package com.nd.uc.account.internal;

import android.os.SystemClock;
import android.text.TextUtils;
import android.util.Base64;
import com.google.devtools.build.android.desugar.runtime.ThrowableExtension;
import com.nd.sdp.imapp.fix.Hack;
import com.nd.smartcan.commons.util.language.StringUtils;
import com.nd.smartcan.commons.util.logger.Logger;
import com.nd.smartcan.core.restful.ClientResourceUtils;
import com.nd.smartcan.core.restful.ExtraErrorInfo;
import com.nd.smartcan.core.restful.LogHandler;
import com.nd.smartcan.core.restful.ResourceException;
import com.nd.smartcan.core.security.ErrorHandler;
import com.nd.smartcan.core.security.ICalculateMACContent;
import com.nd.smartcan.core.security.IExtendedRequestDelegate;
import com.nd.smartcan.core.security.IFinalBeforeSendHandler;
import com.nd.smartcan.core.security.IRequestDelegate;
import com.nd.smartcan.core.security.SecurityDelegate;
import com.nd.uc.account.NdUcSdkException;
import com.nd.uc.account.interfaces.ICurrentUser;
import com.nd.uc.account.internal.Const;
import com.nd.uc.account.internal.bean.KeyConst;
import com.nd.uc.account.internal.bean.entity.MacContent;
import com.nd.uc.account.internal.bean.entity.MacTokenInternal;
import com.nd.uc.account.internal.di.NdUcDagger;
import com.nd.uc.account.internal.util.CollectionsUtil;
import com.nd.uc.account.internal.util.JsonUtil;
import com.nd.uc.account.internal.util.SecurityUtil;
import com.nd.uc.account.internal.util.UcUtil;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Comparator;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.WeakHashMap;
import java.util.concurrent.locks.ReentrantLock;
import java.util.regex.Pattern;
import org.apache.http.Header;

/* loaded from: classes7.dex */
public class HttpSecurityHelper {
    private static final String AUTHORIZATION_FORMAT = " MAC id=\"%s\",nonce=\"%s\",mac=\"%s\"";
    private static final String HEADER_KEY_AUTHORIZATION = "Authorization";
    private static final String HEADER_KEY_AUTH_HEADER_SWITCH = "auth-header-switch";
    private static final String HEADER_KEY_UC_COLL = "uc-coll";
    private static final String HEADER_KEY_USER_AGENT = "User-Agent";
    private static final int MAX_RETRY_TIME_OF_AUTH_UNAVAILABLE_TOKEN = 50;
    private static final String TAG = HttpSecurityHelper.class.getSimpleName();
    private boolean mUseSdpToken;
    private int mRetryTimeOfUnavailableToken = 0;
    private final Map<String, ReentrantLock> mTokenLocks = new WeakHashMap();
    private ErrorHandler mErrorHandler = new ErrorHandler() { // from class: com.nd.uc.account.internal.HttpSecurityHelper.1
        {
            if (Boolean.FALSE.booleanValue()) {
                System.out.println(Hack.class);
            }
        }

