package com.platform.usercenter.network.interceptor;

import com.platform.usercenter.BaseApp;
import com.platform.usercenter.basic.provider.UCCommonXor8Provider;
import com.platform.usercenter.network.NetworkModule;
import com.platform.usercenter.network.header.DeviceSecurityHeader;
import com.platform.usercenter.network.header.HeaderConstant;
import com.platform.usercenter.network.header.IBizHeaderManager;
import com.platform.usercenter.network.header.UCHeaderHelperV1;
import com.platform.usercenter.network.header.UCHeaderHelperV2;
import com.platform.usercenter.network.provider.INetConfigProvider;
import com.platform.usercenter.tools.algorithm.MD5Util;
import com.platform.usercenter.tools.datastructure.StringUtil;
import com.platform.usercenter.tools.device.OpenIDHelper;
import com.platform.usercenter.tools.device.UCDeviceInfoUtil;
import com.platform.usercenter.tools.log.UCLogUtil;
import com.platform.usercenter.tools.security.AESUtilTest;
import com.platform.usercenter.tools.security.RsaCoder;
import java.io.IOException;
import java.lang.ref.WeakReference;
import java.net.URLEncoder;
import java.security.SecureRandom;
import java.util.HashMap;
import java.util.Map;
import okhttp3.aa;
import okhttp3.ab;
import okhttp3.ac;
import okhttp3.ad;
import okhttp3.u;
import okhttp3.v;
import okhttp3.w;
import okio.Buffer;
import org.json.JSONObject;

/* loaded from: classes6.dex */
public class SecurityRequestInterceptor implements v {
    private static final String FORMAT_CONTENT_TYPE = "%s; charset=%s";
    private static final String HEADER_PROTOCOL_VERSION = "3.0";
    private static final int RETRY_NUM = 2;
    private static final int STATUS_CODE_DECRYPT_FAIL = 222;
    private static final String TAG = "SecurityRequestInterceptor";
    private static final String UTF_8 = "UTF-8";
    private static final String X_R_K = UCCommonXor8Provider.getProviderKeyXor8();
    private final IBizHeaderManager mBizHeaderManager;
    private volatile SecurityKey mSecurityKey;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes6.dex */
    public static class Header {
        private static final String CHAR = "\\/";
        private static final String CHAR_L = "/";
        private static final String HEADER_PROTOCOL_VERSION = "3.0";
        public static final String HEADER_X_SESSION_TICKET = "X-Session-Ticket";
        private static final String X_PROTOCOL = "X-Protocol";

        Header() {
        }

        /* JADX INFO: Access modifiers changed from: private */
        public Map<String, String> newHeader(SecurityKey securityKey, String str) {
            HashMap hashMap = new HashMap(4);
            hashMap.put(HeaderConstant.HEADER_X_PROTOCOL_VERSION, HEADER_PROTOCOL_VERSION);
            hashMap.put(UCHeaderHelperV2.X_PROTOCOL_VERSION, HEADER_PROTOCOL_VERSION);
            String encrypt = SecurityKey.encrypt(securityKey, str);
            if (encrypt == null) {
                hashMap.put(HeaderConstant.HEAD_K_ACCEPT, HeaderConstant.HEAD_V_APPLICATION_JSON);
                return hashMap;
            }
            securityKey.setHeaderSignatureV1(encrypt);
            hashMap.put(HeaderConstant.HEAD_K_ACCEPT, HeaderConstant.HEADER_SECURITY_CONTENT_TYPE);
            hashMap.put("X-Security", encrypt);
            hashMap.put(UCHeaderHelperV1.HEADER_X_KEY, securityKey.mRsa);
            hashMap.put(UCHeaderHelperV1.HEADER_X_I_V, securityKey.mIvStr);
            if (securityKey.mSecurityTicket != null && !"".equals(securityKey.mSecurityTicket)) {
                hashMap.put(HEADER_X_SESSION_TICKET, securityKey.mSecurityTicket);
            }
            try {
                JSONObject jSONObject = new JSONObject();
                jSONObject.put(SecurityRequestInterceptor.X_R_K, securityKey.mRsa);
                jSONObject.put("iv", securityKey.mIvStr);
                jSONObject.put("sessionTicket", securityKey.mSecurityTicket);
                String jSONObject2 = jSONObject.toString();
                if (jSONObject2.contains(CHAR)) {
                    jSONObject2 = jSONObject2.replace(CHAR, CHAR_L);
                }
                String encode = URLEncoder.encode(jSONObject2, "UTF-8");
                String encode2 = URLEncoder.encode(encrypt, "UTF-8");
                securityKey.setHeaderSignatureV2(encode2);
                hashMap.put(UCHeaderHelperV2.X_SAFETY, encode2);
                hashMap.put("X-Protocol", encode);
            } catch (Exception e) {
                hashMap.put(UCHeaderHelperV2.X_SAFETY, "");
                hashMap.put("X-Protocol", "");
                UCLogUtil.e(SecurityRequestInterceptor.TAG, "v2 header is error = " + e);
            }
            return hashMap;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes6.dex */
    public static class RequestWrapper {
        static final int REQUEST_ENCRYPT_BODY_FAIL = 11095220;
        static final int REQUEST_ENCRYPT_HEAD_FAIL = 11095221;
        static final int REQUEST_SUCCESS = 11095219;
        final int code;
        final String message;
        final aa request;

