package com.myfitnesspal.shared.api.auth;

import android.content.Context;
import android.os.Looper;
import com.google.gson.annotations.Expose;
import com.myfitnesspal.android.plans.R;
import com.myfitnesspal.shared.api.ApiException;
import com.myfitnesspal.shared.api.v2.MfpV2Api;
import com.myfitnesspal.shared.constants.SharedConstants;
import com.myfitnesspal.shared.service.analytics.MfpAnalyticsService;
import com.myfitnesspal.shared.service.session.Session;
import com.uacf.core.util.Ln;
import com.uacf.core.util.Strings;
import com.uacf.identity.sdk.UacfIdentitySdk;
import com.uacf.identity.sdk.model.UacfVerticalAccountInfo;
import dagger.Lazy;
import io.uacf.core.api.UacfApiException;
import io.uacf.core.app.UacfSocialNetworkProvider;
import io.uacf.core.app.UacfUserAccountDomain;
import java.util.UUID;
import javax.inject.Provider;

/* loaded from: classes4.dex */
public class LegacySSOAuthTokenProvider implements AuthTokenProvider {
    private static final Object CREDENTIAL_MIGRATION_LOCK = new Object();
    private static final String EVENT_MIGRATE_LEGACY_TO_IDM_FAIL = "migrate_legacy_to_idm_fail";
    private static final String EVENT_MIGRATE_LEGACY_TO_IDM_SUCCESS = "migrate_legacy_to_idm_success";
    private static final String KEY_CLIENT_ID = "client_id";
    private static final String KEY_CREDENTIAL = "credential";
    private static final String KEY_DEVICE_ID = "device_id";
    private static final String KEY_GRANT_TYPE = "grant_type";
    private static final String KEY_PASSWORD = "password";
    private static final String KEY_PRINCIPAL = "principal";
    private static final String KEY_PROVIDER = "provider";
    private static final String KEY_USERNAME = "username";
    private static final String VALUE_ASSOCIATED_IDENTITY = "associated_identity";
    private static final String VALUE_EXCHANGE_TOKEN_PROVIDER = "idm_exchange_token";
    private static final String VALUE_GRANT_TYPE_PASSWORD = "password";
    private final Lazy<MfpAnalyticsService> analytics;
    private final Provider<MfpV2Api> api;
    private final String clientId;
    private final Context context;
    private final UUID deviceId;
    private final LegacyAuthTokenStore legacyCredentialStore;
    private final LegacyAuthTokenProvider legacyTokenProvider;
    private final UacfIdentitySdk sdk = SSO.getSdk();
    private final Lazy<Session> session;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes4.dex */
    public static class TokenExchangeResponse {

        @Expose
        String accessToken;

        @Expose
        int expiresIn;

        @Expose
        String idToken;

        @Expose
        String refreshToken;

        private TokenExchangeResponse() {
        }

        public boolean isValid() {
            return Strings.notEmpty(this.accessToken) && Strings.notEmpty(this.idToken) && Strings.notEmpty(this.refreshToken) && this.expiresIn > 0;
        }
    }

    public LegacySSOAuthTokenProvider(Context context, Lazy<Session> lazy, Lazy<MfpAnalyticsService> lazy2, String str, Provider<MfpV2Api> provider, LegacyAuthTokenProvider legacyAuthTokenProvider, LegacyAuthTokenStore legacyAuthTokenStore, UUID uuid) {
        this.context = context;
        this.analytics = lazy2;
        this.clientId = str;
        this.session = lazy;
        this.api = provider;
        this.legacyCredentialStore = legacyAuthTokenStore;
        this.legacyTokenProvider = legacyAuthTokenProvider;
        this.deviceId = uuid;
    }

