;
import java.io.InputStream;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.interfaces.RSAPrivateKey;
import java.util.HashMap;
import java.util.List;
import java.util.logging.Level;
import java.util.logging.Logger;
import net.oauth.jsontoken.JsonToken;
import net.oauth.jsontoken.crypto.RsaSHA256Signer;
import org.joda.time.Instant;
import org.json.JSONArray;
import org.json.JSONException;
import org.json.JSONObject;

/* loaded from: input_file:com/google/identitytoolkit/RpcHelper.class */
public class RpcHelper {

    @VisibleForTesting
    static final String GITKIT_SCOPE = "https://www.googleapis.com/auth/identitytoolkit";

    @VisibleForTesting
    static final String TOKEN_SERVER = "https://accounts.google.com/o/oauth2/token";
    private static final Logger log = Logger.getLogger(RpcHelper.class.getName());
    private final RsaSHA256Signer signer;
    private final String gitkitApiUrl;
    private final HttpSender httpSender;

    public RpcHelper(HttpSender httpSender, String str, String str2, InputStream inputStream) {
        this.gitkitApiUrl = str;
        this.httpSender = httpSender;
        this.signer = initRsaSHA256Signer(str2, inputStream);
    }

    public JSONObject createAuthUri(String str, String str2, String str3) throws GitkitServerException, GitkitClientException {
        JSONObject jSONObject = new JSONObject();
        if (str != null) {
            try {
                jSONObject.put("identifier", str);
            } catch (JSONException e) {
                throw new GitkitServerException(e);
            }
        }
        if (str2 != null) {
            jSONObject.put("continueUri", str2);
        }
        if (str3 != null) {
            jSONObject.put("context", str3);
        }
        return invokeGitkitApi("createAuthUri", jSONObject, null);
    }

    public JSONObject verifyAssertion(String str, String str2) throws GitkitServerException, GitkitClientException {
        JSONObject jSONObject = new JSONObject();
        try {
            jSONObject.put("requestUri", str);
            if (str2 != null) {
                jSONObject.put("postBody", str2);
            }
            return invokeGitkitApi("verifyAssertion", jSONObject, null);
        } catch (JSONException e) {
            throw new GitkitServerException(e);
        }
    }

    public JSONObject verifyPassword(String str, String str2, String str3, String str4) throws GitkitServerException, GitkitClientException {
        try {
            JSONObject put = new JSONObject().put(JsonTokenHelper.ID_TOKEN_EMAIL, str).put("password", str2);
            if (str3 != null) {
                put.put("pendingIdToken", str3);
            }
            if (str4 != null) {
                put.put("captchaResponse", str4);
            }
            return invokeGoogle2LegOauthApi("verifyPassword", put);
        } catch (JSONException e) {
            throw new GitkitServerException(e);
        }
    }

    public JSONObject getOobCode(JSONObject jSONObject) throws GitkitClientException, GitkitServerException {
        return invokeGoogle2LegOauthApi("getOobConfirmationCode", jSONObject);
    }

    public JSONObject getAccountInfo(String str) throws GitkitClientException, GitkitServerException {
        try {
            return invokeGoogle2LegOauthApi("getAccountInfo", new JSONObject().put("idToken", str));
        } catch (JSONException e) {
            throw new GitkitServerException("OAuth API failed");
        }
    }

    public JSONObject getAccountInfoById(String str) throws GitkitClientException, GitkitServerException {
        try {
            return invokeGoogle2LegOauthApi("getAccountInfo", new JSONObject().put("localId", new JSONArray().put(str)));
        } catch (JSONException e) {
            throw new GitkitServerException(e);
        }
    }

    public JSONObject getAccountInfoByEmail(String str) throws GitkitClientException, GitkitServerException {
        try {
            return invokeGoogle2LegOauthApi("getAccountInfo", new JSONObject().put(JsonTokenHelper.ID_TOKEN_EMAIL, new JSONArray().put(str)));
        } catch (JSONException e) {
            throw new GitkitServerException(e);
        }
    }