        private RequestWrapper(int i, String str, aa aaVar) {
            this.code = i;
            this.message = str;
            this.request = aaVar;
        }

        static RequestWrapper create(int i, String str, aa aaVar) {
            return new RequestWrapper(i, str, aaVar);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes6.dex */
    public static class ResponseWrapper {
        static final int BODY_IS_NULL = 10095221;
        static final int FAIL_DECRYPT = 10095224;
        static final int FAIL_SIGNATURE_NOT_FOUND = 10095222;
        static final int FAIL_SIGNATURE_VERIFY = 10095223;
        static final int HTTP_FAIL = 10095220;
        static final int SUCCESS = 10095219;
        final int code;
        final String message;
        final ac response;

        private ResponseWrapper(int i, String str, ac acVar) {
            this.code = i;
            this.message = str;
            this.response = acVar;
        }

        static ResponseWrapper create(int i, String str, ac acVar) {
            return new ResponseWrapper(i, str, acVar);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes6.dex */
    public static class SecurityKey {
        private static final String TAG = "SecurityKey";
        private final String mAes;
        private String mHeaderSignatureV1;
        private String mHeaderSignatureV2;
        private final byte[] mIv;
        private final String mIvStr;
        private final String mRsa;
        private String mSecurityTicket;

        private SecurityKey() {
            this.mSecurityTicket = "";
            this.mHeaderSignatureV1 = "";
            this.mHeaderSignatureV2 = "";
            byte[] generateRandom16byte = generateRandom16byte();
            this.mIv = generateRandom16byte;
            this.mIvStr = AESUtilTest.base64EncodeSafe(generateRandom16byte);
            String base64EncodeSafe = AESUtilTest.base64EncodeSafe(generateRandom16byte());
            this.mAes = base64EncodeSafe;
            this.mRsa = RsaCoder.encrypt(base64EncodeSafe, RsaCoder.Key);
        }

        /* JADX INFO: Access modifiers changed from: private */
        public static String decrypt(SecurityKey securityKey, String str) {
            try {
                return AESUtilTest.aesDecryptWithPassKey(str, securityKey.mAes, securityKey.mIv);
            } catch (Exception e) {
                UCLogUtil.e(TAG, "decrypt = " + e);
                return null;
            }
        }

        /* JADX INFO: Access modifiers changed from: private */
        public static String encrypt(SecurityKey securityKey, String str) {
            try {
                return AESUtilTest.aesEncryptWithPassKey(str, securityKey.mAes, securityKey.mIv);
            } catch (Exception e) {
                UCLogUtil.e(TAG, "encrypt" + e);
                return null;
            }
        }

        private byte[] generateRandom16byte() {
            byte[] bArr = new byte[16];
            new SecureRandom().nextBytes(bArr);
            return bArr;
        }

        void setHeaderSignatureV1(String str) {
            this.mHeaderSignatureV1 = str;
        }

