package com.amazon.identity.auth.accounts;

import android.content.Context;
import android.os.Bundle;
import com.amazon.identity.auth.device.env.EnvironmentUtils;
import com.amazon.identity.auth.device.features.Feature;
import com.amazon.identity.auth.device.features.FeatureSet;
import com.amazon.identity.auth.device.framework.AuthEndpointErrorParser;
import com.amazon.identity.auth.device.framework.RetryLogic;
import com.amazon.identity.auth.device.framework.SSODeviceInfo;
import com.amazon.identity.auth.device.framework.ServiceWrappingContext;
import com.amazon.identity.auth.device.framework.Tracer;
import com.amazon.identity.auth.device.framework.security.EnhancedURLConnectionFactory;
import com.amazon.identity.auth.device.metadata.DeviceMetadataCollector;
import com.amazon.identity.auth.device.utils.JSONHelpers;
import com.amazon.identity.auth.device.utils.MAPLog;
import com.amazon.identity.auth.device.utils.PackageUtils;
import com.amazon.identity.auth.device.utils.StreamUtils;
import com.amazon.identity.kcpsdk.auth.AmazonWebserviceCall;
import com.amazon.identity.kcpsdk.auth.AuthenticationChallenge;
import com.amazon.identity.kcpsdk.auth.JwtSigner;
import com.amazon.identity.kcpsdk.auth.PandaAuthenticateAccountRequest;
import com.amazon.identity.kcpsdk.common.LocaleUtil;
import com.amazon.identity.platform.metric.MetricUtils;
import com.amazon.identity.platform.metric.PlatformMetricsTimer;
import com.amazon.identity.platform.setting.PlatformSettings;
import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.Locale;
import javax.net.ssl.HttpsURLConnection;
import org.json.JSONException;
import org.json.JSONObject;

/* loaded from: classes.dex */
public class AuthenticateAccountAction {
    private final AuthEndpointErrorParser mAuthEndpointErrorParser;
    private final ServiceWrappingContext mContext;
    private final SSODeviceInfo mDeviceInfo;
    private final FeatureSet mFeatureSet;
    private static final String TAG = AuthenticateAccountAction.class.getName();
    private static final AuthenticatedAccountInfo GENERIC_CREDENTIAL_ERROR_ACCOUNT_INFO = new AuthenticatedAccountInfo(new AuthEndpointErrorParser.AuthEndpointError(AuthEndpointErrorParser.AuthErrorType.CredentialError, "Credential Error", "Credential Error", "No Request Id"));

    /* loaded from: classes.dex */
    public static class AuthenticatedAccountInfo {
        public final String accessToken;
        public final AuthenticationChallenge challenge;
        public final String directedId;
        public final AuthEndpointErrorParser.AuthEndpointError error;

        public AuthenticatedAccountInfo(AuthEndpointErrorParser.AuthEndpointError authEndpointError) {
            this(null, null, null, authEndpointError);
        }

        public AuthenticatedAccountInfo(AuthenticationChallenge authenticationChallenge, AuthEndpointErrorParser.AuthEndpointError authEndpointError) {
            this(null, null, authenticationChallenge, authEndpointError);
        }

        public AuthenticatedAccountInfo(String str, String str2) {
            this(str, str2, null, null);
        }

        private AuthenticatedAccountInfo(String str, String str2, AuthenticationChallenge authenticationChallenge, AuthEndpointErrorParser.AuthEndpointError authEndpointError) {
            this.accessToken = str;
            this.directedId = str2;
            this.challenge = authenticationChallenge;
            this.error = authEndpointError;
        }

        public boolean isError() {
            return this.error != null;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public AuthenticateAccountAction(Context context) {
        this(ServiceWrappingContext.create(context), new AuthEndpointErrorParser());
    }

    private AuthenticateAccountAction(ServiceWrappingContext serviceWrappingContext, AuthEndpointErrorParser authEndpointErrorParser) {
        this(serviceWrappingContext, authEndpointErrorParser, (SSODeviceInfo) serviceWrappingContext.getSystemService("dcp_device_info"));
    }

    AuthenticateAccountAction(ServiceWrappingContext serviceWrappingContext, AuthEndpointErrorParser authEndpointErrorParser, SSODeviceInfo sSODeviceInfo) {
        this.mContext = serviceWrappingContext;
        this.mAuthEndpointErrorParser = authEndpointErrorParser;
        this.mDeviceInfo = sSODeviceInfo;
        this.mFeatureSet = serviceWrappingContext.getFeatureSet();
    }

