package com.platform.usercenter.network.interceptor;

import com.platform.usercenter.BaseApp;
import com.platform.usercenter.basic.provider.UCCommonXor8Provider;
import com.platform.usercenter.network.NetworkModule;
import com.platform.usercenter.network.header.DeviceSecurityHeader;
import com.platform.usercenter.network.header.HeaderConstant;
import com.platform.usercenter.network.header.IBizHeaderManager;
import com.platform.usercenter.network.header.UCHeaderHelperV1;
import com.platform.usercenter.network.header.UCHeaderHelperV2;
import com.platform.usercenter.network.provider.INetConfigProvider;
import com.platform.usercenter.tools.algorithm.MD5Util;
import com.platform.usercenter.tools.datastructure.StringUtil;
import com.platform.usercenter.tools.device.OpenIDHelper;
import com.platform.usercenter.tools.device.UCDeviceInfoUtil;
import com.platform.usercenter.tools.log.UCLogUtil;
import com.platform.usercenter.tools.security.AESUtilTest;
import com.platform.usercenter.tools.security.RsaCoder;
import d.b.o0;
import g.o.u.f.l.r.d.a;
import j.b0;
import j.c0;
import j.d0;
import j.e0;
import j.u;
import j.w;
import j.x;
import java.io.IOException;
import java.lang.ref.WeakReference;
import java.net.URLEncoder;
import java.security.SecureRandom;
import java.util.HashMap;
import java.util.Map;
import okio.Buffer;
import org.json.JSONObject;

/* loaded from: classes5.dex */
public class SecurityRequestInterceptor implements w {
    private static final String FORMAT_CONTENT_TYPE = "%s; charset=%s";
    private static final String HEADER_PROTOCOL_VERSION = "3.0";
    private static final int RETRY_NUM = 2;
    private static final int STATUS_CODE_DECRYPT_FAIL = 222;
    private static final String TAG = "SecurityRequestInterceptor";
    private static final String UTF_8 = "UTF-8";
    private static final String X_R_K = UCCommonXor8Provider.getProviderKeyXor8();
    private final IBizHeaderManager mBizHeaderManager;
    private volatile SecurityKey mSecurityKey;

    /* loaded from: classes5.dex */
    public static class Header {
        private static final String CHAR = "\\/";
        private static final String CHAR_L = "/";
        private static final String HEADER_PROTOCOL_VERSION = "3.0";
        public static final String HEADER_X_SESSION_TICKET = "X-Session-Ticket";
        private static final String X_PROTOCOL = "X-Protocol";

        /* JADX INFO: Access modifiers changed from: private */
        public Map<String, String> newHeader(SecurityKey securityKey, String str) {
            HashMap hashMap = new HashMap(4);
            hashMap.put(HeaderConstant.HEADER_X_PROTOCOL_VERSION, HEADER_PROTOCOL_VERSION);
            hashMap.put(UCHeaderHelperV2.X_PROTOCOL_VERSION, HEADER_PROTOCOL_VERSION);
            String encrypt = SecurityKey.encrypt(securityKey, str);
            if (encrypt == null) {
                hashMap.put(HeaderConstant.HEAD_K_ACCEPT, "application/json");
                return hashMap;
            }
            securityKey.setHeaderSignatureV1(encrypt);
            hashMap.put(HeaderConstant.HEAD_K_ACCEPT, HeaderConstant.HEADER_SECURITY_CONTENT_TYPE);
            hashMap.put("X-Security", encrypt);
            hashMap.put(UCHeaderHelperV1.HEADER_X_KEY, securityKey.mRsa);
            hashMap.put(UCHeaderHelperV1.HEADER_X_I_V, securityKey.mIvStr);
            if (securityKey.mSecurityTicket != null && !"".equals(securityKey.mSecurityTicket)) {
                hashMap.put(HEADER_X_SESSION_TICKET, securityKey.mSecurityTicket);
            }
            try {
                JSONObject jSONObject = new JSONObject();
                jSONObject.put(SecurityRequestInterceptor.X_R_K, securityKey.mRsa);
                jSONObject.put(a.f17489h, securityKey.mIvStr);
                jSONObject.put("sessionTicket", securityKey.mSecurityTicket);
                String jSONObject2 = jSONObject.toString();
                if (jSONObject2.contains(CHAR)) {
                    jSONObject2 = jSONObject2.replace(CHAR, CHAR_L);
                }
                String encode = URLEncoder.encode(jSONObject2, "UTF-8");
                String encode2 = URLEncoder.encode(encrypt, "UTF-8");
                securityKey.setHeaderSignatureV2(encode2);
                hashMap.put(UCHeaderHelperV2.X_SAFETY, encode2);
                hashMap.put("X-Protocol", encode);
            } catch (Exception e2) {
                hashMap.put(UCHeaderHelperV2.X_SAFETY, "");
                hashMap.put("X-Protocol", "");
                UCLogUtil.e(SecurityRequestInterceptor.TAG, "v2 header is error = " + e2);
            }
            return hashMap;
        }
    }

