package com.platform.usercenter.mcnetwork.interceptor;

import androidx.annotation.NonNull;
import com.oapm.perftest.trace.TraceWeaver;
import com.platform.usercenter.BaseApp;
import com.platform.usercenter.basic.provider.UCCommonXor8Provider;
import com.platform.usercenter.mcnetwork.header.DeviceSecurityHeader;
import com.platform.usercenter.mcnetwork.header.IBizHeaderManager;
import com.platform.usercenter.mcnetwork.safe.access.OpenidAccess;
import com.platform.usercenter.mctools.datastructure.StringUtil;
import com.platform.usercenter.network.NetworkModule;
import com.platform.usercenter.network.header.HeaderConstant;
import com.platform.usercenter.network.header.UCHeaderHelperV1;
import com.platform.usercenter.network.provider.INetConfigProvider;
import com.platform.usercenter.tools.algorithm.MD5Util;
import com.platform.usercenter.tools.log.UCLogUtil;
import com.platform.usercenter.tools.security.AESUtilTest;
import com.platform.usercenter.tools.security.RsaCoder;
import java.io.IOException;
import java.lang.ref.WeakReference;
import java.net.URLEncoder;
import java.security.SecureRandom;
import java.util.HashMap;
import java.util.Map;
import okhttp3.a0;
import okhttp3.b0;
import okhttp3.c0;
import okhttp3.s;
import okhttp3.u;
import okhttp3.v;
import okhttp3.z;
import okio.Buffer;
import org.json.JSONObject;

/* loaded from: classes2.dex */
public class SecurityRequestInterceptor implements u {
    private static final String FORMAT_CONTENT_TYPE = "%s; charset=%s";
    private static final String HEADER_PROTOCOL_VERSION = "3.0";
    private static final int RETRY_NUM = 2;
    private static final int STATUS_CODE_DECRYPT_FAIL = 222;
    private static final String TAG = "SecurityRequestInterceptor";
    private static final String UTF_8 = "UTF-8";
    private static final String X_R_K;
    private final IBizHeaderManager mBizHeaderManager;
    private volatile SecurityKey mSecurityKey;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes2.dex */
    public static class Header {
        private static final String CHAR = "\\/";
        private static final String CHAR_L = "/";
        private static final String HEADER_PROTOCOL_VERSION = "3.0";
        public static final String HEADER_X_SESSION_TICKET = "X-Session-Ticket";
        private static final String X_PROTOCOL = "X-Protocol";

        Header() {
            TraceWeaver.i(66626);
            TraceWeaver.o(66626);
        }

        /* JADX INFO: Access modifiers changed from: private */
        public Map<String, String> newHeader(SecurityKey securityKey, String str) {
            TraceWeaver.i(66632);
            HashMap hashMap = new HashMap(4);
            hashMap.put("X-Protocol-Version", HEADER_PROTOCOL_VERSION);
            hashMap.put("X-Protocol-Ver", HEADER_PROTOCOL_VERSION);
            String encrypt = SecurityKey.encrypt(securityKey, str);
            if (encrypt == null) {
                hashMap.put(HeaderConstant.HEAD_K_ACCEPT, "application/json");
                TraceWeaver.o(66632);
                return hashMap;
            }
            securityKey.setHeaderSignatureV1(encrypt);
            hashMap.put(HeaderConstant.HEAD_K_ACCEPT, "application/encrypted-json");
            hashMap.put("X-Security", encrypt);
            hashMap.put(UCHeaderHelperV1.HEADER_X_KEY, securityKey.mRsa);
            hashMap.put("X-I-V", securityKey.mIvStr);
            if (securityKey.mSecurityTicket != null && !"".equals(securityKey.mSecurityTicket)) {
                hashMap.put("X-Session-Ticket", securityKey.mSecurityTicket);
            }
            try {
                JSONObject jSONObject = new JSONObject();
                jSONObject.put(SecurityRequestInterceptor.X_R_K, securityKey.mRsa);
                jSONObject.put("iv", securityKey.mIvStr);
                jSONObject.put("sessionTicket", securityKey.mSecurityTicket);
                String jSONObject2 = jSONObject.toString();
                if (jSONObject2.contains(CHAR)) {
                    jSONObject2 = jSONObject2.replace(CHAR, CHAR_L);
                }
                String encode = URLEncoder.encode(jSONObject2, "UTF-8");
                String encode2 = URLEncoder.encode(encrypt, "UTF-8");
                securityKey.setHeaderSignatureV2(encode2);
                hashMap.put("X-Safety", encode2);
                hashMap.put("X-Protocol", encode);
            } catch (Exception e11) {
                hashMap.put("X-Safety", "");
                hashMap.put("X-Protocol", "");
                UCLogUtil.e(SecurityRequestInterceptor.TAG, "v2 header is error = " + e11);
            }
            TraceWeaver.o(66632);
            return hashMap;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes2.dex */
    public static class RequestWrapper {
        static final int REQUEST_ENCRYPT_BODY_FAIL = 11095220;
        static final int REQUEST_ENCRYPT_HEAD_FAIL = 11095221;
        static final int REQUEST_SUCCESS = 11095219;
        final int code;
        final String message;
        final z request;