    private TokenExchangeResponse exchangeLegacyTokensForIdentityTokens() throws ApiException {
        return (TokenExchangeResponse) this.api.get().withOutputType(TokenExchangeResponse.class).withAuthTokenProvider(this.legacyTokenProvider).post(SharedConstants.Uri.OAUTH2_TOKEN, "grant_type", VALUE_ASSOCIATED_IDENTITY, KEY_CREDENTIAL, this.legacyCredentialStore.getAccessToken(), KEY_PROVIDER, VALUE_EXCHANGE_TOKEN_PROVIDER, "client_id", this.clientId, KEY_PRINCIPAL, getDomainUserId());
    }

    private TokenExchangeResponse getIdmTokenForAdminLogin(String str, String str2) throws ApiException {
        return (TokenExchangeResponse) this.api.get().withOutputType(TokenExchangeResponse.class).withAuthTokenProvider(this.legacyTokenProvider).post(SharedConstants.Uri.OAUTH2_TOKEN, "password", str2, "device_id", getDeviceId(), "client_id", this.clientId, "username", str, "grant_type", "password");
    }

    private boolean useAdminUserLogin(String str) {
        return Strings.notEmpty(str) && str.contains("::");
    }

    @Override // io.uacf.core.auth.UacfAuthProvider
    public String getAccessToken() {
        boolean z = Looper.getMainLooper().getThread() == Thread.currentThread();
        if (!z) {
            try {
                migrateLegacyCredentialsIfRequired();
            } catch (ApiException unused) {
            }
        }
        try {
            if (legacyCredentialsMigrated()) {
                return Strings.toString(z ? this.sdk.getCachedUserToken() : this.sdk.getCurrentUserToken());
            }
            return this.legacyCredentialStore.getAccessToken();
        } catch (UacfApiException e) {
            Ln.e("unable to obtain an access token from SSO for the current user.", new Object[0]);
            Ln.e(e);
            return "";
        }
    }

    @Override // io.uacf.core.auth.UacfAuthProvider
    public String getClientToken() {
        boolean z = Looper.getMainLooper().getThread() == Thread.currentThread();
        if (!z) {
            try {
                migrateLegacyCredentialsIfRequired();
            } catch (ApiException unused) {
            }
        }
        try {
            if (legacyCredentialsMigrated()) {
                return Strings.toString(z ? this.sdk.getCachedClientToken() : this.sdk.getCurrentClientToken());
            }
            return "";
        } catch (UacfApiException e) {
            Ln.e("unable to obtain an access token from SSO for the current user.", new Object[0]);
            Ln.e(e);
            return "";
        }
    }

    @Override // com.myfitnesspal.shared.api.auth.AuthTokenProvider
    public String getDeviceId() {
        return this.deviceId.toString();
    }

    @Override // io.uacf.core.auth.UacfAuthProvider
    public UacfUserAccountDomain getDomain() {
        UacfVerticalAccountInfo currentUserAccount = this.sdk.getCurrentUserAccount();
        if (currentUserAccount != null) {
            return currentUserAccount.getDomain();
        }
        return null;
    }

    @Override // io.uacf.core.auth.UacfAuthProvider
    public String getDomainUserId() {
        if (!legacyCredentialsMigrated()) {
            return this.legacyCredentialStore.getUserId();
        }
        String domainUserId = SSO.getDomainUserId(this.sdk);
        return Strings.isEmpty(domainUserId) ? this.session.get().getUser().getUserId() : domainUserId;
    }

    @Override // io.uacf.core.auth.UacfAuthProvider
    public Long getLongUacfUserId() {
        return Long.valueOf(getUacfUserId());
    }

    @Override // io.uacf.core.auth.UacfAuthProvider
    public String getRefreshToken() {
        if (!(Looper.getMainLooper().getThread() == Thread.currentThread())) {
            try {
                migrateLegacyCredentialsIfRequired();
            } catch (ApiException unused) {
            }
        }
        UacfVerticalAccountInfo currentUserAccount = this.sdk.getCurrentUserAccount();
        return currentUserAccount != null ? currentUserAccount.getRefreshToken() : "";
    }

