package org.openstack.android.summit.common.security.oidc;

import android.text.TextUtils;
import com.google.api.client.auth.oauth2.AuthorizationCodeTokenRequest;
import com.google.api.client.auth.oauth2.TokenRequest;
import com.google.api.client.auth.oauth2.TokenResponse;
import com.google.api.client.auth.openidconnect.IdToken;
import com.google.api.client.auth.openidconnect.IdTokenResponse;
import com.google.api.client.auth.openidconnect.IdTokenVerifier;
import com.google.api.client.extensions.android.http.AndroidHttp;
import com.google.api.client.http.BasicAuthentication;
import com.google.api.client.http.GenericUrl;
import com.google.api.client.http.HttpExecuteInterceptor;
import com.google.api.client.json.JsonFactory;
import com.google.api.client.json.gson.GsonFactory;
import java.io.IOException;
import java.util.Arrays;
import java.util.Collection;
import org.openstack.android.summit.common.security.IdentityProviderUrls;
import org.openstack.android.summit.common.security.oidc.OIDCNativeClientConfiguration;

/* loaded from: classes.dex */
public final class OpenIdConnectProtocol {
    private IdentityProviderUrls identityProviderUrls;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.openstack.android.summit.common.security.oidc.OpenIdConnectProtocol$1, reason: invalid class name */
    /* loaded from: classes.dex */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$openstack$android$summit$common$security$oidc$OIDCNativeClientConfiguration$Flows = new int[OIDCNativeClientConfiguration.Flows.values().length];

        static {
            try {
                $SwitchMap$org$openstack$android$summit$common$security$oidc$OIDCNativeClientConfiguration$Flows[OIDCNativeClientConfiguration.Flows.AuthorizationCode.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                $SwitchMap$org$openstack$android$summit$common$security$oidc$OIDCNativeClientConfiguration$Flows[OIDCNativeClientConfiguration.Flows.Hybrid.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            try {
                $SwitchMap$org$openstack$android$summit$common$security$oidc$OIDCNativeClientConfiguration$Flows[OIDCNativeClientConfiguration.Flows.Implicit.ordinal()] = 3;
            } catch (NoSuchFieldError unused3) {
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public static final class AuthUrlBuilderStrategyFactory {
        private AuthUrlBuilderStrategyFactory() {
        }

        public static IAuthUrlBuilderStrategy build(OIDCNativeClientConfiguration oIDCNativeClientConfiguration) {
            int i2 = AnonymousClass1.$SwitchMap$org$openstack$android$summit$common$security$oidc$OIDCNativeClientConfiguration$Flows[oIDCNativeClientConfiguration.getFlowType().ordinal()];
            return i2 != 1 ? i2 != 2 ? i2 != 3 ? new CodeFlowAuthUrlBuilderStrategy() : new ImplicitFlowAuthUrlBuilderStrategy() : new HybridFlowAuthUrlBuilderStrategy() : new CodeFlowAuthUrlBuilderStrategy();
        }
    }

    public OpenIdConnectProtocol(IdentityProviderUrls identityProviderUrls) {
        this.identityProviderUrls = identityProviderUrls;
    }

    public static boolean isValidIdToken(String str, String str2) throws IOException {
        return new IdTokenVerifier.Builder().setAudience(Arrays.asList(str)).build().verify(IdToken.parse((JsonFactory) new GsonFactory(), str2));
    }

    public AuthCodeRequest buildAuthRequest(OIDCNativeClientConfiguration oIDCNativeClientConfiguration) {
        return new AuthCodeRequest(AuthUrlBuilderStrategyFactory.build(oIDCNativeClientConfiguration).build(oIDCNativeClientConfiguration, this.identityProviderUrls));
    }

    public TokenResponse makeAccessTokenRequest(AccessTokenRequest accessTokenRequest) throws IOException {
        TokenRequest tokenRequest = new TokenRequest(AndroidHttp.newCompatibleTransport(), new GsonFactory(), new GenericUrl(this.identityProviderUrls.getTokenEndpoint()), accessTokenRequest.getGrantType());
        tokenRequest.setClientAuthentication(new BasicAuthentication(accessTokenRequest.getClientId(), accessTokenRequest.getClientSecret())).setScopes(accessTokenRequest.getScopes());
        return tokenRequest.execute();
    }

    public IdTokenResponse makeRefreshTokenRequest(RefreshTokenRequest refreshTokenRequest) throws IOException {
        com.google.api.client.auth.oauth2.RefreshTokenRequest refreshTokenRequest2 = new com.google.api.client.auth.oauth2.RefreshTokenRequest(AndroidHttp.newCompatibleTransport(), new GsonFactory(), new GenericUrl(this.identityProviderUrls.getTokenEndpoint()), refreshTokenRequest.getRefreshToken());
        if (!TextUtils.isEmpty(refreshTokenRequest.getClientSecret())) {
            refreshTokenRequest2.setClientAuthentication((HttpExecuteInterceptor) new BasicAuthentication(refreshTokenRequest.getClientId(), refreshTokenRequest.getClientSecret()));
        }
        refreshTokenRequest2.setScopes((Collection<String>) refreshTokenRequest.getScopes());
        return IdTokenResponse.execute(refreshTokenRequest2);
    }

    public IdTokenResponse makeTokenRequest(AuthCodeResponse authCodeResponse) throws IOException {
        AuthorizationCodeTokenRequest authorizationCodeTokenRequest = new AuthorizationCodeTokenRequest(AndroidHttp.newCompatibleTransport(), new GsonFactory(), new GenericUrl(this.identityProviderUrls.getTokenEndpoint()), authCodeResponse.getAuthCode());
        authorizationCodeTokenRequest.set("redirect_uri", (Object) authCodeResponse.getReturnUrl());
        if (!TextUtils.isEmpty(authCodeResponse.getClientSecret())) {
            authorizationCodeTokenRequest.setClientAuthentication((HttpExecuteInterceptor) new BasicAuthentication(authCodeResponse.getClientId(), authCodeResponse.getClientSecret()));
        }
        IdTokenResponse execute = IdTokenResponse.execute(authorizationCodeTokenRequest);
        if (isValidIdToken(authCodeResponse.getClientId(), execute.getIdToken())) {
            return execute;
        }
        throw new IOException("Invalid ID token returned.");
    }
}
