package com.se.struxureon.server;

import android.annotation.SuppressLint;
import android.content.Context;
import android.net.SSLCertificateSocketFactory;
import android.os.Build;
import android.util.Log;
import com.auth0.android.Auth0Exception;
import com.auth0.android.authentication.AuthenticationAPIClient;
import com.auth0.android.result.Credentials;
import com.bugsee.library.Bugsee;
import com.github.mikephil.charting.BuildConfig;
import com.se.struxureon.events.GatewayEvent;
import com.se.struxureon.helpers.HashHelper;
import com.se.struxureon.helpers.TokenHelper;
import com.se.struxureon.logging.ALogger;
import com.se.struxureon.login.UserCredentials;
import com.se.struxureon.server.auth.AuthFlowHandler;
import com.se.struxureon.server.configuration.BackendType;
import com.se.struxureon.server.configuration.Backends;
import com.se.struxureon.settings.DeviceSettings;
import com.se.struxureon.views.login.MainLoginActivity;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.concurrent.CountDownLatch;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicReference;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import okhttp3.ConnectionSpec;
import okhttp3.Interceptor;
import okhttp3.MediaType;
import okhttp3.OkHttpClient;
import okhttp3.Protocol;
import okhttp3.Request;
import okhttp3.Response;
import okhttp3.ResponseBody;
import okhttp3.TlsVersion;
import okhttp3.logging.HttpLoggingInterceptor;
import okio.Buffer;
import okio.BufferedSource;
import org.greenrobot.eventbus.EventBus;

/* loaded from: classes.dex */
public class HttpClientFactory {
    public static final String AUTH_HEADER = "Authorization";
    public static final String SKIP_OFFLINE_CHECK = "skip-offline-check";
    public static final String USER_AGENT_ANDROID = "StruxureOn/Android/1.0.64b1184";
    public static final String USER_AGENT_ANDROID_IMPERSONATE = "StruxureOn/Impersonate/Android/1.0.64b1184";
    public static final String USER_AGENT_HEADER = "User-Agent";
    private static String impersonateToken;
    private static Boolean gatewayOffline = false;
    private static final AtomicReference<CountDownLatch> refreshReference = new AtomicReference<>();

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Response addAgentHeader(Interceptor.Chain chain) throws IOException {
        return chain.proceed(impersonateToken != null ? chain.request().newBuilder().addHeader(USER_AGENT_HEADER, USER_AGENT_ANDROID_IMPERSONATE).build() : chain.request().newBuilder().addHeader(USER_AGENT_HEADER, USER_AGENT_ANDROID).build());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Response addAuthHeader(UserCredentials userCredentials, Interceptor.Chain chain) throws IOException {
        return (userCredentials == null || userCredentials.getToken() == null) ? createNoneAuthorizedResponse(chain.request()) : chain.proceed(chain.request().newBuilder().addHeader(AUTH_HEADER, createToken(userCredentials)).build());
    }

    private static OkHttpClient.Builder allowSelfSignedCertificates(OkHttpClient.Builder builder) {
        if ("com.schneiderelectric.remoteOn".equalsIgnoreCase("com.schneiderelectric.remoteOn")) {
            throw new RuntimeException("NOT GOOD - Should never be used in prod");
        }
        X509TrustManager x509TrustManager = new X509TrustManager() { // from class: com.se.struxureon.server.HttpClientFactory.1
            @Override // javax.net.ssl.X509TrustManager
            @SuppressLint({"TrustAllX509TrustManager"})
            public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            }

            @Override // javax.net.ssl.X509TrustManager
            @SuppressLint({"TrustAllX509TrustManager"})
            public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            }

