package com.virginpulse.android.networkLibrary.authentication;

import a91.o;
import a91.q;
import android.util.Pair;
import android.webkit.CookieManager;
import com.google.gson.Gson;
import com.salesforce.marketingcloud.storage.db.k;
import com.virginpulse.android.networkLibrary.Session;
import com.virginpulse.android.networkLibrary.authentication.model.keycloak.KeyCloakLoginErrorResponse;
import com.virginpulse.android.networkLibrary.authentication.model.keycloak.KeyCloakLoginResponse;
import com.virginpulse.android.networkLibrary.exceptions.InternalServerException;
import com.virginpulse.android.networkLibrary.exceptions.LogoutException;
import com.virginpulse.android.networkLibrary.g;
import com.virginpulse.android.networkLibrary.j;
import io.reactivex.rxjava3.internal.operators.completable.CompletableSubscribeOn;
import io.reactivex.rxjava3.internal.operators.single.SingleFlatMap;
import io.reactivex.rxjava3.internal.operators.single.SingleFlatMapCompletable;
import java.util.List;
import java.util.concurrent.locks.ReentrantReadWriteLock;
import kotlin.jvm.internal.Intrinsics;
import kotlin.jvm.internal.Ref;
import kotlin.jvm.internal.StringCompanionObject;
import okhttp3.Cookie;
import okhttp3.Headers;
import okhttp3.HttpUrl;
import okhttp3.Request;
import okhttp3.ResponseBody;
import retrofit2.Response;
import z81.d0;
import z81.z;

/* compiled from: AuthenticationKeyCloak.kt */
/* loaded from: classes3.dex */
public final class c {
    private final g api;
    private final j apiListener;
    private final ReentrantReadWriteLock authenticationLock;
    private final Session session;
    private String wolverineCookie;

    /* compiled from: AuthenticationKeyCloak.kt */
    /* loaded from: classes3.dex */
    public static final class a<T, R> implements o {
        final /* synthetic */ Ref.ObjectRef<String> $apiUrl;
        final /* synthetic */ Ref.ObjectRef<String> $loginApiUrl;

        public a(Ref.ObjectRef<String> objectRef, Ref.ObjectRef<String> objectRef2) {
            this.$loginApiUrl = objectRef;
            this.$apiUrl = objectRef2;
        }

        @Override // a91.o
        public final z81.e apply(Pair<String, String> keycloak) {
            Intrinsics.checkNotNullParameter(keycloak, "keycloak");
            CookieManager cookieManager = CookieManager.getInstance();
            cookieManager.removeAllCookies(null);
            String str = (String) keycloak.first;
            String str2 = (String) keycloak.second;
            Intrinsics.checkNotNull(str);
            if (str.length() > 0) {
                Intrinsics.checkNotNull(str2);
                if (str2.length() > 0) {
                    String str3 = this.$loginApiUrl.element;
                    StringCompanionObject stringCompanionObject = StringCompanionObject.INSTANCE;
                    cookieManager.setCookie(str3, b0.a.a(new Object[]{"KEYCLOAK_SESSION", str}, 2, "%1$s=%2$s;", "format(...)"));
                    cookieManager.setCookie(this.$loginApiUrl.element, b0.a.a(new Object[]{"KEYCLOAK_IDENTITY", str2}, 2, "%1$s=%2$s;", "format(...)"));
                    cookieManager.setCookie(".virginpulse.com", "authentication_provider=keycloak;");
                    cookieManager.setCookie(this.$apiUrl.element, b0.a.a(new Object[]{"pwd_exp_warn", "false"}, 2, "%1$s=%2$s;", "format(...)"));
                }
            }
            id.a aVar = id.a.INSTANCE;
            Intrinsics.checkNotNull(cookieManager);
            aVar.addCastleWebViewCookie(cookieManager);
            cookieManager.flush();
            return io.reactivex.rxjava3.internal.operators.completable.b.f63733d;
        }
    }

