package com.platform.usercenter.network.interceptor;

import com.platform.usercenter.BaseApp;
import com.platform.usercenter.ac.support.net.toolbox.SecurityRequest;
import com.platform.usercenter.basic.provider.UCCommonXor8Provider;
import com.platform.usercenter.network.NetworkModule;
import com.platform.usercenter.network.header.DeviceSecurityHeader;
import com.platform.usercenter.network.header.HeaderConstant;
import com.platform.usercenter.network.header.IBizHeaderManager;
import com.platform.usercenter.network.header.UCHeaderHelperV1;
import com.platform.usercenter.network.header.UCHeaderHelperV2;
import com.platform.usercenter.network.provider.INetConfigProvider;
import com.platform.usercenter.tools.algorithm.MD5Util;
import com.platform.usercenter.tools.datastructure.StringUtil;
import com.platform.usercenter.tools.device.OpenIDHelper;
import com.platform.usercenter.tools.device.UCDeviceInfoUtil;
import com.platform.usercenter.tools.log.UCLogUtil;
import com.platform.usercenter.tools.security.AESUtilTest;
import com.platform.usercenter.tools.security.RsaCoder;
import java.io.IOException;
import java.lang.ref.WeakReference;
import java.net.URLEncoder;
import java.security.SecureRandom;
import java.util.HashMap;
import java.util.Map;
import okhttp3.Headers;
import okhttp3.Interceptor;
import okhttp3.MediaType;
import okhttp3.Request;
import okhttp3.RequestBody;
import okhttp3.Response;
import okhttp3.ResponseBody;
import okio.Buffer;
import org.json.JSONObject;

/* loaded from: classes14.dex */
public class SecurityRequestInterceptor implements Interceptor {
    private static final String FORMAT_CONTENT_TYPE = "%s; charset=%s";
    private static final String HEADER_PROTOCOL_VERSION = "3.0";
    private static final int RETRY_NUM = 2;
    private static final int STATUS_CODE_DECRYPT_FAIL = 222;
    private static final String TAG = "SecurityRequestInterceptor";
    private static final String UTF_8 = "UTF-8";
    private static final String X_R_K = UCCommonXor8Provider.getProviderKeyXor8();
    private final IBizHeaderManager mBizHeaderManager;
    private volatile SecurityKey mSecurityKey;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes14.dex */
    public static class Header {
        private static final String CHAR = "\\/";
        private static final String CHAR_L = "/";
        private static final String HEADER_PROTOCOL_VERSION = "3.0";
        public static final String HEADER_X_SESSION_TICKET = "X-Session-Ticket";
        private static final String X_PROTOCOL = "X-Protocol";

