package me.id.mobile.service.interceptor;

import android.support.annotation.CheckResult;
import android.support.annotation.NonNull;
import android.support.annotation.VisibleForTesting;
import android.util.Base64;
import com.annimon.stream.Exceptional;
import com.annimon.stream.Stream;
import com.annimon.stream.function.Consumer;
import com.google.gson.Gson;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.util.Arrays;
import java.util.Collection;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import javax.inject.Inject;
import javax.inject.Named;
import me.id.mobile.R;
import me.id.mobile.WalletApplication;
import me.id.mobile.controller.CryptoController;
import me.id.mobile.helper.StringUtils;
import me.id.mobile.helper.crypto.AesCryptoHelper;
import me.id.mobile.model.service.CryptedData;
import me.id.mobile.module.GsonModule;
import okhttp3.Interceptor;
import okhttp3.MediaType;
import okhttp3.Request;
import okhttp3.RequestBody;
import okhttp3.Response;
import okhttp3.ResponseBody;
import okio.Buffer;
import timber.log.Timber;

/* loaded from: classes.dex */
public class CryptInterceptor implements Interceptor {
    private static final int BASE64_FLAGS = 2;
    private static final String CONTENT_LENGTH_HEADER_KEY = "Content-Length";
    private static final String CONTENT_TYPE_HEADER_JSON_VALUE = "application/json";
    private static final String CONTENT_TYPE_HEADER_KEY = "Content-Type";
    private static final MediaType MEDIA_TYPE = MediaType.parse("text/plain; charset=utf-8");
    private static final Collection<String> UNENCRYPTED_ENDPOINTS_PREFIXES = Arrays.asList(WalletApplication.getContext().getString(R.string.url_service) + "public/", WalletApplication.getContext().getString(R.string.url_idp_service));

    @Inject
    CryptoController cryptoController;

    @Inject
    @Named(GsonModule.SERVICE_GSON_NAME)
    Gson gson;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public static class EncryptResponse {
        private final String encryptIvWithData;
        private final IvParameterSpec iv = AesCryptoHelper.getRandomIv();
        private final SecretKeySpec key = AesCryptoHelper.getRandomKey();

        EncryptResponse(String str) throws GeneralSecurityException {
            this.encryptIvWithData = AesCryptoHelper.encrypt(this.iv, this.key, str);
        }

        protected boolean canEqual(Object obj) {
            return obj instanceof EncryptResponse;
        }

        public boolean equals(Object obj) {
            if (obj == this) {
                return true;
            }
            if (!(obj instanceof EncryptResponse)) {
                return false;
            }
            EncryptResponse encryptResponse = (EncryptResponse) obj;
            if (!encryptResponse.canEqual(this)) {
                return false;
            }
            IvParameterSpec iv = getIv();
            IvParameterSpec iv2 = encryptResponse.getIv();
            if (iv != null ? !iv.equals(iv2) : iv2 != null) {
                return false;
            }
            SecretKeySpec key = getKey();
            SecretKeySpec key2 = encryptResponse.getKey();
            if (key != null ? !key.equals(key2) : key2 != null) {
                return false;
            }
            String encryptIvWithData = getEncryptIvWithData();
            String encryptIvWithData2 = encryptResponse.getEncryptIvWithData();
            if (encryptIvWithData == null) {
                if (encryptIvWithData2 == null) {
                    return true;
                }
            } else if (encryptIvWithData.equals(encryptIvWithData2)) {
                return true;
            }
            return false;
        }

        public String getEncryptIvWithData() {
            return this.encryptIvWithData;
        }

        public IvParameterSpec getIv() {
            return this.iv;
        }

        public SecretKeySpec getKey() {
            return this.key;
        }

        public int hashCode() {
            IvParameterSpec iv = getIv();
            int hashCode = iv == null ? 43 : iv.hashCode();
            SecretKeySpec key = getKey();
            int i = (hashCode + 59) * 59;
            int hashCode2 = key == null ? 43 : key.hashCode();
            String encryptIvWithData = getEncryptIvWithData();
            return ((i + hashCode2) * 59) + (encryptIvWithData != null ? encryptIvWithData.hashCode() : 43);
        }

        public String toString() {
            return "CryptInterceptor.EncryptResponse(iv=" + getIv() + ", key=" + getKey() + ", encryptIvWithData=" + getEncryptIvWithData() + ")";
        }
    }

    public CryptInterceptor() {
        WalletApplication.getContext().inject(this);
    }

