package com.mi.encrypt.okhttp;

import android.text.TextUtils;
import android.util.Base64;
import androidx.recyclerview.widget.RecyclerView;
import com.android.fileexplorer.network.singer.core.signer.Signer;
import com.mi.encrypt.EncryptHeader;
import com.mi.encrypt.EncryptHelper;
import com.mi.encrypt.VersionUtils;
import com.xiaomi.stat.d;
import h5.h;
import i7.c0;
import i7.d0;
import i7.i;
import i7.r;
import i7.s;
import i7.t;
import i7.x;
import java.io.IOException;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPublicKey;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.net.ssl.SSLSocket;
import n7.e;
import w7.b;
import w7.g;
import w7.j;
import w7.n;

/* loaded from: classes2.dex */
public abstract class EncryptInterceptor implements t {
    public static final String GET = "GET";
    public static final String POST = "POST";
    public static final int REQ_0_RESP_0 = 4;
    public static final int REQ_1_RESP_0 = 2;
    public static final int REQ_1_RESP_1 = 1;
    public static final int UNKNOWN = 0;
    public static final String X_MI_XFLAG = "X-MI-XFLAG";
    public static final String X_MI_XKEY = "X-MI-XKEY";
    private List<String> mEncryptDomainList;
    private ExceptionReporter mExceptionReporter;
    public boolean mIsDefaultEncrypt;

    /* loaded from: classes2.dex */
    public static abstract class Builder {
        private ExceptionReporter exceptionReporter;
        private boolean isDefaultEncrypt = false;
        private List<String> encryptDomainList = new ArrayList();

        public abstract EncryptInterceptor build();

        public Builder setDefaultEncrypt(boolean z8) {
            this.isDefaultEncrypt = z8;
            return this;
        }

        public Builder setEncryptDomainList(List<String> list) {
            this.encryptDomainList.addAll(list);
            return this;
        }

        public Builder setExceptionReporter(ExceptionReporter exceptionReporter) {
            this.exceptionReporter = exceptionReporter;
            return this;
        }
    }

    /* loaded from: classes2.dex */
    public interface ExceptionReporter {
        void callbackException(Map<String, Object> map);
    }

    /* loaded from: classes2.dex */
    public static class RSAPublicKeyInfo {
        private String certificatePathInfo;
        private RSAPublicKey rsaPublicKey;

        private RSAPublicKeyInfo(Certificate[] certificateArr, RSAPublicKey rSAPublicKey) {
            this.certificatePathInfo = dumpCertificatePathInfo(certificateArr);
            this.rsaPublicKey = rSAPublicKey;
        }

        private static String dumpCertificatePathInfo(Certificate[] certificateArr) {
            StringBuilder sb = new StringBuilder();
            if (certificateArr != null) {
                for (int i8 = 0; i8 < certificateArr.length; i8++) {
                    Certificate certificate = certificateArr[i8];
                    sb.append("---Certs[");
                    sb.append(i8);
                    sb.append("]");
                    sb.append("---\n");
                    if (certificate instanceof X509Certificate) {
                        X509Certificate x509Certificate = (X509Certificate) certificate;
                        sb.append(x509Certificate.getIssuerX500Principal().toString());
                        sb.append(Signer.LINE_SEPARATOR);
                        sb.append(x509Certificate.getSubjectX500Principal().toString());
                        sb.append(Signer.LINE_SEPARATOR);
                    }
                    sb.append(certificate.getPublicKey().toString());
                    sb.append(Signer.LINE_SEPARATOR);
                }
            }
            return sb.toString();
        }
    }

    public EncryptInterceptor(Builder builder) {
        this.mIsDefaultEncrypt = builder.isDefaultEncrypt;
        this.mEncryptDomainList = builder.encryptDomainList;
        this.mExceptionReporter = builder.exceptionReporter;
    }

    private c0 chainProceed(t.a aVar, x xVar, boolean z8) throws IOException {
        if (!z8) {
            Set<String> c6 = xVar.f22371d.c();
            x.a aVar2 = null;
            if (c6.contains("X-MI-XFLAG")) {
                aVar2 = new x.a(xVar);
                aVar2.f22376c.f("X-MI-XFLAG");
            }
            if (c6.contains("X-MI-XKEY")) {
                if (aVar2 == null) {
                    aVar2 = new x.a(xVar);
                }
                aVar2.f22376c.f("X-MI-XKEY");
            }
            if (aVar2 != null) {
                xVar = aVar2.b();
            }
        }
        return aVar.a(xVar);
    }