        private RequestWrapper(int i11, String str, z zVar) {
            TraceWeaver.i(66675);
            this.code = i11;
            this.message = str;
            this.request = zVar;
            TraceWeaver.o(66675);
        }

        static RequestWrapper create(int i11, String str, z zVar) {
            TraceWeaver.i(66679);
            RequestWrapper requestWrapper = new RequestWrapper(i11, str, zVar);
            TraceWeaver.o(66679);
            return requestWrapper;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes2.dex */
    public static class ResponseWrapper {
        static final int BODY_IS_NULL = 10095221;
        static final int FAIL_DECRYPT = 10095224;
        static final int FAIL_SIGNATURE_NOT_FOUND = 10095222;
        static final int FAIL_SIGNATURE_VERIFY = 10095223;
        static final int HTTP_FAIL = 10095220;
        static final int SUCCESS = 10095219;
        final int code;
        final String message;
        final b0 response;

        private ResponseWrapper(int i11, String str, b0 b0Var) {
            TraceWeaver.i(66685);
            this.code = i11;
            this.message = str;
            this.response = b0Var;
            TraceWeaver.o(66685);
        }

        static ResponseWrapper create(int i11, String str, b0 b0Var) {
            TraceWeaver.i(66689);
            ResponseWrapper responseWrapper = new ResponseWrapper(i11, str, b0Var);
            TraceWeaver.o(66689);
            return responseWrapper;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes2.dex */
    public static class SecurityKey {
        private static final String TAG = "SecurityKey";
        private final String mAes;
        private String mHeaderSignatureV1;
        private String mHeaderSignatureV2;
        private final byte[] mIv;
        private final String mIvStr;
        private final String mRsa;
        private String mSecurityTicket;

        private SecurityKey() {
            TraceWeaver.i(66702);
            this.mSecurityTicket = "";
            this.mHeaderSignatureV1 = "";
            this.mHeaderSignatureV2 = "";
            byte[] generateRandom16byte = generateRandom16byte();
            this.mIv = generateRandom16byte;
            this.mIvStr = AESUtilTest.base64EncodeSafe(generateRandom16byte);
            String base64EncodeSafe = AESUtilTest.base64EncodeSafe(generateRandom16byte());
            this.mAes = base64EncodeSafe;
            this.mRsa = RsaCoder.encrypt(base64EncodeSafe, RsaCoder.Key);
            TraceWeaver.o(66702);
        }

        /* JADX INFO: Access modifiers changed from: private */
        public static String decrypt(SecurityKey securityKey, String str) {
            TraceWeaver.i(66715);
            try {
                String aesDecryptWithPassKey = AESUtilTest.aesDecryptWithPassKey(str, securityKey.mAes, securityKey.mIv);
                TraceWeaver.o(66715);
                return aesDecryptWithPassKey;
            } catch (Exception e11) {
                UCLogUtil.e(TAG, "decrypt = " + e11);
                TraceWeaver.o(66715);
                return null;
            }
        }

        /* JADX INFO: Access modifiers changed from: private */
        public static String encrypt(SecurityKey securityKey, String str) {
            TraceWeaver.i(66709);
            try {
                String aesEncryptWithPassKey = AESUtilTest.aesEncryptWithPassKey(str, securityKey.mAes, securityKey.mIv);
                TraceWeaver.o(66709);
                return aesEncryptWithPassKey;
            } catch (Exception e11) {
                UCLogUtil.e(TAG, "encrypt" + e11);
                TraceWeaver.o(66709);
                return null;
            }
        }

        private byte[] generateRandom16byte() {
            TraceWeaver.i(66719);
            byte[] bArr = new byte[16];
            new SecureRandom().nextBytes(bArr);
            TraceWeaver.o(66719);
            return bArr;
        }

        void setHeaderSignatureV1(String str) {
            TraceWeaver.i(66717);
            this.mHeaderSignatureV1 = str;
            TraceWeaver.o(66717);
        }

        void setHeaderSignatureV2(String str) {
            TraceWeaver.i(66718);
            this.mHeaderSignatureV2 = str;
            TraceWeaver.o(66718);
        }

        void setSecurityTicket(String str) {
            TraceWeaver.i(66716);
            this.mSecurityTicket = str;
            TraceWeaver.o(66716);
        }
    }