    /* compiled from: AuthenticationKeyCloak.kt */
    /* loaded from: classes3.dex */
    public static final class b<T, R> implements o {
        final /* synthetic */ Ref.ObjectRef<String> $loginApiUrl;

        public b(Ref.ObjectRef<String> objectRef) {
            this.$loginApiUrl = objectRef;
        }

        @Override // a91.o
        public final d0<? extends Pair<String, String>> apply(Response<ResponseBody> response) {
            Intrinsics.checkNotNullParameter(response, "response");
            HttpUrl parse = HttpUrl.INSTANCE.parse(this.$loginApiUrl.element);
            String str = "";
            if (parse == null) {
                return z.h(new Pair("", ""));
            }
            Headers headers = response.headers();
            Cookie.Companion companion = Cookie.INSTANCE;
            Intrinsics.checkNotNull(headers);
            List<Cookie> parseAll = companion.parseAll(parse, headers);
            if (parseAll.isEmpty()) {
                return z.h(new Pair("", ""));
            }
            String str2 = "";
            for (Cookie cookie : parseAll) {
                if (Intrinsics.areEqual("KEYCLOAK_SESSION", cookie.name())) {
                    str = cookie.value();
                }
                if (Intrinsics.areEqual("KEYCLOAK_IDENTITY", cookie.name())) {
                    str2 = cookie.value();
                }
            }
            return z.h(new Pair(str, str2));
        }
    }

    public c(g api, j apiListener, Session session) {
        Intrinsics.checkNotNullParameter(api, "api");
        Intrinsics.checkNotNullParameter(apiListener, "apiListener");
        Intrinsics.checkNotNullParameter(session, "session");
        this.api = api;
        this.apiListener = apiListener;
        this.session = session;
        this.authenticationLock = new ReentrantReadWriteLock();
    }

    private final void checkColdStartSecurityLogout(boolean z12, String str) throws LogoutException {
        boolean coldStartLogoutFromAccessToken = ld.a.INSTANCE.getColdStartLogoutFromAccessToken(str);
        if (z12 && coldStartLogoutFromAccessToken) {
            revokeAuthTokens();
            throw new LogoutException(AuthResult.COLD_START_SECURITY_LOGOUT, -1, "Cold start security logout");
        }
    }

    private final AuthToken getAuthToken() throws LogoutException, InternalServerException {
        this.authenticationLock.readLock().lock();
        AuthToken authToken = this.session.getAuthToken();
        this.authenticationLock.readLock().unlock();
        if (authToken == null) {
            return null;
        }
        if (!com.virginpulse.android.networkLibrary.authentication.a.INSTANCE.isExpired(authToken)) {
            return authToken;
        }
        if (refreshToken(authToken.getAccessToken(), false) == AuthResult.SUCCESSFUL) {
            return this.session.getAuthToken();
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static final z81.e notifySessionChanges$lambda$0(c this$0) {
        Intrinsics.checkNotNullParameter(this$0, "this$0");
        this$0.apiListener.onSessionUpdate(this$0.session);
        return io.reactivex.rxjava3.internal.operators.completable.b.f63733d;
    }

    private final void shouldNotifySessionChanges(AuthToken authToken, AuthToken authToken2) {
        if (Intrinsics.areEqual(authToken.getRefreshToken(), authToken2.getRefreshToken()) && Intrinsics.areEqual(authToken.getTokenType(), authToken2.getTokenType())) {
            return;
        }
        notifySessionChanges();
    }

    public final Request addAuthentication(Request originalRequest) throws LogoutException, InternalServerException {
        Intrinsics.checkNotNullParameter(originalRequest, "originalRequest");
        AuthToken authToken = getAuthToken();
        if (authToken == null) {
            return null;
        }
        Request.Builder newBuilder = originalRequest.newBuilder();
        StringCompanionObject stringCompanionObject = StringCompanionObject.INSTANCE;
        Request build = newBuilder.header("Authorization", b0.a.a(new Object[]{authToken.getTokenType(), authToken.getAccessToken()}, 2, "%1$s %2$s", "format(...)")).build();
        String str = this.wolverineCookie;
        if (str != null && str.length() > 0) {
            Cookie.Builder builder = new Cookie.Builder();
            builder.name("SessionID");
            builder.value(str);
            builder.hostOnlyDomain("virginpulse.com");
            builder.httpOnly();
            builder.secure();
            md.c.INSTANCE.addCookie(build, builder.build());
        }
        return build;
    }

