package com.mi.encrypt.okhttp;

import android.text.TextUtils;
import android.util.Base64;
import com.json.r7;
import com.mi.encrypt.EncryptHeader;
import com.mi.encrypt.EncryptHelper;
import com.mi.encrypt.VersionUtils;
import java.io.IOException;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPublicKey;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.net.ssl.SSLSocket;
import okhttp3.Connection;
import okhttp3.Headers;
import okhttp3.HttpUrl;
import okhttp3.Interceptor;
import okhttp3.Request;
import okhttp3.Response;
import okhttp3.ResponseBody;
import okhttp3.internal.http.HttpHeaders;
import okhttp3.internal.http.RealResponseBody;
import okio.Buffer;
import okio.BufferedSource;
import okio.GzipSource;
import okio.Okio;

/* loaded from: classes5.dex */
public abstract class EncryptInterceptor implements Interceptor {
    static final String GET = "GET";
    static final String POST = "POST";
    static final int REQ_0_RESP_0 = 4;
    static final int REQ_1_RESP_0 = 2;
    static final int REQ_1_RESP_1 = 1;
    static final int UNKNOWN = 0;
    static final String X_MI_XFLAG = "X-MI-XFLAG";
    static final String X_MI_XKEY = "X-MI-XKEY";
    private List<String> mEncryptDomainList;
    private ExceptionReporter mExceptionReporter;
    boolean mIsDefaultEncrypt;

    /* loaded from: classes5.dex */
    public static abstract class Builder {
        private ExceptionReporter exceptionReporter;
        private boolean isDefaultEncrypt = false;
        private List<String> encryptDomainList = new ArrayList();

        public abstract EncryptInterceptor build();

        public Builder setDefaultEncrypt(boolean z) {
            this.isDefaultEncrypt = z;
            return this;
        }

        public Builder setEncryptDomainList(List<String> list) {
            this.encryptDomainList.addAll(list);
            return this;
        }

        public Builder setExceptionReporter(ExceptionReporter exceptionReporter) {
            this.exceptionReporter = exceptionReporter;
            return this;
        }
    }

    /* loaded from: classes5.dex */
    public interface ExceptionReporter {
        void callbackException(Map<String, Object> map);
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes5.dex */
    public static class RSAPublicKeyInfo {
        private String certificatePathInfo;
        private RSAPublicKey rsaPublicKey;

        private RSAPublicKeyInfo(Certificate[] certificateArr, RSAPublicKey rSAPublicKey) {
            this.certificatePathInfo = dumpCertificatePathInfo(certificateArr);
            this.rsaPublicKey = rSAPublicKey;
        }

        private static String dumpCertificatePathInfo(Certificate[] certificateArr) {
            StringBuilder sb = new StringBuilder();
            if (certificateArr != null) {
                for (int i = 0; i < certificateArr.length; i++) {
                    Certificate certificate = certificateArr[i];
                    sb.append("---Certs[");
                    sb.append(i);
                    sb.append(r7.i.e);
                    sb.append("---\n");
                    if (certificate instanceof X509Certificate) {
                        X509Certificate x509Certificate = (X509Certificate) certificate;
                        sb.append(x509Certificate.getIssuerX500Principal().toString());
                        sb.append("\n");
                        sb.append(x509Certificate.getSubjectX500Principal().toString());
                        sb.append("\n");
                    }
                    sb.append(certificate.getPublicKey().toString());
                    sb.append("\n");
                }
            }
            return sb.toString();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public EncryptInterceptor(Builder builder) {
        this.mIsDefaultEncrypt = builder.isDefaultEncrypt;
        this.mEncryptDomainList = builder.encryptDomainList;
        this.mExceptionReporter = builder.exceptionReporter;
    }

    private Response chainProceed(Interceptor.Chain chain, Request request, boolean z) throws IOException {
        if (!z) {
            Set<String> names = request.headers().names();
            Request.Builder removeHeader = names.contains("X-MI-XFLAG") ? request.newBuilder().removeHeader("X-MI-XFLAG") : null;
            if (names.contains("X-MI-XKEY")) {
                if (removeHeader == null) {
                    removeHeader = request.newBuilder();
                }
                removeHeader.removeHeader("X-MI-XKEY");
            }
            if (removeHeader != null) {
                request = removeHeader.build();
            }
        }
        return chain.proceed(request);
    }