        /* JADX WARN: Can't fix incorrect switch cases order, some code will duplicate */
        @Override // com.nd.smartcan.core.security.ErrorHandler
        public int handle(IRequestDelegate iRequestDelegate, ResourceException resourceException) {
            char c = 0;
            ExtraErrorInfo extraErrorInfo = resourceException.getExtraErrorInfo();
            if (extraErrorInfo == null || TextUtils.isEmpty(extraErrorInfo.getCode()) || NdUcDagger.instance.getIAuthenticationManager().getCurrentUser() == null) {
                return 0;
            }
            String ucMafAuthenticationType = HttpSecurityHelper.this.getUcMafAuthenticationType(iRequestDelegate);
            if (TextUtils.isEmpty(ucMafAuthenticationType)) {
                ucMafAuthenticationType = ICurrentUser.ACCOUNT_TYPE_CURRENT_USER;
            }
            try {
                String code = extraErrorInfo.getCode();
                switch (code.hashCode()) {
                    case -1152692648:
                        if (code.equals("UC/AUTH_INVALID_TIMESTAMP")) {
                            c = 1;
                            break;
                        }
                        c = 65535;
                        break;
                    case -1033344300:
                        if (code.equals(Const.TokenErrorCode.AUTH_UNAVAILABLE_TOKEN)) {
                            c = 3;
                            break;
                        }
                        c = 65535;
                        break;
                    case 210101609:
                        if (code.equals("UC/AUTH_TOKEN_EXPIRED")) {
                            break;
                        }
                        c = 65535;
                        break;
                    case 457496635:
                        if (code.equals("UC/AUTH_INVALID_TOKEN")) {
                            c = 2;
                            break;
                        }
                        c = 65535;
                        break;
                    default:
                        c = 65535;
                        break;
                }
                switch (c) {
                    case 0:
                        return HttpSecurityHelper.this.doTokenExpired(iRequestDelegate, ucMafAuthenticationType);
                    case 1:
                        return HttpSecurityHelper.this.doInvalidTimestamp(iRequestDelegate, ucMafAuthenticationType);
                    case 2:
                        return HttpSecurityHelper.this.doInvalidToken();
                    case 3:
                        return HttpSecurityHelper.this.doAuthUnavailableToken(iRequestDelegate, ucMafAuthenticationType);
                    default:
                        return 0;
                }
            } catch (Exception e) {
                Logger.w(HttpSecurityHelper.TAG, "ErrorHandler.handle:" + e.getMessage());
                return 0;
            }
        }
    };
    private IFinalBeforeSendHandler mBeforeHandler = new IFinalBeforeSendHandler() { // from class: com.nd.uc.account.internal.HttpSecurityHelper.2
        {
            if (Boolean.FALSE.booleanValue()) {
                System.out.println(Hack.class);
            }
        }

        @Override // com.nd.smartcan.core.security.IFinalBeforeSendHandler
        public void handle(IExtendedRequestDelegate iExtendedRequestDelegate) {
            String ucMafAuthenticationType = HttpSecurityHelper.this.getUcMafAuthenticationType(iExtendedRequestDelegate);
            AuthenticationManager authenticationManager = NdUcDagger.instance.getNdUcCmp().getAuthenticationManager();
            if (TextUtils.isEmpty(ucMafAuthenticationType)) {
                ucMafAuthenticationType = ICurrentUser.ACCOUNT_TYPE_CURRENT_USER;
            }
            CurrentUser currentUserByAccountyType = authenticationManager.getCurrentUserByAccountyType(ucMafAuthenticationType);
            if (currentUserByAccountyType == null) {
                return;
            }
            iExtendedRequestDelegate.setRequestHead("Authorization", HttpSecurityHelper.this.getAuthorization(iExtendedRequestDelegate, currentUserByAccountyType));
            iExtendedRequestDelegate.setRequestHead("User-Agent", ClientResourceUtils.appendUserAgent(HttpSecurityHelper.this.getUserAgent(iExtendedRequestDelegate.getHeaders()), Base64.encodeToString(String.valueOf(currentUserByAccountyType.getCurrentUserId()).getBytes(), 2)));
            iExtendedRequestDelegate.setRequestHead(HttpSecurityHelper.HEADER_KEY_UC_COLL, UcUtil.getUcColl(NdUcDagger.instance.getCommonCmp().getContext()));
            if (HttpSecurityHelper.this.mUseSdpToken) {
                iExtendedRequestDelegate.setRequestHead(HttpSecurityHelper.HEADER_KEY_AUTH_HEADER_SWITCH, "true");
            }
        }
    };
    private ICalculateMACContent mCalculateMACContent = new ICalculateMACContent() { // from class: com.nd.uc.account.internal.HttpSecurityHelper.3
        {
            if (Boolean.FALSE.booleanValue()) {
                System.out.println(Hack.class);
            }
        }

