package com.thingclips.smart.android.network.http.pin;

import com.alibaba.fastjson.JSONObject;
import com.thingclips.sdk.core.PluginManager;
import com.thingclips.smart.android.common.utils.Base64;
import com.thingclips.smart.android.common.utils.L;
import com.thingclips.smart.android.network.ThingSmartNetWork;
import com.thingclips.smart.android.network.http.BusinessResponse;
import com.thingclips.smart.android.network.http.dns.ThingOKHttpDNS;
import com.thingclips.smart.android.network.http.dns.stat.DnsStatConstant;
import com.thingclips.smart.android.network.manager.ThingNetworkSecurityManager;
import com.thingclips.smart.android.network.quic.IThingQuicPlugin;
import com.thingclips.smart.android.network.quic.QuicUtil;
import com.thingclips.smart.android.network.request.ThingSmartNetWorkExecutorManager;
import com.thingclips.smart.android.network.util.AESCTRUtil;
import com.thingclips.smart.android.network.util.ECDHEngine;
import com.thingclips.smart.interior.log.IThingLogPlugin;
import com.thingclips.smart.sdk.api.ITemporaryCallBack;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import kotlin.collections.a;
import okhttp3.CertificatePinner;
import okhttp3.HttpUrl;

/* loaded from: classes5.dex */
public class CertPinRefresher {
    private static final String DNS_V2_ERROR_LOG = "thing_ro12emzon5k2iksfbyj2aofdyysftb3m";
    private static final String H2_DNS_ERROR_CODE = "ThingNotificationNameCerCheckFailed";
    private static final short MAX_REQUEST_TIMES = 3;
    private static final String TAG = "CertPinRefresher";
    private static volatile CertPinRefresher instance = null;
    private static volatile boolean refreshedCerts = false;
    private static volatile short requestCertsCount;

    /* loaded from: classes5.dex */
    public interface IResultCallback {
        void onError(String str);

        void onSuccess();
    }

    private String decryptData(ECDHEngine.KeyEntity keyEntity, JSONObject jSONObject) {
        String string = jSONObject.getString("pubKey");
        return AESCTRUtil.decrypt(Base64.decodeBase64(ECDHEngine.hmacSha256(ECDHEngine.ecdhKey(keyEntity.ecdhPrivateKey, string), Base64.decodeBase64(string.getBytes()), true).getBytes()), jSONObject.getString("data"));
    }

    public static CertPinRefresher getInstance() {
        if (instance == null) {
            synchronized (CertPinRefresher.class) {
                if (instance == null) {
                    instance = new CertPinRefresher();
                }
            }
        }
        return instance;
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* JADX WARN: Removed duplicated region for block: B:30:0x00e5 A[Catch: all -> 0x010e, TryCatch #0 {all -> 0x010e, blocks: (B:3:0x0007, B:5:0x003c, B:6:0x0041, B:8:0x0064, B:10:0x008e, B:12:0x0098, B:14:0x00a4, B:16:0x00aa, B:18:0x00b2, B:20:0x00b8, B:22:0x00c1, B:28:0x00c8, B:30:0x00e5, B:31:0x00e8, B:34:0x0108), top: B:2:0x0007 }] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public void requestCerts(com.thingclips.smart.android.network.http.pin.CertPinRefresher.IResultCallback r8) {
        /*
            Method dump skipped, instructions count: 287
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.thingclips.smart.android.network.http.pin.CertPinRefresher.requestCerts(com.thingclips.smart.android.network.http.pin.CertPinRefresher$IResultCallback):void");
    }

