package com.ix.sdk.key;

import android.os.Bundle;
import android.text.TextUtils;
import com.ix.r2.ruby.keyclient.interfaces.ECCryptoProvider;
import com.ix.r2.ruby.keyclient.interfaces.KeyServerProxy;
import com.ix.r2.ruby.keyclient.security.impl.SimpleECCryptoCallback;
import com.ix.sdk.key.interfaces.KeyProxy;
import com.ix.sdk.util.DataUtil;
import com.ix.sdk.util.LogUtils;
import java.io.IOException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.SecureRandom;
import java.security.spec.ECGenParameterSpec;
import java.util.Arrays;
import javax.crypto.Cipher;
import javax.crypto.CipherInputStream;
import javax.crypto.CipherOutputStream;
import javax.crypto.KeyAgreement;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import okhttp3.Interceptor;
import okhttp3.MediaType;
import okhttp3.OkHttpClient;
import okhttp3.Request;
import okhttp3.RequestBody;
import okhttp3.Response;
import okhttp3.ResponseBody;
import okio.BufferedSink;
import okio.BufferedSource;
import okio.Okio;
import org.spongycastle.jce.interfaces.ECPrivateKey;
import org.spongycastle.jce.interfaces.ECPublicKey;

/* loaded from: classes2.dex */
public final class KeyProxyHttpClient {
    public static int CHANGE_RANDOM_KEY_AFTER_REQUESTS = 10;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes2.dex */
    public static final class a {
        String a;
        String b;
        String c;
        String d;
        String e;

        a() {
        }

        a(String str, String str2) {
            this.a = str;
            this.b = str2;
        }

        static synchronized a a(a aVar, boolean z) {
            synchronized (a.class) {
                if (aVar == null) {
                    LogUtils.e("KeyProxyHttpClient", "ChannelSecureKeyData.copy: originalKeyData should not be null");
                    return null;
                }
                if (z && !aVar.a()) {
                    LogUtils.e("KeyProxyHttpClient", "ChannelSecureKeyData.copy: originalKeyData is invalid");
                    return null;
                }
                a aVar2 = new a();
                aVar2.b(aVar, z);
                return aVar2;
            }
        }

        synchronized boolean a() {
            if (TextUtils.isEmpty(this.a)) {
                LogUtils.sw("KeyProxyHttpClient", "ChannelSecureKeyData.isKeyValid: userAccount is empty");
                return false;
            }
            if (TextUtils.isEmpty(this.b)) {
                LogUtils.sw("KeyProxyHttpClient", "ChannelSecureKeyData.isKeyValid: applicationUserPublicKey is empty");
                return false;
            }
            if (TextUtils.isEmpty(this.c)) {
                LogUtils.sw("KeyProxyHttpClient", "ChannelSecureKeyData.isKeyValid: headerEphemeralPublicKey is empty");
                return false;
            }
            if (TextUtils.isEmpty(this.d)) {
                LogUtils.sw("KeyProxyHttpClient", "ChannelSecureKeyData.isKeyValid: headerSignature is empty");
                return false;
            }
            if (!TextUtils.isEmpty(this.e)) {
                return true;
            }
            LogUtils.sw("KeyProxyHttpClient", "ChannelSecureKeyData.isKeyValid: secretHexString is empty");
            return false;
        }

        synchronized boolean a(a aVar) {
            boolean z = false;
            if (aVar == null) {
                LogUtils.e("KeyProxyHttpClient", "ChannelSecureKeyData.isSameChannel: originalKeyData should not be null");
                return false;
            }
            if (!TextUtils.isEmpty(this.a) && this.a.equalsIgnoreCase(aVar.a) && !TextUtils.isEmpty(this.b) && this.b.equals(aVar.b)) {
                z = true;
            }
            return z;
        }

        synchronized boolean b(a aVar, boolean z) {
            if (aVar == null) {
                LogUtils.e("KeyProxyHttpClient", "ChannelSecureKeyData.cloneKeyData: originalKeyData should not be null");
                return false;
            }
            if (z && !aVar.a()) {
                LogUtils.e("KeyProxyHttpClient", "ChannelSecureKeyData.setKeyToKeyData: originalKeyData is invalid");
                return false;
            }
            this.a = aVar.a;
            this.b = aVar.b;
            this.c = aVar.c;
            this.d = aVar.d;
            this.e = aVar.e;
            return true;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes2.dex */
    public static final class b implements Interceptor {
        private static int a;
        private static a b;
        private String c;
        private a d;