    @NonNull
    private String decryptBody(String str) throws GeneralSecurityException {
        Consumer<Throwable> consumer;
        CryptedData cryptedData = (CryptedData) this.gson.fromJson(str, CryptedData.class);
        Exceptional<byte[]> decryptWithPrivateKey = this.cryptoController.decryptWithPrivateKey(cryptedData.getEncryptedKey());
        consumer = CryptInterceptor$$Lambda$2.instance;
        return AesCryptoHelper.decrypt((IvParameterSpec) Exceptional.of(CryptInterceptor$$Lambda$3.lambdaFactory$(this, cryptedData)).getOrThrowRuntimeException(), getKey(decryptWithPrivateKey.ifException(consumer).getOrThrow(new SecurityException("The body couldn't be decoded"))), cryptedData.getEncryptedIvWithData());
    }

    @CheckResult
    @NonNull
    private Response decryptResponse(Response response) throws GeneralSecurityException, IOException {
        if (!shouldDecryptResponse(response)) {
            return response;
        }
        String encryptedBody = getEncryptedBody(response);
        if (StringUtils.stringIsNullOrEmpty(encryptedBody)) {
            return response.newBuilder().build();
        }
        return response.newBuilder().body(ResponseBody.create(MEDIA_TYPE, decryptBody(encryptedBody))).build();
    }

    @CheckResult
    @NonNull
    private Request encryptRequest(Request request) throws IOException, GeneralSecurityException {
        RequestBody create = RequestBody.create(MEDIA_TYPE, this.gson.toJson(getEncryptBody(getBodyAsString(request))));
        return request.newBuilder().method(request.method(), create).removeHeader(CONTENT_LENGTH_HEADER_KEY).removeHeader(CONTENT_TYPE_HEADER_KEY).addHeader(CONTENT_LENGTH_HEADER_KEY, Long.toString(create.contentLength())).addHeader(CONTENT_TYPE_HEADER_KEY, CONTENT_TYPE_HEADER_JSON_VALUE).build();
    }

    @NonNull
    private String getBodyAsString(Request request) throws IOException {
        RequestBody body = request.body();
        Buffer buffer = new Buffer();
        body.writeTo(buffer);
        return buffer.readUtf8();
    }

    @NonNull
    private CryptedData getEncryptBody(String str) throws GeneralSecurityException {
        Consumer<Throwable> consumer;
        EncryptResponse encryptResponse = new EncryptResponse(str);
        Exceptional<String> encryptWithServerKey = this.cryptoController.encryptWithServerKey(encryptResponse.getKey().getEncoded());
        consumer = CryptInterceptor$$Lambda$4.instance;
        String orThrow = encryptWithServerKey.ifException(consumer).getOrThrow(new SecurityException("The body couldn't be encrypted"));
        return CryptedData.builder().encryptedIvWithData(encryptResponse.getEncryptIvWithData()).encryptedKey(orThrow).iv(Base64.encodeToString(encryptResponse.getIv().getIV(), 2)).build();
    }

    @CheckResult
    @NonNull
    private String getEncryptedBody(Response response) throws IOException {
        return response.body().string();
    }

    @CheckResult
    @NonNull
    private IvParameterSpec getIv(byte[] bArr) {
        return new IvParameterSpec(bArr);
    }

    private boolean shouldDecryptResponse(Response response) {
        return response.code() >= 200 && response.code() < 300;
    }

    @CheckResult
    private boolean shouldEncryptEndpoint(@NonNull Request request) {
        String httpUrl = request.url().toString();
        Stream of = Stream.of(UNENCRYPTED_ENDPOINTS_PREFIXES);
        httpUrl.getClass();
        return !of.anyMatch(CryptInterceptor$$Lambda$1.lambdaFactory$(httpUrl));
    }

    @VisibleForTesting
    @CheckResult
    @NonNull
    public SecretKeySpec getKey(byte[] bArr) {
        return AesCryptoHelper.getSecretKey(bArr);
    }

    @Override // okhttp3.Interceptor
    public Response intercept(Interceptor.Chain chain) throws IOException {
        Request request = chain.request();
        if (!shouldEncryptEndpoint(request)) {
            return chain.proceed(request);
        }
        try {
            if (request.body() != null) {
                request = encryptRequest(request);
            }
            return decryptResponse(chain.proceed(request));
        } catch (GeneralSecurityException e) {
            Timber.e(e, "The encrypt or decrypt is wrong", new Object[0]);
            throw new SecurityException("The encrypt or decrypt is wrong", e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public /* synthetic */ IvParameterSpec lambda$decryptBody$0(CryptedData cryptedData) throws Throwable {
        return getIv(Base64.decode(cryptedData.getIv().getBytes("UTF-8"), 2));
    }
}
