package com.amazon.identity.auth.device.framework;

import android.content.ActivityNotFoundException;
import android.content.Context;
import android.content.Intent;
import android.graphics.Bitmap;
import android.net.Uri;
import android.net.http.SslError;
import android.os.Build;
import android.os.Bundle;
import android.text.TextUtils;
import android.webkit.SslErrorHandler;
import android.webkit.WebResourceResponse;
import android.webkit.WebView;
import android.webkit.WebViewClient;
import com.amazon.identity.auth.accounts.AccountsCallbackHelpers;
import com.amazon.identity.auth.device.api.MAPAccountManager;
import com.amazon.identity.auth.device.api.MAPError;
import com.amazon.identity.auth.device.endpoint.OpenIdRequest;
import com.amazon.identity.auth.device.endpoint.OpenIdResponse;
import com.amazon.identity.auth.device.framework.security.DebugReleaseDiffMethods;
import com.amazon.identity.auth.device.metrics.SSOMetrics;
import com.amazon.identity.auth.device.utils.MAPArgContracts;
import com.amazon.identity.auth.device.utils.MAPLog;
import com.amazon.identity.auth.device.utils.UrlUtils;
import com.amazon.identity.auth.device.utils.WebViewUtils;
import com.amazon.identity.platform.metric.MetricUtils;
import com.amazon.identity.platform.metric.MetricsHelper;
import com.amazon.identity.platform.metric.PlatformMetricsTimer;
import com.amazon.mas.client.nexus.schema.CommonStrings;
import java.net.MalformedURLException;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URL;
import java.util.Locale;
import java.util.Set;

/* loaded from: classes.dex */
public final class AuthenticationWebViewClient extends WebViewClient {
    private final boolean mAllowAllSigninPaths;
    private final AuthenticationWebViewClientCallback mCallback;
    private final Context mContext;
    private PlatformMetricsTimer mDcqPageRenderTimer;
    private final String mExpectedReturnToURL;
    private final MAPSmsReceiver mMAPSmsReceiver;
    private PlatformMetricsTimer mMfaPageRenderTimer;
    private final OpenIdRequest.REQUEST_TYPE mRequestType;
    private final OpenIdRequest.TOKEN_SCOPE mScope;
    private final Set<String> mSignInDomains;
    private final Tracer mTracer;
    public boolean mAuthenticationFinished = false;
    private PlatformMetricsTimer mSignInRegisterFormSubmitTimer = null;
    private volatile boolean mIsMFA = false;
    private volatile boolean mIsDCQ = false;

    /* loaded from: classes.dex */
    public interface AuthenticationWebViewClientCallback {
        void onCodeEnterFinished();

        void onPageFinished();

        void onPageStarted(String str);

        void setError(Bundle bundle);

        void setResult(OpenIdResponse openIdResponse);
    }

    public AuthenticationWebViewClient(Context context, MAPSmsReceiver mAPSmsReceiver, OpenIdRequest.REQUEST_TYPE request_type, String str, OpenIdRequest.TOKEN_SCOPE token_scope, Set<String> set, boolean z, AuthenticationWebViewClientCallback authenticationWebViewClientCallback, Tracer tracer) {
        MAPArgContracts.throwIfNull(authenticationWebViewClientCallback, "callback");
        this.mContext = context;
        this.mMAPSmsReceiver = mAPSmsReceiver;
        this.mExpectedReturnToURL = str;
        this.mCallback = authenticationWebViewClientCallback;
        this.mScope = token_scope;
        this.mRequestType = request_type;
        this.mSignInDomains = set;
        this.mAllowAllSigninPaths = z;
        this.mTracer = tracer;
    }

    private void handleChallengeCancelMetric() {
        if (this.mTracer == null) {
            return;
        }
        if (this.mIsDCQ) {
            this.mTracer.incrementCounter("DCQCanceled");
        }
        if (this.mIsMFA) {
            this.mTracer.incrementCounter("MFACanceled");
        }
    }