        Header() {
        }

        /* JADX INFO: Access modifiers changed from: private */
        public Map<String, String> newHeader(SecurityKey securityKey, String str) {
            HashMap hashMap = new HashMap(4);
            hashMap.put("X-Protocol-Version", "3.0");
            hashMap.put(UCHeaderHelperV2.X_PROTOCOL_VERSION, "3.0");
            String encrypt = SecurityKey.encrypt(securityKey, str);
            if (encrypt == null) {
                hashMap.put(HeaderConstant.HEAD_K_ACCEPT, "application/json");
                return hashMap;
            }
            securityKey.setHeaderSignatureV1(encrypt);
            hashMap.put(HeaderConstant.HEAD_K_ACCEPT, HeaderConstant.HEADER_SECURITY_CONTENT_TYPE);
            hashMap.put("X-Security", encrypt);
            hashMap.put(UCHeaderHelperV1.HEADER_X_KEY, securityKey.mRsa);
            hashMap.put("X-I-V", securityKey.mIvStr);
            if (securityKey.mSecurityTicket != null && !"".equals(securityKey.mSecurityTicket)) {
                hashMap.put(HEADER_X_SESSION_TICKET, securityKey.mSecurityTicket);
            }
            try {
                JSONObject jSONObject = new JSONObject();
                jSONObject.put(SecurityRequestInterceptor.X_R_K, securityKey.mRsa);
                jSONObject.put("iv", securityKey.mIvStr);
                jSONObject.put("sessionTicket", securityKey.mSecurityTicket);
                String jSONObject2 = jSONObject.toString();
                if (jSONObject2.contains(CHAR)) {
                    jSONObject2 = jSONObject2.replace(CHAR, CHAR_L);
                }
                String encode = URLEncoder.encode(jSONObject2, "UTF-8");
                String encode2 = URLEncoder.encode(encrypt, "UTF-8");
                securityKey.setHeaderSignatureV2(encode2);
                hashMap.put(UCHeaderHelperV2.X_SAFETY, encode2);
                hashMap.put("X-Protocol", encode);
            } catch (Exception e) {
                hashMap.put(UCHeaderHelperV2.X_SAFETY, "");
                hashMap.put("X-Protocol", "");
                UCLogUtil.e(SecurityRequestInterceptor.TAG, "v2 header is error = " + e);
            }
            return hashMap;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes14.dex */
    public static class RequestWrapper {
        static final int REQUEST_ENCRYPT_BODY_FAIL = 11095220;
        static final int REQUEST_ENCRYPT_HEAD_FAIL = 11095221;
        static final int REQUEST_SUCCESS = 11095219;
        final int code;
        final String message;
        final Request request;

        private RequestWrapper(int i, String str, Request request) {
            this.code = i;
            this.message = str;
            this.request = request;
        }

        static RequestWrapper create(int i, String str, Request request) {
            return new RequestWrapper(i, str, request);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes14.dex */
    public static class ResponseWrapper {
        static final int BODY_IS_NULL = 10095221;
        static final int FAIL_DECRYPT = 10095224;
        static final int FAIL_SIGNATURE_NOT_FOUND = 10095222;
        static final int FAIL_SIGNATURE_VERIFY = 10095223;
        static final int HTTP_FAIL = 10095220;
        static final int SUCCESS = 10095219;
        final int code;
        final String message;
        final Response response;

        private ResponseWrapper(int i, String str, Response response) {
            this.code = i;
            this.message = str;
            this.response = response;
        }

        static ResponseWrapper create(int i, String str, Response response) {
            return new ResponseWrapper(i, str, response);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes14.dex */
    public static class SecurityKey {
        private static final String TAG = "SecurityKey";
        private final String mAes;
        private String mHeaderSignatureV1;
        private String mHeaderSignatureV2;
        private final byte[] mIv;
        private final String mIvStr;
        private final String mRsa;
        private String mSecurityTicket;

        private SecurityKey() {
            this.mSecurityTicket = "";
            this.mHeaderSignatureV1 = "";
            this.mHeaderSignatureV2 = "";
            byte[] generateRandom16byte = generateRandom16byte();
            this.mIv = generateRandom16byte;
            this.mIvStr = AESUtilTest.base64EncodeSafe(generateRandom16byte);
            String base64EncodeSafe = AESUtilTest.base64EncodeSafe(generateRandom16byte());
            this.mAes = base64EncodeSafe;
            this.mRsa = RsaCoder.encrypt(base64EncodeSafe, RsaCoder.Key);
        }

        /* JADX INFO: Access modifiers changed from: private */
        public static String decrypt(SecurityKey securityKey, String str) {
            try {
                return AESUtilTest.aesDecryptWithPassKey(str, securityKey.mAes, securityKey.mIv);
            } catch (Exception e) {
                UCLogUtil.e(TAG, "decrypt = " + e);
                return null;
            }
        }

