package me.digi.sdk.core.internal;

import android.support.annotation.NonNull;
import android.text.TextUtils;
import com.google.gson.Gson;
import com.google.gson.JsonElement;
import com.google.gson.internal.LinkedTreeMap;
import com.google.gson.stream.JsonReader;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import me.digi.sdk.core.config.ApiConfig;
import me.digi.sdk.core.entities.ErrorResponse;
import me.digi.sdk.crypto.CACryptoProvider;
import me.digi.sdk.crypto.CAKeyStore;
import me.digi.sdk.crypto.DGMCryptoFailureException;
import me.digi.sdk.crypto.FailureCause;
import okhttp3.HttpUrl;
import okhttp3.Interceptor;
import okhttp3.MediaType;
import okhttp3.Response;
import okhttp3.ResponseBody;

/* loaded from: classes.dex */
public class CAContentCryptoInterceptor implements Interceptor {
    private static final String CONTENT_KEY = "fileContent";
    private boolean cryptoInitialized;
    private CACryptoProvider cryptoProvider;
    private final Gson gson = new Gson();

    /* loaded from: classes.dex */
    private static class EncryptedPaths {
        private static final String ACCOUNT_FILE = "accounts.json";
        private static final String ANY_MATCHER = "_any_";
        private static final String[] whitelist = {"v1/permission-access/query/_any_/_any_"};
        private static final ApiConfig thisApi = ApiConfig.get();

        private EncryptedPaths() {
        }

        static boolean isAccountsPath(HttpUrl httpUrl) {
            return httpUrl.pathSegments().get(r0.size() - 1).endsWith(ACCOUNT_FILE);
        }

        static boolean shouldDecrypt(HttpUrl httpUrl) {
            boolean z = false;
            for (String str : whitelist) {
                HttpUrl parse = HttpUrl.parse(thisApi.getUrl() + str);
                if (parse != null && parse.pathSegments().size() == httpUrl.pathSegments().size()) {
                    for (int i = 0; i < httpUrl.pathSegments().size(); i++) {
                        String str2 = parse.pathSegments().get(i);
                        z = str2.equals(ANY_MATCHER) || str2.equals(httpUrl.pathSegments().get(i));
                        if (!z) {
                            break;
                        }
                    }
                    if (z) {
                        break;
                    }
                }
            }
            return z;
        }
    }

    public CAContentCryptoInterceptor(CAKeyStore cAKeyStore) {
        this.cryptoInitialized = !cAKeyStore.isEmpty();
        this.cryptoProvider = new CACryptoProvider(cAKeyStore);
    }

    private String extractEncryptedString(LinkedTreeMap<String, Object> linkedTreeMap, boolean z) throws DGMCryptoFailureException {
        try {
            String decryptStream = this.cryptoProvider.decryptStream(new ByteArrayInputStream(((String) linkedTreeMap.get(CONTENT_KEY)).getBytes("UTF-8")));
            if (TextUtils.isEmpty(decryptStream)) {
                return null;
            }
            if (z) {
                return decryptStream;
            }
            try {
                linkedTreeMap.put(CONTENT_KEY, this.gson.fromJson(decryptStream, JsonElement.class));
                return this.gson.toJson(linkedTreeMap);
            } catch (Exception e) {
                return null;
            }
        } catch (IOException | NullPointerException | DGMCryptoFailureException e2) {
            throw new DGMCryptoFailureException(FailureCause.RSA_DECRYPTION_FAILURE);
        }
    }

    private LinkedTreeMap<String, Object> extractFileContent(InputStream inputStream) {
        return (LinkedTreeMap) this.gson.fromJson(new JsonReader(new InputStreamReader(inputStream)), Object.class);
    }

    private boolean isEncryptedField(LinkedTreeMap linkedTreeMap) {
        return linkedTreeMap.get(CONTENT_KEY) != null && (linkedTreeMap.get(CONTENT_KEY) instanceof String);
    }

    private Response mapError(@NonNull String str, @NonNull String str2, int i, @NonNull Response response) {
        if (i < 400) {
            return response;
        }
        return response.newBuilder().code(i).message(str).body(ResponseBody.create(MediaType.parse("application/json"), this.gson.toJson(new ErrorResponse(str, str2, "", i), ErrorResponse.class))).header("Content-Type", "application/json").build();
    }

    @Override // okhttp3.Interceptor
    public Response intercept(Interceptor.Chain chain) throws IOException {
        Response proceed = chain.proceed(chain.request());
        if (!proceed.isSuccessful() || !EncryptedPaths.shouldDecrypt(chain.request().url()) || proceed.body() == null || !this.cryptoInitialized) {
            return proceed;
        }
        LinkedTreeMap<String, Object> extractFileContent = extractFileContent(proceed.peekBody(proceed.body().contentLength()).byteStream());
        if (!isEncryptedField(extractFileContent)) {
            return proceed;
        }
        try {
            String extractEncryptedString = extractEncryptedString(extractFileContent, EncryptedPaths.isAccountsPath(proceed.request().url()));
            if (extractEncryptedString == null) {
                return proceed;
            }
            String header = proceed.header("Content-Type");
            if (TextUtils.isEmpty(header)) {
                header = "application/json";
            }
            return proceed.newBuilder().body(ResponseBody.create(MediaType.parse(header), extractEncryptedString)).build();
        } catch (DGMCryptoFailureException e) {
            return mapError("Decryption failure", "Failed to decrypt content", 411, proceed);
        }
    }
}
