package com.optum.mcoe.login.authentication;

import android.app.Activity;
import android.net.Uri;
import android.os.StrictMode;
import com.bumptech.glide.load.Key;
import com.google.firebase.sessions.settings.RemoteSettings;
import com.optum.mcoe.login.network.RetrofitBuilder;
import com.optum.mcoe.login.network.TokenApi;
import com.optum.mcoe.login.presentation.ClientAuthenticationActivity;
import com.optum.mcoe.login.security.PKCE;
import java.io.Serializable;
import java.net.URLDecoder;
import java.util.HashMap;
import java.util.Map;
import java.util.concurrent.TimeUnit;
import kotlin.Metadata;
import kotlin.jvm.internal.Intrinsics;
import kotlin.text.StringsKt;
import okhttp3.HttpUrl;
import okhttp3.Response;
import retrofit2.Retrofit;

/* compiled from: LoginClient.kt */
@Metadata(d1 = {"\u0000P\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u000e\n\u0002\b\n\n\u0002\u0010\u000b\n\u0002\b\u0006\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0002\b\u000e\n\u0002\u0010\u0002\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0007\n\u0002\u0018\u0002\n\u0002\b\u0003\b\u0016\u0018\u00002\u00020\u0001:\u0001<B\u001d\u0012\u0006\u0010\u0002\u001a\u00020\u0003\u0012\u0006\u0010\u0004\u001a\u00020\u0003\u0012\u0006\u0010\u0005\u001a\u00020\u0003¢\u0006\u0002\u0010\u0006J\u0016\u0010'\u001a\u00020(2\u0006\u0010)\u001a\u00020\u00032\u0006\u0010*\u001a\u00020\u0003J\b\u0010+\u001a\u00020,H\u0016J\b\u0010-\u001a\u00020,H\u0016J\b\u0010.\u001a\u00020\u0003H\u0016J\u0006\u0010/\u001a\u000200J\u0010\u00101\u001a\u0002022\u0006\u00103\u001a\u000202H\u0016J\u0006\u00104\u001a\u00020(J$\u00105\u001a\u00020(2\u0006\u00103\u001a\u0002022\u0012\u00106\u001a\u000e\u0012\u0004\u0012\u00020\u0003\u0012\u0004\u0012\u00020\u00030\u0015H\u0016J\u0010\u00107\u001a\u00020\u000e2\u0006\u00103\u001a\u000202H\u0016J\u000e\u00108\u001a\u00020(2\u0006\u00109\u001a\u00020:J\u000e\u0010;\u001a\u00020(2\u0006\u00109\u001a\u00020:R\u0011\u0010\u0002\u001a\u00020\u0003¢\u0006\b\n\u0000\u001a\u0004\b\u0007\u0010\bR\u001a\u0010\t\u001a\u00020\u0003X\u0086\u000e¢\u0006\u000e\n\u0000\u001a\u0004\b\n\u0010\b\"\u0004\b\u000b\u0010\fR\u001a\u0010\r\u001a\u00020\u000eX\u0086\u000e¢\u0006\u000e\n\u0000\u001a\u0004\b\u000f\u0010\u0010\"\u0004\b\u0011\u0010\u0012R\u0011\u0010\u0004\u001a\u00020\u0003¢\u0006\b\n\u0000\u001a\u0004\b\u0013\u0010\bR\u001d\u0010\u0014\u001a\u000e\u0012\u0004\u0012\u00020\u0003\u0012\u0004\u0012\u00020\u00030\u0015¢\u0006\b\n\u0000\u001a\u0004\b\u0016\u0010\u0017R\u0011\u0010\u0018\u001a\u00020\u0019¢\u0006\b\n\u0000\u001a\u0004\b\u001a\u0010\u001bR\u001a\u0010\u001c\u001a\u00020\u0003X\u0086\u000e¢\u0006\u000e\n\u0000\u001a\u0004\b\u001d\u0010\b\"\u0004\b\u001e\u0010\fR\u001a\u0010\u001f\u001a\u00020\u0003X\u0086\u000e¢\u0006\u000e\n\u0000\u001a\u0004\b \u0010\b\"\u0004\b!\u0010\fR\u001a\u0010\"\u001a\u00020\u0003X\u0086\u000e¢\u0006\u000e\n\u0000\u001a\u0004\b#\u0010\b\"\u0004\b$\u0010\fR\u001a\u0010\u0005\u001a\u00020\u0003X\u0086\u000e¢\u0006\u000e\n\u0000\u001a\u0004\b%\u0010\b\"\u0004\b&\u0010\f¨\u0006="}, d2 = {"Lcom/optum/mcoe/login/authentication/LoginClient;", "Ljava/io/Serializable;", "clientId", "", "loginDomain", "tokenEndpoint", "(Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;)V", "getClientId", "()Ljava/lang/String;", "clientSecret", "getClientSecret", "setClientSecret", "(Ljava/lang/String;)V", "enablePKCE", "", "getEnablePKCE", "()Z", "setEnablePKCE", "(Z)V", "getLoginDomain", "parameters", "Ljava/util/HashMap;", "getParameters", "()Ljava/util/HashMap;", "pkce", "Lcom/optum/mcoe/login/security/PKCE;", "getPkce", "()Lcom/optum/mcoe/login/security/PKCE;", "redirectUrl", "getRedirectUrl", "setRedirectUrl", "registrationDomain", "getRegistrationDomain", "setRegistrationDomain", "revokeTokenEndpoint", "getRevokeTokenEndpoint", "setRevokeTokenEndpoint", "getTokenEndpoint", "setTokenEndpoint", "addParameter", "", "key", "value", "buildAuthorizationUri", "Landroid/net/Uri;", "buildRegistrationUri", "getAuthorizeUrl", "getRetrofitClient", "Lretrofit2/Retrofit;", "refreshTokens", "Lcom/optum/mcoe/login/authentication/Credentials;", "credentials", "resetParameters", "revokeHSIDTokens", "hsidParams", "revokeTokens", "startWebLogin", "activity", "Landroid/app/Activity;", "startWebRegistration", "Provider", "login_release"}, k = 1, mv = {1, 7, 1}, xi = 48)
/* loaded from: classes3.dex */
public class LoginClient implements Serializable {
    private final String clientId;
    private String clientSecret;
    private boolean enablePKCE;
    private final String loginDomain;
    private final HashMap<String, String> parameters;
    private final PKCE pkce;
    private String redirectUrl;
    private String registrationDomain;
    private String revokeTokenEndpoint;
    private String tokenEndpoint;

