package com.movika.authorization.core.network;

import android.util.Log;
import com.google.android.gms.common.util.ArrayUtils;
import com.google.logging.type.LogSeverity;
import com.movika.authorization.core.model.AuthData;
import com.movika.authorization.core.network.models.TokenDto;
import com.movika.authorization.core.network.models.UpdateTokenBody;
import com.movika.core.logs.CrashlyticsLogger;
import com.movika.core.retrofit.interceptors.HeadersInjector;
import com.movika.core.security.CertificateValidator;
import java.io.IOException;
import java.security.cert.Certificate;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import kotlin.Metadata;
import kotlin.Unit;
import kotlin.collections.ArraysKt___ArraysKt;
import kotlin.jvm.internal.Intrinsics;
import kotlin.text.StringsKt__StringsJVMKt;
import okhttp3.Handshake;
import okhttp3.HttpUrl;
import okhttp3.Interceptor;
import okhttp3.Request;
import okhttp3.Response;
import org.jetbrains.annotations.NotNull;

/* compiled from: AuthInterceptor.kt */
@Metadata(d1 = {"\u0000\u0082\u0001\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010 \n\u0002\u0010\u000e\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0005\n\u0002\u0010\u000b\n\u0000\n\u0002\u0010\u0000\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\b\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0004\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0005\u0018\u0000 32\u00020\u0001:\u00013B+\u0012\u0006\u0010\u0002\u001a\u00020\u0003\u0012\u0006\u0010\u0004\u001a\u00020\u0005\u0012\u0006\u0010\u0006\u001a\u00020\u0007\u0012\f\u0010\b\u001a\b\u0012\u0004\u0012\u00020\n0\t¢\u0006\u0002\u0010\u000bJ\b\u0010\u0018\u001a\u00020\u0019H\u0002J*\u0010\u001a\u001a\u00020\u001b2\b\u0010\u001c\u001a\u0004\u0018\u00010\u001d2\u0006\u0010\u001e\u001a\u00020\n2\u0006\u0010\u001f\u001a\u00020 2\u0006\u0010!\u001a\u00020\"H\u0002J\u0018\u0010#\u001a\u00020\u00192\u0006\u0010$\u001a\u00020%2\u0006\u0010\u001c\u001a\u00020\u001dH\u0002J\u001a\u0010&\u001a\u00020\"2\b\u0010'\u001a\u0004\u0018\u00010(2\u0006\u0010)\u001a\u00020\"H\u0002J\u0010\u0010*\u001a\u00020\u001b2\u0006\u0010\u001f\u001a\u00020 H\u0016J\u0010\u0010+\u001a\u00020\u00132\u0006\u0010,\u001a\u00020-H\u0002J\u001e\u0010.\u001a\b\u0012\u0004\u0012\u00020(0/2\u0006\u0010\u001c\u001a\u00020\u001d2\u0006\u0010\u001e\u001a\u00020\nH\u0002J\u0010\u00100\u001a\u00020\n2\u0006\u0010,\u001a\u00020\nH\u0002J\u0010\u00101\u001a\u00020\u00192\u0006\u00102\u001a\u00020\u001bH\u0002R\u001a\u0010\f\u001a\u00020\rX\u0086.¢\u0006\u000e\n\u0000\u001a\u0004\b\u000e\u0010\u000f\"\u0004\b\u0010\u0010\u0011R\u000e\u0010\u0002\u001a\u00020\u0003X\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\u0004\u001a\u00020\u0005X\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\u0006\u001a\u00020\u0007X\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\u0012\u001a\u00020\u0013X\u0082\u000e¢\u0006\u0002\n\u0000R\u000e\u0010\u0014\u001a\u00020\u0015X\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\u0016\u001a\u00020\u0017X\u0082\u0004¢\u0006\u0002\n\u0000R\u0014\u0010\b\u001a\b\u0012\u0004\u0012\u00020\n0\tX\u0082\u0004¢\u0006\u0002\n\u0000¨\u00064"}, d2 = {"Lcom/movika/authorization/core/network/AuthInterceptor;", "Lokhttp3/Interceptor;", "authManager", "Lcom/movika/authorization/core/network/AuthManager;", "certificateValidator", "Lcom/movika/core/security/CertificateValidator;", "headersInjector", "Lcom/movika/core/retrofit/interceptors/HeadersInjector;", "urlsToIntercept", "", "", "(Lcom/movika/authorization/core/network/AuthManager;Lcom/movika/core/security/CertificateValidator;Lcom/movika/core/retrofit/interceptors/HeadersInjector;Ljava/util/List;)V", "authApi", "Lcom/movika/authorization/core/network/AuthApi;", "getAuthApi", "()Lcom/movika/authorization/core/network/AuthApi;", "setAuthApi", "(Lcom/movika/authorization/core/network/AuthApi;)V", "isTokenUpdating", "", "mutex", "", "tokenResponseToAuthDataConverter", "Lcom/movika/authorization/core/network/TokenResponseToAuthDataConverter;", "eraseAuthData", "", "handleAuthData", "Lokhttp3/Response;", "authData", "Lcom/movika/authorization/core/model/AuthData;", "basicAuth", "chain", "Lokhttp3/Interceptor$Chain;", "request", "Lokhttp3/Request;", "handleFailedQueryUpdateToken", "responseCode", "", "handleSuccessQueryUpdateToken", "tokenDto", "Lcom/movika/authorization/core/network/models/TokenDto;", "mainRequest", "intercept", "isNeedIntercept", "url", "Lokhttp3/HttpUrl;", "queryUpdateToken", "Lretrofit2/Response;", "removeScheme", "requireValidCertificate", "mainResponse", "Companion", "authorization_gmsMainAppRelease"}, k = 1, mv = {1, 6, 0}, xi = 48)
/* loaded from: classes4.dex */
public final class AuthInterceptor implements Interceptor {