        void setHeaderSignatureV2(String str) {
            this.mHeaderSignatureV2 = str;
        }

        void setSecurityTicket(String str) {
            this.mSecurityTicket = str;
        }
    }

    public SecurityRequestInterceptor(IBizHeaderManager iBizHeaderManager) {
        this.mBizHeaderManager = iBizHeaderManager;
    }

    private static String bodyToString(ab abVar) {
        try {
            Buffer buffer = new Buffer();
            abVar.mo77041(buffer);
            return buffer.mo77756();
        } catch (Exception e) {
            UCLogUtil.e(TAG, "body is parse error = " + e.getMessage());
            return null;
        }
    }

    private RequestWrapper buildRequest(aa aaVar, SecurityKey securityKey, String str) {
        String str2;
        String str3;
        if ("".equals(str)) {
            str2 = null;
            str3 = "request body is empty";
        } else {
            str2 = SecurityKey.encrypt(securityKey, str);
            str3 = str2 == null ? "encrypt body fail" : "encrypt body success";
        }
        Map newHeader = new Header().newHeader(securityKey, DeviceSecurityHeader.getDeviceSecurityHeader(BaseApp.mContext, this.mBizHeaderManager));
        if (HeaderConstant.HEAD_V_APPLICATION_JSON.equals(newHeader.get(HeaderConstant.HEAD_K_ACCEPT))) {
            return RequestWrapper.create(11095221, "head is encrypt fail", plainTextRequest(aaVar));
        }
        u.a m77517 = aaVar.m77000().m77517();
        for (Map.Entry entry : newHeader.entrySet()) {
            m77517.m77526((String) entry.getKey(), (String) entry.getValue());
        }
        aa.a m77022 = aaVar.m77004().m77022(m77517.m77522());
        if (str2 != null) {
            m77022.m77020(ab.m77037(w.m77529(formatContentType(true)), str2));
        }
        return RequestWrapper.create(11095219, str3, m77022.m77034());
    }

    private String formatContentType(boolean z) {
        return String.format(FORMAT_CONTENT_TYPE, z ? HeaderConstant.HEADER_SECURITY_CONTENT_TYPE : HeaderConstant.HEAD_V_APPLICATION_JSON, "UTF-8");
    }

    private ResponseWrapper handlerResponse(ac acVar, SecurityKey securityKey) {
        ad m77055 = acVar.m77055();
        if (m77055 == null) {
            return ResponseWrapper.create(10095221, "responseBody is null", acVar);
        }
        int m77050 = acVar.m77050();
        if (!acVar.m77051()) {
            return ResponseWrapper.create(10095220, "response code is " + m77050, acVar);
        }
        if (m77050 != 222) {
            String str = null;
            try {
                str = m77055.m77090();
            } catch (IOException e) {
                UCLogUtil.e(TAG, "responseBody.string error = " + e.getMessage());
            }
            String decrypt = SecurityKey.decrypt(securityKey, str);
            if (decrypt == null) {
                return ResponseWrapper.create(10095224, "decrypt is null", acVar);
            }
            String m77512 = acVar.m77054().m77512(Header.HEADER_X_SESSION_TICKET);
            securityKey.setSecurityTicket(m77512 != null ? m77512 : "");
            return ResponseWrapper.create(10095219, "decrypt is success", acVar.m77056().m77074(ad.m77084(m77055.mo24213(), decrypt)).m77077());
        }
        String m775122 = acVar.m77054().m77512("X-Signature");
        if (m775122 == null || "".equals(m775122)) {
            return ResponseWrapper.create(10095222, "signature is null", acVar);
        }
        boolean z = true;
        boolean z2 = !StringUtil.isEmpty(securityKey.mHeaderSignatureV1);
        boolean z3 = !StringUtil.isEmpty(securityKey.mHeaderSignatureV2);
        if (z2 && z3) {
            String md5Hex = MD5Util.md5Hex(securityKey.mHeaderSignatureV1);
            String md5Hex2 = MD5Util.md5Hex(securityKey.mHeaderSignatureV2);
            if (!RsaCoder.doCheck(md5Hex, m775122, RsaCoder.Key) && !RsaCoder.doCheck(md5Hex2, m775122, RsaCoder.Key)) {
                z = false;
            }
            if (!z) {
                return ResponseWrapper.create(10095223, "v1 v2 decryptResponse code is signature is" + m775122, acVar);
            }
        } else if (z2 && !RsaCoder.doCheck(MD5Util.md5Hex(securityKey.mHeaderSignatureV1), m775122, RsaCoder.Key)) {
            return ResponseWrapper.create(10095223, "v1 decryptResponse code is signature is" + m775122, acVar);
        }
        return ResponseWrapper.create(m77050, "response decrypt downgrade", acVar);
    }

