package com.meizu.statsapp.v3.lib.plugin.secure;

import android.content.Context;
import android.content.SharedPreferences;
import android.text.TextUtils;
import android.util.Base64;
import com.meizu.statsapp.v3.utils.CommonUtils;
import com.meizu.statsapp.v3.utils.log.Logger;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.net.MalformedURLException;
import java.net.ProtocolException;
import java.net.URL;
import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SignatureException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collection;
import java.util.UUID;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.SecretKeySpec;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.json.JSONException;
import org.json.JSONObject;

/* loaded from: classes.dex */
public class HttpKeyMgr {
    private static final String TAG = "HttpKeyMgr";
    private static HttpKeyMgr instance;
    private static final Object lock = new Object();
    private byte[] aKey;
    private byte[] aKey64;
    private X509Certificate cert;
    private Context mContext;
    private byte[] rKey;
    private byte[] rKey64;
    private byte[] sKey64;
    private SharedPreferences spCert;
    private SharedPreferences spKey;
    private final String PREFERENCE_HTTPKEY_FILE = "com.meizu.statsapp.v3.httpkey";
    private final String PREFERENCE_HTTPCERT_FILE = "com.meizu.statsapp.v3.httpcert";
    private long lastResetKeysTime = 0;

    private HttpKeyMgr(Context context) {
        this.mContext = context;
        this.spKey = context.getSharedPreferences("com.meizu.statsapp.v3.httpkey", 0);
        this.spCert = context.getSharedPreferences("com.meizu.statsapp.v3.httpcert", 0);
        loadKeys();
        byte[] bArr = this.rKey;
        if (bArr == null || (bArr != null && bArr.length == 0)) {
            initCert(this.mContext);
            if (this.cert != null) {
                generateKeys();
                return;
            } else {
                this.spKey.edit().clear().commit();
                this.spCert.edit().clear().commit();
                return;
            }
        }
        byte[] bArr2 = this.aKey;
        if (bArr2 == null || (bArr2 != null && bArr2.length == 0)) {
            initCert(this.mContext);
            if (this.cert != null) {
                generateAkey();
            }
        }
    }

    private void downloadAndInitCert() throws IOException {
        try {
            HttpsURLConnection httpsURLConnection = (HttpsURLConnection) new URL("https://uxip.meizu.com/api/v3/certificate").openConnection();
            httpsURLConnection.setDoInput(true);
            httpsURLConnection.setUseCaches(false);
            try {
                httpsURLConnection.setRequestMethod("GET");
            } catch (ProtocolException e) {
                e.printStackTrace();
            }
            try {
                httpsURLConnection.setRequestProperty("Charset", "UTF-8");
            } catch (Throwable th) {
                th.printStackTrace();
            }
            try {
                try {
                    Logger.d(TAG, "code = " + httpsURLConnection.getResponseCode());
                    InputStream inputStream = httpsURLConnection.getInputStream();
                    if (inputStream != null) {
                        String stringByInputStream = getStringByInputStream(inputStream);
                        Logger.d(TAG, "body = " + stringByInputStream);
                        try {
                            JSONObject jSONObject = new JSONObject(stringByInputStream);
                            if (jSONObject.getInt("code") == 200) {
                                JSONObject jSONObject2 = jSONObject.getJSONObject("value");
                                String string = jSONObject2.getString("certificate");
                                try {
                                    loadAvailableCertWithoutVerify(new ByteArrayInputStream(string.getBytes()));
                                    String string2 = jSONObject2.getString("version");
                                    SharedPreferences.Editor edit = this.spCert.edit();
                                    edit.putString("certificates", string);
                                    edit.putString("version", string2);
                                    edit.commit();
                                } catch (InvalidKeyException | NoSuchAlgorithmException | NoSuchProviderException | SignatureException | CertificateException unused) {
                                }
                            }
                        } catch (JSONException e2) {
                            e2.printStackTrace();
                        }
                    }
                    CommonUtils.closeQuietly(inputStream);
                    if (httpsURLConnection == null) {
                        return;
                    }
                } catch (Throwable th2) {
                    CommonUtils.closeQuietly(null);
                    if (httpsURLConnection != null) {
                        httpsURLConnection.disconnect();
                    }
                    throw th2;
                }
            } catch (IllegalStateException e3) {
                e3.printStackTrace();
                CommonUtils.closeQuietly(null);
                if (httpsURLConnection == null) {
                    return;
                }
            }
            httpsURLConnection.disconnect();
        } catch (MalformedURLException unused2) {
        }
    }

