package org.openedx.app.data.networking;

import android.util.Log;
import com.google.gson.Gson;
import com.microsoft.identity.common.java.authscheme.TokenAuthenticationScheme;
import cz.msebera.android.httpclient.message.TokenParser;
import java.io.IOException;
import java.util.List;
import java.util.concurrent.TimeUnit;
import kotlin.Metadata;
import kotlin.collections.ArraysKt;
import kotlin.jvm.internal.Intrinsics;
import kotlin.text.Regex;
import kotlin.text.StringsKt;
import kotlinx.coroutines.BuildersKt__BuildersKt;
import okhttp3.Authenticator;
import okhttp3.Connection;
import okhttp3.Interceptor;
import okhttp3.MediaType;
import okhttp3.OkHttpClient;
import okhttp3.Protocol;
import okhttp3.Request;
import okhttp3.Response;
import okhttp3.ResponseBody;
import okhttp3.Route;
import okhttp3.logging.HttpLoggingInterceptor;
import org.json.JSONException;
import org.json.JSONObject;
import org.openedx.auth.data.api.AuthApi;
import org.openedx.auth.domain.model.AuthResponse;
import org.openedx.core.ApiConstants;
import org.openedx.core.BuildConfig;
import org.openedx.core.config.Config;
import org.openedx.core.data.storage.CorePreferences;
import org.openedx.core.system.notifier.app.AppNotifier;
import org.openedx.core.utils.TimeUtils;
import retrofit2.Retrofit;
import retrofit2.converter.gson.GsonConverterFactory;