        private b(String str) {
            this.d = new a();
            this.c = str;
        }

        private static synchronized a a(String str, String str2, String str3) {
            synchronized (b.class) {
                LogUtils.d("KeyProxyHttpClient", "generateNewChannelSecureKeyPair(): current RequestNumbers = %d", Integer.valueOf(a));
                final a aVar = new a(str2, str3);
                if (a >= KeyProxyHttpClient.CHANGE_RANDOM_KEY_AFTER_REQUESTS) {
                    LogUtils.sw("KeyProxyHttpClient", "generateNewChannelSecureKeyPair: reset requestNumbers to 0");
                    a = 0;
                }
                if (a > 0) {
                    a aVar2 = b;
                    if (aVar2 == null || !aVar2.a()) {
                        LogUtils.w("KeyProxyHttpClient", "generateNewChannelSecureKeyPair: cachedChannelSecureKeyData is invalid, need regenerate key");
                    } else if (!b.a(aVar)) {
                        LogUtils.w("KeyProxyHttpClient", "generateNewChannelSecureKeyPair: channel is different, need regenerate key");
                    } else {
                        if (aVar.b(b, true)) {
                            int i = a + 1;
                            a = i;
                            LogUtils.d("KeyProxyHttpClient", "generateNewChannelSecureKeyPair: return previous cached key, new RequestNumbers = %d", Integer.valueOf(i));
                            return aVar;
                        }
                        LogUtils.e("KeyProxyHttpClient", "generateNewChannelSecureKeyPair: cloneKeyFromKeyData fail, need regenerate key");
                    }
                }
                try {
                    LogUtils.d("KeyProxyHttpClient", "generateNewChannelSecureKeyPair: secureChannelProxyPublicKey = " + str);
                    KeyProxy activeKeyProxy = KeyProxyManager.getInstance().getActiveKeyProxy();
                    if (activeKeyProxy == null || !activeKeyProxy.isLogin()) {
                        LogUtils.e("KeyProxyHttpClient", "generateNewChannelSecureKeyPair: no active key proxy");
                        throw new Exception("generateNewChannelSecureKeyPair: no active key proxy");
                    }
                    KeyServerProxy keyServerProxy = activeKeyProxy.getKeyServerProxy();
                    if (keyServerProxy == null) {
                        LogUtils.e("KeyProxyHttpClient", "generateNewChannelSecureKeyPair: keyProxyKeyServerProxy should not be null");
                        throw new Exception("generateNewChannelSecureKeyPair: keyProxyKeyServerProxy should not be null");
                    }
                    ECCryptoProvider eCCryptoProvider = keyServerProxy.getECCryptoProvider();
                    if (eCCryptoProvider == null) {
                        LogUtils.e("KeyProxyHttpClient", "generateNewChannelSecureKeyPair: cryptoProvider should not be null");
                        throw new Exception("generateNewChannelSecureKeyPair: cryptoProvider should not be null");
                    }
                    ECPublicKey generateECPublicKey = DataUtil.generateECPublicKey(DataUtil.hexStringToBytes(str));
                    KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(ECCryptoProvider.ECDH_ALGORITHM_NAME, "SC");
                    keyPairGenerator.initialize(new ECGenParameterSpec(ECCryptoProvider.EC_NAME), new SecureRandom());
                    KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
                    ECPrivateKey eCPrivateKey = (ECPrivateKey) generateKeyPair.getPrivate();
                    aVar.c = DataUtil.bytesToHexString(((ECPublicKey) generateKeyPair.getPublic()).getQ().getEncoded(false));
                    KeyAgreement keyAgreement = KeyAgreement.getInstance(ECCryptoProvider.ECDH_ALGORITHM_NAME, "SC");
                    keyAgreement.init(eCPrivateKey);
                    keyAgreement.doPhase(generateECPublicKey, true);
                    byte[] generateSecret = keyAgreement.generateSecret();
                    if (generateSecret == null || generateSecret.length == 0) {
                        LogUtils.e("KeyProxyHttpClient", "generateNewChannelSecureKeyPair: secretBytes should not be empty");
                        throw new Exception("generateNewChannelSecureKeyPair: secretBytes should not be empty");
                    }
                    aVar.e = DataUtil.bytesToHexString(generateSecret);
                    LogUtils.sd("KeyProxyHttpClient", "generateNewChannelSecureKeyPair: secret = " + aVar.e);
                    Bundle bundle = new Bundle();
                    bundle.putByteArray(ECCryptoProvider.DATA_SIGN_PLAN_DATA, aVar.c.getBytes());
                    eCCryptoProvider.processCryptoData(ECCryptoProvider.TAG_ECDSA_SIGN, bundle, new SimpleECCryptoCallback() { // from class: com.ix.sdk.key.KeyProxyHttpClient.b.1
                        @Override // com.ix.r2.ruby.keyclient.security.impl.SimpleECCryptoCallback, com.ix.r2.ruby.keyclient.interfaces.ECCryptoCallback
                        public void onECDSASignatureReady(int i2, byte[] bArr) {
                            if (i2 == 0) {
                                a.this.d = DataUtil.bytesToHexString(bArr);
                            } else {
                                LogUtils.e("KeyProxyHttpClient", "generateNewChannelSecureKeyPair: ECDSA sign result status = " + i2);
                                a.this.d = null;
                            }
                        }
                    });
                    if (aVar.d == null) {
                        throw new Exception("generateNewChannelSecureKeyPair: headerSignature null");
                    }
                    if (b != null) {
                        LogUtils.d("KeyProxyHttpClient", "generateNewChannelSecureKeyPair: find cachedChannelSecureKeyData");
                    } else {
                        LogUtils.w("KeyProxyHttpClient", "generateNewChannelSecureKeyPair: not find cachedChannelSecureKeyData");
                    }
                    b = a.a(aVar, false);
                    int i2 = a + 1;
                    a = i2;
                    LogUtils.d("KeyProxyHttpClient", "generateNewChannelSecureKeyPair: new cachedChannelSecureKeyData.secret, new RequestNumbers = %d", Integer.valueOf(i2));
                    return b;
                } catch (Exception e) {
                    LogUtils.e("KeyProxyHttpClient", "generateNewChannelSecureKeyPair: exception: " + e.toString());
                    return null;
                }
            }
        }