    private void generateAkey() {
        try {
            Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
            cipher.init(1, this.cert.getPublicKey());
            this.aKey = cipher.doFinal(this.rKey);
            this.aKey64 = Base64.encode(this.aKey, 2);
            Logger.d(TAG, "***** aKey64: " + new String(this.aKey64));
            SharedPreferences.Editor edit = this.spKey.edit();
            edit.putString("aKey64", new String(this.aKey64));
            edit.commit();
        } catch (InvalidKeyException e) {
            e.printStackTrace();
        } catch (NoSuchAlgorithmException e2) {
            e2.printStackTrace();
        } catch (BadPaddingException e3) {
            e3.printStackTrace();
        } catch (IllegalBlockSizeException e4) {
            e4.printStackTrace();
        } catch (NoSuchPaddingException e5) {
            e5.printStackTrace();
        }
    }

    private void generateKeys() {
        generateRkey();
        generateAkey();
    }

    private void generateRkey() {
        this.rKey = UUID.randomUUID().toString().substring(0, 16).getBytes();
        this.rKey64 = Base64.encode(this.rKey, 2);
        Logger.d(TAG, "***** rKey64: " + new String(this.rKey64));
        SharedPreferences.Editor edit = this.spKey.edit();
        edit.putString("rKey64", new String(this.rKey64));
        edit.commit();
    }

    public static HttpKeyMgr get() {
        HttpKeyMgr httpKeyMgr = instance;
        if (httpKeyMgr != null) {
            return httpKeyMgr;
        }
        throw new IllegalStateException("KeyMgr is not initialised - invoke at least once with parameterised init/get");
    }

    private String getBase64(byte[] bArr) {
        return (bArr == null || bArr.length <= 0) ? "" : new String(Base64.encode(bArr, 0));
    }

    private String getStringByInputStream(InputStream inputStream) {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        while (true) {
            try {
                int read = inputStream.read();
                if (read == -1) {
                    String byteArrayOutputStream2 = byteArrayOutputStream.toString();
                    CommonUtils.closeQuietly(byteArrayOutputStream);
                    return byteArrayOutputStream2;
                }
                byteArrayOutputStream.write(read);
            } catch (IOException unused) {
                CommonUtils.closeQuietly(byteArrayOutputStream);
                return null;
            } catch (Throwable th) {
                CommonUtils.closeQuietly(byteArrayOutputStream);
                throw th;
            }
        }
    }

    public static void init(Context context) {
        if (instance == null) {
            synchronized (lock) {
                if (instance == null) {
                    instance = new HttpKeyMgr(context);
                }
            }
        }
    }