        /* JADX INFO: Access modifiers changed from: private */
        public static String encrypt(SecurityKey securityKey, String str) {
            try {
                return AESUtilTest.aesEncryptWithPassKey(str, securityKey.mAes, securityKey.mIv);
            } catch (Exception e) {
                UCLogUtil.e(TAG, "encrypt" + e);
                return null;
            }
        }

        private byte[] generateRandom16byte() {
            byte[] bArr = new byte[16];
            new SecureRandom().nextBytes(bArr);
            return bArr;
        }

        void setHeaderSignatureV1(String str) {
            this.mHeaderSignatureV1 = str;
        }

        void setHeaderSignatureV2(String str) {
            this.mHeaderSignatureV2 = str;
        }

        void setSecurityTicket(String str) {
            this.mSecurityTicket = str;
        }
    }

    public SecurityRequestInterceptor(IBizHeaderManager iBizHeaderManager) {
        this.mBizHeaderManager = iBizHeaderManager;
    }

    private static String bodyToString(RequestBody requestBody) {
        try {
            Buffer buffer = new Buffer();
            requestBody.a(buffer);
            return buffer.w();
        } catch (Exception e) {
            UCLogUtil.e(TAG, "body is parse error = " + e.getMessage());
            return null;
        }
    }

    private RequestWrapper buildRequest(Request request, SecurityKey securityKey, String str) {
        String str2;
        String str3;
        if ("".equals(str)) {
            str2 = null;
            str3 = "request body is empty";
        } else {
            str2 = SecurityKey.encrypt(securityKey, str);
            str3 = str2 == null ? "encrypt body fail" : "encrypt body success";
        }
        Map newHeader = new Header().newHeader(securityKey, DeviceSecurityHeader.getDeviceSecurityHeader(BaseApp.mContext, this.mBizHeaderManager));
        if ("application/json".equals(newHeader.get(HeaderConstant.HEAD_K_ACCEPT))) {
            return RequestWrapper.create(11095221, "head is encrypt fail", plainTextRequest(request));
        }
        Headers.a d = request.getD().d();
        for (Map.Entry entry : newHeader.entrySet()) {
            d.d((String) entry.getKey(), (String) entry.getValue());
        }
        Request.a a2 = request.c().a(d.b());
        if (str2 != null) {
            a2.a(RequestBody.a(MediaType.b(formatContentType(true)), str2));
        }
        return RequestWrapper.create(11095219, str3, a2.b());
    }

    private String formatContentType(boolean z) {
        return String.format(FORMAT_CONTENT_TYPE, z ? HeaderConstant.HEADER_SECURITY_CONTENT_TYPE : "application/json", "UTF-8");
    }

    private ResponseWrapper handlerResponse(Response response, SecurityKey securityKey) {
        ResponseBody h = response.getH();
        if (h == null) {
            return ResponseWrapper.create(10095221, "responseBody is null", response);
        }
        int code = response.getCode();
        if (!response.a()) {
            return ResponseWrapper.create(10095220, "response code is " + code, response);
        }
        if (code != 222) {
            String str = null;
            try {
                str = h.h();
            } catch (IOException e) {
                UCLogUtil.e(TAG, "responseBody.string error = " + e.getMessage());
            }
            String decrypt = SecurityKey.decrypt(securityKey, str);
            if (decrypt == null) {
                return ResponseWrapper.create(10095224, "decrypt is null", response);
            }
            String a2 = response.getG().a(Header.HEADER_X_SESSION_TICKET);
            securityKey.setSecurityTicket(a2 != null ? a2 : "");
            return ResponseWrapper.create(10095219, "decrypt is success", response.b().a(ResponseBody.a(h.getC(), decrypt)).b());
        }
        String a3 = response.getG().a(SecurityRequest.HEADER_X_SIGNTRUE);
        if (a3 == null || "".equals(a3)) {
            return ResponseWrapper.create(10095222, "signature is null", response);
        }
        boolean z = true;
        boolean z2 = !StringUtil.isEmpty(securityKey.mHeaderSignatureV1);
        boolean z3 = !StringUtil.isEmpty(securityKey.mHeaderSignatureV2);
        if (z2 && z3) {
            String md5Hex = MD5Util.md5Hex(securityKey.mHeaderSignatureV1);
            String md5Hex2 = MD5Util.md5Hex(securityKey.mHeaderSignatureV2);
            if (!RsaCoder.doCheck(md5Hex, a3, RsaCoder.Key) && !RsaCoder.doCheck(md5Hex2, a3, RsaCoder.Key)) {
                z = false;
            }
            if (!z) {
                return ResponseWrapper.create(10095223, "v1 v2 decryptResponse code is signature is" + a3, response);
            }
        } else if (z2 && !RsaCoder.doCheck(MD5Util.md5Hex(securityKey.mHeaderSignatureV1), a3, RsaCoder.Key)) {
            return ResponseWrapper.create(10095223, "v1 decryptResponse code is signature is" + a3, response);
        }
        return ResponseWrapper.create(code, "response decrypt downgrade", response);
    }