    public AuthenticatedAccountInfo authenticateAccount(String str, String str2, String str3, Bundle bundle, Tracer tracer) {
        AuthEndpointErrorParser.AuthErrorType authErrorType;
        AuthenticatedAccountInfo authenticatedAccountInfo;
        HttpsURLConnection httpsURLConnection = null;
        try {
            try {
                URL signInUrl = getSignInUrl(str3);
                MAPLog.i(TAG, "Starting request to authenticate account. URL : " + signInUrl.toString());
                PlatformMetricsTimer startTimer = tracer.startTimer(MetricUtils.getUrlPathAndDomain(signInUrl));
                HttpsURLConnection createURLConnection = createURLConnection(signInUrl);
                try {
                    createURLConnection.setDoOutput(true);
                    createURLConnection.setRequestMethod("POST");
                    createURLConnection.setRequestProperty("Accept", "application/json");
                    createURLConnection.setRequestProperty("Content-Type", "application/json");
                    if (this.mFeatureSet.hasFeature(Feature.UseDeviceLocaleAsLanguagePreference)) {
                        createURLConnection.setRequestProperty("Accept-Language", LocaleUtil.getLocaleAsLanguageTag(Locale.getDefault()));
                    }
                    PandaAuthenticateAccountRequest pandaAuthenticateAccountRequest = new PandaAuthenticateAccountRequest();
                    pandaAuthenticateAccountRequest.setUserID(str);
                    pandaAuthenticateAccountRequest.setPassword(str2);
                    pandaAuthenticateAccountRequest.setDeviceInfo(this.mDeviceInfo);
                    pandaAuthenticateAccountRequest.setJwtSigner(JwtSigner.getSigner(PlatformSettings.getInstance(this.mContext), this.mDeviceInfo, tracer));
                    pandaAuthenticateAccountRequest.setFraudMetadata(DeviceMetadataCollector.getFraudMetadata(this.mContext, this.mDeviceInfo.getDeviceSerialNumber(), tracer));
                    String string = bundle.getString("calling_package");
                    if (string != null) {
                        pandaAuthenticateAccountRequest.setMetadataAppName(string);
                        Integer packageVersion = PackageUtils.getPackageVersion(this.mContext, string);
                        if (packageVersion != null) {
                            pandaAuthenticateAccountRequest.setMetadataAppVersion(Integer.toString(packageVersion.intValue()));
                        }
                    }
                    StreamUtils.writeToStreamAndClose(createURLConnection.getOutputStream(), pandaAuthenticateAccountRequest.getRequestJSON().toString().getBytes());
                    int responseCode = createURLConnection.getResponseCode();
                    startTimer.stopClock();
                    MAPLog.i(TAG, "Panda SignIn Response code: " + responseCode);
                    try {
                        JSONObject json = JSONHelpers.toJson(createURLConnection);
                        if (json == null) {
                            MAPLog.e(TAG, "Error parsing JSON in Panda response");
                            authenticatedAccountInfo = new AuthenticatedAccountInfo(new AuthEndpointErrorParser.AuthEndpointError(AuthEndpointErrorParser.AuthErrorType.ParseError, "Error parsing JSON in Panda response", null, null));
                        } else if (!this.mAuthEndpointErrorParser.isFailure(responseCode) || this.mAuthEndpointErrorParser.hasAuthenticationChallenge(json)) {
                            Object[] objArr = {createURLConnection.getURL().toString(), json.getString("request_id")};
                            JSONObject jSONObject = json.getJSONObject("response");
                            if (jSONObject.has("success")) {
                                JSONObject jSONObject2 = jSONObject.getJSONObject("success");
                                authenticatedAccountInfo = new AuthenticatedAccountInfo(jSONObject2.getJSONObject("tokens").getJSONObject("bearer").getString("access_token"), jSONObject2.getString("customer_id"));
                            } else if (jSONObject.has("challenge")) {
                                AuthenticationChallenge fromPandaChallengeBody = AuthenticationChallenge.fromPandaChallengeBody(jSONObject.getJSONObject("challenge"));
                                String stringOrDefault = JSONHelpers.getStringOrDefault(jSONObject, "request_id", null);
                                String reason = fromPandaChallengeBody.getReason();
                                authenticatedAccountInfo = new AuthenticatedAccountInfo(fromPandaChallengeBody, ("AuthenticationFailed".equals(reason) || "InvalidAuthenticationData".equals(reason)) ? new AuthEndpointErrorParser.AuthEndpointError(AuthEndpointErrorParser.AuthErrorType.CredentialError, null, null, stringOrDefault) : new AuthEndpointErrorParser.AuthEndpointError(AuthEndpointErrorParser.AuthErrorType.AuthenticationChallenged, null, null, stringOrDefault));
                            } else {
                                MAPLog.e(TAG, "Error parsing response. Empty response body.");
                                authenticatedAccountInfo = new AuthenticatedAccountInfo(new AuthEndpointErrorParser.AuthEndpointError(AuthEndpointErrorParser.AuthErrorType.ParseError, "Error parsing response. Empty response body.", null, null));
                            }
                        } else {
                            AuthEndpointErrorParser.AuthEndpointError parse = this.mAuthEndpointErrorParser.parse(json);
                            if (parse == null) {
                                parse = AuthEndpointErrorParser.GENERIC_ERROR;
