package com.heytap.accountsdk.net.security.interceptor;

import android.text.TextUtils;
import com.heytap.accountsdk.net.security.request.HeaderConstant;
import com.platform.usercenter.common.lib.BaseApp;
import com.platform.usercenter.common.lib.utils.UCLogUtil;
import com.platform.usercenter.common.security.DeviceSecurityHeader;
import com.platform.usercenter.common.security.SecurityProtocolManager;
import com.platform.usercenter.common.security.UCHeaderHelperV2;
import com.platform.usercenter.common.util.UCHeaderHelper;
import com.platform.usercenter.tools.MD5Util;
import com.platform.usercenter.tools.RsaCoder;
import java.io.IOException;
import java.net.URLEncoder;
import java.util.LinkedList;
import okhttp3.Headers;
import okhttp3.Interceptor;
import okhttp3.MediaType;
import okhttp3.Request;
import okhttp3.RequestBody;
import okhttp3.Response;
import okhttp3.ResponseBody;
import okio.Buffer;

/* loaded from: classes.dex */
public class UCSecurityRequestInterceptor implements Interceptor {
    public static final int DECRYPT_FAIL_CODE = 5222;
    public static final String FORMAT_CONTENT_TYPE = "%s; charset=%s";
    public static final String HEADER_PROTOCOL_VERSION = "2.0";
    public static final String HEADER_SECURITY_CONTENT_TYPE = "application/encrypted-json";
    public static final String HEADER_X_PROTOCOL_VERSION = "X-Protocol-Version";
    public static final String HEADER_X_SESSION_TICKET = "X-Session-Ticket";
    public static final String HEADER_X_SIGNTRUE = "X-Signature";
    public static final String KEY_SECURITY_ACCEPT = "application/encrypted-json";
    public static final int STATUS_CODE_DECRYPT_FAIL = 222;
    public static final String TAG = "SecurityRequest";
    public String mHeaderSigntrueV1;
    public String mHeaderSigntrueV2;
    public String TAG_SUFFIX = TAG;
    public final LogQueue mLogs = new LogQueue();

    /* loaded from: classes.dex */
    public static final class LogQueue extends LinkedList<String> {
        public LogQueue() {
        }

        @Override // java.util.LinkedList, java.util.Deque, java.util.Queue
        public boolean offer(String str) {
            return super.offer((LogQueue) str);
        }
    }

    public static String bodyToString(RequestBody requestBody) {
        try {
            Buffer buffer = new Buffer();
            requestBody.a(buffer);
            return buffer.n();
        } catch (IOException e2) {
            e2.printStackTrace();
            return null;
        }
    }

    private void checkAndSetProtocolV1(Headers.Builder builder, String str, SecurityProtocolManager.SecurityKeys securityKeys) {
        if (checkNameAndValue(UCHeaderHelper.HEADER_X_SECURITY, str)) {
            builder.c(UCHeaderHelper.HEADER_X_SECURITY, str);
        }
        if (checkNameAndValue("X-Key", securityKeys.b)) {
            builder.c("X-Key", securityKeys.b);
        }
        if (checkNameAndValue(HEADER_X_SESSION_TICKET, securityKeys.f6120c)) {
            builder.c(HEADER_X_SESSION_TICKET, securityKeys.f6120c);
        }
        builder.c(HEADER_X_PROTOCOL_VERSION, HEADER_PROTOCOL_VERSION);
    }

    private void checkAndSetProtocolV2(Headers.Builder builder, String str, SecurityProtocolManager.SecurityKeys securityKeys) {
        if (checkNameAndValue("X-Safety", str)) {
            builder.c("X-Safety", str);
        }
        String a = UCHeaderHelperV2.HeaderXProtocol.a(BaseApp.a, securityKeys.b, securityKeys.f6120c);
        if (checkNameAndValue("X-Protocol", a)) {
            builder.c("X-Protocol", a);
        }
        builder.c("X-Protocol-Ver", HEADER_PROTOCOL_VERSION);
    }

