package com.xiaomi.ai.transport;

import com.xiaomi.ai.api.common.APIUtils;
import com.xiaomi.ai.core.AivsConfig;
import com.xiaomi.ai.core.Channel;
import com.xiaomi.ai.log.Logger;
import com.xiaomi.ai.utils.Base64;
import com.xiaomi.ai.utils.i;
import java.io.IOException;
import java.nio.charset.Charset;
import java.security.Key;
import java.security.KeyFactory;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.spec.X509EncodedKeySpec;
import java.text.SimpleDateFormat;
import java.util.Date;
import java.util.Formatter;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.TimeZone;
import java.util.UUID;
import java.util.zip.CRC32;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import miuix.security.DigestUtils;
import okhttp3.Call;
import okhttp3.Callback;
import okhttp3.Cookie;
import okhttp3.FormBody;
import okhttp3.Interceptor;
import okhttp3.MediaType;
import okhttp3.OkHttpClient;
import okhttp3.Request;
import okhttp3.RequestBody;
import okhttp3.Response;
import okhttp3.ResponseBody;
import z1.m;

/* loaded from: classes2.dex */
public class LiteCryptInterceptor implements Interceptor {

    /* renamed from: a, reason: collision with root package name */
    private Channel f6740a;

    /* renamed from: b, reason: collision with root package name */
    private b f6741b;

    /* renamed from: c, reason: collision with root package name */
    private byte[] f6742c;

    /* renamed from: d, reason: collision with root package name */
    private OkHttpClient f6743d = new OkHttpClient();

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes2.dex */
    public class a implements Callback {
        a() {
        }

        @Override // okhttp3.Callback
        public void onFailure(Call call, IOException iOException) {
            Logger.b("LiteCryptInterceptor", Logger.throwableToString(iOException));
        }

        @Override // okhttp3.Callback
        public void onResponse(Call call, Response response) {
            try {
                if (!response.isSuccessful()) {
                    Logger.b("LiteCryptInterceptor", "refreshPublicKeyInfo: " + response + ", body=" + response.body().string());
                    throw new Exception(response.toString());
                }
                String string = response.body().string();
                m C = APIUtils.getObjectMapper().C(string);
                if (C.u("key_id") && C.u("expire_at") && C.u("public_key")) {
                    LiteCryptInterceptor.this.c(C.G("public_key").k());
                    Logger.c("LiteCryptInterceptor", "new public key is valid");
                    LiteCryptInterceptor.this.f6740a.getListener().onWrite(LiteCryptInterceptor.this.f6740a, "pubkey_info", C.toString());
                    return;
                }
                Logger.b("LiteCryptInterceptor", "refreshPublicKeyInfo: invalid body " + string);
                throw new Exception("invalid body " + string);
            } catch (Exception e10) {
                Logger.b("LiteCryptInterceptor", e10.getMessage());
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes2.dex */
    public class b {

        /* renamed from: a, reason: collision with root package name */
        byte[] f6745a;

        /* renamed from: b, reason: collision with root package name */
        String f6746b;

        private b(LiteCryptInterceptor liteCryptInterceptor) {
        }

        /* synthetic */ b(LiteCryptInterceptor liteCryptInterceptor, a aVar) {
            this(liteCryptInterceptor);
        }
    }

    public LiteCryptInterceptor(Channel channel) {
        this.f6740a = channel;
    }

    private String a(String str) {
        return new String(aesCrypt(2, Base64.decode(str, 8)), Charset.forName("UTF-8"));
    }

    private String a(Request request) {
        String httpUrl = request.url().toString();
        int indexOf = httpUrl.indexOf(63);
        if (indexOf <= 0) {
            return httpUrl;
        }
        return httpUrl.substring(0, indexOf) + "?data=" + b(httpUrl.substring(indexOf + 1));
    }

    private String a(RequestBody requestBody) {
        if (requestBody == null) {
            return null;
        }
        okio.c cVar = new okio.c();
        requestBody.writeTo(cVar);
        return cVar.a0();
    }

    private String a(byte[] bArr) {
        CRC32 crc32 = new CRC32();
        crc32.update(bArr);
        long value = crc32.getValue();
        Formatter formatter = new Formatter();
        for (int i10 = 0; i10 < 4; i10++) {
            formatter.format("%02x", Byte.valueOf((byte) value));
            value >>= 8;
        }
        return formatter.toString();
    }

