package com.hushed.base.helpers.http.apis;

import android.content.Context;
import android.os.Handler;
import android.os.Looper;
import android.text.TextUtils;
import android.util.Base64;
import android.util.Log;
import android.widget.Toast;
import androidx.annotation.NonNull;
import androidx.annotation.Nullable;
import com.affinityclick.maelstrom.models.eventTypes.ExceptionEventBuilder;
import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson.JSONObject;
import com.google.gson.GsonBuilder;
import com.hushed.base.BuildConfig;
import com.hushed.base.HushedApp;
import com.hushed.base.helpers.AppExecutors;
import com.hushed.base.helpers.EventTracker;
import com.hushed.base.helpers.LoggingHelper;
import com.hushed.base.helpers.accounts.AccountManager;
import com.hushed.base.helpers.http.HTTPHelper;
import com.hushed.base.helpers.http.HTTPHelperJWTToken;
import com.hushed.base.interfaces.CompleteSuccessErrorHandler;
import com.hushed.base.models.server.Account;
import com.hushed.release.R;
import com.twilio.voice.EventKeys;
import io.jsonwebtoken.ExpiredJwtException;
import io.jsonwebtoken.JwtParser;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureException;
import io.jsonwebtoken.impl.DefaultClaims;
import java.io.IOException;
import java.nio.charset.Charset;
import java.security.KeyFactory;
import java.security.PublicKey;
import java.security.spec.X509EncodedKeySpec;
import java.util.HashMap;
import okhttp3.Credentials;
import okhttp3.OkHttpClient;
import okhttp3.Request;
import okhttp3.ResponseBody;
import retrofit2.Call;
import retrofit2.Callback;
import retrofit2.Response;
import retrofit2.Retrofit;
import retrofit2.converter.gson.GsonConverterFactory;

/* loaded from: classes2.dex */
public class AuthenticationManager {
    private static final String TAG = "com.hushed.base.helpers.http.apis.AuthenticationManager";
    private static final int jwtMaxRetry = 5;
    private AccountManager accountManager;
    private AppExecutors appExecutors;
    private AuthenticationService authenticationService;
    private long clockDriftWarningShownAt;
    private HTTPHelperJWTToken currentToken;
    private final Object refreshLock = new Object();

    public AuthenticationManager(String str, OkHttpClient.Builder builder, AccountManager accountManager, AppExecutors appExecutors) {
        this.accountManager = accountManager;
        this.appExecutors = appExecutors;
        this.authenticationService = (AuthenticationService) new Retrofit.Builder().baseUrl(str).addConverterFactory(GsonConverterFactory.create(new GsonBuilder().setLenient().create())).client(builder.build()).build().create(AuthenticationService.class);
    }

    private void checkClockDrift(final long j) {
        new Handler(Looper.getMainLooper()).post(new Runnable() { // from class: com.hushed.base.helpers.http.apis.-$$Lambda$AuthenticationManager$nmPewz4BNmR_E9wKWv_M0O5c2Es
            @Override // java.lang.Runnable
            public final void run() {
                AuthenticationManager.lambda$checkClockDrift$4(AuthenticationManager.this, j);
            }
        });
    }

    private void handleExpiredJwtException(ExpiredJwtException expiredJwtException) {
        checkClockDrift(expiredJwtException.getClaims().getIssuedAt().getTime());
        LoggingHelper.logException(expiredJwtException);
        expiredJwtException.printStackTrace();
    }

    private boolean isResponseMigratePasswordError(HTTPHelper.HTTPResponse hTTPResponse) {
        JSONObject parseObject;
        if (hTTPResponse != null && 400 == hTTPResponse.getOkhttpResponse().code() && (parseObject = JSON.parseObject(hTTPResponse.readBody())) != null && parseObject.containsKey(EventKeys.ERROR_CODE)) {
            return "GK000M".equalsIgnoreCase(parseObject.getString(EventKeys.ERROR_CODE));
        }
        return false;
    }

