package cz.eman.oneconnect.auth.interceptor;

import android.util.Base64;
import androidx.annotation.NonNull;
import androidx.annotation.Nullable;
import androidx.annotation.VisibleForTesting;
import androidx.lifecycle.Observer;
import cz.eman.core.api.plugin.user.auth.configuration.Configuration;
import cz.eman.oneconnect.auth.provider.credentials.IdpCredentialsProvider;
import cz.eman.oneconnect.auth.provider.hosts.IdpHostProvider;
import cz.eman.oneconnect.auth.stage.StageRepository;
import java.io.IOException;
import java.nio.charset.Charset;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import okhttp3.HttpUrl;
import okhttp3.Interceptor;
import okhttp3.Request;
import okhttp3.RequestBody;
import okhttp3.Response;
import okio.Buffer;

/* loaded from: classes2.dex */
public class SsoOauthInterceptor implements Interceptor {
    private static final String HEADER_AUTHORIZATION = "Authorization";

    @VisibleForTesting
    String mClientSecret;

    @VisibleForTesting
    String mUrl;

    public SsoOauthInterceptor(@Nullable StageRepository stageRepository) {
        stageRepository.getStage().observeForever(new Observer() { // from class: cz.eman.oneconnect.auth.interceptor.-$$Lambda$SsoOauthInterceptor$0k3KgP0A1jCdRIh356gMGmGCTVs
            @Override // androidx.lifecycle.Observer
            public final void onChanged(Object obj) {
                SsoOauthInterceptor.this.onStageChanged((Configuration) obj);
            }
        });
    }

    private String getAuthorizationForRequest(String str, String str2) throws Exception {
        Mac mac = Mac.getInstance("HmacSHA256");
        mac.init(new SecretKeySpec(str2.getBytes("UTF-8"), "HmacSHA256"));
        return Base64.encodeToString(mac.doFinal(str.getBytes("UTF-8")), 2);
    }

    private String getHeaderFromValue(String str) {
        return "SharedKey " + str;
    }

    private String getSignature(RequestBody requestBody) throws IOException {
        if (requestBody != null) {
            Buffer buffer = new Buffer();
            requestBody.writeTo(buffer);
            try {
                return getHeaderFromValue(getAuthorizationForRequest(buffer.readString(Charset.forName("UTF-8")), this.mClientSecret));
            } catch (Exception e) {
                e.printStackTrace();
            }
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void onStageChanged(Configuration configuration) {
        this.mUrl = new IdpHostProvider().provide(configuration);
        this.mClientSecret = new IdpCredentialsProvider().getClientSecret(configuration);
    }

    @Override // okhttp3.Interceptor
    @Nullable
    public Response intercept(@NonNull Interceptor.Chain chain) throws IOException {
        Request build;
        HttpUrl interceptUrl = interceptUrl(chain.request().url());
        if (interceptUrl.encodedPath().contains("revoke") || interceptUrl.encodedPath().contains("introspect")) {
            build = chain.request().newBuilder().addHeader(HEADER_AUTHORIZATION, getSignature(chain.request().body())).url(interceptUrl).build();
        } else {
            build = chain.request().newBuilder().url(interceptUrl).build();
        }
        return chain.proceed(build);
    }

    @VisibleForTesting
    HttpUrl interceptUrl(HttpUrl httpUrl) {
        return httpUrl.newBuilder().host(this.mUrl).build();
    }
}
