package com.oplus.pay.opensdk.statistic.network.Interceptor;

import android.text.TextUtils;
import com.oplus.nearx.track.internal.upload.net.NetworkConstant;
import com.oplus.pay.opensdk.statistic.helper.DigestHelper;
import com.oplus.pay.opensdk.statistic.helper.HeaderHelper;
import com.oplus.pay.opensdk.statistic.helper.PayLogUtil;
import com.oplus.pay.opensdk.statistic.network.Md5Helper;
import com.oplus.pay.opensdk.statistic.network.RsaHelper;
import com.oplus.pay.opensdk.statistic.network.SecurityProtocolHelper;
import com.platform.usercenter.network.header.HeaderConstant;
import com.platform.usercenter.network.header.UCHeaderHelperV2;
import java.io.IOException;
import java.net.URLEncoder;
import java.util.LinkedList;
import okhttp3.Headers;
import okhttp3.Interceptor;
import okhttp3.MediaType;
import okhttp3.Request;
import okhttp3.RequestBody;
import okhttp3.Response;
import okhttp3.ResponseBody;
import okio.Buffer;
import org.json.JSONObject;

/* loaded from: classes3.dex */
public class SecurityRequestInterceptor implements Interceptor {
    private static final int DECRYPT_FAIL_CODE = 5222;
    private static final String FORMAT_CONTENT_TYPE = "%s; charset=%s";
    private static final String FORMAT_UTF_8 = "UTF-8";
    protected static final String HEADER_K_ACCEPT = "Accept";
    protected static final String HEADER_K_CONTENT_TYPE = "Content-Type";
    protected static final String HEADER_V_APPLICATION_JSON = "application/json";
    private static final String HEADER_V_PROTOCOL_VERSION = "3.0";
    private static final String HEADER_V_SECURITY_ACCEPT = "application/encrypted-json";
    private static final String HEADER_V_SECURITY_APPLICATION_JSON = "application/encrypted-json";
    private static final String HEADER_X_PROTOCOL = "X-Protocol";
    private static final String HEADER_X_PROTOCOL_VER = "X-Protocol-Ver";
    private static final String HEADER_X_SAFETY = "X-Safety";
    private static final String HEADER_X_SESSION_TICKET = "X-Session-Ticket";
    private static final String HEADER_X_SIGNATURE = "X-Signature";
    public static final String LOG_DOWNGRADE_REQUEST_END = "=================downgrade request end";
    public static final String LOG_END_REQUEST = "=================end request";
    public static final String LOG_FIRST_REQUEST_SUCCESS = "=================first request success";
    public static final String LOG_HAS_A_AVAILABLE_SECURITY_KEYS = "has a Available security keys";
    public static final String LOG_REQUEST_DOWNGRADE_TIME = "=================request downgrade time";
    public static final String LOG_REQUEST_FIRST_TIME = "=================request first time";
    public static final String LOG_REQUEST_SECOND_TIME = "=================request second time";
    public static final String LOG_SECOND_REQUEST_SUCCESS = "=================second request success";
    public static final String LOG_SECURITY_KEYS_UN_AVAILABLE_AND_RESET_SECURITY_KEYS = "mSecurityKeys unAvailable and reset security keys";
    private static final int STATUS_CODE_DECRYPT_FAIL = 222;
    public static final String TAG = "Pay SecurityRequest";
    private String mHeaderSignature;
    private String TAG_SUFFIX = TAG;
    private final LogQueue mLogs = new LogQueue();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes3.dex */
    public static final class LogQueue extends LinkedList<String> {
        private LogQueue() {
        }

        @Override // java.util.LinkedList, java.util.Deque, java.util.Queue
        public boolean offer(String str) {
            return super.offer((LogQueue) str);
        }
    }

    private static String bodyToString(RequestBody requestBody) {
        try {
            Buffer buffer = new Buffer();
            requestBody.writeTo(buffer);
            return buffer.readUtf8();
        } catch (Exception e) {
            e.printStackTrace();
            return null;
        }
    }

    private static String buildXProtocolHeader(String str, String str2, String str3) {
        try {
            JSONObject jSONObject = new JSONObject();
            jSONObject.put(getProviderKeyXor8(), str);
            jSONObject.put(NetworkConstant.KEY_IV, str3);
            jSONObject.put("sessionTicket", str2);
            return URLEncoder.encode(jSONObject.toString(), UCHeaderHelperV2.UTF_8);
        } catch (Exception e) {
            PayLogUtil.e(e.getMessage());
            return "";
        }
    }

