package com.nayapay.common.api;

import com.facebook.stetho.server.http.HttpHeaders;
import com.nayapay.common.MyBase64$Encoder;
import com.nayapay.common.NayaPayApplication;
import com.nayapay.common.NayaPaySecurityHelper;
import com.nayapay.common.api.UserInfoService;
import com.nayapay.common.api.exceptions.ConnectivityErrorException;
import com.nayapay.common.api.exceptions.UnsecureConnectionException;
import com.nayapay.common.utils.CommonSharedPrefUtils;
import com.nayapay.common.webservice.TokenService;
import java.io.IOException;
import java.net.SocketTimeoutException;
import java.security.PublicKey;
import java.util.List;
import java.util.Objects;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.net.ssl.SSLPeerUnverifiedException;
import kotlin.Lazy;
import kotlin.LazyKt__LazyJVMKt;
import kotlin.Metadata;
import kotlin.Pair;
import kotlin.jvm.functions.Function0;
import kotlin.jvm.internal.Intrinsics;
import okhttp3.Headers;
import okhttp3.Interceptor;
import okhttp3.MediaType;
import okhttp3.MultipartBody;
import okhttp3.Request;
import okhttp3.RequestBody;
import okhttp3.RequestBody$Companion$toRequestBody$2;
import okhttp3.Response;
import okio.Buffer;
import org.jivesoftware.smack.sasl.packet.SaslStreamElements;
import org.jivesoftware.smackx.omemo.util.OmemoConstants;
import timber.log.Timber;

@Metadata(d1 = {"\u0000@\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0010\u000e\n\u0002\b\u0005\n\u0002\u0010\u000b\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0003\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0004\n\u0002\u0010\u0002\n\u0002\b\u0003\u0018\u0000 \u001c2\u00020\u0001:\u0001\u001cB\u0005¢\u0006\u0002\u0010\u0002J\u0010\u0010\u000e\u001a\u00020\u000f2\u0006\u0010\u0010\u001a\u00020\u000fH\u0002J\u0010\u0010\u0011\u001a\u00020\u000f2\u0006\u0010\u0012\u001a\u00020\u0013H\u0016J\u001a\u0010\u0014\u001a\u00020\u00152\u0006\u0010\u0016\u001a\u00020\u00152\b\u0010\u0003\u001a\u0004\u0018\u00010\u0004H\u0002J \u0010\u0017\u001a\u00020\u000f2\u0006\u0010\u0018\u001a\u00020\u00042\u0006\u0010\u0016\u001a\u00020\u00152\u0006\u0010\u0012\u001a\u00020\u0013H\u0002J\u0010\u0010\u0019\u001a\u00020\u001a2\b\u0010\u0003\u001a\u0004\u0018\u00010\u0004J\u000e\u0010\u001b\u001a\u00020\u001a2\u0006\u0010\u000b\u001a\u00020\fR\u0010\u0010\u0003\u001a\u0004\u0018\u00010\u0004X\u0082\u000e¢\u0006\u0002\n\u0000R\u001b\u0010\u0005\u001a\u00020\u00068BX\u0082\u0084\u0002¢\u0006\f\n\u0004\b\t\u0010\n\u001a\u0004\b\u0007\u0010\bR\u000e\u0010\u000b\u001a\u00020\fX\u0082\u000e¢\u0006\u0002\n\u0000R\u0010\u0010\r\u001a\u0004\u0018\u00010\u0004X\u0082\u000e¢\u0006\u0002\n\u0000¨\u0006\u001d"}, d2 = {"Lcom/nayapay/common/api/SecureCommInterceptor;", "Lokhttp3/Interceptor;", "()V", "accessToken", "Lcom/nayapay/common/api/AccessToken;", "appVersion", "", "getAppVersion", "()Ljava/lang/String;", "appVersion$delegate", "Lkotlin/Lazy;", "encrypt", "", "renewedAccessToken", "decryptResponseIfRequired", "Lokhttp3/Response;", SaslStreamElements.Response.ELEMENT, "intercept", "chain", "Lokhttp3/Interceptor$Chain;", "newEncryptedRequest", "Lokhttp3/Request;", "request", "renewAccessTokenThenRetryRequest", "expiredToken", "setAccessToken", "", "setEncryptionEnabled", "Companion", "common_prodRelease"}, k = 1, mv = {1, 5, 1}, xi = 48)
/* loaded from: classes6.dex */
public final class SecureCommInterceptor implements Interceptor {
    public static final String HTTP_ENC_KEY_ALIAS = "NPRequestEncAlias";
    public static final String SERVER_IDENTIFIER = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxPUMCYQQD+9d5vy64oLLbpeWVkrkuiWUIE2Jsw0yE/I7kYFwwYW2UGWfGDue6dM/CPIiIgJz0DB9hngTWnKJzExQul/ou4SCoh3f3gEiOL9avWTTpnPx4QpkP26mKR1s3AYwjXOKIXkMBP94rvx1HoEo0QsEGvUfGypIsqlnVk3ouQ1OwfHtMYxBYG7pmKIKgMBsPCZz5/qOCQtYDcaVT0vtDMQJcV7ZKeN9Clm/dMEgNe7TCeJgB1axkNdmPCXTlpUpKZCBd70fNrTA/HZtUfbDhohtlDzSzJ3bqmimKgdt9T0zN36/H2/Ykab0YtoPCgK7Tmay9Ap/T3wzZF4r/QIDAQAB";
    public static final String SERVER_IDENTIFIER_DEV = "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx+NNpuZ/DYOZ7T+SfDD2WEqyKcdNiPaRqWvmOOvvS2MFM64qT5IUyXEGrnVnDgdjrms04V/6JWvMstBgxzjK0aXLO/gpdsXdFjAIMHpPXyi1ExZ3Z61Ud7j7rzXHJEQJ3pJiWH/CtnWEF4/66nPG/KzFAqIXDztHMgc7K4C9pS1cHVI1gFqO8WmuuAmM/FQ4uzv2zwzeykx6B7MCom7t9q/At7mxzVevhoLl0qUqMagU9sgDw34dTEWEzQJbSo23z2o1q1SBbbw+ybQ5su/y+Q9uLSwLJTwxwG2N4XWjXPePrCfxZVfG7r0knf2p9anwKL22pT3gK+cVXtlHmRm6MQIDAQAB";
    private AccessToken accessToken;
    private AccessToken renewedAccessToken;
    private boolean encrypt = true;

