package com.sankuai.meituan.tte;

import android.support.annotation.NonNull;
import android.support.annotation.VisibleForTesting;
import android.util.Pair;
import com.dianping.prenetwork.Error;
import com.meituan.android.common.statistics.LXConstants;
import com.meituan.android.common.unionid.oneid.util.DeviceInfo;
import com.meituan.msc.modules.engine.requestPrefetch.PrefetchConfig;
import com.sankuai.meituan.tte.TTE;
import com.sankuai.meituan.tte.i;
import com.sankuai.meituan.tte.v;
import com.sankuai.waimai.monitor.model.ErrorCode;
import java.io.IOException;
import java.io.OutputStream;
import java.net.HttpURLConnection;
import java.net.URL;
import java.security.InvalidKeyException;
import java.security.SignatureException;
import java.util.Arrays;
import java.util.List;
import java.util.concurrent.Callable;
import java.util.concurrent.ScheduledExecutorService;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicInteger;
import org.json.JSONException;
import org.json.JSONObject;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes4.dex */
public class TKeyAgreement {
    private final TTE.d a;
    private final i b;
    private final String c;
    private final u d;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes4.dex */
    public static class HttpStatusException extends IOException {
        public final int code;

        public HttpStatusException(String str, int i) {
            super(str);
            this.code = i;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes4.dex */
    public class a implements Runnable {
        final /* synthetic */ AtomicInteger a;
        final /* synthetic */ o b;

        a(AtomicInteger atomicInteger, o oVar) {
            this.a = atomicInteger;
            this.b = oVar;
        }

        @Override // java.lang.Runnable
        public void run() {
            int andIncrement = this.a.getAndIncrement();
            v.b c = v.c("tte.keyAgreement.finalResult", "keyAgreement");
            v.d(c);
            try {
                try {
                    l c2 = TKeyAgreement.this.c();
                    c.complete();
                    this.b.onResult(c2);
                } finally {
                    v.d(null);
                }
            } catch (IOException e) {
                e e2 = e.e(TTE.d());
                if (andIncrement < e2.i()) {
                    TKeyAgreement.this.e().schedule(this, e2.k(), TimeUnit.MILLISECONDS);
                }
            } finally {
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: classes4.dex */
    public class b implements Callable<Boolean> {
        final /* synthetic */ l a;

        b(l lVar) {
            this.a = lVar;
        }

        @Override // java.util.concurrent.Callable
        /* renamed from: a, reason: merged with bridge method [inline-methods] */
        public Boolean call() throws Exception {
            return Boolean.valueOf(TKeyAgreement.this.i(this.a, false));
        }
    }

    public TKeyAgreement(TTE.d dVar) {
        this.a = dVar;
        TTE.CipherSuite cipherSuite = dVar.b;
        TTE.CipherSuite cipherSuite2 = TTE.CipherSuite.SM;
        this.b = cipherSuite == cipherSuite2 ? k.i(dVar.a) : j.d(dVar.a);
        this.c = (dVar.a == TTE.Env.PROD ? "https://tte.meituan.com" : "https://tte.inf.test.sankuai.com") + (dVar.b == cipherSuite2 ? "/api/v1/tte/gmt" : "/api/v1/tte/fips");
        this.d = new u("TKeyAgreement", dVar.b());
    }

    private l a(byte[] bArr, byte[] bArr2) throws Exception {
        if (bArr == null || bArr.length == 0 || bArr2 == null) {
            throw new IllegalArgumentException("tempDK is null");
        }
        String[] split = new String(this.b.a(bArr, bArr2)).split("###");
        if (split.length != 2) {
            throw new InvalidKeyException("wrong key format");
        }
        byte[] b2 = w.b(split[0]);
        if (b2 == null || b2.length == 0) {
            throw new InvalidKeyException("dk is null");
        }
        byte[] b3 = w.b(split[1]);
        if (b3 == null || b3.length == 0) {
            throw new InvalidKeyException("edk is null");
        }
        TTE.d dVar = this.a;
        l lVar = new l(dVar.a, dVar.b.dataCipher, b2, b3);
        lVar.e = System.currentTimeMillis();
        return lVar;
    }

    private boolean k(byte[] bArr, byte[] bArr2, byte[] bArr3, byte[] bArr4) throws Exception {
        try {
            return this.b.b(w.e(bArr, bArr2, bArr3), bArr4);
        } catch (Throwable th) {
            this.d.f("verify signature failed", th);
            return false;
        }
    }

