package com.platform.usercenter.network.interceptor;

import android.support.v4.media.a;
import androidx.annotation.NonNull;
import androidx.appcompat.widget.d;
import androidx.appcompat.widget.e;
import com.oapm.perftest.trace.TraceWeaver;
import com.oplus.nearx.track.internal.upload.net.NetworkConstant;
import com.platform.usercenter.BaseApp;
import com.platform.usercenter.basic.provider.UCCommonXor8Provider;
import com.platform.usercenter.network.NetworkModule;
import com.platform.usercenter.network.header.DeviceSecurityHeader;
import com.platform.usercenter.network.header.HeaderConstant;
import com.platform.usercenter.network.header.IBizHeaderManager;
import com.platform.usercenter.network.header.UCHeaderHelperV1;
import com.platform.usercenter.network.provider.INetConfigProvider;
import com.platform.usercenter.tools.algorithm.MD5Util;
import com.platform.usercenter.tools.datastructure.StringUtil;
import com.platform.usercenter.tools.device.OpenIDHelper;
import com.platform.usercenter.tools.device.UCDeviceInfoUtil;
import com.platform.usercenter.tools.log.UCLogUtil;
import com.platform.usercenter.tools.security.AESUtilTest;
import com.platform.usercenter.tools.security.RsaCoder;
import java.io.IOException;
import java.lang.ref.WeakReference;
import java.net.URLEncoder;
import java.security.SecureRandom;
import java.util.HashMap;
import java.util.Map;
import okhttp3.Headers;
import okhttp3.Interceptor;
import okhttp3.MediaType;
import okhttp3.Request;
import okhttp3.RequestBody;
import okhttp3.Response;
import okhttp3.ResponseBody;
import okio.Buffer;
import org.json.JSONObject;

/* loaded from: classes4.dex */
public class SecurityRequestInterceptor implements Interceptor {
    private static final String FORMAT_CONTENT_TYPE = "%s; charset=%s";
    private static final String HEADER_PROTOCOL_VERSION = "3.0";
    private static final int RETRY_NUM = 2;
    private static final int STATUS_CODE_DECRYPT_FAIL = 222;
    private static final String TAG = "SecurityRequestInterceptor";
    private static final String UTF_8 = "UTF-8";
    private static final String X_R_K;
    private final IBizHeaderManager mBizHeaderManager;
    private volatile SecurityKey mSecurityKey;

    /* loaded from: classes4.dex */
    public static class Header {
        private static final String CHAR = "\\/";
        private static final String CHAR_L = "/";
        private static final String HEADER_PROTOCOL_VERSION = "3.0";
        public static final String HEADER_X_SESSION_TICKET = "X-Session-Ticket";
        private static final String X_PROTOCOL = "X-Protocol";

        public Header() {
            TraceWeaver.i(140462);
            TraceWeaver.o(140462);
        }

