package com.sankuai.meituan.tte;

import android.support.annotation.NonNull;
import android.support.annotation.VisibleForTesting;
import android.util.Pair;
import com.google.android.exoplayer2.DefaultLoadControl;
import com.meituan.android.common.unionid.oneid.util.DeviceInfo;
import com.meituan.crashreporter.crash.CrashKey;
import com.meituan.metrics.traffic.hurl.HttpURLWrapper;
import com.sankuai.meituan.tte.KeyAgreementAlg;
import com.sankuai.meituan.tte.TMonitor;
import com.sankuai.meituan.tte.TTE;
import java.io.IOException;
import java.io.OutputStream;
import java.net.HttpURLConnection;
import java.net.URL;
import java.security.InvalidKeyException;
import java.security.SignatureException;
import java.util.Arrays;
import java.util.List;
import java.util.concurrent.Callable;
import java.util.concurrent.ScheduledExecutorService;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicInteger;
import org.json.JSONException;
import org.json.JSONObject;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes5.dex */
public class TKeyAgreement {
    private static final String HOST_PROD = "https://tte.meituan.com";
    private static final String HOST_TEST = "https://tte.inf.test.sankuai.com";
    private static final String PATH_PREFIX_FIPS = "/api/v1/tte/fips";
    private static final String PATH_PREFIX_SM = "/api/v1/tte/gmt";
    private static final String TAG = "TKeyAgreement";
    private final KeyAgreementAlg mAlg;
    private final TTE.Config mConfig;
    private final String mEndpoint;
    private final TLogger mLogger;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes5.dex */
    public static class HttpStatusException extends IOException {
        public final int code;

        public HttpStatusException(String str, int i) {
            super(str);
            this.code = i;
        }
    }

    public TKeyAgreement(TTE.Config config) {
        this.mConfig = config;
        this.mAlg = config.cipherSuite == TTE.CipherSuite.SM ? KeyAgreementAlgSM2.getInstance(config.env) : KeyAgreementAlgECDH.getInstance(config.env);
        this.mEndpoint = (config.env == TTE.Env.PROD ? HOST_PROD : HOST_TEST) + (config.cipherSuite == TTE.CipherSuite.SM ? PATH_PREFIX_SM : PATH_PREFIX_FIPS);
        this.mLogger = new TLogger(TAG, this.mConfig.info());
    }

    private KeyItem decryptKey(byte[] bArr, byte[] bArr2) throws Exception {
        if (bArr == null || bArr.length == 0 || bArr2 == null) {
            throw new IllegalArgumentException("tempDK is null");
        }
        String[] split = new String(this.mAlg.decrypt(bArr, bArr2)).split("###");
        if (split.length != 2) {
            throw new InvalidKeyException("wrong key format");
        }
        byte[] base64Decode = Util.base64Decode(split[0]);
        if (base64Decode == null || base64Decode.length == 0) {
            throw new InvalidKeyException("dk is null");
        }
        byte[] base64Decode2 = Util.base64Decode(split[1]);
        if (base64Decode2 == null || base64Decode2.length == 0) {
            throw new InvalidKeyException("edk is null");
        }
        KeyItem keyItem = new KeyItem(this.mConfig.env, this.mConfig.cipherSuite.dataCipher, base64Decode, base64Decode2);
        keyItem.retrievedAt = System.currentTimeMillis();
        return keyItem;
    }

    private boolean verifySignature(byte[] bArr, byte[] bArr2, byte[] bArr3, byte[] bArr4) throws Exception {
        try {
            return this.mAlg.verifySignature(Util.concat(bArr, bArr2, bArr3), bArr4);
        } catch (Throwable th) {
            this.mLogger.w("verify signature failed", th);
            return false;
        }
    }

