package com.kartaca.bird.client.sdk.android.security;

import android.support.v4.media.session.PlaybackStateCompat;
import com.fasterxml.jackson.core.util.MinimalPrettyPrinter;
import com.kartaca.bird.client.sdk.android.exception.BirdAuthenticationException;
import com.kartaca.bird.client.sdk.android.exception.BirdInvalidApiCredentialsException;
import com.kartaca.bird.client.sdk.android.support.SimpleDateFormatThreadSafe;
import com.kartaca.bird.commons.security.HmacAuthAlgorithm;
import com.squareup.okhttp.Authenticator;
import com.squareup.okhttp.Challenge;
import com.squareup.okhttp.Request;
import com.squareup.okhttp.RequestBody;
import com.squareup.okhttp.Response;
import java.io.IOException;
import java.net.Proxy;
import java.net.URI;
import java.net.URL;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.util.ArrayList;
import java.util.Date;
import java.util.Iterator;
import java.util.Locale;
import java.util.TimeZone;
import javax.crypto.ShortBufferException;
import okio.Buffer;
import okio.ByteString;
import retrofit.client.Header;
import retrofit.mime.TypedOutput;

/* loaded from: classes.dex */
public class BirdAuthenticator implements Authenticator {
    private static final String AUTHORIZATION = "Authorization";
    private static final String AUTH_SCHEME = "BirdAuth";
    private final BirdCookieHandler cookieHandler;
    private final BirdCredentialsProvider provider;
    private static final SimpleDateFormatThreadSafe DATE_FORMAT = new SimpleDateFormatThreadSafe("yyyy-MM-dd'T'HH:mm:ss.SSS'Z'", Locale.ENGLISH);
    private static final BirdCredentials ANONYMOUS_CREDENTIALS = new BirdCredentials("Anonymous", "Anonymous");

    public BirdAuthenticator(BirdCredentialsProvider birdCredentialsProvider, BirdCookieHandler birdCookieHandler) {
        this.provider = birdCredentialsProvider;
        this.cookieHandler = birdCookieHandler;
    }

    private Request auth(BirdCredentials birdCredentials, HmacAuthAlgorithm hmacAuthAlgorithm, Request request) throws InvalidKeyException, IOException, ShortBufferException, IllegalStateException {
        String format = DATE_FORMAT.format(new Date(System.currentTimeMillis() - TimeZone.getDefault().getOffset(r8)));
        byte[] calculateMac = hmacAuthAlgorithm.calculateMac(birdCredentials.getSecretKey(), birdCredentials.getAccessKey());
        String readSessionKey = this.cookieHandler.readSessionKey(request.uri());
        if (readSessionKey != null) {
            calculateMac = hmacAuthAlgorithm.calculateMac(calculateMac, hmacAuthAlgorithm.calculateDigest(readSessionKey));
        }
        byte[] calculateMac2 = hmacAuthAlgorithm.calculateMac(hmacAuthAlgorithm.calculateMac(calculateMac, hmacAuthAlgorithm.calculateDigest(format)), hmacAuthAlgorithm.calculateDigest(request.method().toUpperCase(Locale.ENGLISH)));
        String rawQuery = request.uri().getRawQuery();
        if (rawQuery != null && rawQuery.length() > 0) {
            calculateMac2 = hmacAuthAlgorithm.calculateMac(calculateMac2, hmacAuthAlgorithm.calculateDigest(rawQuery));
        }
        RequestBody body = request.body();
        if (body != null) {
            Buffer buffer = new Buffer();
            body.writeTo(buffer);
            if (buffer.size() != 0) {
                MessageDigest digest = hmacAuthAlgorithm.digest();
                while (!buffer.exhausted()) {
                    digest.update(buffer.readByteArray(Math.min(PlaybackStateCompat.ACTION_SKIP_TO_QUEUE_ITEM, buffer.size())));
                }
                calculateMac2 = hmacAuthAlgorithm.calculateMac(calculateMac2, digest.digest());
            }
        }
        Request.Builder newBuilder = request.newBuilder();
        newBuilder.addHeader("Authorization", AUTH_SCHEME + " accessKey=\"" + birdCredentials.getAccessKey() + "\", dateTime=\"" + format + "\", signature=\"" + ByteString.of(hmacAuthAlgorithm.magicBytes()).hex() + ByteString.of(calculateMac2).hex() + "\"");
        if (readSessionKey != null) {
            newBuilder.addHeader(BirdCookieHandler.SESSION, readSessionKey);
        }
        return newBuilder.build();
    }

