package com.huawei.hms.network.speedtest.inner;

import android.annotation.SuppressLint;
import android.content.Context;
import android.text.TextUtils;
import com.huawei.agconnect.apms.collect.model.EventType;
import com.huawei.hms.network.embedded.U;
import com.huawei.hms.network.httpclient.Response;
import com.huawei.hms.network.speedtest.common.CheckParamUtils;
import com.huawei.hms.network.speedtest.common.SpeedPreferencesManager;
import com.huawei.hms.network.speedtest.common.executor.ExecutorsUtils;
import com.huawei.hms.network.speedtest.common.log.LogManager;
import com.huawei.hms.network.speedtest.common.utils.ContextHolder;
import com.huawei.hms.network.speedtest.common.utils.GsonUtil;
import com.huawei.hms.network.speedtest.common.utils.StringUtil;
import com.huawei.hms.network.speedtest.common.utils.TimeUtil;
import com.huawei.hms.network.speedtest.inner.http.RestClientManager;
import com.huawei.hms.network.speedtest.inner.response.AccessToken;
import com.huawei.hms.network.speedtest.inner.response.AccessTokenBean;
import com.huawei.hms.support.api.entity.common.CommonConstant;
import com.huawei.phoneservice.faq.base.constants.FaqConstants;
import com.huawei.secure.android.common.encrypt.utils.EncryptUtil;
import com.huawei.secure.android.common.sign.HiPkgSignManager;
import com.huawei.wisesecurity.ucs.common.exception.UcsCryptoException;
import com.huawei.wisesecurity.ucs.common.exception.UcsException;
import com.huawei.wisesecurity.ucs.credential.CredentialClient;
import com.huawei.wisesecurity.ucs.credential.crypto.cipher.CredentialCipher;
import com.huawei.wisesecurity.ucs.credential.crypto.cipher.CredentialCipherAlg;
import com.huawei.wisesecurity.ucs.credential.crypto.signer.CredentialSignAlg;
import com.huawei.wisesecurity.ucs.credential.crypto.signer.CredentialSigner;
import com.huawei.wisesecurity.ucs.credential.entity.Credential;
import java.net.URLEncoder;
import java.util.concurrent.Callable;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Future;
import org.json.JSONException;
import org.json.JSONObject;

/* loaded from: classes.dex */
public class AuthenticManager {
    private static final String CREDENTIAL = "speed_sdk_credential";

    @SuppressLint({"StaticFieldLeak"})
    private static volatile AuthenticManager INSTANCE = null;
    private static final int IV_LEN = 12;
    public static final String SDK_AUTHENTICATION_PATH = "/speedservice/search/v1/initAuth";
    public static final String TAG = "AuthenticManager";
    private AccessToken accessToken;
    private Future<String> accessTokenFuture;
    private String apiKey;
    private Context context;
    private Credential credential;
    private CredentialCipher credentialCipher;
    private CredentialSigner credentialSigner;
    private final ExecutorService executor = ExecutorsUtils.newSingleThreadExecutor("speedTest");
    private byte[] ivBytes;
    private String jwtHeader;
    private String token;

    /* loaded from: classes.dex */
    public static final class Constants {
        private static final String HEADER_ALG = "alg";
        private static final String HEADER_TYP = "typ";
        private static final String PLAY_LOAD_ACCESS_KEY = "accessKey";
        private static final String PLAY_LOAD_API_KEY = "apiKey";
        private static final String PLAY_LOAD_CERT = "cert";
        private static final String PLAY_LOAD_IV = "iv";
        private static final String PLAY_LOAD_PK_NAME = "packageName";
        private static final String PLAY_LOAD_PLATFORM = "platform";
        private static final String PLAY_LOAD_VERSION = "version";
    }

    private AuthenticManager(Context context) {
        if (context == null) {
            LogManager.e(TAG, "AuthenticManager context == null");
        } else {
            this.context = context;
        }
    }

    private void createCredentialClient() throws UcsException {
        this.credential = new CredentialClient.Builder().context(this.context).serCountry(FaqConstants.COUNTRY_CODE_CN).build().applyCredential(com.huawei.genexcloud.speedtest.BuildConfig.APPLICATION_ID);
        SpeedPreferencesManager.getInstance().putString(CREDENTIAL, this.credential.toString());
    }

    private void createJwtHeader() throws JSONException {
        JSONObject jSONObject = new JSONObject();
        jSONObject.put("typ", "JWT");
        jSONObject.put("alg", "HMAC SHA256");
        this.jwtHeader = StringUtil.base64UrlEncode(jSONObject.toString());
    }

    private String getCertificateSHA1Fingerprint() {
        return HiPkgSignManager.getInstalledAppHash(this.context, ContextHolder.getContext().getPackageName());
    }

    public static AuthenticManager getInstance(Context context) {
        if (INSTANCE == null) {
            synchronized (AuthenticManager.class) {
                if (INSTANCE == null) {
                    INSTANCE = new AuthenticManager(context);
                }
            }
        }
        return INSTANCE;
    }

    private String getIvBase64String() {
        byte[] bArr = this.ivBytes;
        if (bArr == null) {
            bArr = EncryptUtil.generateSecureRandom(12);
        }
        return StringUtil.base64Encode(bArr);
    }

