package com.zhihu.android.app;

import android.content.Context;
import android.os.Handler;
import android.os.Looper;
import android.text.TextUtils;
import android.util.Base64;
import com.facebook.stetho.okhttp3.StethoInterceptor;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.zhihu.android.api.http.CookieHandler;
import com.zhihu.android.api.model.ApiError;
import com.zhihu.android.api.model.Certificates;
import com.zhihu.android.api.util.InternalCertificates;
import com.zhihu.android.api.util.JsonUtils;
import com.zhihu.android.app.accounts.AccountManager;
import com.zhihu.android.app.analytics.AppInfo;
import com.zhihu.android.app.util.AdPreviewUtils;
import com.zhihu.android.app.util.BuildConfigHelper;
import com.zhihu.android.app.util.CrashlyticsLogUtils;
import com.zhihu.android.app.util.DebugSettings;
import com.zhihu.android.app.util.PreferenceHelper;
import com.zhihu.android.app.util.SafetyLock;
import com.zhihu.android.app.util.UnauthorizeLock;
import com.zhihu.android.app.util.UserAgentHelper;
import com.zhihu.android.app.util.instabug.InstabugUtils;
import com.zhihu.android.app.util.za.ZAAPIMonitorHandler;
import com.zhihu.android.cloudid.CloudIDHelper;
import com.zhihu.android.data.analytics.ZA;
import com.zhihu.android.data.analytics.ZhihuAnalytics;
import com.zhihu.android.module.AppBuildConfig;
import com.zhihu.android.sdk.launchad.utils.XSugerUtils;
import com.zhihu.za.proto.MonitorEventInfo;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.KeyFactory;
import java.security.PublicKey;
import java.security.Signature;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.spec.X509EncodedKeySpec;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.concurrent.TimeUnit;
import javax.net.ssl.SSLPeerUnverifiedException;
import okhttp3.CertificatePinner;
import okhttp3.Handshake;
import okhttp3.Headers;
import okhttp3.Interceptor;
import okhttp3.OkHttpClient;
import okhttp3.Request;
import okhttp3.Response;
import okhttp3.ResponseBody;
import org.apache.commons.codec.digest.DigestUtils;
import retrofit2.Retrofit;
import retrofit2.adapter.rxjava2.RxJava2CallAdapterFactory;
import retrofit2.converter.jackson.JacksonConverterFactory;

/* loaded from: classes2.dex */
public class RetrofitInitializer {
    private static final Interceptor DEV_API_INTERCEPTOR = RetrofitInitializer$$Lambda$6.lambdaFactory$();
    private static final Interceptor ZA_EXPERIMENT_INTERCEPTOR = RetrofitInitializer$$Lambda$7.lambdaFactory$();
    private final Interceptor CERTIFICATE_VALIDATE_INTERCEPTOR;
    private final Interceptor EXCEPTION_TRAP_INTERCEPTOR;
    private final Interceptor PERF_MONITOR_INTERCEPTOR;
    private final Interceptor REQUEST_PROCESS_INTERCEPTOR;
    private final Interceptor RESPONSE_PROCESS_INTERCEPTOR;
    private Context mContext;
    private Handler mHandler;
    private ObjectMapper mObjectMapper;
    private Retrofit mRetrofit;
    private final Map<String, String[]> mSecurityPins;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: com.zhihu.android.app.RetrofitInitializer$1 */
    /* loaded from: classes2.dex */
    public class AnonymousClass1 implements Interceptor {
        AnonymousClass1() {
        }

        private void reportException(Request request, Exception exc) {
            exc.printStackTrace();
            CrashlyticsLogUtils.logError(exc);
            ZAAPIMonitorHandler.getInstance().recordMonitor(request.url().toString(), request.method(), -193740127L, -193740127, exc.getMessage(), -193740127, exc.getCause() != null ? exc.getCause().getClass().getName() : null, -193740127L, -193740127L);
        }