        /* JADX INFO: Access modifiers changed from: private */
        public Map<String, String> newHeader(SecurityKey securityKey, String str) {
            TraceWeaver.i(140468);
            HashMap hashMap = new HashMap(4);
            hashMap.put("X-Protocol-Version", HEADER_PROTOCOL_VERSION);
            hashMap.put("X-Protocol-Ver", HEADER_PROTOCOL_VERSION);
            String encrypt = SecurityKey.encrypt(securityKey, str);
            if (encrypt == null) {
                hashMap.put(HeaderConstant.HEAD_K_ACCEPT, "application/json");
                TraceWeaver.o(140468);
                return hashMap;
            }
            securityKey.setHeaderSignatureV1(encrypt);
            hashMap.put(HeaderConstant.HEAD_K_ACCEPT, "application/encrypted-json");
            hashMap.put("X-Security", encrypt);
            hashMap.put(UCHeaderHelperV1.HEADER_X_KEY, securityKey.mRsa);
            hashMap.put("X-I-V", securityKey.mIvStr);
            if (securityKey.mSecurityTicket != null && !"".equals(securityKey.mSecurityTicket)) {
                hashMap.put("X-Session-Ticket", securityKey.mSecurityTicket);
            }
            try {
                JSONObject jSONObject = new JSONObject();
                jSONObject.put(SecurityRequestInterceptor.X_R_K, securityKey.mRsa);
                jSONObject.put(NetworkConstant.KEY_IV, securityKey.mIvStr);
                jSONObject.put("sessionTicket", securityKey.mSecurityTicket);
                String jSONObject2 = jSONObject.toString();
                if (jSONObject2.contains(CHAR)) {
                    jSONObject2 = jSONObject2.replace(CHAR, CHAR_L);
                }
                String encode = URLEncoder.encode(jSONObject2, "UTF-8");
                String encode2 = URLEncoder.encode(encrypt, "UTF-8");
                securityKey.setHeaderSignatureV2(encode2);
                hashMap.put("X-Safety", encode2);
                hashMap.put("X-Protocol", encode);
            } catch (Exception e11) {
                hashMap.put("X-Safety", "");
                hashMap.put("X-Protocol", "");
                UCLogUtil.e(SecurityRequestInterceptor.TAG, "v2 header is error = " + e11);
            }
            TraceWeaver.o(140468);
            return hashMap;
        }
    }

    /* loaded from: classes4.dex */
    public static class RequestWrapper {
        public static final int REQUEST_ENCRYPT_BODY_FAIL = 11095220;
        public static final int REQUEST_ENCRYPT_HEAD_FAIL = 11095221;
        public static final int REQUEST_SUCCESS = 11095219;
        public final int code;
        public final String message;
        public final Request request;

        private RequestWrapper(int i11, String str, Request request) {
            TraceWeaver.i(140486);
            this.code = i11;
            this.message = str;
            this.request = request;
            TraceWeaver.o(140486);
        }

        public static RequestWrapper create(int i11, String str, Request request) {
            TraceWeaver.i(140492);
            RequestWrapper requestWrapper = new RequestWrapper(i11, str, request);
            TraceWeaver.o(140492);
            return requestWrapper;
        }
    }

    /* loaded from: classes4.dex */
    public static class ResponseWrapper {
        public static final int BODY_IS_NULL = 10095221;
        public static final int FAIL_DECRYPT = 10095224;
        public static final int FAIL_SIGNATURE_NOT_FOUND = 10095222;
        public static final int FAIL_SIGNATURE_VERIFY = 10095223;
        public static final int HTTP_FAIL = 10095220;
        public static final int SUCCESS = 10095219;
        public final int code;
        public final String message;
        public final Response response;

        private ResponseWrapper(int i11, String str, Response response) {
            TraceWeaver.i(140524);
            this.code = i11;
            this.message = str;
            this.response = response;
            TraceWeaver.o(140524);
        }

        public static ResponseWrapper create(int i11, String str, Response response) {
            TraceWeaver.i(140530);
            ResponseWrapper responseWrapper = new ResponseWrapper(i11, str, response);
            TraceWeaver.o(140530);
            return responseWrapper;
        }
    }

    /* loaded from: classes4.dex */
    public static class SecurityKey {
        private static final String TAG = "SecurityKey";
        private final String mAes;
        private String mHeaderSignatureV1;
        private String mHeaderSignatureV2;
        private final byte[] mIv;
        private final String mIvStr;
        private final String mRsa;
        private String mSecurityTicket;

        private SecurityKey() {
            TraceWeaver.i(140557);
            this.mSecurityTicket = "";
            this.mHeaderSignatureV1 = "";
            this.mHeaderSignatureV2 = "";
            byte[] generateRandom16byte = generateRandom16byte();
            this.mIv = generateRandom16byte;
            this.mIvStr = AESUtilTest.base64EncodeSafe(generateRandom16byte);
            String base64EncodeSafe = AESUtilTest.base64EncodeSafe(generateRandom16byte());
            this.mAes = base64EncodeSafe;
            this.mRsa = RsaCoder.encrypt(base64EncodeSafe, RsaCoder.Key);
            TraceWeaver.o(140557);
        }

