package k;

import android.content.Context;
import android.os.Looper;
import android.text.TextUtils;
import android.util.Base64;
import android.util.Pair;
import com.bytedance.http.HttpDispatcher;
import com.volcengine.androidcloud.common.log.AcLog;
import com.volcengine.common.SDKContext;
import com.volcengine.common.contant.CommonConstants;
import com.volcengine.common.contant.CommonErrorCode;
import com.volcengine.common.innerapi.ConfigService;
import com.volcengine.common.innerapi.HttpService;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileFilter;
import java.nio.charset.StandardCharsets;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import javax.crypto.Cipher;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManagerFactory;
import o.h;
import o.i;
import org.json.JSONObject;

/* loaded from: classes3.dex */
public class b {

    /* renamed from: a, reason: collision with root package name */
    public static final Object f2355a = new Object();

    /* renamed from: b, reason: collision with root package name */
    public static volatile SSLSocketFactory f2356b;

    /* renamed from: c, reason: collision with root package name */
    public static a f2357c;

    /* loaded from: classes3.dex */
    public static class a implements ConfigService.ConfigObserver {
        @Override // com.volcengine.common.innerapi.ConfigService.ConfigObserver
        public void onReceiveConfig(String str, String str2) {
            if (TextUtils.equals(str, ConfigService.network_config)) {
                SDKContext.getExecutorsService().getIOExecutor().execute(new Runnable() { // from class: k.b$a$$ExternalSyntheticLambda0
                    @Override // java.lang.Runnable
                    public final void run() {
                        b.c();
                    }
                });
            }
        }
    }

    public static List<byte[]> a() {
        Context context = SDKContext.getContext();
        JSONObject configJson = SDKContext.getConfigService().getConfigJson(ConfigService.network_config);
        String optString = configJson.optString("opaque_data_remote_file_url", "");
        String optString2 = configJson.optString("opaque_data_remote_file_md5", "");
        if (TextUtils.isEmpty(optString) || TextUtils.isEmpty(optString2)) {
            optString = "https://vegame.volccdn.com/obj/vegame/cp_cg_ca_cert_list_1.0.0";
            optString2 = "817851645eb3cce5bd4840f871ff555b";
        }
        String str = optString2;
        String str2 = optString;
        File file = new File(context.getFilesDir(), "self_ca_certifications");
        File file2 = new File(file, str);
        File file3 = new File(file2, "self_ca_certification_list");
        ArrayList arrayList = null;
        if (!file3.exists() || file3.length() == 0) {
            SDKContext.getDownloadService().downloadFile(str2, "self_ca_certification_list", file2.getAbsolutePath(), str, new k.a(file2));
            return null;
        }
        byte[] a2 = h.a(file3);
        if (a2 != null && a2.length != 0) {
            a(file, file3);
            try {
                List asList = Arrays.asList(new String(a(a2), StandardCharsets.UTF_8).split(","));
                if (asList != null && asList.size() != 0) {
                    arrayList = new ArrayList();
                    long currentTimeMillis = System.currentTimeMillis();
                    Iterator it = asList.iterator();
                    int i2 = 0;
                    while (it.hasNext()) {
                        byte[] decode = Base64.decode((String) it.next(), 0);
                        arrayList.add(decode);
                        i2 += decode.length;
                    }
                    AcLog.d("CAStoreController", "opaqueData decode time: " + (System.currentTimeMillis() - currentTimeMillis) + " ms, total key size: " + i2 + " Byte...");
                }
                return arrayList;
            } catch (Throwable th) {
                AcLog.e("CAStoreController", "failed to decrypt with the aes...", th);
                a(-4, "failed to decrypt the certification[" + th + "]");
            }
        }
        return null;
    }