    /* renamed from: appVersion$delegate, reason: from kotlin metadata */
    private final Lazy appVersion = LazyKt__LazyJVMKt.lazy(new Function0<String>() { // from class: com.nayapay.common.api.SecureCommInterceptor$appVersion$2
        @Override // kotlin.jvm.functions.Function0
        public final String invoke() {
            StringBuilder sb = new StringBuilder();
            NayaPayApplication.Companion companion = NayaPayApplication.INSTANCE;
            Pair versionInfo = companion.getInstance().getVersionInfo();
            sb.append((Object) (versionInfo == null ? null : (String) versionInfo.getFirst()));
            sb.append(" (");
            Pair versionInfo2 = companion.getInstance().getVersionInfo();
            sb.append(versionInfo2 != null ? (Integer) versionInfo2.getSecond() : null);
            sb.append(')');
            return sb.toString();
        }
    });

    /* JADX WARN: Removed duplicated region for block: B:23:0x0097  */
    /* JADX WARN: Removed duplicated region for block: B:54:0x0154  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private final okhttp3.Response decryptResponseIfRequired(okhttp3.Response r24) {
        /*
            Method dump skipped, instructions count: 347
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.nayapay.common.api.SecureCommInterceptor.decryptResponseIfRequired(okhttp3.Response):okhttp3.Response");
    }

    private final String getAppVersion() {
        return (String) this.appVersion.getValue();
    }

