package com.surfeasy.sdk.api;

import com.google.gson.Gson;
import com.google.gson.GsonBuilder;
import com.surfeasy.sdk.SdkStateNotifier;
import com.surfeasy.sdk.SurfEasyLog;
import com.surfeasy.sdk.api.interfaces.JwtProvider;
import com.surfeasy.sdk.api.models.Jwt;
import com.surfeasy.sdk.api.models.RenewBody;
import com.surfeasy.sdk.enums.LogoutReason;
import com.surfeasy.sdk.internal.Clock;
import com.symantec.mynorton.MyNorton;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.Reader;
import okhttp3.Headers;
import okhttp3.Interceptor;
import okhttp3.MediaType;
import okhttp3.OkHttpClient;
import okhttp3.Protocol;
import okhttp3.Request;
import okhttp3.Response;
import okhttp3.ResponseBody;

/* loaded from: classes2.dex */
public class AuthenticatingInterceptor implements Interceptor {
    private static final String AUTH_HEADER = "Authorization";
    static String FORCE_RENEW_HEADER = "X-Local-Force-Renew";
    private static final String JWT_PREFIX = "Bearer";
    static String LOCAL_RENEW_FAILURE_HEADER = "X-Local-Renew-Failure";
    private final ApiRequestBuilder apiRequestBuilder;
    private OkHttpClient client;
    private final Clock clock;
    private final Gson gson = new GsonBuilder().create();
    private final JwtParser jwtParser;
    private final JwtProvider jwtProvider;
    private final SdkStateNotifier sdkStateNotifier;

    public AuthenticatingInterceptor(JwtParser jwtParser, JwtProvider jwtProvider, ApiRequestBuilder apiRequestBuilder, SdkStateNotifier sdkStateNotifier, Clock clock) {
        this.jwtParser = jwtParser;
        this.jwtProvider = jwtProvider;
        this.apiRequestBuilder = apiRequestBuilder;
        this.sdkStateNotifier = sdkStateNotifier;
        this.clock = clock;
    }

    private boolean hasForceRenewHeader(Request request) {
        return request.header(FORCE_RENEW_HEADER) != null;
    }

    private boolean hasJwtHeader(Request request) {
        String header = request.header("Authorization");
        if (header == null) {
            return false;
        }
        return header.startsWith(JWT_PREFIX);
    }

    private Jwt performRenew(Jwt jwt) {
        if (jwt == null) {
            return null;
        }
        try {
            Response execute = this.client.newCall(this.apiRequestBuilder.buildRequest("post", ApiRequest.builder(new Endpoint(new ElysiumService(), "elysium/v1/renew", EndpointAuthType.UDID), Jwt.class).body(new RenewBody("refresh_token", jwt.refreshToken())).build())).execute();
            if (execute.isSuccessful()) {
                Jwt jwt2 = (Jwt) this.gson.fromJson((Reader) new InputStreamReader(execute.body().byteStream()), Jwt.class);
                return this.jwtParser.parse(jwt2.accessToken(), jwt2.refreshToken());
            }
            if (execute.code() == 401) {
                SurfEasyLog.SeLogger.e("Invalid Refresh token for JWT, unable to renew", new Object[0]);
                this.sdkStateNotifier.doLogout(LogoutReason.TOKEN_RENEWAL_FAILED);
            }
            return null;
        } catch (ApiException | IOException e) {
            SurfEasyLog.SeLogger.e("Unable to build request for JWT renewal: %s", e.toString());
            return null;
        }
    }

    private Request replaceJwtIfNeeded(Request request, Jwt jwt) {
        if (jwt == null) {
            return request;
        }
        String prefixedToken = jwt.prefixedToken();
        String header = request.header("Authorization");
        return (!header.startsWith(JWT_PREFIX) || prefixedToken == null || header.equals(prefixedToken)) ? request : request.newBuilder().header("Authorization", prefixedToken).build();
    }

    private boolean shouldRenewJwt(Jwt jwt) {
        if (jwt == null) {
            return false;
        }
        return this.clock.nowIsAfter(jwt.expiryDate());
    }

    @Override // okhttp3.Interceptor
    public Response intercept(Interceptor.Chain chain) throws IOException {
        Request replaceJwtIfNeeded;
        Request request = chain.request();
        if (hasJwtHeader(request) || hasForceRenewHeader(request)) {
            synchronized (this) {
                Jwt jwt = this.jwtProvider.jwt();
                if (!shouldRenewJwt(jwt) && !hasForceRenewHeader(request)) {
                    replaceJwtIfNeeded = replaceJwtIfNeeded(request, jwt);
                    request = replaceJwtIfNeeded;
                }
                Jwt performRenew = performRenew(jwt);
                if (performRenew == null) {
                    return new Response(request, Protocol.HTTP_1_1, "Unauthorized", MyNorton.ERROR_TOKEN_EXPIRED, null, Headers.of(LOCAL_RENEW_FAILURE_HEADER, "true"), ResponseBody.create("Token Renewal Failed", MediaType.get("text/plain")), null, null, null, this.clock.now(), this.clock.now(), null);
                }
                this.jwtProvider.updateJwt(performRenew);
                replaceJwtIfNeeded = replaceJwtIfNeeded(request, performRenew);
                request = replaceJwtIfNeeded;
            }
        }
        return chain.proceed(request);
    }

    public void setOkHttpClient(OkHttpClient okHttpClient) {
        this.client = okHttpClient;
    }
}
