package com.google.apphosting.client.datastoreservice.app.mobile;

import com.google.android.gms.common.Scopes;
import com.google.appengine.api.oauth.OAuthServiceFactory;
import com.google.appengine.repackaged.com.google.common.annotations.VisibleForTesting;
import com.google.appengine.repackaged.com.google.protobuf.MessageLite;
import com.google.apphosting.api.ApiProxy;
import com.google.apphosting.client.datastoreservice.mobile.DatastoreMobileService;
import com.google.apphosting.client.serviceapp.AuthService;
import com.google.apphosting.client.serviceapp.AuthServiceImpl;
import com.google.apphosting.client.serviceapp.BaseApiServlet;
import com.google.apphosting.client.serviceapp.Clock;
import java.io.IOException;
import java.util.regex.Matcher;
import java.util.regex.Pattern;

/* loaded from: classes4.dex */
public class DatastoreMobileApiServlet extends BaseApiServlet {

    @VisibleForTesting
    static final String API_HEADER = "X-AppEngine-DatastoreMobile-API";
    public static final String INVALID_CLIENT_ID_ERROR = "Invalid Client ID.";
    public static final String INVALID_USER_CRED_ERROR = "Unauthorized.";
    private static final int MAX_APP_ID_SECTION_LENGTH = 100;
    private IdTokenAuthenticator idTokenAuth;

    @VisibleForTesting
    public static final String[] OAUTH2_SCOPE_STRINGS = {Scopes.CLOUD_SAVE, "https://www.googleapis.com/auth/cloud-platform"};

    @VisibleForTesting
    public static final String[] OAUTH2_SCOPE_CODES = {"43610", "35600"};
    private static final String APP_ID_PARTITION_STRING = String.format("[a-z\\d\\-]{1,%d}", 100);
    private static final String APP_ID_DOMAIN_STRING = String.format("[a-z\\d][a-z\\d\\-\\.]{0,%d}", 99);
    private static final String APP_ID_DISPLAY_STRING = String.format("[a-z\\d][a-z\\d\\-]{0,%d}", 99);
    private static final String PROJECT_ID_STRING = String.format("(?:(?:%s):)?(?:%s)", APP_ID_DOMAIN_STRING, APP_ID_DISPLAY_STRING);
    private static final String APP_ID_STRING = String.format("(?:(?<cluster>%s)~)?(?<project>%s)", APP_ID_PARTITION_STRING, PROJECT_ID_STRING);
    private static final Pattern APP_ID_REGEX = Pattern.compile(APP_ID_STRING);
    private static final Pattern CLIENT_ID_TOKEN_REGEX = Pattern.compile("Bearer\\s+(?<token>.*)", 8);

    public DatastoreMobileApiServlet() {
        this(new AuthServiceImpl(OAuthServiceFactory.getOAuthService()), new IdTokenAuthenticator());
    }

    DatastoreMobileApiServlet(DatastoreMobileRpcService datastoreMobileRpcService, IdTokenAuthenticator idTokenAuthenticator) {
        super(datastoreMobileRpcService.getAuthService(), Clock.SYSTEM_CLOCK, datastoreMobileRpcService);
        this.idTokenAuth = idTokenAuthenticator;
    }

    @VisibleForTesting
    public DatastoreMobileApiServlet(AuthService authService, IdTokenAuthenticator idTokenAuthenticator) {
        this(new DatastoreMobileRpcService(ApiProxy.getCurrentEnvironment().getAppId(), authService, idTokenAuthenticator), idTokenAuthenticator);
    }

    private String getClientTokenProjectId(MessageLite messageLite) {
        return messageLite == null ? "" : ((DatastoreMobileService.RequestHeader) messageLite).getClientTokenProjectId();
    }

    @VisibleForTesting
    static String matchProjectId(String str, String str2) {
        Matcher matcher = APP_ID_REGEX.matcher(str);
        if (!matcher.matches()) {
            String valueOf = String.valueOf("Invalid Client ID.: invalid project id=");
            String valueOf2 = String.valueOf(str);
            return valueOf2.length() != 0 ? valueOf.concat(valueOf2) : new String(valueOf);
        }
        if (matcher.group("project").equals(str2)) {
            return null;
        }
        String valueOf3 = String.valueOf("Invalid Client ID.: expected=");
        String valueOf4 = String.valueOf(matcher.group("project"));
        return new StringBuilder(String.valueOf(valueOf3).length() + 6 + String.valueOf(valueOf4).length() + String.valueOf(str2).length()).append(valueOf3).append(valueOf4).append(", got=").append(str2).toString();
    }