    private Request a(Request request, String str) {
        RequestBody build;
        byte[] bArr = this.f6741b.f6745a;
        Request.Builder addHeader = request.newBuilder().url(a(request)).removeHeader("Date").addHeader("Date", str);
        String str2 = this.f6741b.f6746b;
        if (str2 == null) {
            addHeader.addHeader("AIVS-Encryption-Key", b()).addHeader("AIVS-Encryption-CRC", a(bArr));
        } else {
            addHeader.addHeader("AIVS-Encryption-Token", str2);
        }
        List<String> headers = request.headers("Authorization");
        addHeader.removeHeader("Authorization");
        Iterator<String> it = headers.iterator();
        while (it.hasNext()) {
            addHeader.addHeader("Authorization", b(it.next()));
        }
        if (request.method().equals("GET")) {
            addHeader.get();
        } else if (request.method().equals("POST")) {
            RequestBody body = request.body();
            MediaType contentType = body.contentType();
            if ("application".equals(contentType.type()) && "json".equals(contentType.subtype())) {
                build = RequestBody.create(contentType, String.format("{ \"data\": \"%s\"}", b(a(body))));
            } else if (body instanceof FormBody) {
                FormBody.Builder builder = new FormBody.Builder();
                builder.add("data", b(a(body)));
                build = builder.build();
            }
            addHeader.post(build);
        }
        return addHeader.build();
    }

    private Response a(Response response) {
        ResponseBody body = response.body();
        if (body == null) {
            return response;
        }
        for (Cookie cookie : Cookie.parseAll(response.request().url(), response.headers())) {
            if (cookie.name().equals("AIVS-Encryption-Token")) {
                updateAesToken(cookie.value(), cookie.expiresAt());
            }
        }
        if (!response.header("AIVS-Encryption-Body", "false").equals("true")) {
            return response;
        }
        return response.newBuilder().body(ResponseBody.create(body.contentType(), a(body.string()))).build();
    }

    private byte[] a() {
        KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
        SecureRandom secureRandom = new SecureRandom();
        secureRandom.setSeed(UUID.randomUUID().toString().getBytes());
        keyGenerator.init(128, secureRandom);
        return keyGenerator.generateKey().getEncoded();
    }

    private byte[] a(byte[] bArr, Key key) {
        return a(bArr, key, true);
    }

    private byte[] a(byte[] bArr, Key key, boolean z9) {
        int i10 = z9 ? 1 : 2;
        Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
        cipher.init(i10, key);
        return cipher.doFinal(bArr);
    }

    private String b() {
        m e10 = e();
        return "pubkeyid:" + e10.G("key_id").k() + ",key:" + Base64.encodeToString(a(this.f6741b.f6745a, c(e10.G("public_key").k())), 10);
    }

    private String b(String str) {
        return Base64.encodeToString(aesCrypt(1, str.getBytes(Charset.forName("UTF-8"))), 10);
    }

    private byte[] b(byte[] bArr) {
        try {
            return MessageDigest.getInstance(DigestUtils.ALGORITHM_MD5).digest(bArr);
        } catch (NoSuchAlgorithmException e10) {
            Logger.b("LiteCryptInterceptor", Logger.throwableToString(e10));
            return null;
        }
    }

    private b c() {
        b bVar;
        synchronized ("aes_key_info") {
            try {
                bVar = new b(this, null);
                String onRead = this.f6740a.getListener().onRead(this.f6740a, "aes_key");
                String onRead2 = this.f6740a.getListener().onRead(this.f6740a, "aes_token");
                String onRead3 = this.f6740a.getListener().onRead(this.f6740a, "aes_expire_at");
                long parseLong = i.a(onRead3) ? 0L : Long.parseLong(onRead3);
                if (onRead == null || (onRead2 != null && parseLong - System.currentTimeMillis() < 10000)) {
                    Logger.c("LiteCryptInterceptor", "getCurrentAesKeyOrToken: expireAt=" + parseLong + " , refresh aes key");
                    bVar.f6745a = a();
                    clearAes();
                    this.f6740a.getListener().onWrite(this.f6740a, "aes_key", Base64.encodeToString(bVar.f6745a, 0));
                } else {
                    Logger.c("LiteCryptInterceptor", "getCurrentAesKeyOrToken: expireAt=" + parseLong + " , use cached aes key");
                    bVar.f6745a = Base64.decode(onRead, 0);
                    bVar.f6746b = onRead2;
                }
            } catch (Exception e10) {
                Logger.b("LiteCryptInterceptor", Logger.throwableToString(e10));
                throw new IOException(e10.toString());
            }
        }
        return bVar;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public PublicKey c(String str) {
        return KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(Base64.decode(str.replace("-----BEGIN PUBLIC KEY-----\n", "").replace("-----END PUBLIC KEY-----", "").replace("\n", ""), 0)));
    }

