package com.zhihu.android.app;

import android.content.Context;
import android.os.Handler;
import android.os.Looper;
import android.text.TextUtils;
import android.util.Base64;
import com.facebook.stetho.okhttp3.StethoInterceptor;
import com.fasterxml.jackson.core.JsonGenerator;
import com.fasterxml.jackson.core.JsonParser;
import com.fasterxml.jackson.databind.DeserializationFeature;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.zhihu.android.api.http.CookieHandler;
import com.zhihu.android.api.model.ApiError;
import com.zhihu.android.api.model.Certificates;
import com.zhihu.android.api.util.InternalCertificates;
import com.zhihu.android.api.util.JsonUtils;
import com.zhihu.android.app.accounts.AccountManager;
import com.zhihu.android.app.analytics.AppInfo;
import com.zhihu.android.app.appview.AppView;
import com.zhihu.android.app.util.PreferenceHelper;
import com.zhihu.android.app.util.SafetyLock;
import com.zhihu.android.app.util.UnauthorizeLock;
import com.zhihu.android.app.util.UserAgentHelper;
import com.zhihu.android.app.util.za.ZAAPIMonitorHandler;
import com.zhihu.android.cloudid.CloudIDHelper;
import com.zhihu.android.data.analytics.ZhihuAnalytics;
import com.zhihu.android.sdk.launchad.utils.XSugerUtils;
import com.zhihu.za.proto.MonitorEventInfo;
import io.fabric.sdk.android.services.network.HttpRequest;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.KeyFactory;
import java.security.PublicKey;
import java.security.Signature;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.spec.X509EncodedKeySpec;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.concurrent.TimeUnit;
import javax.net.ssl.SSLPeerUnverifiedException;
import okhttp3.CertificatePinner;
import okhttp3.Handshake;
import okhttp3.Interceptor;
import okhttp3.OkHttpClient;
import okhttp3.Request;
import okhttp3.Response;
import org.apache.commons.codec.digest.DigestUtils;
import retrofit2.Retrofit;
import retrofit2.adapter.rxjava2.RxJava2CallAdapterFactory;
import retrofit2.converter.jackson.JacksonConverterFactory;

/* loaded from: classes.dex */
public class RetrofitInitializer implements Interceptor {
    private Context mContext;
    private Handler mHandler;
    private ObjectMapper mObjectMapper;
    private Retrofit mRetrofit;
    private final Map<String, String[]> mSecurityPins;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes3.dex */
    public static class InstanceHolder {
        static final RetrofitInitializer INSTANCE = new RetrofitInitializer();
    }

    private RetrofitInitializer() {
        this.mSecurityPins = new HashMap();
    }

    /* synthetic */ RetrofitInitializer(AnonymousClass1 anonymousClass1) {
        this();
    }

    private void addSecurityPins(String str, String[] strArr) {
        this.mSecurityPins.put(str, strArr);
    }

    private boolean checkPins(String str, List<String> list) {
        String[] pins = getPins(str);
        if (pins == null || pins.length <= 0) {
            return true;
        }
        for (String str2 : pins) {
            if (list.contains(str2)) {
                return true;
            }
        }
        return false;
    }

    public static RetrofitInitializer getDefaultInstance() {
        return InstanceHolder.INSTANCE;
    }

    private String[] getPins(Certificates certificates) {
        if (certificates == null || certificates.certificates == null || certificates.certificates.size() <= 0) {
            return null;
        }
        ArrayList arrayList = new ArrayList();
        for (Certificates.Certificate certificate : certificates.certificates) {
            if (verify(certificate.data.getBytes(), certificate.sign)) {
                try {
                    arrayList.add(CertificatePinner.pin(CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(certificate.data.getBytes()))));
                } catch (CertificateException e) {
                }
            }
        }
        return (String[]) arrayList.toArray(new String[arrayList.size()]);
    }

    private String[] getPins(String str) {
        return this.mSecurityPins.get(str);
    }

    private void handleException(Request request, Exception exc) {
        ZAAPIMonitorHandler.getInstance().recordMonitor(request.url().toString(), request.method(), -193740127L, -193740127, null, -193740127, exc.getCause() != null ? exc.getCause().getClass().getName() : null, -193740127L, -193740127L);
    }

