package nl.ns.lib.authentication.data.authenticator;

import java.util.Iterator;
import java.util.Locale;
import kotlin.Metadata;
import kotlin.Pair;
import kotlin.Unit;
import kotlin.jvm.internal.DefaultConstructorMarker;
import kotlin.jvm.internal.Intrinsics;
import kotlin.jvm.internal.SourceDebugExtension;
import kotlin.text.m;
import kotlinx.coroutines.d;
import nl.ns.lib.authentication.data.BusinessAuthentication;
import nl.ns.lib.authentication.domain.TokenManager;
import okhttp3.Authenticator;
import okhttp3.Request;
import okhttp3.Response;
import okhttp3.ResponseBody;
import okhttp3.Route;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import org.json.JSONException;
import org.json.JSONObject;
import retrofit2.HttpException;
import timber.log.Timber;

@Metadata(d1 = {"\u0000X\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u000b\n\u0000\n\u0002\u0010\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010\u000e\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0007\u0018\u0000 !2\u00020\u0001:\u0001!B\u001d\u0012\u0006\u0010\u0002\u001a\u00020\u0003\u0012\u0006\u0010\u0004\u001a\u00020\u0005\u0012\u0006\u0010\u0006\u001a\u00020\u0007¢\u0006\u0002\u0010\bJ\u001c\u0010\t\u001a\u0004\u0018\u00010\n2\b\u0010\u000b\u001a\u0004\u0018\u00010\f2\u0006\u0010\r\u001a\u00020\u000eH\u0016J\u0010\u0010\u000f\u001a\u00020\u00102\u0006\u0010\r\u001a\u00020\u000eH\u0002J\u0014\u0010\u0011\u001a\u00020\u00122\n\u0010\u0013\u001a\u00060\u0014j\u0002`\u0015H\u0002J\"\u0010\u0016\u001a\u0004\u0018\u00010\n2\u0006\u0010\u0017\u001a\u00020\u00182\u0006\u0010\u0019\u001a\u00020\n2\u0006\u0010\r\u001a\u00020\u000eH\u0002J#\u0010\u001a\u001a\u00020\u001b2\u0006\u0010\u0019\u001a\u00020\n2\u0006\u0010\u0017\u001a\u00020\u0018ø\u0001\u0000ø\u0001\u0001¢\u0006\u0004\b\u001c\u0010\u001dJ\u001d\u0010\u001e\u001a\u0004\u0018\u00010\u001b2\u0006\u0010\r\u001a\u00020\u000eø\u0001\u0000ø\u0001\u0001¢\u0006\u0004\b\u001f\u0010 R\u000e\u0010\u0006\u001a\u00020\u0007X\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\u0004\u001a\u00020\u0005X\u0082\u0004¢\u0006\u0002\n\u0000R\u000e\u0010\u0002\u001a\u00020\u0003X\u0082\u0004¢\u0006\u0002\n\u0000\u0082\u0002\u000b\n\u0002\b!\n\u0005\b¡\u001e0\u0001¨\u0006\""}, d2 = {"Lnl/ns/lib/authentication/data/authenticator/BusinessAuthorizationAuthenticator;", "Lokhttp3/Authenticator;", "tokenManager", "Lnl/ns/lib/authentication/domain/TokenManager;", "businessAuthentication", "Lnl/ns/lib/authentication/data/BusinessAuthentication;", "authenticatorHelper", "Lnl/ns/lib/authentication/data/authenticator/AuthenticatorHelper;", "(Lnl/ns/lib/authentication/domain/TokenManager;Lnl/ns/lib/authentication/data/BusinessAuthentication;Lnl/ns/lib/authentication/data/authenticator/AuthenticatorHelper;)V", "authenticate", "Lokhttp3/Request;", "route", "Lokhttp3/Route;", "response", "Lokhttp3/Response;", "hasLegacyBusinessAuthenticationFailed", "", "logIfInvalidGrant", "", "exception", "Ljava/lang/Exception;", "Lkotlin/Exception;", "processAuthHeader", "authHeader", "", "request", "refreshToken", "Lnl/ns/lib/authentication/data/authenticator/AuthHeader;", "refreshToken-oEbUGPw", "(Lokhttp3/Request;Ljava/lang/String;)Ljava/lang/String;", "verifyAuthBasic", "verifyAuthBasic-Igd7Lms", "(Lokhttp3/Response;)Ljava/lang/String;", "Companion", "data_release"}, k = 1, mv = {1, 9, 0}, xi = 48)
@SourceDebugExtension({"SMAP\nBusinessAuthorizationAuthenticator.kt\nKotlin\n*S Kotlin\n*F\n+ 1 BusinessAuthorizationAuthenticator.kt\nnl/ns/lib/authentication/data/authenticator/BusinessAuthorizationAuthenticator\n+ 2 _Collections.kt\nkotlin/collections/CollectionsKt___CollectionsKt\n*L\n1#1,168:1\n288#2,2:169\n*S KotlinDebug\n*F\n+ 1 BusinessAuthorizationAuthenticator.kt\nnl/ns/lib/authentication/data/authenticator/BusinessAuthorizationAuthenticator\n*L\n127#1:169,2\n*E\n"})
/* loaded from: classes6.dex */
public final class BusinessAuthorizationAuthenticator implements Authenticator {