        private RequestBody a(final Request request) {
            if ("GET".equalsIgnoreCase(request.method())) {
                return null;
            }
            return new RequestBody() { // from class: com.ix.sdk.key.KeyProxyHttpClient.b.2
                @Override // okhttp3.RequestBody
                public long contentLength() {
                    try {
                        return request.body().contentLength();
                    } catch (Exception unused) {
                        return -1L;
                    }
                }

                @Override // okhttp3.RequestBody
                public MediaType contentType() {
                    return request.body().contentType();
                }

                @Override // okhttp3.RequestBody
                public void writeTo(BufferedSink bufferedSink) throws IOException {
                    try {
                        BufferedSink buffer = Okio.buffer(Okio.sink(new CipherOutputStream(bufferedSink.outputStream(), b.this.b())));
                        request.body().writeTo(buffer);
                        LogUtils.sd("KeyProxyHttpClient", "encrypt: success");
                        buffer.close();
                    } catch (Exception e) {
                        LogUtils.e("KeyProxyHttpClient", "encrypt: exception: " + e.toString());
                        throw new IOException(e);
                    }
                }
            };
        }

        private ResponseBody a(final ResponseBody responseBody) {
            return new ResponseBody() { // from class: com.ix.sdk.key.KeyProxyHttpClient.b.3
                @Override // okhttp3.ResponseBody
                public long contentLength() {
                    return responseBody.contentLength();
                }

                @Override // okhttp3.ResponseBody
                public MediaType contentType() {
                    return responseBody.contentType();
                }

                @Override // okhttp3.ResponseBody
                public BufferedSource source() {
                    try {
                        CipherInputStream cipherInputStream = new CipherInputStream(responseBody.byteStream(), b.this.c());
                        LogUtils.sd("KeyProxyHttpClient", "decrypt: success");
                        return Okio.buffer(Okio.source(cipherInputStream));
                    } catch (Exception e) {
                        LogUtils.e("KeyProxyHttpClient", "decrypt: exception: " + e.toString());
                        return null;
                    }
                }
            };
        }

