package com.virginpulse.android.networkLibrary.authentication;

import android.util.Pair;
import android.webkit.CookieManager;
import com.brightcove.player.event.EventType;
import com.google.gson.Gson;
import com.virginpulse.android.networkLibrary.Session;
import com.virginpulse.android.networkLibrary.authentication.model.keycloak.KeyCloakLoginErrorResponse;
import com.virginpulse.android.networkLibrary.authentication.model.keycloak.KeyCloakLoginResponse;
import com.virginpulse.android.networkLibrary.authentication.service.IAMService;
import com.virginpulse.android.networkLibrary.exceptions.InternalServerException;
import com.virginpulse.android.networkLibrary.exceptions.LogoutException;
import com.virginpulse.android.networkLibrary.g;
import com.virginpulse.android.networkLibrary.j;
import io.reactivex.rxjava3.internal.operators.completable.CompletableSubscribeOn;
import io.reactivex.rxjava3.internal.operators.single.SingleFlatMap;
import java.util.List;
import java.util.concurrent.locks.ReentrantReadWriteLock;
import kotlin.Metadata;
import kotlin.jvm.internal.Intrinsics;
import kotlin.jvm.internal.Ref;
import kotlin.jvm.internal.StringCompanionObject;
import okhttp3.Cookie;
import okhttp3.Headers;
import okhttp3.HttpUrl;
import okhttp3.Request;
import okhttp3.ResponseBody;
import retrofit2.Response;
import x61.d0;
import x61.z;
import y61.o;
import y61.q;
import zc.h;

