package com.heytap.accountsdk.net.security.interceptor;

import android.text.TextUtils;
import com.heytap.accountsdk.net.security.request.HeaderConstant;
import com.platform.usercenter.common.lib.BaseApp;
import com.platform.usercenter.common.lib.utils.UCLogUtil;
import com.platform.usercenter.common.security.DeviceSecurityHeader;
import com.platform.usercenter.common.security.SecurityProtocolManager;
import com.platform.usercenter.common.security.UCHeaderHelperV2;
import com.platform.usercenter.tools.MD5Util;
import com.platform.usercenter.tools.RsaCoder;
import java.io.IOException;
import java.net.URLEncoder;
import java.util.LinkedList;
import okhttp3.aa;
import okhttp3.ab;
import okhttp3.ac;
import okhttp3.ad;
import okhttp3.u;
import okhttp3.v;
import okhttp3.w;
import okio.Buffer;

/* loaded from: classes2.dex */
public class UCSecurityRequestInterceptor implements v {
    private static final int DECRYPT_FAIL_CODE = 5222;
    private static final String FORMAT_CONTENT_TYPE = "%s; charset=%s";
    public static final String HEADER_PROTOCOL_VERSION = "2.0";
    private static final String HEADER_SECURITY_CONTENT_TYPE = "application/encrypted-json";
    public static final String HEADER_X_PROTOCOL_VERSION = "X-Protocol-Version";
    private static final String HEADER_X_SESSION_TICKET = "X-Session-Ticket";
    public static final String HEADER_X_SIGNTRUE = "X-Signature";
    private static final String KEY_SECURITY_ACCEPT = "application/encrypted-json";
    private static final int STATUS_CODE_DECRYPT_FAIL = 222;
    private static final String TAG = "SecurityRequest";
    private String mHeaderSigntrueV1;
    private String mHeaderSigntrueV2;
    private String TAG_SUFFIX = TAG;
    private final LogQueue mLogs = new LogQueue();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes2.dex */
    public static final class LogQueue extends LinkedList<String> {
        private LogQueue() {
        }

        @Override // java.util.LinkedList, java.util.Deque, java.util.Queue
        public boolean offer(String str) {
            return super.offer((LogQueue) str);
        }
    }

    private static String bodyToString(ab abVar) {
        try {
            Buffer buffer = new Buffer();
            abVar.mo58523(buffer);
            return buffer.mo59219();
        } catch (IOException e) {
            e.printStackTrace();
            return null;
        }
    }

    private void checkAndSetProtocolV1(u.a aVar, String str, SecurityProtocolManager.SecurityKeys securityKeys) {
        if (checkNameAndValue("X-Security", str)) {
            aVar.m59006("X-Security", str);
        }
        if (checkNameAndValue("X-Key", securityKeys.mRSA)) {
            aVar.m59006("X-Key", securityKeys.mRSA);
        }
        if (checkNameAndValue(HEADER_X_SESSION_TICKET, securityKeys.mSecurityTicket)) {
            aVar.m59006(HEADER_X_SESSION_TICKET, securityKeys.mSecurityTicket);
        }
        aVar.m59006("X-Protocol-Version", "2.0");
    }

    private void checkAndSetProtocolV2(u.a aVar, String str, SecurityProtocolManager.SecurityKeys securityKeys) {
        if (checkNameAndValue("X-Safety", str)) {
            aVar.m59006("X-Safety", str);
        }
        String buildHeader = UCHeaderHelperV2.HeaderXProtocol.buildHeader(BaseApp.mContext, securityKeys.mRSA, securityKeys.mSecurityTicket);
        if (checkNameAndValue("X-Protocol", buildHeader)) {
            aVar.m59006("X-Protocol", buildHeader);
        }
        aVar.m59006("X-Protocol-Ver", "2.0");
    }

