package com.tuya.smart.android.network.http.pin;

import android.text.TextUtils;
import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson.JSONObject;
import com.tuya.sdk.core.PluginManager;
import com.tuya.smart.android.common.utils.Base64;
import com.tuya.smart.android.common.utils.L;
import com.tuya.smart.android.network.TuyaSmartNetWork;
import com.tuya.smart.android.network.http.dns.TuyaOKHttpDNS;
import com.tuya.smart.android.network.http.dns.stat.DnsStatConstant;
import com.tuya.smart.android.network.manager.TuyaNetworkSecurityManager;
import com.tuya.smart.android.network.quic.ITuyaQuicPlugin;
import com.tuya.smart.android.network.quic.QuicUtil;
import com.tuya.smart.android.network.request.TuyaSmartNetWorkExecutorManager;
import com.tuya.smart.android.network.util.AESCTRUtil;
import com.tuya.smart.android.network.util.ECDHEngine;
import com.tuya.smart.interior.log.ITuyaLogPlugin;
import com.tuya.smart.sdk.api.ITemporaryCallBack;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import okhttp3.CertificatePinner;
import okhttp3.HttpUrl;
import okhttp3.MediaType;
import okhttp3.Request;
import okhttp3.RequestBody;
import okhttp3.Response;
import okhttp3.ResponseBody;

/* loaded from: classes4.dex */
public class CertPinRefresher {
    public static final String DNS_V2_ERROR_LOG = "ty_ro12emzon5k2iksfbyj2aofdyysftb3m";
    public static final String H2_DNS_ERROR_CODE = "TYNotificationNameCerCheckFailed";
    public static final short MAX_REQUEST_TIMES = 3;
    public static final String TAG = "CertPinRefresher";
    public static volatile CertPinRefresher instance = null;
    public static volatile boolean refreshedCerts = false;
    public static volatile short requestCertsCount;

    /* loaded from: classes4.dex */
    public interface IResultCallback {
        void onError(String str);

        void onSuccess();
    }

    public static /* synthetic */ short access$108() {
        short s = requestCertsCount;
        requestCertsCount = (short) (s + 1);
        return s;
    }

    private String decryptData(ECDHEngine.KeyEntity keyEntity, JSONObject jSONObject) {
        String string = jSONObject.getString("pubKey");
        return AESCTRUtil.decrypt(Base64.decodeBase64(ECDHEngine.hmacSha256(ECDHEngine.ecdhKey(keyEntity.ecdhPrivateKey, string), Base64.decodeBase64(string.getBytes()), true).getBytes()), jSONObject.getString("data"));
    }

    public static CertPinRefresher getInstance() {
        if (instance == null) {
            synchronized (CertPinRefresher.class) {
                if (instance == null) {
                    instance = new CertPinRefresher();
                }
            }
        }
        return instance;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void requestCerts(IResultCallback iResultCallback) {
        String str;
        L.d(TAG, "requestCerts");
        try {
            ECDHEngine.KeyEntity generateKeyPair = ECDHEngine.generateKeyPair(ECDHEngine.SECP_256);
            JSONObject jSONObject = new JSONObject();
            jSONObject.put("os", (Object) "android");
            jSONObject.put("sdkVersion", (Object) TuyaSmartNetWork.mSdkVersion);
            jSONObject.put("isSdk", (Object) Boolean.valueOf(TuyaSmartNetWork.mSdk));
            jSONObject.put("pubKey", (Object) generateKeyPair.ecdhPublicKey);
            Request.Builder post = new Request.Builder().post(RequestBody.create(MediaType.parse("application/json; charset=utf-8"), jSONObject.toJSONString()));
            String dNSQueryHost = TuyaSmartNetWork.getDNSQueryHost();
            if (TextUtils.isEmpty(dNSQueryHost)) {
                iResultCallback.onError("dns server url is null");
                return;
            }
            post.url(dNSQueryHost + "/v2/certs_query");
            Response execute = TuyaSmartNetWork.newH1OkHttpClient().newCall(post.build()).execute();
            ResponseBody body = execute.body();
            if (body != null) {
                String string = body.string();
                if (TextUtils.isEmpty(string)) {
                    str = "h1 dns server error";
                } else {
                    JSONObject parseObject = JSON.parseObject(string);
                    Boolean bool = parseObject.getBoolean("success");
                    if (bool == null || !bool.booleanValue()) {
                        str = "server response not success. status : " + parseObject.get("status");
                    } else {
                        JSONObject jSONObject2 = parseObject.getJSONObject("result");
                        if (jSONObject2 != null && jSONObject2.size() > 0) {
                            TuyaCertificatePinner.saveCersToCache(decryptData(generateKeyPair, jSONObject2));
                            if (iResultCallback != null) {
                                iResultCallback.onSuccess();
                                return;
                            }
                            return;
                        }
                        str = "parse to CersBeanList fail!";
                    }
                }
            } else {
                str = "certs is empty!";
            }
            if (iResultCallback != null) {
                iResultCallback.onError(str);
            }
            requestCertsDns2(iResultCallback);
            recordLog(dNSQueryHost, execute.code() + "", execute.message());
        } catch (Throwable th) {
            L.e(TAG, "requestCerts failed: ", th);
            iResultCallback.onError(th.getMessage());
            requestCertsDns2(iResultCallback);
        }
    }