    private final Request newEncryptedRequest(Request request, AccessToken accessToken) {
        String encodeToString;
        RequestBody create;
        List<MultipartBody.Part> list;
        Headers build;
        Objects.requireNonNull(request);
        Request.Builder builder = new Request.Builder(request);
        CommonSharedPrefUtils commonSharedPrefUtils = CommonSharedPrefUtils.INSTANCE;
        String fcmToken = CommonSharedPrefUtils.getFcmToken();
        if (fcmToken == null) {
            fcmToken = "";
        }
        builder.header("deviceToken", fcmToken);
        builder.header("appVersion", getAppVersion());
        if (accessToken != null) {
            builder.header("Authorization", accessToken.getTokenType() + ' ' + accessToken.getAccessToken());
        }
        if (this.encrypt && request.body != null) {
            NayaPaySecurityHelper nayaPaySecurityHelper = NayaPaySecurityHelper.INSTANCE;
            PublicKey publicKey = nayaPaySecurityHelper.getPublicKey(HTTP_ENC_KEY_ALIAS);
            MyBase64$Encoder myBase64$Encoder = MyBase64$Encoder.RFC4648;
            String encodeToString2 = myBase64$Encoder.encodeToString(publicKey == null ? null : publicKey.getEncoded());
            KeyGenerator keyGenerator = KeyGenerator.getInstance(OmemoConstants.Crypto.KEYTYPE);
            keyGenerator.init(256);
            SecretKey generateKey = keyGenerator.generateKey();
            Intrinsics.checkNotNullExpressionValue(generateKey, "keygen.generateKey()");
            PublicKey publicKey2 = nayaPaySecurityHelper.decodePublicKey(SERVER_IDENTIFIER);
            if (publicKey2 == null) {
                encodeToString = null;
            } else {
                byte[] byteArray = generateKey.getEncoded();
                Intrinsics.checkNotNullExpressionValue(byteArray, "symmetricKey.encoded");
                Intrinsics.checkNotNullParameter(byteArray, "byteArray");
                Intrinsics.checkNotNullParameter(publicKey2, "publicKey");
                Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
                cipher.init(1, publicKey2);
                encodeToString = myBase64$Encoder.encodeToString(cipher.doFinal(byteArray));
                Intrinsics.checkNotNullExpressionValue(encodeToString, "getEncoder().encodeToString(cipher.doFinal(byteArray))");
            }
            if (encodeToString == null) {
                encodeToString = "";
            }
            builder.header("Server-Token", encodeToString);
            builder.header("Client-Token", encodeToString2);
            RequestBody requestBody = request.body;
            Intrinsics.checkNotNull(requestBody);
            MediaType contentType = requestBody.contentType();
            if (Intrinsics.areEqual(contentType == null ? null : contentType.subtype, "form-data")) {
                MultipartBody.Builder builder2 = new MultipartBody.Builder(null, 1);
                builder2.setType(MultipartBody.FORM);
                MultipartBody multipartBody = (MultipartBody) request.body;
                if (multipartBody != null && (list = multipartBody.parts) != null) {
                    for (MultipartBody.Part part : list) {
                        Buffer buffer = new Buffer();
                        part.body.writeTo(buffer);
                        byte[] readByteArray = buffer.readByteArray();
                        buffer.skip(buffer.size);
                        Pair encryptWithAESGCM = NayaPaySecurityHelper.INSTANCE.encryptWithAESGCM(readByteArray, generateKey);
                        String str = (String) encryptWithAESGCM.getSecond();
                        if (str == null) {
                            str = "";
                        }
                        String str2 = (String) encryptWithAESGCM.getFirst();
                        if (str2 != null) {
                            RequestBody create2 = RequestBody.Companion.create(str2, part.body.contentType());
                            Headers headers = part.headers;
                            if (headers == null) {
                                build = null;
                            } else {
                                Headers.Builder newBuilder = headers.newBuilder();
                                newBuilder.add("Server-Token-Key", str);
                                build = newBuilder.build();
                            }
                            builder2.addPart(build, create2);
                        }
                    }
                }
                builder.method(request.method, builder2.build());
            } else {
                Buffer buffer2 = new Buffer();
                RequestBody requestBody2 = request.body;
                Intrinsics.checkNotNull(requestBody2);
                requestBody2.writeTo(buffer2);
                byte[] readByteArray2 = buffer2.readByteArray();
                buffer2.skip(buffer2.size);
                Pair encryptWithAESGCM2 = nayaPaySecurityHelper.encryptWithAESGCM(readByteArray2, generateKey);
                String str3 = (String) encryptWithAESGCM2.getFirst();
                if (str3 == null) {
                    create = null;
                } else {
                    RequestBody.Companion companion = RequestBody.Companion;
                    RequestBody requestBody3 = request.body;
                    Intrinsics.checkNotNull(requestBody3);
                    create = companion.create(str3, requestBody3.contentType());
                }
                String str4 = (String) encryptWithAESGCM2.getSecond();
                builder.header("Server-Token-Key", str4 != null ? str4 : "");
                builder.header(HttpHeaders.CONTENT_LENGTH, String.valueOf(create != null ? Long.valueOf(((RequestBody$Companion$toRequestBody$2) create).$byteCount) : null));
                builder.method(request.method, create);
            }
        }
        return builder.build();
    }