    public static /* synthetic */ void lambda$checkClockDrift$4(AuthenticationManager authenticationManager, long j) {
        long currentTimeMillis = System.currentTimeMillis();
        long abs = Math.abs(j - currentTimeMillis);
        long abs2 = Math.abs(authenticationManager.clockDriftWarningShownAt - currentTimeMillis);
        if (abs <= 3600000 || abs2 <= 3600000) {
            return;
        }
        authenticationManager.clockDriftWarningShownAt = currentTimeMillis;
        Toast.makeText(HushedApp.getContext(), R.string.errorClockDriftDetected, 1).show();
        LoggingHelper.logException(new Exception("Clock Drift"), ExceptionEventBuilder.Severity.Info);
    }

    public static /* synthetic */ void lambda$preauthorizeAccount$1(AuthenticationManager authenticationManager, String str, String str2, String str3, HTTPHelper.SuccessHandler successHandler, HTTPHelper.ErrorHandler errorHandler) {
        Account account = new Account();
        account.setUsername(str);
        if (str2 != null) {
            account.setPassword(str2);
        }
        if (str3 != null) {
            account.setHashPassword(str3);
        }
        authenticationManager.refreshJWTTokenSynchronous(0, account, successHandler, errorHandler);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static /* synthetic */ void lambda$refreshJWTTokenSynchronous$0(HTTPHelper.SuccessHandler successHandler, HTTPHelper.HTTPResponse hTTPResponse, HTTPHelper.ErrorHandler errorHandler, boolean z, String str) {
        if (z) {
            if (successHandler != null) {
                successHandler.onSuccess(hTTPResponse);
            }
        } else if (errorHandler != null) {
            errorHandler.onError(hTTPResponse);
        }
    }

    private void logout(final Context context) {
        if (HushedApp.isAuthorized()) {
            new Handler(Looper.getMainLooper()).post(new Runnable() { // from class: com.hushed.base.helpers.http.apis.-$$Lambda$AuthenticationManager$nbb-UOXquCeiPcrhQWCd20ma85g
                @Override // java.lang.Runnable
                public final void run() {
                    HushedApp.instance.signout(context);
                }
            });
        }
    }

    private void logoutOnAuthenticationError(final Context context) {
        if (HushedApp.isAuthorized()) {
            new Handler(Looper.getMainLooper()).post(new Runnable() { // from class: com.hushed.base.helpers.http.apis.-$$Lambda$AuthenticationManager$Hmh7VzYBUJZg4KWbs8mo3pEMdh8
                @Override // java.lang.Runnable
                public final void run() {
                    HushedApp.instance.signoutUnauthorized(context);
                }
            });
        }
    }

    private void refreshJWTTokenForMigrateSynchronous(int i, int i2, Account account, HTTPHelper.SuccessHandler successHandler, HTTPHelper.ErrorHandler errorHandler) {
        HashMap<String, String> hashMap = new HashMap<>();
        hashMap.put("newPassword", account.getHashPassword());
        try {
            Response<ResponseBody> execute = this.authenticationService.migrate(Credentials.basic(account.getUsername().toLowerCase(), account.getPassword(), Charset.forName("UTF-8")), hashMap).execute();
            HTTPHelper.HTTPResponse hTTPResponse = new HTTPHelper.HTTPResponse(execute);
            if (execute.isSuccessful()) {
                Account account2 = this.accountManager.getAccount();
                if (account2 != null) {
                    account2.clearTempPassword();
                    this.accountManager.save(account2, false);
                }
                refreshJWTTokenSynchronous(i2, account, successHandler, errorHandler);
                return;
            }
            if (HTTPHelper.isResponseAuthenticationError(hTTPResponse)) {
                logoutOnAuthenticationError(HushedApp.getContext());
                return;
            }
            if (HTTPHelper.isResponse500Block(hTTPResponse)) {
                refreshJWTTokenForMigrateSynchronous(i, i2, account, successHandler, errorHandler);
            } else if (i < 5) {
                refreshJWTTokenForMigrateSynchronous(i + 1, i2, account, successHandler, errorHandler);
            } else {
                Log.e(TAG, "Reached maximum retry on JWT Migrate");
                logout(HushedApp.getContext());
            }
        } catch (IOException e) {
            e.printStackTrace();
        }
    }