        private synchronized void a() throws Exception {
            LogUtils.d("KeyProxyHttpClient", "onIncomingRequest: request Numbers = %d, max Numbers = %d", Integer.valueOf(a), Integer.valueOf(KeyProxyHttpClient.CHANGE_RANDOM_KEY_AFTER_REQUESTS));
            if (!DataUtil.isHexString(this.c)) {
                LogUtils.e("KeyProxyHttpClient", "onIncomingRequest: secureChannelProxyPublicKey is invalid");
                throw new Exception("onIncomingRequest: secureChannelProxyPublicKey is invalid");
            }
            KeyProxy activeKeyProxy = KeyProxyManager.getInstance().getActiveKeyProxy();
            if (activeKeyProxy == null) {
                LogUtils.e("KeyProxyHttpClient", "onIncomingRequest: active key proxy should not be null");
                throw new Exception("onIncomingRequest: active key proxy should not be null");
            }
            if (!activeKeyProxy.isLogin()) {
                LogUtils.e("KeyProxyHttpClient", "onIncomingRequest: active key proxy is not login");
                throw new Exception("onIncomingRequest: active key proxy is not login");
            }
            String account = KeyProxyManager.getInstance().getAccount();
            if (TextUtils.isEmpty(account)) {
                LogUtils.e("KeyProxyHttpClient", "onIncomingRequest: currentUserAccount should not be empty");
                throw new Exception("onIncomingRequest: currentUserAccount should not be empty");
            }
            KeyServerProxy keyServerProxy = activeKeyProxy.getKeyServerProxy();
            if (keyServerProxy == null) {
                LogUtils.e("KeyProxyHttpClient", "onIncomingRequest: keyProxyKeyServerProxy should not be null");
                throw new Exception("onIncomingRequest: keyProxyKeyServerProxy should not be null");
            }
            ECCryptoProvider eCCryptoProvider = keyServerProxy.getECCryptoProvider();
            if (eCCryptoProvider == null) {
                LogUtils.e("KeyProxyHttpClient", "onIncomingRequest: cryptoProvider should not be null");
                throw new Exception("onIncomingRequest: cryptoProvider should not be null");
            }
            String publicKey = eCCryptoProvider.getPublicKey();
            if (TextUtils.isEmpty(publicKey)) {
                LogUtils.e("KeyProxyHttpClient", "onIncomingRequest: applicationUserPublicKey should not be empty");
                throw new Exception("onIncomingRequest: applicationUserPublicKey should not be empty");
            }
            a a2 = a(this.c, account, publicKey);
            if (a2 == null) {
                LogUtils.e("KeyProxyHttpClient", "onIncomingRequest: generateChannelSecureKeyPair should not return null");
                throw new Exception("onIncomingRequest: generateChannelSecureKeyPair should not return null");
            }
            if (!this.d.b(a2, true)) {
                LogUtils.e("KeyProxyHttpClient", "onIncomingRequest: cloneKeyData fail");
                throw new Exception("onIncomingRequest: cloneKeyData fail");
            }
            LogUtils.sd("KeyProxyHttpClient", "onIncomingRequest: cloneKeyData success");
        }

        /* JADX INFO: Access modifiers changed from: private */
        public Cipher b() throws KeyCipherException {
            if (TextUtils.isEmpty(this.d.e)) {
                LogUtils.e("KeyProxyHttpClient", "getEncryptCipher: secretHexString should not be empty");
                throw new KeyCipherException("getEncryptCipher: secretHexString should not be empty");
            }
            byte[] hexStringToBytes = DataUtil.hexStringToBytes(this.d.e);
            byte[] bArr = new byte[16];
            Arrays.fill(bArr, (byte) 0);
            IvParameterSpec ivParameterSpec = new IvParameterSpec(bArr);
            SecretKeySpec secretKeySpec = new SecretKeySpec(hexStringToBytes, "AES");
            try {
                Cipher cipher = Cipher.getInstance(KeyCipher.DEFAULT_TRANSFORM);
                cipher.init(1, secretKeySpec, ivParameterSpec);
                return cipher;
            } catch (Exception e) {
                LogUtils.e("KeyProxyHttpClient", "getEncryptCipher, exception: " + e.toString());
                throw new KeyCipherException(e);
            }
        }

