package f.a.r.v.c;

import android.text.TextUtils;
import android.util.Base64;
import android.util.Pair;
import android.webkit.CookieManager;
import com.google.gson.Gson;
import com.newrelic.agent.android.instrumentation.GsonInstrumentation;
import com.newrelic.agent.android.instrumentation.Instrumented;
import com.virginpulse.virginpulseapi.LogoutException;
import com.virginpulse.virginpulseapi.Session;
import com.virginpulse.virginpulseapi.model.jwt.AccessTokenJWTBody;
import com.virginpulse.virginpulseapi.model.keycloak.response.KeyCloakLoginErrorResponse;
import com.virginpulse.virginpulseapi.model.keycloak.response.KeyCloakLoginResponse;
import com.virginpulse.virginpulseapi.util.AuthResult;
import com.virginpulse.virginpulseapi.util.AuthToken;
import com.virginpulse.virginpulseapi.util.JWTInvalidException;
import d0.d.d0;
import d0.d.i0.o;
import d0.d.z;
import f.a.q.q;
import f.a.r.s;
import f.a.r.u;
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.util.List;
import java.util.Locale;
import java.util.concurrent.locks.ReadWriteLock;
import java.util.concurrent.locks.ReentrantReadWriteLock;
import kotlin.jvm.internal.Intrinsics;
import kotlin.text.StringsKt__StringsKt;
import okhttp3.Cookie;
import okhttp3.HttpUrl;
import okhttp3.ResponseBody;
import retrofit2.Response;

/* compiled from: AuthenticationKeyCloak.java */
@Instrumented
/* loaded from: classes3.dex */
public class e extends d {
    public final ReadWriteLock d;

    public e(s sVar, u uVar, Session session) {
        super(sVar, uVar, session);
        this.d = new ReentrantReadWriteLock();
    }

    public static /* synthetic */ d0 a(Response response) throws Exception {
        String str = "";
        if (response == null) {
            return z.b(new Pair("", ""));
        }
        List<Cookie> parseAll = Cookie.parseAll(HttpUrl.parse(q.d()), response.headers());
        if (parseAll.isEmpty()) {
            return z.b(new Pair("", ""));
        }
        String str2 = "";
        for (Cookie cookie : parseAll) {
            if ("KEYCLOAK_SESSION".equals(cookie.name())) {
                str = cookie.value();
            }
            if ("KEYCLOAK_IDENTITY".equals(cookie.name())) {
                str2 = cookie.value();
            }
        }
        return z.b(new Pair(str, str2));
    }

    public static /* synthetic */ d0.d.e a(Pair pair) throws Exception {
        CookieManager cookieManager = CookieManager.getInstance();
        cookieManager.removeAllCookie();
        String str = (String) pair.first;
        String str2 = (String) pair.second;
        if (!TextUtils.isEmpty(str) && !TextUtils.isEmpty(str2)) {
            String d = q.d();
            cookieManager.setCookie(d, String.format(Locale.US, "%1$s=%2$s;", "KEYCLOAK_SESSION", str));
            cookieManager.setCookie(d, String.format(Locale.US, "%1$s=%2$s;", "KEYCLOAK_IDENTITY", str2));
            cookieManager.setCookie(".virginpulse.com", "authentication_provider=keycloak;");
            cookieManager.setCookie(q.c(), String.format("%1$s=%2$s;", "pwd_exp_warn", "false"));
        }
        cookieManager.flush();
        return d0.d.a.d();
    }