    @Override // io.uacf.core.auth.UacfAuthProvider
    public String getUacfUserId() {
        return !legacyCredentialsMigrated() ? "" : Strings.toString(this.sdk.getCurrentUserId());
    }

    @Override // io.uacf.core.auth.UacfAuthProvider
    public String getUserLocale() {
        UacfVerticalAccountInfo currentUserAccount = this.sdk.getCurrentUserAccount();
        if (currentUserAccount != null) {
            return currentUserAccount.getUserLocale();
        }
        return null;
    }

    @Override // io.uacf.core.auth.UacfAuthProvider
    public boolean isValidLoginSession() {
        return this.session.get().getUser().isLoggedIn() && legacyCredentialsMigrated() && Strings.notEmpty(getAccessToken()) && Strings.notEmpty(getRefreshToken()) && Strings.notEmpty(getDomainUserId()) && Strings.notEmpty(getDeviceId());
    }

    public boolean legacyCredentialsMigrated() {
        return Strings.isEmpty(this.legacyCredentialStore.getUserId()) && Strings.isEmpty(this.legacyCredentialStore.getAccessToken());
    }

    @Override // com.myfitnesspal.shared.api.auth.AuthTokenProvider
    public String login(String str, String str2) throws ApiException {
        try {
            if (!useAdminUserLogin(str)) {
                return this.sdk.login(str, str2);
            }
            return this.sdk.loginWithToken(getIdmTokenForAdminLogin(str, str2).accessToken);
        } catch (UacfApiException e) {
            throw new ApiException(e);
        }
    }

    @Override // com.myfitnesspal.shared.api.auth.AuthTokenProvider
    public String loginWithFacebook(String str, String str2) throws ApiException {
        try {
            return Strings.toString(this.sdk.login(UacfSocialNetworkProvider.FACEBOOK, this.context.getString(R.string.facebook_app_id), str, str2));
        } catch (UacfApiException e) {
            throw new ApiException(e);
        }
    }

    @Override // com.myfitnesspal.shared.api.auth.AuthTokenProvider
    public void logout() {
        try {
            this.sdk.logout();
            this.legacyCredentialStore.clear();
        } catch (UacfApiException e) {
            Ln.e("SSO SDK logout failed!", new Object[0]);
            Ln.e(e);
        }
    }

    public void migrateLegacyCredentialsIfRequired() throws ApiException {
        synchronized (CREDENTIAL_MIGRATION_LOCK) {
            if (legacyCredentialsMigrated()) {
                return;
            }
            if (this.legacyTokenProvider.isValidLoginSession()) {
                try {
                    TokenExchangeResponse exchangeLegacyTokensForIdentityTokens = exchangeLegacyTokensForIdentityTokens();
                    if (!exchangeLegacyTokensForIdentityTokens.isValid()) {
                        throw new ApiException("invalid token migration response", 999);
                    }
                    this.sdk.loginWithToken(exchangeLegacyTokensForIdentityTokens.accessToken);
                    this.legacyCredentialStore.clear();
                    this.analytics.get().reportEvent(EVENT_MIGRATE_LEGACY_TO_IDM_SUCCESS);
                } catch (Exception e) {
                    this.analytics.get().reportEvent(EVENT_MIGRATE_LEGACY_TO_IDM_FAIL);
                    Ln.e("error migrating user to SSO!", new Object[0]);
                    Ln.e(e);
                    throw new ApiException("token migration failed", 555);
                }
            }
        }
    }

    @Override // com.myfitnesspal.shared.api.auth.AuthTokenProvider
    public void refreshAccessToken() throws ApiException {
        migrateLegacyCredentialsIfRequired();
        if (!legacyCredentialsMigrated()) {
            throw new ApiException("credential migration failed", 401);
        }
        try {
            this.sdk.refreshUserToken();
        } catch (UacfApiException e) {
            throw new ApiException(e);
        }
    }
}
