package com.xiaomi.iauth.java.sdk.service.utils;

import com.xiaomi.iauth.java.sdk.center.CenterUrlLocalManager;
import com.xiaomi.iauth.java.sdk.configuration.IAuthConfiguration;
import com.xiaomi.iauth.java.sdk.constants.IAuthConstants;
import com.xiaomi.iauth.java.sdk.exception.ErrorCode;
import com.xiaomi.iauth.java.sdk.exception.IAuthException;
import com.xiaomi.iauth.java.sdk.exception.IAuthSDKRuntimeException;
import com.xiaomi.iauth.java.sdk.security.AESCoder;
import com.xiaomi.iauth.java.sdk.security.CertificateCoder;
import com.xiaomi.iauth.java.sdk.security.Coder;
import com.xiaomi.iauth.java.sdk.security.RandomGenerator;
import com.xiaomi.iauth.java.sdk.security.SignatureCoder;
import com.xiaomi.iauth.java.sdk.utils.HttpUtil;
import com.xiaomi.iauth.java.sdk.utils.NonceFactory;
import com.xiaomi.iauth.java.sdk.utils.SignUtil;
import com.xiaomi.iauth.utils.WrappedKeySequence;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.ObjectInputStream;
import java.net.URISyntaxException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.TreeMap;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.Executors;
import java.util.concurrent.ScheduledExecutorService;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicInteger;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.http.HttpException;
import org.apache.http.client.utils.URIBuilder;
import org.json.JSONException;
import org.json.JSONObject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: classes3.dex */
public class IAuthSDKKeyStoreFactory {
    private static final int SERVER_SDK_VERSION = 2;
    private AtomicInteger failCount = new AtomicInteger(0);
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) IAuthSDKKeyStoreFactory.class);
    private static final Map<String, LinkedList<WrappedKeySequence>> TOKEN_KEY_MAP = new ConcurrentHashMap();
    private static ScheduledExecutorService scheduledExecutorService = Executors.newScheduledThreadPool(1);
    private static volatile IAuthSDKKeyStoreFactory instance = null;

    private IAuthSDKKeyStoreFactory() {
        scheduledExecutorService.scheduleAtFixedRate(new Runnable() { // from class: com.xiaomi.iauth.java.sdk.service.utils.IAuthSDKKeyStoreFactory.1
            @Override // java.lang.Runnable
            public void run() {
                String tokenKeyFromIAuth;
                for (Map.Entry entry : IAuthSDKKeyStoreFactory.TOKEN_KEY_MAP.entrySet()) {
                    synchronized (IAuthSDKKeyStoreFactory.LOGGER) {
                        String str = (String) entry.getKey();
                        try {
                            IAuthSDKKeyStoreFactory.LOGGER.info("reload security key sid={}", str);
                            tokenKeyFromIAuth = IAuthSDKKeyStoreFactory.this.getTokenKeyFromIAuth(str);
                        } catch (Exception e) {
                            IAuthSDKKeyStoreFactory.LOGGER.error("reload security key error, sid={} ", str, e);
                        }
                        if (tokenKeyFromIAuth != null) {
                            IAuthSDKKeyStoreFactory.this.cacheTokenKeys(str, tokenKeyFromIAuth);
                            IAuthSDKKeyStoreFactory.LOGGER.debug("cached serviceKeys for {} are {}", str, IAuthSDKKeyStoreFactory.TOKEN_KEY_MAP.get(str));
                        }
                    }
                }
            }
        }, 3L, 3L, TimeUnit.MINUTES);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void cacheTokenKeys(String str, String str2) {
        Map<String, LinkedList<WrappedKeySequence>> map = TOKEN_KEY_MAP;
        LinkedList<WrappedKeySequence> linkedList = map.get(str);
        if (linkedList == null) {
            map.put(str, new LinkedList<>());
            linkedList = map.get(str);
        }
        if (linkedList.size() > 2) {
            LOGGER.error("more than two keys exist {}", map.get(str));
            return;
        }
        List<WrappedKeySequence> deserizlizeKeySequences = deserizlizeKeySequences(str, str2);
        if (CollectionUtils.isEmpty(deserizlizeKeySequences)) {
            LOGGER.error("get Empty key sequences");
            return;
        }
        if (deserizlizeKeySequences.size() != 2) {
            LOGGER.error("should receive two key sequence pair {}", deserizlizeKeySequences);
        }
        linkedList.clear();
        linkedList.addAll(deserizlizeKeySequences);
    }