    public JSONObject updateAccount(GitkitUser gitkitUser) throws GitkitServerException, GitkitClientException {
        try {
            JSONObject put = new JSONObject().put(JsonTokenHelper.ID_TOKEN_EMAIL, gitkitUser.getEmail()).put("localId", gitkitUser.getLocalId());
            if (gitkitUser.getName() != null) {
                put.put("displayName", gitkitUser.getName());
            }
            if (gitkitUser.getHash() != null) {
                put.put("password", gitkitUser.getHash());
            }
            return invokeGoogle2LegOauthApi("setAccountInfo", put);
        } catch (JSONException e) {
            throw new GitkitServerException(e);
        }
    }

    public JSONObject downloadAccount(String str, Integer num) throws GitkitClientException, GitkitServerException {
        try {
            JSONObject jSONObject = new JSONObject();
            if (str != null) {
                jSONObject.put("nextPageToken", str);
            }
            if (num != null) {
                jSONObject.put("maxResults", num);
            }
            return invokeGoogle2LegOauthApi("downloadAccount", jSONObject);
        } catch (JSONException e) {
            throw new GitkitServerException(e);
        }
    }

    public JSONObject uploadAccount(String str, byte[] bArr, List<GitkitUser> list, byte[] bArr2, Integer num, Integer num2) throws GitkitClientException, GitkitServerException {
        try {
            JSONObject put = new JSONObject().put("hashAlgorithm", str).put("signerKey", BaseEncoding.base64Url().encode(bArr)).put("users", toJsonArray(list));
            if (bArr2 != null) {
                put.put("saltSeparator", BaseEncoding.base64Url().encode(bArr2));
            }
            if (num != null) {
                put.put("rounds", num);
            }
            if (num2 != null) {
                put.put("memoryCost", num2);
            }
            return invokeGoogle2LegOauthApi("uploadAccount", put);
        } catch (JSONException e) {
            throw new GitkitServerException(e);
        }
    }

    public JSONObject deleteAccount(String str) throws GitkitClientException, GitkitServerException {
        try {
            return invokeGoogle2LegOauthApi("deleteAccount", new JSONObject().put("localId", str));
        } catch (JSONException e) {
            throw new GitkitServerException(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String downloadCerts(String str) throws IOException {
        String str2;
        String concat = String.valueOf(this.gitkitApiUrl).concat("publicKeys");
        HashMap newHashMap = Maps.newHashMap();
        if (str != null) {
            String valueOf = String.valueOf(concat);
            concat = new StringBuilder(5 + String.valueOf(valueOf).length() + String.valueOf(str).length()).append(valueOf).append("?key=").append(str).toString();
        } else {
            try {
                String valueOf2 = String.valueOf(getAccessToken());
                if (valueOf2.length() != 0) {
                    str2 = "Bearer ".concat(valueOf2);
                } else {
                    str2 = r3;
                    String str3 = new String("Bearer ");
                }
                newHashMap.put("Authorization", str2);
            } catch (GeneralSecurityException e) {
                throw new IOException(e);
            } catch (JSONException e2) {
                throw new IOException(e2);
            }
        }
        return this.httpSender.get(concat, newHashMap);
    }

    @VisibleForTesting
    JSONObject invokeGoogle2LegOauthApi(String str, JSONObject jSONObject) throws GitkitClientException, GitkitServerException {
        try {
            return invokeGitkitApi(str, jSONObject, getAccessToken());
        } catch (IOException e) {
            throw new GitkitServerException(e);
        } catch (GeneralSecurityException e2) {
            throw new GitkitServerException(e2);
        } catch (JSONException e3) {
            throw new GitkitServerException(e3);
        }
    }