    static {
        TraceWeaver.i(66840);
        X_R_K = UCCommonXor8Provider.getProviderKeyXor8();
        TraceWeaver.o(66840);
    }

    public SecurityRequestInterceptor(IBizHeaderManager iBizHeaderManager) {
        TraceWeaver.i(66752);
        this.mBizHeaderManager = iBizHeaderManager;
        TraceWeaver.o(66752);
    }

    private static String bodyToString(@NonNull a0 a0Var) {
        TraceWeaver.i(66758);
        try {
            Buffer buffer = new Buffer();
            a0Var.h(buffer);
            String readUtf8 = buffer.readUtf8();
            TraceWeaver.o(66758);
            return readUtf8;
        } catch (Exception e11) {
            UCLogUtil.e(TAG, "body is parse error = " + e11.getMessage());
            TraceWeaver.o(66758);
            return null;
        }
    }

    private RequestWrapper buildRequest(@NonNull z zVar, @NonNull SecurityKey securityKey, @NonNull String str) {
        String str2;
        String str3;
        TraceWeaver.i(66799);
        if ("".equals(str)) {
            str2 = null;
            str3 = "request body is empty";
        } else {
            str2 = SecurityKey.encrypt(securityKey, str);
            str3 = str2 == null ? "encrypt body fail" : "encrypt body success";
        }
        Map newHeader = new Header().newHeader(securityKey, DeviceSecurityHeader.getDeviceSecurityHeader(BaseApp.mContext, this.mBizHeaderManager));
        if ("application/json".equals(newHeader.get(HeaderConstant.HEAD_K_ACCEPT))) {
            RequestWrapper create = RequestWrapper.create(11095221, "head is encrypt fail", plainTextRequest(zVar));
            TraceWeaver.o(66799);
            return create;
        }
        s.a g11 = zVar.i().g();
        for (Map.Entry entry : newHeader.entrySet()) {
            g11.h((String) entry.getKey(), (String) entry.getValue());
        }
        z.a i11 = zVar.n().i(g11.e());
        if (str2 != null) {
            i11.l(a0.d(v.d(formatContentType(true)), str2));
        }
        RequestWrapper create2 = RequestWrapper.create(11095219, str3, i11.b());
        TraceWeaver.o(66799);
        return create2;
    }

    private String formatContentType(boolean z11) {
        TraceWeaver.i(66837);
        String format = String.format(FORMAT_CONTENT_TYPE, z11 ? "application/encrypted-json" : "application/json", "UTF-8");
        TraceWeaver.o(66837);
        return format;
    }

    private ResponseWrapper handlerResponse(b0 b0Var, SecurityKey securityKey) {
        TraceWeaver.i(66815);
        c0 a11 = b0Var.a();
        if (a11 == null) {
            ResponseWrapper create = ResponseWrapper.create(10095221, "responseBody is null", b0Var);
            TraceWeaver.o(66815);
            return create;
        }
        int d11 = b0Var.d();
        if (!b0Var.isSuccessful()) {
            ResponseWrapper create2 = ResponseWrapper.create(10095220, "response code is " + d11, b0Var);
            TraceWeaver.o(66815);
            return create2;
        }
        if (d11 != 222) {
            String str = null;
            try {
                str = a11.l();
            } catch (IOException e11) {
                UCLogUtil.e(TAG, "responseBody.string error = " + e11.getMessage());
            }
            String decrypt = SecurityKey.decrypt(securityKey, str);
            if (decrypt == null) {
                ResponseWrapper create3 = ResponseWrapper.create(10095224, "decrypt is null", b0Var);
                TraceWeaver.o(66815);
                return create3;
            }
            String c11 = b0Var.h().c("X-Session-Ticket");
            securityKey.setSecurityTicket(c11 != null ? c11 : "");
            ResponseWrapper create4 = ResponseWrapper.create(10095219, "decrypt is success", b0Var.l().b(c0.i(a11.f(), decrypt)).c());
            TraceWeaver.o(66815);
            return create4;
        }
        String c12 = b0Var.h().c("X-Signature");
        if (c12 == null || "".equals(c12)) {
            ResponseWrapper create5 = ResponseWrapper.create(10095222, "signature is null", b0Var);
            TraceWeaver.o(66815);
            return create5;
        }
        boolean z11 = true;
        boolean z12 = !StringUtil.isEmpty(securityKey.mHeaderSignatureV1);
        boolean z13 = !StringUtil.isEmpty(securityKey.mHeaderSignatureV2);
        if (z12 && z13) {
            String md5Hex = MD5Util.md5Hex(securityKey.mHeaderSignatureV1);
            String md5Hex2 = MD5Util.md5Hex(securityKey.mHeaderSignatureV2);
            String str2 = RsaCoder.Key;
            if (!RsaCoder.doCheck(md5Hex, c12, str2) && !RsaCoder.doCheck(md5Hex2, c12, str2)) {
                z11 = false;
            }
            if (!z11) {
                ResponseWrapper create6 = ResponseWrapper.create(10095223, "v1 v2 decryptResponse code is signature is" + c12, b0Var);
                TraceWeaver.o(66815);
                return create6;
            }
        } else if (z12 && !RsaCoder.doCheck(MD5Util.md5Hex(securityKey.mHeaderSignatureV1), c12, RsaCoder.Key)) {
            ResponseWrapper create7 = ResponseWrapper.create(10095223, "v1 decryptResponse code is signature is" + c12, b0Var);
            TraceWeaver.o(66815);
            return create7;
        }
        ResponseWrapper create8 = ResponseWrapper.create(d11, "response decrypt downgrade", b0Var);
        TraceWeaver.o(66815);
        return create8;
    }

