package com.weface.kksocialsecurity.utils;

import android.content.Context;
import cn.hutool.core.util.StrUtil;
import com.tencent.mmkv.MMKV;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import okhttp3.Call;
import okhttp3.Callback;
import okhttp3.MediaType;
import okhttp3.OkHttpClient;
import okhttp3.Request;
import okhttp3.RequestBody;
import okhttp3.Response;
import org.json.JSONObject;

/* loaded from: classes.dex */
public class CertManager {
    private static final String CERT_URL = "https://web.kanface.com:444/navigate/get/configTo?configName=CertSignStr";
    private static final long ONE_MONTH_MILLIS = 2592000000L;
    private static final long ONE_WEEK_MILLIS = 604800000;
    private static volatile boolean isNoCertMode = false;

    public static void fetchAndUpdateCertIfNeeded(Context context) {
        final MMKV defaultMMKV = MMKV.defaultMMKV();
        long decodeLong = defaultMMKV.decodeLong("last_fetch_time", 0L);
        final long currentTimeMillis = System.currentTimeMillis();
        if (currentTimeMillis - decodeLong < ONE_WEEK_MILLIS) {
            LogUtils.info("CertUpdate: 证书无需拉取，距离上次拉取不足一周");
        } else {
            LogUtils.info("CertUpdate: 开始拉取证书");
            new OkHttpClient().newCall(new Request.Builder().url(CERT_URL).post(RequestBody.create((MediaType) null, new byte[0])).build()).enqueue(new Callback() { // from class: com.weface.kksocialsecurity.utils.CertManager.1
                @Override // okhttp3.Callback
                public void onFailure(Call call, IOException iOException) {
                    LogUtils.info("CertUpdate: 证书拉取失败: " + iOException.getMessage());
                    MMKV.this.encode("last_fetch_time", currentTimeMillis);
                }

                @Override // okhttp3.Callback
                public void onResponse(Call call, Response response) throws IOException {
                    if (!response.isSuccessful()) {
                        LogUtils.info("CertUpdate: 证书接口响应失败，code: " + response.code());
                        MMKV.this.encode("last_fetch_time", currentTimeMillis);
                        return;
                    }
                    try {
                        String string = response.body().string();
                        LogUtils.info("CertUpdate: 证书接口返回内容：" + string);
                        boolean z = false;
                        try {
                            String optString = new JSONObject(string).optString("result", null);
                            if (optString != null) {
                                LogUtils.info("CertUpdate: 解密前密文：" + optString);
                                String Decrypt = AES.Decrypt(optString, Constans.AES_key);
                                LogUtils.info("CertUpdate: 解密后内容：" + Decrypt);
                                if (Decrypt == null || !Decrypt.trim().startsWith(StrUtil.DELIM_START)) {
                                    LogUtils.info("CertUpdate: 解密内容无效，非json格式");
                                } else {
                                    string = Decrypt;
                                    z = true;
                                }
                            } else {
                                LogUtils.info("CertUpdate: 返回内容无result字段，无需解密");
                                z = true;
                            }
                        } catch (Exception e) {
                            LogUtils.info("CertUpdate: AES解密异常: " + e.getMessage());
                        }
                        if (!z) {
                            LogUtils.info("CertUpdate: 证书解密失败，优先用本地证书");
                            MMKV.this.encode("last_fetch_time", currentTimeMillis);
                            return;
                        }
                        LogUtils.info("CertUpdate: 证书拉取成功，开始解析");
                        JSONObject jSONObject = new JSONObject(string);
                        LogUtils.info("CertUpdate: 解密后完整JSON内容:\n" + string);
                        long j = jSONObject.getLong("certTime");
                        String string2 = jSONObject.getString("certPem");
                        LogUtils.info("CertUpdate: 保存前certPem内容:\n" + string2);
                        StringBuilder sb = new StringBuilder();
                        sb.append("CertUpdate: 保存前certPem长度: ");
                        sb.append(string2 == null ? "null" : Integer.valueOf(string2.length()));
                        LogUtils.info(sb.toString());
                        if (string2 != null && string2.contains("\u0000")) {
                            LogUtils.info("CertUpdate: certPem中包含null字符，已清理！");
                            string2 = string2.replace("\u0000", "");
                        }
                        if (CertManager.isCertValid(string2)) {
                            MMKV.this.encode("server_cert", string2);
                            MMKV.this.encode("cert_time", j);
                            LogUtils.info("CertUpdate: 证书已更新并保存，清空 Retrofit 单例");
                            RetrofitManager.clearRetrofitInstance();
                        } else {
                            LogUtils.info("CertUpdate: 接口证书内容无效，优先用本地证书");
                        }
                        MMKV.this.encode("last_fetch_time", currentTimeMillis);
                    } catch (Exception e2) {
                        LogUtils.info("CertUpdate: 证书解析或保存异常: " + e2.getMessage());
                        MMKV.this.encode("last_fetch_time", currentTimeMillis);
                    }
                }
            });
        }
    }

    public static String getCurrentCert() {
        MMKV defaultMMKV = MMKV.defaultMMKV();
        String decodeString = defaultMMKV.decodeString("server_cert", null);
        if (decodeString != null && isCertValid(decodeString)) {
            return decodeString;
        }
        String decodeString2 = defaultMMKV.decodeString("cert_pem", null);
        if (decodeString2 == null || !isCertValid(decodeString2)) {
            return null;
        }
        return decodeString2;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static boolean isCertValid(String str) {
        try {
            return ((X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(str.getBytes(StandardCharsets.UTF_8)))) != null;
        } catch (Exception unused) {
            return false;
        }
    }

    public static boolean isNoCertMode() {
        return isNoCertMode;
    }

    public static void useNoCert() {
        isNoCertMode = true;
        LogUtils.info("CertUpdate: 已切换为无证书模式，后续请求将不加载证书");
    }
}