    private void initCert(Context context) {
        Logger.d(TAG, "load certs from preference");
        String string = this.spCert.getString("certificates", "");
        if (!TextUtils.isEmpty(string)) {
            try {
                loadAvailableCertWithoutVerify(new ByteArrayInputStream(string.getBytes()));
            } catch (InvalidKeyException e) {
                sLogE("load Certificates from preference Exception, " + e.getMessage());
            } catch (NoSuchAlgorithmException e2) {
                sLogE("load Certificates from preference Exception, " + e2.getMessage());
            } catch (NoSuchProviderException e3) {
                sLogE("load Certificates from preference Exception, " + e3.getMessage());
            } catch (SignatureException e4) {
                sLogE("load Certificates from preference Exception, " + e4.getMessage());
            } catch (CertificateException e5) {
                sLogE("load Certificates from preference Exception, " + e5.getMessage());
            }
        }
        if (this.cert == null) {
            try {
                Logger.d(TAG, "load certs from uxipcerts.java");
                loadAvailableCertWithoutVerify(new ByteArrayInputStream(UxipCerts.raw.getBytes()));
            } catch (InvalidKeyException e6) {
                sLogE("load Certificates from asset Exception, " + e6.getMessage());
            } catch (NoSuchAlgorithmException e7) {
                sLogE("load Certificates from asset Exception, " + e7.getMessage());
            } catch (NoSuchProviderException e8) {
                sLogE("load Certificates from asset Exception, " + e8.getMessage());
            } catch (SignatureException e9) {
                sLogE("load Certificates from asset Exception, " + e9.getMessage());
            } catch (CertificateException e10) {
                sLogE("load Certificates from asset Exception, " + e10.getMessage());
            }
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:14:0x00eb, code lost:
    
        r0[0].checkValidity();
        r6.cert = r0[0];
        com.meizu.statsapp.v3.utils.log.Logger.d(com.meizu.statsapp.v3.lib.plugin.secure.HttpKeyMgr.TAG, "***** AVAILABLE CERTIFICATE:");
        com.meizu.statsapp.v3.utils.log.Logger.d(com.meizu.statsapp.v3.lib.plugin.secure.HttpKeyMgr.TAG, "***** --------------------");
        com.meizu.statsapp.v3.utils.log.Logger.d(com.meizu.statsapp.v3.lib.plugin.secure.HttpKeyMgr.TAG, "***** Subject DN: " + r6.cert.getSubjectDN());
        com.meizu.statsapp.v3.utils.log.Logger.d(com.meizu.statsapp.v3.lib.plugin.secure.HttpKeyMgr.TAG, "***** Signature Algorithm: " + r6.cert.getSigAlgName());
        com.meizu.statsapp.v3.utils.log.Logger.d(com.meizu.statsapp.v3.lib.plugin.secure.HttpKeyMgr.TAG, "***** Valid from: " + r6.cert.getNotBefore());
        com.meizu.statsapp.v3.utils.log.Logger.d(com.meizu.statsapp.v3.lib.plugin.secure.HttpKeyMgr.TAG, "***** Valid until: " + r6.cert.getNotAfter());
        com.meizu.statsapp.v3.utils.log.Logger.d(com.meizu.statsapp.v3.lib.plugin.secure.HttpKeyMgr.TAG, "***** Issuer: " + r6.cert.getIssuerDN());
        com.meizu.statsapp.v3.utils.log.Logger.d(com.meizu.statsapp.v3.lib.plugin.secure.HttpKeyMgr.TAG, "***** PublicKey: " + r6.cert.getPublicKey());
        r0 = java.util.Calendar.getInstance();
        r0.add(5, 30);
     */
    /* JADX WARN: Code restructure failed: missing block: B:15:0x01c2, code lost:
    
        if (r0.getTime().after(r6.cert.getNotAfter()) == false) goto L19;
     */
    /* JADX WARN: Code restructure failed: missing block: B:20:0x01c4, code lost:
    
        downloadAndInitCert();
     */
    /* JADX WARN: Code restructure failed: missing block: B:22:0x01c8, code lost:
    
        r0 = move-exception;
     */
    /* JADX WARN: Code restructure failed: missing block: B:23:0x01c9, code lost:
    
        r0.printStackTrace();
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private void loadAvailableCert(java.io.InputStream r7) throws java.security.cert.CertificateException, java.security.NoSuchProviderException, java.security.NoSuchAlgorithmException, java.security.InvalidKeyException, java.security.SignatureException {
        /*
            Method dump skipped, instructions count: 473
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.meizu.statsapp.v3.lib.plugin.secure.HttpKeyMgr.loadAvailableCert(java.io.InputStream):void");
    }