    private ac decryptResponse(ac acVar, SecurityProtocolManager.SecurityKeys securityKeys, String str, String str2) {
        u m58536 = acVar.m58536();
        ad m58537 = acVar.m58537();
        if (!success(acVar)) {
            if (acVar.m58532() != 222 || m58536 == null || TextUtils.isEmpty(m58536.m58992("X-Signature"))) {
                return acVar;
            }
            String m58992 = m58536.m58992("X-Signature");
            String md5Hex = MD5Util.md5Hex(this.mHeaderSigntrueV1);
            if (RsaCoder.doCheck(md5Hex, m58992, "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDpgSW5VkZ6/xvh+wMXezrOokNdiupuvuMj4RVJy44byWDupl4H37z907A26RVdFzMeyLUQB4rsDIaXdxCODlljWW+/K96uF5MsDtOFUBw7VlOclIjcYTv/YDQEul8JoXoOuy1Yf3b5sbTpTuVTcl97tAuLJ8PoGe2K7N3B1eUQqQIDAQAB") || RsaCoder.doCheck(MD5Util.md5Hex(this.mHeaderSigntrueV2), m58992, "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDpgSW5VkZ6/xvh+wMXezrOokNdiupuvuMj4RVJy44byWDupl4H37z907A26RVdFzMeyLUQB4rsDIaXdxCODlljWW+/K96uF5MsDtOFUBw7VlOclIjcYTv/YDQEul8JoXoOuy1Yf3b5sbTpTuVTcl97tAuLJ8PoGe2K7N3B1eUQqQIDAQAB")) {
                this.mLogs.offer("parseNetworkResponse receive statuscode 222 and verify signture success , throw SecurityDecryptError");
                return acVar.m58538().m58549(DECRYPT_FAIL_CODE).m58559();
            }
            this.mLogs.offer("decryptResponse receive statuscode 222 signture = " + m58992);
            this.mLogs.offer("decryptResponse receive statuscode 222 mEncryptHeader  = " + str);
            this.mLogs.offer("decryptResponse receive statuscode 222 mEncryptHeader md5  = " + md5Hex);
            this.mLogs.offer("decryptResponse receive statuscode 222 and verify signture fail");
            return acVar;
        }
        String str3 = null;
        try {
            str3 = acVar.m58537().m58572();
        } catch (IOException e) {
            this.mLogs.offer("decryptResponse srcResponse.body().string() IOException = ");
            e.printStackTrace();
        }
        this.mLogs.offer("decryptResponse source = " + str3);
        if (m58536 != null && !TextUtils.isEmpty(m58536.m58992(HEADER_X_SESSION_TICKET))) {
            this.mLogs.offer("decryptResponse parserSecurityTicketHeader = " + m58536.m58992(HEADER_X_SESSION_TICKET));
            securityKeys.mSecurityTicket = m58536.m58992(HEADER_X_SESSION_TICKET);
        }
        String decrypt = securityKeys.decrypt(str3);
        if (!TextUtils.isEmpty(decrypt)) {
            SecurityProtocolManager.getInstance().setSecurityKeys(securityKeys);
            return acVar.m58538().m58556(ad.m58566(m58537.mo18370(), decrypt)).m58559();
        }
        this.mLogs.offer("decryptResponse decrypt fail and throw SecurityDecryptError ; the aeskey = " + securityKeys.mAES);
        return acVar.m58538().m58549(DECRYPT_FAIL_CODE).m58559();
    }

    private aa encryptRequest(aa aaVar, ab abVar, u uVar, String str, String str2, SecurityProtocolManager.SecurityKeys securityKeys) throws IOException {
        u.a m58997 = uVar.m58997();
        if (!TextUtils.isEmpty(str)) {
            String encrypt = securityKeys.encrypt(str);
            this.mHeaderSigntrueV1 = encrypt;
            String encode = URLEncoder.encode(securityKeys.encrypt(str2), HeaderConstant.FORMAT_UTF_8);
            this.mHeaderSigntrueV2 = encode;
            this.mLogs.offer("X-Security encryptHeader encrypt  = " + encrypt);
            this.mLogs.offer("X-Safty encryptXSecurityV2 encrypt  = " + encode);
            m58997.m59006(HeaderConstant.HEAD_KEY_ACCEPT, "application/encrypted-json");
            checkAndSetProtocolV1(m58997, encrypt, securityKeys);
            checkAndSetProtocolV2(m58997, encode, securityKeys);
            aaVar = aaVar.m58489().m58506(m58997.m59002()).m58516();
        }
        String encrypt2 = securityKeys.encrypt(bodyToString(abVar));
        this.mLogs.offer("encryptBody encrypt = " + encrypt2);
        return aaVar.m58489().m58504(ab.m58519(w.m59008(formatContentType(true)), encrypt2)).m58516();
    }

