package com.amazon.identity.auth.device.authorization;

import android.content.Context;
import android.content.Intent;
import android.os.Binder;
import android.os.Build;
import android.os.Bundle;
import android.os.IBinder;
import android.os.RemoteException;
import android.text.TextUtils;
import com.amazon.identity.auth.accounts.CentralAccountManagerCommunication;
import com.amazon.identity.auth.device.AuthError;
import com.amazon.identity.auth.device.InvalidGrantAuthError;
import com.amazon.identity.auth.device.api.MAPInit;
import com.amazon.identity.auth.device.authorization.AmazonAuthorizationServiceInterface;
import com.amazon.identity.auth.device.authorization.ThirdPartyServiceHelper;
import com.amazon.identity.auth.device.authorization.api.AuthorizationListener;
import com.amazon.identity.auth.device.authorization.api.AuthzConstants;
import com.amazon.identity.auth.device.authorization.appid.FirstPartyAppIdentifier;
import com.amazon.identity.auth.device.dataobject.AppInfo;
import com.amazon.identity.auth.device.dataobject.UserAuthorization;
import com.amazon.identity.auth.device.datastore.UserAuthorizationDataSource;
import com.amazon.identity.auth.device.dcp.SSOUtils;
import com.amazon.identity.auth.device.endpoint.FirstPartyTokenVendor;
import com.amazon.identity.auth.device.metric.MetricsFactory;
import com.amazon.identity.auth.device.thread.AuthzCallbackFuture;
import com.amazon.identity.auth.device.thread.ThreadUtils;
import com.amazon.identity.auth.device.utils.LWAConstants;
import com.amazon.identity.auth.device.utils.MAPConstants;
import com.amazon.identity.auth.device.utils.MAPVersionHelper;
import com.amazon.identity.auth.device.workflow.WorkflowRequest;
import com.amazon.identity.auth.map.device.utils.MAPLog;
import com.amazon.identity.auth.map.device.utils.MAPVersion;
import com.amazon.identity.auth.map.device.utils.MAPVersionInfo;
import java.io.IOException;
import java.util.Arrays;
import java.util.HashSet;
import java.util.concurrent.ExecutionException;

/* loaded from: classes12.dex */
public final class AmazonAuthorizationService1stParty extends android.app.Service {
    private static final String LOG_TAG = AmazonAuthorizationService1stParty.class.getName();

    /* loaded from: classes12.dex */
    private static final class AmazonAuthorizationServiceImplBase extends AmazonAuthorizationServiceInterface.Stub {
        private static final Bundle EMPTY_RESULTS = new Bundle();
        private static AmazonAuthorizationServiceImplBase INSTANCE;
        private final Context mContext;

        private AmazonAuthorizationServiceImplBase(Context context) {
            this.mContext = context;
            MAPInit.getInstance(context).initialize();
        }

        static /* synthetic */ void access$100(AmazonAuthorizationServiceImplBase amazonAuthorizationServiceImplBase, String str, String str2, String[] strArr, AuthzCallbackFuture authzCallbackFuture, Bundle bundle) {
            new AuthzUIRequest(AmazonAuthorizationService1stParty.initializeAuthzParams(amazonAuthorizationServiceImplBase.mContext, str, str2, strArr, bundle), authzCallbackFuture).start(amazonAuthorizationServiceImplBase.mContext);
        }

        private Bundle constructIncorrectPackageNameErrorBundle() {
            MAPLog.e(AmazonAuthorizationService1stParty.LOG_TAG, "Provided Package name does not match package name of caller.");
            return AuthError.getErrorBundle(new AuthError("Provided Package name does not match package name of caller.", AuthError.ERROR_TYPE.ERROR_ACCESS_DENIED));
        }

        private AppInfo getAppInfo(String str) throws AuthError {
            AppInfo appInfo = new FirstPartyAppIdentifier().getAppInfo(str, this.mContext);
            if (appInfo == null || appInfo.getClientId() == null) {
                throw new AuthError("Invalid API Key", AuthError.ERROR_TYPE.ERROR_ACCESS_DENIED);
            }
            return appInfo;
        }

        public static AmazonAuthorizationServiceImplBase getInstance(Context context) {
            if (INSTANCE == null) {
                INSTANCE = new AmazonAuthorizationServiceImplBase(context);
            }
            return INSTANCE;
        }

