package com.sankuai.meituan.tte;

import android.support.annotation.NonNull;
import android.support.annotation.VisibleForTesting;
import android.util.Pair;
import com.meituan.android.common.unionid.oneid.util.DeviceInfo;
import com.meituan.robust.ChangeQuickRedirect;
import com.meituan.robust.PatchProxy;
import com.sankuai.meituan.tte.TTE;
import com.sankuai.meituan.tte.i;
import com.sankuai.meituan.tte.v;
import java.io.IOException;
import java.io.OutputStream;
import java.net.HttpURLConnection;
import java.net.URL;
import java.security.InvalidKeyException;
import java.security.SignatureException;
import java.util.Arrays;
import java.util.List;
import java.util.concurrent.ScheduledExecutorService;
import org.json.JSONException;
import org.json.JSONObject;

/* loaded from: classes3.dex */
public final class TKeyAgreement {
    public static ChangeQuickRedirect changeQuickRedirect;

    /* renamed from: a, reason: collision with root package name */
    public final TTE.a f25758a;

    /* renamed from: b, reason: collision with root package name */
    public final i f25759b;

    /* renamed from: c, reason: collision with root package name */
    public final String f25760c;

    /* renamed from: d, reason: collision with root package name */
    public final u f25761d;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes3.dex */
    public static class HttpStatusException extends IOException {
        public static ChangeQuickRedirect changeQuickRedirect;
        public final int code;

        public HttpStatusException(String str, int i) {
            super(str);
            this.code = i;
        }
    }

    static {
        com.meituan.android.paladin.b.a(-7715231734899821037L);
    }

    public TKeyAgreement(TTE.a aVar) {
        Object[] objArr = {aVar};
        ChangeQuickRedirect changeQuickRedirect2 = changeQuickRedirect;
        if (PatchProxy.isSupport(objArr, this, changeQuickRedirect2, -2457987351115159211L)) {
            PatchProxy.accessDispatch(objArr, this, changeQuickRedirect2, -2457987351115159211L);
            return;
        }
        this.f25758a = aVar;
        this.f25759b = aVar.f25770b == TTE.CipherSuite.SM ? k.a(aVar.f25769a) : j.a(aVar.f25769a);
        this.f25760c = (aVar.f25769a == TTE.Env.PROD ? "https://tte.meituan.com" : "https://tte.inf.test.sankuai.com") + (aVar.f25770b == TTE.CipherSuite.SM ? "/api/v1/tte/gmt" : "/api/v1/tte/fips");
        this.f25761d = new u("TKeyAgreement", this.f25758a.a());
    }

    private boolean a(byte[] bArr, byte[] bArr2, byte[] bArr3, byte[] bArr4) throws Exception {
        Object[] objArr = {bArr, bArr2, bArr3, bArr4};
        ChangeQuickRedirect changeQuickRedirect2 = changeQuickRedirect;
        if (PatchProxy.isSupport(objArr, this, changeQuickRedirect2, 3075122398280649043L)) {
            return ((Boolean) PatchProxy.accessDispatch(objArr, this, changeQuickRedirect2, 3075122398280649043L)).booleanValue();
        }
        try {
            return this.f25759b.a(w.a(bArr, bArr2, bArr3), bArr4);
        } catch (Throwable th) {
            this.f25761d.a("verify signature failed", th);
            return false;
        }
    }

    @VisibleForTesting
    public final ScheduledExecutorService a() {
        Object[] objArr = new Object[0];
        ChangeQuickRedirect changeQuickRedirect2 = changeQuickRedirect;
        return PatchProxy.isSupport(objArr, this, changeQuickRedirect2, 4764597939239473654L) ? (ScheduledExecutorService) PatchProxy.accessDispatch(objArr, this, changeQuickRedirect2, 4764597939239473654L) : g.a();
    }

    public final JSONObject a(String str, byte[] bArr) throws IOException, JSONException {
        Object[] objArr = {str, bArr};
        ChangeQuickRedirect changeQuickRedirect2 = changeQuickRedirect;
        return PatchProxy.isSupport(objArr, this, changeQuickRedirect2, 4929966186399603811L) ? (JSONObject) PatchProxy.accessDispatch(objArr, this, changeQuickRedirect2, 4929966186399603811L) : new JSONObject(new String(a(str, Arrays.asList(new Pair("Content-Type", "application/json")), bArr)));
    }

