package com.centrify.android.retrofit.tools.retrofit;

import android.content.Context;
import android.content.Intent;
import android.content.pm.PackageInfo;
import android.content.pm.PackageManager;
import android.net.Uri;
import android.os.Build;
import android.support.annotation.NonNull;
import android.text.TextUtils;
import com.centrify.agent.samsung.utils.LogUtil;
import com.centrify.android.Constants;
import com.centrify.android.centrifypreference.CentrifyPreferenceUtils;
import com.centrify.android.centrifypreference.KeyConstants;
import com.centrify.android.keystore.KeyStoreManager;
import com.centrify.android.keystore.KeyStoreManagerFactory;
import com.centrify.android.rest.RestConstants;
import com.centrify.android.rest.RestKeys;
import com.centrify.android.retrofit.tools.http.url.connection.CentrifyTrustManager;
import com.centrify.android.retrofit.tools.http.url.connection.CertPinningException;
import com.centrify.android.retrofit.tools.http.url.connection.VerifyEverythingHostnameVerifier;
import com.centrify.android.utils.AfwUtils;
import com.centrify.android.utils.DeviceUtils;
import com.centrify.android.utils.KeyStoreUtils;
import com.centrify.directcontrol.appstore.AppsJsonParser;
import java.io.IOException;
import java.net.HttpCookie;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.concurrent.TimeUnit;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import okhttp3.Interceptor;
import okhttp3.OkHttpClient;
import okhttp3.Request;
import okhttp3.Response;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.time.DateUtils;
import org.json.JSONException;
import org.json.JSONObject;

/* loaded from: classes.dex */
public class CentrifyOkHttpClient {
    private static final int HTTP_TIMEOUT_CONNECTION = 60000;
    private static final int HTTP_TIMEOUT_SOCKET = 240000;
    private static final String TAG = "CentrifyOkHttpClient";
    private final String endPointUrl;
    private final Context mAppContext;
    private Map<String, HttpCookie> mCookiesInCache = new HashMap();
    private String mLoginAuth;
    private String preferredUrl;

    /* loaded from: classes.dex */
    class CentrifyInterceptor implements Interceptor {
        private String mCloudHost;
        private String mPreferredHost;

        CentrifyInterceptor() {
            this.mCloudHost = getHost(CentrifyOkHttpClient.this.endPointUrl);
            this.mPreferredHost = getHost(CentrifyOkHttpClient.this.preferredUrl);
        }

        private boolean allowRetry(Response response) {
            return StringUtils.equalsIgnoreCase(this.mCloudHost, response.request().url().host()) || StringUtils.equalsIgnoreCase(this.mPreferredHost, response.request().url().host());
        }

        private String getHost(String str) {
            try {
                return new URL(str).getHost();
            } catch (MalformedURLException e) {
                return str;
            }
        }

        private String getLocaleLang() {
            Locale locale = Locale.getDefault();
            String str = RestKeys.KEY_LANGUAGE_DEFAULT;
            if (locale != null && !TextUtils.isEmpty(locale.getLanguage())) {
                str = locale.getLanguage();
                if (!TextUtils.isEmpty(locale.getCountry())) {
                    str = str + "-" + locale.getCountry();
                }
            }
            LogUtil.info(CentrifyOkHttpClient.TAG, "Current language: " + str);
            return str;
        }

