package com.zhihu.android.app;

import android.content.Context;
import android.os.Handler;
import android.os.Looper;
import android.text.TextUtils;
import android.util.Base64;
import com.google.api.client.http.HttpRequest;
import com.google.api.client.http.HttpRequestInitializer;
import com.google.api.client.http.HttpResponse;
import com.google.api.client.http.HttpUnsuccessfulResponseHandler;
import com.zhihu.android.api.http.BearerToken;
import com.zhihu.android.api.http.CookieHandler;
import com.zhihu.android.api.http.IAccessMethod;
import com.zhihu.android.api.http.OAuthToken;
import com.zhihu.android.api.model.ApiError;
import com.zhihu.android.api.model.Certificates;
import com.zhihu.android.api.service.CertificateService;
import com.zhihu.android.api.service.WalletService;
import com.zhihu.android.api.util.InternalCertificates;
import com.zhihu.android.api.util.JsonUtils;
import com.zhihu.android.app.accounts.AccountManager;
import com.zhihu.android.app.analytics.AppInfo;
import com.zhihu.android.app.appview.AppView;
import com.zhihu.android.app.event.AccountSafetyAlertEvent;
import com.zhihu.android.app.event.UnauthorizedEvent;
import com.zhihu.android.app.util.AdPreviewUtils;
import com.zhihu.android.app.util.BuildConfigHelper;
import com.zhihu.android.app.util.CrashlyticsLogUtils;
import com.zhihu.android.app.util.DebugSettings;
import com.zhihu.android.app.util.PreferenceHelper;
import com.zhihu.android.app.util.SafetyLock;
import com.zhihu.android.app.util.UnauthorizeLock;
import com.zhihu.android.app.util.UserAgentHelper;
import com.zhihu.android.app.util.za.ZAAPIMonitorHandler;
import com.zhihu.android.app.util.za.ZAExperimentHandler;
import com.zhihu.android.base.util.RxBus;
import com.zhihu.android.base.util.debug.Debug;
import com.zhihu.android.bumblebee.annotation.MultipartFormDataContent;
import com.zhihu.android.bumblebee.exception.BumblebeeException;
import com.zhihu.android.bumblebee.http.Bumblebee;
import com.zhihu.android.bumblebee.http.BumblebeeExceptionHandler;
import com.zhihu.android.bumblebee.http.BumblebeeResponse;
import com.zhihu.android.bumblebee.http.BumblebeeResponseHandler;
import com.zhihu.android.bumblebee.http.Dns;
import com.zhihu.android.bumblebee.http.HttpResponseProcessor;
import com.zhihu.android.bumblebee.http.StethoHelper;
import com.zhihu.android.bumblebee.http.builder.MultipartFormDataContentBuilder;
import com.zhihu.android.bumblebee.http.parser.PartInfoParser;
import com.zhihu.android.bumblebee.listener.HandshakeListener;
import com.zhihu.android.bumblebee.listener.RequestListener;
import com.zhihu.android.cloudid.CloudIDHelper;
import com.zhihu.android.data.analytics.ZhihuAnalytics;
import com.zhihu.android.sdk.launchad.utils.XSugerUtils;
import com.zhihu.za.proto.MonitorEventInfo;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.nio.charset.Charset;
import java.security.KeyFactory;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.Signature;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.spec.X509EncodedKeySpec;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Locale;
import okhttp3.CertificatePinner;

/* loaded from: classes3.dex */
public class BumblebeeInitializer implements HttpRequestInitializer, BumblebeeResponseHandler, Dns, HttpResponseProcessor, HandshakeListener {
    private Bumblebee mBumblebee;
    private Context mContext;
    private Handler mHandler;
    private static final IAccessMethod sOAuthAccessMethod = OAuthToken.authorizationHeaderAccessMethod();
    private static final IAccessMethod sBearerAccessMethod = BearerToken.authorizationHeaderAccessMethod();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes3.dex */
    public static class InstanceHolder {
        static final BumblebeeInitializer INSTANCE = new BumblebeeInitializer();
    }