    private boolean checkIsNeedDecrypt(Response response) {
        return getResponseDecryptFlag(response) == 1 && HttpHeaders.hasBody(response);
    }

    private boolean checkIsNeedEncrypt(Request request) {
        int requestEncryptFlag;
        if (!request.isHttps()) {
            return false;
        }
        if (("GET".equalsIgnoreCase(request.method()) || "POST".equalsIgnoreCase(request.method())) && (requestEncryptFlag = getRequestEncryptFlag(request)) != 4) {
            return requestEncryptFlag != 2 || checkRequestNeedEncrypt(request);
        }
        return false;
    }

    private int encryptFlagStringToInt(String str) {
        int i;
        if (TextUtils.isEmpty(str)) {
            return 0;
        }
        try {
            i = Integer.parseInt(str);
        } catch (Exception unused) {
            i = 0;
        }
        int i2 = 1;
        if (i != 1) {
            i2 = 2;
            if (i != 2) {
                i2 = 4;
                if (i != 4) {
                    return 0;
                }
            }
        }
        return i2;
    }

    private Response generateDecryptedResponse(RSAPublicKeyInfo rSAPublicKeyInfo, Response response) {
        ResponseBody body;
        RealResponseBody realResponseBody;
        Headers headers;
        byte[] bytes;
        byte[] bArr = null;
        try {
            body = response.body();
            String header = response.header("Content-Type");
            long contentLength = body.getContentLength();
            BufferedSource source = body.getSource();
            source.request(Long.MAX_VALUE);
            Buffer bufferField = source.getBufferField();
            if ("gzip".equalsIgnoreCase(response.header("Content-Encoding"))) {
                realResponseBody = new RealResponseBody(header, -1L, Okio.buffer(new GzipSource(bufferField.clone())));
                headers = response.headers().newBuilder().removeAll("Content-Encoding").removeAll("Content-Length").build();
            } else {
                realResponseBody = new RealResponseBody(header, contentLength, bufferField.clone());
                headers = null;
            }
            bytes = realResponseBody.bytes();
        } catch (Exception e) {
            e = e;
        }
        try {
            byte[] decrypt = EncryptHelper.getInstance().decrypt(bytes);
            Response.Builder newBuilder = response.newBuilder();
            if (headers != null) {
                newBuilder.headers(headers);
            }
            ResponseBody create = ResponseBody.create(body.get$contentType(), decrypt);
            wrapperReportMessage(null, response, bytes, rSAPublicKeyInfo);
            return newBuilder.addHeader("Content-Length", String.valueOf(create.getContentLength())).body(create).build();
        } catch (Exception e2) {
            e = e2;
            bArr = bytes;
            wrapperReportMessage(e, response, bArr, rSAPublicKeyInfo);
            e.printStackTrace();
            return response;
        }
    }

    private Request generateEncryptedRequest(Request request, RSAPublicKey rSAPublicKey) {
        try {
            String encryptedAESKey = EncryptHelper.getInstance().getEncryptedAESKey(rSAPublicKey);
            String aESKeyID = EncryptHelper.getInstance().getAESKeyID();
            return generateEncryptedRequestInner(request).header("X-MI-XKEY", aESKeyID + encryptedAESKey).header("X-MI-XFLAG", String.valueOf(getRequestEncryptFlag(request))).build();
        } catch (Exception e) {
            e.printStackTrace();
            return null;
        }
    }

    private RSAPublicKeyInfo getRSAPublicKeyInfo(Connection connection) {
        try {
            Certificate[] peerCertificates = ((SSLSocket) connection.socket()).getSession().getPeerCertificates();
            return new RSAPublicKeyInfo(peerCertificates, (RSAPublicKey) peerCertificates[0].getPublicKey());
        } catch (Exception e) {
            e.printStackTrace();
            return null;
        }
    }

    private int getResponseDecryptFlag(Response response) {
        return encryptFlagStringToInt(response.header("X-MI-XFLAG"));
    }