        @Override // okhttp3.Interceptor
        public Response intercept(Interceptor.Chain chain) throws IOException {
            Request request = chain.request();
            try {
                return chain.proceed(request);
            } catch (Exception e) {
                reportException(request, e);
                throw e;
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: com.zhihu.android.app.RetrofitInitializer$2 */
    /* loaded from: classes2.dex */
    public class AnonymousClass2 implements Interceptor {
        AnonymousClass2() {
        }

        private boolean checkPins(String str, List<String> list) {
            String[] pins = getPins(str);
            if (pins == null || pins.length <= 0) {
                return true;
            }
            for (String str2 : pins) {
                if (list.contains(str2)) {
                    return true;
                }
            }
            return false;
        }

        private String[] getPins(String str) {
            return (String[]) RetrofitInitializer.this.mSecurityPins.get(str);
        }

        private boolean onInterceptSSLPeerUnverified(List<Certificate> list) {
            HashMap hashMap = new HashMap();
            for (int i = 0; i < list.size(); i++) {
                try {
                    hashMap.put(String.format(Locale.getDefault(), "data%d", Integer.valueOf(i)), Base64.encodeToString(list.get(i).getEncoded(), 0));
                } catch (CertificateEncodingException e) {
                }
            }
            ZhihuAnalytics.getInstance().recordMonitorEvent(null, null, new ZhihuAnalytics.MonitorEventExtraInfo(MonitorEventInfo.EventType.SecurityError, "HttpsError", hashMap));
            return true;
        }

        @Override // okhttp3.Interceptor
        public Response intercept(Interceptor.Chain chain) throws IOException {
            Handshake handshake = chain.connection().handshake();
            if (handshake != null) {
                List<Certificate> peerCertificates = handshake.peerCertificates();
                ArrayList arrayList = new ArrayList();
                Iterator<Certificate> it2 = peerCertificates.iterator();
                while (it2.hasNext()) {
                    arrayList.add(CertificatePinner.pin(it2.next()));
                }
                if (!checkPins(chain.request().url().toString(), arrayList) && !onInterceptSSLPeerUnverified(peerCertificates)) {
                    throw new SSLPeerUnverifiedException("This connection is untrusted");
                }
            }
            return chain.proceed(chain.request());
        }
    }

    /* loaded from: classes2.dex */
    public static class InstanceHolder {
        static final RetrofitInitializer INSTANCE = new RetrofitInitializer();
    }

    static {
        Interceptor interceptor;
        Interceptor interceptor2;
        interceptor = RetrofitInitializer$$Lambda$6.instance;
        DEV_API_INTERCEPTOR = interceptor;
        interceptor2 = RetrofitInitializer$$Lambda$7.instance;
        ZA_EXPERIMENT_INTERCEPTOR = interceptor2;
    }

    private RetrofitInitializer() {
        Interceptor interceptor;
        this.mHandler = new Handler(Looper.getMainLooper());
        this.mSecurityPins = new HashMap();
        this.EXCEPTION_TRAP_INTERCEPTOR = new Interceptor() { // from class: com.zhihu.android.app.RetrofitInitializer.1
            AnonymousClass1() {
            }

            private void reportException(Request request, Exception exc) {
                exc.printStackTrace();
                CrashlyticsLogUtils.logError(exc);
                ZAAPIMonitorHandler.getInstance().recordMonitor(request.url().toString(), request.method(), -193740127L, -193740127, exc.getMessage(), -193740127, exc.getCause() != null ? exc.getCause().getClass().getName() : null, -193740127L, -193740127L);
            }

            @Override // okhttp3.Interceptor
            public Response intercept(Interceptor.Chain chain) throws IOException {
                Request request = chain.request();
                try {
                    return chain.proceed(request);
                } catch (Exception e) {
                    reportException(request, e);
                    throw e;
                }
            }
        };
        this.CERTIFICATE_VALIDATE_INTERCEPTOR = new Interceptor() { // from class: com.zhihu.android.app.RetrofitInitializer.2
            AnonymousClass2() {
            }

            private boolean checkPins(String str, List<String> list) {
                String[] pins = getPins(str);
                if (pins == null || pins.length <= 0) {
                    return true;
                }
                for (String str2 : pins) {
                    if (list.contains(str2)) {
                        return true;
                    }
                }
                return false;
            }

            private String[] getPins(String str) {
                return (String[]) RetrofitInitializer.this.mSecurityPins.get(str);
            }

            private boolean onInterceptSSLPeerUnverified(List<Certificate> list) {
                HashMap hashMap = new HashMap();
                for (int i = 0; i < list.size(); i++) {
                    try {
                        hashMap.put(String.format(Locale.getDefault(), "data%d", Integer.valueOf(i)), Base64.encodeToString(list.get(i).getEncoded(), 0));
                    } catch (CertificateEncodingException e) {
                    }
                }
                ZhihuAnalytics.getInstance().recordMonitorEvent(null, null, new ZhihuAnalytics.MonitorEventExtraInfo(MonitorEventInfo.EventType.SecurityError, "HttpsError", hashMap));
                return true;
            }