    public HTTPHelperJWTToken getCurrentToken() {
        HTTPHelperJWTToken hTTPHelperJWTToken;
        synchronized (this.refreshLock) {
            hTTPHelperJWTToken = this.currentToken == null ? null : new HTTPHelperJWTToken(this.currentToken);
        }
        return hTTPHelperJWTToken;
    }

    public PublicKey getKey(String str) {
        if (str == null || str.length() <= 1) {
            return null;
        }
        try {
            return KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(Base64.decode(str.getBytes(), 0)));
        } catch (Exception e) {
            e.printStackTrace();
            return null;
        }
    }

    public void preauthorizeAccount(final String str, final String str2, final String str3, final HTTPHelper.SuccessHandler successHandler, final HTTPHelper.ErrorHandler errorHandler) {
        this.appExecutors.networkIO().execute(new Runnable() { // from class: com.hushed.base.helpers.http.apis.-$$Lambda$AuthenticationManager$LCyX5LW22k7hkCKVcAllFOgl8UM
            @Override // java.lang.Runnable
            public final void run() {
                AuthenticationManager.lambda$preauthorizeAccount$1(AuthenticationManager.this, str, str2, str3, successHandler, errorHandler);
            }
        });
    }

    public void refreshJWTTokenSynchronous(int i, Account account, @Nullable final HTTPHelper.SuccessHandler successHandler, @Nullable final HTTPHelper.ErrorHandler errorHandler) {
        synchronized (this.refreshLock) {
            if (account == null) {
                if (errorHandler != null) {
                    errorHandler.onError(null);
                }
                return;
            }
            String basic = Credentials.basic(account.getUsername().toLowerCase(), account.getHashPassword(), Charset.forName("UTF-8"));
            Request request = this.authenticationService.signin(basic).request();
            try {
                Response<ResponseBody> execute = this.authenticationService.signin(basic).execute();
                final HTTPHelper.HTTPResponse hTTPResponse = new HTTPHelper.HTTPResponse(execute);
                LoggingHelper.logHttpResponse(execute);
                if (execute.isSuccessful()) {
                    updateJWTToken(execute.raw(), new CompleteSuccessErrorHandler() { // from class: com.hushed.base.helpers.http.apis.-$$Lambda$AuthenticationManager$uVgBEX46BZrwPdOPX3OApv7snK8
                        @Override // com.hushed.base.interfaces.CompleteSuccessErrorHandler
                        public final void onComplete(boolean z, String str) {
                            AuthenticationManager.lambda$refreshJWTTokenSynchronous$0(HTTPHelper.SuccessHandler.this, hTTPResponse, errorHandler, z, str);
                        }
                    });
                } else if (isResponseMigratePasswordError(hTTPResponse)) {
                    refreshJWTTokenForMigrateSynchronous(0, i, account, successHandler, errorHandler);
                } else if (HTTPHelper.isResponseAuthenticationError(hTTPResponse)) {
                    if (hTTPResponse.getBody() != null) {
                        LoggingHelper.leaveBreadcrumb("401 body: " + hTTPResponse.getBody());
                    }
                    LoggingHelper.logException(new Exception("Signout-AuthenticationManager"));
                    EventTracker.trackCustomEvent("Signout-AuthenticationManager");
                    logoutOnAuthenticationError(HushedApp.getContext());
                    if (errorHandler != null) {
                        errorHandler.onError(hTTPResponse);
                    }
                } else if (HTTPHelper.isResponse500Block(hTTPResponse)) {
                    if (errorHandler != null) {
                        errorHandler.onError(hTTPResponse);
                    }
                } else if (i < 5) {
                    refreshJWTTokenSynchronous(i + 1, account, successHandler, errorHandler);
                } else if (errorHandler != null) {
                    errorHandler.onError(hTTPResponse);
                }
            } catch (ExpiredJwtException e) {
                handleExpiredJwtException(e);
                if (errorHandler != null) {
                    errorHandler.onError(null);
                }
            } catch (Exception e2) {
                LoggingHelper.leaveBreadcrumb("Exception when executing request ( " + request.url() + " )");
                LoggingHelper.logException(e2);
                e2.printStackTrace();
                if (errorHandler != null) {
                    errorHandler.onError(null);
                }
            }
        }
    }