/* compiled from: OauthRefreshTokenAuthenticator.kt */
@Metadata(d1 = {"\u0000h\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\t\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0004\n\u0002\u0010\u000e\n\u0002\b\u0003\n\u0002\u0010\u000b\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0004\n\u0002\u0018\u0002\n\u0002\b\u0002\b\u0007\u0018\u0000 (2\u00020\u00012\u00020\u0002:\u0001(B\u001f\u0012\u0006\u0010\u0003\u001a\u00020\u0004\u0012\u0006\u0010\u0005\u001a\u00020\u0006\u0012\u0006\u0010\u0007\u001a\u00020\b¢\u0006\u0004\b\t\u0010\nJ\u0010\u0010\u000f\u001a\u00020\u00102\u0006\u0010\u0011\u001a\u00020\u0012H\u0016J\u001c\u0010\u0013\u001a\u0004\u0018\u00010\u00142\b\u0010\u0015\u001a\u0004\u0018\u00010\u00162\u0006\u0010\u0017\u001a\u00020\u0010H\u0016J\n\u0010\u0018\u001a\u0004\u0018\u00010\u0014H\u0002J\"\u0010\u0019\u001a\u0004\u0018\u00010\u00142\u0006\u0010\u0017\u001a\u00020\u00102\u0006\u0010\u001a\u001a\u00020\u001b2\u0006\u0010\u001c\u001a\u00020\u001bH\u0002J\u001a\u0010\u001d\u001a\u0004\u0018\u00010\u00142\u0006\u0010\u0017\u001a\u00020\u00102\u0006\u0010\u001c\u001a\u00020\u001bH\u0002J\b\u0010\u001e\u001a\u00020\u001fH\u0002J\b\u0010 \u001a\u00020\u001fH\u0002J\u0012\u0010!\u001a\u0004\u0018\u00010\"2\u0006\u0010\u001a\u001a\u00020\u001bH\u0002J\u0012\u0010#\u001a\u0004\u0018\u00010\u001b2\u0006\u0010$\u001a\u00020\u001bH\u0002J\u0010\u0010%\u001a\u00020\u00102\u0006\u0010\u0011\u001a\u00020\u0012H\u0002J\b\u0010&\u001a\u00020'H\u0002R\u000e\u0010\u0003\u001a\u00020\u0004X\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\u0005\u001a\u00020\u0006X\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\u0007\u001a\u00020\bX\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\u000b\u001a\u00020\fX\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\r\u001a\u00020\u000eX\u0082\u000e¢\u0006\u0002\n\u0000¨\u0006)"}, d2 = {"Lorg/openedx/app/data/networking/OauthRefreshTokenAuthenticator;", "Lokhttp3/Authenticator;", "Lokhttp3/Interceptor;", "config", "Lorg/openedx/core/config/Config;", "preferencesManager", "Lorg/openedx/core/data/storage/CorePreferences;", "appNotifier", "Lorg/openedx/core/system/notifier/app/AppNotifier;", "<init>", "(Lorg/openedx/core/config/Config;Lorg/openedx/core/data/storage/CorePreferences;Lorg/openedx/core/system/notifier/app/AppNotifier;)V", "authApi", "Lorg/openedx/auth/data/api/AuthApi;", "lastTokenRefreshRequestTime", "", "intercept", "Lokhttp3/Response;", "chain", "Lokhttp3/Interceptor$Chain;", "authenticate", "Lokhttp3/Request;", "route", "Lokhttp3/Route;", "response", "handleDisabledUser", "handleTokenExpired", "refreshToken", "", "accessToken", "handleInvalidToken", "isTokenExpired", "", "canRequestTokenRefresh", "refreshAccessToken", "Lorg/openedx/auth/domain/model/AuthResponse;", "getErrorCode", "responseBody", "createUnauthorizedResponse", "getResponseBody", "Lokhttp3/ResponseBody;", "Companion", "app_prodDebug"}, k = 1, mv = {2, 0, 0}, xi = 48)
/* loaded from: classes24.dex */
public final class OauthRefreshTokenAuthenticator implements Authenticator, Interceptor {
    private static final String DISABLED_USER_ERROR_MESSAGE = "user_is_disabled";
    private static final String FIELD_DETAIL = "detail";
    private static final String FIELD_DEVELOPER_MESSAGE = "developer_message";
    private static final String FIELD_ERROR_CODE = "error_code";
    private static final String HEADER_AUTHORIZATION = "Authorization";
    private static final String JWT_DISABLED_USER_ERROR_MESSAGE = "User account is disabled.";
    private static final String JWT_INVALID_TOKEN = "Invalid token.";
    private static final String JWT_TOKEN_EXPIRED = "Token has expired.";
    private static final String JWT_USER_EMAIL_MISMATCH = "Failing JWT authentication due to jwt user email mismatch with lms user email.";
    private static final int REFRESH_TOKEN_EXPIRY_THRESHOLD = 60000;
    private static final int REFRESH_TOKEN_INTERVAL_MINIMUM = 60000;
    private static final long REFRESH_TOKEN_THREAD_SLEEP = 1500;
    private static final String TOKEN_EXPIRED_ERROR_MESSAGE = "token_expired";
    private static final String TOKEN_INVALID_GRANT_ERROR_MESSAGE = "invalid_grant";
    private static final String TOKEN_NONEXISTENT_ERROR_MESSAGE = "token_nonexistent";
    private final AppNotifier appNotifier;
    private final AuthApi authApi;
    private final Config config;
    private long lastTokenRefreshRequestTime;
    private final CorePreferences preferencesManager;
    public static final int $stable = 8;

    /* JADX WARN: Multi-variable type inference failed */
    public OauthRefreshTokenAuthenticator(Config config, CorePreferences preferencesManager, AppNotifier appNotifier) {
        Intrinsics.checkNotNullParameter(config, "config");
        Intrinsics.checkNotNullParameter(preferencesManager, "preferencesManager");
        Intrinsics.checkNotNullParameter(appNotifier, "appNotifier");
        this.config = config;
        this.preferencesManager = preferencesManager;
        this.appNotifier = appNotifier;
        OkHttpClient.Builder builder = new OkHttpClient.Builder();
        builder.writeTimeout(60L, TimeUnit.SECONDS);
        builder.readTimeout(60L, TimeUnit.SECONDS);
        if (BuildConfig.DEBUG) {
            builder.addNetworkInterceptor(new HttpLoggingInterceptor(null, 1, 0 == true ? 1 : 0).setLevel(HttpLoggingInterceptor.Level.BODY));
        }
        this.authApi = (AuthApi) new Retrofit.Builder().baseUrl(this.config.getApiHostURL()).client(builder.build()).addConverterFactory(GsonConverterFactory.create(new Gson())).build().create(AuthApi.class);
    }