            @Override // okhttp3.Interceptor
            public Response intercept(Interceptor.Chain chain) throws IOException {
                Handshake handshake = chain.connection().handshake();
                if (handshake != null) {
                    List<Certificate> peerCertificates = handshake.peerCertificates();
                    ArrayList arrayList = new ArrayList();
                    Iterator<Certificate> it2 = peerCertificates.iterator();
                    while (it2.hasNext()) {
                        arrayList.add(CertificatePinner.pin(it2.next()));
                    }
                    if (!checkPins(chain.request().url().toString(), arrayList) && !onInterceptSSLPeerUnverified(peerCertificates)) {
                        throw new SSLPeerUnverifiedException("This connection is untrusted");
                    }
                }
                return chain.proceed(chain.request());
            }
        };
        this.REQUEST_PROCESS_INTERCEPTOR = RetrofitInitializer$$Lambda$1.lambdaFactory$(this);
        this.RESPONSE_PROCESS_INTERCEPTOR = RetrofitInitializer$$Lambda$2.lambdaFactory$(this);
        interceptor = RetrofitInitializer$$Lambda$3.instance;
        this.PERF_MONITOR_INTERCEPTOR = interceptor;
    }

    /* synthetic */ RetrofitInitializer(AnonymousClass1 anonymousClass1) {
        this();
    }

    private void addSecurityPins(String str, String[] strArr) {
        this.mSecurityPins.put(str, strArr);
    }

    public static RetrofitInitializer getDefaultInstance() {
        return InstanceHolder.INSTANCE;
    }

    private String[] getPins(Certificates certificates) {
        if (certificates == null || certificates.certificates == null || certificates.certificates.size() <= 0) {
            return null;
        }
        ArrayList arrayList = new ArrayList();
        for (Certificates.Certificate certificate : certificates.certificates) {
            if (verify(certificate.data.getBytes(), certificate.sign)) {
                try {
                    arrayList.add(CertificatePinner.pin(CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(certificate.data.getBytes()))));
                } catch (CertificateException e) {
                }
            }
        }
        return (String[]) arrayList.toArray(new String[arrayList.size()]);
    }

    public static /* synthetic */ Response lambda$new$1(RetrofitInitializer retrofitInitializer, Interceptor.Chain chain) throws IOException {
        Request request = chain.request();
        Request.Builder newBuilder = request.newBuilder();
        if (request.url().host().equals("")) {
            newBuilder.url("");
        }
        newBuilder.header("User-Agent", UserAgentHelper.build(retrofitInitializer.mContext));
        if (TextUtils.isEmpty(request.header("x-api-version"))) {
            newBuilder.header("x-api-version", AppInfo.apiVersion());
        }
        if (TextUtils.isEmpty(request.header("x-app-version"))) {
            newBuilder.header("x-app-version", AppInfo.versionName());
        }
        if (TextUtils.isEmpty(request.header("x-app-za"))) {
            newBuilder.header("x-app-za", AppInfo.buildAppInfo());
        }
        if (TextUtils.isEmpty(request.header("x-app-flavor"))) {
            newBuilder.header("x-app-flavor", AppBuildConfig.CHANNEL());
        }
        if (TextUtils.isEmpty(request.header("x-app-build"))) {
            newBuilder.header("x-app-build", AppInfo.getAppBuild());
        }
        if (TextUtils.isEmpty(request.header("x-network-type"))) {
            newBuilder.header("x-network-type", AppInfo.buildNetworkTypeInfo());
        }
        if (!TextUtils.isEmpty(AdPreviewUtils.getAdPreviewUrl())) {
            newBuilder.header("x-ad-preview", AdPreviewUtils.getAdPreviewUrl());
        }
        if (TextUtils.isEmpty(request.header("X-SUGER"))) {
            String value = XSugerUtils.getValue();
            if (!TextUtils.isEmpty(value)) {
                newBuilder.header("X-SUGER", value);
            }
        }
        String cloudId = CloudIDHelper.getInstance().getCloudId(retrofitInitializer.mContext);
        if (!TextUtils.isEmpty(cloudId)) {
            newBuilder.header("x-udid", cloudId);
        }
        if (TextUtils.isEmpty(request.header("Authorization"))) {
            if (AccountManager.getInstance().hasAccount()) {
                newBuilder.header("Authorization", "Bearer " + AccountManager.getInstance().getCurrentAccount().getAccessToken());
            } else {
                newBuilder.header("Authorization", "oauth 8d5227e0aaaa4797a763ac64e0c3b8");
            }
        }
        if (AccountManager.getInstance().hasAccount() && AccountManager.getInstance().getCurrentAccount().getPeople().isUnicomFree) {
            newBuilder.header("X-Traffic-Free", "unicom");
        }
        CookieHandler.getInstance().initialize(newBuilder);
        return chain.proceed(newBuilder.build());
    }

