package org.bitbucket.search.secrets.auth;

import io.atlassian.fugue.Either;
import java.io.IOException;
import java.util.UUID;
import okhttp3.Interceptor;
import okhttp3.MediaType;
import okhttp3.Protocol;
import okhttp3.Request;
import okhttp3.Response;
import okhttp3.ResponseBody;
import org.bitbucket.search.secrets.SecretsService;
import org.bitbucket.search.secrets.auth.internal.Uuids;
import rx.Single;

/* loaded from: input_file:org/bitbucket/search/secrets/auth/TokenInterceptor.class */
public class TokenInterceptor implements Interceptor {
    public static final String TARGET_ACCOUNT = "X-TARGET-ACCOUNT";
    public static final int STATUS_FAILED_DEPENDENCY = 424;
    public static final int STATUS_INVALID_TOKEN = 498;
    public static final int STATUS_TOKEN_REQUIRED = 499;
    public static final int STATUS_UNAUTHORIZED = 401;
    private static final MediaType MEDIA_TYPE = MediaType.parse("text/plain");
    private final SecretsService secretsService;
    private final TokenHelper tokenHelper;
    private final String serviceKey;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/bitbucket/search/secrets/auth/TokenInterceptor$InvalidTokenException.class */
    public static class InvalidTokenException extends RuntimeException {
        InvalidTokenException(String str) {
            super(str);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/bitbucket/search/secrets/auth/TokenInterceptor$SharedSecretUnavailableException.class */
    public static class SharedSecretUnavailableException extends RuntimeException {
        SharedSecretUnavailableException(String str) {
            super(str);
        }
    }

    public TokenInterceptor(TokenHelper tokenHelper, SecretsService secretsService, String str) {
        this.tokenHelper = tokenHelper;
        this.secretsService = secretsService;
        this.serviceKey = str;
    }

    public Response intercept(Interceptor.Chain chain) throws IOException {
        Request request = chain.request();
        String header = request.header(TARGET_ACCOUNT);
        if (header == null) {
            return tokenRequired(request);
        }
        Either consumeSingle = consumeSingle(authenticatedRequest(Uuids.fromBitbucketString(header), request));
        return consumeSingle.isLeft() ? clientError(request, (Exception) consumeSingle.left().get()) : chain.proceed((Request) consumeSingle.right().get());
    }

    private static Response clientError(Request request, Exception exc) {
        Response.Builder defaultResponse = defaultResponse(request);
        if (exc instanceof InvalidTokenException) {
            defaultResponse.code(STATUS_INVALID_TOKEN);
        } else if (exc instanceof SharedSecretUnavailableException) {
            defaultResponse.code(STATUS_FAILED_DEPENDENCY);
        } else {
            defaultResponse.code(STATUS_UNAUTHORIZED);
        }
        return defaultResponse.body(ResponseBody.create(MEDIA_TYPE, String.format("Token required error: %s", exc.getMessage()))).build();
    }

    private static Response.Builder defaultResponse(Request request) {
        return new Response.Builder().protocol(Protocol.HTTP_1_1).request(request);
    }

    private static Response tokenRequired(Request request) {
        return defaultResponse(request).code(STATUS_TOKEN_REQUIRED).build();
    }

    private Single<Request> authenticatedRequest(UUID uuid, Request request) {
        return this.secretsService.getSecret(uuid).flatMap(optional -> {
            return (Single) optional.map((v0) -> {
                return Single.just(v0);
            }).orElseGet(() -> {
                return Single.error(new SharedSecretUnavailableException("No Shared Secret available"));
            });
        }).flatMap(secret -> {
            return (Single) this.tokenHelper.createJwtToken(request.method(), request.url().encodedPath(), secret, this.serviceKey).toOption().map((v0) -> {
                return Single.just(v0);
            }).getOr(() -> {
                return Single.error(new InvalidTokenException("No valid JWT token available"));
            });
        }).map(str -> {
            return request.newBuilder().addHeader("Authorization", "JWT " + str).removeHeader(TARGET_ACCOUNT).build();
        });
    }

    private static <V> Either<Exception, V> consumeSingle(Single<V> single) {
        try {
            return Either.right(single.toBlocking().value());
        } catch (RuntimeException e) {
            return Either.left(e);
        }
    }
}