    private void handleChallengeEventMetric(String str) {
        if (str.contains("ap/dcq")) {
            Tracer tracer = this.mTracer;
            if (tracer != null) {
                tracer.incrementCounter("WebView:ContactedDCQ:" + this.mRequestType.name());
                this.mDcqPageRenderTimer = this.mTracer.startTimer("DCQ:PageRender");
            }
            this.mIsDCQ = true;
            this.mIsMFA = false;
            return;
        }
        if (!str.contains("ap/mfa")) {
            this.mIsMFA = false;
            this.mIsDCQ = false;
            return;
        }
        Tracer tracer2 = this.mTracer;
        if (tracer2 != null) {
            tracer2.incrementCounter("WebView:ContactedMFA:" + this.mRequestType.name());
            this.mMfaPageRenderTimer = this.mTracer.startTimer("MFA:PageRender");
        }
        this.mIsMFA = true;
        this.mIsDCQ = false;
    }

    private void handleReturnToUrl(String str) {
        this.mAuthenticationFinished = true;
        MAPLog.d("AuthenticationWebViewClient", "Processing returnTo URL");
        OpenIdResponse openIdResponse = new OpenIdResponse(str);
        MAPLog.d("AuthenticationWebViewClient", "Got Open ID response");
        String authorizationCode = openIdResponse.getAuthorizationCode();
        if (!"device_auth_access".equalsIgnoreCase(openIdResponse.getScope()) && TextUtils.isEmpty(authorizationCode)) {
            MetricsHelper.incrementCounterAndRecord("WebViewFailure:InvalidScope:" + this.mRequestType.name() + CommonStrings.SEPARATOR + MetricUtils.getAuthPortalUrlPathAndDomain(str), new String[0]);
            String format = String.format("Received token with invalid scope %s and no authorization code", openIdResponse.getScope());
            this.mCallback.setError(AccountsCallbackHelpers.getErrorBundle(MAPError.CommonError.PARSE_ERROR, format, MAPAccountManager.RegistrationError.PARSE_ERROR.value(), format));
            return;
        }
        if (TextUtils.isEmpty(openIdResponse.getAccessToken()) && TextUtils.isEmpty(authorizationCode)) {
            MetricsHelper.incrementCounterAndRecord("WebViewFailure:NoAccessTokenAndAuthorizationCode:" + this.mRequestType.name() + CommonStrings.SEPARATOR + MetricUtils.getAuthPortalUrlPathAndDomain(str), new String[0]);
            MetricsHelper.incrementCounterAndRecord("MAPError:AuthenticationFailed", new String[0]);
            this.mCallback.setError(AccountsCallbackHelpers.getErrorBundle(MAPError.AccountError.REGISTER_FAILED, "Sign in failed because the access token is not set in the return_to_url. Please contact the AuthPortal team to understand the reason.", MAPAccountManager.RegistrationError.REGISTER_FAILED.value(), "Received empty access token and authorization code from AP response"));
            return;
        }
        if (!TextUtils.isEmpty(openIdResponse.getDirectedId())) {
            this.mCallback.setResult(openIdResponse);
            return;
        }
        MetricsHelper.incrementCounter("WebViewFailure:NoDirectedID:" + this.mRequestType.name() + CommonStrings.SEPARATOR + MetricUtils.getAuthPortalUrlPathAndDomain(str), new String[0]);
        MetricsHelper.incrementCounter("MAPError:AuthenticationFailed", new String[0]);
        this.mCallback.setError(AccountsCallbackHelpers.getErrorBundle(MAPError.AccountError.REGISTER_FAILED, "Sign in failed because the directedId is not set in the return_to_url. Please contact the AuthPortal team to understand the reason.", MAPAccountManager.RegistrationError.REGISTER_FAILED.value(), "Registration response received invalid because it did not contain a directed id"));
    }