        /* JADX INFO: Access modifiers changed from: private */
        public static String decrypt(SecurityKey securityKey, String str) {
            TraceWeaver.i(140566);
            try {
                String aesDecryptWithPassKey = AESUtilTest.aesDecryptWithPassKey(str, securityKey.mAes, securityKey.mIv);
                TraceWeaver.o(140566);
                return aesDecryptWithPassKey;
            } catch (Exception e11) {
                UCLogUtil.e(TAG, "decrypt = " + e11);
                TraceWeaver.o(140566);
                return null;
            }
        }

        /* JADX INFO: Access modifiers changed from: private */
        public static String encrypt(SecurityKey securityKey, String str) {
            TraceWeaver.i(140560);
            try {
                String aesEncryptWithPassKey = AESUtilTest.aesEncryptWithPassKey(str, securityKey.mAes, securityKey.mIv);
                TraceWeaver.o(140560);
                return aesEncryptWithPassKey;
            } catch (Exception e11) {
                UCLogUtil.e(TAG, "encrypt" + e11);
                TraceWeaver.o(140560);
                return null;
            }
        }

        private byte[] generateRandom16byte() {
            TraceWeaver.i(140575);
            byte[] bArr = new byte[16];
            new SecureRandom().nextBytes(bArr);
            TraceWeaver.o(140575);
            return bArr;
        }

        public void setHeaderSignatureV1(String str) {
            TraceWeaver.i(140573);
            this.mHeaderSignatureV1 = str;
            TraceWeaver.o(140573);
        }

        public void setHeaderSignatureV2(String str) {
            TraceWeaver.i(140574);
            this.mHeaderSignatureV2 = str;
            TraceWeaver.o(140574);
        }

        public void setSecurityTicket(String str) {
            TraceWeaver.i(140570);
            this.mSecurityTicket = str;
            TraceWeaver.o(140570);
        }
    }

    static {
        TraceWeaver.i(140672);
        X_R_K = UCCommonXor8Provider.getProviderKeyXor8();
        TraceWeaver.o(140672);
    }

    public SecurityRequestInterceptor(IBizHeaderManager iBizHeaderManager) {
        TraceWeaver.i(140627);
        this.mBizHeaderManager = iBizHeaderManager;
        TraceWeaver.o(140627);
    }

    private static String bodyToString(@NonNull RequestBody requestBody) {
        TraceWeaver.i(140632);
        try {
            Buffer buffer = new Buffer();
            requestBody.writeTo(buffer);
            String readUtf8 = buffer.readUtf8();
            TraceWeaver.o(140632);
            return readUtf8;
        } catch (Exception e11) {
            StringBuilder j11 = e.j("body is parse error = ");
            j11.append(e11.getMessage());
            UCLogUtil.e(TAG, j11.toString());
            TraceWeaver.o(140632);
            return null;
        }
    }

    private RequestWrapper buildRequest(@NonNull Request request, @NonNull SecurityKey securityKey, @NonNull String str) {
        String str2;
        String str3;
        TraceWeaver.i(140655);
        if ("".equals(str)) {
            str2 = null;
            str3 = "request body is empty";
        } else {
            str2 = SecurityKey.encrypt(securityKey, str);
            str3 = str2 == null ? "encrypt body fail" : "encrypt body success";
        }
        Map newHeader = new Header().newHeader(securityKey, DeviceSecurityHeader.getDeviceSecurityHeader(BaseApp.mContext, this.mBizHeaderManager));
        if ("application/json".equals(newHeader.get(HeaderConstant.HEAD_K_ACCEPT))) {
            RequestWrapper create = RequestWrapper.create(11095221, "head is encrypt fail", plainTextRequest(request));
            TraceWeaver.o(140655);
            return create;
        }
        Headers.Builder newBuilder = request.headers().newBuilder();
        for (Map.Entry entry : newHeader.entrySet()) {
            newBuilder.set((String) entry.getKey(), (String) entry.getValue());
        }
        Request.Builder headers = request.newBuilder().headers(newBuilder.build());
        if (str2 != null) {
            headers.post(RequestBody.create(MediaType.parse(formatContentType(true)), str2));
        }
        RequestWrapper create2 = RequestWrapper.create(11095219, str3, headers.build());
        TraceWeaver.o(140655);
        return create2;
    }