        @Override // com.amazon.identity.auth.device.authorization.AmazonAuthorizationServiceInterface
        public Bundle authorize(Bundle bundle, final String str, String[] strArr) throws RemoteException {
            AppInfo appInfo;
            final String[] strArr2;
            final String str2;
            MAPLog.pii(AmazonAuthorizationService1stParty.LOG_TAG, "calling authorize pkg=", str);
            if (bundle == null) {
                bundle = new Bundle();
            }
            final Bundle bundle2 = bundle;
            boolean z = bundle2.getBoolean(AuthzConstants.BUNDLE_KEY.CHECK_API_KEY.val, true);
            if (!AmazonAuthorizationService1stParty.isPackageNameOfCaller(str, this.mContext)) {
                return constructIncorrectPackageNameErrorBundle();
            }
            final AuthzCallbackFuture authzCallbackFuture = new AuthzCallbackFuture((AuthorizationListener) null);
            if (z) {
                try {
                    appInfo = getAppInfo(str);
                } catch (AuthError e) {
                    return AuthError.getErrorBundle(e);
                }
            } else {
                appInfo = null;
            }
            if (Build.VERSION.SDK_INT <= 10) {
                return EMPTY_RESULTS;
            }
            if (appInfo != null) {
                UserAuthorization findByPrimaryKey = UserAuthorizationDataSource.getInstance(this.mContext).findByPrimaryKey(appInfo.getAppFamilyId());
                if (findByPrimaryKey != null) {
                    strArr = AuthorizationHelper.getCommonScopesForAuthorization(this.mContext, strArr, findByPrimaryKey.getRequestedScopes());
                }
                str2 = appInfo.getClientId();
                strArr2 = strArr;
            } else {
                MAPLog.i(AmazonAuthorizationService1stParty.LOG_TAG, "Skipping APIKey check");
                strArr2 = strArr;
                str2 = null;
            }
            boolean z2 = bundle2.getBoolean(LWAConstants.AUTHORIZE_BUNDLE_KEY.SHOW_PROGRESS.val, true);
            String directedId = SSOUtils.getDirectedId(this.mContext);
            if (z2) {
                MAPLog.i(AmazonAuthorizationService1stParty.LOG_TAG, "Launching activity");
                ThreadUtils.runOnMainThread(new Runnable() { // from class: com.amazon.identity.auth.device.authorization.AmazonAuthorizationService1stParty.AmazonAuthorizationServiceImplBase.1
                    @Override // java.lang.Runnable
                    public void run() {
                        AmazonAuthorizationServiceImplBase.access$100(AmazonAuthorizationServiceImplBase.this, str, str2, strArr2, authzCallbackFuture, bundle2);
                    }
                });
            } else {
                MAPLog.i(AmazonAuthorizationService1stParty.LOG_TAG, "Non-interactive flow");
                if (TextUtils.isEmpty(directedId)) {
                    authzCallbackFuture.onError(new AuthError("NoCustomerRegistered", AuthError.ERROR_TYPE.ERROR_DIRECTED_ID_NOT_FOUND));
                } else {
                    MAPLog.i(AmazonAuthorizationService1stParty.LOG_TAG, "Skipping activity, authorize in background.");
                    ThreadUtils.runOffMainThread(new Runnable() { // from class: com.amazon.identity.auth.device.authorization.AuthzNonUIRequest.1
                        public AnonymousClass1() {
                        }

                        @Override // java.lang.Runnable
                        public void run() {
                            AuthzNonUIRequest.access$000(AuthzNonUIRequest.this);
                        }
                    });
                }
            }
            try {
                return authzCallbackFuture.get();
            } catch (InterruptedException e2) {
                return AuthError.getErrorBundle(new AuthError("Error authorizing via remote service", e2, AuthError.ERROR_TYPE.ERROR_UNKNOWN));
            } catch (ExecutionException e3) {
                return AuthError.getErrorBundle(new AuthError("Error authorizing via remote service", e3, AuthError.ERROR_TYPE.ERROR_UNKNOWN));
            }
        }

