package de.vwag.carnet.oldapp.backend;

import de.vwag.carnet.oldapp.backend.BackendCredentials;
import de.vwag.carnet.oldapp.backend.model.AuthError;
import de.vwag.carnet.oldapp.backend.model.BackendResponse;
import de.vwag.carnet.oldapp.backend.model.Token;
import de.vwag.carnet.oldapp.backend.result.TokenResult;
import de.vwag.carnet.oldapp.log.DebugLogManager;
import de.vwag.carnet.oldapp.log.model.LogObjectData;
import de.vwag.carnet.oldapp.security.CryptoUtils;
import de.vwag.carnet.oldapp.state.SessionContext;
import de.vwag.carnet.oldapp.state.model.User;
import de.vwag.carnet.oldapp.utils.L;
import okhttp3.OkHttpClient;
import retrofit2.Retrofit;
import retrofit2.converter.gson.GsonConverterFactory;

/* loaded from: classes4.dex */
public class AuthTokenManager extends ServiceBase {
    private static final String GRANT_TYPE_PASSWORD = "password";
    private final DebugLogManager debugLogManager;
    private final SessionContext sessionContext;
    private Token token;
    private final OkHttpClient unauthorizedRetrofitClient;

    public AuthTokenManager(OkHttpClient okHttpClient, SessionContext sessionContext, DebugLogManager debugLogManager, CancelJobsContext cancelJobsContext) {
        super(cancelJobsContext);
        this.sessionContext = sessionContext;
        this.debugLogManager = debugLogManager;
        this.unauthorizedRetrofitClient = okHttpClient;
    }

    private LoginRestApi createLoginRestApi(String str) {
        return (LoginRestApi) new Retrofit.Builder().client(this.unauthorizedRetrofitClient).baseUrl(str).addConverterFactory(GsonConverterFactory.create()).build().create(LoginRestApi.class);
    }

    private BackendResponse<Token> requestAuthorizationToken(BackendCredentials backendCredentials) {
        String email = backendCredentials.getEmail();
        String password = backendCredentials.getPassword();
        L.d("Request new authorization token for user '%s'", email);
        this.debugLogManager.logNewAction("REQUEST_AUTH_TOKEN", LogObjectData.Interface.SERVER);
        BackendResponse<Token> call = call(createLoginRestApi(backendCredentials.getBaseUrl()).getAuthorizationToken(GRANT_TYPE_PASSWORD, email, password));
        if (call.isSuccessful()) {
            this.debugLogManager.updateLogStatus(LogObjectData.State.SUCCESS);
        } else {
            this.debugLogManager.updateLogStatus(LogObjectData.State.ERROR);
        }
        return call;
    }

    public synchronized void clearToken() {
        this.token = null;
    }

    public synchronized Token getToken() throws TokenRefreshException {
        if (this.token == null || this.token.isExpired()) {
            L.d("Current token is expired or null", new Object[0]);
            User currentUser = this.sessionContext.getCurrentUser();
            if (currentUser == null) {
                L.w("Could not request new token. No current user known.", new Object[0]);
                throw new TokenRefreshException(AuthError.NO_USER_ERROR);
            }
            String decryptPassword = CryptoUtils.decryptPassword(currentUser.getEncryptedPassword());
            if (decryptPassword == null) {
                L.w("Password of current user not known", new Object[0]);
                throw new TokenRefreshException(AuthError.NO_PASSWORD_ERROR);
            }
            BackendResponse<Token> requestAuthorizationToken = requestAuthorizationToken(new BackendCredentials.Builder().setBaseUrl(this.sessionContext.getStage().getBackendBaseUrl()).setEmail(currentUser.getEmail()).setPassword(decryptPassword).create());
            if (requestAuthorizationToken.isAuthError()) {
                throw new TokenRefreshException(requestAuthorizationToken.getAuthError());
            }
            if (requestAuthorizationToken.isSuccessful()) {
                Token body = requestAuthorizationToken.body();
                this.token = body;
                body.setRequestedTimestamp(System.currentTimeMillis());
            } else {
                Token token = new Token();
                this.token = token;
                token.invalidate();
            }
        }
        return this.token;
    }

    public Token getToken(BackendCredentials backendCredentials) throws TokenRefreshException {
        L.d("Request new token for user %s", backendCredentials.getEmail());
        BackendResponse<Token> requestAuthorizationToken = requestAuthorizationToken(backendCredentials);
        if (requestAuthorizationToken.isAuthError()) {
            throw new TokenRefreshException(requestAuthorizationToken.getAuthError());
        }
        if (requestAuthorizationToken.isSuccessful()) {
            return requestAuthorizationToken.body();
        }
        return null;
    }

    public synchronized void invalidateToken() {
        if (this.token != null) {
            this.token.invalidate();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public synchronized TokenResult requestInitialAuthorizationToken(LoginRequest loginRequest) {
        BackendResponse<Token> requestAuthorizationToken = requestAuthorizationToken(new BackendCredentials.Builder().setBaseUrl(loginRequest.getStage().getBackendBaseUrl()).setEmail(loginRequest.getEmail()).setPassword(loginRequest.getPassword()).create());
        if (!requestAuthorizationToken.isSuccessful()) {
            this.token = null;
            return new TokenResult(requestAuthorizationToken);
        }
        Token body = requestAuthorizationToken.body();
        this.token = body;
        body.setRequestedTimestamp(System.currentTimeMillis());
        return new TokenResult(this.token);
    }
}