    public static BumblebeeInitializer getDefaultInstance() {
        return InstanceHolder.INSTANCE;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public String[] getPins(Certificates certificates) {
        if (certificates == null || certificates.certificates == null || certificates.certificates.size() <= 0) {
            return null;
        }
        ArrayList arrayList = new ArrayList();
        for (Certificates.Certificate certificate : certificates.certificates) {
            if (verify(certificate.data.getBytes(), certificate.sign)) {
                try {
                    arrayList.add(CertificatePinner.pin(CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(certificate.data.getBytes()))));
                } catch (CertificateException e) {
                }
            }
        }
        return (String[]) arrayList.toArray(new String[arrayList.size()]);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void handleSafetyAlert(BumblebeeException bumblebeeException) {
        final ApiError from = ApiError.from(bumblebeeException);
        if ((from.getCode() == 4039 || from.getCode() == 40310 || from.getCode() == 40352 || from.getCode() == 40351 || from.getCode() == 40350) && !SafetyLock.getInstance().isLocked()) {
            if (this.mHandler == null) {
                this.mHandler = new Handler(Looper.getMainLooper());
            }
            this.mHandler.post(new Runnable() { // from class: com.zhihu.android.app.BumblebeeInitializer.5
                @Override // java.lang.Runnable
                public void run() {
                    RxBus.getInstance().post(new AccountSafetyAlertEvent(from.getCode(), from.getMessage()));
                }
            });
        }
    }

    private void handleUnauthorized(final int i) {
        if (this.mHandler == null) {
            this.mHandler = new Handler(Looper.getMainLooper());
        }
        this.mHandler.post(new Runnable() { // from class: com.zhihu.android.app.BumblebeeInitializer.4
            @Override // java.lang.Runnable
            public void run() {
                RxBus.getInstance().post(new UnauthorizedEvent(i));
            }
        });
    }

    private Certificates readCertificates() {
        String certificates = PreferenceHelper.getCertificates(this.mContext);
        if (!TextUtils.isEmpty(certificates)) {
            try {
                return (Certificates) JsonUtils.readValue(certificates, Certificates.class);
            } catch (IllegalArgumentException e) {
            }
        }
        return null;
    }

    private String sha256Hex(String str) {
        try {
            return new String(encodeHex(MessageDigest.getInstance("SHA-256").digest(str.getBytes(Charset.forName("UTF-8"))), new char[]{'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f'}));
        } catch (NoSuchAlgorithmException e) {
            return "";
        }
    }

    private static boolean verify(byte[] bArr, String str) {
        try {
            PublicKey generatePublic = KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(Base64.decode("MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCSSI7hPaC1PaCa9voUFfkMsmyMreAGpy5wjm/9Np2Ael4HyEyXZ0YAjptheBA9YhAfFfjn7ZuHfmptN3yGKeF5JoDZAwC0yY0AWz95tSie8IZ4fUFxsxSMAkUrW6vijFuwQwvDGCygDu4TlYIIZ1WiV/W8lEJr+7rFSFAjKmVynQIDAQAB", 0)));
            Signature signature = Signature.getInstance("SHA1withRSA");
            signature.initVerify(generatePublic);
            signature.update(bArr);
            return signature.verify(Base64.decode(str, 0));
        } catch (Exception e) {
            return false;
        }
    }

    private static boolean verifyCertificates(Certificates certificates) {
        if (certificates.certificates != null && certificates.certificates.size() > 0) {
            for (Certificates.Certificate certificate : certificates.certificates) {
                if (!verify(certificate.data.getBytes(), certificate.sign)) {
                    return false;
                }
            }
        }
        return true;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void writeCertificates(Certificates certificates) {
        if (verifyCertificates(certificates)) {
            try {
                PreferenceHelper.setCertificates(this.mContext, JsonUtils.writeValueAsString(certificates));
            } catch (IOException e) {
            }
        }
    }

    protected char[] encodeHex(byte[] bArr, char[] cArr) {
        int length = bArr.length;
        char[] cArr2 = new char[length << 1];
        int i = 0;
        for (int i2 = 0; i2 < length; i2++) {
            int i3 = i + 1;
            cArr2[i] = cArr[(bArr[i2] & 240) >>> 4];
            i = i3 + 1;
            cArr2[i3] = cArr[bArr[i2] & 15];
        }
        return cArr2;
    }

    public Bumblebee getBumblebee() {
        return this.mBumblebee;
    }

    @Override // com.zhihu.android.bumblebee.http.BumblebeeResponseHandler
    public void handleBumblebeeResponse(BumblebeeResponse bumblebeeResponse) {
        ZAAPIMonitorHandler.getInstance().handleBumblebeeResponse(bumblebeeResponse);
    }

