package com.weface.kankanlife.utils;

import android.content.Context;
import cn.hutool.core.util.StrUtil;
import com.tencent.mmkv.MMKV;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import net.coobird.thumbnailator.ThumbnailParameter;
import okhttp3.Call;
import okhttp3.Callback;
import okhttp3.MediaType;
import okhttp3.OkHttpClient;
import okhttp3.Request;
import okhttp3.RequestBody;
import okhttp3.Response;
import org.json.JSONObject;

/* loaded from: classes4.dex */
public class CertManager {
    private static final String CERT_URL = "http://xxx.xxx.xxx.xxx:8080/navigate/get/configTo?configName=CertSignStr";
    private static final String DEFAULT_CER_12306 = "-----BEGIN CERTIFICATE-----\n...你的兜底证书内容...\n-----END CERTIFICATE-----";
    private static final String MMKV_KEY_CERT_BYTES = "cert_pem_bytes";
    private static final String MMKV_KEY_CERT_STRING = "cert_pem";
    private static final String MMKV_KEY_CERT_TIME = "cert_time";
    private static final String MMKV_KEY_LAST_FETCH = "last_fetch_time";
    private static final long ONE_WEEK_MILLIS = 604800000;

    public static void fetchAndUpdateCertIfNeeded(Context context) {
        final MMKV defaultMMKV = MMKV.defaultMMKV();
        long decodeLong = defaultMMKV.decodeLong(MMKV_KEY_LAST_FETCH, 0L);
        final long currentTimeMillis = System.currentTimeMillis();
        if (currentTimeMillis - decodeLong < ONE_WEEK_MILLIS) {
            LogUtils.info("CertUpdate: 证书无需拉取，距离上次拉取不足一周");
        } else {
            LogUtils.info("CertUpdate: 开始拉取证书");
            new OkHttpClient().newCall(new Request.Builder().url(CERT_URL).post(RequestBody.create((MediaType) null, new byte[0])).build()).enqueue(new Callback() { // from class: com.weface.kankanlife.utils.CertManager.1
                @Override // okhttp3.Callback
                public void onFailure(Call call, IOException iOException) {
                    LogUtils.info("CertUpdate: 证书拉取失败: " + iOException.getMessage());
                }

                @Override // okhttp3.Callback
                public void onResponse(Call call, Response response) throws IOException {
                    if (!response.isSuccessful()) {
                        LogUtils.info("CertUpdate: 证书接口响应失败，code: " + response.code());
                        return;
                    }
                    try {
                        String string = response.body().string();
                        LogUtils.info("CertUpdate: 证书接口返回内容：" + string);
                        try {
                            String optString = new JSONObject(string).optString("result", null);
                            boolean z = true;
                            if (optString != null) {
                                LogUtils.info("CertUpdate: 解密前密文：" + optString);
                                String Decrypt = AES.Decrypt(optString, "abcdtnfo23255625");
                                LogUtils.info("CertUpdate: 解密后内容：" + Decrypt);
                                if (Decrypt == null || !Decrypt.trim().startsWith(StrUtil.DELIM_START)) {
                                    LogUtils.info("CertUpdate: 解密内容无效，非json格式");
                                    z = false;
                                } else {
                                    string = Decrypt;
                                }
                            } else {
                                LogUtils.info("CertUpdate: 返回内容无result字段，无需解密");
                            }
                            if (!z) {
                                LogUtils.info("CertUpdate: 证书解密失败，中断后续解析");
                                return;
                            }
                            LogUtils.info("CertUpdate: 证书拉取成功，开始解析");
                            JSONObject jSONObject = new JSONObject(string);
                            long j = jSONObject.getLong("certTime");
                            String string2 = jSONObject.getString("certPem");
                            if (string2 != null && string2.contains(ThumbnailParameter.DETERMINE_FORMAT)) {
                                string2 = string2.replace(ThumbnailParameter.DETERMINE_FORMAT, "");
                            }
                            MMKV.this.encode(CertManager.MMKV_KEY_CERT_STRING, string2);
                            MMKV.this.encode(CertManager.MMKV_KEY_CERT_BYTES, string2.getBytes(StandardCharsets.UTF_8));
                            if (MMKV.this.decodeLong(CertManager.MMKV_KEY_CERT_TIME, 0L) < j) {
                                MMKV.this.encode(CertManager.MMKV_KEY_CERT_TIME, j);
                                LogUtils.info("CertUpdate: 证书已更新并保存");
                            } else {
                                LogUtils.info("CertUpdate: 本地证书已是最新，无需更新");
                            }
                            MMKV.this.encode(CertManager.MMKV_KEY_LAST_FETCH, currentTimeMillis);
                        } catch (Exception e) {
                            LogUtils.info("CertUpdate: AES解密异常: " + e.getMessage());
                        }
                    } catch (Exception e2) {
                        LogUtils.info("CertUpdate: 证书解析或保存异常: " + e2.getMessage());
                    }
                }
            });
        }
    }

    public static String getCurrentCertContent(Context context) {
        MMKV defaultMMKV = MMKV.defaultMMKV();
        byte[] decodeBytes = defaultMMKV.decodeBytes(MMKV_KEY_CERT_BYTES);
        String str = decodeBytes == null ? null : new String(decodeBytes, StandardCharsets.UTF_8);
        if (str != null && !str.isEmpty()) {
            LogUtils.info("CertUpdate: MMKV byte[] 读取到的certPem内容\n" + str);
            return str;
        }
        String decodeString = defaultMMKV.decodeString(MMKV_KEY_CERT_STRING, null);
        if (decodeString == null || decodeString.isEmpty()) {
            LogUtils.info("CertUpdate: 走兜底证书，内容前100字：" + DEFAULT_CER_12306.substring(0, Math.min(68, 100)));
            return DEFAULT_CER_12306;
        }
        LogUtils.info("CertUpdate: MMKV字符串读取到的certPem内容\n" + decodeString);
        return decodeString;
    }
}