    /* JADX WARN: Removed duplicated region for block: B:30:0x004a  */
    /* JADX WARN: Removed duplicated region for block: B:31:0x007e  */
    /* JADX WARN: Removed duplicated region for block: B:6:0x0050  */
    /* JADX WARN: Removed duplicated region for block: B:9:0x00bd A[RETURN] */
    @Override // com.google.apphosting.client.serviceapp.BaseApiServlet
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    protected void authenticate(com.google.apphosting.client.serviceapp.RpcHandler.RequestPermissions r13, @javax.annotation.Nullable com.google.appengine.repackaged.com.google.protobuf.MessageLite r14) throws com.google.apphosting.client.serviceapp.RpcException {
        /*
            r12 = this;
            java.lang.String r7 = r12.getPeerAuthorization(r14)
            java.lang.String r3 = r12.getAuthorization(r14)
            r5 = 0
            boolean r8 = r7.isEmpty()
            if (r8 != 0) goto L84
            java.util.regex.Pattern r8 = com.google.apphosting.client.datastoreservice.app.mobile.DatastoreMobileApiServlet.CLIENT_ID_TOKEN_REGEX     // Catch: java.security.GeneralSecurityException -> L35 java.io.IOException -> L5e
            java.util.regex.Matcher r2 = r8.matcher(r3)     // Catch: java.security.GeneralSecurityException -> L35 java.io.IOException -> L5e
            boolean r8 = r2.matches()     // Catch: java.security.GeneralSecurityException -> L35 java.io.IOException -> L5e
            if (r8 != 0) goto L60
            java.security.GeneralSecurityException r9 = new java.security.GeneralSecurityException     // Catch: java.security.GeneralSecurityException -> L35 java.io.IOException -> L5e
            java.lang.String r8 = "Invalid Client ID.: invalid client id token="
            java.lang.String r10 = java.lang.String.valueOf(r8)     // Catch: java.security.GeneralSecurityException -> L35 java.io.IOException -> L5e
            java.lang.String r8 = java.lang.String.valueOf(r3)     // Catch: java.security.GeneralSecurityException -> L35 java.io.IOException -> L5e
            int r11 = r8.length()     // Catch: java.security.GeneralSecurityException -> L35 java.io.IOException -> L5e
            if (r11 == 0) goto L58
            java.lang.String r8 = r10.concat(r8)     // Catch: java.security.GeneralSecurityException -> L35 java.io.IOException -> L5e
        L31:
            r9.<init>(r8)     // Catch: java.security.GeneralSecurityException -> L35 java.io.IOException -> L5e
            throw r9     // Catch: java.security.GeneralSecurityException -> L35 java.io.IOException -> L5e
        L35:
            r6 = move-exception
        L36:
            java.lang.String r8 = "Unauthorized.: "
            java.lang.String r8 = java.lang.String.valueOf(r8)
            java.lang.String r9 = r6.getMessage()
            java.lang.String r9 = java.lang.String.valueOf(r9)
            int r10 = r9.length()
            if (r10 == 0) goto L7e
            java.lang.String r5 = r8.concat(r9)
        L4e:
            if (r5 == 0) goto Lbd
            com.google.apphosting.client.serviceapp.RpcException r8 = new com.google.apphosting.client.serviceapp.RpcException
            com.google.appengine.repackaged.com.google.net.util.error.Codes$Code r9 = com.google.appengine.repackaged.com.google.net.util.error.Codes.Code.PERMISSION_DENIED
            r8.<init>(r9, r5)
            throw r8
        L58:
            java.lang.String r8 = new java.lang.String     // Catch: java.security.GeneralSecurityException -> L35 java.io.IOException -> L5e
            r8.<init>(r10)     // Catch: java.security.GeneralSecurityException -> L35 java.io.IOException -> L5e
            goto L31
        L5e:
            r6 = move-exception
            goto L36
        L60:
            java.lang.String r8 = "token"
            java.lang.String r1 = r2.group(r8)     // Catch: java.security.GeneralSecurityException -> L35 java.io.IOException -> L5e
            com.google.apphosting.client.datastoreservice.app.mobile.IdTokenAuthenticator r8 = r12.idTokenAuth     // Catch: java.security.GeneralSecurityException -> L35 java.io.IOException -> L5e
            r8.authenticate(r7, r1)     // Catch: java.security.GeneralSecurityException -> L35 java.io.IOException -> L5e
            com.google.apphosting.client.datastoreservice.app.mobile.IdTokenAuthenticator r8 = r12.idTokenAuth     // Catch: java.security.GeneralSecurityException -> L35 java.io.IOException -> L5e
            java.lang.String r4 = r8.getProjectId()     // Catch: java.security.GeneralSecurityException -> L35 java.io.IOException -> L5e
            com.google.apphosting.api.ApiProxy$Environment r8 = com.google.apphosting.api.ApiProxy.getCurrentEnvironment()     // Catch: java.security.GeneralSecurityException -> L35 java.io.IOException -> L5e
            java.lang.String r0 = r8.getAppId()     // Catch: java.security.GeneralSecurityException -> L35 java.io.IOException -> L5e
            java.lang.String r5 = matchProjectId(r0, r4)     // Catch: java.security.GeneralSecurityException -> L35 java.io.IOException -> L5e
            goto L4e
        L7e:
            java.lang.String r5 = new java.lang.String
            r5.<init>(r8)
            goto L4e
        L84:
            com.google.apphosting.client.serviceapp.AuthService r8 = r12.authService     // Catch: com.google.appengine.api.oauth.OAuthRequestException -> L9d
            java.lang.String[] r9 = com.google.apphosting.client.datastoreservice.app.mobile.DatastoreMobileApiServlet.OAUTH2_SCOPE_CODES     // Catch: com.google.appengine.api.oauth.OAuthRequestException -> L9d
            r10 = 0
            r8.getUserPermissions(r9, r10)     // Catch: com.google.appengine.api.oauth.OAuthRequestException -> L9d
            com.google.apphosting.api.ApiProxy$Environment r8 = com.google.apphosting.api.ApiProxy.getCurrentEnvironment()     // Catch: com.google.appengine.api.oauth.OAuthRequestException -> L9d
            java.lang.String r0 = r8.getAppId()     // Catch: com.google.appengine.api.oauth.OAuthRequestException -> L9d
            java.lang.String r4 = r12.getClientTokenProjectId(r14)     // Catch: com.google.appengine.api.oauth.OAuthRequestException -> L9d
            java.lang.String r5 = matchProjectId(r0, r4)     // Catch: com.google.appengine.api.oauth.OAuthRequestException -> L9d
            goto L4e
        L9d:
            r6 = move-exception
            java.lang.String r8 = "Unauthorized.: "
            java.lang.String r8 = java.lang.String.valueOf(r8)
            java.lang.String r9 = r6.getMessage()
            java.lang.String r9 = java.lang.String.valueOf(r9)
            int r10 = r9.length()
            if (r10 == 0) goto Lb7
            java.lang.String r5 = r8.concat(r9)
        Lb6:
            goto L4e
        Lb7:
            java.lang.String r5 = new java.lang.String
            r5.<init>(r8)
            goto Lb6
        Lbd:
            return
        */
        throw new UnsupportedOperationException("Method not decompiled: com.google.apphosting.client.datastoreservice.app.mobile.DatastoreMobileApiServlet.authenticate(com.google.apphosting.client.serviceapp.RpcHandler$RequestPermissions, com.google.appengine.repackaged.com.google.protobuf.MessageLite):void");
    }

