package com.thefloow.api.client.v3;

import android.net.http.X509TrustManagerExtensions;
import android.os.Build;
import android.util.Base64;
import com.aaa.ccmframework.configuration.AppConfig;
import com.f.core.diagnostics.f;
import com.f.core.exceptions.FloSSLPinningException;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.lang.reflect.Field;
import java.net.HttpURLConnection;
import java.net.URL;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLException;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.apache.thrift.transport.THttpClient;
import org.apache.thrift.transport.TTransportException;
import org.spongycastle.pqc.jcajce.spec.McElieceCCA2KeyGenParameterSpec;

/* loaded from: classes5.dex */
public class FloTHttpClient extends THttpClient {
    private static final String LOG_TAG = "FloTHttpClient";
    private Field connectTimeoutField;
    private Field customHeadersField;
    private Field inputStreamField;
    private Field readTimeoutField;
    private Field requestBufferField;
    private SSLContext sslContext;
    private Field urlField;
    private Set<String> validSPKI;
    private X509TrustManager x509TrustManager;

    /* JADX INFO: Access modifiers changed from: package-private */
    public FloTHttpClient(String str, SSLContext sSLContext, Set<String> set) throws TTransportException {
        super(str);
        this.validSPKI = set;
        this.sslContext = sSLContext;
        if (set != null) {
            try {
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                trustManagerFactory.init((KeyStore) null);
                for (TrustManager trustManager : trustManagerFactory.getTrustManagers()) {
                    if (trustManager instanceof X509TrustManager) {
                        this.x509TrustManager = (X509TrustManager) trustManager;
                        break;
                    }
                }
            } catch (KeyStoreException | NoSuchAlgorithmException e) {
                f.e(LOG_TAG, "SPKI validation error", e);
            }
        }
        try {
            Class<? super Object> superclass = getClass().getSuperclass();
            this.urlField = superclass.getDeclaredField("url_");
            this.urlField.setAccessible(true);
            this.connectTimeoutField = superclass.getDeclaredField("connectTimeout_");
            this.connectTimeoutField.setAccessible(true);
            this.readTimeoutField = superclass.getDeclaredField("readTimeout_");
            this.readTimeoutField.setAccessible(true);
            this.customHeadersField = superclass.getDeclaredField("customHeaders_");
            this.customHeadersField.setAccessible(true);
            this.inputStreamField = superclass.getDeclaredField("inputStream_");
            this.inputStreamField.setAccessible(true);
            this.requestBufferField = superclass.getDeclaredField("requestBuffer_");
            this.requestBufferField.setAccessible(true);
        } catch (NoSuchFieldException e2) {
            f.e(LOG_TAG, "Field not found", e2);
        }
    }

    private List<X509Certificate> trustedChain(HttpsURLConnection httpsURLConnection) throws SSLException {
        Certificate[] serverCertificates = httpsURLConnection.getServerCertificates();
        X509Certificate[] x509CertificateArr = (X509Certificate[]) Arrays.copyOf(serverCertificates, serverCertificates.length, X509Certificate[].class);
        try {
            if (Build.VERSION.SDK_INT >= 17) {
                return new X509TrustManagerExtensions(this.x509TrustManager).checkServerTrusted(x509CertificateArr, AppConfig.ALGORITHM, httpsURLConnection.getURL().getHost());
            }
            throw new FloSSLPinningException("SPKI pinning insufficient API failure");
        } catch (CertificateException e) {
            throw new SSLException(e);
        }
    }

    private void validatePinning(HttpsURLConnection httpsURLConnection) throws SSLException {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance(McElieceCCA2KeyGenParameterSpec.SHA256);
            Iterator<X509Certificate> it = trustedChain(httpsURLConnection).iterator();
            while (it.hasNext()) {
                byte[] encoded = it.next().getPublicKey().getEncoded();
                messageDigest.update(encoded, 0, encoded.length);
                if (this.validSPKI.contains(Base64.encodeToString(messageDigest.digest(), 2))) {
                    return;
                }
            }
            throw new FloSSLPinningException("SPKI pinning failure");
        } catch (NoSuchAlgorithmException e) {
            throw new SSLException(e);
        }
    }

    @Override // org.apache.thrift.transport.THttpClient, org.apache.thrift.transport.TTransport
    public void flush() throws TTransportException {
        try {
            ByteArrayOutputStream byteArrayOutputStream = (ByteArrayOutputStream) this.requestBufferField.get(this);
            byte[] byteArray = byteArrayOutputStream.toByteArray();
            byteArrayOutputStream.reset();
            HttpURLConnection httpURLConnection = (HttpURLConnection) ((URL) this.urlField.get(this)).openConnection();
            if (this.sslContext != null && (httpURLConnection instanceof HttpsURLConnection)) {
                try {
                    ((HttpsURLConnection) httpURLConnection).setSSLSocketFactory(this.sslContext.getSocketFactory());
                } catch (IllegalStateException e) {
                    throw new TTransportException("SSLContext is not initialized");
                }
            }
            if (this.connectTimeoutField.getInt(this) > 0) {
                httpURLConnection.setConnectTimeout(this.connectTimeoutField.getInt(this));
            }
            if (this.readTimeoutField.getInt(this) > 0) {
                httpURLConnection.setReadTimeout(this.readTimeoutField.getInt(this));
            }
            httpURLConnection.setRequestMethod("POST");
            httpURLConnection.setRequestProperty("Content-Type", "application/x-thrift");
            httpURLConnection.setRequestProperty("Accept", "application/x-thrift");
            httpURLConnection.setRequestProperty("User-Agent", "Java/THttpClient");
            HashMap hashMap = (HashMap) this.customHeadersField.get(this);
            if (hashMap != null) {
                for (Map.Entry entry : hashMap.entrySet()) {
                    httpURLConnection.setRequestProperty((String) entry.getKey(), (String) entry.getValue());
                }
            }
            httpURLConnection.setDoOutput(true);
            httpURLConnection.connect();
            if (this.validSPKI != null && (httpURLConnection instanceof HttpsURLConnection)) {
                validatePinning((HttpsURLConnection) httpURLConnection);
            }
            httpURLConnection.getOutputStream().write(byteArray);
            int responseCode = httpURLConnection.getResponseCode();
            if (responseCode != 200) {
                throw new TTransportException("HTTP Response code: " + responseCode);
            }
            this.inputStreamField.set(this, httpURLConnection.getInputStream());
        } catch (IOException e2) {
            f.e(LOG_TAG, "Tx failed", e2);
            throw new TTransportException(e2);
        } catch (IllegalAccessException e3) {
            f.e(LOG_TAG, "Illegal access", e3);
        } catch (SSLException e4) {
            throw new TTransportException(e4);
        }
    }
}