    @Override // f.a.r.v.c.d
    public synchronized AuthResult a(String str, boolean z2) throws LogoutException {
        this.d.writeLock().lock();
        try {
            AuthToken token = this.c.getToken();
            if (token == null) {
                return AuthResult.KEY_CLOAK_REFRESHING_TOKEN_WITHOUT_TOKEN;
            }
            if (!token.getAccessToken().equals(str)) {
                return AuthResult.SUCCESSFUL;
            }
            try {
                final s sVar = this.b;
                final String refreshToken = token.getRefreshToken();
                Response response = (Response) sVar.a(this.c.getScope()).a(new o() { // from class: f.a.r.f
                    @Override // d0.d.i0.o
                    public final Object apply(Object obj) {
                        return s.this.a(refreshToken, (String) obj);
                    }
                }).b(d0.d.o0.a.c).b();
                if (!response.isSuccessful()) {
                    String str2 = null;
                    ResponseBody errorBody = response.errorBody();
                    int code = response.code();
                    if (errorBody != null) {
                        if (code == 403) {
                            if (AuthResult.EMULATION_BOT_ERROR.equals(f.a.r.z.b.a(response.raw(), errorBody.getSource()))) {
                                throw new LogoutException(AuthResult.EMULATION_BOT_ERROR, code, null);
                            }
                        }
                        KeyCloakLoginErrorResponse keyCloakLoginErrorResponse = (KeyCloakLoginErrorResponse) GsonInstrumentation.fromJson(new Gson(), errorBody.charStream(), KeyCloakLoginErrorResponse.class);
                        if (keyCloakLoginErrorResponse != null) {
                            str2 = keyCloakLoginErrorResponse.error_description;
                        }
                    }
                    a();
                    throw new LogoutException(f.a.r.z.b.b(code, str2), code, str2);
                }
                KeyCloakLoginResponse keyCloakLoginResponse = (KeyCloakLoginResponse) response.body();
                if (keyCloakLoginResponse != null && keyCloakLoginResponse.access_token != null) {
                    if (z2 && a(keyCloakLoginResponse.access_token)) {
                        a();
                        throw new LogoutException(AuthResult.COLD_START_SECURITY_LOGOUT, -1, "Cold start security logout");
                    }
                    AuthToken authToken = new AuthToken(keyCloakLoginResponse.access_token, keyCloakLoginResponse.refresh_token, keyCloakLoginResponse.token_type, keyCloakLoginResponse.expires_in.longValue(), System.currentTimeMillis() / 1000);
                    this.c.setToken(authToken);
                    if (!token.getRefreshToken().equals(authToken.getRefreshToken()) || !token.getTokenType().equals(authToken.getTokenType())) {
                        d0.d.a.b(new c(this)).b(d0.d.f0.a.a.a()).c();
                    }
                    return AuthResult.SUCCESSFUL;
                }
                return AuthResult.API_ERROR_KEY_CLOAK;
            } catch (RuntimeException e) {
                e.getLocalizedMessage();
                return AuthResult.NETWORK_ERROR_KEY_CLOAK;
            }
        } finally {
            this.d.writeLock().unlock();
        }
    }