/* compiled from: AuthenticationKeyCloak.kt */
@Metadata(d1 = {"\u0000d\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0010\u000b\n\u0000\n\u0002\u0010\u000e\n\u0000\n\u0002\u0010\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\b\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\b\u0004\n\u0002\u0018\u0002\n\u0002\b\u0004\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0002\b\t\n\u0002\u0018\u0002\n\u0002\b\u0003\u0018\u00002\u00020\u0001B\u001f\u0012\u0006\u0010\u0003\u001a\u00020\u0002\u0012\u0006\u0010\u0005\u001a\u00020\u0004\u0012\u0006\u0010\u0007\u001a\u00020\u0006¢\u0006\u0004\b\b\u0010\tJ\u001f\u0010\u000f\u001a\u00020\u000e2\u0006\u0010\u000b\u001a\u00020\n2\u0006\u0010\r\u001a\u00020\fH\u0002¢\u0006\u0004\b\u000f\u0010\u0010J\u001f\u0010\u0014\u001a\u00020\u000e2\u0006\u0010\u0012\u001a\u00020\u00112\u0006\u0010\u0013\u001a\u00020\u0011H\u0002¢\u0006\u0004\b\u0014\u0010\u0015J\u0011\u0010\u0016\u001a\u0004\u0018\u00010\u0011H\u0002¢\u0006\u0004\b\u0016\u0010\u0017J\u000f\u0010\u0018\u001a\u0004\u0018\u00010\f¢\u0006\u0004\b\u0018\u0010\u0019J\u001b\u0010\u001d\u001a\u00020\u000e2\f\u0010\u001c\u001a\b\u0012\u0004\u0012\u00020\u001b0\u001a¢\u0006\u0004\b\u001d\u0010\u001eJ\u001d\u0010!\u001a\u00020 2\u0006\u0010\u001f\u001a\u00020\f2\u0006\u0010\u000b\u001a\u00020\n¢\u0006\u0004\b!\u0010\"J\r\u0010#\u001a\u00020\u000e¢\u0006\u0004\b#\u0010$J\u0017\u0010'\u001a\u0004\u0018\u00010%2\u0006\u0010&\u001a\u00020%¢\u0006\u0004\b'\u0010(J\r\u0010*\u001a\u00020)¢\u0006\u0004\b*\u0010+J\r\u0010,\u001a\u00020\n¢\u0006\u0004\b,\u0010-R\u0014\u0010\u0003\u001a\u00020\u00028\u0002X\u0082\u0004¢\u0006\u0006\n\u0004\b\u0003\u0010.R\u0014\u0010\u0005\u001a\u00020\u00048\u0002X\u0082\u0004¢\u0006\u0006\n\u0004\b\u0005\u0010/R\u0014\u0010\u0007\u001a\u00020\u00068\u0002X\u0082\u0004¢\u0006\u0006\n\u0004\b\u0007\u00100R\u0018\u00101\u001a\u0004\u0018\u00010\f8\u0002@\u0002X\u0082\u000e¢\u0006\u0006\n\u0004\b1\u00102R\u0014\u00104\u001a\u0002038\u0002X\u0082\u0004¢\u0006\u0006\n\u0004\b4\u00105¨\u00066"}, d2 = {"Lcom/virginpulse/android/networkLibrary/authentication/c;", "", "Lcom/virginpulse/android/networkLibrary/g;", "api", "Lcom/virginpulse/android/networkLibrary/j;", "apiListener", "Lcom/virginpulse/android/networkLibrary/Session;", "session", "<init>", "(Lcom/virginpulse/android/networkLibrary/g;Lcom/virginpulse/android/networkLibrary/j;Lcom/virginpulse/android/networkLibrary/Session;)V", "", "coldStart", "", "accessToken", "", "checkColdStartSecurityLogout", "(ZLjava/lang/String;)V", "Lcom/virginpulse/android/networkLibrary/authentication/AuthToken;", "oldAuthToken", "newAuthToken", "shouldNotifySessionChanges", "(Lcom/virginpulse/android/networkLibrary/authentication/AuthToken;Lcom/virginpulse/android/networkLibrary/authentication/AuthToken;)V", "getAuthToken", "()Lcom/virginpulse/android/networkLibrary/authentication/AuthToken;", "getAccessToken", "()Ljava/lang/String;", "Lretrofit2/Response;", "Lcom/virginpulse/android/networkLibrary/authentication/model/keycloak/KeyCloakLoginResponse;", EventType.RESPONSE, "handleResponseNotSuccessful", "(Lretrofit2/Response;)V", "oldAccessToken", "Lcom/virginpulse/android/networkLibrary/authentication/AuthResult;", "refreshToken", "(Ljava/lang/String;Z)Lcom/virginpulse/android/networkLibrary/authentication/AuthResult;", "notifySessionChanges", "()V", "Lokhttp3/Request;", "originalRequest", "addAuthentication", "(Lokhttp3/Request;)Lokhttp3/Request;", "Lx61/a;", "authenticateWebView", "()Lx61/a;", "revokeAuthTokens", "()Z", "Lcom/virginpulse/android/networkLibrary/g;", "Lcom/virginpulse/android/networkLibrary/j;", "Lcom/virginpulse/android/networkLibrary/Session;", "wolverineCookie", "Ljava/lang/String;", "Ljava/util/concurrent/locks/ReentrantReadWriteLock;", "authenticationLock", "Ljava/util/concurrent/locks/ReentrantReadWriteLock;", "network-library_release"}, k = 1, mv = {2, 0, 0}, xi = 48)
/* loaded from: classes3.dex */
public final class c {
    private final g api;
    private final j apiListener;
    private final ReentrantReadWriteLock authenticationLock;
    private final Session session;
    private String wolverineCookie;

    /* compiled from: AuthenticationKeyCloak.kt */
    @Metadata(k = 3, mv = {2, 0, 0}, xi = 48)
    /* loaded from: classes3.dex */
    public static final class a<T, R> implements o {
        final /* synthetic */ Ref.ObjectRef<String> $apiUrl;
        final /* synthetic */ Ref.ObjectRef<String> $loginApiUrl;

        public a(Ref.ObjectRef<String> objectRef, Ref.ObjectRef<String> objectRef2) {
            this.$loginApiUrl = objectRef;
            this.$apiUrl = objectRef2;
        }

