package com.platform.usercenter.network.interceptor;

import androidx.annotation.NonNull;
import com.platform.usercenter.BaseApp;
import com.platform.usercenter.basic.provider.UCCommonXor8Provider;
import com.platform.usercenter.network.NetworkModule;
import com.platform.usercenter.network.header.DeviceSecurityHeader;
import com.platform.usercenter.network.header.HeaderConstant;
import com.platform.usercenter.network.header.IBizHeaderManager;
import com.platform.usercenter.network.header.UCHeaderHelper;
import com.platform.usercenter.network.header.UCHeaderHelperV1;
import com.platform.usercenter.network.provider.INetConfigProvider;
import com.platform.usercenter.tools.algorithm.MD5Util;
import com.platform.usercenter.tools.datastructure.StringUtil;
import com.platform.usercenter.tools.device.OpenIDHelper;
import com.platform.usercenter.tools.device.UCDeviceInfoUtil;
import com.platform.usercenter.tools.log.UCLogUtil;
import com.platform.usercenter.tools.security.AESUtilTest;
import com.platform.usercenter.tools.security.RsaCoder;
import java.io.IOException;
import java.lang.ref.WeakReference;
import java.net.URLEncoder;
import java.security.SecureRandom;
import java.util.HashMap;
import java.util.Map;
import okhttp3.Headers;
import okhttp3.Interceptor;
import okhttp3.MediaType;
import okhttp3.Request;
import okhttp3.RequestBody;
import okhttp3.Response;
import okhttp3.ResponseBody;
import okio.Buffer;
import org.json.JSONObject;

/* loaded from: classes8.dex */
public class SecurityRequestInterceptor implements Interceptor {

    /* renamed from: a, reason: collision with root package name */
    private static final String f7548a = UCCommonXor8Provider.o();
    private final IBizHeaderManager b;
    private volatile SecurityKey c;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes8.dex */
    public static class Header {
        Header() {
        }

        /* JADX INFO: Access modifiers changed from: private */
        public Map<String, String> b(SecurityKey securityKey, String str) {
            HashMap hashMap = new HashMap(4);
            hashMap.put("X-Protocol-Version", "3.0");
            hashMap.put("X-Protocol-Ver", "3.0");
            String i = SecurityKey.i(securityKey, str);
            if (i == null) {
                hashMap.put(HeaderConstant.f7543a, "application/json");
                return hashMap;
            }
            securityKey.k(i);
            hashMap.put(HeaderConstant.f7543a, "application/encrypted-json");
            hashMap.put(UCHeaderHelper.HEADER_X_SECURITY, i);
            hashMap.put(UCHeaderHelperV1.f7544a, securityKey.d);
            hashMap.put("X-I-V", securityKey.c);
            if (securityKey.e != null && !"".equals(securityKey.e)) {
                hashMap.put("X-Session-Ticket", securityKey.e);
            }
            try {
                JSONObject jSONObject = new JSONObject();
                jSONObject.put(SecurityRequestInterceptor.f7548a, securityKey.d);
                jSONObject.put("iv", securityKey.c);
                jSONObject.put("sessionTicket", securityKey.e);
                String jSONObject2 = jSONObject.toString();
                if (jSONObject2.contains("\\/")) {
                    jSONObject2 = jSONObject2.replace("\\/", "/");
                }
                String encode = URLEncoder.encode(jSONObject2, "UTF-8");
                String encode2 = URLEncoder.encode(i, "UTF-8");
                securityKey.l(encode2);
                hashMap.put("X-Safety", encode2);
                hashMap.put("X-Protocol", encode);
            } catch (Exception e) {
                hashMap.put("X-Safety", "");
                hashMap.put("X-Protocol", "");
                UCLogUtil.j("SecurityRequestInterceptor", "v2 header is error = " + e);
            }
            return hashMap;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes8.dex */
    public static class RequestWrapper {

        /* renamed from: a, reason: collision with root package name */
        final int f7549a;
        final String b;
        final Request c;

        private RequestWrapper(int i, String str, Request request) {
            this.f7549a = i;
            this.b = str;
            this.c = request;
        }

        static RequestWrapper a(int i, String str, Request request) {
            return new RequestWrapper(i, str, request);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes8.dex */
    public static class ResponseWrapper {