            @Override // javax.net.ssl.X509TrustManager
            public X509Certificate[] getAcceptedIssuers() {
                return new X509Certificate[0];
            }
        };
        try {
            SSLContext.getInstance("TLS").init(null, new TrustManager[]{x509TrustManager}, new SecureRandom());
        } catch (GeneralSecurityException e) {
            Log.e("Error", "GeneralSecurityException", e);
        }
        return builder.hostnameVerifier(HttpClientFactory$$Lambda$3.$instance).sslSocketFactory(SSLCertificateSocketFactory.getInsecure(0, null), x509TrustManager);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Response checkGatewayOffline(Interceptor.Chain chain) throws IOException {
        Request request = chain.request();
        Response proceed = chain.proceed(request);
        if (request.header(SKIP_OFFLINE_CHECK) == null || !request.header(SKIP_OFFLINE_CHECK).equals("none")) {
            if (Boolean.parseBoolean(proceed.header("Gateway-Offline", "false"))) {
                gatewayOffline = true;
                EventBus.getDefault().post(new GatewayEvent(GatewayEvent.EventType.GATEWAY_OFFLINE, null));
            } else if (gatewayOffline.booleanValue()) {
                gatewayOffline = false;
                EventBus.getDefault().post(new GatewayEvent(GatewayEvent.EventType.GATEWAY_ONLINE, null));
            }
        }
        return proceed;
    }

    public static OkHttpClient createAuth0Client() {
        OkHttpClient.Builder connectionSpecs = new OkHttpClient.Builder().readTimeout(2L, TimeUnit.MINUTES).connectTimeout(1L, TimeUnit.MINUTES).connectionSpecs(Collections.singletonList(new ConnectionSpec.Builder(ConnectionSpec.MODERN_TLS).tlsVersions(TlsVersion.SSL_3_0, TlsVersion.TLS_1_0, TlsVersion.TLS_1_1, TlsVersion.TLS_1_2).build()));
        fixSSLForOldAndroids(connectionSpecs);
        return ALogger.isBugseeEnabled() ? Bugsee.addNetworkLoggingToOkHttpBuilder(connectionSpecs).build() : connectionSpecs.build();
    }

    public static OkHttpClient createClient(BackendType backendType, Context context, Interceptor interceptor) {
        return createClient(backendType, context, interceptor, false);
    }

    public static OkHttpClient createClient(BackendType backendType, final Context context, Interceptor interceptor, boolean z) {
        new HttpLoggingInterceptor().setLevel(HttpLoggingInterceptor.Level.BODY);
        if (interceptor == null) {
            interceptor = new Interceptor(context) { // from class: com.se.struxureon.server.HttpClientFactory$$Lambda$0
                private final Context arg$1;

                /* JADX INFO: Access modifiers changed from: package-private */
                {
                    this.arg$1 = context;
                }

                @Override // okhttp3.Interceptor
                public Response intercept(Interceptor.Chain chain) {
                    return HttpClientFactory.lambda$createClient$0$HttpClientFactory(this.arg$1, chain);
                }
            };
        }
        OkHttpClient.Builder connectionSpecs = new OkHttpClient.Builder().readTimeout(2L, TimeUnit.MINUTES).connectTimeout(1L, TimeUnit.MINUTES).connectionSpecs(Collections.singletonList(new ConnectionSpec.Builder(ConnectionSpec.MODERN_TLS).tlsVersions(TlsVersion.SSL_3_0, TlsVersion.TLS_1_0, TlsVersion.TLS_1_1, TlsVersion.TLS_1_2).build()));
        if (BackendType.Local.equals(backendType)) {
            connectionSpecs = allowSelfSignedCertificates(connectionSpecs);
        }
        connectionSpecs.addInterceptor(HttpClientFactory$$Lambda$1.$instance);
        connectionSpecs.addInterceptor(interceptor);
        connectionSpecs.addInterceptor(HttpClientFactory$$Lambda$2.$instance);
        fixSSLForOldAndroids(connectionSpecs);
        return z ? Bugsee.addNetworkLoggingToOkHttpBuilder(connectionSpecs).build() : connectionSpecs.build();
    }

    private static Response createNoneAuthorizedResponse(Request request) {
        return new Response.Builder().request(request).body(new ResponseBody() { // from class: com.se.struxureon.server.HttpClientFactory.2
            @Override // okhttp3.ResponseBody
            public long contentLength() {
                return 0L;
            }

            @Override // okhttp3.ResponseBody
            public MediaType contentType() {
                return MediaType.parse("no-content");
            }