    @NotNull
    private static final String AUTH_HEADER_NAME = "Authorization";

    @NotNull
    private static final String AUTH_HEADER_PREFIX = "Bearer ";

    @NotNull
    private static final String BASIC_AUTH_PREFIX = "basic";

    /* renamed from: Companion, reason: from kotlin metadata */
    @NotNull
    public static final Companion INSTANCE = new Companion(null);

    @NotNull
    private static final String ERROR_JSON_KEY = "error";

    @NotNull
    private static final String INVALID_GRANT_ERROR = "invalid_grant";

    @NotNull
    private static final String WWW_AUTH_HEADER = "WWW-Authenticate";

    @NotNull
    private final AuthenticatorHelper authenticatorHelper;

    @NotNull
    private final BusinessAuthentication businessAuthentication;

    @NotNull
    private final TokenManager tokenManager;

    @Metadata(d1 = {"\u0000 \n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0002\b\u0002\n\u0002\u0010\u000e\n\u0002\b\u0006\n\u0002\u0010\u000b\n\u0000\n\u0002\u0018\u0002\n\u0000\b\u0086\u0003\u0018\u00002\u00020\u0001B\u0007\b\u0002¢\u0006\u0002\u0010\u0002J\u000e\u0010\n\u001a\u00020\u000b2\u0006\u0010\f\u001a\u00020\rR\u000e\u0010\u0003\u001a\u00020\u0004X\u0082T¢\u0006\u0002\n\u0000R\u000e\u0010\u0005\u001a\u00020\u0004X\u0082T¢\u0006\u0002\n\u0000R\u000e\u0010\u0006\u001a\u00020\u0004X\u0082T¢\u0006\u0002\n\u0000R\u000e\u0010\u0007\u001a\u00020\u0004X\u0082T¢\u0006\u0002\n\u0000R\u000e\u0010\b\u001a\u00020\u0004X\u0082T¢\u0006\u0002\n\u0000R\u000e\u0010\t\u001a\u00020\u0004X\u0082T¢\u0006\u0002\n\u0000¨\u0006\u000e"}, d2 = {"Lnl/ns/lib/authentication/data/authenticator/BusinessAuthorizationAuthenticator$Companion;", "", "()V", "AUTH_HEADER_NAME", "", "AUTH_HEADER_PREFIX", "BASIC_AUTH_PREFIX", "ERROR_JSON_KEY", "INVALID_GRANT_ERROR", "WWW_AUTH_HEADER", "isBusinessBearer", "", "request", "Lokhttp3/Request;", "data_release"}, k = 1, mv = {1, 9, 0}, xi = 48)
    @SourceDebugExtension({"SMAP\nBusinessAuthorizationAuthenticator.kt\nKotlin\n*S Kotlin\n*F\n+ 1 BusinessAuthorizationAuthenticator.kt\nnl/ns/lib/authentication/data/authenticator/BusinessAuthorizationAuthenticator$Companion\n+ 2 _Collections.kt\nkotlin/collections/CollectionsKt___CollectionsKt\n*L\n1#1,168:1\n288#2,2:169\n*S KotlinDebug\n*F\n+ 1 BusinessAuthorizationAuthenticator.kt\nnl/ns/lib/authentication/data/authenticator/BusinessAuthorizationAuthenticator$Companion\n*L\n164#1:169,2\n*E\n"})
    /* loaded from: classes6.dex */
    public static final class Companion {
        private Companion() {
        }