    @Override // com.google.apphosting.client.serviceapp.BaseApiServlet
    protected String getApiHeader() {
        return API_HEADER;
    }

    @VisibleForTesting
    public String getAuthorization(MessageLite messageLite) {
        return messageLite == null ? "" : ((DatastoreMobileService.RequestHeader) messageLite).getClientIdToken();
    }

    @Override // com.google.apphosting.client.serviceapp.BaseApiServlet
    protected String[] getOAuthScopeCodes() {
        return OAUTH2_SCOPE_CODES;
    }

    @Override // com.google.apphosting.client.serviceapp.BaseApiServlet
    protected String[] getOAuthScopeStrings() {
        return OAUTH2_SCOPE_STRINGS;
    }

    @VisibleForTesting
    public String getPeerAuthorization(MessageLite messageLite) {
        return messageLite == null ? "" : ((DatastoreMobileService.RequestHeader) messageLite).getApiaryIdToken();
    }

    @VisibleForTesting(productionVisibility = VisibleForTesting.Visibility.NONE)
    public byte[] injectRequestHeaderForTest(String str, byte[] bArr, DatastoreMobileService.RequestHeader requestHeader) throws IOException {
        return ((DatastoreMobileRpcHandler) getHandler(str)).deserializeWithHeader(bArr, requestHeader).toByteArray();
    }
}