    private Request plainTextRequest(Request request) {
        this.mSecurityKey = null;
        return request.c().b(HeaderConstant.HEAD_K_ACCEPT, "application/json").b(UCHeaderHelperV2.X_PROTOCOL_VERSION, "3.0").b();
    }

    @Override // okhttp3.Interceptor
    public Response intercept(Interceptor.a aVar) throws IOException {
        Request a2 = aVar.a();
        RequestBody e = a2.getE();
        String str = "SecurityRequestInterceptor:" + a2.getB().f();
        if (e == null) {
            UCLogUtil.w(str, "srcBody is null");
            return aVar.a(a2);
        }
        String bodyToString = bodyToString(e);
        if (bodyToString == null) {
            UCLogUtil.w(str, "body to str is null");
            return aVar.a(a2);
        }
        WeakReference<INetConfigProvider> weakReference = NetworkModule.Builder.configProvider;
        if (weakReference != null && weakReference.get() != null) {
            INetConfigProvider iNetConfigProvider = weakReference.get();
            if (iNetConfigProvider.isDebug() && !iNetConfigProvider.isEncryption()) {
                String osimei = UCDeviceInfoUtil.getOSIMEI(BaseApp.mContext);
                String guid = OpenIDHelper.getGUID();
                Request.a a3 = a2.c().a(HeaderConstant.HEAD_K_ACCEPT, "application/json").a("X-Protocol-Version", "3.0");
                if (guid == null) {
                    guid = "";
                }
                Request.a a4 = a3.a(OpenIDHelper.HEADER_X_CLIENT_GUID, guid);
                if (osimei == null) {
                    osimei = "";
                }
                return aVar.a(a4.a("imei", osimei).a(RequestBody.a(MediaType.b(formatContentType(false)), bodyToString)).b());
            }
        }
        SecurityKey securityKey = this.mSecurityKey;
        if (securityKey == null) {
            securityKey = new SecurityKey();
            this.mSecurityKey = securityKey;
        }
        RequestWrapper buildRequest = buildRequest(a2, securityKey, bodyToString);
        if (buildRequest.code != 11095219) {
            UCLogUtil.w(str, buildRequest.message);
            return aVar.a(buildRequest.request);
        }
        ResponseWrapper handlerResponse = handlerResponse(aVar.a(buildRequest.request), securityKey);
        for (int i = 1; i <= 2; i++) {
            int i2 = handlerResponse.code;
            if (i2 == 10095219 || i2 == 10095220) {
                return handlerResponse.response;
            }
            if (i2 == 10095221 || i2 == 10095222 || i2 == 10095223) {
                UCLogUtil.w(str, handlerResponse.message);
                this.mSecurityKey = null;
                return handlerResponse.response;
            }
            if (i2 == 10095224 || i2 == 222) {
                handlerResponse.response.close();
                if (i == 2) {
                    break;
                }
                UCLogUtil.w(str, "start second request = " + handlerResponse.message);
                handlerResponse = handlerResponse(aVar.a(buildRequest.request), securityKey);
            }
        }
        UCLogUtil.w(str, "second request fail, retry request to plant text");
        return aVar.a(plainTextRequest(a2));
    }
}