    /* JADX WARN: Removed duplicated region for block: B:30:0x00e5 A[Catch: all -> 0x00f4, TryCatch #0 {all -> 0x00f4, blocks: (B:3:0x0007, B:5:0x003c, B:6:0x0041, B:8:0x0062, B:10:0x008e, B:12:0x0098, B:14:0x00a4, B:16:0x00aa, B:18:0x00b2, B:20:0x00b8, B:22:0x00c1, B:28:0x00c8, B:30:0x00e5, B:31:0x00e8, B:35:0x00ee), top: B:2:0x0007 }] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private void requestCertsDns2(com.thingclips.smart.android.network.http.pin.CertPinRefresher.IResultCallback r7) {
        /*
            r6 = this;
            java.lang.String r0 = "CertPinRefresher"
            java.lang.String r1 = "requestCertsDns2"
            com.thingclips.smart.android.common.utils.L.d(r0, r1)
            java.lang.String r1 = "secp256r1"
            com.thingclips.smart.android.network.util.ECDHEngine$KeyEntity r1 = com.thingclips.smart.android.network.util.ECDHEngine.generateKeyPair(r1)     // Catch: java.lang.Throwable -> Lf4
            com.alibaba.fastjson.JSONObject r2 = new com.alibaba.fastjson.JSONObject     // Catch: java.lang.Throwable -> Lf4
            r2.<init>()     // Catch: java.lang.Throwable -> Lf4
            java.lang.String r3 = "os"
            java.lang.String r4 = "android"
            r2.put(r3, r4)     // Catch: java.lang.Throwable -> Lf4
            java.lang.String r3 = "sdkVersion"
            java.lang.String r4 = com.thingclips.smart.android.network.ThingSmartNetWork.mSdkVersion     // Catch: java.lang.Throwable -> Lf4
            r2.put(r3, r4)     // Catch: java.lang.Throwable -> Lf4
            java.lang.String r3 = "isSdk"
            boolean r4 = com.thingclips.smart.android.network.ThingSmartNetWork.mSdk     // Catch: java.lang.Throwable -> Lf4
            java.lang.Boolean r4 = java.lang.Boolean.valueOf(r4)     // Catch: java.lang.Throwable -> Lf4
            r2.put(r3, r4)     // Catch: java.lang.Throwable -> Lf4
            java.lang.String r3 = "pubKey"
            java.lang.String r4 = r1.ecdhPublicKey     // Catch: java.lang.Throwable -> Lf4
            r2.put(r3, r4)     // Catch: java.lang.Throwable -> Lf4
            java.util.Set r3 = com.thingclips.smart.android.network.ThingSmartNetWork.getAllPinningUrls()     // Catch: java.lang.Throwable -> Lf4
            boolean r4 = r3.isEmpty()     // Catch: java.lang.Throwable -> Lf4
            if (r4 != 0) goto L41
            java.lang.String r4 = "hosts"
            r2.put(r4, r3)     // Catch: java.lang.Throwable -> Lf4
        L41:
            okhttp3.Request$Builder r3 = new okhttp3.Request$Builder     // Catch: java.lang.Throwable -> Lf4
            r3.<init>()     // Catch: java.lang.Throwable -> Lf4
            java.lang.String r4 = "application/json; charset=utf-8"
            okhttp3.MediaType r4 = okhttp3.MediaType.parse(r4)     // Catch: java.lang.Throwable -> Lf4
            java.lang.String r2 = r2.toJSONString()     // Catch: java.lang.Throwable -> Lf4
            okhttp3.RequestBody r2 = okhttp3.RequestBody.create(r4, r2)     // Catch: java.lang.Throwable -> Lf4
            okhttp3.Request$Builder r2 = r3.post(r2)     // Catch: java.lang.Throwable -> Lf4
            java.lang.String r3 = com.thingclips.smart.android.network.ThingSmartNetWork.getDNS2QueryHost()     // Catch: java.lang.Throwable -> Lf4
            boolean r4 = android.text.TextUtils.isEmpty(r3)     // Catch: java.lang.Throwable -> Lf4
            if (r4 != 0) goto Lec
            java.lang.StringBuilder r4 = new java.lang.StringBuilder     // Catch: java.lang.Throwable -> Lf4
            r4.<init>()     // Catch: java.lang.Throwable -> Lf4
            r4.append(r3)     // Catch: java.lang.Throwable -> Lf4
            java.lang.String r5 = "/v2/certs_query"
            r4.append(r5)     // Catch: java.lang.Throwable -> Lf4
            java.lang.String r4 = r4.toString()     // Catch: java.lang.Throwable -> Lf4
            r2.url(r4)     // Catch: java.lang.Throwable -> Lf4
            okhttp3.Request r2 = r2.build()     // Catch: java.lang.Throwable -> Lf4
            okhttp3.OkHttpClient r4 = com.thingclips.smart.android.network.ThingSmartNetWork.newH2OkHttpClient(r3)     // Catch: java.lang.Throwable -> Lf4
            okhttp3.Call r2 = r4.newCall(r2)     // Catch: java.lang.Throwable -> Lf4
            okhttp3.Response r2 = r2.execute()     // Catch: java.lang.Throwable -> Lf4
            java.lang.String r4 = "h2 dns server error"
            okhttp3.ResponseBody r2 = r2.body()     // Catch: java.lang.Throwable -> Lf4
