package com.trusona.sdk.http.client.interceptor;

import com.trusona.sdk.http.ApiCredentials;
import com.trusona.sdk.http.Headers;
import com.trusona.sdk.http.client.security.HmacSignatureGenerator;
import com.trusona.sdk.http.client.security.RequestHmacMessage;
import com.trusona.sdk.http.client.security.ResponseHmacMessage;
import com.trusona.sdk.http.client.security.TrusonaAuthorizationHeader;
import java.io.IOException;
import okhttp3.Interceptor;
import okhttp3.MediaType;
import okhttp3.Request;
import okhttp3.Response;
import okhttp3.ResponseBody;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/trusona/sdk/http/client/interceptor/HmacAuthInterceptor.class */
public class HmacAuthInterceptor implements Interceptor {
    private static final Logger logger = LoggerFactory.getLogger(HmacAuthInterceptor.class);
    private static final String EMPTY_JSON = "{}";
    private static final String EMPTY_JSON_CONTENT_TYPE = "application/json; charset=utf-8";
    private final HmacSignatureGenerator signatureGenerator;
    private final ApiCredentials apiCredentials;

    public HmacAuthInterceptor(HmacSignatureGenerator hmacSignatureGenerator, ApiCredentials apiCredentials) {
        this.signatureGenerator = hmacSignatureGenerator;
        this.apiCredentials = apiCredentials;
    }

    public HmacAuthInterceptor(HmacSignatureGenerator hmacSignatureGenerator, String str, String str2) {
        this(hmacSignatureGenerator, new ApiCredentials(str, str2));
    }

    public Response intercept(Interceptor.Chain chain) throws IOException {
        Request request = chain.request();
        return validateResponse(chain.proceed(request.newBuilder().header(Headers.AUTHORIZATION, new TrusonaAuthorizationHeader(this.apiCredentials.getToken(), this.signatureGenerator.getSignature(new RequestHmacMessage(request), this.apiCredentials.getSecret())).toString()).build()));
    }

    private ResponseBody getEmptyJson() {
        return ResponseBody.create(MediaType.parse(EMPTY_JSON_CONTENT_TYPE), EMPTY_JSON);
    }

    private Response failResponse(Response response) {
        logger.warn("Response signature failed validation");
        return response.newBuilder().body(getEmptyJson()).code(401).build();
    }

    private Response validateResponse(Response response) throws IOException {
        if (!response.isSuccessful()) {
            return response;
        }
        String header = response.header(Headers.X_SIGNATURE);
        if (header != null && header.equals(this.signatureGenerator.getSignature(new ResponseHmacMessage(response), this.apiCredentials.getSecret()))) {
            return response;
        }
        return failResponse(response);
    }
}
