package com.jd.smartcloudmobilesdk.net;

import android.text.TextUtils;
import com.alibaba.cloudapi.sdk.constant.SdkConstant;
import com.jd.smartcloudmobilesdk.init.JDSmartSDK;
import com.jd.smartcloudmobilesdk.utils.AES256Util;
import com.jd.smartcloudmobilesdk.utils.CommonUtil;
import com.jd.smartcloudmobilesdk.utils.HexUtils;
import com.jd.smartcloudmobilesdk.utils.JLog;
import com.jd.smartcloudmobilesdk.utils.RSA2048Util;
import com.jd.smartcloudmobilesdk.utils.SHA256Util;
import com.jd.smartcloudmobilesdk.utils.SpUtils;
import com.tuya.sdk.security.EncryptionManager;
import java.io.ByteArrayInputStream;
import java.io.InputStream;
import java.security.KeyFactory;
import java.security.PublicKey;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.X509EncodedKeySpec;
import java.util.HashMap;
import java.util.Map;
import org.json.JSONObject;

/* loaded from: classes6.dex */
public class CertChecker {
    private static final String CERT_PUBLIC_KEY = "30820122300D06092A864886F70D01010105000382010F003082010A0282010100D7CAB4AE0D9039532D434F509FB250FE5E3B07711ED1DCB5DE1B112C88CC1A237275FC7985CBE26C5E90DA3E77B049DA3DD7B9415AC270FA865DB463E7FB22D4E0E8982BED4A5988EF95313BC58D9B9550917A3F8EADDEB75235310D34330EA7716EAC7F911B784EB2516318F0BEE3AAD55803C288256B9C5BB345F9E9834977DCAFAE50ABB032A859FD48C8B3879B0A4431AE7DC8CA1E3F6DCF2468D2C06E8E44C539E7049CA63F2807ACEECB39AC2A22E8074650261C3EAC154C84E61803CBD50E84DD4AD003AFD74FEB6FA75B35F69FA70C57B8C8BC0E9AAB45615A2B755254A2AF7E97819CD05FFE659E31F7AB68CB3AFDAE7CC485BD414802B2FC1DAE5D0203010001";
    private static final String CERT_SUBJECT_NAME = "CN=*.jd.com,O=BEIJING JINGDONG SHANGKE INFORMATION TECHNOLOGY CO.\\, LTD.,L=beijing,ST=beijing,C=CN";
    private static final String RSA_KEY = "30820122300D06092A864886F70D01010105000382010F003082010A0282010100A583415D2C3E75F81B8A05167BB8A7DD62B3DC4353C2AB92121F1E65E826F71CCCFAB16778D4658603F5DF34CE46DA2D0B54EBAE4BDDD5731B374C9C9414C98BEC4D70C82A2E266846587644FB81E62636608985DADC50199EF6F939BECD85D3E4FAB6DFDF9DF209AA6E88985CE81734EDCB923F8CA176BAB62810E9CD919C200CF1FA825B1101AE48578A797E6BEDC750F00ACFDE6453FEC90440AD4B0AEAB49816FBD27A9486B19656620A60FAEA987ACE44FB457A37A97CE9BD30E6236633AC34880A83E832B52573D009C90E4B29DF2C8C37413A55ACA889FD925A2B1D9D1F96B9EA2B3D1EA49923412D4209D1031BF8E5539E75DD7DA2AFD2EE10D9EA9D0203010001";
    private static final String SP_KEY_NEED_CHECK_CERT = "need_check_cert";
    private static final String SP_KEY_PUBLIC_KEY = "cert_public_key";
    private static final String SP_KEY_SUBJECT_NAME = "cert_subject_name";
    private static final String SP_NAME = "server_cert";
    private static final String TAG = "CertChecker";

    private static boolean checkServerCert(String str) {
        return !getServerCertPublicKey().replaceAll(SdkConstant.CLOUDAPI_LF, "").equals(str);
    }

    static void checkServerTrusted(X509Certificate[] x509CertificateArr) throws CertificateException {
        if (isNeedCheckCert()) {
            String str = null;
            int length = x509CertificateArr.length;
            int i = 0;
            while (true) {
                if (i >= length) {
                    break;
                }
                X509Certificate x509Certificate = x509CertificateArr[i];
                if (getServerCertSubjectName().equals(x509Certificate.getSubjectDN().getName())) {
                    str = HexUtils.byte2hex(x509Certificate.getPublicKey().getEncoded());
                    break;
                }
                i++;
            }
            if (checkServerCert(str)) {
                JLog.e(TAG, "证书校验失败，清除缓存并更新证书");
                clearServerCertCache();
                updateServerCertificate();
                throw new CertificateException("Certificate validation failed");
            }
        }
    }

    private static void clearServerCertCache() {
        SpUtils.clearSp(JDSmartSDK.getInstance().getContext(), SP_NAME);
    }

    private static String getServerCertPublicKey() {
        String str = (String) SpUtils.get(JDSmartSDK.getInstance().getContext(), SP_NAME, SP_KEY_PUBLIC_KEY, "");
        return TextUtils.isEmpty(str) ? CERT_PUBLIC_KEY : str;
    }

    private static String getServerCertSubjectName() {
        String str = (String) SpUtils.get(JDSmartSDK.getInstance().getContext(), SP_NAME, SP_KEY_SUBJECT_NAME, "");
        return TextUtils.isEmpty(str) ? CERT_SUBJECT_NAME : str;
    }

    private static void getServerCertificate(JSONObject jSONObject, final byte[] bArr) {
        HashMap hashMap = new HashMap();
        hashMap.put("domain", "smartopen.jd.com");
        hashMap.put("json", jSONObject.toString());
        RequestClient.post(false, URLConstant.URL_GET_CERTIFICATE, (Map<String, String>) null, (Map<String, Object>) hashMap, new ResponseCallback() { // from class: com.jd.smartcloudmobilesdk.net.CertChecker.1
            @Override // com.jd.smartcloudmobilesdk.net.ResponseCallback
            public void onFailure(String str) {
                JLog.e(CertChecker.TAG, "getServerCertificate onFailure response " + str);
            }