        @Override // com.nd.smartcan.core.security.ICalculateMACContent
        public String getMACContent(IRequestDelegate iRequestDelegate, boolean z) {
            String ucMafAuthenticationType = HttpSecurityHelper.this.getUcMafAuthenticationType(iRequestDelegate);
            AuthenticationManager authenticationManager = NdUcDagger.instance.getNdUcCmp().getAuthenticationManager();
            if (TextUtils.isEmpty(ucMafAuthenticationType)) {
                ucMafAuthenticationType = ICurrentUser.ACCOUNT_TYPE_CURRENT_USER;
            }
            CurrentUser currentUserByAccountyType = authenticationManager.getCurrentUserByAccountyType(ucMafAuthenticationType);
            if (currentUserByAccountyType == null) {
                return "";
            }
            try {
                return JsonUtil.obj2json(HttpSecurityHelper.this.getMacContent(iRequestDelegate.getHost(), iRequestDelegate.getURI(), UcUtil.methodToString(iRequestDelegate.getMethod()), null, currentUserByAccountyType));
            } catch (IOException e) {
                ThrowableExtension.printStackTrace(e);
                return null;
            }
        }
    };

    public HttpSecurityHelper(boolean z) {
        this.mUseSdpToken = z;
        if (Boolean.FALSE.booleanValue()) {
            System.out.println(Hack.class);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public int doAuthUnavailableToken(IRequestDelegate iRequestDelegate, String str) throws NdUcSdkException {
        if (this.mRetryTimeOfUnavailableToken >= 50) {
            return doInvalidToken();
        }
        this.mRetryTimeOfUnavailableToken++;
        return setAuthorizationHeader(iRequestDelegate, str);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public int doInvalidTimestamp(IRequestDelegate iRequestDelegate, String str) throws NdUcSdkException {
        if (getLockForToken(str).tryLock()) {
            try {
                NdUcDagger.instance.getNdUcCmp().getAuthenticationManager().updateServerTime(str);
            } finally {
                getLockForToken(str).unlock();
            }
        }
        return setAuthorizationHeader(iRequestDelegate, str);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public int doInvalidToken() throws NdUcSdkException {
        NdUcDagger.instance.getNdUcCmp().getAuthenticationManager().clearLoginAccount();
        NdUcDagger.instance.getNdUcCmp().getAuthenticationManager().doInvalidToken();
        return 0;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public int doTokenExpired(IRequestDelegate iRequestDelegate, String str) throws NdUcSdkException {
        if (iRequestDelegate.getURI().contains("/actions/refresh")) {
            return doInvalidToken();
        }
        if (getLockForToken(str).tryLock()) {
            try {
                NdUcDagger.instance.getNdUcCmp().getAuthenticationManager().refreshToken(str);
            } finally {
                getLockForToken(str).unlock();
            }
        }
        return setAuthorizationHeader(iRequestDelegate, str);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public String getAuthorization(IRequestDelegate iRequestDelegate, CurrentUser currentUser) {
        MacContent macContent = getMacContent(iRequestDelegate.getHost(), iRequestDelegate.getURI(), UcUtil.methodToString(iRequestDelegate.getMethod()), iRequestDelegate instanceof IExtendedRequestDelegate ? ((IExtendedRequestDelegate) iRequestDelegate).getHeaders() : null, currentUser);
        return String.format(AUTHORIZATION_FORMAT, macContent.getAccessToken(), macContent.getNonce(), macContent.getMac());
    }

    private List<String> getHeaderSdpValues(List<Header> list) {
        ArrayList arrayList = null;
        if (this.mUseSdpToken && !CollectionsUtil.isEmpty(list)) {
            ArrayList arrayList2 = new ArrayList();
            for (Header header : list) {
                if (isMatch(header.getName().toLowerCase(), "^sdp-[a-zA-Z][a-zA-Z0-9_-]{0,15}$")) {
                    arrayList2.add(header);
                }
            }
            if (!CollectionsUtil.isEmpty(arrayList2)) {
                Collections.sort(arrayList2, new Comparator<Header>() { // from class: com.nd.uc.account.internal.HttpSecurityHelper.4
                    {
                        if (Boolean.FALSE.booleanValue()) {
                            System.out.println(Hack.class);
                        }
                    }

