package com.wuba.xxzl.xznetsec;

import com.iflytek.cloud.SpeechConstant;
import com.wuba.xxzl.security.XzNetSecCore;
import com.wuba.xxzl.security.jni.DllAgent;
import com.wuba.xxzl.security.log.NetLog;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.UUID;
import javax.net.ssl.SSLPeerUnverifiedException;
import okhttp3.CertificatePinner;
import okhttp3.Interceptor;
import okhttp3.Response;
import okio.ByteString;
import org.json.JSONArray;

/* compiled from: XzSSLNetInterceptor.java */
/* loaded from: classes2.dex */
public class d implements Interceptor {
    public static final String b = "NetSecInterceptor";
    public static String c = "";
    public static CertificatePinner d;

    /* renamed from: a, reason: collision with root package name */
    public String f13163a = "ssl";

    public d(String str) {
        c = str;
    }

    private void a(Interceptor.Chain chain) {
        if (!d()) {
            NetLog.wtf(this.f13163a, "cfg off", c);
            return;
        }
        b();
        try {
            d.check(chain.request().url().host(), chain.connection().handshake().peerCertificates());
        } catch (SSLPeerUnverifiedException unused) {
            NetLog.wtf(this.f13163a, "invalid certificate " + chain.request().url().toString(), c);
        } catch (Throwable th) {
            NetLog.wtf(this.f13163a, "exception " + th.getMessage(), c);
        }
    }

    private void b() {
        if (d != null) {
            return;
        }
        CertificatePinner.Builder builder = new CertificatePinner.Builder();
        JSONArray c2 = c();
        if (c2 != null) {
            for (int i = 0; i < c2.length(); i++) {
                try {
                    builder.add(c2.optJSONObject(i).optString(SpeechConstant.DOMAIN), CertificatePinner.pin((X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(ByteString.decodeHex(c2.optJSONObject(i).optString("publicKey")).toByteArray()))));
                } catch (Throwable th) {
                    th.printStackTrace();
                    NetLog.wtf(this.f13163a, "cfg parse fail host name " + c2.optJSONObject(i).optString(SpeechConstant.DOMAIN), c);
                }
            }
        } else {
            NetLog.wtf(this.f13163a, "cfg null", c);
        }
        d = builder.build();
    }

    public static JSONArray c() {
        try {
            return new JSONArray(DllAgent.loadCerCfg(XzNetSecCore.getContext(), UUID.randomUUID().toString().getBytes()));
        } catch (Throwable unused) {
            NetLog.wtf("loadCfg", "load exception", c);
            return null;
        }
    }

    private boolean d() {
        return XzNetSecCore.getInstance().switchCfg(XzNetSecCore.SWITCH_SSL);
    }

    @Override // okhttp3.Interceptor
    public Response intercept(Interceptor.Chain chain) throws IOException {
        a(chain);
        return chain.proceed(chain.request());
    }
}