    @NonNull
    KeyItem doKeyAgreement() throws Exception {
        TMonitor.Transaction currentTransaction = TMonitor.currentTransaction();
        if (currentTransaction == null) {
            currentTransaction = TMonitor.NULL_TRANSACTION;
        }
        try {
            currentTransaction.putTag("algo", this.mAlg.name());
            currentTransaction.putTag("bizCode", CrashKey.KEY_ANDROID_ID);
            currentTransaction.putTag("httpCode", CrashKey.KEY_ANDROID_ID);
            currentTransaction.putTag("code", "0");
            try {
                try {
                    KeyAgreementAlg.Session newSession = this.mAlg.newSession();
                    try {
                        JSONObject jSONObject = new JSONObject();
                        jSONObject.put("protVer", 1);
                        jSONObject.put("serKeyVer", 1);
                        jSONObject.put("cliKeyVer", 1);
                        jSONObject.put("cliTempPubKey", Util.base64Encode(newSession.getPublicKey()));
                        jSONObject.put("otherData", new JSONObject().put("platform", "android").put("appId", "" + Util.appId()).put("uuid", Util.uuid()));
                        byte[] bytes = jSONObject.toString().getBytes();
                        try {
                            JSONObject postJSON = postJSON(this.mEndpoint + "/ka", bytes);
                            this.mLogger.d("resp: " + postJSON);
                            currentTransaction.putTag("httpCode", "200");
                            int optInt = postJSON.optInt("code");
                            currentTransaction.putTag("bizCode", String.valueOf(optInt));
                            if (optInt != 200) {
                                currentTransaction.putTag("code", "1");
                                throw new IOException("api exception, status code: " + optInt + ", msg:" + postJSON.optString("msg", ""));
                            }
                            try {
                                JSONObject jSONObject2 = postJSON.getJSONObject("data");
                                byte[] base64Decode = Util.base64Decode(jSONObject2.getString("serTempPubKey"));
                                byte[] base64Decode2 = Util.base64Decode(jSONObject2.getString("keyCipher"));
                                if (!verifySignature(bytes, base64Decode, base64Decode2, Util.base64Decode(jSONObject2.getString(DeviceInfo.SIGN)))) {
                                    currentTransaction.putTag("code", "1002");
                                    throw new SignatureException("invalid signature");
                                }
                                try {
                                    byte[] generateSecret = newSession.generateSecret(base64Decode);
                                    this.mLogger.v("tempDK: " + Util.base64Encode(generateSecret));
                                    try {
                                        KeyItem decryptKey = decryptKey(base64Decode2, generateSecret);
                                        Util.closeQuietly(newSession);
                                        return decryptKey;
                                    } catch (Exception e) {
                                        currentTransaction.putTag("code", "1003");
                                        throw e;
                                    }
                                } catch (Exception e2) {
                                    currentTransaction.putTag("code", "1001");
                                    throw e2;
                                }
                            } catch (Exception e3) {
                                currentTransaction.putTag("code", "1008");
                                throw e3;
                            }
                        } catch (HttpStatusException e4) {
                            currentTransaction.putTag("httpCode", String.valueOf(e4.code));
                            currentTransaction.putTag("code", "2");
                            throw e4;
                        } catch (Exception e5) {
                            currentTransaction.putTag("code", "2");
                            throw e5;
                        }
                    } catch (Exception e6) {
                        currentTransaction.putTag("code", "1009");
                        throw e6;
                    }
                } catch (Exception e7) {
                    currentTransaction.putTag("code", "1004");
                    throw e7;
                }
            } catch (Throwable th) {
                Util.closeQuietly(null);
                throw th;
            }
        } finally {
            currentTransaction.stop();
        }
    }

    @NonNull
    KeyItem doKeyAgreementWithVerify() throws Exception {
        KeyItem doKeyAgreement = doKeyAgreement();
        this.mLogger.d("result: " + doKeyAgreement);
        if (!verifyKey(doKeyAgreement)) {
            throw new InvalidKeyException("verify key failed");
        }
        doKeyAgreement.didVerify.set(true);
        return doKeyAgreement;
    }

    public void doKeyAgreementWithVerifyAsync(final ResultCallback<KeyItem> resultCallback) {
        final AtomicInteger atomicInteger = new AtomicInteger(0);
        executor().execute(new Runnable() { // from class: com.sankuai.meituan.tte.TKeyAgreement.1
            @Override // java.lang.Runnable
            public void run() {
                int andIncrement = atomicInteger.getAndIncrement();
                TMonitor.Transaction newTransaction = TMonitor.newTransaction("tte.keyAgreement.finalResult", "keyAgreement");
                TMonitor.setCurrentTransaction(newTransaction);
                try {
                    try {
                        try {
                            KeyItem doKeyAgreementWithVerify = TKeyAgreement.this.doKeyAgreementWithVerify();
                            newTransaction.complete();
                            resultCallback.onResult(doKeyAgreementWithVerify);
                        } catch (Throwable th) {
                            newTransaction.complete();
                            resultCallback.onError(th);
                        }
                    } catch (IOException e) {
                        ConfigManager configManager = ConfigManager.getInstance(TTE.getContext());
                        if (andIncrement < configManager.kaMaxRetryCount()) {
                            TKeyAgreement.this.executor().schedule(this, configManager.kaRetryIntervalMs(), TimeUnit.MILLISECONDS);
                        } else {
                            newTransaction.complete();
                            resultCallback.onError(e);
                        }
                    }
                } finally {
                    TMonitor.setCurrentTransaction(null);
                }
            }
        });
    }

    @VisibleForTesting
    protected ScheduledExecutorService executor() {
        return Executors.keyAgreement();
    }