    /* loaded from: classes5.dex */
    public static class RequestWrapper {
        public static final int REQUEST_ENCRYPT_BODY_FAIL = 11095220;
        public static final int REQUEST_ENCRYPT_HEAD_FAIL = 11095221;
        public static final int REQUEST_SUCCESS = 11095219;
        public final int code;
        public final String message;
        public final b0 request;

        private RequestWrapper(int i2, String str, b0 b0Var) {
            this.code = i2;
            this.message = str;
            this.request = b0Var;
        }

        public static RequestWrapper create(int i2, String str, b0 b0Var) {
            return new RequestWrapper(i2, str, b0Var);
        }
    }

    /* loaded from: classes5.dex */
    public static class ResponseWrapper {
        public static final int BODY_IS_NULL = 10095221;
        public static final int FAIL_DECRYPT = 10095224;
        public static final int FAIL_SIGNATURE_NOT_FOUND = 10095222;
        public static final int FAIL_SIGNATURE_VERIFY = 10095223;
        public static final int HTTP_FAIL = 10095220;
        public static final int SUCCESS = 10095219;
        public final int code;
        public final String message;
        public final d0 response;

        private ResponseWrapper(int i2, String str, d0 d0Var) {
            this.code = i2;
            this.message = str;
            this.response = d0Var;
        }

        public static ResponseWrapper create(int i2, String str, d0 d0Var) {
            return new ResponseWrapper(i2, str, d0Var);
        }
    }

    /* loaded from: classes5.dex */
    public static class SecurityKey {
        private static final String TAG = "SecurityKey";
        private final String mAes;
        private String mHeaderSignatureV1;
        private String mHeaderSignatureV2;
        private final byte[] mIv;
        private final String mIvStr;
        private final String mRsa;
        private String mSecurityTicket;

        private SecurityKey() {
            this.mSecurityTicket = "";
            this.mHeaderSignatureV1 = "";
            this.mHeaderSignatureV2 = "";
            byte[] generateRandom16byte = generateRandom16byte();
            this.mIv = generateRandom16byte;
            this.mIvStr = AESUtilTest.base64EncodeSafe(generateRandom16byte);
            String base64EncodeSafe = AESUtilTest.base64EncodeSafe(generateRandom16byte());
            this.mAes = base64EncodeSafe;
            this.mRsa = RsaCoder.encrypt(base64EncodeSafe, RsaCoder.Key);
        }

        /* JADX INFO: Access modifiers changed from: private */
        public static String decrypt(SecurityKey securityKey, String str) {
            try {
                return AESUtilTest.aesDecryptWithPassKey(str, securityKey.mAes, securityKey.mIv);
            } catch (Exception e2) {
                UCLogUtil.e(TAG, "decrypt = " + e2);
                return null;
            }
        }

        /* JADX INFO: Access modifiers changed from: private */
        public static String encrypt(SecurityKey securityKey, String str) {
            try {
                return AESUtilTest.aesEncryptWithPassKey(str, securityKey.mAes, securityKey.mIv);
            } catch (Exception e2) {
                UCLogUtil.e(TAG, "encrypt" + e2);
                return null;
            }
        }

        private byte[] generateRandom16byte() {
            byte[] bArr = new byte[16];
            new SecureRandom().nextBytes(bArr);
            return bArr;
        }

        public void setHeaderSignatureV1(String str) {
            this.mHeaderSignatureV1 = str;
        }

        public void setHeaderSignatureV2(String str) {
            this.mHeaderSignatureV2 = str;
        }