    private void requestCertsDns2(IResultCallback iResultCallback) {
        String str;
        L.d(TAG, "requestCertsDns2");
        try {
            ECDHEngine.KeyEntity generateKeyPair = ECDHEngine.generateKeyPair(ECDHEngine.SECP_256);
            JSONObject jSONObject = new JSONObject();
            jSONObject.put("os", (Object) "android");
            jSONObject.put("sdkVersion", (Object) TuyaSmartNetWork.mSdkVersion);
            jSONObject.put("isSdk", (Object) Boolean.valueOf(TuyaSmartNetWork.mSdk));
            jSONObject.put("pubKey", (Object) generateKeyPair.ecdhPublicKey);
            Request.Builder post = new Request.Builder().post(RequestBody.create(MediaType.parse("application/json; charset=utf-8"), jSONObject.toJSONString()));
            String dNS2QueryHost = TuyaSmartNetWork.getDNS2QueryHost();
            if (TextUtils.isEmpty(dNS2QueryHost)) {
                if (iResultCallback != null) {
                    iResultCallback.onError("dns server url is null");
                    return;
                }
                return;
            }
            post.url(dNS2QueryHost + "/v2/certs_query");
            ResponseBody body = TuyaSmartNetWork.newH2OkHttpClient(dNS2QueryHost).newCall(post.build()).execute().body();
            if (body != null) {
                String string = body.string();
                if (TextUtils.isEmpty(string)) {
                    str = "h2 dns server error";
                } else {
                    JSONObject parseObject = JSON.parseObject(string);
                    Boolean bool = parseObject.getBoolean("success");
                    if (bool == null || !bool.booleanValue()) {
                        str = "server response not success. status : " + parseObject.get("status");
                    } else {
                        JSONObject jSONObject2 = parseObject.getJSONObject("result");
                        if (jSONObject2 != null && jSONObject2.size() > 0) {
                            TuyaCertificatePinner.saveCersToCache(decryptData(generateKeyPair, jSONObject2));
                            if (iResultCallback != null) {
                                iResultCallback.onSuccess();
                                return;
                            }
                            return;
                        }
                        str = "parse to CersBeanList fail!";
                    }
                }
            } else {
                str = "certs is empty!";
            }
            if (iResultCallback != null) {
                iResultCallback.onError(str);
            }
            setDnsV2ErrorCallback(dNS2QueryHost, str);
        } catch (Throwable th) {
            L.e(TAG, "requestCertsDns2 failed: ", th);
            if (iResultCallback != null) {
                iResultCallback.onError(th.getMessage());
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void statRefreshCerts(int i) {
        ITuyaLogPlugin iTuyaLogPlugin = (ITuyaLogPlugin) PluginManager.service(ITuyaLogPlugin.class);
        if (iTuyaLogPlugin != null) {
            try {
                HashMap hashMap = new HashMap();
                hashMap.put("type", Integer.valueOf(i));
                iTuyaLogPlugin.temporaryEvent(DnsStatConstant.TY_EVENT_SSL_PINNING, "ssl_pinning", hashMap, 30, new ITemporaryCallBack() { // from class: com.tuya.smart.android.network.http.pin.CertPinRefresher.2
                    @Override // com.tuya.smart.sdk.api.ITemporaryCallBack
                    public List<Map<String, Object>> onHandler(String str, String str2, List<Map<String, Object>> list) {
                        ArrayList arrayList = new ArrayList();
                        HashMap hashMap2 = new HashMap();
                        hashMap2.put("datas", list);
                        arrayList.add(hashMap2);
                        return arrayList;
                    }
                });
                L.d(TAG, "stat TY_LOG_EVENT_DNS_FAILURE");
            } catch (Exception e) {
                e.printStackTrace();
            }
        }
    }