        /* JADX INFO: Access modifiers changed from: private */
        public Cipher c() throws KeyCipherException {
            if (TextUtils.isEmpty(this.d.e)) {
                LogUtils.e("KeyProxyHttpClient", "getDecryptCipher: secretHexString should not be empty");
                throw new KeyCipherException("getDecryptCipher: secretHexString should not be empty");
            }
            byte[] hexStringToBytes = DataUtil.hexStringToBytes(this.d.e);
            byte[] bArr = new byte[16];
            Arrays.fill(bArr, (byte) 0);
            IvParameterSpec ivParameterSpec = new IvParameterSpec(bArr);
            SecretKeySpec secretKeySpec = new SecretKeySpec(hexStringToBytes, "AES");
            try {
                Cipher cipher = Cipher.getInstance(KeyCipher.DEFAULT_TRANSFORM);
                cipher.init(2, secretKeySpec, ivParameterSpec);
                return cipher;
            } catch (Exception e) {
                LogUtils.e("KeyProxyHttpClient", "getDecryptCipher, exception: " + e.toString());
                throw new KeyCipherException(e);
            }
        }

        @Override // okhttp3.Interceptor
        public Response intercept(Interceptor.Chain chain) throws IOException {
            try {
                a();
                LogUtils.d("KeyProxyHttpClient", "RequestResponseInterceptor: current requestNumbers = " + a);
                Request request = chain.request();
                Request.Builder newBuilder = request.newBuilder();
                newBuilder.method(request.method(), a(request));
                newBuilder.header("x-user-request-numbers", Integer.toString(a));
                if (this.d.a != null) {
                    newBuilder.header("x-user-account", this.d.a);
                } else {
                    LogUtils.e("KeyProxyHttpClient", "RequestResponseInterceptor: HEADER_USER_ACCOUNT should not be null");
                }
                if (this.d.b != null) {
                    newBuilder.header("x-user-publickey", this.d.b);
                } else {
                    LogUtils.e("KeyProxyHttpClient", "RequestResponseInterceptor: HEADER_USER_PUBLICKEY should not be null");
                }
                if (this.d.c != null) {
                    newBuilder.header("x-ephemeral-publickey", this.d.c);
                } else {
                    LogUtils.e("KeyProxyHttpClient", "RequestResponseInterceptor: HEADER_EPHEMERAL_PUBLICKEY should not be null");
                }
                if (this.d.d != null) {
                    newBuilder.header("x-user-signature", this.d.d);
                } else {
                    LogUtils.e("KeyProxyHttpClient", "RequestResponseInterceptor: HEADER_SIGNATURE should not be null");
                }
                newBuilder.header("Accept-Encoding", "identity");
                Response proceed = chain.proceed(newBuilder.build());
                String header = proceed.header("x-proxy-error");
                if (header != null) {
                    LogUtils.e("KeyProxyHttpClient", "RequestResponseInterceptor: proxyError = %s", header);
                    return proceed;
                }
                Response.Builder newBuilder2 = proceed.newBuilder();
                newBuilder2.body(a(proceed.body()));
                LogUtils.sd("KeyProxyHttpClient", "RequestResponseInterceptor: decrypt originalResponse body completed");
                return newBuilder2.build();
            } catch (Exception e) {
                LogUtils.e("KeyProxyHttpClient", "RequestResponseInterceptor: onIncomingRequest exception: " + e.toString());
                throw new IOException(e);
            }
        }
    }

    public static OkHttpClient getHttpClient(String str) {
        if (!DataUtil.isHexString(str)) {
            LogUtils.e("KeyProxyHttpClient", "getHttpClient: secureChannelProxyPublicKey invalid");
            throw new IllegalArgumentException("secureChannelProxyPublicKey invalid: " + str);
        }
        if (str.length() == 130) {
            return new OkHttpClient.Builder().addInterceptor(new b(str)).build();
        }
        LogUtils.e("KeyProxyHttpClient", "getHttpClient: secureChannelProxyPublicKey invalid length");
        throw new IllegalArgumentException("secureChannelProxyPublicKey invalid length: " + str);
    }

    public static OkHttpClient.Builder getHttpClientBuilder(String str) {
        if (!DataUtil.isHexString(str)) {
            LogUtils.e("KeyProxyHttpClient", "getHttpClientBuilder: secureChannelProxyPublicKey invalid");
            throw new IllegalArgumentException("secureChannelProxyPublicKey invalid: " + str);
        }
        if (str.length() != 130) {
            LogUtils.e("KeyProxyHttpClient", "getHttpClientBuilder: secureChannelProxyPublicKey invalid length");
            throw new IllegalArgumentException("secureChannelProxyPublicKey invalid length: " + str);
        }
        b bVar = new b(str);
        OkHttpClient.Builder builder = new OkHttpClient.Builder();
        builder.addInterceptor(bVar);
        return builder;
    }
}