    private boolean success(ac acVar) {
        return (acVar == null || !acVar.m58533() || acVar.m58532() == 222) ? false : true;
    }

    public boolean checkNameAndValue(String str, String str2) {
        return HeaderConstant.checkNameAndValue(str, str2);
    }

    public String formatContentType(boolean z) {
        Object[] objArr = new Object[2];
        objArr[0] = z ? "application/encrypted-json" : "application/json";
        objArr[1] = HeaderConstant.FORMAT_UTF_8;
        return String.format(FORMAT_CONTENT_TYPE, objArr);
    }

    @Override // okhttp3.v
    public ac intercept(v.a aVar) throws IOException {
        aa mo18362 = aVar.mo18362();
        this.TAG_SUFFIX = "SecurityRequest:" + mo18362.m58481().m58403();
        SecurityProtocolManager.SecurityKeys securityKeys = SecurityProtocolManager.getInstance().getSecurityKeys();
        if (securityKeys == null || !securityKeys.available()) {
            this.mLogs.offer("mSecurityKeys unAvailable and reset securitykeys");
            securityKeys = new SecurityProtocolManager.SecurityKeys();
        } else {
            this.mLogs.offer("has a Available securitykeys");
        }
        SecurityProtocolManager.SecurityKeys securityKeys2 = securityKeys;
        this.mLogs.offer(" RSA KEY =  " + securityKeys2.mRSA);
        this.mLogs.offer(" SECURITY Ticket =  " + securityKeys2.mSecurityTicket);
        u m58485 = mo18362.m58485();
        String deviceSecurityHeader = DeviceSecurityHeader.getDeviceSecurityHeader(BaseApp.mContext);
        ab m58486 = mo18362.m58486();
        this.mLogs.offer("=================request first time");
        ac mo18363 = aVar.mo18363(encryptRequest(mo18362, m58486, m58485, deviceSecurityHeader, deviceSecurityHeader, securityKeys2));
        ac decryptResponse = decryptResponse(mo18363, securityKeys2, deviceSecurityHeader, deviceSecurityHeader);
        if (!success(decryptResponse)) {
            if (decryptResponse.m58532() == DECRYPT_FAIL_CODE) {
                this.mLogs.offer("=================request second time");
                SecurityProtocolManager.getInstance().clearSecurityKeys();
                SecurityProtocolManager.SecurityKeys securityKeys3 = new SecurityProtocolManager.SecurityKeys();
                this.mLogs.offer("retry AES KEY =  " + securityKeys3.mAES);
                this.mLogs.offer("retry RSA KEY =  " + securityKeys3.mRSA);
                this.mLogs.offer("retry SECURITY Ticket =  " + securityKeys3.mSecurityTicket);
                decryptResponse = decryptResponse(aVar.mo18363(encryptRequest(mo18362, m58486, m58485, deviceSecurityHeader, deviceSecurityHeader, securityKeys3)), securityKeys3, deviceSecurityHeader, deviceSecurityHeader);
                if (!success(decryptResponse)) {
                    if (decryptResponse.m58532() == DECRYPT_FAIL_CODE) {
                        this.mLogs.offer("=================request downgrade time");
                        SecurityProtocolManager.getInstance().clearSecurityKeys();
                        mo18363 = aVar.mo18363(mo18362.m58489().m58498(HeaderConstant.HEAD_KEY_ACCEPT, "application/json").m58504(ab.m58519(w.m59008(formatContentType(false)), bodyToString(m58486))).m58516());
                    }
                }
            }
            decryptResponse = mo18363;
        }
        printLog();
        return decryptResponse;
    }

    protected void printLog() {
        for (int i = 0; i < this.mLogs.size() + 1; i++) {
            try {
                UCLogUtil.i(this.TAG_SUFFIX, "" + this.mLogs.poll());
            } catch (Exception unused) {
                return;
            }
        }
    }
}
