package com.procergs.android.redmovelagente.infra;

import android.util.Base64;
import com.google.android.gms.measurement.api.AppMeasurementSdk;
import com.google.firebase.analytics.FirebaseAnalytics;
import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.crypto.RSASSAVerifier;
import com.nimbusds.jose.jwk.JWK;
import com.nimbusds.jose.jwk.JWKSet;
import com.nimbusds.jose.jwk.RSAKey;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.SignedJWT;
import com.procergs.android.redmovelagente.enums.AmbienteEnum;
import com.procergs.android.redmovelagente.type.UserSoeAuth;
import java.io.IOException;
import java.net.URL;
import java.net.URLEncoder;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.interfaces.RSAPublicKey;
import java.text.ParseException;
import kotlin.Metadata;
import kotlin.jvm.internal.Intrinsics;
import kotlin.text.Charsets;
import okhttp3.FormBody;
import okhttp3.OkHttpClient;
import okhttp3.Request;
import okhttp3.ResponseBody;
import org.json.JSONException;
import org.json.JSONObject;

/* compiled from: OpenIdConnectHelper.kt */
@Metadata(d1 = {"\u0000,\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0002\b\u0002\n\u0002\u0010\u000e\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0002\b\u0004\n\u0002\u0010\u000b\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0002\b\u0002\u0018\u0000 \u00122\u00020\u0001:\u0001\u0012B\u0005¢\u0006\u0002\u0010\u0002J\u0010\u0010\u0007\u001a\u00020\b2\b\u0010\t\u001a\u0004\u0018\u00010\u0004J\n\u0010\n\u001a\u0004\u0018\u00010\u0004H\u0002J\u000e\u0010\u000b\u001a\u00020\u00042\u0006\u0010\f\u001a\u00020\rJ\u0010\u0010\u000e\u001a\u00020\b2\b\u0010\u000e\u001a\u0004\u0018\u00010\u0004J\u0010\u0010\u000f\u001a\u00020\b2\u0006\u0010\u0010\u001a\u00020\u0011H\u0002R\u0011\u0010\u0003\u001a\u00020\u00048F¢\u0006\u0006\u001a\u0004\b\u0005\u0010\u0006¨\u0006\u0013"}, d2 = {"Lcom/procergs/android/redmovelagente/infra/OpenIdConnectHelper;", "", "()V", "endSessionEndpoint", "", "getEndSessionEndpoint", "()Ljava/lang/String;", "authorizationCode", "Lcom/procergs/android/redmovelagente/type/UserSoeAuth;", "code", "geraCodeChallenge", "getAuthorizationRequest", "sso", "", "refreshToken", "validateIdToken", "json", "Lorg/json/JSONObject;", "Companion", "app_release"}, k = 1, mv = {1, 6, 0}, xi = 48)
/* loaded from: classes.dex */
public final class OpenIdConnectHelper {
    private static final String AUTHORIZE_ENDPOINT;
    private static final String CLIENT_ID;
    private static String CODE_VERIFIER = null;
    private static final String END_SESSION_ENDPOINT;
    private static final String JWKS_URI;
    private static final String REDIRECT_URI = "com.procergs.android.redmovelagente://cb";
    private static final String SOE_AUTH_ISS;
    private static final String TOKEN_ENDPOINT;

    static {
        String urlSoeAuth = AmbienteEnum.PRODUCAO.getUrlSoeAuth();
        SOE_AUTH_ISS = urlSoeAuth;
        AUTHORIZE_ENDPOINT = urlSoeAuth + "/connect/authorize";
        TOKEN_ENDPOINT = urlSoeAuth + "/connect/token";
        END_SESSION_ENDPOINT = urlSoeAuth + "/connect/endsession";
        JWKS_URI = urlSoeAuth + "/connect/jwks";
        CLIENT_ID = AmbienteEnum.PRODUCAO.getClientId();
    }

    private final String geraCodeChallenge() {
        byte[] bArr;
        try {
            CODE_VERIFIER = Long.toHexString(Double.doubleToLongBits(Math.random()));
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
            String str = CODE_VERIFIER;
            if (str != null) {
                bArr = str.getBytes(Charsets.UTF_8);
                Intrinsics.checkNotNullExpressionValue(bArr, "this as java.lang.String).getBytes(charset)");
            } else {
                bArr = null;
            }
            Base64.encodeToString(messageDigest.digest(bArr), 8);
            return CODE_VERIFIER;
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException(e);
        }
    }