    private Response decryptResponse(Response response, SecurityProtocolManager.SecurityKeys securityKeys, String str, String str2) {
        Headers u = response.u();
        ResponseBody q = response.q();
        if (!success(response)) {
            if (response.s() != 222 || u == null || TextUtils.isEmpty(u.a(HEADER_X_SIGNTRUE))) {
                return response;
            }
            String a = u.a(HEADER_X_SIGNTRUE);
            String a2 = MD5Util.a(this.mHeaderSigntrueV1);
            if (RsaCoder.a(a2, a, "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDpgSW5VkZ6/xvh+wMXezrOokNdiupuvuMj4RVJy44byWDupl4H37z907A26RVdFzMeyLUQB4rsDIaXdxCODlljWW+/K96uF5MsDtOFUBw7VlOclIjcYTv/YDQEul8JoXoOuy1Yf3b5sbTpTuVTcl97tAuLJ8PoGe2K7N3B1eUQqQIDAQAB") || RsaCoder.a(MD5Util.a(this.mHeaderSigntrueV2), a, "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDpgSW5VkZ6/xvh+wMXezrOokNdiupuvuMj4RVJy44byWDupl4H37z907A26RVdFzMeyLUQB4rsDIaXdxCODlljWW+/K96uF5MsDtOFUBw7VlOclIjcYTv/YDQEul8JoXoOuy1Yf3b5sbTpTuVTcl97tAuLJ8PoGe2K7N3B1eUQqQIDAQAB")) {
                this.mLogs.offer("parseNetworkResponse receive statuscode 222 and verify signture success , throw SecurityDecryptError");
                return response.y().a(DECRYPT_FAIL_CODE).a();
            }
            this.mLogs.offer("decryptResponse receive statuscode 222 signture = " + a);
            this.mLogs.offer("decryptResponse receive statuscode 222 mEncryptHeader  = " + str);
            this.mLogs.offer("decryptResponse receive statuscode 222 mEncryptHeader md5  = " + a2);
            this.mLogs.offer("decryptResponse receive statuscode 222 and verify signture fail");
            return response;
        }
        String str3 = null;
        try {
            str3 = response.q().x();
        } catch (IOException e2) {
            this.mLogs.offer("decryptResponse srcResponse.body().string() IOException = ");
            e2.printStackTrace();
        }
        this.mLogs.offer("decryptResponse source = " + str3);
        if (u != null && !TextUtils.isEmpty(u.a(HEADER_X_SESSION_TICKET))) {
            this.mLogs.offer("decryptResponse parserSecurityTicketHeader = " + u.a(HEADER_X_SESSION_TICKET));
            securityKeys.f6120c = u.a(HEADER_X_SESSION_TICKET);
        }
        String a3 = securityKeys.a(str3);
        if (!TextUtils.isEmpty(a3)) {
            SecurityProtocolManager.c().a(securityKeys);
            return response.y().a(ResponseBody.a(q.v(), a3)).a();
        }
        this.mLogs.offer("decryptResponse decrypt fail and throw SecurityDecryptError ; the aeskey = " + securityKeys.a);
        return response.y().a(DECRYPT_FAIL_CODE).a();
    }

    private Request encryptRequest(Request request, RequestBody requestBody, Headers headers, String str, String str2, SecurityProtocolManager.SecurityKeys securityKeys) throws IOException {
        Headers.Builder a = headers.a();
        if (!TextUtils.isEmpty(str)) {
            String b = securityKeys.b(str);
            this.mHeaderSigntrueV1 = b;
            String encode = URLEncoder.encode(securityKeys.b(str2), HeaderConstant.FORMAT_UTF_8);
            this.mHeaderSigntrueV2 = encode;
            this.mLogs.offer("X-Security encryptHeader encrypt  = " + b);
            this.mLogs.offer("X-Safty encryptXSecurityV2 encrypt  = " + encode);
            a.c(HeaderConstant.HEAD_KEY_ACCEPT, "application/encrypted-json");
            checkAndSetProtocolV1(a, b, securityKeys);
            checkAndSetProtocolV2(a, encode, securityKeys);
            request = request.f().a(a.a()).a();
        }
        String b2 = securityKeys.b(bodyToString(requestBody));
        this.mLogs.offer("encryptBody encrypt = " + b2);
        return request.f().a(RequestBody.a(MediaType.b(formatContentType(true)), b2)).a();
    }