        /* renamed from: a, reason: collision with root package name */
        final int f7550a;
        final String b;
        final Response c;

        private ResponseWrapper(int i, String str, Response response) {
            this.f7550a = i;
            this.b = str;
            this.c = response;
        }

        static ResponseWrapper a(int i, String str, Response response) {
            return new ResponseWrapper(i, str, response);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes8.dex */
    public static class SecurityKey {

        /* renamed from: a, reason: collision with root package name */
        private final String f7551a;
        private final byte[] b;
        private final String c;
        private final String d;
        private String e;
        private String f;
        private String g;

        private SecurityKey() {
            this.e = "";
            this.f = "";
            this.g = "";
            byte[] j = j();
            this.b = j;
            this.c = AESUtilTest.g(j);
            String g = AESUtilTest.g(j());
            this.f7551a = g;
            this.d = RsaCoder.c(g, RsaCoder.f7577a);
        }

        /* JADX INFO: Access modifiers changed from: private */
        public static String h(SecurityKey securityKey, String str) {
            try {
                return AESUtilTest.b(str, securityKey.f7551a, securityKey.b);
            } catch (Exception e) {
                UCLogUtil.j("SecurityKey", "decrypt = " + e);
                return null;
            }
        }

        /* JADX INFO: Access modifiers changed from: private */
        public static String i(SecurityKey securityKey, String str) {
            try {
                return AESUtilTest.d(str, securityKey.f7551a, securityKey.b);
            } catch (Exception e) {
                UCLogUtil.j("SecurityKey", "encrypt" + e);
                return null;
            }
        }

        private byte[] j() {
            byte[] bArr = new byte[16];
            new SecureRandom().nextBytes(bArr);
            return bArr;
        }

        void k(String str) {
            this.f = str;
        }

        void l(String str) {
            this.g = str;
        }

        void m(String str) {
            this.e = str;
        }
    }

    public SecurityRequestInterceptor(IBizHeaderManager iBizHeaderManager) {
        this.b = iBizHeaderManager;
    }

    private static String b(@NonNull RequestBody requestBody) {
        try {
            Buffer buffer = new Buffer();
            requestBody.writeTo(buffer);
            return buffer.readUtf8();
        } catch (Exception e) {
            UCLogUtil.j("SecurityRequestInterceptor", "body is parse error = " + e.getMessage());
            return null;
        }
    }

    private RequestWrapper c(@NonNull Request request, @NonNull SecurityKey securityKey, @NonNull String str) {
        String str2;
        String str3;
        if ("".equals(str)) {
            str2 = null;
            str3 = "request body is empty";
        } else {
            str2 = SecurityKey.i(securityKey, str);
            str3 = str2 == null ? "encrypt body fail" : "encrypt body success";
        }
        Map b = new Header().b(securityKey, DeviceSecurityHeader.a(BaseApp.f7475a, this.b));
        if ("application/json".equals(b.get(HeaderConstant.f7543a))) {
            return RequestWrapper.a(11095221, "head is encrypt fail", f(request));
        }
        Headers.Builder newBuilder = request.headers().newBuilder();
        for (Map.Entry entry : b.entrySet()) {
            newBuilder.set((String) entry.getKey(), (String) entry.getValue());
        }
        Request.Builder headers = request.newBuilder().headers(newBuilder.build());
        if (str2 != null) {
            headers.post(RequestBody.create(MediaType.parse(d(true)), str2));
        }
        return RequestWrapper.a(11095219, str3, headers.build());
    }

    private String d(boolean z) {
        return String.format("%s; charset=%s", z ? "application/encrypted-json" : "application/json", "UTF-8");
    }