    public static /* synthetic */ Response lambda$new$5(RetrofitInitializer retrofitInitializer, Interceptor.Chain chain) throws IOException {
        Runnable runnable;
        Response proceed = chain.proceed(chain.request());
        CookieHandler.getInstance().processor(proceed);
        if (proceed.request().url().host().equals("api.zhihu.com")) {
            String header = proceed.request().header("authorization");
            String header2 = proceed.request().header("x-udid");
            String header3 = proceed.request().header("x-rsp-hash");
            if (!TextUtils.isEmpty(header) && !TextUtils.isEmpty(header2) && !TextUtils.isEmpty(header3) && !header3.equals(DigestUtils.sha256Hex(header + header2))) {
                throw new IOException("hash not match[" + proceed.request().url().toString() + "]");
            }
        }
        if (AccountManager.getInstance().hasAccount() && ((401 == proceed.code() || PreferenceHelper.getTokenUpdateTime(retrofitInitializer.mContext) < System.currentTimeMillis()) && !UnauthorizeLock.getInstance().isLocked())) {
            Handler handler = retrofitInitializer.mHandler;
            runnable = RetrofitInitializer$$Lambda$4.instance;
            handler.post(runnable);
        }
        if (proceed.isSuccessful()) {
            return proceed;
        }
        String string = proceed.body().string();
        Response build = proceed.newBuilder().body(ResponseBody.create(proceed.body().contentType(), string)).build();
        ApiError apiError = (ApiError) retrofitInitializer.mObjectMapper.readValue(string.getBytes(), ApiError.class);
        if (!TextUtils.isEmpty(apiError.getMessage())) {
            CrashlyticsLogUtils.logMessage(apiError.getMessage());
        }
        switch (apiError.getCode()) {
            case 4039:
            case 40310:
            case 40350:
            case 40351:
            case 40352:
                if (SafetyLock.getInstance().isLocked()) {
                    return build;
                }
                retrofitInitializer.mHandler.post(RetrofitInitializer$$Lambda$5.lambdaFactory$(apiError));
                return build;
            default:
                return build;
        }
    }

    public static /* synthetic */ Response lambda$new$6(Interceptor.Chain chain) throws IOException {
        Request request = chain.request();
        long nanoTime = System.nanoTime();
        Response proceed = chain.proceed(request);
        ZAAPIMonitorHandler.getInstance().recordMonitor(proceed.request().url().toString(), proceed.request().method(), TimeUnit.NANOSECONDS.toMillis(System.nanoTime() - nanoTime), proceed.code(), proceed.message(), proceed.isSuccessful() ? -193740127 : proceed.code(), null, proceed.request().body() == null ? -193740127L : proceed.request().body().contentLength(), proceed.body() == null ? -193740127L : proceed.body().contentLength());
        return proceed;
    }

    public static /* synthetic */ Response lambda$static$0(Interceptor.Chain chain) throws IOException {
        Request request = chain.request();
        Headers headers = request.headers();
        Request.Builder newBuilder = request.newBuilder();
        if (headers.names().contains("Authorization") && TextUtils.isEmpty(headers.get("Authorization"))) {
            newBuilder.header("Authorization", "oauth a09343e8e67e44b29e0d850c14c7bf");
        } else if (!AccountManager.getInstance().hasAccount() && TextUtils.isEmpty(headers.get("Authorization"))) {
            newBuilder.header("Authorization", "oauth a09343e8e67e44b29e0d850c14c7bf");
        }
        return chain.proceed(newBuilder.build());
    }

