package com.tencent.taes.okhttp.cacert;

import android.content.SharedPreferences;
import android.os.Handler;
import android.os.HandlerThread;
import android.text.TextUtils;
import androidx.annotation.NonNull;
import com.tencent.taes.okhttp.interceptors.DomainSwitchInterceptor;
import com.tencent.taes.okhttp.interceptors.RetryInterceptor;
import com.tencent.taes.okhttp.log.LogUtils;
import com.tencent.taes.okhttp.utils.ContextHolder;
import com.tencent.taes.okhttp.utils.FileUtils;
import com.tencent.taes.util.ShellUtils;
import java.io.BufferedReader;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.net.HttpURLConnection;
import java.net.URL;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Iterator;
import java.util.concurrent.TimeUnit;
import java.util.zip.ZipEntry;
import java.util.zip.ZipInputStream;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import okhttp3.OkHttpClient;
import okhttp3.Request;
import okhttp3.Response;
import org.eclipse.paho.client.mqttv3.internal.security.SSLSocketFactoryFactory;
import org.json.JSONObject;

/* compiled from: Proguard */
/* loaded from: classes2.dex */
public class CAUpdateManager {
    public static final String CA_URL = "https://gw.tai.qq.com/cacerts?local_version=%s&time=%s";
    public static final long CHECK_CA_INTERVAL = 10800000;
    public static final String KEY_SHA1 = "sha1";
    public static final String KEY_SIGN = "sign";
    public static final String KEY_SIZE = "size";
    public static final String KEY_URL = "url";
    public static final String KEY_VERSION = "version";
    public static final String TAG = "CAUpdateHelper";
    public static SharedPreferences mSP;
    public String mCARootPath;
    public DomainSwitchInterceptor mDomainSwitchInterceptor;
    public boolean mEnableSystemCa;
    public Handler mHandler;
    public boolean mLoadedSdcardPem;
    public OkHttpClient mOkHttpClient;
    public Runnable mRequestCA;
    public int mRetryCount;
    public TrustManager[] mTrustManagers;

    /* compiled from: Proguard */
    /* loaded from: classes2.dex */
    public static class LazyHolder {
        public static final CAUpdateManager instance = new CAUpdateManager();
    }

    public CAUpdateManager() {
        this.mEnableSystemCa = false;
        this.mDomainSwitchInterceptor = new DomainSwitchInterceptor();
        this.mRequestCA = new Runnable() { // from class: com.tencent.taes.okhttp.cacert.CAUpdateManager.1
            @Override // java.lang.Runnable
            public void run() {
                LogUtils.d(CAUpdateManager.TAG, "RequestCA request start !");
                try {
                    String caCertUrl = CAUpdateManager.this.getCaCertUrl();
                    LogUtils.d(CAUpdateManager.TAG, "RequestCA request start certUrl:" + caCertUrl);
                    Response execute = CAUpdateManager.this.mOkHttpClient.newCall(new Request.Builder().get().url(caCertUrl).build()).execute();
                    if (execute.isSuccessful()) {
                        String string = execute.body().string();
                        LogUtils.d(CAUpdateManager.TAG, "RequestCA response:" + string);
                        JSONObject jSONObject = new JSONObject(string);
                        if (jSONObject.has(CAUpdateManager.KEY_VERSION) && jSONObject.has("url")) {
                            String optString = jSONObject.optString(CAUpdateManager.KEY_VERSION);
                            String optString2 = jSONObject.optString("url");
                            if (!optString.equals(CAUpdateManager.this.getCACertVersion()) && CAUpdateManager.this.downloadAndUnzip(optString2, optString)) {
                                CAUpdateManager.mSP.edit().putString(CAUpdateManager.KEY_VERSION, optString).apply();
                                CAUpdateManager.mSP.edit().putString("url", optString2).apply();
                                CAUpdateManager.mSP.edit().putInt(CAUpdateManager.KEY_SIZE, jSONObject.optInt(CAUpdateManager.KEY_SIZE)).apply();
                                CAUpdateManager.mSP.edit().putString(CAUpdateManager.KEY_SHA1, jSONObject.optString(CAUpdateManager.KEY_SHA1)).apply();
                                CAUpdateManager.mSP.edit().putString(CAUpdateManager.KEY_SIGN, jSONObject.optString(CAUpdateManager.KEY_SIGN)).apply();
                            }
                            CAUpdateManager.this.mHandler.removeCallbacks(this);
                            CAUpdateManager.this.mHandler.postDelayed(this, CAUpdateManager.CHECK_CA_INTERVAL);
                            return;
                        }
                        return;
                    }
                } catch (Exception e2) {
                    LogUtils.e(CAUpdateManager.TAG, "Request Fail :" + e2);
                }
                CAUpdateManager.this.retryRequestCA();
            }
        };
        this.mRetryCount = 0;
        init();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public boolean downloadAndUnzip(String str, String str2) {
        try {
            String cACertVersion = getCACertVersion();
            if (TextUtils.isEmpty(str2) || str2.equals(cACertVersion)) {
                return false;
            }
            boolean downloadFile = downloadFile(str, this.mCARootPath, "cacerts.zip");
            LogUtils.d(TAG, "CA download:" + downloadFile);
            if (!downloadFile) {
                return false;
            }
            File file = new File(this.mCARootPath, "cacerts.zip");
            boolean unZip = unZip(new FileInputStream(file), this.mCARootPath + File.separator);
            LogUtils.d(TAG, "CA unzip:" + unZip);
            if (!unZip) {
                return false;
            }
            file.delete();
            removeUnUseStrPem(new File(this.mCARootPath, "cacerts.pem"));
            return true;
        } catch (Exception e2) {
            e2.printStackTrace();
            return false;
        }
    }

