package o;

import android.content.Context;
import android.text.TextUtils;
import com.huawei.multisimsdk.multidevicemanager.R;
import com.huawei.phoneservice.feedback.network.FeedbackWebConstants;
import com.tencent.connect.common.Constants;
import java.io.ByteArrayOutputStream;
import java.io.Closeable;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.HttpURLConnection;
import java.net.URL;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManagerFactory;
import o.cth;
import org.eclipse.californium.core.coap.CoAP;
import org.eclipse.californium.core.coap.OptionNumberRegistry;

/* loaded from: classes7.dex */
public class ctf {
    private static ctf a;
    private static final String b = ctf.class.getSimpleName();
    private static final Object e = new Object();
    private String c;
    private cte d;

    public static ctf a() {
        ctf ctfVar;
        synchronized (e) {
            if (null == a) {
                a = new ctf();
            }
            ctfVar = a;
        }
        return ctfVar;
    }

    private ctk a(Context context, String str, String str2, String str3, String str4) throws Exception {
        String str5;
        if (cta.e.booleanValue()) {
            cta.a(b, "getGBAContentFromPost->start.urlParams=" + str3 + ", authorization=" + str4 + ", sip=" + str);
        }
        ctk ctkVar = new ctk();
        if (TextUtils.isEmpty(str) || TextUtils.isEmpty(str2)) {
            cta.a(b, "sip or urlAddress is null.");
            ctkVar.a(99);
            return ctkVar;
        }
        cta.a(b, "sip and address ok.");
        HttpsURLConnection httpsURLConnection = null;
        OutputStream outputStream = null;
        try {
            try {
                httpsURLConnection = (HttpsURLConnection) new URL(str2).openConnection();
                e(context, httpsURLConnection);
                httpsURLConnection.setConnectTimeout(30000);
                httpsURLConnection.setReadTimeout(30000);
                httpsURLConnection.setRequestMethod("POST");
                httpsURLConnection.setRequestProperty("User-Agent", "3gpp-gba");
                httpsURLConnection.setRequestProperty("ES-Version", "1.0.7");
                httpsURLConnection.setRequestProperty("ES-APP-ID", "00104605");
                httpsURLConnection.setRequestProperty("ES-APP-Key", "0C22D5E56878F9D3");
                httpsURLConnection.setRequestProperty(OptionNumberRegistry.Names.Accept, "application/json");
                httpsURLConnection.setRequestProperty("Content-Type", "application/json");
                httpsURLConnection.setRequestProperty("Connection", "Keep-Alive");
                httpsURLConnection.setRequestProperty("X-3GPP-Intended-IDENTITY", str);
                if (!TextUtils.isEmpty(str4)) {
                    httpsURLConnection.setRequestProperty(FeedbackWebConstants.AUTHORIZATION, str4);
                }
                httpsURLConnection.connect();
                this.d = cte.c(httpsURLConnection.getCipherSuite());
                outputStream = httpsURLConnection.getOutputStream();
                if (!TextUtils.isEmpty(str3)) {
                    outputStream.write(str3.getBytes());
                }
                outputStream.flush();
                int responseCode = httpsURLConnection.getResponseCode();
                str5 = "";
                if (responseCode == 401) {
                    String headerField = httpsURLConnection.getHeaderField("www-Authenticate");
                    str5 = TextUtils.isEmpty(headerField) ? "" : headerField.trim();
                } else if (responseCode == 200) {
                    str5 = c(httpsURLConnection).trim();
                }
                ctkVar.a(responseCode);
                ctkVar.d(str5);
                if (cta.e.booleanValue()) {
                    cta.a(b, "response: " + ctkVar.toString());
                }
                cta.a(b, "doPostRequest->success.");
                if (httpsURLConnection != null) {
                    httpsURLConnection.disconnect();
                }
                a(outputStream);
                return ctkVar;
            } catch (IOException e2) {
                cta.a(b, "getGBAContentFromPost->IOException.");
                ctkVar.a(98);
                if (httpsURLConnection != null) {
                    httpsURLConnection.disconnect();
                }
                a(outputStream);
                return ctkVar;
            }
        } catch (Throwable th) {
            if (httpsURLConnection != null) {
                httpsURLConnection.disconnect();
            }
            a(outputStream);
            throw th;
        }
    }