    private void handleResponse(Response response, long j) throws IOException {
        Runnable runnable;
        CookieHandler.getInstance().processor(response);
        if (response.request().url().host().equals("api.zhihu.com")) {
            String header = response.request().header(AppView.HEADER_AUTHORIZATION);
            String header2 = response.request().header(AppView.HEADER_X_UDID);
            String header3 = response.request().header("x-rsp-hash");
            if (!TextUtils.isEmpty(header) && !TextUtils.isEmpty(header2) && !TextUtils.isEmpty(header3) && !header3.equals(DigestUtils.sha256Hex(header + header2))) {
                throw new IOException("hash not match[" + response.request().url().toString() + "]");
            }
        }
        if (AccountManager.getInstance().hasAccount() && ((401 == response.code() || PreferenceHelper.getTokenUpdateTime(this.mContext) < System.currentTimeMillis()) && !UnauthorizeLock.getInstance().isLocked())) {
            Handler handler = this.mHandler;
            runnable = RetrofitInitializer$$Lambda$1.instance;
            handler.post(runnable);
        }
        if (response.isSuccessful()) {
            ZAAPIMonitorHandler.getInstance().recordMonitor(response.request().url().toString(), response.request().method(), j, response.code(), response.message(), -193740127, null, response.request().body() == null ? -193740127L : response.request().body().contentLength(), response.body() == null ? -193740127L : response.body().contentLength());
            return;
        }
        ApiError apiError = (ApiError) this.mObjectMapper.readValue(response.body().bytes(), ApiError.class);
        if ((apiError.getCode() == 4039 || apiError.getCode() == 40310) && !SafetyLock.getInstance().isLocked()) {
            this.mHandler.post(RetrofitInitializer$$Lambda$2.lambdaFactory$(apiError));
        }
        ZAAPIMonitorHandler.getInstance().recordMonitor(response.request().url().toString(), response.request().method(), j, response.code(), response.message(), apiError.getCode(), null, response.request().body() == null ? -193740127L : response.request().body().contentLength(), response.body() == null ? -193740127L : response.body().contentLength());
    }

    private boolean onInterceptSSLPeerUnverified(List<Certificate> list) {
        HashMap hashMap = new HashMap();
        for (int i = 0; i < list.size(); i++) {
            try {
                hashMap.put(String.format(Locale.getDefault(), "data%d", Integer.valueOf(i)), Base64.encodeToString(list.get(i).getEncoded(), 0));
            } catch (CertificateEncodingException e) {
            }
        }
        ZhihuAnalytics.getInstance().recordMonitorEvent(null, null, new ZhihuAnalytics.MonitorEventExtraInfo(MonitorEventInfo.EventType.SecurityError, "HttpsError", hashMap));
        return true;
    }

    private Certificates readCertificates() {
        String certificates = PreferenceHelper.getCertificates(this.mContext);
        if (!TextUtils.isEmpty(certificates)) {
            try {
                return (Certificates) JsonUtils.readValue(certificates, Certificates.class);
            } catch (IllegalArgumentException e) {
            }
        }
        return null;
    }

    private Request rebuildRequest(Request request) throws IOException {
        Request.Builder newBuilder = request.newBuilder();
        if (request.url().host().equals("")) {
            newBuilder.url("");
        }
        newBuilder.header("User-Agent", UserAgentHelper.build(this.mContext));
        if (TextUtils.isEmpty(request.header("x-api-version"))) {
            newBuilder.header("x-api-version", AppInfo.apiVersion());
        }
        if (TextUtils.isEmpty(request.header(AppView.HEADER_X_APP_VERSION))) {
            newBuilder.header(AppView.HEADER_X_APP_VERSION, AppInfo.versionName());
        }
        if (TextUtils.isEmpty(request.header(AppView.HEADER_X_APP_ZA))) {
            newBuilder.header(AppView.HEADER_X_APP_ZA, AppInfo.buildAppInfo());
        }
        if (TextUtils.isEmpty(request.header(AppView.HEADER_X_APP_BUILD))) {
            newBuilder.header(AppView.HEADER_X_APP_BUILD, AppInfo.getAppBuild());
        }
        if (TextUtils.isEmpty(request.header("x-network-type"))) {
            newBuilder.header("x-network-type", AppInfo.buildNetworkTypeInfo());
        }
        if (TextUtils.isEmpty(request.header("X-SUGER"))) {
            String value = XSugerUtils.getValue();
            if (!TextUtils.isEmpty(value)) {
                newBuilder.header("X-SUGER", value);
            }
        }
        String cloudId = CloudIDHelper.getInstance().getCloudId(this.mContext);
        if (!TextUtils.isEmpty(cloudId)) {
            newBuilder.header(AppView.HEADER_X_UDID, cloudId);
        }
        if (TextUtils.isEmpty(request.header(HttpRequest.HEADER_AUTHORIZATION))) {
            if (AccountManager.getInstance().hasAccount()) {
                newBuilder.header(HttpRequest.HEADER_AUTHORIZATION, "Bearer " + AccountManager.getInstance().getCurrentAccount().getAccessToken());
            } else {
                newBuilder.header(HttpRequest.HEADER_AUTHORIZATION, "oauth 8d5227e0aaaa4797a763ac64e0c3b8");
            }
        }
        CookieHandler.getInstance().initialize(newBuilder);
        return newBuilder.build();
    }