        @Override // y61.o
        public final x61.e apply(Pair<String, String> keycloak) {
            Intrinsics.checkNotNullParameter(keycloak, "keycloak");
            CookieManager cookieManager = CookieManager.getInstance();
            cookieManager.removeAllCookies(null);
            String str = (String) keycloak.first;
            String str2 = (String) keycloak.second;
            Intrinsics.checkNotNull(str);
            if (str.length() > 0) {
                Intrinsics.checkNotNull(str2);
                if (str2.length() > 0) {
                    String str3 = this.$loginApiUrl.element;
                    StringCompanionObject stringCompanionObject = StringCompanionObject.INSTANCE;
                    cookieManager.setCookie(str3, g0.a.a(new Object[]{"KEYCLOAK_SESSION", str}, 2, "%1$s=%2$s;", "format(...)"));
                    cookieManager.setCookie(this.$loginApiUrl.element, g0.a.a(new Object[]{"KEYCLOAK_IDENTITY", str2}, 2, "%1$s=%2$s;", "format(...)"));
                    cookieManager.setCookie(".virginpulse.com", "authentication_provider=keycloak;");
                    cookieManager.setCookie(this.$apiUrl.element, g0.a.a(new Object[]{"pwd_exp_warn", "false"}, 2, "%1$s=%2$s;", "format(...)"));
                }
            }
            nd.a aVar = nd.a.INSTANCE;
            Intrinsics.checkNotNull(cookieManager);
            aVar.addCastleWebViewCookie(cookieManager);
            cookieManager.flush();
            return io.reactivex.rxjava3.internal.operators.completable.b.d;
        }
    }

    /* compiled from: AuthenticationKeyCloak.kt */
    @Metadata(k = 3, mv = {2, 0, 0}, xi = 48)
    /* loaded from: classes3.dex */
    public static final class b<T, R> implements o {
        final /* synthetic */ Ref.ObjectRef<String> $loginApiUrl;

        public b(Ref.ObjectRef<String> objectRef) {
            this.$loginApiUrl = objectRef;
        }

        @Override // y61.o
        public final d0<? extends Pair<String, String>> apply(Response<ResponseBody> response) {
            Intrinsics.checkNotNullParameter(response, "response");
            HttpUrl parse = HttpUrl.INSTANCE.parse(this.$loginApiUrl.element);
            String str = "";
            if (parse == null) {
                return z.i(new Pair("", ""));
            }
            Headers headers = response.headers();
            Cookie.Companion companion = Cookie.INSTANCE;
            Intrinsics.checkNotNull(headers);
            List<Cookie> parseAll = companion.parseAll(parse, headers);
            if (parseAll.isEmpty()) {
                return z.i(new Pair("", ""));
            }
            String str2 = "";
            for (Cookie cookie : parseAll) {
                if (Intrinsics.areEqual("KEYCLOAK_SESSION", cookie.name())) {
                    str = cookie.value();
                }
                if (Intrinsics.areEqual("KEYCLOAK_IDENTITY", cookie.name())) {
                    str2 = cookie.value();
                }
            }
            return z.i(new Pair(str, str2));
        }
    }

    public c(g api, j apiListener, Session session) {
        Intrinsics.checkNotNullParameter(api, "api");
        Intrinsics.checkNotNullParameter(apiListener, "apiListener");
        Intrinsics.checkNotNullParameter(session, "session");
        this.api = api;
        this.apiListener = apiListener;
        this.session = session;
        this.authenticationLock = new ReentrantReadWriteLock();
    }

    private final void checkColdStartSecurityLogout(boolean coldStart, String accessToken) throws LogoutException {
        boolean coldStartLogoutFromAccessToken = qd.a.INSTANCE.getColdStartLogoutFromAccessToken(accessToken);
        if (coldStart && coldStartLogoutFromAccessToken) {
            revokeAuthTokens();
            throw new LogoutException(AuthResult.COLD_START_SECURITY_LOGOUT, -1, "Cold start security logout");
        }
    }

    private final AuthToken getAuthToken() throws LogoutException, InternalServerException {
        this.authenticationLock.readLock().lock();
        AuthToken authToken = this.session.getAuthToken();
        this.authenticationLock.readLock().unlock();
        if (authToken == null) {
            return null;
        }
        if (!com.virginpulse.android.networkLibrary.authentication.a.INSTANCE.isExpired(authToken)) {
            return authToken;
        }
        if (refreshToken(authToken.getAccessToken(), false) == AuthResult.SUCCESSFUL) {
            return this.session.getAuthToken();
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static final x61.e notifySessionChanges$lambda$0(c this$0) {
        Intrinsics.checkNotNullParameter(this$0, "this$0");
        this$0.apiListener.onSessionUpdate(this$0.session);
        return io.reactivex.rxjava3.internal.operators.completable.b.d;
    }