    private String d() {
        SimpleDateFormat simpleDateFormat = new SimpleDateFormat("EEE, d MMM yyyy HH:mm:ss 'GMT'", Locale.US);
        simpleDateFormat.setTimeZone(TimeZone.getTimeZone("GMT"));
        return simpleDateFormat.format(new Date());
    }

    private m e() {
        m mVar;
        synchronized ("pubkey_info") {
            String onRead = this.f6740a.getListener().onRead(this.f6740a, "pubkey_info");
            if (i.a(onRead)) {
                mVar = null;
            } else {
                mVar = APIUtils.getObjectMapper().C(onRead);
                if (mVar != null && mVar.u("expire_at") && mVar.u("public_key")) {
                    long i10 = mVar.G("expire_at").i();
                    new SecureRandom().setSeed(UUID.randomUUID().toString().getBytes());
                    long nextInt = r4.nextInt(1800000) + 10000;
                    Logger.c("LiteCryptInterceptor", "getPubkeyInfo: expireAt:" + i10 + ", now:" + System.currentTimeMillis() + " , aheadTime:" + nextInt);
                    if (i10 - System.currentTimeMillis() >= nextInt) {
                        return mVar;
                    }
                    Logger.d("LiteCryptInterceptor", "getPubkeyInfo: public key expired");
                }
            }
            m g10 = g();
            if (g10 != null) {
                return g10;
            }
            if (mVar == null) {
                throw new Exception("refreshPublicKeyInfo failed!");
            }
            Logger.d("LiteCryptInterceptor", "getPubkeyInfo: get public key failed, use expired key");
            return mVar;
        }
    }

    private String f() {
        StringBuilder sb = new StringBuilder();
        sb.append(this.f6740a.getAivsConfig().getInt(AivsConfig.ENV) == 2 ? "http://account-staging.xiaomixiaoai.com/ws/session/rsa/public" : "https://account.xiaomixiaoai.com/ws/session/rsa/public");
        String string = this.f6740a.getAivsConfig().getString(AivsConfig.Auth.CLIENT_ID);
        if (!this.f6740a.getClientInfo().getDeviceId().isPresent()) {
            throw new IllegalArgumentException("device id not set");
        }
        String str = this.f6740a.getClientInfo().getDeviceId().get();
        sb.append("?client_id=");
        sb.append(string);
        sb.append("&key_length=2048&device_id=");
        sb.append(str);
        return sb.toString();
    }

