package com.oracle.iot.client.impl.http;

import com.android.volley.toolbox.HttpClientStack;
import com.oracle.iot.client.HttpResponse;
import com.oracle.iot.client.RestApi;
import com.oracle.iot.client.impl.AccessToken;
import com.oracle.iot.client.impl.TimeManager;
import com.oracle.iot.client.impl.device.DirectActivationRequest;
import com.oracle.iot.client.trust.TrustedAssetsManager;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.net.ConnectException;
import java.net.SocketTimeoutException;
import java.net.URL;
import java.net.UnknownHostException;
import java.security.GeneralSecurityException;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidator;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import java.util.Vector;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import org.json.JSONException;
import org.json.JSONObject;

/* loaded from: classes.dex */
public class HttpSecureConnectionImpl extends HttpSecureConnection {
    private static final int USE_DEFAULT_TIMEOUT_VALUE = -1;
    private final Object LOCK;
    private volatile AccessToken accessToken;
    private final String hostUrl;
    private final SSLSocketFactory sslSocketFactory;
    private static final boolean checkTLSRevocation = Boolean.getBoolean("com.sun.net.ssl.checkRevocation");
    private static final Map<String, SSLSocketFactory> socketFactoryMap = Collections.synchronizedMap(new HashMap());
    private static final String ACTIVATION_API = RestApi.V2.getReqRoot() + "/activation";
    private static final Logger LOGGER = Logger.getLogger("oracle.iot.client");

    public HttpSecureConnectionImpl(TrustedAssetsManager trustedAssetsManager, boolean z) throws GeneralSecurityException {
        super(trustedAssetsManager, z);
        this.LOCK = new int[0];
        this.hostUrl = trustedAssetsManager.getServerScheme() + "://" + trustedAssetsManager.getServerHost();
        SSLSocketFactory sSLSocketFactory = socketFactoryMap.get(this.hostUrl);
        if (sSLSocketFactory == null) {
            sSLSocketFactory = getDefaultSSLSocketFactory(trustedAssetsManager);
            socketFactoryMap.put(this.hostUrl, sSLSocketFactory);
        }
        this.sslSocketFactory = sSLSocketFactory;
    }

    private static SSLSocketFactory getDefaultSSLSocketFactory(TrustedAssetsManager trustedAssetsManager) throws GeneralSecurityException {
        SSLContext sSLContext = SSLContext.getInstance("TLS");
        CertificateFactory certificateFactory = CertificateFactory.getInstance(DirectActivationRequest.PUBLIC_KEY_ENCODING_FORMAT_X509);
        Vector<byte[]> trustAnchorCertificates = trustedAssetsManager.getTrustAnchorCertificates();
        if (trustAnchorCertificates == null || trustAnchorCertificates.isEmpty()) {
            sSLContext.init(null, null, null);
            return sSLContext.getSocketFactory();
        }
        final HashSet hashSet = new HashSet();
        for (int i = 0; i < trustAnchorCertificates.size(); i++) {
            hashSet.add(new TrustAnchor((X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(trustAnchorCertificates.elementAt(i))), null));
        }
        sSLContext.init(null, new TrustManager[]{new X509TrustManager() { // from class: com.oracle.iot.client.impl.http.HttpSecureConnectionImpl.1
            @Override // javax.net.ssl.X509TrustManager
            public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
                throw new CertificateException();
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
                CertPath generateCertPath = CertificateFactory.getInstance(DirectActivationRequest.PUBLIC_KEY_ENCODING_FORMAT_X509).generateCertPath(Arrays.asList(x509CertificateArr));
                try {
                    PKIXParameters pKIXParameters = new PKIXParameters((Set<TrustAnchor>) hashSet);
                    pKIXParameters.setRevocationEnabled(HttpSecureConnectionImpl.checkTLSRevocation);
                    CertPathValidator.getInstance("PKIX").validate(generateCertPath, pKIXParameters);
                } catch (Exception e) {
                    throw new CertificateException(e);
                }
            }