    private final synchronized Response renewAccessTokenThenRetryRequest(AccessToken expiredToken, Request request, Interceptor.Chain chain) {
        Response raw;
        AccessToken accessToken = this.renewedAccessToken;
        if (accessToken != null) {
            Intrinsics.checkNotNull(accessToken);
            if (!Intrinsics.areEqual(accessToken.getAccessToken(), expiredToken.getAccessToken())) {
                AccessToken accessToken2 = this.renewedAccessToken;
                Intrinsics.checkNotNull(accessToken2);
                return chain.proceed(newEncryptedRequest(request, accessToken2));
            }
        }
        ServiceGenerator serviceGenerator = ServiceGenerator.INSTANCE;
        retrofit2.Response<AccessToken> execute = ((TokenService) serviceGenerator.createBasicAuthService(TokenService.class)).getAccessTokenByRefreshToken(expiredToken.getRefreshToken()).execute();
        if (!execute.isSuccessful() || execute.body() == null) {
            raw = execute.raw();
            Intrinsics.checkNotNullExpressionValue(raw, "{\n            tokenRenewResponse.raw()\n        }");
        } else {
            AccessToken body = execute.body();
            Intrinsics.checkNotNull(body);
            Intrinsics.checkNotNullExpressionValue(body, "tokenRenewResponse.body()!!");
            AccessToken accessToken3 = body;
            retrofit2.Response execute2 = UserInfoService.DefaultImpls.getUserInfo$default((UserInfoService) ServiceGenerator.createService$default(serviceGenerator, UserInfoService.class, accessToken3, false, 4, null), 0L, 1, null).execute();
            if (!execute2.isSuccessful() || execute2.body() == null) {
                raw = execute2.raw();
            } else {
                this.renewedAccessToken = accessToken3;
                CommonSharedPrefUtils commonSharedPrefUtils = CommonSharedPrefUtils.INSTANCE;
                Object body2 = execute2.body();
                Intrinsics.checkNotNull(body2);
                CommonSharedPrefUtils.saveUserInfo((UserInfo) ((ApiResponse) body2).getData());
                CommonSharedPrefUtils.saveUserAccessToken(accessToken3);
                raw = chain.proceed(newEncryptedRequest(request, accessToken3));
            }
            Intrinsics.checkNotNullExpressionValue(raw, "{\n            val newAccessToken = tokenRenewResponse.body()!!\n\n            val userInfoResponse = ServiceGenerator\n                .createService(UserInfoService::class.java, newAccessToken).getUserInfo().execute()\n\n            if (userInfoResponse.isSuccessful && userInfoResponse.body() != null) {\n                renewedAccessToken = newAccessToken\n                CommonSharedPrefUtils.saveUserInfo(userInfoResponse.body()!!.data)\n                CommonSharedPrefUtils.saveUserAccessToken(newAccessToken)\n                chain.proceed(newEncryptedRequest(request, newAccessToken))\n\n            } else\n                userInfoResponse.raw()\n\n        }");
        }
        return raw;
    }

    @Override // okhttp3.Interceptor
    public Response intercept(Interceptor.Chain chain) throws IOException {
        Response renewAccessTokenThenRetryRequest;
        Intrinsics.checkNotNullParameter(chain, "chain");
        try {
            Request newEncryptedRequest = newEncryptedRequest(chain.request(), this.accessToken);
            Response proceed = chain.proceed(newEncryptedRequest);
            if (proceed.code == 401) {
                AccessToken accessToken = this.accessToken;
                if (Intrinsics.areEqual(accessToken == null ? null : accessToken.getTokenType(), "bearer")) {
                    synchronized (this) {
                        AccessToken accessToken2 = this.accessToken;
                        Intrinsics.checkNotNull(accessToken2);
                        renewAccessTokenThenRetryRequest = renewAccessTokenThenRetryRequest(accessToken2, newEncryptedRequest, chain);
                    }
                    return renewAccessTokenThenRetryRequest;
                }
            }
            return decryptResponseIfRequired(proceed);
        } catch (SocketTimeoutException e) {
            Timber.TREE_OF_SOULS.e(e, "API call timed out.", new Object[0]);
            throw new ConnectivityErrorException();
        } catch (SSLPeerUnverifiedException e2) {
            Timber.TREE_OF_SOULS.e(e2, "Server certificate could not be verified.", new Object[0]);
            throw new UnsecureConnectionException();
        } catch (IOException e3) {
            Timber.TREE_OF_SOULS.e(e3, "IO exception.", new Object[0]);
            throw new ConnectivityErrorException();
        }
    }

    public final void setAccessToken(AccessToken accessToken) {
        this.accessToken = accessToken;
    }

    public final void setEncryptionEnabled(boolean encrypt) {
        this.encrypt = encrypt;
    }
}