    private List<WrappedKeySequence> deserizlizeKeySequences(String str, String str2) {
        ObjectInputStream objectInputStream;
        ObjectInputStream objectInputStream2 = null;
        try {
            try {
                objectInputStream = new ObjectInputStream(new ByteArrayInputStream(str2.getBytes("ISO-8859-1")));
            } catch (Throwable th) {
                th = th;
            }
        } catch (Exception e) {
            e = e;
        }
        try {
            List<WrappedKeySequence> list = (List) objectInputStream.readObject();
            if (list.isEmpty() || list.size() > 2) {
                LOGGER.error("more than two keys arrived {}", list);
            }
            LOGGER.debug("received wrappedServiceKeys are {}", list);
            for (int i = 0; i < list.size(); i++) {
                if (!TOKEN_KEY_MAP.get(str).contains(list.get(i))) {
                    list.get(i).setArriveTime(System.currentTimeMillis());
                }
            }
            try {
                objectInputStream.close();
            } catch (IOException unused) {
            }
            return list;
        } catch (Exception e2) {
            e = e2;
            objectInputStream2 = objectInputStream;
            LOGGER.error(e.getMessage(), (Throwable) e);
            ArrayList arrayList = new ArrayList();
            if (objectInputStream2 != null) {
                try {
                    objectInputStream2.close();
                } catch (IOException unused2) {
                }
            }
            return arrayList;
        } catch (Throwable th2) {
            th = th2;
            objectInputStream2 = objectInputStream;
            if (objectInputStream2 != null) {
                try {
                    objectInputStream2.close();
                } catch (IOException unused3) {
                }
            }
            throw th;
        }
    }

    public static IAuthSDKKeyStoreFactory getInstance() {
        if (instance == null) {
            synchronized (IAuthSDKKeyStoreFactory.class) {
                if (instance == null) {
                    instance = new IAuthSDKKeyStoreFactory();
                }
            }
        }
        return instance;
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* JADX WARN: Removed duplicated region for block: B:6:0x004f  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public java.lang.String getTokenKeyFromIAuth(java.lang.String r6) {
        /*
            r5 = this;
            com.xiaomi.iauth.java.sdk.configuration.IAuthConfiguration r0 = com.xiaomi.iauth.java.sdk.configuration.IAuthConfiguration.getInstance()
            int r0 = r0.getServerSignVersion()
            com.xiaomi.iauth.java.sdk.configuration.IAuthConfiguration r1 = com.xiaomi.iauth.java.sdk.configuration.IAuthConfiguration.getInstance()
            java.lang.String r1 = r1.getServerSecret()
            com.xiaomi.iauth.java.sdk.configuration.IAuthConfiguration r2 = com.xiaomi.iauth.java.sdk.configuration.IAuthConfiguration.getInstance()
            java.lang.String r2 = r2.getSid()
            r3 = 2
            r4 = 0
            if (r0 != r3) goto L27
            boolean r0 = org.apache.commons.lang3.StringUtils.isNotEmpty(r1)     // Catch: java.lang.Exception -> L2c
            if (r0 == 0) goto L27
            java.lang.String r6 = r5.getTokenKeyFromIAuthV2(r6, r4)     // Catch: java.lang.Exception -> L2c
            goto L4d
        L27:
            java.lang.String r6 = r5.getTokenKeyFromIAuthV1(r6)     // Catch: java.lang.Exception -> L2c
            goto L4d
        L2c:
            r6 = move-exception
            java.util.concurrent.atomic.AtomicInteger r0 = r5.failCount
            r0.incrementAndGet()
            org.slf4j.Logger r0 = com.xiaomi.iauth.java.sdk.service.utils.IAuthSDKKeyStoreFactory.LOGGER
            java.util.concurrent.atomic.AtomicInteger r1 = r5.failCount
            java.lang.String r3 = "get token from iauth error for {} times"
            r0.error(r3, r1, r6)
            java.util.concurrent.atomic.AtomicInteger r6 = r5.failCount
            int r6 = r6.get()
            java.util.Map<java.lang.String, java.util.LinkedList<com.xiaomi.iauth.utils.WrappedKeySequence>> r0 = com.xiaomi.iauth.java.sdk.service.utils.IAuthSDKKeyStoreFactory.TOKEN_KEY_MAP
            java.lang.Object r0 = r0.get(r2)
            java.util.List r0 = (java.util.List) r0
            com.xiaomi.iauth.java.sdk.service.fallback.FallbackUtil.fallback(r6, r2, r0)
            r6 = r4
        L4d:
            if (r6 == 0) goto L67
            java.util.concurrent.atomic.AtomicInteger r0 = r5.failCount
            r1 = 0
            r0.getAndSet(r1)
            org.slf4j.Logger r0 = com.xiaomi.iauth.java.sdk.service.utils.IAuthSDKKeyStoreFactory.LOGGER
            java.util.concurrent.atomic.AtomicInteger r1 = r5.failCount
            java.lang.String r3 = "recover, failCount = {}"
            r0.debug(r3, r1)
            java.util.concurrent.atomic.AtomicInteger r0 = r5.failCount
            int r0 = r0.get()
            com.xiaomi.iauth.java.sdk.service.fallback.FallbackUtil.fallback(r0, r2, r4)
        L67:
            return r6
        */
        throw new UnsupportedOperationException("Method not decompiled: com.xiaomi.iauth.java.sdk.service.utils.IAuthSDKKeyStoreFactory.getTokenKeyFromIAuth(java.lang.String):java.lang.String");
    }