                    @Override // java.util.Comparator
                    public int compare(Header header2, Header header3) {
                        return header2.getName().toLowerCase().compareToIgnoreCase(header3.getName());
                    }
                });
                arrayList = new ArrayList();
                Iterator it = arrayList2.iterator();
                while (it.hasNext()) {
                    arrayList.add(((Header) it.next()).getValue());
                }
            }
        }
        return arrayList;
    }

    private synchronized ReentrantLock getLockForToken(String str) {
        ReentrantLock reentrantLock;
        reentrantLock = this.mTokenLocks.get(str);
        if (reentrantLock == null) {
            reentrantLock = new ReentrantLock();
            this.mTokenLocks.put(str, reentrantLock);
        }
        return reentrantLock;
    }

    private static String getMac(String str, String str2, String str3, String str4, String str5, List<String> list) {
        StringBuilder sb = new StringBuilder();
        sb.append(str4);
        sb.append('\n');
        sb.append(str3);
        sb.append('\n');
        sb.append(str2);
        sb.append('\n');
        sb.append(str);
        sb.append('\n');
        if (!CollectionsUtil.isEmpty(list)) {
            Collections.sort(list);
            Iterator<String> it = list.iterator();
            while (it.hasNext()) {
                sb.append(it.next());
                sb.append('\n');
            }
        }
        return SecurityUtil.encryptHMac256(sb.toString(), str5);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public String getUcMafAuthenticationType(IRequestDelegate iRequestDelegate) {
        if (!(iRequestDelegate instanceof IExtendedRequestDelegate)) {
            return null;
        }
        IExtendedRequestDelegate iExtendedRequestDelegate = (IExtendedRequestDelegate) iRequestDelegate;
        if (CollectionsUtil.isEmpty(iExtendedRequestDelegate.getHeaders())) {
            return null;
        }
        for (Header header : iExtendedRequestDelegate.getHeaders()) {
            if (KeyConst.KEY_UC_MAF_AUTHENTICATION_TYPE_KEY.equals(header.getName())) {
                return header.getValue();
            }
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public String getUserAgent(List<Header> list) {
        String str = "";
        if (list != null) {
            for (Header header : list) {
                if (StringUtils.equalsIgnoreCase(header.getName(), "User-Agent")) {
                    str = header.getValue();
                }
            }
        }
        return str;
    }

    private static boolean isMatch(String str, String str2) {
        return Pattern.compile(str2).matcher(str).matches();
    }

    private int setAuthorizationHeader(IRequestDelegate iRequestDelegate, String str) {
        getLockForToken(str).lock();
        getLockForToken(str).unlock();
        CurrentUser currentUserByAccountyType = NdUcDagger.instance.getNdUcCmp().getAuthenticationManager().getCurrentUserByAccountyType(str);
        if (currentUserByAccountyType == null) {
            return 0;
        }
        iRequestDelegate.setRequestHead("Authorization", getAuthorization(iRequestDelegate, currentUserByAccountyType));
        return 1;
    }

    public MacContent getMacContent(String str, String str2, String str3, List<Header> list, CurrentUser currentUser) {
        MacTokenInternal macToken = currentUser.getMacToken();
        String accessToken = macToken.getAccessToken();
        String str4 = (macToken.getServiceTime() + (SystemClock.elapsedRealtime() - currentUser.getClientLoginTime())) + ":" + UcUtil.generateMixRandomCode(8);
        String mac = getMac(str, str2, str3, str4, currentUser.getMacToken().getMacKey(), getHeaderSdpValues(list));
        MacContent macContent = new MacContent();
        macContent.setAccessToken(accessToken);
        macContent.setMac(mac);
        macContent.setNonce(str4);
        return macContent;
    }

    public void initHttpSecurity() {
        SecurityDelegate.getInstance().setCalculateMACContent(this.mCalculateMACContent);
        SecurityDelegate.getInstance().setFinalBeforeSendHandler(this.mBeforeHandler);
        SecurityDelegate.getInstance().addErrorHandler(this.mErrorHandler);
        LogHandler.i(TAG, "initSecurityDelegate success === ");
    }
}