    public static boolean is3pAuthenticationUrl(URL url) {
        if (url == null) {
            return false;
        }
        String path = url.getPath();
        return TextUtils.equals(path, "/ap/3p_authentication") || TextUtils.equals(path, "/ap/3p_authentication/");
    }

    public static boolean isAllowedSignInDomain(String str, Set<String> set) {
        for (String str2 : set) {
            if (str.endsWith(str2)) {
                return true;
            }
            int indexOf = str2.indexOf(".");
            if (indexOf == 0 && str.equals(str2.substring(indexOf + 1, str2.length()))) {
                return true;
            }
        }
        return false;
    }

    public static boolean isCancelEvent(URI uri) {
        boolean z = false;
        if (uri == null) {
            return false;
        }
        if (uri.getQuery() == null && (TextUtils.equals("/gp/yourstore/home", uri.getPath()) || TextUtils.equals("/gp/yourstore/home/", uri.getPath()))) {
            z = true;
        }
        MAPLog.d("AuthenticationWebViewClient", "isCancelEvent : " + z);
        return z;
    }

    public static boolean isCancelURLForActor(URI uri) {
        if (uri == null) {
            return false;
        }
        boolean z = TextUtils.equals("/ap/mapcancel", uri.getPath()) || TextUtils.equals("/ap/mapcancel/", uri.getPath());
        MAPLog.d("AuthenticationWebViewClient", "isCancelForActor : " + z);
        return z;
    }

    public static boolean isMAPUrl(URL url, Set<String> set, boolean z) {
        String protocol = url.getProtocol();
        if (!TextUtils.isEmpty(protocol) && protocol.contains("http")) {
            String host = url.getHost();
            if (!TextUtils.isEmpty(host) && isAllowedSignInDomain(host, set)) {
                if (z || host.split("\\.")[0].equals("account-status")) {
                    return true;
                }
                String path = url.getPath();
                if (TextUtils.isEmpty(path)) {
                    return false;
                }
                boolean startsWith = path.startsWith("/ap/");
                boolean startsWith2 = path.startsWith("/ap/maplanding");
                boolean startsWith3 = path.startsWith("/gp/yourstore/home");
                MAPLog.d("AuthenticationWebViewClient", "startsWithAP=" + startsWith + " equalsReturnTo=" + startsWith2 + " equalsCancelButton=" + startsWith3);
                if (startsWith || startsWith2 || startsWith3) {
                    return true;
                }
            }
        }
        return false;
    }

    public static boolean isReturnToURL(URI uri) {
        return uri != null && TextUtils.equals(uri.getPath(), "/ap/maplanding");
    }

    private boolean isSignInOrRegisterPost(String str) {
        return (str.contains("ap/signin") || str.contains("ap/register")) && !str.contains("openid.assoc_handle");
    }

    private boolean shouldLaunchBrowserOrHandle3PAuthCallback(WebView webView, String str) {
        URL url;
        if (TextUtils.isEmpty(str)) {
            MAPLog.e("AuthenticationWebViewClient", "URL is null");
            return false;
        }
        try {
            url = new URL(str);
        } catch (MalformedURLException unused) {
            MAPLog.d("AuthenticationWebViewClient", "MalformedURLException url=" + ((Object) null));
            url = null;
        }
        if (url != null) {
            if (is3pAuthenticationUrl(url)) {
                Bundle errorBundle = AccountsCallbackHelpers.getErrorBundle(MAPError.AccountError.REQUIRES_3P_AUTHENTICATION, "3P login requires authentication", MAPAccountManager.RegistrationError.REQUIRED_3P_AUTHENTICATION.value(), "3P login need authentication");
                errorBundle.putString("thirdPartyLoginUrl", str);
                MAPLog.i("AuthenticationWebViewClient", "Detected 3P authentication needed");
                this.mCallback.setError(errorBundle);
                return true;
            }
            if (isMAPUrl(url, this.mSignInDomains, this.mAllowAllSigninPaths)) {
                if (this.mMAPSmsReceiver.shouldRegisterMAPSmsReceiver(url, this.mContext)) {
                    this.mMAPSmsReceiver.registerMAPSmsReceiverIfUnregistered(this.mContext, null);
                }
                return false;
            }
        }
        try {
            MAPLog.d("AuthenticationWebViewClient", "Opening in external browser - url=" + url);
            webView.getContext().startActivity(new Intent("android.intent.action.VIEW", Uri.parse(str)));
        } catch (ActivityNotFoundException unused2) {
            MAPLog.e("AuthenticationWebViewClient", "Unable to open external browser with url and path: " + url.getHost() + url.getPath() + ", ignoring and stay in the current page.");
        }
        return true;
    }