    private void checkAndSetProtocol(Headers.Builder builder, String str, SecurityProtocolHelper.SecurityKeys securityKeys) {
        if (checkNameAndValue("X-Safety", str)) {
            builder.set("X-Safety", str);
        }
        String buildXProtocolHeader = buildXProtocolHeader(securityKeys.mRSA, securityKeys.mSecurityTicket, securityKeys.mIVStr);
        if (checkNameAndValue("X-Protocol", buildXProtocolHeader)) {
            builder.set("X-Protocol", buildXProtocolHeader);
        }
        builder.set("X-Protocol-Ver", HEADER_V_PROTOCOL_VERSION);
    }

    private Response decryptResponse(Response response, SecurityProtocolHelper.SecurityKeys securityKeys, String str) {
        Headers headers = response.headers();
        return success(response) ? getResponse(response, securityKeys, headers, response.body()) : getResponse(response, str, headers);
    }

    private Request encryptRequest(Request request, RequestBody requestBody, Headers headers, String str, SecurityProtocolHelper.SecurityKeys securityKeys) throws IOException {
        Headers.Builder newBuilder = headers.newBuilder();
        if (!TextUtils.isEmpty(str)) {
            String encode = URLEncoder.encode(securityKeys.encrypt(str), "UTF-8");
            this.mHeaderSignature = encode;
            newBuilder.set("Accept", HeaderConstant.HEADER_SECURITY_CONTENT_TYPE);
            checkAndSetProtocol(newBuilder, encode, securityKeys);
            request = request.newBuilder().headers(newBuilder.build()).build();
        }
        return request.newBuilder().post(RequestBody.create(MediaType.parse(formatContentType(true)), securityKeys.encrypt(bodyToString(requestBody)))).build();
    }

    private String formatContentType(boolean z) {
        Object[] objArr = new Object[2];
        objArr[0] = z ? HeaderConstant.HEADER_SECURITY_CONTENT_TYPE : "application/json";
        objArr[1] = "UTF-8";
        return String.format(FORMAT_CONTENT_TYPE, objArr);
    }

    private static String getProviderKeyXor8() {
        return DigestHelper.xorContent("cmq");
    }

    private Response getResponse(Response response, SecurityProtocolHelper.SecurityKeys securityKeys, Headers headers, ResponseBody responseBody) {
        String str;
        try {
            str = response.body().string();
        } catch (IOException unused) {
            this.mLogs.offer("decryptResponse srcResponse.body().string() IOException = ");
            str = null;
        }
        if (!TextUtils.isEmpty(headers.get("X-Session-Ticket"))) {
            this.mLogs.offer("decryptResponse parserSecurityTicketHeader = " + headers.get("X-Session-Ticket"));
            securityKeys.mSecurityTicket = headers.get("X-Session-Ticket");
        }
        String decrypt = securityKeys.decrypt(str);
        if (TextUtils.isEmpty(decrypt)) {
            this.mLogs.offer("decryptResponse decrypt fail and throw SecurityDecryptError ; the aes key = " + securityKeys.mAES);
            return response.newBuilder().code(DECRYPT_FAIL_CODE).build();
        }
        SecurityProtocolHelper.getInstance().setSecurityKeys(securityKeys);
        return response.newBuilder().body(ResponseBody.create(responseBody.contentType(), decrypt)).build();
    }

    private Response getResponse(Response response, String str, Headers headers) {
        if (response.code() != STATUS_CODE_DECRYPT_FAIL || TextUtils.isEmpty(headers.get(HEADER_X_SIGNATURE))) {
            return response;
        }
        String str2 = headers.get(HEADER_X_SIGNATURE);
        String md5 = Md5Helper.md5(this.mHeaderSignature);
        if (RsaHelper.doCheck(md5, str2, RsaHelper.Key)) {
            this.mLogs.offer("parseNetworkResponse receive status code 222 and verify signature success , throw SecurityDecryptError");
            return response.newBuilder().code(DECRYPT_FAIL_CODE).build();
        }
        this.mLogs.offer("decryptResponse receive status code 222 signature = " + str2);
        this.mLogs.offer("decryptResponse receive status code 222 mEncryptHeader  = " + str);
        this.mLogs.offer("decryptResponse receive status code 222 mEncryptHeader md5  = " + md5);
        this.mLogs.offer("decryptResponse receive status code 222 and verify signature fail");
        return response;
    }