    private void loadAvailableCertWithoutVerify(InputStream inputStream) throws CertificateException, NoSuchProviderException, NoSuchAlgorithmException, InvalidKeyException, SignatureException {
        Logger.d(TAG, "loadAvailableCertWithoutVerify");
        try {
            Collection<? extends Certificate> generateCertificates = CertificateFactory.getInstance("X509").generateCertificates(inputStream);
            this.cert = ((X509Certificate[]) generateCertificates.toArray(new X509Certificate[generateCertificates.size()]))[0];
            Logger.d(TAG, "***** AVAILABLE CERTIFICATE:");
            Logger.d(TAG, "***** --------------------");
            Logger.d(TAG, "***** Subject DN: " + this.cert.getSubjectDN());
            Logger.d(TAG, "***** Signature Algorithm: " + this.cert.getSigAlgName());
            Logger.d(TAG, "***** Valid from: " + this.cert.getNotBefore());
            Logger.d(TAG, "***** Valid until: " + this.cert.getNotAfter());
            Logger.d(TAG, "***** Issuer: " + this.cert.getIssuerDN());
            Logger.d(TAG, "***** PublicKey: " + this.cert.getPublicKey());
        } finally {
            CommonUtils.closeQuietly(inputStream);
        }
    }

    private void loadKeys() {
        Logger.d(TAG, "loadKeys");
        String string = this.spKey.getString("sKey64", "");
        Logger.d(TAG, "saved sKey64: " + string);
        if (!TextUtils.isEmpty(string)) {
            this.sKey64 = string.getBytes();
        }
        String string2 = this.spKey.getString("aKey64", "");
        Logger.d(TAG, "saved aKey64: " + string2);
        if (!TextUtils.isEmpty(string2)) {
            this.aKey64 = string2.getBytes();
            this.aKey = Base64.decode(this.aKey64, 2);
        }
        String string3 = this.spKey.getString("rKey64", "");
        Logger.d(TAG, "saved rKey64: " + string3);
        if (TextUtils.isEmpty(string3)) {
            return;
        }
        this.rKey64 = string3.getBytes();
        this.rKey = Base64.decode(this.rKey64, 2);
    }

    private void sLogE(String str) {
        Logger.e(TAG, str);
    }

    private boolean verify(X509Certificate x509Certificate) {
        TrustManager[] trustManagerArr = null;
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init((KeyStore) null);
            trustManagerArr = trustManagerFactory.getTrustManagers();
        } catch (KeyStoreException e) {
            e.printStackTrace();
        } catch (NoSuchAlgorithmException e2) {
            e2.printStackTrace();
        }
        if (trustManagerArr.length != 1 || !(trustManagerArr[0] instanceof X509TrustManager)) {
            throw new IllegalStateException("Unexpected default trust managers:" + Arrays.toString(trustManagerArr));
        }
        for (X509Certificate x509Certificate2 : ((X509TrustManager) trustManagerArr[0]).getAcceptedIssuers()) {
            try {
                x509Certificate.verify(x509Certificate2.getPublicKey());
                Logger.d(TAG, "### root CA: " + ("S:" + x509Certificate2.getSubjectDN().getName() + "\nI:" + x509Certificate2.getIssuerDN().getName()));
                return true;
            } catch (InvalidKeyException e3) {
                sLogE(e3.getMessage());
            } catch (NoSuchAlgorithmException e4) {
                sLogE(e4.getMessage());
            } catch (NoSuchProviderException e5) {
                sLogE(e5.getMessage());
            } catch (SignatureException e6) {
                sLogE(e6.getMessage());
            } catch (CertificateException e7) {
                sLogE(e7.getMessage());
            }
        }
        return false;
    }