    public static URI strToUri(String str) {
        try {
            return new URI(str);
        } catch (URISyntaxException e) {
            MAPLog.e("AuthenticationWebViewClient", "Exception while trying to parse url in onPageStarted. Continue with page load.", e);
            MetricsHelper.incrementCounterAndRecord("MAP_URISyntaxException", new String[0]);
            return null;
        }
    }

    public boolean isDCQ() {
        return this.mIsDCQ;
    }

    public boolean isMFA() {
        return this.mIsMFA;
    }

    @Override // android.webkit.WebViewClient
    public void onPageFinished(WebView webView, String str) {
        PlatformMetricsTimer platformMetricsTimer;
        PlatformMetricsTimer platformMetricsTimer2;
        MAPLog.d("AuthenticationWebViewClient", "onPageFinished called");
        super.onPageFinished(webView, str);
        WebViewUtils.syncCookieSyncManager(this.mContext);
        if (this.mIsMFA && (platformMetricsTimer2 = this.mMfaPageRenderTimer) != null) {
            platformMetricsTimer2.stop();
        }
        if (this.mIsDCQ && (platformMetricsTimer = this.mDcqPageRenderTimer) != null) {
            platformMetricsTimer.stop();
        }
        if (!str.startsWith(this.mExpectedReturnToURL) && !this.mAuthenticationFinished) {
            this.mCallback.onPageFinished();
            return;
        }
        PlatformMetricsTimer platformMetricsTimer3 = this.mSignInRegisterFormSubmitTimer;
        if (platformMetricsTimer3 != null) {
            platformMetricsTimer3.stop();
            this.mSignInRegisterFormSubmitTimer = null;
        }
    }

    @Override // android.webkit.WebViewClient
    public void onPageStarted(WebView webView, String str, Bitmap bitmap) {
        MAPLog.d("AuthenticationWebViewClient", "onPageStarted: " + str);
        MAPLog.d("AuthenticationWebViewClient", "Before Page Started with scope =" + this.mScope);
        if (!this.mMAPSmsReceiver.shouldRegisterMAPSmsReceiver(str, this.mContext)) {
            this.mMAPSmsReceiver.unregisterMAPSmsReceiverIfRegistered(this.mContext);
        }
        this.mCallback.onPageStarted(str);
        URI strToUri = strToUri(str);
        if (isCancelEvent(strToUri)) {
            this.mCallback.setError(AccountsCallbackHelpers.getAccountManagerErrorBundle(MAPError.CommonError.OPERATION_CANCELLED, "Registration canceled", 4, "Registration canceled"));
            handleChallengeCancelMetric();
        } else if (isReturnToURL(strToUri)) {
            handleReturnToUrl(str);
            MAPLog.w("AuthenticationWebViewClient", "ReturnToUrl is loaded by webview! This shouldn't happen");
            MetricsHelper.incrementCounterAndRecord("ReturnToUrl_OnPageStarted", new String[0]);
        } else {
            if (isSignInOrRegisterPost(str) && (this.mIsMFA || this.mIsDCQ)) {
                this.mCallback.onCodeEnterFinished();
            }
            handleChallengeEventMetric(str);
        }
    }