    private boolean success(Response response) {
        return (response == null || !response.v() || response.s() == 222) ? false : true;
    }

    public boolean checkNameAndValue(String str, String str2) {
        return HeaderConstant.checkNameAndValue(str, str2);
    }

    public String formatContentType(boolean z) {
        Object[] objArr = new Object[2];
        objArr[0] = z ? "application/encrypted-json" : HeaderConstant.HEAD_VALUES_APPLICATION_JSON;
        objArr[1] = HeaderConstant.FORMAT_UTF_8;
        return String.format(FORMAT_CONTENT_TYPE, objArr);
    }

    @Override // okhttp3.Interceptor
    public Response intercept(Interceptor.Chain chain) throws IOException {
        Request q = chain.q();
        this.TAG_SUFFIX = "SecurityRequest:" + q.h().c();
        SecurityProtocolManager.SecurityKeys b = SecurityProtocolManager.c().b();
        if (b == null || !b.a()) {
            this.mLogs.offer("mSecurityKeys unAvailable and reset securitykeys");
            b = new SecurityProtocolManager.SecurityKeys();
        } else {
            this.mLogs.offer("has a Available securitykeys");
        }
        SecurityProtocolManager.SecurityKeys securityKeys = b;
        this.mLogs.offer(" RSA KEY =  " + securityKeys.b);
        this.mLogs.offer(" SECURITY Ticket =  " + securityKeys.f6120c);
        Headers c2 = q.c();
        String a = DeviceSecurityHeader.a(BaseApp.a);
        RequestBody a2 = q.a();
        this.mLogs.offer("=================request first time");
        Response a3 = chain.a(encryptRequest(q, a2, c2, a, a, securityKeys));
        Response decryptResponse = decryptResponse(a3, securityKeys, a, a);
        if (!success(decryptResponse)) {
            if (decryptResponse.s() == 5222) {
                this.mLogs.offer("=================request second time");
                SecurityProtocolManager.c().a();
                SecurityProtocolManager.SecurityKeys securityKeys2 = new SecurityProtocolManager.SecurityKeys();
                this.mLogs.offer("retry AES KEY =  " + securityKeys2.a);
                this.mLogs.offer("retry RSA KEY =  " + securityKeys2.b);
                this.mLogs.offer("retry SECURITY Ticket =  " + securityKeys2.f6120c);
                decryptResponse = decryptResponse(chain.a(encryptRequest(q, a2, c2, a, a, securityKeys2)), securityKeys2, a, a);
                if (!success(decryptResponse)) {
                    if (decryptResponse.s() == 5222) {
                        this.mLogs.offer("=================request downgrade time");
                        SecurityProtocolManager.c().a();
                        a3 = chain.a(q.f().b(HeaderConstant.HEAD_KEY_ACCEPT, HeaderConstant.HEAD_VALUES_APPLICATION_JSON).a(RequestBody.a(MediaType.b(formatContentType(false)), bodyToString(a2))).a());
                    }
                }
            }
            decryptResponse = a3;
        }
        printLog();
        return decryptResponse;
    }

    public void printLog() {
        for (int i = 0; i < this.mLogs.size() + 1; i++) {
            try {
                UCLogUtil.c(this.TAG_SUFFIX, "" + this.mLogs.poll());
            } catch (Exception unused) {
                return;
            }
        }
    }
}