                            }
                            MAPLog.formattedError(TAG, "Error making request. Code: %s \n Message: %s \n Detail: %s", parse.getAuthTypeError().getCode(), parse.getMessage(), parse.getDetail());
                            authenticatedAccountInfo = new AuthenticatedAccountInfo(parse);
                        }
                        if (authenticatedAccountInfo.isError()) {
                            startTimer.setTimerName(MetricUtils.getUrlPathAndDomain(signInUrl, responseCode, authenticatedAccountInfo.error.getAuthTypeError().getCode()));
                        } else {
                            startTimer.setTimerName(MetricUtils.getUrlPathAndDomain(signInUrl, responseCode));
                        }
                        startTimer.stop();
                        if (RetryLogic.isHTTP500ErrorCodeSeries(responseCode)) {
                            tracer.incrementCounter(MetricUtils.getAvailabilityMetricName(signInUrl), 0.0d);
                        } else {
                            tracer.incrementCounter(MetricUtils.getAvailabilityMetricName(signInUrl), 1.0d);
                        }
                        if (createURLConnection != null) {
                            createURLConnection.disconnect();
                        }
                    } catch (JSONException e) {
                        tracer.incrementCounter(MetricUtils.getAvailabilityMetricName(signInUrl), 0.0d);
                        String format = String.format(Locale.US, "Error parsing Panda sign-in response. Not of an expected format. Error: %s", e.getMessage());
                        MAPLog.e(TAG, format);
                        authenticatedAccountInfo = new AuthenticatedAccountInfo(new AuthEndpointErrorParser.AuthEndpointError(AuthEndpointErrorParser.AuthErrorType.ParseError, format, null, null));
                        if (createURLConnection != null) {
                            createURLConnection.disconnect();
                        }
                    }
                } catch (JSONException e2) {
                    String format2 = String.format(Locale.US, "JSONException while bulding Panda sign-in request. Error: %s", e2.getMessage());
                    MAPLog.e(TAG, format2);
                    authenticatedAccountInfo = new AuthenticatedAccountInfo(new AuthEndpointErrorParser.AuthEndpointError(AuthEndpointErrorParser.AuthErrorType.BuildRequestFailure, format2, null, null));
                    if (createURLConnection != null) {
                        createURLConnection.disconnect();
                    }
                }
            } catch (IOException e3) {
                String message = e3.getMessage();
                if (message == null || !message.contains("Received authentication challenge is")) {
                    tracer.incrementCounter(MetricUtils.getIOExceptionMetricName(null));
                    tracer.incrementCounter(MetricUtils.getIOExceptionWithSubClassMetricName(null, e3, this.mContext));
                    String format3 = String.format(Locale.US, "Error getting response from server. Error: %s", message);
                    MAPLog.e(TAG, format3);
                    if (MetricUtils.isDeviceConnected(this.mContext)) {
                        tracer.incrementCounter(MetricUtils.getAvailabilityMetricName(null), 0.0d);
                        MAPLog.e(TAG, "Unable to reach " + ((Object) null) + ", despite valid network connection. Please contact service owners for investigation.");
                        authErrorType = AuthEndpointErrorParser.AuthErrorType.ServiceUnavailable;
                    } else {
                        MAPLog.e(TAG, "The device is not connected to internet. Please check your device network connection.");
                        authErrorType = AuthEndpointErrorParser.AuthErrorType.NetworkFailure;
                    }
                    authenticatedAccountInfo = new AuthenticatedAccountInfo(new AuthEndpointErrorParser.AuthEndpointError(authErrorType, format3, null, null));
                    if (0 != 0) {
                        httpsURLConnection.disconnect();
                    }
                } else {
                    MAPLog.e(TAG, "Encountered Panda bug around 401 returned from the server. Assuming this means invalid credentials");
                    tracer.incrementCounter(MetricUtils.getAvailabilityMetricName(null), 1.0d);
                    tracer.incrementCounter(MetricUtils.getUrlPathAndDomain(null, 401, AuthEndpointErrorParser.AuthErrorType.CredentialError.getCode()));
                    authenticatedAccountInfo = GENERIC_CREDENTIAL_ERROR_ACCOUNT_INFO;
                    if (0 != 0) {
                        httpsURLConnection.disconnect();
                    }
                }
            }
            return authenticatedAccountInfo;
        } catch (Throwable th) {
            if (0 != 0) {
                httpsURLConnection.disconnect();
            }
            throw th;
        }
    }

    HttpsURLConnection createURLConnection(URL url) throws IOException {
        return (HttpsURLConnection) AmazonWebserviceCall.setAmazonWebRequestSettings((HttpsURLConnection) EnhancedURLConnectionFactory.createURLConnection(url));
    }

    URL getSignInUrl(String str) {
        try {
            return new URL("https", EnvironmentUtils.getInstance().getPandaHost(str), 443, "/auth/signin");
        } catch (MalformedURLException e) {
            MAPLog.formattedError(TAG, "Could not request URL to hit panda. Domain %s was invalid. Error: %s", str, e.getMessage());
            return null;
        }
    }
}