    private boolean isInEncryptDomainList(String str) {
        List<String> list;
        if (!TextUtils.isEmpty(str) && (list = this.mEncryptDomainList) != null && !list.isEmpty()) {
            for (int i = 0; i < this.mEncryptDomainList.size(); i++) {
                if (str.endsWith(this.mEncryptDomainList.get(i))) {
                    return true;
                }
            }
        }
        return false;
    }

    private void wrapperReportMessage(Exception exc, Response response, byte[] bArr, RSAPublicKeyInfo rSAPublicKeyInfo) {
        if (this.mExceptionReporter == null || response == null || rSAPublicKeyInfo == null || rSAPublicKeyInfo.rsaPublicKey == null) {
            return;
        }
        HashMap hashMap = new HashMap();
        StringBuilder sb = new StringBuilder();
        if (exc != null) {
            for (StackTraceElement stackTraceElement : exc.getStackTrace()) {
                sb.append(stackTraceElement.toString());
                sb.append("|");
            }
        }
        String headers = response.request().headers().toString();
        String headers2 = response.headers() != null ? response.headers().toString() : "";
        String response2 = response.toString();
        hashMap.put("H_AESIV", Base64.encodeToString(EncryptHelper.getInstance().getAESIV(), 2));
        hashMap.put("H_AESKey", Base64.encodeToString(EncryptHelper.getInstance().getAESKey(), 2));
        hashMap.put("H_AESSecretKey", Base64.encodeToString(EncryptHelper.getInstance().getAESSecretKey(), 2));
        hashMap.put("H_AESKeyID", EncryptHelper.getInstance().getAESKeyID());
        hashMap.put("H_RsaPublicKey", rSAPublicKeyInfo.rsaPublicKey.toString());
        hashMap.put("H_CertificatePath", rSAPublicKeyInfo.certificatePathInfo);
        hashMap.put("H_RequestHeaders", headers);
        hashMap.put("H_ResponseHeaders", headers2);
        hashMap.put("H_Response", response2);
        hashMap.put("H_Crash", sb.toString());
        if (bArr != null) {
            hashMap.put("H_ServerBodyBytes", Base64.encodeToString(bArr, 2));
        }
        ExceptionReporter exceptionReporter = this.mExceptionReporter;
        if (exceptionReporter != null) {
            exceptionReporter.callbackException(hashMap);
        }
    }

    protected abstract boolean checkRequestNeedEncrypt(Request request);

    protected abstract Request.Builder generateEncryptedRequestInner(Request request) throws Exception;

    protected abstract String getProtocolVersion();

    protected int getRequestEncryptFlag(Request request) {
        int encryptFlagStringToInt = encryptFlagStringToInt(request.header("X-MI-XFLAG"));
        if (encryptFlagStringToInt != 0) {
            return encryptFlagStringToInt;
        }
        HttpUrl url = request.url();
        return ((url == null || !isInEncryptDomainList(url.host())) && !this.mIsDefaultEncrypt) ? 4 : 1;
    }

    @Override // okhttp3.Interceptor
    public final Response intercept(Interceptor.Chain chain) throws IOException {
        Response generateDecryptedResponse;
        Request build = chain.request().newBuilder().addHeader(EncryptHeader.NAME_X_MI_XPROTOCOL, getProtocolVersion()).addHeader(EncryptHeader.NAME_X_MI_XVERSION, VersionUtils.getSdkVersion()).build();
        if (!checkIsNeedEncrypt(build)) {
            return chainProceed(chain, build, false);
        }
        RSAPublicKeyInfo rSAPublicKeyInfo = getRSAPublicKeyInfo(chain.connection());
        if (rSAPublicKeyInfo == null || rSAPublicKeyInfo.rsaPublicKey == null) {
            return chainProceed(chain, build, false);
        }
        Request generateEncryptedRequest = generateEncryptedRequest(build, rSAPublicKeyInfo.rsaPublicKey);
        if (generateEncryptedRequest == null) {
            return chainProceed(chain, build, false);
        }
        Response chainProceed = chainProceed(chain, generateEncryptedRequest, true);
        return (!checkIsNeedDecrypt(chainProceed) || (generateDecryptedResponse = generateDecryptedResponse(rSAPublicKeyInfo, chainProceed)) == null) ? chainProceed : generateDecryptedResponse;
    }
}