    private ctk a(String str, String str2) throws Exception {
        String str3;
        if (cta.e.booleanValue()) {
            cta.a(b, "getGBAContentFromGet urlAddress = " + str + ", authorization = " + str2);
        }
        ctk ctkVar = new ctk();
        if (TextUtils.isEmpty(str2) || TextUtils.isEmpty(str)) {
            cta.a(b, "authorization or urlAddress is null");
            ctkVar.a(99);
            return ctkVar;
        }
        HttpURLConnection httpURLConnection = null;
        try {
            try {
                httpURLConnection = (HttpURLConnection) new URL(str).openConnection();
                if (null != httpURLConnection) {
                    httpURLConnection.setConnectTimeout(30000);
                    httpURLConnection.setReadTimeout(30000);
                    httpURLConnection.setRequestMethod(Constants.HTTP_GET);
                    httpURLConnection.setRequestProperty("User-Agent", "Bootstrapping Client Agent");
                    httpURLConnection.setRequestProperty("Accept-Encoding", "identity");
                    httpURLConnection.setRequestProperty(OptionNumberRegistry.Names.Accept, "*/*");
                    httpURLConnection.setRequestProperty("Connection", "Keep-Alive");
                    httpURLConnection.setRequestProperty(FeedbackWebConstants.AUTHORIZATION, str2);
                    httpURLConnection.connect();
                    int responseCode = httpURLConnection.getResponseCode();
                    str3 = "";
                    if (responseCode == 401) {
                        String headerField = httpURLConnection.getHeaderField("www-Authenticate");
                        str3 = TextUtils.isEmpty(headerField) ? "" : headerField.trim();
                    } else if (responseCode == 200) {
                        str3 = c(httpURLConnection).trim();
                    }
                    ctkVar.a(responseCode);
                    ctkVar.d(str3);
                }
                if (cta.e.booleanValue()) {
                    cta.a(b, "response: " + ctkVar.toString());
                }
                cta.a(b, "doPostRequest->success.");
                if (httpURLConnection != null) {
                    httpURLConnection.disconnect();
                }
                return ctkVar;
            } catch (IOException e2) {
                cta.a(b, "getGBAContentFromGet->IOException.");
                ctkVar.a(98);
                if (httpURLConnection != null) {
                    httpURLConnection.disconnect();
                }
                return ctkVar;
            }
        } catch (Throwable th) {
            if (httpURLConnection != null) {
                httpURLConnection.disconnect();
            }
            throw th;
        }
    }

    private static void a(Closeable closeable) {
        if (null != closeable) {
            try {
                closeable.close();
            } catch (IOException e2) {
                cta.e(b, "closeStream->close error");
            }
        }
    }

    private static String c(HttpURLConnection httpURLConnection) throws IOException {
        InputStream inputStream = null;
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            inputStream = httpURLConnection.getInputStream();
            byte[] bArr = new byte[1024];
            while (true) {
                int read = inputStream.read(bArr);
                if (read == -1) {
                    return byteArrayOutputStream.toString();
                }
                byteArrayOutputStream.write(bArr, 0, read);
            }
        } finally {
            a(inputStream);
            a(byteArrayOutputStream);
        }
    }

    private String d(Context context, String str, String str2, String str3) throws Exception {
        cta.a(b, "Gba auth step 2.");
        ctk a2 = a(String.format(csw.d(), csy.e(str), csy.d(str)), "Digest nonce=\"\",uri=\"/\",username=\"" + String.format("%1$s@ims.mnc%2$s.mcc%3$s.3gppnetwork.org", str, csy.e(str), csy.d(str)) + "\",realm=\"" + String.format("bsf.mnc%1$s.mcc%2$s.pub.3gppnetwork.org", csy.e(str), csy.d(str)) + "\",response=\"\"");
        return 401 == a2.e() ? d(context, str, str2, str3, a2.c()) : 98 == a2.e() ? String.valueOf(98) : 403 == a2.e() ? String.valueOf(403) : String.valueOf(99);
    }

    private String d(Context context, String str, String str2, String str3, String str4) throws Exception {
        cta.a(b, "Gba auth step 3.");
        String format = String.format("%1$s@ims.mnc%2$s.mcc%3$s.3gppnetwork.org", str, csy.e(str), csy.d(str));
        String format2 = String.format(csw.d(), csy.e(str), csy.d(str));
        String format3 = String.format("bsf.mnc%1$s.mcc%2$s.pub.3gppnetwork.org", csy.e(str), csy.d(str));
        cth.b(str4.replace("Digest ", " "));
        String e2 = cth.e("nonce");
        String e3 = cth.e("opaque");
        String e4 = cth.e("qop");
        String e5 = cth.e("algorithm");
        cth.d a2 = cth.a(context, e2);
        String e6 = a2 != null ? cth.e(a2.e) : null;
        byte[] e7 = cth.e(a2, str, this.c, this.d);
        String b2 = cth.b(format, format3, e6, Constants.HTTP_GET);
        String c = cth.c();
        ctk a3 = a(format2, "Digest username=\"" + format + "\",realm=\"" + format3 + "\",nonce=\"" + e2 + "\",response=\"" + cth.c(b2, cth.c(e2, c, e4, "GET:/")) + "\",uri=\"/\",opaque=\"" + e3 + "\",qop=" + e4 + ",nc=00000001,algorithm=" + e5 + ",cnonce=\"" + c + "\"");
        return 200 == a3.e() ? d(context, str, str2, str3, cth.e(e7), a3.c()) : 98 == a3.e() ? String.valueOf(98) : String.valueOf(99);
    }