    @Override // android.webkit.WebViewClient
    public void onReceivedError(WebView webView, int i, String str, String str2) {
        MAPLog.e("AuthenticationWebViewClient", "Got an error from the webview. Returning false for SignIn (" + i + ") " + str);
        SSOMetrics.recordWebViewLoadFailure(str2, i);
        MetricsHelper.incrementCounterAndRecord("NetworkError3:AuthenticationWebViewClient", new String[0]);
        this.mCallback.setError(AccountsCallbackHelpers.getErrorBundle(MAPError.CommonError.NETWORK_ERROR, String.format("A network error occurred: %s", str), MAPAccountManager.RegistrationError.NETWORK_FAILURE.value(), String.format(Locale.ENGLISH, "Received error code %d and description: %s", Integer.valueOf(i), str)));
    }

    @Override // android.webkit.WebViewClient
    public void onReceivedSslError(WebView webView, SslErrorHandler sslErrorHandler, SslError sslError) {
        MAPLog.d("AuthenticationWebViewClient", "Got an SSL error:" + sslError.toString());
        if (DebugReleaseDiffMethods.checkIfNotProdOnReceivedSslError(sslErrorHandler)) {
            return;
        }
        MetricsHelper.incrementCounterAndRecord("NetworkError5:AuthenticationWebViewClient", new String[0]);
        String format = String.format(Locale.ENGLISH, "SSL Failure. SSL Error code %d.", Integer.valueOf(sslError.getPrimaryError()));
        Bundle errorBundle = AccountsCallbackHelpers.getErrorBundle(MAPError.CommonError.NETWORK_ERROR, format, MAPAccountManager.RegistrationError.NETWORK_FAILURE.value(), format);
        if (Build.VERSION.SDK_INT >= 14) {
            String url = sslError.getUrl();
            URL createUrl = UrlUtils.createUrl(url);
            SSOMetrics.recordWebViewLoadFailureSSL(url, sslError.getPrimaryError());
            if (createUrl != null) {
                String str = createUrl.getHost() + createUrl.getPath();
                MAPLog.e("AuthenticationWebViewClient", "SSL error for: " + str);
                MetricsHelper.incrementCounterAndRecord("MAPWebViewSSLError_" + str, new String[0]);
                errorBundle.putString("com.amazon.identity.WebViewSSLErrorDomainPath", str);
            }
        } else {
            SSOMetrics.recordWebViewLoadFailureSSL("CannotGetURL", sslError.getPrimaryError());
            MetricsHelper.incrementCounterAndRecord("MAPWebViewSSLError", new String[0]);
        }
        errorBundle.putInt("com.amazon.identity.WebViewSSLErrorCode", sslError.getPrimaryError());
        this.mCallback.setError(errorBundle);
    }

    @Override // android.webkit.WebViewClient
    public WebResourceResponse shouldInterceptRequest(WebView webView, String str) {
        Tracer tracer;
        if (isSignInOrRegisterPost(str) && this.mSignInRegisterFormSubmitTimer == null && (tracer = this.mTracer) != null) {
            this.mSignInRegisterFormSubmitTimer = tracer.startTimer("AuthenticationWebViewClient_SignInRegisterPost:" + this.mRequestType.name());
        }
        return super.shouldInterceptRequest(webView, str);
    }

    @Override // android.webkit.WebViewClient
    public boolean shouldOverrideUrlLoading(WebView webView, String str) {
        MAPLog.d("AuthenticationWebViewClient", "shouldOverrideUrlLoading: " + str);
        if (shouldLaunchBrowserOrHandle3PAuthCallback(webView, str)) {
            return true;
        }
        if (!isReturnToURL(strToUri(str))) {
            return false;
        }
        this.mCallback.onPageStarted(str);
        handleReturnToUrl(str);
        return true;
    }
}