    private boolean checkIsNeedDecrypt(c0 c0Var) {
        if (getResponseDecryptFlag(c0Var) != 1) {
            return false;
        }
        int i8 = e.f23341a;
        h.f(c0Var, "response");
        return e.a(c0Var);
    }

    private boolean checkIsNeedEncrypt(x xVar) {
        int requestEncryptFlag;
        if (!xVar.f22369b.f22286a) {
            return false;
        }
        if ((GET.equalsIgnoreCase(xVar.f22370c) || POST.equalsIgnoreCase(xVar.f22370c)) && (requestEncryptFlag = getRequestEncryptFlag(xVar)) != 4) {
            return requestEncryptFlag != 2 || checkRequestNeedEncrypt(xVar);
        }
        return false;
    }

    private int encryptFlagStringToInt(String str) {
        int i8;
        if (TextUtils.isEmpty(str)) {
            return 0;
        }
        try {
            i8 = Integer.parseInt(str);
        } catch (Exception unused) {
            i8 = 0;
        }
        int i9 = 1;
        if (i8 != 1) {
            i9 = 2;
            if (i8 != 2) {
                i9 = 4;
                if (i8 != 4) {
                    return 0;
                }
            }
        }
        return i9;
    }

    private c0 generateDecryptedResponse(RSAPublicKeyInfo rSAPublicKeyInfo, c0 c0Var) {
        d0 d0Var;
        n7.h hVar;
        r rVar;
        byte[] bytes;
        byte[] bArr = null;
        try {
            d0Var = c0Var.f22154i;
            String i8 = c0.i(c0Var, "Content-Type");
            long contentLength = d0Var.contentLength();
            j source = d0Var.source();
            source.request(RecyclerView.FOREVER_NS);
            g y7 = source.y();
            if (d.aj.equalsIgnoreCase(c0.i(c0Var, "Content-Encoding"))) {
                hVar = new n7.h(i8, -1L, b.c(new n(y7.clone())));
                r.a d9 = c0Var.f22153h.d();
                d9.f("Content-Encoding");
                d9.f("Content-Length");
                rVar = d9.d();
            } else {
                hVar = new n7.h(i8, contentLength, y7.clone());
                rVar = null;
            }
            bytes = hVar.bytes();
        } catch (Exception e8) {
            e = e8;
        }
        try {
            byte[] decrypt = EncryptHelper.getInstance().decrypt(bytes);
            c0.a aVar = new c0.a(c0Var);
            if (rVar != null) {
                aVar.c(rVar);
            }
            d0 create = d0.create(d0Var.contentType(), decrypt);
            wrapperReportMessage(null, c0Var, bytes, rSAPublicKeyInfo);
            String valueOf = String.valueOf(create.contentLength());
            h.f(valueOf, "value");
            aVar.f22165f.a("Content-Length", valueOf);
            aVar.f22166g = create;
            return aVar.a();
        } catch (Exception e9) {
            e = e9;
            bArr = bytes;
            wrapperReportMessage(e, c0Var, bArr, rSAPublicKeyInfo);
            e.printStackTrace();
            return c0Var;
        }
    }

    private x generateEncryptedRequest(x xVar, RSAPublicKey rSAPublicKey) {
        try {
            String encryptedAESKey = EncryptHelper.getInstance().getEncryptedAESKey(rSAPublicKey);
            String aESKeyID = EncryptHelper.getInstance().getAESKeyID();
            x.a generateEncryptedRequestInner = generateEncryptedRequestInner(xVar);
            generateEncryptedRequestInner.c("X-MI-XKEY", aESKeyID + encryptedAESKey);
            generateEncryptedRequestInner.c("X-MI-XFLAG", String.valueOf(getRequestEncryptFlag(xVar)));
            return generateEncryptedRequestInner.b();
        } catch (Exception e8) {
            e8.printStackTrace();
            return null;
        }
    }

    private RSAPublicKeyInfo getRSAPublicKeyInfo(i iVar) {
        try {
            Certificate[] peerCertificates = ((SSLSocket) iVar.a()).getSession().getPeerCertificates();
            return new RSAPublicKeyInfo(peerCertificates, (RSAPublicKey) peerCertificates[0].getPublicKey());
        } catch (Exception e8) {
            e8.printStackTrace();
            return null;
        }
    }

    private int getResponseDecryptFlag(c0 c0Var) {
        return encryptFlagStringToInt(c0Var.h("X-MI-XFLAG"));
    }