    private String d(Context context, String str, String str2, String str3, String str4, String str5) throws Exception {
        cta.a(b, "Gba auth step 4.");
        String format = String.format("sip:%1$s@ims.mnc%2$s.mcc%3$s.3gppnetwork.org", str, csy.e(str), csy.d(str));
        String b2 = csw.b();
        cth.b(str3.replace("Digest ", " "));
        Matcher matcher = Pattern.compile("[\\S\\s]*(<btid>[\\s\\S]*</btid>)[\\s\\S]*").matcher(str5);
        String replace = matcher.matches() ? matcher.group(1).replace("<btid>", "").replace("</btid>", "") : "";
        String e2 = cth.e("realm");
        String e3 = cth.e("nonce");
        String c = cth.c();
        String e4 = cth.e("opaque");
        String e5 = cth.e("algorithm");
        String e6 = cth.e("qop");
        if (str4 == null) {
            return null;
        }
        String str6 = "Digest username=\"" + replace + "\",realm=\"" + e2 + "\",nonce=\"" + e3 + "\",response=\"" + cth.c(cth.b(replace, e2, str4, "POST"), cth.c(e3, c, e6, "POST:/")) + "\",uri=\"/\",opaque=\"" + e4 + "\",qop=" + e6 + ",nc=00000001,algorithm=" + e5 + ",cnonce=\"" + c + "\"";
        ctk a2 = a(context, format, b2, str2, str6);
        if (200 != a2.e()) {
            return 98 == a2.e() ? String.valueOf(98) : String.valueOf(99);
        }
        if (str != null) {
            csy.e(context, str, "authorization", str6);
        }
        return a2.c();
    }

    private void e(Context context, HttpsURLConnection httpsURLConnection) {
        try {
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            InputStream openRawResource = context.getResources().openRawResource(R.raw.hpe_cert);
            try {
                Certificate generateCertificate = certificateFactory.generateCertificate(openRawResource);
                if (cta.e.booleanValue()) {
                    cta.a(b, "ca=" + ((X509Certificate) generateCertificate).getSubjectDN());
                    cta.a(b, "castr=" + ((X509Certificate) generateCertificate).getSubjectDN().toString());
                }
                KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
                keyStore.load(null, null);
                keyStore.setCertificateEntry("ca", generateCertificate);
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                trustManagerFactory.init(keyStore);
                SSLContext sSLContext = SSLContext.getInstance(CoAP.PROTOCOL_TLS);
                sSLContext.init(null, trustManagerFactory.getTrustManagers(), null);
                httpsURLConnection.setSSLSocketFactory(new csz(sSLContext.getSocketFactory()));
            } finally {
                openRawResource.close();
            }
        } catch (IOException e2) {
            cta.b(b, "doPostRequest->IOException");
        } catch (KeyManagementException e3) {
            cta.b(b, "doPostRequest->KeyManagementException");
        } catch (KeyStoreException e4) {
            cta.b(b, "doPostRequest->KeyStoreException");
        } catch (NoSuchAlgorithmException e5) {
            cta.b(b, "doPostRequest->NoSuchAlgorithmException");
        } catch (CertificateException e6) {
            cta.b(b, "doPostRequest->CertificateException");
        }
        httpsURLConnection.setHostnameVerifier(new HostnameVerifier() { // from class: o.ctf.5
            @Override // javax.net.ssl.HostnameVerifier
            public boolean verify(String str, SSLSession sSLSession) {
                HostnameVerifier defaultHostnameVerifier = HttpsURLConnection.getDefaultHostnameVerifier();
                if (cta.e.booleanValue()) {
                    cta.a(ctf.b, "doPostRequest->hostname =" + str);
                }
                return defaultHostnameVerifier.verify("zdnlpz.yhdzd.chinamobile.com", sSLSession);
            }
        });
    }

    public String d(Context context, String str, String str2) throws Exception {
        cta.a(b, "Gba auth step 1.");
        ctk a2 = a(context, String.format("sip:%1$s@ims.mnc%2$s.mcc%3$s.3gppnetwork.org", str, csy.e(str), csy.d(str)), csw.b(), str2, null);
        if (cta.e.booleanValue()) {
            cta.a(b, "Gba auth step 1. resultCode=" + a2.e());
        }
        if (200 == a2.e()) {
            return a2.c();
        }
        if (401 == a2.e()) {
            cth.b(a2.c().replace("Digest ", " "));
            String e2 = cth.e("realm");
            String[] split = e2 != null ? e2.split("@") : null;
            if (split == null || split.length != 2) {
                this.c = "";
            } else {
                this.c = split[1];
                if ("3GPP-bootstrapping".equals(split[0])) {
                    return d(context, str, str2, a2.c());
                }
            }
        } else if (98 == a2.e()) {
            return String.valueOf(98);
        }
        return String.valueOf(99);
    }
}