    @NotNull
    private static final String AUTH_HEADER = "Authorization";

    @NotNull
    private static final String LOG_TAG = "AuthInterceptor";
    public AuthApi authApi;

    @NotNull
    private final AuthManager authManager;

    @NotNull
    private final CertificateValidator certificateValidator;

    @NotNull
    private final HeadersInjector headersInjector;
    private boolean isTokenUpdating;

    @NotNull
    private final Object mutex;

    @NotNull
    private final TokenResponseToAuthDataConverter tokenResponseToAuthDataConverter;

    @NotNull
    private final List<String> urlsToIntercept;

    @NotNull
    private static final int[] TOKEN_UPDATE_ERROR_CODES = {LogSeverity.WARNING_VALUE, 401, 403};

    public AuthInterceptor(@NotNull AuthManager authManager, @NotNull CertificateValidator certificateValidator, @NotNull HeadersInjector headersInjector, @NotNull List<String> urlsToIntercept) {
        Intrinsics.checkNotNullParameter(authManager, "authManager");
        Intrinsics.checkNotNullParameter(certificateValidator, "certificateValidator");
        Intrinsics.checkNotNullParameter(headersInjector, "headersInjector");
        Intrinsics.checkNotNullParameter(urlsToIntercept, "urlsToIntercept");
        this.authManager = authManager;
        this.certificateValidator = certificateValidator;
        this.headersInjector = headersInjector;
        this.urlsToIntercept = urlsToIntercept;
        this.tokenResponseToAuthDataConverter = new TokenResponseToAuthDataConverter();
        this.mutex = new Object();
    }

    private final void eraseAuthData() {
        this.authManager.eraseAuthData();
    }

    private final Response handleAuthData(AuthData authData, String basicAuth, Interceptor.Chain chain, Request request) {
        if (authData == null) {
            return chain.proceed(request);
        }
        retrofit2.Response<TokenDto> queryUpdateToken = queryUpdateToken(authData, basicAuth);
        if (queryUpdateToken.isSuccessful()) {
            request = handleSuccessQueryUpdateToken(queryUpdateToken.body(), request);
        } else {
            handleFailedQueryUpdateToken(queryUpdateToken.code(), authData);
        }
        Log.d(LOG_TAG, Intrinsics.stringPlus("proceed ", request.url()));
        return chain.proceed(request);
    }

    private final void handleFailedQueryUpdateToken(int responseCode, AuthData authData) {
        String stringPlus = Intrinsics.stringPlus("user_id = ", authData.getUserId());
        if (ArrayUtils.contains(TOKEN_UPDATE_ERROR_CODES, responseCode)) {
            stringPlus = (stringPlus + "accessToken = " + authData.getToken().getAccessToken()) + "refreshToken = " + authData.getToken().getRefreshToken();
            eraseAuthData();
        }
        CrashlyticsLogger.INSTANCE.logCrash(this, "intercept", "Can not refresh token, because code is " + responseCode + " additional info:" + stringPlus);
    }