    private String getTokenKeyFromIAuthV1(String str) throws IAuthException, IOException {
        byte[] loadPublicKey = IAuthConfiguration.getInstance().loadPublicKey();
        if (loadPublicKey == null || loadPublicKey.length == 0) {
            throw new IOException("load pub key error");
        }
        String generateNonce = NonceFactory.generateNonce();
        String generateRandomAESKey = RandomGenerator.generateRandomAESKey();
        JSONObject jSONObject = new JSONObject();
        try {
            URIBuilder uRIBuilder = new URIBuilder(CenterUrlLocalManager.getInstance().getCenterUrlForServer());
            uRIBuilder.setPath("/service/key");
            uRIBuilder.setParameter("sid", str);
            jSONObject.put("nonce", generateNonce);
            jSONObject.put("key", generateRandomAESKey);
            jSONObject.put(IAuthConstants.SERVER_SDK_VERSION, 2);
            uRIBuilder.setParameter(IAuthConstants.KEY_DATA, Coder.encryptBASE64(CertificateCoder.encryptByPublicKey(jSONObject.toString().getBytes("utf-8"), CertificateCoder.getCertificate(loadPublicKey).getPublicKey())));
            Logger logger = LOGGER;
            logger.info("get service key url:{}", uRIBuilder.build());
            String readHttpResponse = HttpUtil.readHttpResponse(HttpUtil.doGet(uRIBuilder.build().toASCIIString()));
            logger.info("get service key from iauth:{}", readHttpResponse);
            JSONObject jSONObject2 = new JSONObject(readHttpResponse);
            ErrorCode valueOf = ErrorCode.valueOf(jSONObject2.getInt("code"));
            if (ErrorCode.SUCCESS != valueOf) {
                logger.error("get service key error, return: {}", jSONObject2);
                throw new IAuthException(valueOf, "get service key from iauth server error");
            }
            String string = jSONObject2.getJSONObject("data").getString(IAuthConstants.SERVICE_KEY);
            String optString = jSONObject2.getJSONObject("data").optString(IAuthConstants.SIGN, "");
            TreeMap treeMap = new TreeMap();
            treeMap.put(IAuthConstants.SERVICE_KEY, string);
            String genSignature = SignatureCoder.genSignature(treeMap, generateRandomAESKey);
            if (StringUtils.equals(optString, genSignature)) {
                return new AESCoder(generateRandomAESKey).decrypt(string);
            }
            logger.error("sign error, real:{}, input:{}", genSignature, optString);
            throw new IAuthException(ErrorCode.INVALID_SIGNATURE, "get Key from IAuth");
        } catch (URISyntaxException e) {
            LOGGER.error(e.getMessage(), (Throwable) e);
            throw new IOException(e.getMessage());
        } catch (JSONException e2) {
            LOGGER.error(e2.getMessage(), (Throwable) e2);
            throw new IAuthException(ErrorCode.JSON_FORMAT_ERROR, e2.getMessage());
        } catch (Exception e3) {
            LOGGER.error(e3.getMessage(), (Throwable) e3);
            throw new IAuthException(ErrorCode.SYSTEM_ERROR, e3.getMessage());
        }
    }

