package com.tuya.smart.android.network.http.pin;

import android.text.TextUtils;
import android.util.Base64;
import com.alibaba.fastjson.JSONArray;
import com.tuya.smart.android.common.utils.L;
import com.tuya.smart.android.network.TuyaSmartNetWork;
import com.tuya.smart.android.network.bean.TuyaCersBean;
import com.tuya.smart.android.network.http.dns.cache.CacheUtils;
import com.tuya.smart.android.network.quic.TuyaSmartQuicManager;
import com.tuya.smart.android.network.util.AssetsManager;
import com.tuya.smart.android.network.util.TimeStampManager;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import okhttp3.CertificatePinner;
import okhttp3.OkHttpClient;

/* loaded from: classes3.dex */
public class TuyaCertificatePinner {
    public static final String KEY_CACHE_CERS = "key_cache_cers";
    public static final String TAG = "TuyaCertificatePinner";
    public static final long THREE_DAY = 259200;

    public static boolean cacheCersExists() {
        List<TuyaCersBean> cersFromCache = getCersFromCache();
        return cersFromCache != null && cersFromCache.size() > 0;
    }

    public static void certCheck() {
        boolean checkCertValidity = checkCertValidity();
        if (checkCertValidity) {
            refreshCers();
        }
        L.d(TAG, "checkCertValidity certsExpire: " + checkCertValidity);
    }

    public static boolean checkCertValidity() {
        List<TuyaCersBean> tuyaCersBeans = getTuyaCersBeans();
        boolean z = false;
        if (tuyaCersBeans != null && tuyaCersBeans.size() > 0) {
            for (TuyaCersBean tuyaCersBean : tuyaCersBeans) {
                if (z) {
                    break;
                }
                List<TuyaCersBean.CersBean> certs = tuyaCersBean.getCerts();
                if (certs != null && certs.size() > 0) {
                    Iterator<TuyaCersBean.CersBean> it = certs.iterator();
                    while (true) {
                        if (!it.hasNext()) {
                            break;
                        }
                        if (!checkExpireTimeAllowed(it.next().getETime())) {
                            z = true;
                            break;
                        }
                    }
                }
            }
        }
        return z;
    }

    public static boolean checkExpireTimeAllowed(long j) {
        long currentTimeStamp = TimeStampManager.instance().getCurrentTimeStamp();
        if (currentTimeStamp > j) {
            L.w(TAG, "checkExpireTimeAllowed  expireTime: " + j + " is out of date! ");
            return false;
        }
        if (j - currentTimeStamp < THREE_DAY) {
            L.w(TAG, "checkExpireTimeAllowed  expireTime: " + j + " will expire in three days ! ");
            return false;
        }
        L.d(TAG, "checkExpireTimeAllowed  expireTime: " + j + " have not expire! ");
        return true;
    }

    private void downgrade() {
        L.d(TAG, "downgrade");
        OkHttpClient.Builder newBuilder = TuyaSmartNetWork.getOkHttpClient().newBuilder();
        newBuilder.certificatePinner(CertificatePinner.DEFAULT).build();
        TuyaSmartNetWork.setOkHttpClient(newBuilder.build());
    }

    public static List<TuyaCersBean> getCersFromCache() {
        return stringToList(CacheUtils.getString("key_cache_cers", ""), TuyaCersBean.class);
    }

    public static List<TuyaCersBean> getDefaultCers() {
        return stringToList(AssetsManager.getStringFromAssets(TuyaSmartNetWork.getAppContext(), "cers.json"), TuyaCersBean.class);
    }

    public static List<TuyaCersBean> getTuyaCersBeans() {
        if (!cacheCersExists()) {
            return getDefaultCers();
        }
        L.d(TAG, "getTuyaCersBeans use cache certs");
        return getCersFromCache();
    }

    private boolean hostNameVersExpiretimeAllowed(String str) {
        List<TuyaCersBean> tuyaCersBeans = getTuyaCersBeans();
        boolean z = true;
        if (tuyaCersBeans != null && tuyaCersBeans.size() > 0) {
            for (TuyaCersBean tuyaCersBean : tuyaCersBeans) {
                if (tuyaCersBean != null && str.equals(tuyaCersBean.getDomain())) {
                    Iterator<TuyaCersBean.CersBean> it = tuyaCersBean.getCerts().iterator();
                    while (it.hasNext()) {
                        z &= checkExpireTimeAllowed(it.next().getETime());
                    }
                }
            }
        }
        return z;
    }