    @NonNull
    l b() throws Exception {
        v.b a2 = v.a();
        if (a2 == null) {
            a2 = v.c;
        }
        try {
            a2.a("algo", this.b.name());
            a2.a("bizCode", Error.NO_PREFETCH);
            a2.a("httpCode", Error.NO_PREFETCH);
            a2.a("code", "0");
            try {
                try {
                    i.a c = this.b.c();
                    try {
                        JSONObject jSONObject = new JSONObject();
                        jSONObject.put("protVer", 1);
                        jSONObject.put("serKeyVer", 1);
                        jSONObject.put("cliKeyVer", 1);
                        jSONObject.put("cliTempPubKey", w.c(c.B()));
                        jSONObject.put("otherData", new JSONObject().put("platform", LXConstants.CLIENT_TYPE).put("appId", "" + w.a()).put("uuid", w.k()));
                        byte[] bytes = jSONObject.toString().getBytes();
                        try {
                            JSONObject g = g(this.c + "/ka", bytes);
                            this.d.a("resp: " + g);
                            a2.a("httpCode", "200");
                            int optInt = g.optInt("code");
                            a2.a("bizCode", String.valueOf(optInt));
                            if (optInt != 200) {
                                a2.a("code", "1");
                                throw new IOException("api exception, status code: " + optInt + ", msg:" + g.optString("msg", ""));
                            }
                            try {
                                JSONObject jSONObject2 = g.getJSONObject("data");
                                byte[] b2 = w.b(jSONObject2.getString("serTempPubKey"));
                                byte[] b3 = w.b(jSONObject2.getString("keyCipher"));
                                if (!k(bytes, b2, b3, w.b(jSONObject2.getString(DeviceInfo.SIGN)))) {
                                    a2.a("code", "1002");
                                    throw new SignatureException("invalid signature");
                                }
                                try {
                                    byte[] H = c.H(b2);
                                    this.d.e("tempDK: " + w.c(H));
                                    try {
                                        l a3 = a(b3, H);
                                        w.d(c);
                                        return a3;
                                    } catch (Exception e) {
                                        a2.a("code", "1003");
                                        throw e;
                                    }
                                } catch (Exception e2) {
                                    a2.a("code", ErrorCode.ERROR_CODE_OKHTTP_EXCEPTION);
                                    throw e2;
                                }
                            } catch (Exception e3) {
                                a2.a("code", "1008");
                                throw e3;
                            }
                        } catch (HttpStatusException e4) {
                            a2.a("httpCode", String.valueOf(e4.code));
                            a2.a("code", "2");
                            throw e4;
                        } catch (Exception e5) {
                            a2.a("code", "2");
                            throw e5;
                        }
                    } catch (Exception e6) {
                        a2.a("code", "1009");
                        throw e6;
                    }
                } catch (Exception e7) {
                    a2.a("code", "1004");
                    throw e7;
                }
            } catch (Throwable th) {
                w.d(null);
                throw th;
            }
        } finally {
            a2.stop();
        }
    }

    @NonNull
    l c() throws Exception {
        l b2 = b();
        this.d.a("result: " + b2);
        if (!h(b2)) {
            throw new InvalidKeyException("verify key failed");
        }
        b2.h.set(true);
        return b2;
    }

    public void d(o<l> oVar) {
        e().execute(new a(new AtomicInteger(0), oVar));
    }

    @VisibleForTesting
    protected ScheduledExecutorService e() {
        return g.b();
    }