    public void setCurrentToken(HTTPHelperJWTToken hTTPHelperJWTToken) {
        synchronized (this.refreshLock) {
            this.currentToken = hTTPHelperJWTToken;
        }
    }

    public void unauthorizeAccount() {
        setCurrentToken(null);
    }

    public void updateJWTToken(okhttp3.Response response, @NonNull CompleteSuccessErrorHandler completeSuccessErrorHandler) {
        String header = response.header("Authorization");
        if (header == null) {
            LoggingHelper.logException(new Exception("Server did not return an Authorization header on /users/signin but was a success"));
            completeSuccessErrorHandler.onComplete(false, null);
            return;
        }
        String substring = header.substring(7);
        try {
            PublicKey key = getKey(BuildConfig.jwtPemKey);
            JwtParser parser = Jwts.parser();
            if (key != null) {
                parser.setSigningKey(key);
            }
            DefaultClaims defaultClaims = (DefaultClaims) parser.parse(substring).getBody();
            checkClockDrift(defaultClaims.getIssuedAt().getTime());
            setCurrentToken(new HTTPHelperJWTToken(defaultClaims, substring));
        } catch (ExpiredJwtException e) {
            handleExpiredJwtException(e);
            completeSuccessErrorHandler.onComplete(false, null);
        } catch (SignatureException e2) {
            LoggingHelper.logException(e2);
            setCurrentToken(null);
            completeSuccessErrorHandler.onComplete(false, null);
            return;
        }
        completeSuccessErrorHandler.onComplete(true, null);
    }

    public void validateJWTTokenAsynchronous(Account account, final HTTPHelper.SuccessHandler successHandler, final HTTPHelper.ErrorHandler errorHandler) {
        if (account == null) {
            if (errorHandler != null) {
                errorHandler.onError(null);
            }
        } else if (TextUtils.isEmpty(account.getUsername()) || this.accountManager.getAccount() == null || !account.getUsername().equalsIgnoreCase(this.accountManager.getAccount().getUsername())) {
            if (errorHandler != null) {
                errorHandler.onError(null);
            }
        } else {
            try {
                this.authenticationService.signin(Credentials.basic(account.getUsername().toLowerCase(), account.getHashPassword(), Charset.forName("UTF-8"))).enqueue(new Callback<ResponseBody>() { // from class: com.hushed.base.helpers.http.apis.AuthenticationManager.1
                    @Override // retrofit2.Callback
                    public void onFailure(Call<ResponseBody> call, Throwable th) {
                        LoggingHelper.logException(th);
                    }

                    @Override // retrofit2.Callback
                    public void onResponse(Call<ResponseBody> call, Response<ResponseBody> response) {
                        if (response != null && response.isSuccessful()) {
                            successHandler.onSuccess(new HTTPHelper.HTTPResponse(response));
                        } else {
                            errorHandler.onError(new HTTPHelper.HTTPResponse(response));
                        }
                    }
                });
            } catch (Exception e) {
                e.printStackTrace();
            }
        }
    }
}