        @Override // com.amazon.identity.auth.device.authorization.AmazonAuthorizationServiceInterface
        public Bundle clearAuthorizationState(Bundle bundle, String str) throws RemoteException {
            if (!AmazonAuthorizationService1stParty.isPackageNameOfCaller(str, this.mContext)) {
                MAPLog.e(AmazonAuthorizationService1stParty.LOG_TAG, "Provided Package name does not match package name of caller. Not clearing authorization state.");
                return null;
            }
            try {
                UserAuthorizationDataSource.getInstance(this.mContext).insertByPrimaryKey(getAppInfo(str).getAppFamilyId(), null);
                return null;
            } catch (AuthError unused) {
                MAPLog.e(AmazonAuthorizationService1stParty.LOG_TAG, "Invalid API Key. Not clearing authorization state.");
                return null;
            }
        }

        @Override // com.amazon.identity.auth.device.authorization.AmazonAuthorizationServiceInterface
        public Bundle getMetaData() throws RemoteException {
            Bundle bundle = new Bundle();
            bundle.putParcelable(MAPConstants.MAP_VERSION_KEY, new MAPVersion(MAPVersionHelper.getVersionInfo(MAPVersionInfo.LWA_VERSION)));
            bundle.putBoolean(MAPConstants.MAP_IS_PRIMARY, false);
            MAPLog.i(AmazonAuthorizationService1stParty.LOG_TAG, "Returning MAP Version via MetaData: 3.5.8");
            return bundle;
        }

        @Override // com.amazon.identity.auth.device.authorization.AmazonAuthorizationServiceInterface
        public Bundle getToken(Bundle bundle, String str, String[] strArr) throws RemoteException {
            if (!AmazonAuthorizationService1stParty.isPackageNameOfCaller(str, this.mContext)) {
                return constructIncorrectPackageNameErrorBundle();
            }
            try {
                AppInfo appInfo = getAppInfo(str);
                try {
                    String vendToken = new FirstPartyTokenVendor().vendToken(SSOUtils.getDirectedId(this.mContext), strArr, this.mContext, Bundle.EMPTY, appInfo);
                    Bundle bundle2 = new Bundle();
                    bundle2.putString(ThirdPartyServiceHelper.TOKEN_KEYS.ACCESS_ATZ_TOKEN, vendToken);
                    return bundle2;
                } catch (InvalidGrantAuthError e) {
                    MAPLog.e(AmazonAuthorizationService1stParty.LOG_TAG, "Invalid grant request in service. Clearing service authorization state.", e);
                    clearAuthorizationState(bundle, str);
                    return AuthError.getErrorBundle(e);
                } catch (AuthError e2) {
                    MAPLog.e(AmazonAuthorizationService1stParty.LOG_TAG, e2.getMessage(), e2);
                    return AuthError.getErrorBundle(e2);
                } catch (IOException e3) {
                    return AuthError.getErrorBundle(new AuthError("Error authorizing via remote service", e3, AuthError.ERROR_TYPE.ERROR_UNKNOWN));
                }
            } catch (AuthError e4) {
                return AuthError.getErrorBundle(e4);
            }
        }

        @Override // com.amazon.identity.auth.device.authorization.AmazonAuthorizationServiceInterface
        public Bundle openWorkflow(Bundle bundle, String str, String str2, String str3) throws RemoteException {
            if (!AmazonAuthorizationService1stParty.isPackageNameOfCaller(str, this.mContext)) {
                return constructIncorrectPackageNameErrorBundle();
            }
            try {
                getAppInfo(str);
                AuthzCallbackFuture authzCallbackFuture = new AuthzCallbackFuture((AuthorizationListener) null);
                new WorkflowRequest(str2, str3, Bundle.EMPTY, authzCallbackFuture).start(this.mContext);
                try {
                    return authzCallbackFuture.get();
                } catch (InterruptedException e) {
                    return AuthError.getErrorBundle(new AuthError("Error authorizing via remote service", e, AuthError.ERROR_TYPE.ERROR_UNKNOWN));
                } catch (ExecutionException e2) {
                    return AuthError.getErrorBundle(new AuthError("Error authorizing via remote service", e2, AuthError.ERROR_TYPE.ERROR_UNKNOWN));
                }
            } catch (AuthError e3) {
                return AuthError.getErrorBundle(e3);
            }
        }
    }