    private z plainTextRequest(@NonNull z zVar) {
        TraceWeaver.i(66794);
        this.mSecurityKey = null;
        z b11 = zVar.n().a(HeaderConstant.HEAD_K_ACCEPT, "application/json").a("X-Protocol-Ver", HEADER_PROTOCOL_VERSION).b();
        TraceWeaver.o(66794);
        return b11;
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // okhttp3.u
    @NonNull
    public b0 intercept(u.a aVar) throws IOException {
        TraceWeaver.i(66763);
        z request = aVar.request();
        a0 b11 = request.b();
        String str = "SecurityRequestInterceptor:" + request.s().h();
        if (b11 == null) {
            UCLogUtil.w(str, "srcBody is null");
            b0 a11 = aVar.a(request);
            TraceWeaver.o(66763);
            return a11;
        }
        String bodyToString = bodyToString(b11);
        if (bodyToString == null) {
            UCLogUtil.w(str, "body to str is null");
            b0 a12 = aVar.a(request);
            TraceWeaver.o(66763);
            return a12;
        }
        WeakReference<INetConfigProvider> weakReference = NetworkModule.Builder.configProvider;
        Object[] objArr = 0;
        if (weakReference != null && weakReference.get() != null) {
            INetConfigProvider iNetConfigProvider = weakReference.get();
            if (iNetConfigProvider.isDebug() && !iNetConfigProvider.isEncryption()) {
                IBizHeaderManager iBizHeaderManager = this.mBizHeaderManager;
                String imei = iBizHeaderManager != null ? iBizHeaderManager.getImei(BaseApp.mContext) : null;
                String guid = OpenidAccess.getGuid(BaseApp.mContext);
                z.a h11 = request.n().h(HeaderConstant.HEAD_K_ACCEPT, "application/json").h("X-Protocol-Version", HEADER_PROTOCOL_VERSION);
                if (guid == null) {
                    guid = "";
                }
                z.a h12 = h11.h("X-Client-GUID", guid);
                if (imei == null) {
                    imei = "";
                }
                b0 a13 = aVar.a(h12.h("imei", imei).l(a0.d(v.d(formatContentType(false)), bodyToString)).b());
                TraceWeaver.o(66763);
                return a13;
            }
        }
        SecurityKey securityKey = this.mSecurityKey;
        if (securityKey == null) {
            securityKey = new SecurityKey();
            this.mSecurityKey = securityKey;
        }
        RequestWrapper buildRequest = buildRequest(request, securityKey, bodyToString);
        if (buildRequest.code != 11095219) {
            UCLogUtil.w(str, buildRequest.message);
            b0 a14 = aVar.a(buildRequest.request);
            TraceWeaver.o(66763);
            return a14;
        }
        ResponseWrapper handlerResponse = handlerResponse(aVar.a(buildRequest.request), securityKey);
        for (int i11 = 1; i11 <= 2; i11++) {
            int i12 = handlerResponse.code;
            if (i12 == 10095219 || i12 == 10095220) {
                b0 b0Var = handlerResponse.response;
                TraceWeaver.o(66763);
                return b0Var;
            }
            if (i12 == 10095221 || i12 == 10095222 || i12 == 10095223) {
                UCLogUtil.w(str, handlerResponse.message);
                this.mSecurityKey = null;
                b0 b0Var2 = handlerResponse.response;
                TraceWeaver.o(66763);
                return b0Var2;
            }
            if (i12 == 10095224 || i12 == 222) {
                handlerResponse.response.close();
                if (i11 == 2) {
                    break;
                }
                UCLogUtil.w(str, "start second request = " + handlerResponse.message);
                handlerResponse = handlerResponse(aVar.a(buildRequest.request), securityKey);
            }
        }
        UCLogUtil.w(str, "second request fail, retry request to plant text");
        b0 a15 = aVar.a(plainTextRequest(request));
        TraceWeaver.o(66763);
        return a15;
    }
}