    /* compiled from: LoginClient.kt */
    @Metadata(d1 = {"\u0000\u0010\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0000\n\u0002\u0018\u0002\n\u0000\bf\u0018\u00002\u00020\u0001J\b\u0010\u0002\u001a\u00020\u0003H&¨\u0006\u0004"}, d2 = {"Lcom/optum/mcoe/login/authentication/LoginClient$Provider;", "", "getLoginClient", "Lcom/optum/mcoe/login/authentication/LoginClient;", "login_release"}, k = 1, mv = {1, 7, 1}, xi = 48)
    /* loaded from: classes3.dex */
    public interface Provider {
        LoginClient getLoginClient();
    }

    public LoginClient(String clientId, String loginDomain, String tokenEndpoint) {
        Intrinsics.checkNotNullParameter(clientId, "clientId");
        Intrinsics.checkNotNullParameter(loginDomain, "loginDomain");
        Intrinsics.checkNotNullParameter(tokenEndpoint, "tokenEndpoint");
        this.clientId = clientId;
        this.loginDomain = loginDomain;
        this.tokenEndpoint = tokenEndpoint;
        this.clientSecret = "";
        this.parameters = new HashMap<>();
        this.pkce = new PKCE();
        this.redirectUrl = "";
        this.revokeTokenEndpoint = "";
        this.registrationDomain = "";
    }