        private Request interceptRequest(Request request) {
            if (!isCloudHost(request.url().host())) {
                return request;
            }
            Request.Builder newBuilder = request.newBuilder();
            newBuilder.addHeader(RestKeys.KEY_CLIENT_HEADER_NAME, "true");
            newBuilder.addHeader(RestKeys.KEY_CLIENT_INFO_HEADER, CentrifyOkHttpClient.this.getClientInfoHeader());
            newBuilder.addHeader("X-MM-Protocol", RestConstants.MOBILE_MANAGER_PROTOCOL);
            if (AfwUtils.isClientProfileOwner(CentrifyOkHttpClient.this.mAppContext)) {
                newBuilder.addHeader(RestConstants.AFW_PROFILE_OWNER_CLIENT, "true");
            } else if (AfwUtils.isClientDeviceOwner(CentrifyOkHttpClient.this.mAppContext)) {
                newBuilder.addHeader(RestConstants.AFW_DEVICE_OWNER_CLIENT, "true");
            }
            newBuilder.addHeader("Accept-Language", getLocaleLang());
            HttpCookie httpCookie = (HttpCookie) CentrifyOkHttpClient.this.mCookiesInCache.get(request.url().host());
            if (httpCookie != null) {
                newBuilder.addHeader("Cookie", httpCookie.toString());
            } else {
                String cms = KeyStoreManagerFactory.getKeystoreInstance(CentrifyOkHttpClient.this.mAppContext, KeyStoreManagerFactory.KEYSTORE_USE.User_Cert).getCMS(KeyStoreManager.USER_CERT, KeyStoreUtils.getSecretInUse(CentrifyOkHttpClient.this.mAppContext));
                if (StringUtils.isNotBlank(cms)) {
                    newBuilder.addHeader(RestKeys.KEY_CLIENT_IDENTITY, cms);
                } else if (StringUtils.isNotEmpty(CentrifyOkHttpClient.this.mLoginAuth)) {
                    try {
                        JSONObject jSONObject = new JSONObject(CentrifyOkHttpClient.this.mLoginAuth);
                        Iterator<String> keys = jSONObject.keys();
                        while (keys.hasNext()) {
                            String next = keys.next();
                            newBuilder.addHeader(next, jSONObject.getString(next));
                        }
                    } catch (JSONException e) {
                        LogUtil.error(CentrifyOkHttpClient.TAG, "Unable to read login auth header:" + CentrifyOkHttpClient.this.mLoginAuth);
                    }
                }
            }
            return newBuilder.build();
        }

        private void interceptResponse(Response response) {
            saveCookie(response.headers("Set-Cookie"), response.request().url().host());
        }

        private boolean isCloudHost(String str) {
            return StringUtils.equalsIgnoreCase(this.mCloudHost, str) || StringUtils.equalsIgnoreCase(this.mPreferredHost, str);
        }

        private Response retryIfNecessary(Interceptor.Chain chain, Response response) throws IOException {
            switch (response.code()) {
                case 401:
                    LogUtil.error(CentrifyOkHttpClient.TAG, "response = 401");
                    String host = chain.request().url().host();
                    if (((HttpCookie) CentrifyOkHttpClient.this.mCookiesInCache.get(host)) == null) {
                        throw new IOException("errorCode is: " + response.code());
                    }
                    CentrifyOkHttpClient.this.mCookiesInCache.remove(host);
                    return intercept(chain);
                default:
                    throw new IOException(response.message());
            }
        }

        private void saveCookie(List<String> list, String str) {
            HttpCookie desiredCookie = CentrifyOkHttpClient.this.getDesiredCookie(list, RestKeys.KEY_AUTH_COOKIE_NAME);
            if (desiredCookie != null) {
                CentrifyOkHttpClient.this.mCookiesInCache.put(str, desiredCookie);
            } else {
                LogUtil.warning(CentrifyOkHttpClient.TAG, "There is no .ASPXAUTH cookie.");
            }
        }

        @Override // okhttp3.Interceptor
        public Response intercept(@NonNull Interceptor.Chain chain) throws IOException {
            try {
                Response proceed = chain.proceed(interceptRequest(chain.request()));
                if (!proceed.isSuccessful()) {
                    return allowRetry(proceed) ? retryIfNecessary(chain, proceed) : proceed;
                }
                interceptResponse(proceed);
                return proceed;
            } catch (IOException e) {
                if (e.getCause() instanceof CertPinningException) {
                    LogUtil.info(CentrifyOkHttpClient.TAG, "throw CertPinningRetryException in CertPinningException");
                    throw new CertPinningRetryException();
                }
                if (0 == 0 && CentrifyPreferenceUtils.getLong(KeyConstants.PREF_FAILED_CONTACT_CLOUD_TIME, 0L) <= 0) {
                    CentrifyOkHttpClient.this.saveFailedContactCloudTime();
                }
                LogUtil.info(CentrifyOkHttpClient.TAG, "delegate IOException to the upper level");
                throw e;
            }
        }
    }

