package com.dropbox.core;

import com.dropbox.core.util.StringUtil;
import java.security.SecureRandom;
import java.util.Map;

/* loaded from: input_file:com/dropbox/core/DbxWebAuth.class */
public class DbxWebAuth {
    private final DbxRequestConfig requestConfig;
    private final DbxAppInfo appInfo;
    private final String redirectUri;
    private final DbxSessionStore csrfTokenStore;
    static final /* synthetic */ boolean $assertionsDisabled;

    /* loaded from: input_file:com/dropbox/core/DbxWebAuth$BadRequestException.class */
    public static final class BadRequestException extends Exception {
        public BadRequestException(String str) {
            super(str);
        }
    }

    /* loaded from: input_file:com/dropbox/core/DbxWebAuth$BadStateException.class */
    public static final class BadStateException extends Exception {
        public BadStateException() {
            super("Not expecting Dropbox auth redirect (session doesn't have CSRF token)");
        }
    }

    /* loaded from: input_file:com/dropbox/core/DbxWebAuth$CsrfException.class */
    public static final class CsrfException extends Exception {
        public CsrfException(String str) {
            super(str);
        }
    }

    /* loaded from: input_file:com/dropbox/core/DbxWebAuth$Exception.class */
    public static abstract class Exception extends java.lang.Exception {
        public Exception(String str) {
            super(str);
        }
    }

    /* loaded from: input_file:com/dropbox/core/DbxWebAuth$NotApprovedException.class */
    public static final class NotApprovedException extends Exception {
        public NotApprovedException(String str) {
            super(str);
        }
    }

    /* loaded from: input_file:com/dropbox/core/DbxWebAuth$ProviderException.class */
    public static final class ProviderException extends Exception {
        public ProviderException(String str) {
            super(str);
        }
    }

    public DbxWebAuth(DbxRequestConfig dbxRequestConfig, DbxAppInfo dbxAppInfo, String str, DbxSessionStore dbxSessionStore) {
        if (dbxRequestConfig == null) {
            throw new IllegalArgumentException("'requestConfig' is null");
        }
        if (dbxAppInfo == null) {
            throw new IllegalArgumentException("'appInfo' is null");
        }
        if (str == null) {
            throw new IllegalArgumentException("'redirectUri' is null");
        }
        if (dbxSessionStore == null) {
            throw new IllegalArgumentException("'csrfTokenStore' is null");
        }
        this.requestConfig = dbxRequestConfig;
        this.appInfo = dbxAppInfo;
        this.redirectUri = str;
        this.csrfTokenStore = dbxSessionStore;
    }

    public String start(String str) {
        byte[] bArr = new byte[16];
        new SecureRandom().nextBytes(bArr);
        String urlSafeBase64Encode = StringUtil.urlSafeBase64Encode(bArr);
        String str2 = urlSafeBase64Encode;
        if (str != null) {
            str2 = str2 + "|" + str;
        }
        this.csrfTokenStore.set(urlSafeBase64Encode);
        return DbxWebAuthHelper.getAuthorizeUrl(this.appInfo, this.requestConfig.userLocale, this.redirectUri, str2);
    }

    public String start() {
        return start(null);
    }

    public DbxAuthFinish finish(Map<String, String[]> map) throws DbxException, BadRequestException, BadStateException, CsrfException, NotApprovedException, ProviderException {
        String substring;
        String substring2;
        if (map == null) {
            throw new IllegalArgumentException("'queryParams' is null");
        }
        String param = getParam(map, "state");
        if (param == null) {
            throw new BadRequestException("missing 'state' parameter");
        }
        String param2 = getParam(map, "error");
        String param3 = getParam(map, "code");
        String param4 = getParam(map, "error_description");
        if (param3 == null && param2 == null) {
            throw new BadRequestException("missing both 'code' and 'error'; one must be present");
        }
        if (param3 != null && param2 != null) {
            throw new BadRequestException("both 'code' and 'error' are set; only one must be present");
        }
        if (param3 != null && param4 != null) {
            throw new BadRequestException("both 'code' and 'error_description' are set");
        }
        String str = this.csrfTokenStore.get();
        if (str == null) {
            throw new BadStateException();
        }
        if (str.length() <= 20) {
            throw new AssertionError("CSRF token too short: " + StringUtil.jq(str));
        }
        int indexOf = param.indexOf(124);
        if (indexOf < 0) {
            substring = param;
            substring2 = null;
        } else {
            substring = param.substring(0, indexOf);
            substring2 = param.substring(indexOf);
        }
        if (!StringUtil.secureStringEquals(str, substring)) {
            throw new CsrfException("expecting " + StringUtil.jq(str) + ", got " + StringUtil.jq(substring));
        }
        this.csrfTokenStore.clear();
        if (param2 == null) {
            if (!$assertionsDisabled && param3 == null) {
                throw new AssertionError();
            }
            DbxAuthFinish finish = DbxWebAuthHelper.finish(this.appInfo, this.requestConfig, param3, this.redirectUri);
            return new DbxAuthFinish(finish.accessToken, finish.userId, substring2);
        }
        if (param2.equals("access_denied")) {
            throw new NotApprovedException(param4 == null ? "No additional description from Dropbox" : "Additional description from Dropbox: " + param4);
        }
        String str2 = param2;
        if (param4 != null) {
            str2 = str2 + ": " + param4;
        }
        throw new ProviderException(str2);
    }

    private static String getParam(Map<String, String[]> map, String str) throws BadRequestException {
        String[] strArr = map.get(str);
        if (strArr == null) {
            return null;
        }
        if (!$assertionsDisabled && strArr.length == 0) {
            throw new AssertionError();
        }
        if (strArr.length == 1) {
            return strArr[0];
        }
        throw new BadRequestException("multiple occurrences of '" + str + "' parameter");
    }

    static {
        $assertionsDisabled = !DbxWebAuth.class.desiredAssertionStatus();
    }
}
