package com.xiaomi.accountsdk.request;

import android.text.TextUtils;
import com.xiaomi.account.data.PassportCAToken;
import com.xiaomi.account.exception.PassportCAException;
import com.xiaomi.accountsdk.account.PassportCATokenManager;
import com.xiaomi.accountsdk.request.SimpleRequest;
import com.xiaomi.accountsdk.utils.AESWithIVCoder;
import com.xiaomi.accountsdk.utils.AccountLog;
import com.xiaomi.accountsdk.utils.CloudCoder;
import com.xiaomi.accountsdk.utils.CryptCoder;
import com.xiaomi.accountsdk.utils.EasyMap;
import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.util.Map;
import javax.crypto.BadPaddingException;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import org.apache.http.HttpHost;
import org.json.JSONException;

/* loaded from: classes.dex */
public class PassportCARequest extends PassportRequest {
    private static final String a = PassportCARequest.class.getName();
    private final PassportSimpleRequest b;
    private final PassportCATokenManager c;
    private boolean d = false;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public static class CookiesEncryptRule implements EncryptRule {
        private CookiesEncryptRule() {
        }

        @Override // com.xiaomi.accountsdk.request.PassportCARequest.EncryptRule
        public boolean a(String str) {
            return (str == null || str.startsWith("__") || str.equals("passport_ca_token")) ? false : true;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public interface EncryptRule {
        boolean a(String str);
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: classes.dex */
    public static class ParamEncryptRule implements EncryptRule {
        private ParamEncryptRule() {
        }

        @Override // com.xiaomi.accountsdk.request.PassportCARequest.EncryptRule
        public boolean a(String str) {
            return (str == null || str.startsWith("_")) ? false : true;
        }
    }

    public PassportCARequest(PassportSimpleRequest passportSimpleRequest, PassportCATokenManager passportCATokenManager) {
        this.b = passportSimpleRequest;
        this.c = passportCATokenManager;
    }

    private static PassportCAToken a(String str, PassportCATokenManager passportCATokenManager) throws PassportCAException, AuthenticationFailureException {
        try {
            return passportCATokenManager.c(str);
        } catch (AccessDeniedException e) {
            throw new PassportCAException(e);
        } catch (CipherException e2) {
            throw new PassportCAException(e2);
        } catch (InvalidResponseException e3) {
            throw new PassportCAException(e3);
        } catch (IOException e4) {
            throw new PassportCAException(e4);
        } catch (InvalidKeyException e5) {
            throw new PassportCAException(e5);
        } catch (NoSuchAlgorithmException e6) {
            throw new PassportCAException(e6);
        } catch (CertificateException e7) {
            throw new PassportCAException(e7);
        } catch (BadPaddingException e8) {
            throw new PassportCAException(e8);
        } catch (IllegalBlockSizeException e9) {
            throw new PassportCAException(e9);
        } catch (NoSuchPaddingException e10) {
            throw new PassportCAException(e10);
        } catch (JSONException e11) {
            throw new PassportCAException(e11);
        }
    }

    private static SimpleRequest.StringContent a(CryptCoder cryptCoder, SimpleRequest.StringContent stringContent) throws InvalidResponseException {
        String d = stringContent.d();
        boolean z = stringContent.c() == 302;
        if (TextUtils.isEmpty(d)) {
            throw new InvalidResponseException("invalid response from server", null, z);
        }
        try {
            SimpleRequest.StringContent stringContent2 = new SimpleRequest.StringContent(cryptCoder.a(d));
            stringContent2.a(stringContent.c());
            Map<String, String> a2 = stringContent.a();
            for (String str : stringContent.b()) {
                try {
                    a2.put(str, cryptCoder.a(stringContent.a(str)));
                } catch (CipherException e) {
                }
            }
            stringContent2.a(a2);
            return stringContent2;
        } catch (CipherException e2) {
            throw new InvalidResponseException("failed to decrypt response", e2, z || a(d));
        }
    }

    private static void a(EasyMap<String, String> easyMap, CryptCoder cryptCoder, EncryptRule encryptRule) throws PassportCAException {
        try {
            for (Map.Entry<String, String> entry : easyMap.entrySet()) {
                String key = entry.getKey();
                String value = entry.getValue();
                if (key != null && value != null && encryptRule.a(key)) {
                    easyMap.put(key, cryptCoder.b(value));
                }
            }
        } catch (CipherException e) {
            throw new PassportCAException(e);
        }
    }

    static boolean a(String str) {
        return str != null && (str.contains("html") || str.contains(HttpHost.DEFAULT_SCHEME_NAME));
    }

    @Override // com.xiaomi.accountsdk.request.PassportRequest
    public SimpleRequest.StringContent a() throws IOException, PassportRequestException {
        if (b() == null || !b().a()) {
            throw new PassportRequestException(new PassportCAException("null CA Manager"));
        }
        try {
            return c();
        } catch (PassportCAException e) {
            throw new PassportRequestException(e);
        } catch (AccessDeniedException e2) {
            throw new PassportRequestException(e2);
        } catch (AuthenticationFailureException e3) {
            if (this.d) {
                throw new PassportRequestException(e3);
            }
            this.d = true;
            return a(e3);
        } catch (InvalidResponseException e4) {
            throw new PassportRequestException(e4);
        } catch (PassportRequestException e5) {
            if (!(e5.getCause() instanceof AuthenticationFailureException) || this.d) {
                throw e5;
            }
            this.d = true;
            return a((AuthenticationFailureException) e5.getCause());
        }
    }

    SimpleRequest.StringContent a(AuthenticationFailureException authenticationFailureException) throws IOException, PassportRequestException {
        Long l;
        String a2 = authenticationFailureException.a();
        if ("passportCA".equals(a2)) {
            b().c();
            return a();
        }
        if (!"passportCA-Disabled".equals(a2)) {
            throw new PassportRequestException(authenticationFailureException);
        }
        try {
            l = Long.valueOf(authenticationFailureException.b());
        } catch (NumberFormatException e) {
            AccountLog.b(a, e);
            l = null;
        }
        b().a(l);
        throw new PassportRequestException(new PassportCAException("PassportCA Disabled"));
    }

    PassportCATokenManager b() {
        return this.c;
    }

    SimpleRequest.StringContent c() throws PassportCAException, IOException, InvalidResponseException, AccessDeniedException, AuthenticationFailureException, PassportRequestException {
        if (this.b.c()) {
            throw new IllegalStateException("https request should not use PassportCA");
        }
        PassportSimpleRequest b = this.b.b();
        PassportRequestArguments passportRequestArguments = b.b;
        PassportCAToken a2 = a(passportRequestArguments.f, b());
        if (a2 == null || !a2.a()) {
            throw new PassportCAException("null CA token");
        }
        passportRequestArguments.a.put("_nonce", CloudCoder.a());
        passportRequestArguments.b.put("passport_ca_token", a2.a);
        passportRequestArguments.c.put("caTag", "noSafe");
        AESWithIVCoder aESWithIVCoder = new AESWithIVCoder(a2.b);
        a(passportRequestArguments.a, aESWithIVCoder, new ParamEncryptRule());
        a(passportRequestArguments.b, aESWithIVCoder, new CookiesEncryptRule());
        passportRequestArguments.a.put("_caSign", CloudCoder.a(b.d(), passportRequestArguments.f, passportRequestArguments.a, a2.b));
        SimpleRequest.StringContent a3 = new RequestWithIP(b, new IPStrategy(), new CALoginStatHelper()).a();
        if (a3 == null) {
            throw new IOException("no response from server");
        }
        return a(aESWithIVCoder, a3);
    }
}
