package com.wuba.xxzl.b;

import com.iflytek.cloud.SpeechConstant;
import com.wuba.xxzl.security.XzNetSecCore;
import com.wuba.xxzl.security.jni.DllAgent;
import com.wuba.xxzl.security.log.NetLog;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.UUID;
import javax.net.ssl.SSLPeerUnverifiedException;
import okhttp3.CertificatePinner;
import okhttp3.Interceptor;
import okhttp3.Response;
import okio.ByteString;
import org.json.JSONArray;

/* compiled from: XzSSLNetInterceptor.java */
/* loaded from: classes3.dex */
public class d implements Interceptor {
    private static final String TAG = "NetSecInterceptor";
    private static String svB = "";
    private static CertificatePinner svC;
    private String action = "ssl";

    public d(String str) {
        svB = str;
    }

    private void a(Interceptor.Chain chain) {
        if (!cgf()) {
            NetLog.wtf(this.action, "cfg off", svB);
            return;
        }
        cgd();
        try {
            svC.check(chain.request().url().host(), chain.connection().handshake().peerCertificates());
        } catch (SSLPeerUnverifiedException unused) {
            NetLog.wtf(this.action, "invalid certificate " + chain.request().url().toString(), svB);
        } catch (Throwable th) {
            NetLog.wtf(this.action, "exception " + th.getMessage(), svB);
        }
    }

    private void cgd() {
        if (svC != null) {
            return;
        }
        CertificatePinner.Builder builder = new CertificatePinner.Builder();
        JSONArray cge = cge();
        if (cge != null) {
            for (int i = 0; i < cge.length(); i++) {
                try {
                    builder.add(cge.optJSONObject(i).optString(SpeechConstant.DOMAIN), CertificatePinner.pin((X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(ByteString.decodeHex(cge.optJSONObject(i).optString("publicKey")).toByteArray()))));
                } catch (Throwable th) {
                    th.printStackTrace();
                    NetLog.wtf(this.action, "cfg parse fail host name " + cge.optJSONObject(i).optString(SpeechConstant.DOMAIN), svB);
                }
            }
        } else {
            NetLog.wtf(this.action, "cfg null", svB);
        }
        svC = builder.build();
    }

    private static JSONArray cge() {
        try {
            return new JSONArray(DllAgent.loadCerCfg(XzNetSecCore.getContext(), UUID.randomUUID().toString().getBytes()));
        } catch (Throwable unused) {
            NetLog.wtf("loadCfg", "load exception", svB);
            return null;
        }
    }

    private boolean cgf() {
        return XzNetSecCore.getInstance().switchCfg(XzNetSecCore.SWITCH_SSL);
    }

    @Override // okhttp3.Interceptor
    public Response intercept(Interceptor.Chain chain) throws IOException {
        a(chain);
        return chain.proceed(chain.request());
    }
}