    @VisibleForTesting
    String getAccessToken() throws GeneralSecurityException, IOException, JSONException {
        String str;
        String valueOf = String.valueOf(signServiceAccountRequest());
        if (valueOf.length() != 0) {
            str = "grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Ajwt-bearer&assertion=".concat(valueOf);
        } else {
            str = r1;
            String str2 = new String("grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Ajwt-bearer&assertion=");
        }
        String str3 = str;
        HashMap newHashMap = Maps.newHashMap();
        newHashMap.put("Content-Type", "application/x-www-form-urlencoded");
        return new JSONObject(this.httpSender.post(TOKEN_SERVER, str3, newHashMap)).getString("access_token");
    }

    @VisibleForTesting
    String signServiceAccountRequest() throws GeneralSecurityException {
        JsonToken jsonToken = new JsonToken(this.signer);
        jsonToken.setAudience(TOKEN_SERVER);
        jsonToken.setParam("nonce", "nonce");
        jsonToken.setParam("scope", GITKIT_SCOPE);
        jsonToken.setIssuedAt(new Instant());
        jsonToken.setExpiration(new Instant().plus(3600000L));
        return jsonToken.serializeAndSign();
    }

    private JSONObject invokeGitkitApi(String str, JSONObject jSONObject, String str2) throws GitkitClientException, GitkitServerException {
        String str3;
        String str4;
        try {
            HashMap newHashMap = Maps.newHashMap();
            if (str2 != null) {
                String valueOf = String.valueOf(str2);
                if (valueOf.length() != 0) {
                    str4 = "Bearer ".concat(valueOf);
                } else {
                    str4 = r3;
                    String str5 = new String("Bearer ");
                }
                newHashMap.put("Authorization", str4);
            }
            newHashMap.put("Content-Type", "application/json");
            HttpSender httpSender = this.httpSender;
            String valueOf2 = String.valueOf(this.gitkitApiUrl);
            String valueOf3 = String.valueOf(str);
            if (valueOf3.length() != 0) {
                str3 = valueOf2.concat(valueOf3);
            } else {
                str3 = r2;
                String str6 = new String(valueOf2);
            }
            return checkGitkitException(httpSender.post(str3, jSONObject.toString(), newHashMap));
        } catch (IOException e) {
            throw new GitkitServerException(e);
        }
    }

    private RsaSHA256Signer initRsaSHA256Signer(String str, InputStream inputStream) {
        String str2;
        String str3;
        String str4;
        String str5;
        String str6;
        String str7;
        if (str != null && inputStream != null) {
            try {
                KeyStore keyStore = KeyStore.getInstance("PKCS12");
                keyStore.load(inputStream, "notasecret".toCharArray());
                return new RsaSHA256Signer(str, (String) null, (RSAPrivateKey) keyStore.getKey("privatekey", "notasecret".toCharArray()));
            } catch (IOException e) {
                Logger logger = log;
                Level level = Level.WARNING;
                String valueOf = String.valueOf(e.getMessage());
                if (valueOf.length() != 0) {
                    str7 = "can not initialize service account signer: ".concat(valueOf);
                } else {
                    str7 = r3;
                    String str8 = new String("can not initialize service account signer: ");
                }
                logger.log(level, str7, (Throwable) e);
            } catch (InvalidKeyException e2) {
                Logger logger2 = log;
                Level level2 = Level.WARNING;
                String valueOf2 = String.valueOf(e2.getMessage());
                if (valueOf2.length() != 0) {
                    str6 = "can not initialize service account signer: ".concat(valueOf2);
                } else {
                    str6 = r3;
                    String str9 = new String("can not initialize service account signer: ");
                }
                logger2.log(level2, str6, (Throwable) e2);
            } catch (KeyStoreException e3) {
                Logger logger3 = log;
                Level level3 = Level.WARNING;
                String valueOf3 = String.valueOf(e3.getMessage());
                if (valueOf3.length() != 0) {
                    str5 = "can not initialize service account signer: ".concat(valueOf3);
                } else {
                    str5 = r3;
                    String str10 = new String("can not initialize service account signer: ");
                }
                logger3.log(level3, str5, (Throwable) e3);
            } catch (NoSuchAlgorithmException e4) {
                Logger logger4 = log;
                Level level4 = Level.WARNING;
                String valueOf4 = String.valueOf(e4.getMessage());
                if (valueOf4.length() != 0) {
                    str4 = "can not initialize service account signer: ".concat(valueOf4);
                } else {
                    str4 = r3;
                    String str11 = new String("can not initialize service account signer: ");
                }
                logger4.log(level4, str4, (Throwable) e4);
            } catch (UnrecoverableKeyException e5) {
                Logger logger5 = log;
                Level level5 = Level.WARNING;
                String valueOf5 = String.valueOf(e5.getMessage());
                if (valueOf5.length() != 0) {
                    str3 = "can not initialize service account signer: ".concat(valueOf5);
                } else {
                    str3 = r3;
                    String str12 = new String("can not initialize service account signer: ");
                }
                logger5.log(level5, str3, (Throwable) e5);
            } catch (CertificateException e6) {
                Logger logger6 = log;
                Level level6 = Level.WARNING;
                String valueOf6 = String.valueOf(e6.getMessage());
                if (valueOf6.length() != 0) {
                    str2 = "can not initialize service account signer: ".concat(valueOf6);
                } else {
                    str2 = r3;
                    String str13 = new String("can not initialize service account signer: ");
                }
                logger6.log(level6, str2, (Throwable) e6);
            }
        }
        Logger logger7 = log;
        String valueOf7 = String.valueOf(inputStream);
        logger7.warning(new StringBuilder(59 + String.valueOf(str).length() + String.valueOf(valueOf7).length()).append("service account is set to null due to: email = ").append(str).append("keystream = ").append(valueOf7).toString());
        return null;
    }