        public void setSecurityTicket(String str) {
            this.mSecurityTicket = str;
        }
    }

    public SecurityRequestInterceptor(IBizHeaderManager iBizHeaderManager) {
        this.mBizHeaderManager = iBizHeaderManager;
    }

    private static String bodyToString(@o0 c0 c0Var) {
        try {
            Buffer buffer = new Buffer();
            c0Var.writeTo(buffer);
            return buffer.readUtf8();
        } catch (Exception e2) {
            StringBuilder Y = g.b.b.a.a.Y("body is parse error = ");
            Y.append(e2.getMessage());
            UCLogUtil.e(TAG, Y.toString());
            return null;
        }
    }

    private RequestWrapper buildRequest(@o0 b0 b0Var, @o0 SecurityKey securityKey, @o0 String str) {
        String str2;
        String str3;
        if ("".equals(str)) {
            str2 = null;
            str3 = "request body is empty";
        } else {
            str2 = SecurityKey.encrypt(securityKey, str);
            str3 = str2 == null ? "encrypt body fail" : "encrypt body success";
        }
        Map newHeader = new Header().newHeader(securityKey, DeviceSecurityHeader.getDeviceSecurityHeader(BaseApp.mContext, this.mBizHeaderManager));
        if ("application/json".equals(newHeader.get(HeaderConstant.HEAD_K_ACCEPT))) {
            return RequestWrapper.create(RequestWrapper.REQUEST_ENCRYPT_HEAD_FAIL, "head is encrypt fail", plainTextRequest(b0Var));
        }
        u.a m2 = b0Var.m().m();
        for (Map.Entry entry : newHeader.entrySet()) {
            m2.m((String) entry.getKey(), (String) entry.getValue());
        }
        b0.a y = b0Var.r().y(m2.i());
        if (str2 != null) {
            y.E(c0.create(x.j(formatContentType(true)), str2));
        }
        return RequestWrapper.create(RequestWrapper.REQUEST_SUCCESS, str3, y.b());
    }

    private String formatContentType(boolean z) {
        return String.format(FORMAT_CONTENT_TYPE, z ? HeaderConstant.HEADER_SECURITY_CONTENT_TYPE : "application/json", "UTF-8");
    }

    private ResponseWrapper handlerResponse(d0 d0Var, SecurityKey securityKey) {
        e0 I = d0Var.I();
        if (I == null) {
            return ResponseWrapper.create(ResponseWrapper.BODY_IS_NULL, "responseBody is null", d0Var);
        }
        int Y = d0Var.Y();
        if (!d0Var.j()) {
            return ResponseWrapper.create(ResponseWrapper.HTTP_FAIL, "response code is " + Y, d0Var);
        }
        if (Y != 222) {
            String str = null;
            try {
                str = I.string();
            } catch (IOException e2) {
                StringBuilder Y2 = g.b.b.a.a.Y("responseBody.string error = ");
                Y2.append(e2.getMessage());
                UCLogUtil.e(TAG, Y2.toString());
            }
            String decrypt = SecurityKey.decrypt(securityKey, str);
            if (decrypt == null) {
                return ResponseWrapper.create(ResponseWrapper.FAIL_DECRYPT, "decrypt is null", d0Var);
            }
            String f2 = d0Var.q0().f(Header.HEADER_X_SESSION_TICKET);
            securityKey.setSecurityTicket(f2 != null ? f2 : "");
            return ResponseWrapper.create(ResponseWrapper.SUCCESS, "decrypt is success", d0Var.A0().b(e0.create(I.contentType(), decrypt)).c());
        }
        String f3 = d0Var.q0().f("X-Signature");
        if (f3 == null || "".equals(f3)) {
            return ResponseWrapper.create(ResponseWrapper.FAIL_SIGNATURE_NOT_FOUND, "signature is null", d0Var);
        }
        boolean z = true;
        boolean z2 = !StringUtil.isEmpty(securityKey.mHeaderSignatureV1);
        boolean z3 = !StringUtil.isEmpty(securityKey.mHeaderSignatureV2);
        if (z2 && z3) {
            String md5Hex = MD5Util.md5Hex(securityKey.mHeaderSignatureV1);
            String md5Hex2 = MD5Util.md5Hex(securityKey.mHeaderSignatureV2);
            String str2 = RsaCoder.Key;
            if (!RsaCoder.doCheck(md5Hex, f3, str2) && !RsaCoder.doCheck(md5Hex2, f3, str2)) {
                z = false;
            }
            if (!z) {
                return ResponseWrapper.create(ResponseWrapper.FAIL_SIGNATURE_VERIFY, "v1 v2 decryptResponse code is signature is" + f3, d0Var);
            }
        } else if (z2 && !RsaCoder.doCheck(MD5Util.md5Hex(securityKey.mHeaderSignatureV1), f3, RsaCoder.Key)) {
            return ResponseWrapper.create(ResponseWrapper.FAIL_SIGNATURE_VERIFY, "v1 decryptResponse code is signature is" + f3, d0Var);
        }
        return ResponseWrapper.create(Y, "response decrypt downgrade", d0Var);
    }