    private final void shouldNotifySessionChanges(AuthToken oldAuthToken, AuthToken newAuthToken) {
        if (Intrinsics.areEqual(oldAuthToken.getRefreshToken(), newAuthToken.getRefreshToken()) && Intrinsics.areEqual(oldAuthToken.getTokenType(), newAuthToken.getTokenType())) {
            return;
        }
        notifySessionChanges();
    }

    public final Request addAuthentication(Request originalRequest) throws LogoutException, InternalServerException {
        Intrinsics.checkNotNullParameter(originalRequest, "originalRequest");
        AuthToken authToken = getAuthToken();
        if (authToken == null) {
            return null;
        }
        Request.Builder newBuilder = originalRequest.newBuilder();
        StringCompanionObject stringCompanionObject = StringCompanionObject.INSTANCE;
        Request build = newBuilder.header("Authorization", g0.a.a(new Object[]{authToken.getTokenType(), authToken.getAccessToken()}, 2, "%1$s %2$s", "format(...)")).build();
        String str = this.wolverineCookie;
        if (str != null && str.length() > 0) {
            Cookie.Builder builder = new Cookie.Builder();
            builder.name("SessionID");
            builder.value(str);
            builder.hostOnlyDomain("virginpulse.com");
            builder.httpOnly();
            builder.secure();
            rd.c.INSTANCE.addCookie(build, builder.build());
        }
        return build;
    }

    /* JADX WARN: Type inference failed for: r1v1, types: [T, java.lang.String] */
    /* JADX WARN: Type inference failed for: r2v0, types: [T, java.lang.String] */
    public final x61.a authenticateWebView() {
        Ref.ObjectRef objectRef = new Ref.ObjectRef();
        rd.b bVar = rd.b.INSTANCE;
        objectRef.element = bVar.getPHLoginApiUrl();
        Ref.ObjectRef objectRef2 = new Ref.ObjectRef();
        objectRef2.element = bVar.getPHApiUrl();
        SingleFlatMap g12 = IAMService.a.getSession$default(this.api.getIAMService(), null, 1, null).g(new b(objectRef));
        Intrinsics.checkNotNullExpressionValue(g12, "flatMap(...)");
        CompletableSubscribeOn t12 = g12.o(io.reactivex.rxjava3.schedulers.a.f53334c).h(new a(objectRef, objectRef2)).t(w61.a.a());
        Intrinsics.checkNotNullExpressionValue(t12, "subscribeOn(...)");
        return t12;
    }

    public final String getAccessToken() {
        AuthToken authToken = this.session.getAuthToken();
        if (authToken != null) {
            return authToken.getAccessToken();
        }
        return null;
    }

    public final void handleResponseNotSuccessful(Response<KeyCloakLoginResponse> response) throws LogoutException, InternalServerException {
        String errorDescription;
        Intrinsics.checkNotNullParameter(response, "response");
        ResponseBody errorBody = response.errorBody();
        int code = response.code();
        String str = "";
        if (errorBody != null) {
            if (code == 403) {
                AuthResult parseCloudflareErrorResponse = d.INSTANCE.parseCloudflareErrorResponse(response.raw(), errorBody.getBodySource());
                AuthResult authResult = AuthResult.EMULATION_BOT_ERROR;
                if (parseCloudflareErrorResponse == authResult) {
                    throw new LogoutException(authResult, Integer.valueOf(code), null);
                }
            }
            KeyCloakLoginErrorResponse keyCloakLoginErrorResponse = (KeyCloakLoginErrorResponse) new Gson().e(errorBody.charStream(), KeyCloakLoginErrorResponse.class);
            if (keyCloakLoginErrorResponse != null && (errorDescription = keyCloakLoginErrorResponse.getErrorDescription()) != null) {
                str = errorDescription;
            }
        }
        AuthResult parseKeyCloakResponse = d.INSTANCE.parseKeyCloakResponse(Integer.valueOf(code), str);
        if (parseKeyCloakResponse == AuthResult.INTERNAL_SERVER_ERROR) {
            throw new InternalServerException(parseKeyCloakResponse);
        }
        revokeAuthTokens();
        throw new LogoutException(parseKeyCloakResponse, Integer.valueOf(code), str);
    }