    private String formatContentType(boolean z11) {
        TraceWeaver.i(140669);
        String format = String.format(FORMAT_CONTENT_TYPE, z11 ? "application/encrypted-json" : "application/json", "UTF-8");
        TraceWeaver.o(140669);
        return format;
    }

    private ResponseWrapper handlerResponse(Response response, SecurityKey securityKey) {
        TraceWeaver.i(140666);
        ResponseBody body = response.body();
        if (body == null) {
            ResponseWrapper create = ResponseWrapper.create(10095221, "responseBody is null", response);
            TraceWeaver.o(140666);
            return create;
        }
        int code = response.code();
        if (!response.isSuccessful()) {
            ResponseWrapper create2 = ResponseWrapper.create(10095220, a.i("response code is ", code), response);
            TraceWeaver.o(140666);
            return create2;
        }
        if (code != STATUS_CODE_DECRYPT_FAIL) {
            String str = null;
            try {
                str = body.string();
            } catch (IOException e11) {
                StringBuilder j11 = e.j("responseBody.string error = ");
                j11.append(e11.getMessage());
                UCLogUtil.e(TAG, j11.toString());
            }
            String decrypt = SecurityKey.decrypt(securityKey, str);
            if (decrypt == null) {
                ResponseWrapper create3 = ResponseWrapper.create(10095224, "decrypt is null", response);
                TraceWeaver.o(140666);
                return create3;
            }
            String str2 = response.headers().get("X-Session-Ticket");
            securityKey.setSecurityTicket(str2 != null ? str2 : "");
            ResponseWrapper create4 = ResponseWrapper.create(10095219, "decrypt is success", response.newBuilder().body(ResponseBody.create(body.contentType(), decrypt)).build());
            TraceWeaver.o(140666);
            return create4;
        }
        String str3 = response.headers().get("X-Signature");
        if (str3 == null || "".equals(str3)) {
            ResponseWrapper create5 = ResponseWrapper.create(10095222, "signature is null", response);
            TraceWeaver.o(140666);
            return create5;
        }
        boolean z11 = true;
        boolean z12 = !StringUtil.isEmpty(securityKey.mHeaderSignatureV1);
        boolean z13 = !StringUtil.isEmpty(securityKey.mHeaderSignatureV2);
        if (z12 && z13) {
            String md5Hex = MD5Util.md5Hex(securityKey.mHeaderSignatureV1);
            String md5Hex2 = MD5Util.md5Hex(securityKey.mHeaderSignatureV2);
            String str4 = RsaCoder.Key;
            if (!RsaCoder.doCheck(md5Hex, str3, str4) && !RsaCoder.doCheck(md5Hex2, str3, str4)) {
                z11 = false;
            }
            if (!z11) {
                ResponseWrapper create6 = ResponseWrapper.create(10095223, d.e("v1 v2 decryptResponse code is signature is", str3), response);
                TraceWeaver.o(140666);
                return create6;
            }
        } else if (z12 && !RsaCoder.doCheck(MD5Util.md5Hex(securityKey.mHeaderSignatureV1), str3, RsaCoder.Key)) {
            ResponseWrapper create7 = ResponseWrapper.create(10095223, d.e("v1 decryptResponse code is signature is", str3), response);
            TraceWeaver.o(140666);
            return create7;
        }
        ResponseWrapper create8 = ResponseWrapper.create(code, "response decrypt downgrade", response);
        TraceWeaver.o(140666);
        return create8;
    }

    private Request plainTextRequest(@NonNull Request request) {
        TraceWeaver.i(140651);
        this.mSecurityKey = null;
        Request build = request.newBuilder().addHeader(HeaderConstant.HEAD_K_ACCEPT, "application/json").addHeader("X-Protocol-Ver", HEADER_PROTOCOL_VERSION).build();
        TraceWeaver.o(140651);
        return build;
    }