    private ResponseWrapper e(Response response, SecurityKey securityKey) {
        ResponseBody body = response.body();
        if (body == null) {
            return ResponseWrapper.a(10095221, "responseBody is null", response);
        }
        int code = response.code();
        if (!response.isSuccessful()) {
            return ResponseWrapper.a(10095220, "response code is " + code, response);
        }
        if (code != 222) {
            String str = null;
            try {
                str = body.string();
            } catch (IOException e) {
                UCLogUtil.j("SecurityRequestInterceptor", "responseBody.string error = " + e.getMessage());
            }
            String h = SecurityKey.h(securityKey, str);
            if (h == null) {
                return ResponseWrapper.a(10095224, "decrypt is null", response);
            }
            String str2 = response.headers().get("X-Session-Ticket");
            securityKey.m(str2 != null ? str2 : "");
            return ResponseWrapper.a(10095219, "decrypt is success", response.newBuilder().body(ResponseBody.create(body.get$contentType(), h)).build());
        }
        String str3 = response.headers().get("X-Signature");
        if (str3 == null || "".equals(str3)) {
            return ResponseWrapper.a(10095222, "signature is null", response);
        }
        boolean z = true;
        boolean z2 = !StringUtil.a(securityKey.f);
        boolean z3 = !StringUtil.a(securityKey.g);
        if (z2 && z3) {
            String a2 = MD5Util.a(securityKey.f);
            String a3 = MD5Util.a(securityKey.g);
            String str4 = RsaCoder.f7577a;
            if (!RsaCoder.b(a2, str3, str4) && !RsaCoder.b(a3, str3, str4)) {
                z = false;
            }
            if (!z) {
                return ResponseWrapper.a(10095223, "v1 v2 decryptResponse code is signature is" + str3, response);
            }
        } else if (z2 && !RsaCoder.b(MD5Util.a(securityKey.f), str3, RsaCoder.f7577a)) {
            return ResponseWrapper.a(10095223, "v1 decryptResponse code is signature is" + str3, response);
        }
        return ResponseWrapper.a(code, "response decrypt downgrade", response);
    }

    private Request f(@NonNull Request request) {
        this.c = null;
        return request.newBuilder().addHeader(HeaderConstant.f7543a, "application/json").addHeader("X-Protocol-Ver", "3.0").build();
    }

    @Override // okhttp3.Interceptor
    @NonNull
    public Response intercept(Interceptor.Chain chain) throws IOException {
        Request request = chain.request();
        RequestBody body = request.body();
        String str = "SecurityRequestInterceptor:" + request.url().encodedPath();
        if (body == null) {
            UCLogUtil.t(str, "srcBody is null");
            return chain.proceed(request);
        }
        String b = b(body);
        if (b == null) {
            UCLogUtil.t(str, "body to str is null");
            return chain.proceed(request);
        }
        WeakReference<INetConfigProvider> weakReference = NetworkModule.Builder.f7542a;
        if (weakReference != null && weakReference.get() != null) {
            INetConfigProvider iNetConfigProvider = weakReference.get();
            if (iNetConfigProvider.isDebug() && !iNetConfigProvider.isEncryption()) {
                String r = UCDeviceInfoUtil.r(BaseApp.f7475a);
                String guid = OpenIDHelper.getGUID();
                Request.Builder header = request.newBuilder().header(HeaderConstant.f7543a, "application/json").header("X-Protocol-Version", "3.0");
                if (guid == null) {
                    guid = "";
                }
                Request.Builder header2 = header.header(OpenIDHelper.HEADER_X_CLIENT_GUID, guid);
                if (r == null) {
                    r = "";
                }
                return chain.proceed(header2.header("imei", r).post(RequestBody.create(MediaType.parse(d(false)), b)).build());
            }
        }
        SecurityKey securityKey = this.c;
        if (securityKey == null) {
            securityKey = new SecurityKey();
            this.c = securityKey;
        }
        RequestWrapper c = c(request, securityKey, b);
        if (c.f7549a != 11095219) {
            UCLogUtil.t(str, c.b);
            return chain.proceed(c.c);
        }
        ResponseWrapper e = e(chain.proceed(c.c), securityKey);
        for (int i = 1; i <= 2; i++) {
            int i2 = e.f7550a;
            if (i2 == 10095219 || i2 == 10095220) {
                return e.c;
            }
            if (i2 == 10095221 || i2 == 10095222 || i2 == 10095223) {
                UCLogUtil.t(str, e.b);
                this.c = null;
                return e.c;
            }
            if (i2 == 10095224 || i2 == 222) {
                e.c.close();
                if (i == 2) {
                    break;
                }
                UCLogUtil.t(str, "start second request = " + e.b);
                e = e(chain.proceed(c.c), securityKey);
            }
        }
        UCLogUtil.t(str, "second request fail, retry request to plant text");
        return chain.proceed(f(request));
    }
}