            @Override // javax.net.ssl.X509TrustManager
            public X509Certificate[] getAcceptedIssuers() {
                return null;
            }
        }}, null);
        return sSLContext.getSocketFactory();
    }

    private static Logger getLogger() {
        return LOGGER;
    }

    private HttpResponse invoke(String str, String str2, byte[] bArr) throws IOException, GeneralSecurityException {
        return invoke(str, str2, bArr, -1);
    }

    private HttpResponse invoke(String str, String str2, byte[] bArr, int i) throws IOException, GeneralSecurityException {
        AccessToken renewAccessToken;
        if (isClosed()) {
            throw new IOException("Connection is closed");
        }
        try {
            String serverHost = getTrustedAssetsManager().getServerHost();
            int serverPort = getTrustedAssetsManager().getServerPort();
            HashMap hashMap = new HashMap(4);
            boolean isWebApi = RestApi.V2.isWebApi();
            URL url = new URL("https", serverHost, serverPort, str2);
            if (!isWebApi) {
                AccessToken accessToken = this.accessToken;
                if (accessToken == null || accessToken.hasExpired()) {
                    synchronized (this.LOCK) {
                        accessToken = this.accessToken;
                        if (accessToken == null || accessToken.hasExpired()) {
                            accessToken = renewAccessToken(this);
                            this.accessToken = accessToken;
                        }
                    }
                }
                hashMap.put("Authorization", accessToken.getTokenType() + " " + accessToken.getToken());
            }
            hashMap.put("Content-Type", "application/json");
            hashMap.put("Accept", "application/json");
            if (isActivationApi(str2)) {
                if (getTrustedAssetsManager().isActivated()) {
                    hashMap.put("X-EndpointId", getTrustedAssetsManager().getEndpointId());
                } else {
                    hashMap.put("X-ActivationId", getTrustedAssetsManager().getClientId());
                }
            } else if (!RestApi.V2.isWebApi()) {
                if (getTrustedAssetsManager().isActivated()) {
                    hashMap.put("X-EndpointId", getTrustedAssetsManager().getEndpointId());
                } else {
                    hashMap.put("X-ActivationId", getTrustedAssetsManager().getClientId());
                }
            }
            HttpClient httpClientImpl = new HttpClientImpl(this.sslSocketFactory, url);
            HttpResponse invoke = invoke(httpClientImpl, str, bArr, hashMap, i);
            if (getLogger().isLoggable(Level.FINER)) {
                getLogger().log(Level.FINER, invoke.getVerboseStatus(str, url.toExternalForm()));
            }
            if (invoke.getStatus() == 401 || invoke.getStatus() == 403) {
                synchronized (this.LOCK) {
                    renewAccessToken = renewAccessToken(this);
                    this.accessToken = renewAccessToken;
                }
                hashMap.put("Authorization", renewAccessToken.getTokenType() + " " + renewAccessToken.getToken());
                invoke = invoke(httpClientImpl, str, bArr, hashMap, i);
            }
            if (invoke.getStatus() == 400) {
                getLogger().log(Level.SEVERE, invoke.getVerboseStatus(str, url.toExternalForm()));
            }
            return invoke;
        } catch (ConnectException e) {
            getLogger().log(Level.SEVERE, "Cannot connect: " + getTrustedAssetsManager().getServerHost() + ":" + getTrustedAssetsManager().getServerPort());
            throw e;
        } catch (SocketTimeoutException e2) {
            if (i < 0) {
                getLogger().log(Level.SEVERE, "Connection timed out: " + getTrustedAssetsManager().getServerScheme() + "://" + getTrustedAssetsManager().getServerHost() + ":" + getTrustedAssetsManager().getServerPort());
            }
            throw e2;
        } catch (UnknownHostException e3) {
            getLogger().log(Level.SEVERE, "Unknown host: " + getTrustedAssetsManager().getServerHost());
            throw e3;
        } catch (IOException e4) {
            getLogger().log(Level.SEVERE, e4.getMessage(), (Throwable) e4);
            throw e4;
        }
    }

    private static boolean isActivationApi(String str) {
        return ACTIVATION_API.regionMatches(0, str, 0, ACTIVATION_API.length());
    }

    private static long parseResponseTime(byte[] bArr) throws IllegalArgumentException {
        String str;
        String str2 = null;
        try {
            try {
                str = new String(bArr, "UTF-8");
            } catch (Throwable th) {
                throw th;
            }
        } catch (Throwable th2) {
            th = th2;
        }
        try {
            return str.indexOf("currentTime") < 0 ? System.currentTimeMillis() : Long.parseLong(new JSONObject(str).get("currentTime").toString());
        } catch (Throwable th3) {
            th = th3;
            str2 = str;
            getLogger().log(Level.SEVERE, th.toString());
            throw new IllegalArgumentException("Failed to parse server time from the response " + str2);
        }
    }