    public static SSLSocketFactory a(List<byte[]> list) {
        if (list == null || list.size() == 0) {
            return null;
        }
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(null, null);
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        Iterator<byte[]> it = list.iterator();
        int i2 = 0;
        while (it.hasNext()) {
            try {
                Certificate generateCertificate = certificateFactory.generateCertificate(new ByteArrayInputStream(it.next()));
                if (!(generateCertificate instanceof X509Certificate)) {
                    AcLog.e("CAStoreController", "the type[" + generateCertificate.getType() + "] of certification is invalid...");
                    a(-2, "invalid cert type[" + generateCertificate.getType() + "]");
                    return null;
                }
                Date notBefore = ((X509Certificate) generateCertificate).getNotBefore();
                Date notAfter = ((X509Certificate) generateCertificate).getNotAfter();
                Date date = new Date();
                if (!date.before(notBefore) && !date.after(notAfter)) {
                    keyStore.setCertificateEntry("CA-" + i2, generateCertificate);
                    i2++;
                    AcLog.i("CAStoreController", "success to parse the certification[" + i2 + "]...");
                }
                AcLog.e("CAStoreController", "the date[" + notBefore.toString() + "~" + notAfter.toString() + "] of certification is invalid...");
            } catch (Exception e2) {
                AcLog.e("CAStoreController", "failed to parse the certification[" + i2 + "]...", e2);
                a(-3, "failed to parse the certification[" + e2 + "]");
                return null;
            }
        }
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(keyStore);
        SSLContext sSLContext = SSLContext.getInstance("TLS");
        sSLContext.init(null, trustManagerFactory.getTrustManagers(), new SecureRandom());
        return sSLContext.getSocketFactory();
    }

    public static void a(int i2, String str) {
        HashMap hashMap = new HashMap();
        hashMap.put(CommonConstants.KEY_ORIGIN_ERR_CODE, Integer.valueOf(i2));
        hashMap.put(CommonConstants.KEY_ORIGIN_ERR_MSG, str);
        Pair<Integer, String> pair = CommonErrorCode.ERROR_CA_CERT_ERROR;
        hashMap.put(CommonConstants.KEY_ERROR_CODE, pair.first);
        hashMap.put(CommonConstants.KEY_ERR_MSG, pair.second);
        hashMap.put(CommonConstants.KEY_LEVEL, CommonConstants.VALUE_LEVEL_WARNING);
        SDKContext.getMonitorService().reportCategory(CommonConstants.event_caCertGenerateFailed, hashMap);
    }

    public static void a(File file, File file2) {
        final File parentFile = file2.getParentFile();
        File[] listFiles = file.listFiles(new FileFilter() { // from class: k.b$$ExternalSyntheticLambda1
            @Override // java.io.FileFilter
            public final boolean accept(File file3) {
                return b.b(parentFile, file3);
            }
        });
        if (listFiles == null || listFiles.length == 0) {
            return;
        }
        for (File file3 : listFiles) {
            i.c(file3);
        }
    }

    public static byte[] a(byte[] bArr) {
        if (bArr.length == 0) {
            return null;
        }
        SecretKeySpec secretKeySpec = new SecretKeySpec("cpcgselfcacerabc".getBytes(StandardCharsets.US_ASCII), "AES");
        Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
        cipher.init(2, secretKeySpec, new IvParameterSpec("1234567890123456".getBytes()));
        return cipher.doFinal(Base64.decode(bArr, 0));
    }

    public static SSLSocketFactory b() {
        if (Looper.getMainLooper() == Looper.myLooper()) {
            SDKContext.getExecutorsService().getIOExecutor().execute(new Runnable() { // from class: k.b$$ExternalSyntheticLambda0
                @Override // java.lang.Runnable
                public final void run() {
                    b.c();
                }
            });
        } else {
            c();
        }
        return f2356b;
    }

    public static /* synthetic */ boolean b(File file, File file2) {
        return (file2 == null || file == null || TextUtils.equals(file2.getAbsolutePath(), file.getAbsolutePath())) ? false : true;
    }

    public static void c() {
        synchronized (f2355a) {
            if (f2357c == null) {
                f2357c = new a();
                SDKContext.getConfigService().register(ConfigService.network_config, f2357c);
            }
            boolean z = SDKContext.getConfigService().getConfigJson(ConfigService.network_config).optInt("opaque_data_enable", 0) > 0;
            SSLSocketFactory sSLSocketFactory = null;
            if (z && f2356b == null) {
                try {
                    sSLSocketFactory = a(a());
                } catch (Throwable th) {
                    a(-1, "failed to init the CAStoreController[" + th + "]");
                    AcLog.e("CAStoreController", "failed to init the CAStoreController...", th);
                }
                f2356b = sSLSocketFactory;
                if (f2356b != null) {
                    HttpService httpService = SDKContext.getHttpService();
                    if (httpService instanceof c) {
                        SSLSocketFactory sSLSocketFactory2 = f2356b;
                        HttpDispatcher.Builder builder = ((c) httpService).f2361b;
                        if (builder != null && sSLSocketFactory2 != null) {
                            builder.socketFactory(sSLSocketFactory2);
                        }
                    }
                }
            } else if (!z && f2356b != null) {
                f2356b = null;
            }
        }
    }
}