    private final boolean canRequestTokenRefresh() {
        return TimeUtils.INSTANCE.getCurrentTime() - this.lastTokenRefreshRequestTime > 60000;
    }

    private final Response createUnauthorizedResponse(Interceptor.Chain chain) {
        return new Response.Builder().code(401).request(chain.request()).protocol(Protocol.HTTP_1_1).message("Unauthorized").headers(chain.request().headers()).body(getResponseBody()).build();
    }

    private final String getErrorCode(String responseBody) {
        String optString;
        String str = FIELD_DETAIL;
        String str2 = null;
        try {
            JSONObject jSONObject = new JSONObject(responseBody);
            if (jSONObject.has("error_code")) {
                str2 = jSONObject.getString("error_code");
            } else {
                if (StringsKt.equals(ApiConstants.TOKEN_TYPE_JWT, this.config.getAccessTokenType(), true)) {
                    if (!jSONObject.has(FIELD_DETAIL)) {
                        str = FIELD_DEVELOPER_MESSAGE;
                    }
                    str2 = jSONObject.getString(str);
                } else {
                    JSONObject optJSONObject = jSONObject.optJSONObject(FIELD_DEVELOPER_MESSAGE);
                    if (optJSONObject != null && (optString = optJSONObject.optString("error_code", "")) != null) {
                        if (optString.length() > 0) {
                            str2 = optString;
                        }
                    }
                }
            }
        } catch (JSONException e) {
            Log.d("OauthRefreshTokenAuthenticator", "Unable to get error_code from 401 response");
        }
        return str2;
    }

    private final ResponseBody getResponseBody() {
        JSONObject put = StringsKt.equals(ApiConstants.TOKEN_TYPE_JWT, this.config.getAccessTokenType(), true) ? new JSONObject().put(FIELD_DETAIL, JWT_TOKEN_EXPIRED) : new JSONObject().put("error_code", "token_expired");
        ResponseBody.Companion companion = ResponseBody.INSTANCE;
        String jSONObject = put.toString();
        Intrinsics.checkNotNullExpressionValue(jSONObject, "toString(...)");
        return companion.create(jSONObject, MediaType.INSTANCE.get("application/json"));
    }

    private final Request handleDisabledUser() {
        BuildersKt__BuildersKt.runBlocking$default(null, new OauthRefreshTokenAuthenticator$handleDisabledUser$1(this, null), 1, null);
        return null;
    }

    private final Request handleInvalidToken(Response response, String accessToken) {
        String[] strArr;
        String str = response.request().headers().get("Authorization");
        List<String> split = str != null ? new Regex(TokenAuthenticationScheme.SCHEME_DELIMITER).split(str, 0) : null;
        if (!Intrinsics.areEqual((split == null || (strArr = (String[]) split.toArray(new String[0])) == null) ? null : (String) ArraysKt.getOrNull(strArr, 1), accessToken)) {
            return response.request().newBuilder().header("Authorization", this.config.getAccessTokenType() + TokenParser.SP + accessToken).build();
        }
        BuildersKt__BuildersKt.runBlocking$default(null, new OauthRefreshTokenAuthenticator$handleInvalidToken$1(this, null), 1, null);
        return null;
    }

    private final Request handleTokenExpired(Response response, String refreshToken, String accessToken) {
        Request request = null;
        try {
            AuthResponse refreshAccessToken = refreshAccessToken(refreshToken);
            if (refreshAccessToken != null) {
                request = response.request().newBuilder().header("Authorization", this.config.getAccessTokenType() + TokenParser.SP + refreshAccessToken.getAccessToken()).build();
            } else {
                String accessToken2 = this.preferencesManager.getAccessToken();
                if (!Intrinsics.areEqual(accessToken2, accessToken)) {
                    request = response.request().newBuilder().header("Authorization", this.config.getAccessTokenType() + TokenParser.SP + accessToken2).build();
                }
            }
        } catch (Exception e) {
            e.printStackTrace();
        }
        return request;
    }

    private final boolean isTokenExpired() {
        return TimeUtils.INSTANCE.getCurrentTime() + ((long) 60000) >= this.preferencesManager.getAccessTokenExpiresAt();
    }