            if (r2 == 0) goto Le0
            java.lang.String r2 = r2.string()     // Catch: java.lang.Throwable -> Lf4
            boolean r5 = android.text.TextUtils.isEmpty(r2)     // Catch: java.lang.Throwable -> Lf4
            if (r5 != 0) goto Le3
            com.alibaba.fastjson.JSONObject r2 = com.alibaba.fastjson.JSON.parseObject(r2)     // Catch: java.lang.Throwable -> Lf4
            java.lang.String r4 = "success"
            java.lang.Boolean r4 = r2.getBoolean(r4)     // Catch: java.lang.Throwable -> Lf4
            if (r4 == 0) goto Lc8
            boolean r4 = r4.booleanValue()     // Catch: java.lang.Throwable -> Lf4
            if (r4 == 0) goto Lc8
            java.lang.String r4 = "result"
            com.alibaba.fastjson.JSONObject r2 = r2.getJSONObject(r4)     // Catch: java.lang.Throwable -> Lf4
            if (r2 == 0) goto Lc5
            int r4 = r2.size()     // Catch: java.lang.Throwable -> Lf4
            if (r4 <= 0) goto Lc5
            java.lang.String r1 = r6.decryptData(r1, r2)     // Catch: java.lang.Throwable -> Lf4
            com.thingclips.smart.android.network.http.pin.ThingCertificatePinner.saveCersToCache(r1)     // Catch: java.lang.Throwable -> Lf4
            if (r7 == 0) goto Lc4
            r7.onSuccess()     // Catch: java.lang.Throwable -> Lf4
        Lc4:
            return
        Lc5:
            java.lang.String r1 = "parse to CersBeanList fail!"
            goto Le2
        Lc8:
            java.lang.StringBuilder r1 = new java.lang.StringBuilder     // Catch: java.lang.Throwable -> Lf4
            r1.<init>()     // Catch: java.lang.Throwable -> Lf4
            java.lang.String r4 = "server response not success. status : "
            r1.append(r4)     // Catch: java.lang.Throwable -> Lf4
            java.lang.String r4 = "status"
            java.lang.Object r2 = r2.get(r4)     // Catch: java.lang.Throwable -> Lf4
            r1.append(r2)     // Catch: java.lang.Throwable -> Lf4
            java.lang.String r1 = r1.toString()     // Catch: java.lang.Throwable -> Lf4
            goto Le2
        Le0:
            java.lang.String r1 = "certs is empty!"
        Le2:
            r4 = r1
        Le3:
            if (r7 == 0) goto Le8
            r7.onError(r4)     // Catch: java.lang.Throwable -> Lf4
        Le8:
            r6.setDnsV2ErrorCallback(r3, r4)     // Catch: java.lang.Throwable -> Lf4
            goto L103
        Lec:
            if (r7 == 0) goto Lf3
            java.lang.String r1 = "dns server url is null"
            r7.onError(r1)     // Catch: java.lang.Throwable -> Lf4
        Lf3:
            return
        Lf4:
            r1 = move-exception
            java.lang.String r2 = "requestCertsDns2 failed: "
            com.thingclips.smart.android.common.utils.L.e(r0, r2, r1)
            if (r7 == 0) goto L103
            java.lang.String r0 = r1.getMessage()
            r7.onError(r0)
        L103:
            return
        */
        throw new UnsupportedOperationException("Method not decompiled: com.thingclips.smart.android.network.http.pin.CertPinRefresher.requestCertsDns2(com.thingclips.smart.android.network.http.pin.CertPinRefresher$IResultCallback):void");
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void statRefreshCerts(int i) {
        IThingLogPlugin iThingLogPlugin = (IThingLogPlugin) PluginManager.service(IThingLogPlugin.class);
        if (iThingLogPlugin != null) {
            try {
                HashMap hashMap = new HashMap();
                hashMap.put("type", Integer.valueOf(i));
                iThingLogPlugin.temporaryEvent(DnsStatConstant.THING_EVENT_SSL_PINNING, "ssl_pinning", hashMap, 30, new ITemporaryCallBack() { // from class: com.thingclips.smart.android.network.http.pin.CertPinRefresher.2
                    @Override // com.thingclips.smart.sdk.api.ITemporaryCallBack
                    public List<Map<String, Object>> onHandler(String str, String str2, List<Map<String, Object>> list) {
                        ArrayList arrayList = new ArrayList();
                        HashMap hashMap2 = new HashMap();
                        hashMap2.put("datas", list);
                        arrayList.add(hashMap2);
                        return arrayList;
                    }
                });
                L.d(TAG, "stat THING_LOG_EVENT_DNS_FAILURE");
            } catch (Exception e) {
                e.printStackTrace();
            }
        }
    }