    private final Request handleSuccessQueryUpdateToken(TokenDto tokenDto, Request mainRequest) {
        if (tokenDto == null) {
            return mainRequest;
        }
        this.authManager.saveAuthData(this.tokenResponseToAuthDataConverter.convert(tokenDto));
        return mainRequest.newBuilder().header("Authorization", Intrinsics.stringPlus("Bearer ", tokenDto.getToken())).method(mainRequest.method(), mainRequest.body()).build();
    }

    private final boolean isNeedIntercept(HttpUrl url) {
        boolean startsWith;
        String removeScheme = removeScheme(url.getUrl());
        List<String> list = this.urlsToIntercept;
        if (!(list instanceof Collection) || !list.isEmpty()) {
            Iterator<T> it = list.iterator();
            while (it.hasNext()) {
                startsWith = StringsKt__StringsJVMKt.startsWith(removeScheme, removeScheme((String) it.next()), true);
                if (startsWith) {
                    return true;
                }
            }
        }
        return false;
    }

    private final retrofit2.Response<TokenDto> queryUpdateToken(AuthData authData, String basicAuth) throws IOException {
        this.isTokenUpdating = true;
        retrofit2.Response<TokenDto> loginResponse = getAuthApi().updateToken(new UpdateTokenBody(authData.getToken().getRefreshToken()), basicAuth).execute();
        this.isTokenUpdating = false;
        Intrinsics.checkNotNullExpressionValue(loginResponse, "loginResponse");
        return loginResponse;
    }

    private final String removeScheme(String url) {
        String replace;
        String replace2;
        replace = StringsKt__StringsJVMKt.replace(url, "http://", "", true);
        replace2 = StringsKt__StringsJVMKt.replace(replace, "https://", "", true);
        return replace2;
    }

    private final void requireValidCertificate(Response mainResponse) throws IOException {
        if (Intrinsics.areEqual("release", "release")) {
            Handshake handshake = mainResponse.handshake();
            List<Certificate> peerCertificates = handshake == null ? null : handshake.peerCertificates();
            if (peerCertificates == null) {
                throw new IOException(new NullPointerException("No certificates"));
            }
            boolean z = true;
            if (!peerCertificates.isEmpty()) {
                Iterator<T> it = peerCertificates.iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    if (this.certificateValidator.validate((Certificate) it.next())) {
                        z = false;
                        break;
                    }
                }
            }
            if (z) {
                throw new IOException("Invalid certificate");
            }
        }
    }

    @NotNull
    public final AuthApi getAuthApi() {
        AuthApi authApi = this.authApi;
        if (authApi != null) {
            return authApi;
        }
        Intrinsics.throwUninitializedPropertyAccessException("authApi");
        return null;
    }

    @Override // okhttp3.Interceptor
    @NotNull
    public Response intercept(@NotNull Interceptor.Chain chain) throws IOException {
        boolean contains;
        Intrinsics.checkNotNullParameter(chain, "chain");
        if (!isNeedIntercept(chain.request().url())) {
            return chain.proceed(chain.request());
        }
        Request inject = this.headersInjector.inject(chain);
        String basicAuthHeaderValue = this.headersInjector.getBasicAuthHeaderValue();
        AuthData authData = this.authManager.getAuthData();
        if (authData != null && !this.isTokenUpdating) {
            inject = inject.newBuilder().header("Authorization", Intrinsics.stringPlus("Bearer ", authData.getToken().getAccessToken())).build();
        }
        Response proceed = chain.proceed(inject);
        requireValidCertificate(proceed);
        contains = ArraysKt___ArraysKt.contains(TOKEN_UPDATE_ERROR_CODES, proceed.code());
        if (contains) {
            if (this.isTokenUpdating) {
                eraseAuthData();
            }
            this.isTokenUpdating = false;
            synchronized (this.mutex) {
                Log.d("BaseInterceptor", Intrinsics.stringPlus("Try to refresh token by ", inject.url()));
                AuthData authData2 = this.authManager.getAuthData();
                proceed.close();
                proceed = handleAuthData(authData2, basicAuthHeaderValue, chain, inject);
                requireValidCertificate(proceed);
                Unit unit = Unit.INSTANCE;
            }
        } else {
            this.isTokenUpdating = false;
        }
        return proceed;
    }

    public final void setAuthApi(@NotNull AuthApi authApi) {
        Intrinsics.checkNotNullParameter(authApi, "<set-?>");
        this.authApi = authApi;
    }
}