    /* JADX WARN: Type inference failed for: r1v3, types: [T, java.lang.String] */
    /* JADX WARN: Type inference failed for: r2v0, types: [T, java.lang.String] */
    /* JADX WARN: Type inference failed for: r3v0, types: [T, java.lang.String] */
    /* JADX WARN: Type inference failed for: r4v2, types: [T, java.lang.String] */
    public final z81.a authenticateWebView() {
        Ref.ObjectRef objectRef = new Ref.ObjectRef();
        md.b bVar = md.b.INSTANCE;
        objectRef.element = bVar.getIAMApiUrl();
        Ref.ObjectRef objectRef2 = new Ref.ObjectRef();
        objectRef2.element = bVar.getGenesisApiUrl();
        String activeRealm = g.Companion.getActiveRealm();
        if (Intrinsics.areEqual(activeRealm, k.a.f15255b)) {
            objectRef.element = bVar.getPHLoginApiUrl();
            objectRef2.element = bVar.getPHApiUrl();
        }
        z<Response<ResponseBody>> session = this.api.getIAMService().getSession(activeRealm);
        b bVar2 = new b(objectRef);
        session.getClass();
        SingleFlatMap singleFlatMap = new SingleFlatMap(session, bVar2);
        Intrinsics.checkNotNullExpressionValue(singleFlatMap, "flatMap(...)");
        CompletableSubscribeOn s12 = new SingleFlatMapCompletable(singleFlatMap.n(io.reactivex.rxjava3.schedulers.a.f64864c), new a(objectRef, objectRef2)).s(y81.b.a());
        Intrinsics.checkNotNullExpressionValue(s12, "subscribeOn(...)");
        return s12;
    }

    public final String getAccessToken() {
        AuthToken authToken = this.session.getAuthToken();
        if (authToken != null) {
            return authToken.getAccessToken();
        }
        return null;
    }

    public final void handleResponseNotSuccessful(Response<KeyCloakLoginResponse> response) throws LogoutException, InternalServerException {
        String errorDescription;
        Intrinsics.checkNotNullParameter(response, "response");
        ResponseBody errorBody = response.errorBody();
        int code = response.code();
        String str = "";
        if (errorBody != null) {
            if (code == 403) {
                AuthResult parseCloudflareErrorResponse = d.INSTANCE.parseCloudflareErrorResponse(response.raw(), errorBody.getBodySource());
                AuthResult authResult = AuthResult.EMULATION_BOT_ERROR;
                if (parseCloudflareErrorResponse == authResult) {
                    throw new LogoutException(authResult, Integer.valueOf(code), null);
                }
            }
            KeyCloakLoginErrorResponse keyCloakLoginErrorResponse = (KeyCloakLoginErrorResponse) new Gson().d(errorBody.charStream(), KeyCloakLoginErrorResponse.class);
            if (keyCloakLoginErrorResponse != null && (errorDescription = keyCloakLoginErrorResponse.getErrorDescription()) != null) {
                str = errorDescription;
            }
        }
        AuthResult parseKeyCloakResponse = d.INSTANCE.parseKeyCloakResponse(Integer.valueOf(code), str);
        if (parseKeyCloakResponse == AuthResult.INTERNAL_SERVER_ERROR) {
            throw new InternalServerException(parseKeyCloakResponse);
        }
        revokeAuthTokens();
        throw new LogoutException(parseKeyCloakResponse, Integer.valueOf(code), str);
    }

    public final void notifySessionChanges() {
        new io.reactivex.rxjava3.internal.operators.completable.a(new q() { // from class: com.virginpulse.android.networkLibrary.authentication.b
            @Override // a91.q
            public final Object get() {
                z81.e notifySessionChanges$lambda$0;
                notifySessionChanges$lambda$0 = c.notifySessionChanges$lambda$0(c.this);
                return notifySessionChanges$lambda$0;
            }
        }).s(y81.b.a()).p();
    }