    public byte[] decrypt(byte[] bArr) {
        byte[] bArr2 = this.rKey;
        if (bArr2 == null || (bArr2 != null && bArr2.length == 0)) {
            sLogE("rKey null!");
            return null;
        }
        if (bArr == null || (bArr != null && bArr.length == 0)) {
            sLogE("input null!");
            return null;
        }
        Logger.d(TAG, ">>>>>>>>>> decrypt input >>>>>>>>>>\n" + getBase64(bArr));
        Logger.d(TAG, "<<<<<<<<<< decrypt input <<<<<<<<<<");
        try {
            Cipher cipher = Cipher.getInstance("AES/ECB/PKCS5Padding");
            cipher.init(2, new SecretKeySpec(this.rKey, "AES"));
            byte[] doFinal = cipher.doFinal(bArr);
            Logger.d(TAG, ">>>>>>>>>> decrypt output >>>>>>>>>>\n" + getBase64(doFinal));
            Logger.d(TAG, "<<<<<<<<<< decrypt output <<<<<<<<<<");
            return doFinal;
        } catch (InvalidKeyException e) {
            e.printStackTrace();
            return null;
        } catch (NoSuchAlgorithmException e2) {
            e2.printStackTrace();
            return null;
        } catch (BadPaddingException e3) {
            e3.printStackTrace();
            return null;
        } catch (IllegalBlockSizeException e4) {
            e4.printStackTrace();
            return null;
        } catch (NoSuchPaddingException e5) {
            e5.printStackTrace();
            return null;
        }
    }

    public byte[] encrypt(byte[] bArr) {
        byte[] bArr2 = this.rKey;
        if (bArr2 == null || (bArr2 != null && bArr2.length == 0)) {
            sLogE("rKey null!");
            return null;
        }
        if (bArr == null || (bArr != null && bArr.length == 0)) {
            sLogE("input null!");
            return null;
        }
        Logger.d(TAG, ">>>>>>>>>> encrypt input >>>>>>>>>>\n" + getBase64(bArr));
        Logger.d(TAG, "<<<<<<<<<< encrypt input <<<<<<<<<<");
        try {
            Cipher cipher = Cipher.getInstance("AES/ECB/PKCS5Padding");
            cipher.init(1, new SecretKeySpec(this.rKey, "AES"));
            byte[] doFinal = cipher.doFinal(bArr);
            Logger.d(TAG, ">>>>>>>>>> encrypt output >>>>>>>>>>\n" + getBase64(doFinal));
            Logger.d(TAG, "<<<<<<<<<< encrypt output <<<<<<<<<<");
            return doFinal;
        } catch (InvalidKeyException e) {
            e.printStackTrace();
            return null;
        } catch (NoSuchAlgorithmException e2) {
            e2.printStackTrace();
            return null;
        } catch (BadPaddingException e3) {
            e3.printStackTrace();
            return null;
        } catch (IllegalBlockSizeException e4) {
            e4.printStackTrace();
            return null;
        } catch (NoSuchPaddingException e5) {
            e5.printStackTrace();
            return null;
        }
    }

    public byte[] getaKey64() {
        return this.aKey64;
    }

    public byte[] getsKey64() {
        return this.sKey64;
    }

    public synchronized void reInitKeys() {
        Logger.d(TAG, "reInitKeys");
        if (this.lastResetKeysTime == 0 || System.currentTimeMillis() - this.lastResetKeysTime > 180000) {
            SharedPreferences.Editor edit = this.spKey.edit();
            edit.clear();
            edit.commit();
            this.lastResetKeysTime = System.currentTimeMillis();
            if (this.cert != null) {
                generateKeys();
            }
        }
    }

    public void saveSKey(String str) {
        this.sKey64 = str.getBytes();
        SharedPreferences.Editor edit = this.spKey.edit();
        edit.putString("sKey64", new String(this.sKey64));
        edit.commit();
    }
}