    private void printLog() {
        for (int i = 0; i < this.mLogs.size() + 1; i++) {
            try {
                PayLogUtil.i(this.TAG_SUFFIX + "" + this.mLogs.poll());
            } catch (Exception unused) {
                return;
            }
        }
    }

    private boolean success(Response response) {
        return (response == null || !response.isSuccessful() || response.code() == STATUS_CODE_DECRYPT_FAIL) ? false : true;
    }

    public boolean checkNameAndValue(String str, String str2) {
        if (str == null || str.isEmpty()) {
            return false;
        }
        int length = str.length();
        for (int i = 0; i < length; i++) {
            char charAt = str.charAt(i);
            if (charAt <= ' ' || charAt >= 127) {
                return false;
            }
        }
        if (str2 == null) {
            return false;
        }
        int length2 = str2.length();
        for (int i2 = 0; i2 < length2; i2++) {
            char charAt2 = str2.charAt(i2);
            if ((charAt2 <= 31 && charAt2 != '\t') || charAt2 >= 127) {
                return false;
            }
        }
        return true;
    }

    @Override // okhttp3.Interceptor
    public Response intercept(Interceptor.Chain chain) throws IOException {
        Request request = chain.request();
        this.TAG_SUFFIX = "Pay SecurityRequest:" + request.url().encodedPath();
        SecurityProtocolHelper.SecurityKeys securityKeys = SecurityProtocolHelper.getInstance().getSecurityKeys();
        if (securityKeys == null || !securityKeys.available()) {
            this.mLogs.offer(LOG_SECURITY_KEYS_UN_AVAILABLE_AND_RESET_SECURITY_KEYS);
            securityKeys = new SecurityProtocolHelper.SecurityKeys();
        } else {
            this.mLogs.offer(LOG_HAS_A_AVAILABLE_SECURITY_KEYS);
        }
        SecurityProtocolHelper.SecurityKeys securityKeys2 = securityKeys;
        this.mLogs.offer(" SECURITY Ticket =  " + securityKeys2.mSecurityTicket);
        Headers headers = request.headers();
        RequestBody body = request.body();
        String securityJson = HeaderHelper.HeaderXSafety.getSecurityJson();
        this.mLogs.offer(LOG_REQUEST_FIRST_TIME);
        Response proceed = chain.proceed(encryptRequest(request, body, headers, securityJson, securityKeys2));
        Response decryptResponse = decryptResponse(proceed, securityKeys2, securityJson);
        try {
            if (!success(decryptResponse)) {
                if (decryptResponse.code() == DECRYPT_FAIL_CODE) {
                    this.mLogs.offer(LOG_REQUEST_SECOND_TIME);
                    SecurityProtocolHelper.getInstance().clearSecurityKeys();
                    SecurityProtocolHelper.SecurityKeys securityKeys3 = new SecurityProtocolHelper.SecurityKeys();
                    decryptResponse = decryptResponse(chain.proceed(encryptRequest(request, body, headers, securityJson, securityKeys3)), securityKeys3, securityJson);
                    if (success(decryptResponse)) {
                        this.mLogs.offer(LOG_SECOND_REQUEST_SUCCESS);
                    } else if (decryptResponse.code() == DECRYPT_FAIL_CODE) {
                        this.mLogs.offer(LOG_REQUEST_DOWNGRADE_TIME);
                        SecurityProtocolHelper.getInstance().clearSecurityKeys();
                        proceed = chain.proceed(request.newBuilder().header("Accept", "application/json").post(RequestBody.create(MediaType.parse(formatContentType(false)), bodyToString(body))).build());
                        this.mLogs.offer(LOG_DOWNGRADE_REQUEST_END);
                    }
                }
                this.mLogs.offer(LOG_END_REQUEST);
                return proceed;
            }
            this.mLogs.offer(LOG_FIRST_REQUEST_SUCCESS);
            this.mLogs.offer(LOG_END_REQUEST);
            return proceed;
        } finally {
            printLog();
        }
        proceed = decryptResponse;
    }
}