    private final AuthResponse refreshAccessToken(String refreshToken) throws IOException {
        AuthResponse authResponse = null;
        if (canRequestTokenRefresh()) {
            retrofit2.Response execute = AuthApi.DefaultImpls.refreshAccessToken$default(this.authApi, "refresh_token", this.config.getOAuthClientId(), refreshToken, this.config.getAccessTokenType(), false, 16, null).execute();
            org.openedx.auth.data.model.AuthResponse authResponse2 = (org.openedx.auth.data.model.AuthResponse) execute.body();
            authResponse = authResponse2 != null ? authResponse2.mapToDomain() : null;
            if (execute.isSuccessful() && authResponse != null) {
                String accessToken = authResponse.getAccessToken();
                if (accessToken == null) {
                    accessToken = "";
                }
                String refreshToken2 = authResponse.getRefreshToken();
                String str = refreshToken2 != null ? refreshToken2 : "";
                long tokenExpiryTime = authResponse.getTokenExpiryTime();
                if (accessToken.length() > 0) {
                    if (str.length() > 0) {
                        this.preferencesManager.setAccessToken(accessToken);
                        this.preferencesManager.setRefreshToken(str);
                        this.preferencesManager.setAccessTokenExpiresAt(tokenExpiryTime);
                        this.lastTokenRefreshRequestTime = TimeUtils.INSTANCE.getCurrentTime();
                    }
                }
            } else if (execute.code() == 400) {
                Thread.sleep(1500L);
            }
        }
        return authResponse;
    }

    /* JADX WARN: Can't fix incorrect switch cases order, some code will duplicate */
    @Override // okhttp3.Authenticator
    public synchronized Request authenticate(Route route, Response response) {
        Intrinsics.checkNotNullParameter(response, "response");
        String accessToken = this.preferencesManager.getAccessToken();
        String refreshToken = this.preferencesManager.getRefreshToken();
        Request request = null;
        if (refreshToken.length() == 0) {
            return null;
        }
        String errorCode = getErrorCode(response.peekBody(Long.MAX_VALUE).string());
        if (errorCode == null) {
            return null;
        }
        switch (errorCode.hashCode()) {
            case -2024308867:
                if (!errorCode.equals(DISABLED_USER_ERROR_MESSAGE)) {
                    break;
                }
                request = handleDisabledUser();
                break;
            case -1988341276:
                if (!errorCode.equals(JWT_DISABLED_USER_ERROR_MESSAGE)) {
                    break;
                }
                request = handleDisabledUser();
                break;
            case -1222642754:
                if (!errorCode.equals(JWT_INVALID_TOKEN)) {
                    break;
                }
                request = handleInvalidToken(response, accessToken);
                break;
            case -1200036585:
                if (!errorCode.equals(JWT_USER_EMAIL_MISMATCH)) {
                    break;
                }
                request = handleDisabledUser();
                break;
            case -847806252:
                if (!errorCode.equals("invalid_grant")) {
                    break;
                }
                request = handleInvalidToken(response, accessToken);
                break;
            case -102498593:
                if (!errorCode.equals("token_expired")) {
                    break;
                }
                request = handleTokenExpired(response, refreshToken, accessToken);
                break;
            case 1878550358:
                if (!errorCode.equals(JWT_TOKEN_EXPIRED)) {
                    break;
                }
                request = handleTokenExpired(response, refreshToken, accessToken);
                break;
            case 2057674523:
                if (!errorCode.equals(TOKEN_NONEXISTENT_ERROR_MESSAGE)) {
                    break;
                }
                request = handleInvalidToken(response, accessToken);
                break;
        }
        return request;
    }

    @Override // okhttp3.Interceptor
    public Response intercept(Interceptor.Chain chain) {
        Response proceed;
        Intrinsics.checkNotNullParameter(chain, "chain");
        if (!isTokenExpired()) {
            return chain.proceed(chain.request());
        }
        Response createUnauthorizedResponse = createUnauthorizedResponse(chain);
        Connection connection = chain.connection();
        Request authenticate = authenticate(connection != null ? connection.getRoute() : null, createUnauthorizedResponse);
        return (authenticate == null || (proceed = chain.proceed(authenticate)) == null) ? chain.proceed(chain.request()) : proceed;
    }
}