    public static /* synthetic */ Response lambda$static$2(Interceptor.Chain chain) throws IOException {
        Response proceed = chain.proceed(chain.request());
        String header = proceed.header("X-ZA-Experiment", null);
        if (header != null) {
            if (header.isEmpty()) {
                ZA.setExperimentId(null, true);
            } else {
                try {
                    HashMap hashMap = new HashMap();
                    for (String str : header.split(",")) {
                        String[] split = str.split(":");
                        hashMap.put(split[0], split[1]);
                    }
                    ZA.setExperimentId(hashMap, true);
                } catch (Exception e) {
                    e.printStackTrace();
                }
            }
            InstabugUtils.updateUserData();
        }
        return proceed;
    }

    private Certificates readCertificates() {
        String certificates = PreferenceHelper.getCertificates(this.mContext);
        if (!TextUtils.isEmpty(certificates)) {
            try {
                return (Certificates) JsonUtils.readValue(certificates, Certificates.class);
            } catch (IllegalArgumentException e) {
            }
        }
        return null;
    }

    private static boolean verify(byte[] bArr, String str) {
        try {
            PublicKey generatePublic = KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(Base64.decode("MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCSSI7hPaC1PaCa9voUFfkMsmyMreAGpy5wjm/9Np2Ael4HyEyXZ0YAjptheBA9YhAfFfjn7ZuHfmptN3yGKeF5JoDZAwC0yY0AWz95tSie8IZ4fUFxsxSMAkUrW6vijFuwQwvDGCygDu4TlYIIZ1WiV/W8lEJr+7rFSFAjKmVynQIDAQAB", 0)));
            Signature signature = Signature.getInstance("SHA1withRSA");
            signature.initVerify(generatePublic);
            signature.update(bArr);
            return signature.verify(Base64.decode(str, 0));
        } catch (Exception e) {
            return false;
        }
    }

    public ObjectMapper getDefaultObjectMapper() {
        return JsonUtils.getDefaultObjectMapper();
    }

    public Retrofit getRetrofit() {
        if (this.mRetrofit == null) {
            throw new IllegalStateException("Must call RetrofitInitializer.getDefaultInstance().initialize(context) before using Retrofit.");
        }
        return this.mRetrofit;
    }

    public void initialize(Context context) throws Exception {
        this.mContext = context.getApplicationContext();
        String[] pins = getPins(readCertificates());
        if (pins == null || pins.length <= 0) {
            addSecurityPins("https://api.zhihu.com/balance", InternalCertificates.HPKP);
        } else {
            addSecurityPins("https://api.zhihu.com/balance", pins);
        }
        this.mObjectMapper = getDefaultObjectMapper();
        OkHttpClient.Builder builder = new OkHttpClient.Builder();
        builder.addNetworkInterceptor(this.CERTIFICATE_VALIDATE_INTERCEPTOR);
        builder.addNetworkInterceptor(this.PERF_MONITOR_INTERCEPTOR);
        builder.addInterceptor(this.EXCEPTION_TRAP_INTERCEPTOR);
        builder.addInterceptor(this.REQUEST_PROCESS_INTERCEPTOR);
        builder.addInterceptor(ZA_EXPERIMENT_INTERCEPTOR);
        builder.addInterceptor(this.RESPONSE_PROCESS_INTERCEPTOR);
        builder.retryOnConnectionFailure(true);
        if (PreferenceHelper.isHttpDNSOn(context)) {
            builder.dns(ZhihuDnsService.getDefaultInstance());
        }
        if (!BuildConfigHelper.isPublic()) {
            builder.addNetworkInterceptor(new StethoInterceptor());
        }
        String host = DebugSettings.getHost(context);
        if ("http://api.zhihu.dev".equals(host)) {
            builder.addInterceptor(DEV_API_INTERCEPTOR);
        }
        Retrofit.Builder builder2 = new Retrofit.Builder();
        builder2.client(builder.build());
        builder2.baseUrl(host);
        builder2.addConverterFactory(JacksonConverterFactory.create(this.mObjectMapper));
        builder2.addCallAdapterFactory(RxJava2CallAdapterFactory.create());
        this.mRetrofit = builder2.build();
    }
}