    public final boolean a(l lVar, boolean z) {
        q cipher;
        String str;
        byte[] bytes;
        Object[] objArr = {lVar, Byte.valueOf(z ? (byte) 1 : (byte) 0)};
        ChangeQuickRedirect changeQuickRedirect2 = changeQuickRedirect;
        if (PatchProxy.isSupport(objArr, this, changeQuickRedirect2, 8358717130308667117L)) {
            return ((Boolean) PatchProxy.accessDispatch(objArr, this, changeQuickRedirect2, 8358717130308667117L)).booleanValue();
        }
        if (e.a(TTE.getContext()).a(this.f25758a.f25770b).d()) {
            this.f25761d.b("verifyKey: disable");
            return true;
        }
        v.a a2 = v.a("tte.keyVerify.result", "keyVerify");
        try {
            a2.a("algo", this.f25759b.a());
            a2.a("type", z ? "2" : "1");
            a2.a("bizCode", "-1");
            a2.a("httpCode", "-1");
            a2.a("code", "0");
            try {
                try {
                    cipher = lVar.f25814b.getCipher();
                    str = this.f25760c + "/verify";
                    bytes = "Client Hello".getBytes();
                } catch (CipherException e2) {
                    this.f25761d.b("verifyKey", e2);
                    if (e2.getCode() == -10100) {
                        a2.a("code", "1004");
                        a2.b();
                        return false;
                    }
                    a2.a("code", "1005");
                } catch (IOException e3) {
                    this.f25761d.a("verifyKey", e3);
                }
            } catch (JSONException e4) {
                a2.a("code", "1003");
                this.f25761d.a("verifyKey", e4);
            } catch (Throwable th) {
                a2.a("code", "1100");
                this.f25761d.b("verifyKey", th);
            }
            try {
                JSONObject a3 = a(str, new JSONObject().put("cipher", w.a(cipher.a(bytes, lVar.f25815c))).put("edk", w.a(lVar.f25816d)).toString().getBytes());
                a2.a("httpCode", "200");
                int i = a3.getInt("code");
                StringBuilder sb = new StringBuilder();
                sb.append(i);
                a2.a("bizCode", sb.toString());
                if (i == 200) {
                    if (!Arrays.equals(cipher.b(w.a(a3.getJSONObject("data").getString("serCipher")), lVar.f25815c), bytes)) {
                        a2.a("code", "1001");
                        this.f25761d.b("verifyKey: dec error", null);
                        a2.b();
                        return false;
                    }
                    this.f25761d.b("verifyKey: ok");
                    a2.b();
                    return true;
                }
                a2.a("code", "1");
                this.f25761d.b("verifyKey: code error, code=" + i + ", msg=" + a3.optString("msg", ""), null);
                a2.b();
                return false;
            } catch (HttpStatusException e5) {
                StringBuilder sb2 = new StringBuilder();
                sb2.append(e5.code);
                a2.a("httpCode", sb2.toString());
                a2.a("code", "2");
                throw e5;
            } catch (Exception e6) {
                a2.a("code", "2");
                throw e6;
            }
        } catch (Throwable th2) {
            a2.b();
            throw th2;
        }
    }

    @VisibleForTesting
    public final byte[] a(String str, List<Pair<String, String>> list, byte[] bArr) throws IOException {
        Object[] objArr = {str, list, bArr};
        ChangeQuickRedirect changeQuickRedirect2 = changeQuickRedirect;
        if (PatchProxy.isSupport(objArr, this, changeQuickRedirect2, -1785268147437182331L)) {
            return (byte[]) PatchProxy.accessDispatch(objArr, this, changeQuickRedirect2, -1785268147437182331L);
        }
        this.f25761d.a("post[" + str + "] => " + new String(bArr));
        HttpURLConnection httpURLConnection = (HttpURLConnection) com.meituan.metrics.traffic.hurl.b.a(new URL(str).openConnection());
        httpURLConnection.setConnectTimeout(15000);
        httpURLConnection.setReadTimeout(15000);
        httpURLConnection.setRequestMethod("POST");
        httpURLConnection.setDoOutput(true);
        if (list != null) {
            for (Pair<String, String> pair : list) {
                httpURLConnection.addRequestProperty((String) pair.first, (String) pair.second);
            }
        }
        OutputStream outputStream = null;
        try {
            outputStream = httpURLConnection.getOutputStream();
            outputStream.write(bArr);
            w.a(outputStream);
            int responseCode = httpURLConnection.getResponseCode();
            this.f25761d.b("post[" + str + "] <= " + responseCode);
            if (responseCode / 100 == 2) {
                return w.a(httpURLConnection.getInputStream());
            }
            throw new HttpStatusException(httpURLConnection.getResponseMessage(), responseCode);
        } catch (Throwable th) {
            w.a(outputStream);
            throw th;
        }
    }