    private m g() {
        Logger.c("LiteCryptInterceptor", "refreshPublicKeyInfo");
        if (this.f6740a.getListener().isAllowCTA()) {
            this.f6743d.newCall(new Request.Builder().url(f()).get().build()).enqueue(new a());
        } else {
            Logger.c("LiteCryptInterceptor", "refreshPublicKeyInfo: CTA is not allow");
        }
        try {
            return this.f6740a.getAivsConfig().getInt(AivsConfig.ENV) == 2 ? APIUtils.getObjectMapper().C("{\"key_id\": \"iJne1qqnSWxYsjJq54vnKg==\",\"public_key\": \"-----BEGIN PUBLIC KEY-----\\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoHVeIxKvdR/x6jljxTrk\\nWEh1pAEj1ZQy1m+myMfxOeRMuYd9OTOE60UC79lx2qt5qmUZegBqVM3Oorcurzy7\\ndCVtWOJE8AuXrlRtMbGGeitpKD8pc3keOXJKEwZ/I47Ara/5isjYfZ0aWxBVyhYj\\nNXku/JT0VjzgYWAc5a1almaPSPG4WY76K8qSvJIvvB4nOC0YzEPtX2WPk7/cU8k9\\n91Wn0wK7n+0xVxhrSn00iNu8cvChXP6ePjL5869z2P5Gv3YONvSiDbcDlW+cxKZM\\nabaRLxqDH6zoiUE/3aTwb80M3QCuqBW1/857yv8QcA/C+JdHPwpZheOLj4rd8ST7\\nVQIDAQAB\\n-----END PUBLIC KEY-----\\n\"}") : APIUtils.getObjectMapper().C("{\"key_id\": \"CZWhJoB4ihbNyMcTTbWh/g==\",\"public_key\": \"-----BEGIN PUBLIC KEY-----\\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsca6B9KeE39zsuIuE+iH\\nXPR0QDjb7Tq0nBYP9USiWFfPE+ER1CwmIXPEHMpN2YumgzatonnScJJs3d1ZyuTH\\nlIpe6bjmQl7TaQGlMBhjKAhsSSFfIud62nW7UCNsBpqBaW4XmQ6DKUc9OorNA2ME\\ngsNtW9b9L8VFXfH0vrEH8gKjSwUOkBQNAg8H9vPh5bUY+JN/ELNsFDMMTzCxJy7K\\n+/o/bLvkOt137knMeR1kCNzBwcVZusnn3CsQ89+P4YU6AaE6MTDJqDOpud1MMwDH\\nnzXGHK3GFhp0uDjFdE374tOrNp/A8y8IYkfKNJoRA+mRQnvp+X6H79wj9/jIXxrn\\nHwIDAQAB\\n-----END PUBLIC KEY-----\\n\"}");
        } catch (IOException e10) {
            Logger.b("LiteCryptInterceptor", Logger.throwableToString(e10));
            return null;
        }
    }

    public byte[] aesCrypt(int i10, byte[] bArr) {
        Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
        cipher.init(i10, new SecretKeySpec(this.f6741b.f6745a, "AES"), new IvParameterSpec(this.f6742c));
        return cipher.doFinal(bArr);
    }

    public void clearAes() {
        synchronized ("aes_key_info") {
            this.f6740a.getListener().onRemove(this.f6740a, "aes_key");
            this.f6740a.getListener().onRemove(this.f6740a, "aes_token");
            this.f6740a.getListener().onRemove(this.f6740a, "aes_expire_at");
        }
    }

    public void clearPubkey() {
        synchronized ("pubkey_info") {
            this.f6740a.getListener().onRemove(this.f6740a, "pubkey_info");
        }
    }

    public Map<String, String> getAuthHeaders(boolean z9) {
        String str;
        HashMap hashMap = new HashMap();
        String authHeader = this.f6740a.getAuthProvider().getAuthHeader(z9, true, hashMap);
        if (authHeader == null) {
            return null;
        }
        try {
            this.f6741b = c();
            String d10 = d();
            hashMap.put("Date", d10);
            this.f6742c = b(d10.getBytes("UTF-8"));
            b bVar = this.f6741b;
            byte[] bArr = bVar.f6745a;
            String str2 = bVar.f6746b;
            if (str2 == null) {
                str2 = a(bArr);
                hashMap.put("AIVS-Encryption-Key", b());
                str = "AIVS-Encryption-CRC";
            } else {
                str = "AIVS-Encryption-Token";
            }
            hashMap.put(str, str2);
            hashMap.put("Authorization", b(authHeader));
        } catch (Exception e10) {
            e10.printStackTrace();
        }
        return hashMap;
    }

    @Override // okhttp3.Interceptor
    public Response intercept(Interceptor.Chain chain) {
        this.f6741b = c();
        String d10 = d();
        this.f6742c = b(d10.getBytes("UTF-8"));
        try {
            return a(chain.proceed(a(chain.request(), d10)));
        } catch (Exception e10) {
            Logger.b("LiteCryptInterceptor", Logger.throwableToString(e10));
            clearAes();
            clearPubkey();
            Logger.b("LiteCryptInterceptor", "clear all auth info");
            throw new IOException(e10);
        }
    }

    public void updateAesToken(String str, long j10) {
        synchronized ("aes_key_info") {
            Logger.c("LiteCryptInterceptor", "update aes token");
            this.f6740a.getListener().onWrite(this.f6740a, "aes_token", str);
            this.f6740a.getListener().onWrite(this.f6740a, "aes_expire_at", Long.toString(j10));
        }
    }
}