    private boolean downloadFile(String str, String str2, String str3) {
        try {
            File file = new File(str2);
            FileUtils.delete(file);
            if (!file.exists()) {
                file.mkdirs();
            }
            HttpURLConnection httpURLConnection = (HttpURLConnection) new URL(str).openConnection();
            httpURLConnection.connect();
            InputStream inputStream = httpURLConnection.getInputStream();
            int contentLength = httpURLConnection.getContentLength();
            File file2 = new File(str2, str3);
            if (file2.exists()) {
                file2.delete();
            }
            FileOutputStream fileOutputStream = new FileOutputStream(file2);
            byte[] bArr = new byte[1024];
            int i = 0;
            while (true) {
                int read = inputStream.read(bArr);
                i += read;
                LogUtils.d(TAG, "download progress :" + ((int) ((i / contentLength) * 100.0f)));
                if (read < 0) {
                    fileOutputStream.flush();
                    fileOutputStream.close();
                    inputStream.close();
                    return true;
                }
                fileOutputStream.write(bArr, 0, read);
            }
        } catch (Exception e2) {
            e2.printStackTrace();
            return false;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public String getCACertVersion() {
        return mSP.getString(KEY_VERSION, "");
    }

    /* JADX INFO: Access modifiers changed from: private */
    public String getCaCertUrl() {
        return String.format(CA_URL, getCACertVersion(), Long.valueOf(System.currentTimeMillis()));
    }

    public static synchronized CAUpdateManager getInstance() {
        CAUpdateManager cAUpdateManager;
        synchronized (CAUpdateManager.class) {
            cAUpdateManager = LazyHolder.instance;
        }
        return cAUpdateManager;
    }

    private TrustManager[] getTrustManagers() {
        if (this.mTrustManagers == null || !this.mLoadedSdcardPem) {
            this.mTrustManagers = new TrustManager[]{new X509TrustManager() { // from class: com.tencent.taes.okhttp.cacert.CAUpdateManager.2
                public X509TrustManager systemManager;
                public X509TrustManager wecarManager;

                {
                    this.systemManager = CAUpdateManager.this.systemDefaultTrustManager();
                    this.wecarManager = CAUpdateManager.this.getWecarTrustManager();
                }

                private CertificateException checkClientTrusted(X509TrustManager x509TrustManager, X509Certificate[] x509CertificateArr, String str) {
                    if (x509TrustManager == null) {
                        return null;
                    }
                    try {
                        x509TrustManager.checkClientTrusted(x509CertificateArr, str);
                        return null;
                    } catch (CertificateException e2) {
                        return e2;
                    }
                }

                private CertificateException checkServerTrusted(X509TrustManager x509TrustManager, X509Certificate[] x509CertificateArr, String str) {
                    if (x509TrustManager == null) {
                        return null;
                    }
                    try {
                        x509TrustManager.checkServerTrusted(x509CertificateArr, str);
                        return null;
                    } catch (CertificateException e2) {
                        return e2;
                    }
                }

                private boolean useSystemManager() {
                    return (CAUpdateManager.this.mEnableSystemCa || this.wecarManager == null) && this.systemManager != null;
                }

                @Override // javax.net.ssl.X509TrustManager
                public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
                    CertificateException certificateException;
                    X509TrustManager x509TrustManager = this.wecarManager;
                    CertificateException certificateException2 = null;
                    if (x509TrustManager != null) {
                        certificateException = checkClientTrusted(x509TrustManager, x509CertificateArr, str);
                        if (certificateException == null) {
                            return;
                        }
                    } else {
                        certificateException = null;
                    }
                    if (useSystemManager() && (certificateException2 = checkClientTrusted(this.systemManager, x509CertificateArr, str)) == null) {
                        return;
                    }
                    if (certificateException2 != null) {
                        throw certificateException2;
                    }
                    if (certificateException != null) {
                        throw certificateException;
                    }
                }