    private void initCredentialObj() {
        try {
            if (SpeedPreferencesManager.getInstance().containsKey(CREDENTIAL)) {
                this.credential = Credential.fromString(this.context, SpeedPreferencesManager.getInstance().getString(CREDENTIAL));
            } else {
                createCredentialClient();
            }
            if (isExpired(this.credential.getExpireTime())) {
                createCredentialClient();
            }
            this.credentialSigner = new CredentialSigner.Builder().withAlg(CredentialSignAlg.HMAC_SHA256).withCredential(this.credential).build();
            this.ivBytes = EncryptUtil.generateSecureRandom(12);
            this.credentialCipher = new CredentialCipher.Builder().withAlg(CredentialCipherAlg.AES_GCM).withIv(this.ivBytes).withCredential(this.credential).build();
        } catch (UcsException e) {
            LogManager.w(TAG, "credential UcsException code is:" + e.getErrorCode() + ", credential UcsException msg is:" + e.getMessage());
            throw new IllegalStateException("credential UcsException code is:" + e.getErrorCode() + ", credential UcsException msg is:" + e.getMessage());
        }
    }

    private boolean isExpired(long j) {
        return j - TimeUtil.getCurrentTimeMillis() < U.g.e;
    }

    private AccessToken parseToken(String str) {
        if (TextUtils.isEmpty(str)) {
            return null;
        }
        String[] split = str.split("\\.");
        if (split.length > 1) {
            return (AccessToken) GsonUtil.fromStringToBean(StringUtil.base64UrlDecode(split[1]), AccessToken.class);
        }
        return null;
    }

    private Future<String> refreshToken() {
        return this.executor.submit(new Callable() { // from class: com.huawei.hms.network.speedtest.inner.a
            @Override // java.util.concurrent.Callable
            public final Object call() {
                return AuthenticManager.this.a();
            }
        });
    }

    public /* synthetic */ String a() throws Exception {
        String accessToken;
        AccessToken parseToken;
        if (this.credentialCipher == null || this.credentialSigner == null) {
            initCredentialObj();
        }
        CheckParamUtils.checkNotNull(this.apiKey, "AuthenticManager apiKey is null，please initApiKey(String apiKey) at first.");
        String base64 = this.credentialCipher.getEncryptHandler().from(URLEncoder.encode(this.apiKey, "UTF-8")).toBase64();
        JSONObject jSONObject = new JSONObject();
        jSONObject.put(CommonConstant.ReqAccessTokenParam.PACKAGE_NAME, ContextHolder.getContext().getPackageName());
        jSONObject.put("cert", getCertificateSHA1Fingerprint());
        jSONObject.put("apiKey", base64);
        jSONObject.put(Credential.AK, this.credential.getAccessKey());
        jSONObject.put("iv", getIvBase64String());
        jSONObject.put(EventType.PLATFORM, "android");
        jSONObject.put("version", "3.1.0.300");
        String base64UrlEncode = StringUtil.base64UrlEncode(jSONObject.toString());
        if (TextUtils.isEmpty(this.jwtHeader)) {
            createJwtHeader();
        }
        Response<AccessTokenBean> execute = RestClientManager.getInstance().getSpeedTestHttpService().syncAuthenticPost(SDK_AUTHENTICATION_PATH, this.jwtHeader + "." + base64UrlEncode + "." + getSignature(base64UrlEncode)).execute();
        StringBuilder sb = new StringBuilder();
        sb.append("refreshToken response code is :");
        sb.append(execute.getCode());
        LogManager.i(TAG, sb.toString());
        return (!execute.isSuccessful() || (parseToken = parseToken((accessToken = execute.getBody().getAccessToken()))) == null || parseToken.isExpiredTime()) ? "" : accessToken;
    }

    public String getAccessKey() {
        if (this.credential == null) {
            initCredentialObj();
        }
        return this.credential.getAccessKey();
    }

    public String getSignature(String str) throws UcsCryptoException {
        return this.credentialSigner.getSignHandler().from(this.jwtHeader + "." + str).signBase64();
    }

    public String getSignatureWithNoJwtHeader(String str) {
        if (this.credentialSigner == null) {
            initCredentialObj();
        }
        try {
            return this.credentialSigner.getSignHandler().from(str).signBase64();
        } catch (UcsCryptoException e) {
            LogManager.w(TAG, "UcsCryptoException=" + e.getMessage());
            return null;
        }
    }

    public synchronized String getToken() {
        if (!TextUtils.isEmpty(this.token)) {
            if (!this.accessToken.isExpiredTime()) {
                return this.token;
            }
            this.token = null;
        }
        if (this.accessTokenFuture != null) {
            try {
                this.token = this.accessTokenFuture.get();
            } catch (InterruptedException | ExecutionException e) {
                LogManager.w(TAG, "future get token error.", e);
            }
            this.accessTokenFuture = null;
        }
        if (TextUtils.isEmpty(this.token)) {
            try {
                this.token = refreshToken().get();
            } catch (InterruptedException | ExecutionException e2) {
                LogManager.w(TAG, "refreshToken get token error.", e2);
            }
        }
        this.accessToken = parseToken(this.token);
        return this.token;
    }

    public synchronized void initApiKey(String str) {
        this.apiKey = str;
        this.accessTokenFuture = refreshToken();
    }
}