    public final void notifySessionChanges() {
        new io.reactivex.rxjava3.internal.operators.completable.a(new q() { // from class: com.virginpulse.android.networkLibrary.authentication.b
            @Override // y61.q
            public final Object get() {
                x61.e notifySessionChanges$lambda$0;
                notifySessionChanges$lambda$0 = c.notifySessionChanges$lambda$0(c.this);
                return notifySessionChanges$lambda$0;
            }
        }).t(w61.a.a()).q();
    }

    /* JADX WARN: Multi-variable type inference failed */
    public final synchronized AuthResult refreshToken(String oldAccessToken, boolean coldStart) throws LogoutException, InternalServerException {
        Intrinsics.checkNotNullParameter(oldAccessToken, "oldAccessToken");
        this.authenticationLock.writeLock().lock();
        try {
            AuthToken authToken = this.session.getAuthToken();
            if (authToken == null) {
                return AuthResult.KEY_CLOAK_REFRESHING_TOKEN_WITHOUT_TOKEN;
            }
            if (!Intrinsics.areEqual(authToken.getAccessToken(), oldAccessToken)) {
                return AuthResult.SUCCESSFUL;
            }
            try {
                T c12 = this.api.reloginKeyCloak(authToken.getRefreshToken()).o(io.reactivex.rxjava3.schedulers.a.f53334c).c();
                Intrinsics.checkNotNullExpressionValue(c12, "blockingGet(...)");
                Response<KeyCloakLoginResponse> response = (Response) c12;
                if (!response.isSuccessful()) {
                    handleResponseNotSuccessful(response);
                }
                KeyCloakLoginResponse body = response.body();
                if (body == null) {
                    return AuthResult.API_ERROR_KEY_CLOAK;
                }
                String accessToken = body.getAccessToken();
                if (accessToken == null) {
                    return AuthResult.API_ERROR_KEY_CLOAK;
                }
                checkColdStartSecurityLogout(coldStart, accessToken);
                String refreshToken = body.getRefreshToken();
                if (refreshToken == null) {
                    return AuthResult.API_ERROR_KEY_CLOAK;
                }
                String tokenType = body.getTokenType();
                if (tokenType == null) {
                    return AuthResult.API_ERROR_KEY_CLOAK;
                }
                Long expiresIn = body.getExpiresIn();
                if (expiresIn == null) {
                    return AuthResult.API_ERROR_KEY_CLOAK;
                }
                AuthToken authToken2 = new AuthToken(accessToken, refreshToken, tokenType, expiresIn.longValue(), System.currentTimeMillis() / 1000);
                this.session.setAuthToken(authToken2);
                Session session = this.session;
                qd.a aVar = qd.a.INSTANCE;
                session.setSponsorRegion(aVar.getSponsorRegionFromAccessToken(accessToken));
                this.session.setPersonId(aVar.getPersonIdFromAccessToken(accessToken));
                this.session.setProfileId(aVar.getProfileIdFromAccessToken(accessToken));
                shouldNotifySessionChanges(authToken, authToken2);
                return AuthResult.SUCCESSFUL;
            } catch (RuntimeException e12) {
                int i12 = h.f72403a;
                h.f(ad.a.i(this), e12.getLocalizedMessage(), new Object());
                return AuthResult.NETWORK_ERROR_KEY_CLOAK;
            }
        } finally {
            this.authenticationLock.writeLock().unlock();
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    public final boolean revokeAuthTokens() {
        AuthToken authToken = this.session.getAuthToken();
        if (authToken == null) {
            return false;
        }
        this.session.setAuthToken(null);
        try {
            return ((Response) this.api.revokeKeyCloak(authToken.getRefreshToken()).o(io.reactivex.rxjava3.schedulers.a.f53334c).c()).isSuccessful();
        } catch (Exception e12) {
            int i12 = h.f72403a;
            h.f(ad.a.i(this), e12.getLocalizedMessage(), new Object());
            return false;
        }
    }
}