    private aa plainTextRequest(aa aaVar) {
        this.mSecurityKey = null;
        return aaVar.m77004().m77026(HeaderConstant.HEAD_K_ACCEPT, HeaderConstant.HEAD_V_APPLICATION_JSON).m77026(UCHeaderHelperV2.X_PROTOCOL_VERSION, HEADER_PROTOCOL_VERSION).m77034();
    }

    @Override // okhttp3.v
    public ac intercept(v.a aVar) throws IOException {
        aa mo24205 = aVar.mo24205();
        ab m77001 = mo24205.m77001();
        String str = "SecurityRequestInterceptor:" + mo24205.m76996().m76916();
        if (m77001 == null) {
            UCLogUtil.w(str, "srcBody is null");
            return aVar.mo24206(mo24205);
        }
        String bodyToString = bodyToString(m77001);
        if (bodyToString == null) {
            UCLogUtil.w(str, "body to str is null");
            return aVar.mo24206(mo24205);
        }
        WeakReference<INetConfigProvider> weakReference = NetworkModule.Builder.configProvider;
        if (weakReference != null && weakReference.get() != null) {
            INetConfigProvider iNetConfigProvider = weakReference.get();
            if (iNetConfigProvider.isDebug() && !iNetConfigProvider.isEncryption()) {
                String osimei = UCDeviceInfoUtil.getOSIMEI(BaseApp.mContext);
                String guid = OpenIDHelper.getGUID();
                aa.a m77014 = mo24205.m77004().m77014(HeaderConstant.HEAD_K_ACCEPT, HeaderConstant.HEAD_V_APPLICATION_JSON).m77014(HeaderConstant.HEADER_X_PROTOCOL_VERSION, HEADER_PROTOCOL_VERSION);
                if (guid == null) {
                    guid = "";
                }
                aa.a m770142 = m77014.m77014(OpenIDHelper.HEADER_X_CLIENT_GUID, guid);
                if (osimei == null) {
                    osimei = "";
                }
                return aVar.mo24206(m770142.m77014("imei", osimei).m77020(ab.m77037(w.m77529(formatContentType(false)), bodyToString)).m77034());
            }
        }
        SecurityKey securityKey = this.mSecurityKey;
        if (securityKey == null) {
            securityKey = new SecurityKey();
            this.mSecurityKey = securityKey;
        }
        RequestWrapper buildRequest = buildRequest(mo24205, securityKey, bodyToString);
        if (buildRequest.code != 11095219) {
            UCLogUtil.w(str, buildRequest.message);
            return aVar.mo24206(buildRequest.request);
        }
        ResponseWrapper handlerResponse = handlerResponse(aVar.mo24206(buildRequest.request), securityKey);
        for (int i = 1; i <= 2; i++) {
            int i2 = handlerResponse.code;
            if (i2 == 10095219 || i2 == 10095220) {
                return handlerResponse.response;
            }
            if (i2 == 10095221 || i2 == 10095222 || i2 == 10095223) {
                UCLogUtil.w(str, handlerResponse.message);
                this.mSecurityKey = null;
                return handlerResponse.response;
            }
            if (i2 == 10095224 || i2 == 222) {
                handlerResponse.response.close();
                if (i == 2) {
                    break;
                }
                UCLogUtil.w(str, "start second request = " + handlerResponse.message);
                handlerResponse = handlerResponse(aVar.mo24206(buildRequest.request), securityKey);
            }
        }
        UCLogUtil.w(str, "second request fail, retry request to plant text");
        return aVar.mo24206(plainTextRequest(mo24205));
    }
}