    private CertificatePinner putCersListToCertificatePinner(List<TuyaCersBean> list) {
        CertificatePinner.Builder builder = new CertificatePinner.Builder();
        if (list != null && list.size() != 0) {
            int i = 0;
            for (TuyaCersBean tuyaCersBean : list) {
                String domain = tuyaCersBean.getDomain();
                List<TuyaCersBean.CersBean> certs = tuyaCersBean.getCerts();
                if (certs.size() > 0) {
                    boolean z = true;
                    for (TuyaCersBean.CersBean cersBean : certs) {
                        if (!checkExpireTimeAllowed(cersBean.getETime())) {
                            L.w(TAG, "Local cert " + cersBean.getVer() + " have some problems! (The certs will or have been out of date!)");
                            z = false;
                        }
                    }
                    if (z) {
                        L.i(TAG, "putCersListToCertificatePinner domain: " + domain);
                        for (TuyaCersBean.CersBean cersBean2 : certs) {
                            i++;
                            builder.add(domain, cersBean2.getVer());
                            L.i(TAG, "putCersListToCertificatePinner cert: " + cersBean2.getVer());
                        }
                    }
                }
            }
            if (i > 0) {
                return builder.build();
            }
            L.i(TAG, "putCersListToCertificatePinner : no cers match!");
        }
        return null;
    }

    public static void refreshCers() {
        L.d(TAG, "refreshCers");
        CertPinRefresher.getInstance().refreshCerts();
    }

    public static void saveCersToCache(String str) {
        L.d(TAG, "saveCersToCache : " + str);
        CacheUtils.set("key_cache_cers", str);
    }

    public static <T> List<T> stringToList(String str, Class<T> cls) {
        ArrayList arrayList = new ArrayList();
        try {
            return !TextUtils.isEmpty(str) ? JSONArray.parseArray(str, cls) : arrayList;
        } catch (Exception e) {
            e.printStackTrace();
            return arrayList;
        }
    }

    public CertificatePinner createPinner() {
        return putCersListToCertificatePinner(getTuyaCersBeans());
    }

    public List<TuyaSmartQuicManager.PublicKeyPinInfo> createPublicKeyPins() {
        ArrayList arrayList = new ArrayList();
        List<TuyaCersBean> tuyaCersBeans = getTuyaCersBeans();
        if (tuyaCersBeans == null || tuyaCersBeans.size() == 0) {
            return null;
        }
        for (TuyaCersBean tuyaCersBean : tuyaCersBeans) {
            String domain = tuyaCersBean.getDomain();
            List<TuyaCersBean.CersBean> certs = tuyaCersBean.getCerts();
            if (certs.size() > 0) {
                boolean z = true;
                for (TuyaCersBean.CersBean cersBean : certs) {
                    if (!checkExpireTimeAllowed(cersBean.getETime())) {
                        L.w(TAG, "Local cert " + cersBean.getVer() + " have some problems! (The certs will or have been out of date!)");
                        z = false;
                    }
                }
                if (z) {
                    TuyaSmartQuicManager.PublicKeyPinInfo publicKeyPinInfo = new TuyaSmartQuicManager.PublicKeyPinInfo(domain);
                    publicKeyPinInfo.pinsSha256 = new HashSet();
                    L.i(TAG, "createPublicKeyPins domain: " + domain);
                    for (TuyaCersBean.CersBean cersBean2 : certs) {
                        publicKeyPinInfo.pinsSha256.add(Base64.decode(cersBean2.getVer().substring(7), 0));
                        publicKeyPinInfo.expirationDate = new Date(cersBean2.getETime());
                    }
                    if (!publicKeyPinInfo.pinsSha256.isEmpty()) {
                        arrayList.add(publicKeyPinInfo);
                    }
                }
            }
        }
        return arrayList;
    }

    public void handlingCertificateErrors(String str, String str2) {
        if (hostNameVersExpiretimeAllowed(str)) {
            L.e(TAG, "Certificate verification does not pass!");
        } else {
            downgrade();
        }
        refreshCers();
    }
}