    private final UserSoeAuth validateIdToken(JSONObject json) {
        try {
            String string = json.getString("id_token");
            String accessToken = json.getString("access_token");
            int i = json.getInt("expires_in");
            String refreshToken = json.getString("refresh_token");
            JWKSet load = JWKSet.load(new URL(JWKS_URI));
            Intrinsics.checkNotNullExpressionValue(load, "load(URL(JWKS_URI))");
            JWK keyByKeyId = load.getKeyByKeyId("1");
            if (keyByKeyId == null) {
                throw new NullPointerException("null cannot be cast to non-null type com.nimbusds.jose.jwk.RSAKey");
            }
            PublicKey publicKey = ((RSAKey) keyByKeyId).toPublicKey();
            Intrinsics.checkNotNullExpressionValue(publicKey, "key.toPublicKey()");
            SignedJWT m44parse = SignedJWT.m44parse(string);
            Intrinsics.checkNotNullExpressionValue(m44parse, "parse(idToken)");
            if (!m44parse.verify(new RSASSAVerifier((RSAPublicKey) publicKey))) {
                throw new RuntimeException("invalid signature");
            }
            JWTClaimsSet jWTClaimsSet = m44parse.getJWTClaimsSet();
            Intrinsics.checkNotNullExpressionValue(jWTClaimsSet, "signedJWT.jwtClaimsSet");
            if (!jWTClaimsSet.getIssuer().equals(SOE_AUTH_ISS)) {
                throw new RuntimeException("invalid issuer");
            }
            if (!jWTClaimsSet.getAudience().contains(CLIENT_ID)) {
                throw new RuntimeException("invalid audience");
            }
            String subject = jWTClaimsSet.getSubject();
            Intrinsics.checkNotNullExpressionValue(subject, "claims.subject");
            String stringClaim = jWTClaimsSet.getStringClaim(AppMeasurementSdk.ConditionalUserProperty.NAME);
            Intrinsics.checkNotNullExpressionValue(stringClaim, "claims.getStringClaim(\"name\")");
            Long longClaim = jWTClaimsSet.getLongClaim("soe:matricula");
            Intrinsics.checkNotNullExpressionValue(longClaim, "claims.getLongClaim(\"soe:matricula\")");
            long longValue = longClaim.longValue();
            String stringClaim2 = jWTClaimsSet.getStringClaim("soe:organizacao");
            Intrinsics.checkNotNullExpressionValue(stringClaim2, "claims.getStringClaim(\"soe:organizacao\")");
            Intrinsics.checkNotNullExpressionValue(accessToken, "accessToken");
            Integer valueOf = Integer.valueOf(i);
            Intrinsics.checkNotNullExpressionValue(refreshToken, "refreshToken");
            return new UserSoeAuth(subject, stringClaim, accessToken, valueOf, refreshToken, longValue, stringClaim2);
        } catch (JOSEException e) {
            throw new RuntimeException(e);
        } catch (IOException e2) {
            throw new RuntimeException(e2);
        } catch (ParseException e3) {
            throw new RuntimeException(e3);
        } catch (JSONException e4) {
            throw new RuntimeException(e4);
        }
    }

    public final UserSoeAuth authorizationCode(String code) {
        OkHttpClient okHttpClient = new OkHttpClient();
        FormBody build = new FormBody.Builder().add("grant_type", "authorization_code").add("client_id", CLIENT_ID).add("code", code).add("redirect_uri", REDIRECT_URI).add("code_verifier", CODE_VERIFIER).build();
        Intrinsics.checkNotNullExpressionValue(build, "Builder()\n              …\n                .build()");
        try {
            ResponseBody body = okHttpClient.newCall(new Request.Builder().url(TOKEN_ENDPOINT).post(build).build()).execute().body();
            Intrinsics.checkNotNull(body);
            return validateIdToken(new JSONObject(body.string()));
        } catch (IOException e) {
            throw new RuntimeException(e);
        } catch (JSONException e2) {
            throw new RuntimeException(e2);
        }
    }

    public final String getAuthorizationRequest(boolean sso) {
        try {
            StringBuffer stringBuffer = new StringBuffer();
            stringBuffer.append(AUTHORIZE_ENDPOINT);
            stringBuffer.append("?response_type=code");
            stringBuffer.append("&scope=openid");
            stringBuffer.append("&client_id=" + CLIENT_ID);
            stringBuffer.append("&redirect_uri=");
            stringBuffer.append(URLEncoder.encode(REDIRECT_URI, "UTF-8"));
            stringBuffer.append("&code_challenge=" + geraCodeChallenge());
            stringBuffer.append("&code_challenge_method=plain");
            stringBuffer.append("&prompt=");
            stringBuffer.append(sso ? "none" : FirebaseAnalytics.Event.LOGIN);
            String stringBuffer2 = stringBuffer.toString();
            Intrinsics.checkNotNullExpressionValue(stringBuffer2, "{\n            val uri = … uri.toString()\n        }");
            return stringBuffer2;
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    public final String getEndSessionEndpoint() {
        return END_SESSION_ENDPOINT + "?id_token_hint=123&post_logout_redirect_uri=com.procergs.android.redmovelagente://cb";
    }

    public final UserSoeAuth refreshToken(String refreshToken) {
        OkHttpClient okHttpClient = new OkHttpClient();
        FormBody build = new FormBody.Builder().add("grant_type", "refresh_token").add("client_id", CLIENT_ID).add("refresh_token", refreshToken).add("redirect_uri", REDIRECT_URI).build();
        Intrinsics.checkNotNullExpressionValue(build, "Builder()\n              …\n                .build()");
        try {
            ResponseBody body = okHttpClient.newCall(new Request.Builder().url(TOKEN_ENDPOINT).post(build).build()).execute().body();
            Intrinsics.checkNotNull(body);
            return validateIdToken(new JSONObject(body.string()));
        } catch (IOException e) {
            throw new RuntimeException(e);
        } catch (JSONException e2) {
            throw new RuntimeException(e2);
        }
    }
}