    /* JADX WARN: Multi-variable type inference failed */
    public final synchronized AuthResult refreshToken(String oldAccessToken, boolean z12) throws LogoutException, InternalServerException {
        Intrinsics.checkNotNullParameter(oldAccessToken, "oldAccessToken");
        this.authenticationLock.writeLock().lock();
        try {
            AuthToken authToken = this.session.getAuthToken();
            if (authToken == null) {
                return AuthResult.KEY_CLOAK_REFRESHING_TOKEN_WITHOUT_TOKEN;
            }
            if (!Intrinsics.areEqual(authToken.getAccessToken(), oldAccessToken)) {
                return AuthResult.SUCCESSFUL;
            }
            try {
                T c12 = this.api.reloginKeyCloak(authToken.getRefreshToken()).n(io.reactivex.rxjava3.schedulers.a.f64864c).c();
                Intrinsics.checkNotNullExpressionValue(c12, "blockingGet(...)");
                Response<KeyCloakLoginResponse> response = (Response) c12;
                if (!response.isSuccessful()) {
                    handleResponseNotSuccessful(response);
                }
                KeyCloakLoginResponse body = response.body();
                if (body == null) {
                    return AuthResult.API_ERROR_KEY_CLOAK;
                }
                String accessToken = body.getAccessToken();
                if (accessToken == null) {
                    return AuthResult.API_ERROR_KEY_CLOAK;
                }
                checkColdStartSecurityLogout(z12, accessToken);
                String refreshToken = body.getRefreshToken();
                if (refreshToken == null) {
                    return AuthResult.API_ERROR_KEY_CLOAK;
                }
                String tokenType = body.getTokenType();
                if (tokenType == null) {
                    return AuthResult.API_ERROR_KEY_CLOAK;
                }
                Long expiresIn = body.getExpiresIn();
                if (expiresIn == null) {
                    return AuthResult.API_ERROR_KEY_CLOAK;
                }
                AuthToken authToken2 = new AuthToken(accessToken, refreshToken, tokenType, expiresIn.longValue(), System.currentTimeMillis() / 1000);
                this.session.setAuthToken(authToken2);
                Session session = this.session;
                ld.a aVar = ld.a.INSTANCE;
                session.setSponsorRegion(aVar.getSponsorRegionFromAccessToken(accessToken));
                this.session.setPersonId(aVar.getPersonIdFromAccessToken(accessToken));
                this.session.setProfileId(aVar.getProfileIdFromAccessToken(accessToken));
                shouldNotifySessionChanges(authToken, authToken2);
                return AuthResult.SUCCESSFUL;
            } catch (RuntimeException e12) {
                int i12 = uc.g.f79536a;
                uc.g.f(vc.a.a(this), e12.getLocalizedMessage(), new Object());
                return AuthResult.NETWORK_ERROR_KEY_CLOAK;
            }
        } finally {
            this.authenticationLock.writeLock().unlock();
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    public final boolean revokeAuthTokens() {
        AuthToken authToken = this.session.getAuthToken();
        if (authToken == null) {
            return false;
        }
        this.session.setAuthToken(null);
        try {
            return ((Response) this.api.revokeKeyCloak(authToken.getRefreshToken()).n(io.reactivex.rxjava3.schedulers.a.f64864c).c()).isSuccessful();
        } catch (Exception e12) {
            int i12 = uc.g.f79536a;
            uc.g.f(vc.a.a(this), e12.getLocalizedMessage(), new Object());
            return false;
        }
    }
}