    private boolean isInEncryptDomainList(String str) {
        List<String> list;
        if (!TextUtils.isEmpty(str) && (list = this.mEncryptDomainList) != null && !list.isEmpty()) {
            for (int i8 = 0; i8 < this.mEncryptDomainList.size(); i8++) {
                if (str.endsWith(this.mEncryptDomainList.get(i8))) {
                    return true;
                }
            }
        }
        return false;
    }

    private void wrapperReportMessage(Exception exc, c0 c0Var, byte[] bArr, RSAPublicKeyInfo rSAPublicKeyInfo) {
        if (this.mExceptionReporter == null || c0Var == null || rSAPublicKeyInfo == null || rSAPublicKeyInfo.rsaPublicKey == null) {
            return;
        }
        HashMap hashMap = new HashMap();
        StringBuilder sb = new StringBuilder();
        if (exc != null) {
            for (StackTraceElement stackTraceElement : exc.getStackTrace()) {
                sb.append(stackTraceElement.toString());
                sb.append("|");
            }
        }
        String rVar = c0Var.f22148c.f22371d.toString();
        r rVar2 = c0Var.f22153h;
        String rVar3 = rVar2 != null ? rVar2.toString() : "";
        String c0Var2 = c0Var.toString();
        hashMap.put("H_AESIV", Base64.encodeToString(EncryptHelper.getInstance().getAESIV(), 2));
        hashMap.put("H_AESKey", Base64.encodeToString(EncryptHelper.getInstance().getAESKey(), 2));
        hashMap.put("H_AESSecretKey", Base64.encodeToString(EncryptHelper.getInstance().getAESSecretKey(), 2));
        hashMap.put("H_AESKeyID", EncryptHelper.getInstance().getAESKeyID());
        hashMap.put("H_RsaPublicKey", rSAPublicKeyInfo.rsaPublicKey.toString());
        hashMap.put("H_CertificatePath", rSAPublicKeyInfo.certificatePathInfo);
        hashMap.put("H_RequestHeaders", rVar);
        hashMap.put("H_ResponseHeaders", rVar3);
        hashMap.put("H_Response", c0Var2);
        hashMap.put("H_Crash", sb.toString());
        if (bArr != null) {
            hashMap.put("H_ServerBodyBytes", Base64.encodeToString(bArr, 2));
        }
        ExceptionReporter exceptionReporter = this.mExceptionReporter;
        if (exceptionReporter != null) {
            exceptionReporter.callbackException(hashMap);
        }
    }

    public abstract boolean checkRequestNeedEncrypt(x xVar);

    public abstract x.a generateEncryptedRequestInner(x xVar) throws Exception;

    public abstract String getProtocolVersion();

    public int getRequestEncryptFlag(x xVar) {
        int encryptFlagStringToInt = encryptFlagStringToInt(xVar.a("X-MI-XFLAG"));
        if (encryptFlagStringToInt != 0) {
            return encryptFlagStringToInt;
        }
        s sVar = xVar.f22369b;
        return ((sVar == null || !isInEncryptDomainList(sVar.f22290e)) && !this.mIsDefaultEncrypt) ? 4 : 1;
    }

    @Override // i7.t
    public final c0 intercept(t.a aVar) throws IOException {
        c0 generateDecryptedResponse;
        x A = aVar.A();
        String sdkVersion = VersionUtils.getSdkVersion();
        A.getClass();
        x.a aVar2 = new x.a(A);
        aVar2.a(EncryptHeader.NAME_X_MI_XPROTOCOL, getProtocolVersion());
        aVar2.a(EncryptHeader.NAME_X_MI_XVERSION, sdkVersion);
        x b9 = aVar2.b();
        if (!checkIsNeedEncrypt(b9)) {
            return chainProceed(aVar, b9, false);
        }
        RSAPublicKeyInfo rSAPublicKeyInfo = getRSAPublicKeyInfo(aVar.b());
        if (rSAPublicKeyInfo == null || rSAPublicKeyInfo.rsaPublicKey == null) {
            return chainProceed(aVar, b9, false);
        }
        x generateEncryptedRequest = generateEncryptedRequest(b9, rSAPublicKeyInfo.rsaPublicKey);
        if (generateEncryptedRequest == null) {
            return chainProceed(aVar, b9, false);
        }
        c0 chainProceed = chainProceed(aVar, generateEncryptedRequest, true);
        return (!checkIsNeedDecrypt(chainProceed) || (generateDecryptedResponse = generateDecryptedResponse(rSAPublicKeyInfo, chainProceed)) == null) ? chainProceed : generateDecryptedResponse;
    }
}