    public void recordLog(String str, String str2, String str3) {
        ITuyaLogPlugin iTuyaLogPlugin = (ITuyaLogPlugin) PluginManager.service(ITuyaLogPlugin.class);
        if (iTuyaLogPlugin != null) {
            if (!TuyaSmartNetWork.getPerformanceLogSwitch()) {
                L.d(TAG, "log switch disable");
                return;
            }
            HashMap hashMap = new HashMap();
            hashMap.put("V2DnsUrl", str);
            hashMap.put("errorCode", str2);
            hashMap.put("errorMsg", str3);
            L.d(TAG, "recordLog v2 error");
            iTuyaLogPlugin.event(DNS_V2_ERROR_LOG, hashMap);
        }
    }

    public synchronized void refreshCerts() {
        if (refreshedCerts) {
            L.d(TAG, "refreshCerts refreshed Certs");
        } else if (refreshedCerts || requestCertsCount <= 3) {
            TuyaSmartNetWorkExecutorManager.getBusinessExecutor().execute(new Runnable() { // from class: com.tuya.smart.android.network.http.pin.CertPinRefresher.1
                @Override // java.lang.Runnable
                public void run() {
                    CertPinRefresher.this.requestCerts(new IResultCallback() { // from class: com.tuya.smart.android.network.http.pin.CertPinRefresher.1.1
                        @Override // com.tuya.smart.android.network.http.pin.CertPinRefresher.IResultCallback
                        public void onError(String str) {
                            CertPinRefresher.this.statRefreshCerts(6);
                            L.e(CertPinRefresher.TAG, "getCertsFailure : " + str);
                            CertPinRefresher.access$108();
                        }

                        @Override // com.tuya.smart.android.network.http.pin.CertPinRefresher.IResultCallback
                        public void onSuccess() {
                            ITuyaQuicPlugin iTuyaQuicPlugin;
                            try {
                                CertPinRefresher.this.statRefreshCerts(5);
                                boolean unused = CertPinRefresher.refreshedCerts = true;
                                CertificatePinner createPinner = new TuyaCertificatePinner().createPinner();
                                if (createPinner == null) {
                                    L.i(CertPinRefresher.TAG, "builder do not set certificatePinner!");
                                    return;
                                }
                                L.d(CertPinRefresher.TAG, "builder.certificatePinner");
                                TuyaSmartNetWork.setOkHttpClient(TuyaSmartNetWork.getOkHttpClient().newBuilder().certificatePinner(createPinner).build());
                                if (!QuicUtil.canUseHttpQuic() || (iTuyaQuicPlugin = (ITuyaQuicPlugin) PluginManager.service(ITuyaQuicPlugin.class)) == null) {
                                    return;
                                }
                                HttpUrl parse = HttpUrl.parse(TuyaSmartNetWork.getQuicApiUrl());
                                iTuyaQuicPlugin.getTuyaSmartQuicManager().recreateCronetEngine(TuyaSmartNetWork.getAppContext(), parse == null ? "" : parse.host(), TuyaOKHttpDNS.getInstance(), TuyaCertificatePinner.createPublicKeyPins());
                            } catch (Throwable th) {
                                L.e(CertPinRefresher.TAG, "builder certificate failed: ", th);
                            }
                        }
                    });
                }
            });
        } else {
            L.d(TAG, "refreshCerts have not refreshed Certs,but requestCertsCount is more than MAX_REQUEST_TIMES times");
        }
    }

    public void setDnsV2ErrorCallback(String str, String str2) {
        recordLog(str, H2_DNS_ERROR_CODE, str2);
        if (TuyaNetworkSecurityManager.getInstance().getTuyaNetworkSecurityCallback() != null) {
            TuyaNetworkSecurityManager.getInstance().getTuyaNetworkSecurityCallback().error(H2_DNS_ERROR_CODE, str2);
        }
    }
}