    public void recordLog(String str, String str2, String str3) {
        IThingLogPlugin iThingLogPlugin = (IThingLogPlugin) PluginManager.service(IThingLogPlugin.class);
        if (iThingLogPlugin != null) {
            if (!ThingSmartNetWork.getPerformanceLogSwitch()) {
                L.d(TAG, "log switch disable");
                return;
            }
            HashMap q = a.q("V2DnsUrl", str, BusinessResponse.KEY_ERRCODE, str2);
            q.put(BusinessResponse.KEY_ERRMSG, str3);
            L.d(TAG, "recordLog v2 error");
            iThingLogPlugin.event(DNS_V2_ERROR_LOG, q);
        }
    }

    public synchronized void refreshCerts() {
        if (refreshedCerts) {
            L.d(TAG, "refreshCerts refreshed Certs");
        } else if (refreshedCerts || requestCertsCount <= 3) {
            ThingSmartNetWorkExecutorManager.getBusinessExecutor().execute(new Runnable() { // from class: com.thingclips.smart.android.network.http.pin.CertPinRefresher.1
                @Override // java.lang.Runnable
                public void run() {
                    CertPinRefresher.this.requestCerts(new IResultCallback() { // from class: com.thingclips.smart.android.network.http.pin.CertPinRefresher.1.1
                        @Override // com.thingclips.smart.android.network.http.pin.CertPinRefresher.IResultCallback
                        public void onError(String str) {
                            CertPinRefresher.this.statRefreshCerts(6);
                            L.e(CertPinRefresher.TAG, "getCertsFailure : " + str);
                            CertPinRefresher.requestCertsCount = (short) (CertPinRefresher.requestCertsCount + 1);
                        }

                        @Override // com.thingclips.smart.android.network.http.pin.CertPinRefresher.IResultCallback
                        public void onSuccess() {
                            IThingQuicPlugin iThingQuicPlugin;
                            try {
                                CertPinRefresher.this.statRefreshCerts(5);
                                CertPinRefresher.refreshedCerts = true;
                                CertificatePinner createPinner = new ThingCertificatePinner().createPinner();
                                if (createPinner == null) {
                                    L.i(CertPinRefresher.TAG, "builder do not set certificatePinner!");
                                    return;
                                }
                                L.d(CertPinRefresher.TAG, "builder.certificatePinner");
                                ThingSmartNetWork.setOkHttpClient(ThingSmartNetWork.getOkHttpClient().newBuilder().certificatePinner(createPinner).build());
                                if (!QuicUtil.httpEnable() || (iThingQuicPlugin = (IThingQuicPlugin) PluginManager.service(IThingQuicPlugin.class)) == null) {
                                    return;
                                }
                                HttpUrl parse = HttpUrl.parse(ThingSmartNetWork.getQuicApiUrl());
                                iThingQuicPlugin.getThingSmartQuicManager().clear();
                                iThingQuicPlugin.getThingSmartQuicManager().initEngine(ThingSmartNetWork.getAppContext(), parse == null ? "" : parse.host(), ThingOKHttpDNS.getInstance(), ThingCertificatePinner.createPublicKeyPins());
                            } catch (Throwable th) {
                                L.e(CertPinRefresher.TAG, "builder certificate failed: ", th);
                            }
                        }
                    });
                }
            });
        } else {
            L.d(TAG, "refreshCerts have not refreshed Certs,but requestCertsCount is more than MAX_REQUEST_TIMES times");
        }
    }

    public void setDnsV2ErrorCallback(String str, String str2) {
        recordLog(str, H2_DNS_ERROR_CODE, str2);
        if (ThingNetworkSecurityManager.getInstance().getThingNetworkSecurityCallback() != null) {
            ThingNetworkSecurityManager.getInstance().getThingNetworkSecurityCallback().error(H2_DNS_ERROR_CODE, str2);
        }
    }
}