    private static HttpResponse postRenewAccessToken(HttpSecureConnectionImpl httpSecureConnectionImpl) throws IOException, GeneralSecurityException {
        TrustedAssetsManager trustedAssetsManager = httpSecureConnectionImpl.getTrustedAssetsManager();
        URL url = new URL("https", trustedAssetsManager.getServerHost(), trustedAssetsManager.getServerPort(), RestApi.V2.getReqRoot() + "/oauth2/token");
        HashMap hashMap = new HashMap();
        hashMap.put("Content-Type", "application/x-www-form-urlencoded");
        hashMap.put("Accept", "application/json");
        if (getLogger().isLoggable(Level.FINE)) {
            getLogger().fine("POST " + RestApi.V2.getReqRoot() + "/oauth2/token");
        }
        return new HttpClientImpl(httpSecureConnectionImpl.sslSocketFactory, url).post(HttpCredentials.getClientAssertionCredentials(trustedAssetsManager, httpSecureConnectionImpl.usesOnlySharedSecret()), hashMap);
    }

    private static AccessToken renewAccessToken(HttpSecureConnectionImpl httpSecureConnectionImpl) throws IOException, GeneralSecurityException {
        HttpResponse postRenewAccessToken = postRenewAccessToken(httpSecureConnectionImpl);
        int status = postRenewAccessToken.getStatus();
        if (status == 400) {
            try {
                TimeManager.setCurrentTimeMillis(parseResponseTime(postRenewAccessToken.getData()));
                postRenewAccessToken = postRenewAccessToken(httpSecureConnectionImpl);
                status = postRenewAccessToken.getStatus();
            } catch (IllegalArgumentException e) {
                getLogger().log(Level.SEVERE, e.toString());
            }
        }
        if (status == 400) {
            throw new GeneralSecurityException(postRenewAccessToken.getVerboseStatus("POST", RestApi.V2.getReqRoot() + "/oauth2/token"));
        }
        if (status != 200) {
            throw new IOException(postRenewAccessToken.getVerboseStatus("POST", RestApi.V2.getReqRoot() + "/oauth2/token"));
        }
        byte[] data = postRenewAccessToken.getData();
        if (data == null || data.length == 0) {
            throw new IOException("POST " + RestApi.V2.getReqRoot() + "/oauth2/token: empty payload");
        }
        try {
            return AccessToken.fromJson(new JSONObject(new String(data, "UTF-8")));
        } catch (JSONException e2) {
            throw new IOException(e2);
        }
    }

    @Override // com.oracle.iot.client.SecureConnection
    public HttpResponse delete(String str) throws IOException, GeneralSecurityException {
        return invoke("DELETE", str, null);
    }

    @Override // com.oracle.iot.client.SecureConnection
    public void disconnect() {
        synchronized (this.LOCK) {
            this.accessToken = null;
        }
    }

    @Override // com.oracle.iot.client.SecureConnection
    public HttpResponse get(String str) throws IOException, GeneralSecurityException {
        return invoke("GET", str, null);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final SSLSocketFactory getSSLSocketFactory() {
        return this.sslSocketFactory;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public HttpResponse invoke(HttpClient httpClient, String str, byte[] bArr, Map<String, String> map, int i) throws IOException, GeneralSecurityException {
        if (str.equals("GET")) {
            return httpClient.get(map);
        }
        if (str.equals("POST")) {
            return httpClient.post(bArr, map, i);
        }
        if (str.equals("DELETE")) {
            return httpClient.delete(map);
        }
        if (!str.equals(HttpClientStack.HttpPatch.METHOD_NAME)) {
            return httpClient.put(bArr, map);
        }
        map.put("X-HTTP-Method-Override", HttpClientStack.HttpPatch.METHOD_NAME);
        return httpClient.post(bArr, map, i);
    }

    @Override // com.oracle.iot.client.SecureConnection
    public HttpResponse patch(String str, byte[] bArr) throws IOException, GeneralSecurityException {
        return invoke(HttpClientStack.HttpPatch.METHOD_NAME, str, bArr);
    }

    @Override // com.oracle.iot.client.SecureConnection
    public HttpResponse post(String str, byte[] bArr) throws IOException, GeneralSecurityException {
        return invoke("POST", str, bArr);
    }

    @Override // com.oracle.iot.client.SecureConnection
    public HttpResponse post(String str, byte[] bArr, int i) throws IOException, GeneralSecurityException {
        return invoke("POST", str, bArr, i);
    }

    @Override // com.oracle.iot.client.SecureConnection
    public HttpResponse put(String str, byte[] bArr) throws IOException, GeneralSecurityException {
        return invoke("PUT", str, bArr);
    }
}