    @Override // okhttp3.Interceptor
    @NonNull
    public Response intercept(Interceptor.Chain chain) throws IOException {
        TraceWeaver.i(140637);
        Request request = chain.request();
        RequestBody body = request.body();
        StringBuilder j11 = e.j("SecurityRequestInterceptor:");
        j11.append(request.url().encodedPath());
        String sb2 = j11.toString();
        if (body == null) {
            UCLogUtil.w(sb2, "srcBody is null");
            Response proceed = chain.proceed(request);
            TraceWeaver.o(140637);
            return proceed;
        }
        String bodyToString = bodyToString(body);
        if (bodyToString == null) {
            UCLogUtil.w(sb2, "body to str is null");
            Response proceed2 = chain.proceed(request);
            TraceWeaver.o(140637);
            return proceed2;
        }
        WeakReference<INetConfigProvider> weakReference = NetworkModule.Builder.configProvider;
        if (weakReference != null && weakReference.get() != null) {
            INetConfigProvider iNetConfigProvider = weakReference.get();
            if (iNetConfigProvider.isDebug() && !iNetConfigProvider.isEncryption()) {
                String osimei = UCDeviceInfoUtil.getOSIMEI(BaseApp.mContext);
                String guid = OpenIDHelper.getGUID();
                Request.Builder header = request.newBuilder().header(HeaderConstant.HEAD_K_ACCEPT, "application/json").header("X-Protocol-Version", HEADER_PROTOCOL_VERSION);
                if (guid == null) {
                    guid = "";
                }
                Request.Builder header2 = header.header("X-Client-GUID", guid);
                if (osimei == null) {
                    osimei = "";
                }
                Response proceed3 = chain.proceed(header2.header("imei", osimei).post(RequestBody.create(MediaType.parse(formatContentType(false)), bodyToString)).build());
                TraceWeaver.o(140637);
                return proceed3;
            }
        }
        SecurityKey securityKey = this.mSecurityKey;
        if (securityKey == null) {
            securityKey = new SecurityKey();
            this.mSecurityKey = securityKey;
        }
        RequestWrapper buildRequest = buildRequest(request, securityKey, bodyToString);
        if (buildRequest.code != 11095219) {
            UCLogUtil.w(sb2, buildRequest.message);
            Response proceed4 = chain.proceed(buildRequest.request);
            TraceWeaver.o(140637);
            return proceed4;
        }
        ResponseWrapper handlerResponse = handlerResponse(chain.proceed(buildRequest.request), securityKey);
        for (int i11 = 1; i11 <= 2; i11++) {
            int i12 = handlerResponse.code;
            if (i12 == 10095219 || i12 == 10095220) {
                Response response = handlerResponse.response;
                TraceWeaver.o(140637);
                return response;
            }
            if (i12 == 10095221 || i12 == 10095222 || i12 == 10095223) {
                UCLogUtil.w(sb2, handlerResponse.message);
                this.mSecurityKey = null;
                Response response2 = handlerResponse.response;
                TraceWeaver.o(140637);
                return response2;
            }
            if (i12 == 10095224 || i12 == STATUS_CODE_DECRYPT_FAIL) {
                handlerResponse.response.close();
                if (i11 == 2) {
                    break;
                }
                StringBuilder j12 = e.j("start second request = ");
                j12.append(handlerResponse.message);
                UCLogUtil.w(sb2, j12.toString());
                handlerResponse = handlerResponse(chain.proceed(buildRequest.request), securityKey);
            }
        }
        UCLogUtil.w(sb2, "second request fail, retry request to plant text");
        Response proceed5 = chain.proceed(plainTextRequest(request));
        TraceWeaver.o(140637);
        return proceed5;
    }
}