    private static boolean verify(byte[] bArr, String str) {
        try {
            PublicKey generatePublic = KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(Base64.decode("MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCSSI7hPaC1PaCa9voUFfkMsmyMreAGpy5wjm/9Np2Ael4HyEyXZ0YAjptheBA9YhAfFfjn7ZuHfmptN3yGKeF5JoDZAwC0yY0AWz95tSie8IZ4fUFxsxSMAkUrW6vijFuwQwvDGCygDu4TlYIIZ1WiV/W8lEJr+7rFSFAjKmVynQIDAQAB", 0)));
            Signature signature = Signature.getInstance("SHA1withRSA");
            signature.initVerify(generatePublic);
            signature.update(bArr);
            return signature.verify(Base64.decode(str, 0));
        } catch (Exception e) {
            return false;
        }
    }

    public Retrofit getRetrofit() {
        if (this.mRetrofit == null) {
            throw new IllegalStateException("Must call RetrofitInitializer.getDefaultInstance().initialize(context) before using Retrofit.");
        }
        return this.mRetrofit;
    }

    public void initialize(Context context) throws Exception {
        this.mContext = context.getApplicationContext();
        this.mHandler = new Handler(Looper.getMainLooper());
        this.mObjectMapper = new ObjectMapper();
        this.mObjectMapper.configure(JsonGenerator.Feature.AUTO_CLOSE_JSON_CONTENT, false);
        this.mObjectMapper.configure(JsonParser.Feature.IGNORE_UNDEFINED, true);
        this.mObjectMapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false);
        OkHttpClient.Builder builder = new OkHttpClient.Builder();
        builder.addNetworkInterceptor(this);
        builder.retryOnConnectionFailure(true);
        builder.dns(ZhihuDnsService.getDefaultInstance());
        builder.addNetworkInterceptor(new StethoInterceptor());
        Retrofit.Builder builder2 = new Retrofit.Builder();
        builder2.client(builder.build());
        builder2.baseUrl("https://api.zhihu.com");
        builder2.addConverterFactory(JacksonConverterFactory.create(this.mObjectMapper));
        builder2.addCallAdapterFactory(RxJava2CallAdapterFactory.create());
        String[] pins = getPins(readCertificates());
        if (pins == null || pins.length <= 0) {
            addSecurityPins("https://api.zhihu.com/balance", InternalCertificates.HPKP);
        } else {
            addSecurityPins("https://api.zhihu.com/balance", pins);
        }
        this.mRetrofit = builder2.build();
    }

    @Override // okhttp3.Interceptor
    public Response intercept(Interceptor.Chain chain) throws IOException {
        Handshake handshake = chain.connection().handshake();
        if (handshake != null) {
            List<Certificate> peerCertificates = handshake.peerCertificates();
            ArrayList arrayList = new ArrayList();
            Iterator<Certificate> it2 = peerCertificates.iterator();
            while (it2.hasNext()) {
                arrayList.add(CertificatePinner.pin(it2.next()));
            }
            if (!checkPins(chain.request().url().toString(), arrayList) && !onInterceptSSLPeerUnverified(peerCertificates)) {
                throw new SSLPeerUnverifiedException("This connection is untrusted");
            }
        }
        Request request = chain.request();
        try {
            long nanoTime = System.nanoTime();
            Response proceed = chain.proceed(rebuildRequest(request));
            handleResponse(proceed, TimeUnit.NANOSECONDS.toMillis(System.nanoTime() - nanoTime));
            return proceed;
        } catch (IOException e) {
            handleException(request, e);
            throw e;
        }
    }
}