    public void initialize(Context context) throws Exception {
        this.mContext = context.getApplicationContext();
        this.mBumblebee = new Bumblebee(context);
        if (!BuildConfigHelper.isPublic()) {
            StethoHelper.enableStetho(context.getApplicationContext(), this.mBumblebee);
        }
        this.mBumblebee.setHandshakeListener(this);
        this.mBumblebee.setBumblebeeResponseHandler(this);
        if (PreferenceHelper.isHttpDNSOn(context)) {
            this.mBumblebee.setDns(this);
        }
        Certificates readCertificates = readCertificates();
        String[] pins = getPins(readCertificates);
        if (pins == null || pins.length <= 0) {
            this.mBumblebee.addSecurityPins(WalletService.class, InternalCertificates.HPKP);
        } else {
            this.mBumblebee.addSecurityPins(WalletService.class, pins);
        }
        this.mBumblebee.addHttpContent(MultipartFormDataContent.class, Collections.singletonList(PartInfoParser.class), new MultipartFormDataContentBuilder());
        this.mBumblebee.setBumblebeeExceptionHandler(new BumblebeeExceptionHandler() { // from class: com.zhihu.android.app.BumblebeeInitializer.1
            @Override // com.zhihu.android.bumblebee.http.BumblebeeExceptionHandler
            public void handleBumblebeeException(BumblebeeException bumblebeeException) {
                Debug.e("BumblebeeException", bumblebeeException.getMessage());
                CrashlyticsLogUtils.logError(bumblebeeException);
                ZAAPIMonitorHandler.getInstance().handleBumblebeeException(bumblebeeException);
                BumblebeeInitializer.this.handleSafetyAlert(bumblebeeException);
            }
        });
        DebugSettings.initBumblebee(this.mContext, this.mBumblebee);
        ((CertificateService) this.mBumblebee.create(CertificateService.class, this, this)).getCertificates(readCertificates != null ? readCertificates.version : 1, new RequestListener<Certificates>() { // from class: com.zhihu.android.app.BumblebeeInitializer.2
            @Override // com.zhihu.android.bumblebee.listener.RequestListener
            public void onRequestFailure(BumblebeeException bumblebeeException) {
            }

            @Override // com.zhihu.android.bumblebee.listener.RequestListener
            public void onRequestSuccess(Certificates certificates) {
                BumblebeeInitializer.this.writeCertificates(certificates);
                String[] pins2 = BumblebeeInitializer.this.getPins(certificates);
                if (pins2 == null || pins2.length <= 0) {
                    BumblebeeInitializer.this.mBumblebee.addSecurityPins(WalletService.class, InternalCertificates.HPKP);
                } else {
                    BumblebeeInitializer.this.mBumblebee.addSecurityPins(WalletService.class, pins2);
                }
            }
        });
    }