    public final void addParameter(String key, String value) {
        Intrinsics.checkNotNullParameter(key, "key");
        Intrinsics.checkNotNullParameter(value, "value");
        this.parameters.put(key, value);
    }

    public Uri buildAuthorizationUri() {
        Uri.Builder buildUpon = Uri.parse(getLoginDomain()).buildUpon();
        buildUpon.appendQueryParameter("client_id", this.clientId);
        for (Map.Entry<String, String> entry : this.parameters.entrySet()) {
            buildUpon.appendQueryParameter(entry.getKey(), entry.getValue());
        }
        if (this.enablePKCE) {
            buildUpon.appendQueryParameter("code_challenge_method", "S256");
            buildUpon.appendQueryParameter("code_challenge", this.pkce.getCodeChallenge());
        }
        Uri parse = Uri.parse(URLDecoder.decode(buildUpon.build().toString(), Key.STRING_CHARSET_NAME));
        Intrinsics.checkNotNullExpressionValue(parse, "parse(URLDecoder.decode(…d().toString(), \"UTF-8\"))");
        return parse;
    }

    public Uri buildRegistrationUri() {
        Uri.Builder buildUpon = Uri.parse(this.registrationDomain).buildUpon();
        buildUpon.appendQueryParameter("client_id", this.clientId);
        for (Map.Entry<String, String> entry : this.parameters.entrySet()) {
            buildUpon.appendQueryParameter(entry.getKey(), entry.getValue());
        }
        if (this.enablePKCE) {
            buildUpon.appendQueryParameter("code_challenge_method", "S256");
            buildUpon.appendQueryParameter("code_challenge", this.pkce.getCodeChallenge());
        }
        Uri parse = Uri.parse(URLDecoder.decode(buildUpon.build().toString(), Key.STRING_CHARSET_NAME));
        Intrinsics.checkNotNullExpressionValue(parse, "parse(URLDecoder.decode(…d().toString(), \"UTF-8\"))");
        return parse;
    }

    /* renamed from: getAuthorizeUrl, reason: from getter */
    public String getLoginDomain() {
        return this.loginDomain;
    }

    public final String getClientId() {
        return this.clientId;
    }

    public final String getClientSecret() {
        return this.clientSecret;
    }

    public final boolean getEnablePKCE() {
        return this.enablePKCE;
    }

    public final String getLoginDomain() {
        return this.loginDomain;
    }

    public final HashMap<String, String> getParameters() {
        return this.parameters;
    }

    public final PKCE getPkce() {
        return this.pkce;
    }

    public final String getRedirectUrl() {
        return this.redirectUrl;
    }

    public final String getRegistrationDomain() {
        return this.registrationDomain;
    }

    public final Retrofit getRetrofitClient() {
        String str = this.loginDomain;
        if (!StringsKt.endsWith$default(str, RemoteSettings.FORWARD_SLASH_STRING, false, 2, (Object) null)) {
            str = str + '/';
        }
        return RetrofitBuilder.INSTANCE.getRetrofit(str);
    }

    public final String getRevokeTokenEndpoint() {
        return this.revokeTokenEndpoint;
    }

    public final String getTokenEndpoint() {
        return this.tokenEndpoint;
    }

    public Credentials refreshTokens(Credentials credentials) {
        Intrinsics.checkNotNullParameter(credentials, "credentials");
        TokenApi tokenApi = (TokenApi) getRetrofitClient().create(TokenApi.class);
        HashMap hashMap = new HashMap();
        hashMap.put("client_id", this.clientId);
        hashMap.put("grant_type", "refresh_token");
        hashMap.put("refresh_token", credentials.getRefreshToken());
        StrictMode.ThreadPolicy threadPolicy = StrictMode.getThreadPolicy();
        StrictMode.setThreadPolicy(new StrictMode.ThreadPolicy.Builder().permitAll().build());
        Credentials blockingGet = tokenApi.fetchTokens(HttpUrl.INSTANCE.get(this.tokenEndpoint), hashMap).timeout(10L, TimeUnit.SECONDS).blockingGet();
        StrictMode.setThreadPolicy(threadPolicy);
        return new Credentials(blockingGet.getAccessToken(), credentials.getRefreshToken(), credentials.getIdToken(), blockingGet.getTokenType(), blockingGet.getExpiresIn());
    }