            @Override // okhttp3.ResponseBody
            public BufferedSource source() {
                return new Buffer();
            }
        }).protocol(Protocol.HTTP_1_0).code(AuthFlowHandler.HTTP_UNAUTHORIZED_CODE).build();
    }

    public static String createToken(UserCredentials userCredentials) {
        return "Bearer " + userCredentials.getToken();
    }

    private static void fixSSLForOldAndroids(OkHttpClient.Builder builder) {
        if (Build.VERSION.SDK_INT < 21) {
            try {
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                trustManagerFactory.init((KeyStore) null);
                TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
                X509TrustManager x509TrustManager = null;
                if (trustManagers != null && trustManagers.length > 0) {
                    x509TrustManager = (X509TrustManager) trustManagers[0];
                }
                if (x509TrustManager != null) {
                    builder.sslSocketFactory(new TLSSocketFactory(), x509TrustManager);
                } else {
                    ALogger.e("SSL", "broken android SSL");
                }
            } catch (KeyManagementException | KeyStoreException | NoSuchAlgorithmException e) {
                ALogger.e("SSL", "This Android does not support TLS 1.2, we are unable to work with the backend.");
                throw new RuntimeException("This Android does not support TLS 1.2, we are unable to work with the backend.");
            }
        }
    }

    public static String getImpersonateToken() {
        return impersonateToken;
    }

    static Response impersonate(String str, Interceptor.Chain chain) throws IOException {
        return chain.proceed(chain.request().newBuilder().addHeader(AUTH_HEADER, "Bearer " + str).build());
    }

    public static void impersonate(String str) {
        impersonateToken = str;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static final /* synthetic */ boolean lambda$allowSelfSignedCertificates$1$HttpClientFactory(String str, SSLSession sSLSession) {
        return true;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static final /* synthetic */ Response lambda$createClient$0$HttpClientFactory(Context context, Interceptor.Chain chain) throws IOException {
        UserCredentials userCredentials = DeviceSettings.getInstance(context).getUserCredentials();
        if (impersonateToken != null) {
            if ("GET".equalsIgnoreCase(chain.request().method())) {
                return impersonate(impersonateToken, chain);
            }
            throw new IOException("READ_ONLY_SESSION");
        }
        if (chain.request().header(AUTH_HEADER) != null && chain.request().header(AUTH_HEADER).equals("none")) {
            return chain.proceed(chain.request());
        }
        if (userCredentials != null && (userCredentials.getToken().isEmpty() || TokenHelper.tokenHasExpired(userCredentials.getToken()))) {
            if (refreshReference.compareAndSet(null, new CountDownLatch(1))) {
                Credentials credentials = null;
                String str = BuildConfig.FLAVOR;
                String str2 = BuildConfig.FLAVOR;
                Request request = chain.request();
                if (request != null && request.url() != null) {
                    str2 = request.url().toString();
                }
                try {
                    credentials = refreshToken(context, userCredentials, str2);
                } catch (Auth0Exception e) {
                    str = " exception: " + e.getMessage();
                }
                if (credentials != null) {
                    userCredentials.setToken(credentials.getAccessToken());
                    DeviceSettings.getInstance(context).setUserCredentials(userCredentials);
                } else {
                    ALogger.bug("Failed to refresh token", "userId: " + (userCredentials.getToken().isEmpty() ? BuildConfig.FLAVOR : TokenHelper.getUserId(userCredentials.getToken())) + " refreshHash: " + (userCredentials.getRefreshToken() == null ? BuildConfig.FLAVOR : HashHelper.sha256(userCredentials.getRefreshToken())) + " exception: " + str + " url: " + str2);
                    UnauthorizedService.getInstance().handleUnauthorized(context);
                    userCredentials = DeviceSettings.getInstance(context).getUserCredentials();
                }
                refreshReference.get().countDown();
                refreshReference.set(null);
            } else {
                try {
                    refreshReference.get().await();
                    userCredentials = DeviceSettings.getInstance(context).getUserCredentials();
                } catch (InterruptedException e2) {
                    ALogger.exception(e2);
                }
            }
        }
        return addAuthHeader(userCredentials, chain);
    }

    private static Credentials refreshToken(Context context, UserCredentials userCredentials, String str) throws Auth0Exception {
        try {
            return new AuthenticationAPIClient(Backends.getSelectedStaticEnvironment(context).getAuth0()).renewAuth(userCredentials.getRefreshToken()).addParameter("scope", MainLoginActivity.RENEW_SCOPE).execute();
        } catch (Auth0Exception e) {
            ALogger.exception(e);
            return null;
        }
    }
}