    private retrofit.client.Request authRetrofit(BirdCredentials birdCredentials, HmacAuthAlgorithm hmacAuthAlgorithm, retrofit.client.Request request) throws InvalidKeyException, IOException, ShortBufferException, IllegalStateException {
        String format = DATE_FORMAT.format(new Date(System.currentTimeMillis() - TimeZone.getDefault().getOffset(r10)));
        byte[] calculateMac = hmacAuthAlgorithm.calculateMac(birdCredentials.getSecretKey(), birdCredentials.getAccessKey());
        URI create = URI.create(request.getUrl());
        String readSessionKey = this.cookieHandler.readSessionKey(create);
        if (readSessionKey != null) {
            calculateMac = hmacAuthAlgorithm.calculateMac(calculateMac, hmacAuthAlgorithm.calculateDigest(readSessionKey));
        }
        byte[] calculateMac2 = hmacAuthAlgorithm.calculateMac(hmacAuthAlgorithm.calculateMac(calculateMac, hmacAuthAlgorithm.calculateDigest(format)), hmacAuthAlgorithm.calculateDigest(request.getMethod().toUpperCase(Locale.ENGLISH)));
        String rawQuery = create.getRawQuery();
        if (rawQuery != null && rawQuery.length() > 0) {
            calculateMac2 = hmacAuthAlgorithm.calculateMac(calculateMac2, hmacAuthAlgorithm.calculateDigest(rawQuery));
        }
        TypedOutput body = request.getBody();
        if (body != null && body.length() > 0) {
            Buffer buffer = new Buffer();
            body.writeTo(buffer.outputStream());
            if (buffer.size() != 0) {
                MessageDigest digest = hmacAuthAlgorithm.digest();
                while (!buffer.exhausted()) {
                    digest.update(buffer.readByteArray(Math.min(PlaybackStateCompat.ACTION_SKIP_TO_QUEUE_ITEM, buffer.size())));
                }
                calculateMac2 = hmacAuthAlgorithm.calculateMac(calculateMac2, digest.digest());
            }
            buffer.close();
        }
        ArrayList arrayList = new ArrayList(request.getHeaders());
        arrayList.add(new Header("Authorization", AUTH_SCHEME + " accessKey=\"" + birdCredentials.getAccessKey() + "\", dateTime=\"" + format + "\", signature=\"" + ByteString.of(hmacAuthAlgorithm.magicBytes()).hex() + ByteString.of(calculateMac2).hex() + "\""));
        if (readSessionKey != null) {
            arrayList.add(new Header(BirdCookieHandler.SESSION, readSessionKey));
        }
        return new retrofit.client.Request(request.getMethod(), request.getUrl(), arrayList, request.getBody());
    }

    @Override // com.squareup.okhttp.Authenticator
    public Request authenticate(Proxy proxy, Response response) throws IOException {
        HmacAuthAlgorithm hmacAuthAlgorithm = null;
        for (Challenge challenge : response.challenges()) {
            if (challenge.getScheme().equalsIgnoreCase(AUTH_SCHEME)) {
                hmacAuthAlgorithm = HmacAuthAlgorithm.select(hmacAuthAlgorithm, challenge.getRealm().split(","));
            }
        }
        if (hmacAuthAlgorithm == null) {
            return null;
        }
        if (HmacAuthAlgorithm.UNKNOWN.equals(hmacAuthAlgorithm)) {
            hmacAuthAlgorithm = HmacAuthAlgorithm.mostSecure();
        }
        if (!hmacAuthAlgorithm.isSupportedByPlatform()) {
            throw new UnsupportedOperationException("Signing algorithm not supported by this platform.");
        }
        Request request = response.request();
        BirdCredentials credentials = this.provider.getCredentials(request.url());
        if (credentials == null) {
            credentials = ANONYMOUS_CREDENTIALS;
        }
        Iterator<String> it = request.headers("Authorization").iterator();
        while (it.hasNext()) {
            String trim = it.next().trim();
            if (trim.startsWith(AUTH_SCHEME) && trim.contains("accessKey=\"" + credentials.getAccessKey() + "\"")) {
                String string = response.body() != null ? response.body().string() : "";
                if (response.code() == 401) {
                    throw new BirdInvalidApiCredentialsException("Authentication did not succeed with credentials: " + credentials + " (" + string + ")");
                }
                throw new BirdAuthenticationException("An unexpected error occurred while authenticating with credentials: " + credentials + " (" + response.code() + MinimalPrettyPrinter.DEFAULT_ROOT_VALUE_SEPARATOR + response.message() + " - " + string + ")");
            }
        }
        try {
            return auth(credentials, hmacAuthAlgorithm, request);
        } catch (Throwable th) {
            throw new BirdAuthenticationException("An unexpected error occurred while signing to request.", th);
        }
    }

    @Override // com.squareup.okhttp.Authenticator
    public Request authenticateProxy(Proxy proxy, Response response) throws IOException {
        return authenticate(proxy, response);
    }

    public Request authorizeRequest(Request request) {
        return authorizeRequest(request, HmacAuthAlgorithm.mostSecure());
    }

    public Request authorizeRequest(Request request, HmacAuthAlgorithm hmacAuthAlgorithm) {
        BirdCredentials credentials = this.provider.getCredentials(request.url());
        if (credentials == null) {
            credentials = ANONYMOUS_CREDENTIALS;
        }
        try {
            return auth(credentials, hmacAuthAlgorithm, request);
        } catch (Throwable th) {
            throw new BirdAuthenticationException("An unexpected error occurred while signing to request.", th);
        }
    }

    public retrofit.client.Request authorizeRetrofitRequest(retrofit.client.Request request) {
        return authorizeRetrofitRequest(request, HmacAuthAlgorithm.mostSecure());
    }

    public retrofit.client.Request authorizeRetrofitRequest(retrofit.client.Request request, HmacAuthAlgorithm hmacAuthAlgorithm) {
        try {
            BirdCredentials credentials = this.provider.getCredentials(new URL(request.getUrl()));
            if (credentials == null) {
                credentials = ANONYMOUS_CREDENTIALS;
            }
            return authRetrofit(credentials, hmacAuthAlgorithm, request);
        } catch (Throwable th) {
            throw new BirdAuthenticationException("An unexpected error occurred while signing to request.", th);
        }
    }
}