        public /* synthetic */ Companion(DefaultConstructorMarker defaultConstructorMarker) {
            this();
        }

        public final boolean isBusinessBearer(@NotNull Request request) {
            Pair<? extends String, ? extends String> pair;
            boolean equals;
            boolean equals2;
            Intrinsics.checkNotNullParameter(request, "request");
            Iterator<Pair<? extends String, ? extends String>> it = request.headers().iterator();
            while (true) {
                if (!it.hasNext()) {
                    pair = null;
                    break;
                }
                pair = it.next();
                equals2 = m.equals(pair.getFirst(), "x-ns-authtype", true);
                if (equals2) {
                    break;
                }
            }
            Pair<? extends String, ? extends String> pair2 = pair;
            equals = m.equals(pair2 != null ? pair2.getSecond() : null, "business", true);
            return equals;
        }
    }

    public BusinessAuthorizationAuthenticator(@NotNull TokenManager tokenManager, @NotNull BusinessAuthentication businessAuthentication, @NotNull AuthenticatorHelper authenticatorHelper) {
        Intrinsics.checkNotNullParameter(tokenManager, "tokenManager");
        Intrinsics.checkNotNullParameter(businessAuthentication, "businessAuthentication");
        Intrinsics.checkNotNullParameter(authenticatorHelper, "authenticatorHelper");
        this.tokenManager = tokenManager;
        this.businessAuthentication = businessAuthentication;
        this.authenticatorHelper = authenticatorHelper;
    }

    private final boolean hasLegacyBusinessAuthenticationFailed(Response response) {
        Object obj;
        boolean equals;
        boolean equals2;
        Iterator<T> it = response.headers().names().iterator();
        while (true) {
            if (!it.hasNext()) {
                obj = null;
                break;
            }
            obj = it.next();
            equals2 = m.equals((String) obj, "WWW-Authenticate", true);
            if (equals2) {
                break;
            }
        }
        String str = (String) obj;
        if (str == null) {
            return false;
        }
        equals = m.equals(response.headers().get(str), BASIC_AUTH_PREFIX, true);
        return equals;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public final void logIfInvalidGrant(Exception exception) {
        HttpException httpException;
        int code;
        ResponseBody errorBody;
        if (!(exception instanceof HttpException) || 400 > (code = (httpException = (HttpException) exception).code()) || code >= 500) {
            return;
        }
        retrofit2.Response<?> response = httpException.response();
        String string = (response == null || (errorBody = response.errorBody()) == null) ? null : errorBody.string();
        if (string != null) {
            try {
                if (Intrinsics.areEqual(new JSONObject(string).getString("error"), "invalid_grant")) {
                    Timber.INSTANCE.w(exception);
                }
            } catch (JSONException e6) {
                Timber.INSTANCE.w(e6);
            }
        }
    }