            @Override // com.jd.smartcloudmobilesdk.net.ResponseCallback
            public void onSuccess(String str) {
                if (CommonUtil.isSuccess(str)) {
                    try {
                        JSONObject optJSONObject = new JSONObject(str).optJSONObject("result");
                        optJSONObject.optString("version");
                        String optString = optJSONObject.optString("signature");
                        String optString2 = optJSONObject.optString("certificate");
                        String optString3 = optJSONObject.optString("lower");
                        if (!optString.equals(SHA256Util.getSHA256Digest(optString3 + optString2))) {
                            JLog.e(CertChecker.TAG, "签名不对！验证签名失败");
                            return;
                        }
                        byte[] aesDecrypt = AES256Util.aesDecrypt(bArr, HexUtils.hexToByte(optString3));
                        if (aesDecrypt != null) {
                            String str2 = new String(aesDecrypt);
                            CertChecker.saveNeedCheckCert("1".equals(str2));
                            JLog.e(CertChecker.TAG, "lower = " + str2 + " isCheck = " + "1".equals(str2));
                        }
                        CertChecker.readCertificate(new ByteArrayInputStream(AES256Util.aesDecrypt(bArr, HexUtils.hexToByte(optString2))));
                    } catch (Exception e) {
                        e.printStackTrace();
                    }
                }
            }
        });
    }

    private static boolean isNeedCheckCert() {
        return ((Boolean) SpUtils.get(JDSmartSDK.getInstance().getContext(), SP_NAME, SP_KEY_NEED_CHECK_CERT, true)).booleanValue();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void readCertificate(InputStream inputStream) throws Exception {
        X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(inputStream);
        JLog.e(TAG, "类型:" + x509Certificate.getType());
        JLog.e(TAG, "版本:" + Integer.toString(x509Certificate.getVersion()));
        String name = x509Certificate.getSubjectDN().getName();
        JLog.e(TAG, "标题:" + name);
        saveServerCertSubjectName(name);
        JLog.e(TAG, "开始有效日期:" + x509Certificate.getNotBefore().toString());
        JLog.e(TAG, "截止日期:" + x509Certificate.getNotAfter().toString());
        JLog.e(TAG, "截止日期:" + x509Certificate.getNotAfter().getTime());
        JLog.e(TAG, "序列号:" + x509Certificate.getSerialNumber().toString(16));
        JLog.e(TAG, "发行者名:" + x509Certificate.getIssuerDN().getName());
        JLog.e(TAG, "签名算法:" + x509Certificate.getSigAlgName());
        JLog.e(TAG, "签名:" + HexUtils.byte2hex(x509Certificate.getSignature()));
        JLog.e(TAG, "公钥算法:" + x509Certificate.getPublicKey().getAlgorithm());
        String byte2hex = HexUtils.byte2hex(x509Certificate.getPublicKey().getEncoded());
        JLog.e(TAG, "公钥：" + byte2hex);
        saveServerCertPublicKey(byte2hex);
        if (inputStream != null) {
            inputStream.close();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void saveNeedCheckCert(boolean z) {
        SpUtils.put(JDSmartSDK.getInstance().getContext(), SP_NAME, SP_KEY_NEED_CHECK_CERT, Boolean.valueOf(z));
    }

    private static void saveServerCertPublicKey(String str) {
        SpUtils.put(JDSmartSDK.getInstance().getContext(), SP_NAME, SP_KEY_PUBLIC_KEY, str);
    }

    private static void saveServerCertSubjectName(String str) {
        SpUtils.put(JDSmartSDK.getInstance().getContext(), SP_NAME, SP_KEY_SUBJECT_NAME, str);
    }

    public static void updateServerCertificate() {
        try {
            PublicKey generatePublic = KeyFactory.getInstance(EncryptionManager.Oooo0o0).generatePublic(new X509EncodedKeySpec(HexUtils.hexToByte(RSA_KEY)));
            byte[] key = AES256Util.getKey();
            String byte2hex = HexUtils.byte2hex(AES256Util.encryptData(key, "weilian"));
            String byte2hex2 = HexUtils.byte2hex(RSA2048Util.encrypt(key, generatePublic));
            String sHA256Digest = SHA256Util.getSHA256Digest(byte2hex + byte2hex2);
            JSONObject jSONObject = new JSONObject();
            jSONObject.put("version", "3.0");
            jSONObject.put("message", byte2hex);
            jSONObject.put("secret", byte2hex2);
            jSONObject.put("signature", sHA256Digest);
            getServerCertificate(jSONObject, key);
        } catch (Exception e) {
            e.printStackTrace();
        }
    }
}