    @VisibleForTesting
    protected byte[] post(String str, List<Pair<String, String>> list, byte[] bArr) throws IOException {
        this.mLogger.v("post[" + str + "] => " + new String(bArr));
        HttpURLConnection httpURLConnection = (HttpURLConnection) HttpURLWrapper.wrapURLConnection(new URL(str).openConnection());
        httpURLConnection.setConnectTimeout(DefaultLoadControl.DEFAULT_MIN_BUFFER_MS);
        httpURLConnection.setReadTimeout(DefaultLoadControl.DEFAULT_MIN_BUFFER_MS);
        httpURLConnection.setRequestMethod("POST");
        httpURLConnection.setDoOutput(true);
        if (list != null) {
            for (Pair<String, String> pair : list) {
                httpURLConnection.addRequestProperty((String) pair.first, (String) pair.second);
            }
        }
        OutputStream outputStream = null;
        try {
            outputStream = httpURLConnection.getOutputStream();
            outputStream.write(bArr);
            Util.closeQuietly(outputStream);
            int responseCode = httpURLConnection.getResponseCode();
            this.mLogger.d("post[" + str + "] <= " + responseCode);
            if (responseCode / 100 == 2) {
                return Util.toByteArray(httpURLConnection.getInputStream());
            }
            throw new HttpStatusException(httpURLConnection.getResponseMessage(), responseCode);
        } catch (Throwable th) {
            Util.closeQuietly(outputStream);
            throw th;
        }
    }

    protected JSONObject postJSON(String str, byte[] bArr) throws IOException, JSONException {
        return new JSONObject(new String(post(str, Arrays.asList(new Pair("Content-Type", "application/json")), bArr)));
    }

    boolean verifyKey(KeyItem keyItem) {
        return verifyKey(keyItem, true);
    }

    boolean verifyKey(KeyItem keyItem, boolean z) {
        TCipher cipher;
        String str;
        byte[] bytes;
        if (ConfigManager.getInstance(TTE.getContext()).cipherConfig(this.mConfig.cipherSuite).disableKeyVerification()) {
            this.mLogger.d("verifyKey: disable");
            return true;
        }
        TMonitor.Transaction newTransaction = TMonitor.newTransaction("tte.keyVerify.result", "keyVerify");
        try {
            newTransaction.putTag("algo", this.mAlg.name());
            newTransaction.putTag("type", z ? "2" : "1");
            newTransaction.putTag("bizCode", CrashKey.KEY_ANDROID_ID);
            newTransaction.putTag("httpCode", CrashKey.KEY_ANDROID_ID);
            newTransaction.putTag("code", "0");
            try {
                try {
                    cipher = keyItem.dataCipher.getCipher();
                    str = this.mEndpoint + "/verify";
                    bytes = "Client Hello".getBytes();
                } catch (CipherException e) {
                    this.mLogger.e("verifyKey", e);
                    if (e.getCode() == -10100) {
                        newTransaction.putTag("code", "1004");
                        newTransaction.complete();
                        return false;
                    }
                    newTransaction.putTag("code", "1005");
                } catch (JSONException e2) {
                    newTransaction.putTag("code", "1003");
                    this.mLogger.w("verifyKey", e2);
                }
            } catch (IOException e3) {
                this.mLogger.w("verifyKey", e3);
            } catch (Throwable th) {
                newTransaction.putTag("code", "1100");
                this.mLogger.e("verifyKey", th);
            }
            try {
                JSONObject postJSON = postJSON(str, new JSONObject().put("cipher", Util.base64Encode(cipher.encrypt(bytes, keyItem.dk))).put("edk", Util.base64Encode(keyItem.edk)).toString().getBytes());
                newTransaction.putTag("httpCode", "200");
                int i = postJSON.getInt("code");
                newTransaction.putTag("bizCode", "" + i);
                if (i == 200) {
                    if (!Arrays.equals(cipher.decrypt(Util.base64Decode(postJSON.getJSONObject("data").getString("serCipher")), keyItem.dk), bytes)) {
                        newTransaction.putTag("code", "1001");
                        this.mLogger.e("verifyKey: dec error", null);
                        newTransaction.complete();
                        return false;
                    }
                    this.mLogger.d("verifyKey: ok");
                    newTransaction.complete();
                    return true;
                }
                newTransaction.putTag("code", "1");
                this.mLogger.e("verifyKey: code error, code=" + i + ", msg=" + postJSON.optString("msg", ""), null);
                newTransaction.complete();
                return false;
            } catch (HttpStatusException e4) {
                newTransaction.putTag("httpCode", "" + e4.code);
                newTransaction.putTag("code", "2");
                throw e4;
            } catch (Exception e5) {
                newTransaction.putTag("code", "2");
                throw e5;
            }
        } catch (Throwable th2) {
            newTransaction.complete();
            throw th2;
        }
    }

    public void verifyKeyAsync(final KeyItem keyItem, ResultCallback<Boolean> resultCallback) {
        Executors.doAsync(new Callable<Boolean>() { // from class: com.sankuai.meituan.tte.TKeyAgreement.2
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.util.concurrent.Callable
            public Boolean call() throws Exception {
                return Boolean.valueOf(TKeyAgreement.this.verifyKey(keyItem, false));
            }
        }, executor(), resultCallback);
    }
}