                @Override // javax.net.ssl.X509TrustManager
                public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
                    CertificateException certificateException;
                    X509TrustManager x509TrustManager = this.wecarManager;
                    CertificateException certificateException2 = null;
                    if (x509TrustManager != null) {
                        certificateException = checkServerTrusted(x509TrustManager, x509CertificateArr, str);
                        if (certificateException == null) {
                            return;
                        }
                    } else {
                        certificateException = null;
                    }
                    if (useSystemManager() && (certificateException2 = checkServerTrusted(this.systemManager, x509CertificateArr, str)) == null) {
                        return;
                    }
                    if (certificateException2 != null) {
                        throw certificateException2;
                    }
                    if (certificateException != null) {
                        throw certificateException;
                    }
                }

                @Override // javax.net.ssl.X509TrustManager
                public X509Certificate[] getAcceptedIssuers() {
                    ArrayList arrayList = new ArrayList();
                    if (useSystemManager()) {
                        arrayList.addAll(Arrays.asList(this.systemManager.getAcceptedIssuers()));
                    }
                    X509TrustManager x509TrustManager = this.wecarManager;
                    if (x509TrustManager != null) {
                        arrayList.addAll(Arrays.asList(x509TrustManager.getAcceptedIssuers()));
                    }
                    return (X509Certificate[]) arrayList.toArray(new X509Certificate[arrayList.size()]);
                }
            }};
        }
        return this.mTrustManagers;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public X509TrustManager getWecarTrustManager() {
        File file = new File(this.mCARootPath, "tmp_cacerts.pem");
        if (file.exists()) {
            try {
                FileInputStream fileInputStream = new FileInputStream(file);
                Collection<? extends Certificate> generateCertificates = CertificateFactory.getInstance("X.509").generateCertificates(fileInputStream);
                fileInputStream.close();
                if (generateCertificates != null && generateCertificates.size() != 0) {
                    KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
                    keyStore.load(null, null);
                    LogUtils.d(TAG, "getTrustManager mCertificates:" + generateCertificates.size());
                    Iterator<? extends Certificate> it = generateCertificates.iterator();
                    int i = 0;
                    while (it.hasNext()) {
                        keyStore.setCertificateEntry("ca" + i, it.next());
                        i++;
                    }
                    TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                    trustManagerFactory.init(keyStore);
                    TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
                    if (trustManagers.length == 1 && (trustManagers[0] instanceof X509TrustManager)) {
                        this.mLoadedSdcardPem = true;
                        LogUtils.d(TAG, "getTrustManager from pem");
                        return (X509TrustManager) trustManagers[0];
                    }
                    throw new IllegalStateException("Unexpected default trust managers:" + Arrays.toString(trustManagers));
                }
                return null;
            } catch (Exception e2) {
                e2.printStackTrace();
            }
        }
        return null;
    }

    private void init() {
        mSP = ContextHolder.getContext().getSharedPreferences("cacerts_sp", 4);
        File file = new File(ContextHolder.getContext().getCacheDir().getAbsolutePath(), "certs");
        if (!file.exists()) {
            file.mkdir();
        }
        this.mCARootPath = file.getAbsolutePath();
        OkHttpClient.Builder builder = new OkHttpClient.Builder();
        TimeUnit timeUnit = TimeUnit.SECONDS;
        builder.connectTimeout(8L, timeUnit).readTimeout(10L, timeUnit).writeTimeout(10L, timeUnit).addInterceptor(new RetryInterceptor(3)).addInterceptor(this.mDomainSwitchInterceptor);
        this.mOkHttpClient = builder.build();
        HandlerThread handlerThread = new HandlerThread("CA_Update_Thread");
        handlerThread.start();
        Handler handler = new Handler(handlerThread.getLooper());
        this.mHandler = handler;
        handler.removeCallbacks(this.mRequestCA);
        this.mHandler.post(this.mRequestCA);
    }