    private b0 plainTextRequest(@o0 b0 b0Var) {
        this.mSecurityKey = null;
        return b0Var.r().a(HeaderConstant.HEAD_K_ACCEPT, "application/json").a(UCHeaderHelperV2.X_PROTOCOL_VERSION, HEADER_PROTOCOL_VERSION).b();
    }

    @Override // j.w
    @o0
    public d0 intercept(w.a aVar) throws IOException {
        b0 a2 = aVar.a();
        c0 f2 = a2.f();
        StringBuilder Y = g.b.b.a.a.Y("SecurityRequestInterceptor:");
        Y.append(a2.v().x());
        String sb = Y.toString();
        if (f2 == null) {
            UCLogUtil.w(sb, "srcBody is null");
            return aVar.f(a2);
        }
        String bodyToString = bodyToString(f2);
        if (bodyToString == null) {
            UCLogUtil.w(sb, "body to str is null");
            return aVar.f(a2);
        }
        WeakReference<INetConfigProvider> weakReference = NetworkModule.Builder.configProvider;
        if (weakReference != null && weakReference.get() != null) {
            INetConfigProvider iNetConfigProvider = weakReference.get();
            if (iNetConfigProvider.isDebug() && !iNetConfigProvider.isEncryption()) {
                String osimei = UCDeviceInfoUtil.getOSIMEI(BaseApp.mContext);
                String guid = OpenIDHelper.getGUID();
                b0.a x = a2.r().x(HeaderConstant.HEAD_K_ACCEPT, "application/json").x(HeaderConstant.HEADER_X_PROTOCOL_VERSION, HEADER_PROTOCOL_VERSION);
                if (guid == null) {
                    guid = "";
                }
                b0.a x2 = x.x(OpenIDHelper.HEADER_X_CLIENT_GUID, guid);
                if (osimei == null) {
                    osimei = "";
                }
                return aVar.f(x2.x("imei", osimei).E(c0.create(x.j(formatContentType(false)), bodyToString)).b());
            }
        }
        SecurityKey securityKey = this.mSecurityKey;
        if (securityKey == null) {
            securityKey = new SecurityKey();
            this.mSecurityKey = securityKey;
        }
        RequestWrapper buildRequest = buildRequest(a2, securityKey, bodyToString);
        if (buildRequest.code != 11095219) {
            UCLogUtil.w(sb, buildRequest.message);
            return aVar.f(buildRequest.request);
        }
        ResponseWrapper handlerResponse = handlerResponse(aVar.f(buildRequest.request), securityKey);
        for (int i2 = 1; i2 <= 2; i2++) {
            int i3 = handlerResponse.code;
            if (i3 == 10095219 || i3 == 10095220) {
                return handlerResponse.response;
            }
            if (i3 == 10095221 || i3 == 10095222 || i3 == 10095223) {
                UCLogUtil.w(sb, handlerResponse.message);
                this.mSecurityKey = null;
                return handlerResponse.response;
            }
            if (i3 == 10095224 || i3 == 222) {
                handlerResponse.response.close();
                if (i2 == 2) {
                    break;
                }
                StringBuilder Y2 = g.b.b.a.a.Y("start second request = ");
                Y2.append(handlerResponse.message);
                UCLogUtil.w(sb, Y2.toString());
                handlerResponse = handlerResponse(aVar.f(buildRequest.request), securityKey);
            }
        }
        UCLogUtil.w(sb, "second request fail, retry request to plant text");
        return aVar.f(plainTextRequest(a2));
    }
}