    public CentrifyOkHttpClient(Context context, String str, String str2) {
        this.mAppContext = context;
        this.endPointUrl = str;
        this.preferredUrl = str2;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public String getClientInfoHeader() {
        JSONObject jSONObject = new JSONObject();
        String packageName = this.mAppContext.getPackageName();
        String str = "";
        int i = 0;
        try {
            PackageInfo packageInfo = this.mAppContext.getPackageManager().getPackageInfo(packageName, 0);
            str = packageInfo.versionName;
            i = packageInfo.versionCode;
        } catch (PackageManager.NameNotFoundException e) {
            LogUtil.error(TAG, "Could not get find package:" + packageName);
        }
        try {
            jSONObject.put("Platform", AppsJsonParser.VALUE_APP_TYPE_ANDROID);
            jSONObject.put("PackageId", this.mAppContext.getPackageName());
            jSONObject.put(AppsJsonParser.TAG_VERSION_NAME, str);
            jSONObject.put("VersionCode", i);
            jSONObject.put("DeviceId", DeviceUtils.getDeviceUDID(this.mAppContext));
        } catch (JSONException e2) {
            LogUtil.error(TAG, "Could not construct header");
        }
        return jSONObject.toString();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public HttpCookie getDesiredCookie(List<String> list, String str) {
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            for (HttpCookie httpCookie : HttpCookie.parse(it.next())) {
                if (StringUtils.equals(httpCookie.getName(), str)) {
                    return httpCookie;
                }
            }
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void saveFailedContactCloudTime() {
        LogUtil.info(TAG, "save failed contact cloud time");
        CentrifyPreferenceUtils.putLong(KeyConstants.PREF_FAILED_CONTACT_CLOUD_TIME, System.currentTimeMillis());
        Intent intent = new Intent(Constants.ACTION_CONTACT_CLOUD_FAILED);
        intent.setPackage(this.mAppContext.getPackageName());
        this.mAppContext.sendBroadcast(intent);
    }

    public void cleanCookie() {
        this.mCookiesInCache.clear();
    }

    public OkHttpClient getCentrifyOkHttpClient(boolean z, boolean z2, KeyStore keyStore) {
        try {
            TrustManager[] trustManagerArr = {new CentrifyTrustManager(z, z2, this.mAppContext)};
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            keyManagerFactory.init(keyStore, null);
            KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
            SSLContext sSLContext = SSLContext.getInstance("TLS");
            sSLContext.init(keyManagers, trustManagerArr, null);
            SSLSocketFactory tLSSocketFactory = Build.VERSION.SDK_INT <= 19 ? new TLSSocketFactory(sSLContext.getSocketFactory()) : sSLContext.getSocketFactory();
            OkHttpClient.Builder builder = new OkHttpClient.Builder();
            builder.sslSocketFactory(tLSSocketFactory, (X509TrustManager) trustManagerArr[0]);
            if (z) {
                builder.hostnameVerifier(new VerifyEverythingHostnameVerifier());
            }
            builder.addInterceptor(new CentrifyInterceptor()).eventListener(new CentrifyCallEventListener(this.mAppContext)).readTimeout(240000L, TimeUnit.MILLISECONDS).connectTimeout(DateUtils.MILLIS_PER_MINUTE, TimeUnit.MILLISECONDS);
            return builder.build();
        } catch (KeyManagementException e) {
            LogUtil.error(TAG, e.getMessage(), e);
            return null;
        } catch (KeyStoreException e2) {
            LogUtil.error(TAG, e2.getMessage(), e2);
            return null;
        } catch (NoSuchAlgorithmException e3) {
            LogUtil.error(TAG, e3.getMessage(), e3);
            return null;
        } catch (UnrecoverableKeyException e4) {
            LogUtil.error(TAG, e4.getMessage(), e4);
            return null;
        } catch (Exception e5) {
            LogUtil.error(TAG, e5.getMessage(), e5);
            return null;
        }
    }

    public HttpCookie getCookie(String str) {
        try {
            Uri parse = Uri.parse(str);
            return StringUtils.isEmpty(parse.getScheme()) ? this.mCookiesInCache.get(str) : this.mCookiesInCache.get(parse.getHost());
        } catch (Exception e) {
            LogUtil.error(TAG, "getCookie failed with host: " + str, e);
            return null;
        }
    }

    public boolean hasCookie() {
        return this.mCookiesInCache.size() > 0;
    }

    public void setLoginAuth(String str) {
        this.mLoginAuth = str;
    }
}