    private final Request processAuthHeader(String authHeader, Request request, Response response) {
        boolean startsWith$default;
        boolean startsWith$default2;
        Locale locale = Locale.ROOT;
        String lowerCase = authHeader.toLowerCase(locale);
        Intrinsics.checkNotNullExpressionValue(lowerCase, "toLowerCase(...)");
        startsWith$default = m.startsWith$default(lowerCase, BASIC_AUTH_PREFIX, false, 2, null);
        String lowerCase2 = authHeader.toLowerCase(locale);
        Intrinsics.checkNotNullExpressionValue(lowerCase2, "toLowerCase(...)");
        startsWith$default2 = m.startsWith$default(lowerCase2, "bearer", false, 2, null);
        boolean isBusinessBearer = INSTANCE.isBusinessBearer(request);
        if ((!startsWith$default && !startsWith$default2) || (startsWith$default2 && !isBusinessBearer)) {
            throw new AuthenticatorException("Called BusinessAuthorizationAuthenticator on request without Business Bearer or Basic Auth present.");
        }
        String m7061verifyAuthBasicIgd7Lms = startsWith$default ? m7061verifyAuthBasicIgd7Lms(response) : m7060refreshTokenoEbUGPw(request, authHeader);
        if (m7061verifyAuthBasicIgd7Lms != null) {
            return request.newBuilder().header("Authorization", m7061verifyAuthBasicIgd7Lms).build();
        }
        return null;
    }

    @Override // okhttp3.Authenticator
    @Nullable
    public Request authenticate(@Nullable Route route, @NotNull Response response) {
        Intrinsics.checkNotNullParameter(response, "response");
        Request request = response.request();
        String header = request.header("Authorization");
        if (header == null) {
            throw new AuthenticatorException("Called BusinessAuthorizationAuthenticator on request without Authorization header");
        }
        if (this.authenticatorHelper.didReachMaxRetries(response, 2)) {
            return null;
        }
        return processAuthHeader(header, request, response);
    }

    @NotNull
    /* renamed from: refreshToken-oEbUGPw, reason: not valid java name */
    public final String m7060refreshTokenoEbUGPw(@NotNull Request request, @NotNull String authHeader) throws AuthenticatorException {
        String replace$default;
        Object runBlocking$default;
        Object runBlocking$default2;
        Intrinsics.checkNotNullParameter(request, "request");
        Intrinsics.checkNotNullParameter(authHeader, "authHeader");
        replace$default = m.replace$default(authHeader, "Bearer ", "", false, 4, (Object) null);
        synchronized (this.tokenManager) {
            runBlocking$default = d.runBlocking$default(null, new BusinessAuthorizationAuthenticator$refreshToken$1$storedToken$1(this, null), 1, null);
            String str = (String) runBlocking$default;
            if (Intrinsics.areEqual(replace$default, str) || str == null) {
                d.runBlocking$default(null, new BusinessAuthorizationAuthenticator$refreshToken$1$1(request, this, null), 1, null);
            }
            Unit unit = Unit.INSTANCE;
        }
        runBlocking$default2 = d.runBlocking$default(null, new BusinessAuthorizationAuthenticator$refreshToken$newToken$1(this, null), 1, null);
        return AuthHeader.m7054constructorimpl("Bearer " + ((String) runBlocking$default2));
    }

    @Nullable
    /* renamed from: verifyAuthBasic-Igd7Lms, reason: not valid java name */
    public final String m7061verifyAuthBasicIgd7Lms(@NotNull Response response) throws AuthenticatorException {
        Intrinsics.checkNotNullParameter(response, "response");
        if (!hasLegacyBusinessAuthenticationFailed(response)) {
            return null;
        }
        d.runBlocking$default(null, new BusinessAuthorizationAuthenticator$verifyAuthBasic$1(this, null), 1, null);
        AuthenticatorException authenticatorException = new AuthenticatorException("Invalid business auth");
        Timber.INSTANCE.w(authenticatorException);
        throw authenticatorException;
    }
}