    /* JADX WARN: Removed duplicated region for block: B:5:0x0038 A[RETURN] */
    /* JADX WARN: Removed duplicated region for block: B:7:0x0039  */
    @Override // f.a.r.v.c.d
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public okhttp3.Request a(okhttp3.Request r6) throws com.virginpulse.virginpulseapi.LogoutException {
        /*
            r5 = this;
            java.util.concurrent.locks.ReadWriteLock r0 = r5.d
            java.util.concurrent.locks.Lock r0 = r0.readLock()
            r0.lock()
            com.virginpulse.virginpulseapi.Session r0 = r5.c
            com.virginpulse.virginpulseapi.util.AuthToken r0 = r0.getToken()
            java.util.concurrent.locks.ReadWriteLock r1 = r5.d
            java.util.concurrent.locks.Lock r1 = r1.readLock()
            r1.unlock()
            r1 = 0
            r2 = 0
            if (r0 != 0) goto L1e
        L1c:
            r0 = r2
            goto L36
        L1e:
            boolean r3 = r0.isExpired()
            if (r3 == 0) goto L36
            java.lang.String r0 = r0.getAccessToken()
            com.virginpulse.virginpulseapi.util.AuthResult r0 = r5.a(r0, r1)
            com.virginpulse.virginpulseapi.util.AuthResult r3 = com.virginpulse.virginpulseapi.util.AuthResult.SUCCESSFUL
            if (r0 != r3) goto L1c
            com.virginpulse.virginpulseapi.Session r0 = r5.c
            com.virginpulse.virginpulseapi.util.AuthToken r0 = r0.getToken()
        L36:
            if (r0 != 0) goto L39
            return r2
        L39:
            okhttp3.Request$Builder r6 = r6.newBuilder()
            r3 = 2
            java.lang.Object[] r3 = new java.lang.Object[r3]
            java.lang.String r4 = r0.getTokenType()
            r3[r1] = r4
            r1 = 1
            java.lang.String r0 = r0.getAccessToken()
            r3[r1] = r0
            java.lang.String r0 = "%1$s %2$s"
            java.lang.String r0 = java.lang.String.format(r0, r3)
            java.lang.String r1 = "Authorization"
            r6.header(r1, r0)
            okhttp3.Request r6 = com.newrelic.agent.android.instrumentation.okhttp3.OkHttp3Instrumentation.build(r6)
            boolean r0 = android.text.TextUtils.isEmpty(r2)
            if (r0 != 0) goto L83
            okhttp3.Cookie$Builder r0 = new okhttp3.Cookie$Builder
            r0.<init>()
            java.lang.String r1 = "SessionID"
            r0.name(r1)
            r0.value(r2)
            java.lang.String r1 = "virginpulse.com"
            r0.hostOnlyDomain(r1)
            r0.httpOnly()
            r0.secure()
            okhttp3.Cookie r0 = r0.build()
            okhttp3.Request r6 = f.a.q.q.a(r6, r0)
        L83:
            return r6
        */
        throw new UnsupportedOperationException("Method not decompiled: f.a.r.v.c.e.a(okhttp3.Request):okhttp3.Request");
    }

    @Override // f.a.r.v.c.d
    public boolean a() {
        AuthToken token = this.c.getToken();
        if (token == null) {
            return false;
        }
        this.c.setToken(null);
        try {
            s sVar = this.b;
            return sVar.g.revokeToken(token.getRefreshToken(), sVar.B, sVar.C).b(d0.d.o0.a.c).b().isSuccessful();
        } catch (Exception e) {
            e.getLocalizedMessage();
            return false;
        }
    }

    public final boolean a(String jwtEncoded) {
        Intrinsics.checkNotNullParameter(jwtEncoded, "jwtEncoded");
        List split$default = StringsKt__StringsKt.split$default((CharSequence) jwtEncoded, new String[]{"."}, false, 0, 6, (Object) null);
        if (split$default.size() < 3) {
            throw new JWTInvalidException("JWT is invalid, section count smaller than 2");
        }
        String header = (String) split$default.get(0);
        String jwtEncodedSection = (String) split$default.get(1);
        String signature = (String) split$default.get(2);
        Intrinsics.checkNotNullParameter(header, "header");
        Intrinsics.checkNotNullParameter(jwtEncodedSection, "body");
        Intrinsics.checkNotNullParameter(signature, "signature");
        Intrinsics.checkNotNullParameter(jwtEncodedSection, "jwtEncodedSection");
        byte[] decodedBytes = Base64.decode(jwtEncodedSection, 8);
        Intrinsics.checkNotNullExpressionValue(decodedBytes, "decodedBytes");
        Charset UTF_8 = StandardCharsets.UTF_8;
        Intrinsics.checkNotNullExpressionValue(UTF_8, "UTF_8");
        String jsonString = new String(decodedBytes, UTF_8);
        Intrinsics.checkNotNullParameter(jsonString, "jsonString");
        Object fromJson = GsonInstrumentation.fromJson(new Gson(), jsonString, (Class<Object>) AccessTokenJWTBody.class);
        Intrinsics.checkNotNullExpressionValue(fromJson, "Gson().fromJson(jsonStri…TokenJWTBody::class.java)");
        AccessTokenJWTBody accessTokenJWTBody = (AccessTokenJWTBody) fromJson;
        return accessTokenJWTBody.getColdStartLogout() != null && accessTokenJWTBody.getColdStartLogout().booleanValue();
    }
}