    @VisibleForTesting
    protected byte[] f(String str, List<Pair<String, String>> list, byte[] bArr) throws IOException {
        this.d.e("post[" + str + "] => " + new String(bArr));
        HttpURLConnection httpURLConnection = (HttpURLConnection) com.meituan.metrics.traffic.hurl.b.b(new URL(str).openConnection());
        httpURLConnection.setConnectTimeout(15000);
        httpURLConnection.setReadTimeout(15000);
        httpURLConnection.setRequestMethod("POST");
        httpURLConnection.setDoOutput(true);
        if (list != null) {
            for (Pair<String, String> pair : list) {
                httpURLConnection.addRequestProperty((String) pair.first, (String) pair.second);
            }
        }
        OutputStream outputStream = null;
        try {
            outputStream = httpURLConnection.getOutputStream();
            outputStream.write(bArr);
            w.d(outputStream);
            int responseCode = httpURLConnection.getResponseCode();
            this.d.a("post[" + str + "] <= " + responseCode);
            if (responseCode / 100 == 2) {
                return w.j(httpURLConnection.getInputStream());
            }
            throw new HttpStatusException(httpURLConnection.getResponseMessage(), responseCode);
        } catch (Throwable th) {
            w.d(outputStream);
            throw th;
        }
    }

    protected JSONObject g(String str, byte[] bArr) throws IOException, JSONException {
        return new JSONObject(new String(f(str, Arrays.asList(new Pair("Content-Type", PrefetchConfig.PREFETCH_POST_CONTENT_TYPE_JSON)), bArr)));
    }

    boolean h(l lVar) {
        return i(lVar, true);
    }

    boolean i(l lVar, boolean z) {
        q d;
        String str;
        byte[] bytes;
        if (e.e(TTE.d()).a(this.a.b).m()) {
            this.d.a("verifyKey: disable");
            return true;
        }
        v.b c = v.c("tte.keyVerify.result", "keyVerify");
        try {
            c.a("algo", this.b.name());
            c.a("type", z ? "2" : "1");
            c.a("bizCode", Error.NO_PREFETCH);
            c.a("httpCode", Error.NO_PREFETCH);
            c.a("code", "0");
            try {
                try {
                    try {
                        try {
                            d = lVar.b.d();
                            str = this.c + "/verify";
                            bytes = "Client Hello".getBytes();
                        } catch (IOException e) {
                            this.d.f("verifyKey", e);
                        }
                    } catch (JSONException e2) {
                        c.a("code", "1003");
                        this.d.f("verifyKey", e2);
                    }
                } catch (Throwable th) {
                    c.a("code", "1100");
                    this.d.b("verifyKey", th);
                }
            } catch (CipherException e3) {
                this.d.b("verifyKey", e3);
                if (e3.a() == -10100) {
                    c.a("code", "1004");
                    c.complete();
                    return false;
                }
                c.a("code", "1005");
            }
            try {
                JSONObject g = g(str, new JSONObject().put("cipher", w.c(d.b(bytes, lVar.c))).put("edk", w.c(lVar.d)).toString().getBytes());
                c.a("httpCode", "200");
                int i = g.getInt("code");
                c.a("bizCode", "" + i);
                if (i == 200) {
                    if (!Arrays.equals(d.a(w.b(g.getJSONObject("data").getString("serCipher")), lVar.c), bytes)) {
                        c.a("code", ErrorCode.ERROR_CODE_OKHTTP_EXCEPTION);
                        this.d.b("verifyKey: dec error", null);
                        c.complete();
                        return false;
                    }
                    this.d.a("verifyKey: ok");
                    c.complete();
                    return true;
                }
                c.a("code", "1");
                this.d.b("verifyKey: code error, code=" + i + ", msg=" + g.optString("msg", ""), null);
                c.complete();
                return false;
            } catch (HttpStatusException e4) {
                c.a("httpCode", "" + e4.code);
                c.a("code", "2");
                throw e4;
            } catch (Exception e5) {
                c.a("code", "2");
                throw e5;
            }
        } catch (Throwable th2) {
            c.complete();
            throw th2;
        }
    }

    public void j(l lVar, o<Boolean> oVar) {
        g.a(new b(lVar), e(), oVar);
    }
}