    static Bundle initializeAuthzParams(Context context, String str, String str2, String[] strArr, Bundle bundle) {
        Bundle bundle2 = new Bundle();
        bundle2.putString(CentralAccountManagerCommunication.GetAccountAction.KEY_PACKAGE_NAME, str);
        bundle2.putString(AuthorizationResponseParser.CLIENT_ID_STATE, str2);
        bundle2.putStringArray("scopes", strArr);
        if (bundle != null) {
            Bundle bundle3 = bundle.getBundle(MAPConstants.SERVICE_BUNDLE_KEY.AUTHZ_PARAMS.val);
            if (bundle3 != null && bundle3.size() > 0) {
                bundle2.putBundle(AuthorizationHelper.AUTHZ_QUERY_PARAMS, bundle3);
            }
            String str3 = AuthzConstants.BUNDLE_KEY.RETURN_CODE.val;
            bundle2.putBoolean(str3, bundle.getBoolean(str3, false));
            String str4 = AuthzConstants.BUNDLE_KEY.CHECK_API_KEY.val;
            bundle2.putBoolean(str4, bundle.getBoolean(str4, true));
            String str5 = AuthzConstants.BUNDLE_KEY.EXTRA_URL_PARAMS.val;
            bundle2.putBundle(str5, bundle.getBundle(str5));
            bundle2.putString(AuthzConstants.BUNDLE_KEY.SSO_VERSION.val, "LWAAndroidSSO3.5.8");
            if (bundle.containsKey(LWAConstants.AUTHORIZE_BUNDLE_KEY.REGION.val)) {
                String str6 = LWAConstants.AUTHORIZE_BUNDLE_KEY.REGION.val;
                bundle2.putString(str6, bundle.getString(str6));
            }
            if (bundle.containsKey(LWAConstants.AUTHORIZE_BUNDLE_KEY.STAGE.val)) {
                String str7 = LWAConstants.AUTHORIZE_BUNDLE_KEY.STAGE.val;
                bundle2.putString(str7, bundle.getString(str7));
            }
            if (bundle.containsKey(LWAConstants.AUTHORIZE_BUNDLE_KEY.SHOW_PROGRESS.val)) {
                String str8 = LWAConstants.AUTHORIZE_BUNDLE_KEY.SHOW_PROGRESS.val;
                bundle2.putBoolean(str8, bundle.getBoolean(str8));
            }
        }
        return bundle2;
    }

    public static boolean isPackageNameOfCaller(String str, Context context) {
        int callingUid = Binder.getCallingUid();
        MAPLog.d(LOG_TAG, "hasPackageName: uid=" + callingUid + ", packageName=" + str);
        if (str == null) {
            MAPLog.e(LOG_TAG, "packageName can't be null.");
            return false;
        }
        MetricsFactory.getMetricsCollectorInstance(context.getApplicationContext(), str).incrementCounterAndRecord("LWAGetPackageNameOfCaller", str);
        String[] packagesForUid = context.getPackageManager().getPackagesForUid(callingUid);
        if (packagesForUid == null) {
            MAPLog.w(LOG_TAG, "No packages found for uid of caller.");
            return false;
        }
        if (new HashSet(Arrays.asList(packagesForUid)).contains(str)) {
            MAPLog.w(LOG_TAG, "Package name found in list of packages running in uid of caller.");
            return true;
        }
        MAPLog.w(LOG_TAG, "Package name not found in list of packages running in uid of caller.");
        return false;
    }

    @Override // android.app.Service
    public IBinder onBind(Intent intent) {
        MAPLog.d(LOG_TAG, "onBind called");
        return AmazonAuthorizationServiceImplBase.getInstance(this);
    }

    @Override // android.app.Service
    public void onCreate() {
        super.onCreate();
        MAPLog.d(LOG_TAG, "onCreate called");
    }

    @Override // android.app.Service
    public void onDestroy() {
        super.onDestroy();
        MAPLog.d(LOG_TAG, "onDestroy called");
    }
}