    private String getTokenKeyFromIAuthV2(String str, Map<String, String> map) throws IAuthException, IOException {
        String serverSecret = IAuthConfiguration.getInstance().getServerSecret();
        String generateRandomAESKey = RandomGenerator.generateRandomAESKey();
        try {
            JSONObject jSONObject = new JSONObject(requestTokenKey(CenterUrlLocalManager.getInstance().getCenterUrlForServer(), "/service/V2/key", str, new AESCoder(serverSecret).encrypt(generateRandomAESKey), serverSecret, map));
            ErrorCode valueOf = ErrorCode.valueOf(jSONObject.getInt("code"));
            if (ErrorCode.SUCCESS != valueOf) {
                LOGGER.error("[v2]get service key error, return: {}", jSONObject);
                throw new IAuthException(valueOf, "[v2]get service key from iauth server error");
            }
            String string = jSONObject.getJSONObject("data").getString(IAuthConstants.SERVICE_KEY);
            String optString = jSONObject.getJSONObject("data").optString(IAuthConstants.SIGN, "");
            TreeMap treeMap = new TreeMap();
            treeMap.put(IAuthConstants.SERVICE_KEY, string);
            String genSignature = SignatureCoder.genSignature(treeMap, serverSecret);
            if (StringUtils.equals(optString, genSignature)) {
                return new AESCoder(generateRandomAESKey).decrypt(string);
            }
            LOGGER.error("[v2]sign error, real:{}, input:{}", genSignature, optString);
            throw new IAuthException(ErrorCode.INVALID_SIGNATURE, "get Key from IAuth");
        } catch (URISyntaxException e) {
            LOGGER.error(e.getMessage(), (Throwable) e);
            throw new IOException(e.getMessage());
        } catch (JSONException e2) {
            LOGGER.error(e2.getMessage(), (Throwable) e2);
            throw new IAuthException(ErrorCode.JSON_FORMAT_ERROR, e2.getMessage());
        } catch (Exception e3) {
            LOGGER.error(e3.getMessage(), (Throwable) e3);
            throw new IAuthException(ErrorCode.SYSTEM_ERROR, e3.getMessage());
        }
    }

    private String requestTokenKey(String str, String str2, String str3, String str4, String str5, Map<String, String> map) throws URISyntaxException, HttpException, IOException, InvalidKeyException, NoSuchAlgorithmException {
        URIBuilder uRIBuilder = new URIBuilder(str);
        uRIBuilder.setPath(str2);
        uRIBuilder.setParameter("sid", str3);
        uRIBuilder.setParameter("key", str4);
        uRIBuilder.setParameter("nonce", NonceFactory.generateNonce());
        if (map != null) {
            for (Map.Entry<String, String> entry : map.entrySet()) {
                uRIBuilder.setParameter(entry.getKey(), entry.getValue());
            }
        }
        uRIBuilder.setParameter(IAuthConstants.SIGN, SignUtil.genSignature("GET", uRIBuilder.getPath(), uRIBuilder.getQueryParams(), str5));
        return HttpUtil.readHttpResponse(HttpUtil.doGet(uRIBuilder.build().toASCIIString()));
    }

    @Deprecated
    public String getServiceKey(String str, boolean z) {
        return getTokenKey(str, z);
    }

    public String getTokenKey(String str, boolean z) {
        Map<String, LinkedList<WrappedKeySequence>> map = TOKEN_KEY_MAP;
        LinkedList<WrappedKeySequence> linkedList = map.get(str);
        synchronized (map) {
            if (linkedList == null) {
                if (map.get(str) == null) {
                    String tokenKeyFromIAuth = getTokenKeyFromIAuth(str);
                    if (tokenKeyFromIAuth == null) {
                        return null;
                    }
                    cacheTokenKeys(str, tokenKeyFromIAuth);
                    linkedList = map.get(str);
                } else {
                    linkedList = map.get(str);
                }
            }
            if (linkedList == null) {
                throw new IAuthSDKRuntimeException("the KeySequences is null");
            }
            return z ? linkedList.get(0).getServiceKey() : (linkedList.size() > 1 ? linkedList.get(1) : linkedList.get(0)).getServiceKey();
        }
    }
}