    private File removeUnUseStrPem(File file) {
        try {
            BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(new FileInputStream(file)));
            StringBuffer stringBuffer = new StringBuffer();
            boolean z = false;
            while (true) {
                String readLine = bufferedReader.readLine();
                if (readLine == null) {
                    File file2 = new File(this.mCARootPath, "tmp_cacerts.pem");
                    FileUtils.createFileAndWriteFileData(file2.getAbsolutePath(), stringBuffer.toString());
                    return file2;
                }
                if (readLine.equals("-----BEGIN CERTIFICATE-----")) {
                    z = true;
                } else if (readLine.equals("-----END CERTIFICATE-----")) {
                    stringBuffer.append(readLine);
                    z = false;
                    stringBuffer.append(ShellUtils.COMMAND_LINE_END);
                } else if (z) {
                }
                stringBuffer.append(readLine);
                stringBuffer.append(ShellUtils.COMMAND_LINE_END);
            }
        } catch (Exception e2) {
            e2.printStackTrace();
            return file;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void retryRequestCA() {
        LogUtils.d(TAG, "retryRequestCA :" + this.mRetryCount);
        int i = this.mRetryCount + 1;
        this.mRetryCount = i;
        long min = Math.min(((long) Math.pow(2.0d, (double) Math.min(i, 10))) * 1000, CHECK_CA_INTERVAL);
        this.mHandler.removeCallbacks(this.mRequestCA);
        this.mHandler.postDelayed(this.mRequestCA, min);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public X509TrustManager systemDefaultTrustManager() {
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init((KeyStore) null);
            TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
            if (trustManagers.length == 1 && (trustManagers[0] instanceof X509TrustManager)) {
                return (X509TrustManager) trustManagers[0];
            }
            throw new IllegalStateException("Unexpected default trust managers:" + Arrays.toString(trustManagers));
        } catch (GeneralSecurityException unused) {
            throw new AssertionError();
        }
    }

    private boolean unZip(@NonNull InputStream inputStream, String str) {
        LogUtils.d(TAG, "unzip begin...");
        boolean z = false;
        try {
            File file = new File(str);
            if (!file.isDirectory() && !file.mkdirs()) {
                LogUtils.e(TAG, "mkdirs failed:" + file.getAbsolutePath());
            }
            ZipInputStream zipInputStream = new ZipInputStream(inputStream);
            while (true) {
                try {
                    ZipEntry nextEntry = zipInputStream.getNextEntry();
                    if (nextEntry == null) {
                        break;
                    }
                    if (!nextEntry.getName().startsWith("__MACOSX")) {
                        String str2 = str + nextEntry.getName();
                        if (nextEntry.isDirectory()) {
                            File file2 = new File(str2);
                            if (!file2.isDirectory() && !file2.mkdirs()) {
                                LogUtils.e(TAG, "mkdirs failed:" + file2.getAbsolutePath());
                            }
                        } else {
                            String parent = new File(str2).getParent();
                            if (!TextUtils.isEmpty(parent)) {
                                File file3 = new File(parent);
                                if (!file3.isDirectory() && !file3.mkdirs()) {
                                    LogUtils.e(TAG, "mkdirs failed:" + file3.getAbsolutePath());
                                }
                            }
                            FileOutputStream fileOutputStream = new FileOutputStream(str2, false);
                            try {
                                byte[] bArr = new byte[512];
                                while (true) {
                                    int read = zipInputStream.read(bArr);
                                    if (read == -1) {
                                        break;
                                    }
                                    fileOutputStream.write(bArr, 0, read);
                                }
                                zipInputStream.closeEntry();
                                fileOutputStream.close();
                            } finally {
                            }
                        }
                    }
                } catch (Throwable th) {
                    zipInputStream.close();
                    inputStream.close();
                    throw th;
                }
            }
            zipInputStream.close();
            inputStream.close();
            z = true;
        } catch (Throwable th2) {
            LogUtils.e(TAG, th2.getMessage());
        }
        if (z) {
            LogUtils.d(TAG, "unzip with 0 error");
        }
        return z;
    }

    public SSLSocketFactory getSSLSocketFactory() {
        try {
            SSLContext sSLContext = SSLContext.getInstance(SSLSocketFactoryFactory.DEFAULT_PROTOCOL);
            sSLContext.init(null, getTrustManagers(), new SecureRandom());
            return sSLContext.getSocketFactory();
        } catch (Exception e2) {
            throw new RuntimeException(e2);
        }
    }

    public X509TrustManager getTrustManager() {
        X509TrustManager wecarTrustManager = getWecarTrustManager();
        if (wecarTrustManager == null) {
            wecarTrustManager = systemDefaultTrustManager();
        }
        LogUtils.d(TAG, "getTrustManager：" + wecarTrustManager);
        return wecarTrustManager;
    }

    public boolean isEnableSystemCa() {
        return this.mEnableSystemCa;
    }

    public void setEnableSystemCa(boolean z) {
        this.mEnableSystemCa = z;
    }

    public void switchDomainUrl(String str) {
        this.mDomainSwitchInterceptor.switchDomainUrl(str);
    }
}