    @NonNull
    public final l b() throws Exception {
        l lVar;
        Object[] objArr = new Object[0];
        ChangeQuickRedirect changeQuickRedirect2 = changeQuickRedirect;
        if (PatchProxy.isSupport(objArr, this, changeQuickRedirect2, 5767147776201769841L)) {
            return (l) PatchProxy.accessDispatch(objArr, this, changeQuickRedirect2, 5767147776201769841L);
        }
        v.a b2 = v.b();
        if (b2 == null) {
            b2 = v.f25856c;
        }
        try {
            b2.a("algo", this.f25759b.a());
            b2.a("bizCode", "-1");
            b2.a("httpCode", "-1");
            b2.a("code", "0");
            try {
                try {
                    i.a b3 = this.f25759b.b();
                    try {
                        JSONObject jSONObject = new JSONObject();
                        jSONObject.put("protVer", 1);
                        jSONObject.put("serKeyVer", 1);
                        jSONObject.put("cliKeyVer", 1);
                        jSONObject.put("cliTempPubKey", w.a(b3.a()));
                        JSONObject put = new JSONObject().put("platform", "android");
                        StringBuilder sb = new StringBuilder();
                        sb.append(w.b());
                        jSONObject.put("otherData", put.put("appId", sb.toString()).put("uuid", w.c()));
                        byte[] bytes = jSONObject.toString().getBytes();
                        try {
                            JSONObject a2 = a(this.f25760c + "/ka", bytes);
                            this.f25761d.b("resp: " + a2);
                            b2.a("httpCode", "200");
                            int optInt = a2.optInt("code");
                            b2.a("bizCode", String.valueOf(optInt));
                            if (optInt != 200) {
                                b2.a("code", "1");
                                throw new IOException("api exception, status code: " + optInt + ", msg:" + a2.optString("msg", ""));
                            }
                            try {
                                JSONObject jSONObject2 = a2.getJSONObject("data");
                                byte[] a3 = w.a(jSONObject2.getString("serTempPubKey"));
                                byte[] a4 = w.a(jSONObject2.getString("keyCipher"));
                                if (!a(bytes, a3, a4, w.a(jSONObject2.getString(DeviceInfo.SIGN)))) {
                                    b2.a("code", "1002");
                                    throw new SignatureException("invalid signature");
                                }
                                try {
                                    byte[] a5 = b3.a(a3);
                                    this.f25761d.a("tempDK: " + w.a(a5));
                                    try {
                                        Object[] objArr2 = {a4, a5};
                                        ChangeQuickRedirect changeQuickRedirect3 = changeQuickRedirect;
                                        if (PatchProxy.isSupport(objArr2, this, changeQuickRedirect3, -3973189511314846552L)) {
                                            lVar = (l) PatchProxy.accessDispatch(objArr2, this, changeQuickRedirect3, -3973189511314846552L);
                                        } else {
                                            if (a4 == null || a4.length == 0 || a5 == null) {
                                                throw new IllegalArgumentException("tempDK is null");
                                            }
                                            String[] split = new String(this.f25759b.b(a4, a5)).split("###");
                                            if (split.length != 2) {
                                                throw new InvalidKeyException("wrong key format");
                                            }
                                            byte[] a6 = w.a(split[0]);
                                            if (a6 == null || a6.length == 0) {
                                                throw new InvalidKeyException("dk is null");
                                            }
                                            byte[] a7 = w.a(split[1]);
                                            if (a7 == null || a7.length == 0) {
                                                throw new InvalidKeyException("edk is null");
                                            }
                                            l lVar2 = new l(this.f25758a.f25769a, this.f25758a.f25770b.dataCipher, a6, a7);
                                            lVar2.f25817e = System.currentTimeMillis();
                                            lVar = lVar2;
                                        }
                                        w.a(b3);
                                        return lVar;
                                    } catch (Exception e2) {
                                        b2.a("code", "1003");
                                        throw e2;
                                    }
                                } catch (Exception e3) {
                                    b2.a("code", "1001");
                                    throw e3;
                                }
                            } catch (Exception e4) {
                                b2.a("code", "1008");
                                throw e4;
                            }
                        } catch (HttpStatusException e5) {
                            b2.a("httpCode", String.valueOf(e5.code));
                            b2.a("code", "2");
                            throw e5;
                        } catch (Exception e6) {
                            b2.a("code", "2");
                            throw e6;
                        }
                    } catch (Exception e7) {
                        b2.a("code", "1009");
                        throw e7;
                    }
                } catch (Exception e8) {
                    b2.a("code", "1004");
                    throw e8;
                }
            } catch (Throwable th) {
                w.a((AutoCloseable) null);
                throw th;
            }
        } finally {
            b2.a();
        }
    }
}