    @Override // com.google.api.client.http.HttpRequestInitializer
    public void initialize(HttpRequest httpRequest) throws IOException {
        httpRequest.setConnectTimeout(10000);
        httpRequest.setReadTimeout(30000);
        httpRequest.getHeaders().setUserAgent(UserAgentHelper.build(this.mContext));
        if (httpRequest.getHeaders().get("x-api-version") == null) {
            httpRequest.getHeaders().put("x-api-version", (Object) AppInfo.apiVersion());
        }
        if (httpRequest.getHeaders().get(AppView.HEADER_X_APP_VERSION) == null) {
            httpRequest.getHeaders().put(AppView.HEADER_X_APP_VERSION, (Object) AppInfo.versionName());
        }
        if (httpRequest.getHeaders().get(AppView.HEADER_X_APP_ZA) == null) {
            httpRequest.getHeaders().put(AppView.HEADER_X_APP_ZA, (Object) AppInfo.buildAppInfo());
        }
        if (httpRequest.getHeaders().get(AppView.HEADER_X_APP_BUILD) == null) {
            httpRequest.getHeaders().put(AppView.HEADER_X_APP_BUILD, (Object) AppInfo.getAppBuild());
        }
        if (httpRequest.getHeaders().get(AppView.HEADER_X_NETWORK_TYPE) == null) {
            httpRequest.getHeaders().put(AppView.HEADER_X_NETWORK_TYPE, (Object) AppInfo.buildNetworkTypeInfo());
        }
        if (!TextUtils.isEmpty(AdPreviewUtils.getAdPreviewUrl())) {
            httpRequest.getHeaders().put("x-ad-preview", (Object) AdPreviewUtils.getAdPreviewUrl());
        }
        XSugerUtils.setXSuger(this.mContext, httpRequest);
        DebugSettings.interactRequest(httpRequest);
        if (!TextUtils.isEmpty(CloudIDHelper.getInstance().getCloudId(this.mContext))) {
            httpRequest.getHeaders().put(AppView.HEADER_X_UDID, (Object) CloudIDHelper.getInstance().getCloudId(this.mContext));
        }
        if (TextUtils.isEmpty(httpRequest.getHeaders().getAuthorization())) {
            if (AccountManager.getInstance().hasAccount()) {
                sBearerAccessMethod.intercept(httpRequest, AccountManager.getInstance().getCurrentAccount().getAccessToken());
            } else {
                sOAuthAccessMethod.intercept(httpRequest, "8d5227e0aaaa4797a763ac64e0c3b8");
            }
        }
        CookieHandler.getInstance().initialize(httpRequest);
        httpRequest.setUnsuccessfulResponseHandler(new HttpUnsuccessfulResponseHandler() { // from class: com.zhihu.android.app.BumblebeeInitializer.3
            @Override // com.google.api.client.http.HttpUnsuccessfulResponseHandler
            public boolean handleResponse(HttpRequest httpRequest2, HttpResponse httpResponse, boolean z) throws IOException {
                List<String> authorizationAsList = httpRequest2.getHeaders().getAuthorizationAsList();
                if (!httpRequest2.handleRedirect(httpResponse.getStatusCode(), httpResponse.getHeaders())) {
                    return false;
                }
                if (httpRequest2.getUrl().build().matches("https?://([0-9a-zA-Z][0-9a-zA-Z_\\-\\.]*\\.)?zhihu\\.com(/?|/.*)")) {
                    httpRequest2.getHeaders().setAuthorization(authorizationAsList);
                }
                return true;
            }
        });
    }

    @Override // com.zhihu.android.bumblebee.http.Dns
    public List<InetAddress> lookup(String str) throws UnknownHostException {
        return ZhihuDnsService.getDefaultInstance().lookup(str);
    }

    @Override // com.zhihu.android.bumblebee.listener.HandshakeListener
    public boolean onInterceptSSLPeerUnverified(List<Certificate> list) {
        HashMap hashMap = new HashMap();
        for (int i = 0; i < list.size(); i++) {
            try {
                hashMap.put(String.format(Locale.getDefault(), "data%d", Integer.valueOf(i)), Base64.encodeToString(list.get(i).getEncoded(), 0));
            } catch (CertificateEncodingException e) {
            }
        }
        ZhihuAnalytics.getInstance().recordMonitorEvent(null, null, new ZhihuAnalytics.MonitorEventExtraInfo(MonitorEventInfo.EventType.SecurityError, "HttpsError", hashMap));
        return true;
    }

    @Override // com.zhihu.android.bumblebee.http.HttpResponseProcessor
    public void processor(HttpResponse httpResponse) throws IOException {
        CookieHandler.getInstance().processor(httpResponse);
        if (httpResponse.getRequest().getUrl().getHost().equals("api.zhihu.com")) {
            String authorization = httpResponse.getRequest().getHeaders().getAuthorization();
            String firstHeaderStringValue = httpResponse.getRequest().getHeaders().getFirstHeaderStringValue(AppView.HEADER_X_UDID);
            String firstHeaderStringValue2 = httpResponse.getHeaders().getFirstHeaderStringValue("X-RSP-HASH");
            if (!TextUtils.isEmpty(authorization) && !TextUtils.isEmpty(firstHeaderStringValue) && !TextUtils.isEmpty(firstHeaderStringValue2) && !firstHeaderStringValue2.equals(sha256Hex(authorization + firstHeaderStringValue))) {
                throw new IOException("hash not match[" + httpResponse.getRequest().getUrl().build() + "]");
            }
        }
        ZAExperimentHandler.getInstance().processor(httpResponse);
        ZAAPIMonitorHandler.getInstance().processor(httpResponse);
        if (AccountManager.getInstance().hasAccount()) {
            if ((401 == httpResponse.getStatusCode() || PreferenceHelper.getTokenUpdateTime(this.mContext) < System.currentTimeMillis()) && !UnauthorizeLock.getInstance().isLocked()) {
                handleUnauthorized(httpResponse.getStatusCode());
            }
        }
    }
}
