package axis.android.sdk.client.base.network;

import axis.android.sdk.client.account.SessionManager;
import axis.android.sdk.client.account.auth.AccessTokenScope;
import axis.android.sdk.client.account.auth.AccessTokenType;
import axis.android.sdk.client.base.network.error.ErrorCodeAuthorization;
import axis.android.sdk.client.base.network.util.NetworkUtils;
import axis.android.sdk.common.log.AxisLogger;
import axis.android.sdk.common.util.StringUtils;
import axis.android.sdk.service.api.AuthorizationApi;
import axis.android.sdk.service.model.AccessToken;
import axis.android.sdk.service.model.ServiceError;
import axis.android.sdk.service.model.TokenRefreshRequest;
import com.google.gson.Gson;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.util.Arrays;
import java.util.List;
import okhttp3.Interceptor;
import okhttp3.Request;
import okhttp3.Response;
import okhttp3.ResponseBody;
import org.json.JSONException;

/* loaded from: classes3.dex */
public class AuthInterceptor implements Interceptor {
    private static final String HEADER_KEY_SCOPE = "scope";
    private static final String HEADER_KEY_TYPE = "type";
    private static final String PREFERRED_SCOPE = AccessTokenScope.CATALOG.getTemplateValue();
    private static final String TAG = "AuthInterceptor";
    private final ApiHandler apiHandler;
    private final SessionManager sessionManager;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes3.dex */
    public class RefreshResponse {
        AccessToken accessToken;
        Throwable exception;
        Response httpResponse;
        ServiceError serviceError;

        private RefreshResponse() {
        }
    }

    public AuthInterceptor(SessionManager sessionManager, ApiHandler apiHandler) {
        this.sessionManager = sessionManager;
        this.apiHandler = apiHandler;
    }

    private void addToken(AccessToken accessToken) {
        try {
            this.sessionManager.addToken(accessToken);
        } catch (UnsupportedEncodingException | JSONException e) {
            AxisLogger.instance().e(TAG, "Could not add access token to session manager : abort request ->", e);
        }
    }

    private RefreshResponse getRefreshResponse(TokenRefreshRequest tokenRefreshRequest) {
        RefreshResponse refreshResponse = new RefreshResponse();
        try {
            retrofit2.Response<AccessToken> blockingFirst = ((AuthorizationApi) this.apiHandler.createService(AuthorizationApi.class)).refreshToken(tokenRefreshRequest, ApiConstants.featuredFlags, this.sessionManager.getLanguageCode()).blockingFirst();
            if (blockingFirst.body() != null) {
                addToken(blockingFirst.body());
                refreshResponse.accessToken = blockingFirst.body();
            } else if (blockingFirst.errorBody() != null) {
                refreshResponse.serviceError = NetworkUtils.getServiceErrorWithResponse(blockingFirst.errorBody().string());
            }
            refreshResponse.httpResponse = blockingFirst.raw();
        } catch (Exception e) {
            refreshResponse.exception = e;
        }
        return refreshResponse;
    }

    private Response handleAuthenticatedRequest(Interceptor.Chain chain, Request request, Request.Builder builder, String str, String str2) throws IOException {
        String[] split = str2.split("\\s+");
        List asList = Arrays.asList(split);
        String str3 = PREFERRED_SCOPE;
        boolean z = false;
        if (!asList.contains(str3)) {
            str3 = split[0];
        }
        AccessToken accessToken = StringUtils.isEqual(str, "accountAuth") ? this.sessionManager.getAccessToken(AccessTokenType.USER_ACCOUNT.toString(), str3) : StringUtils.isEqual(str, "profileAuth") ? this.sessionManager.getAccessToken(AccessTokenType.USER_PROFILE.toString(), str3) : null;
        if (accessToken != null) {
            builder.header("Authorization", "Bearer " + accessToken.getValue());
        } else {
            AxisLogger.instance().w(TAG, "API request failed : access token is null");
        }
        builder.method(request.method(), request.body());
        Response proceed = chain.proceed(builder.build());
        String responseBody = NetworkUtils.getResponseBody(proceed.body());
        if (isBadResponse(proceed) && accessToken != null && accessToken.getRefreshable().booleanValue() && isServiceErrorCode(NetworkUtils.getServiceErrorCode(responseBody))) {
            z = true;
        }
        return z ? refreshToken(chain, builder, accessToken, proceed) : proceed;
    }

    private boolean isBadResponse(Response response) {
        return response.code() == HttpResponseCode.FORBIDDEN.getValue() || response.code() == HttpResponseCode.INVALID_ACCESS_TOKEN.getValue();
    }

    private boolean isServiceErrorCode(int i) {
        return i == ErrorCodeAuthorization.ACCESS_TOKEN_EXPIRED.getValue() || i == ErrorCodeAuthorization.UNKNOWN.getValue();
    }

    private Response refreshToken(Interceptor.Chain chain, Request.Builder builder, AccessToken accessToken, Response response) throws IOException {
        TokenRefreshRequest tokenRefreshRequest = new TokenRefreshRequest();
        tokenRefreshRequest.setToken(accessToken.getValue());
        RefreshResponse refreshResponse = getRefreshResponse(tokenRefreshRequest);
        if (refreshResponse.accessToken != null) {
            builder.header("Authorization", "Bearer " + refreshResponse.accessToken.getValue());
            return chain.proceed(builder.build());
        }
        if (refreshResponse.serviceError == null) {
            throw new RuntimeException(refreshResponse.exception);
        }
        return response.newBuilder().code(refreshResponse.httpResponse.code()).body(ResponseBody.create(response.body().get$contentType(), new Gson().toJson(refreshResponse.serviceError))).cacheResponse(refreshResponse.httpResponse.cacheResponse()).networkResponse(refreshResponse.httpResponse.networkResponse()).priorResponse(refreshResponse.httpResponse.priorResponse()).headers(refreshResponse.httpResponse.headers()).request(refreshResponse.httpResponse.request()).build();
    }

    @Override // okhttp3.Interceptor
    public Response intercept(Interceptor.Chain chain) throws IOException {
        Request request = chain.request();
        String header = request.header("type");
        String header2 = request.header("scope");
        Request.Builder removeHeader = request.newBuilder().removeHeader("type").removeHeader("scope");
        return (StringUtils.isNull(header) || StringUtils.isNull(header2)) ? chain.proceed(removeHeader.build()) : handleAuthenticatedRequest(chain, request, removeHeader, header, header2);
    }
}