    private static JSONArray toJsonArray(List<GitkitUser> list) throws JSONException {
        JSONArray jSONArray = new JSONArray();
        for (GitkitUser gitkitUser : list) {
            JSONObject jSONObject = new JSONObject();
            jSONObject.put(JsonTokenHelper.ID_TOKEN_EMAIL, gitkitUser.getEmail());
            jSONObject.put("localId", gitkitUser.getLocalId());
            if (gitkitUser.getHash() != null) {
                jSONObject.put("passwordHash", BaseEncoding.base64Url().encode(gitkitUser.getHash()));
            }
            if (gitkitUser.getSalt() != null) {
                jSONObject.put("salt", BaseEncoding.base64Url().encode(gitkitUser.getSalt()));
            }
            if (gitkitUser.getProviders() != null) {
                JSONArray jSONArray2 = new JSONArray();
                for (GitkitUser.ProviderInfo providerInfo : gitkitUser.getProviders()) {
                    jSONArray2.put(new JSONObject().put("federatedId", providerInfo.getFederatedId()).put("providerId", providerInfo.getProviderId()));
                }
                jSONObject.put("providerUserInfo", jSONArray2);
            }
            jSONArray.put(jSONObject);
        }
        return jSONArray;
    }

    @VisibleForTesting
    JSONObject checkGitkitException(String str) throws GitkitClientException, GitkitServerException {
        String str2;
        JSONObject jSONObject;
        try {
            jSONObject = new JSONObject(str);
        } catch (JSONException e) {
            Logger logger = log;
            Level level = Level.WARNING;
            String valueOf = String.valueOf(e.getMessage());
            if (valueOf.length() != 0) {
                str2 = "Server response exception: ".concat(valueOf);
            } else {
                str2 = r3;
                String str3 = new String("Server response exception: ");
            }
            logger.log(level, str2, (Throwable) e);
        }
        if (!jSONObject.has("error")) {
            return jSONObject;
        }
        JSONObject jSONObject2 = jSONObject.getJSONObject("error");
        String optString = jSONObject2.optString("code");
        if (optString == null) {
            throw new GitkitServerException("null error code from Gitkit server");
        }
        if (optString.startsWith("4")) {
            throw new GitkitClientException(jSONObject2.optString("message"));
        }
        throw new GitkitServerException(jSONObject2.optString("message"));
    }
}