    public final void resetParameters() {
        this.parameters.clear();
    }

    public void revokeHSIDTokens(Credentials credentials, HashMap<String, String> hsidParams) {
        Intrinsics.checkNotNullParameter(credentials, "credentials");
        Intrinsics.checkNotNullParameter(hsidParams, "hsidParams");
        if (this.revokeTokenEndpoint.length() > 0) {
            TokenApi tokenApi = (TokenApi) getRetrofitClient().create(TokenApi.class);
            HashMap hashMap = new HashMap();
            hashMap.put("client_id", this.clientId);
            String str = hsidParams.get("token_type_hint");
            if (str == null) {
                str = "";
            }
            hashMap.put("token_type_hint", str);
            String str2 = hsidParams.get("token");
            hashMap.put("token", str2 != null ? str2 : "");
            StrictMode.ThreadPolicy threadPolicy = StrictMode.getThreadPolicy();
            StrictMode.setThreadPolicy(new StrictMode.ThreadPolicy.Builder().permitAll().build());
            tokenApi.revokeLoginTokens(HttpUrl.INSTANCE.get(this.revokeTokenEndpoint), hashMap).timeout(10L, TimeUnit.SECONDS).blockingGet();
            StrictMode.setThreadPolicy(threadPolicy);
        }
    }

    public boolean revokeTokens(Credentials credentials) {
        Intrinsics.checkNotNullParameter(credentials, "credentials");
        if (!(this.revokeTokenEndpoint.length() > 0)) {
            return false;
        }
        TokenApi tokenApi = (TokenApi) getRetrofitClient().create(TokenApi.class);
        HashMap hashMap = new HashMap();
        hashMap.put("client_id", this.clientId);
        hashMap.put("token_type_hint", "refresh_token");
        hashMap.put("refresh_token", credentials.getRefreshToken());
        StrictMode.ThreadPolicy threadPolicy = StrictMode.getThreadPolicy();
        StrictMode.setThreadPolicy(new StrictMode.ThreadPolicy.Builder().permitAll().build());
        Response blockingGet = tokenApi.revokeTokens(HttpUrl.INSTANCE.get(this.revokeTokenEndpoint), hashMap).timeout(10L, TimeUnit.SECONDS).blockingGet();
        StrictMode.setThreadPolicy(threadPolicy);
        return blockingGet.code() == 200;
    }

    public final void setClientSecret(String str) {
        Intrinsics.checkNotNullParameter(str, "<set-?>");
        this.clientSecret = str;
    }

    public final void setEnablePKCE(boolean z) {
        this.enablePKCE = z;
    }

    public final void setRedirectUrl(String str) {
        Intrinsics.checkNotNullParameter(str, "<set-?>");
        this.redirectUrl = str;
    }

    public final void setRegistrationDomain(String str) {
        Intrinsics.checkNotNullParameter(str, "<set-?>");
        this.registrationDomain = str;
    }

    public final void setRevokeTokenEndpoint(String str) {
        Intrinsics.checkNotNullParameter(str, "<set-?>");
        this.revokeTokenEndpoint = str;
    }

    public final void setTokenEndpoint(String str) {
        Intrinsics.checkNotNullParameter(str, "<set-?>");
        this.tokenEndpoint = str;
    }

    public final void startWebLogin(Activity activity) {
        Intrinsics.checkNotNullParameter(activity, "activity");
        ClientAuthenticationActivity.INSTANCE.startWebAuthentication(activity, this);
    }

    public final void startWebRegistration(Activity activity) {
        Intrinsics.checkNotNullParameter(activity, "activity");
        ClientAuthenticationActivity.INSTANCE.startWebRegistration(activity, this);
    }
}
