package com.bytedance.sdk.xbridge.auth.secure;

import a.f.a.a.common.TeXFont;
import android.net.Uri;
import android.util.Base64;
import com.bytedance.sdk.xbridge.protocol.entity.BridgeCall;
import com.bytedance.sdk.xbridge.protocol.impl.errors.JSBErrorReportModel;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.concurrent.ConcurrentHashMap;
import java.util.regex.Pattern;
import kotlin.Metadata;
import kotlin.t.internal.p;
import kotlin.text.a;
import kotlin.text.b;
import org.json.JSONArray;
import org.json.JSONObject;

/* compiled from: SecureJSBPerimissionPool.kt */
@Metadata(bv = {1, 0, 3}, d1 = {"\u0000H\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\u0010\u000e\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0000\n\u0002\u0018\u0002\n\u0002\b\u0004\n\u0002\u0010\u000b\n\u0002\b\u0004\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n\u0002\b\u0002\bÀ\u0002\u0018\u00002\u00020\u0001:\u0001\u001bB\u0007\b\u0002¢\u0006\u0002\u0010\u0002J\"\u0010\t\u001a\u0004\u0018\u00010\b2\u0006\u0010\n\u001a\u00020\u000b2\u0006\u0010\f\u001a\u00020\r2\u0006\u0010\u000e\u001a\u00020\u0007H\u0002J \u0010\u000f\u001a\u0004\u0018\u00010\b2\u0006\u0010\n\u001a\u00020\u000b2\u0006\u0010\u0010\u001a\u00020\u00072\u0006\u0010\u000e\u001a\u00020\u0007J@\u0010\u0011\u001a\u00020\u00122\u0006\u0010\u0013\u001a\u00020\r2\u0006\u0010\u0014\u001a\u00020\u00122\u0006\u0010\u0015\u001a\u00020\u00122\u0006\u0010\u0016\u001a\u00020\u00172\u0006\u0010\u0018\u001a\u00020\u00172\u0006\u0010\u0019\u001a\u00020\u001a2\u0006\u0010\n\u001a\u00020\u000bH\u0002R\u000e\u0010\u0003\u001a\u00020\u0004X\u0082\u0004¢\u0006\u0002\n\u0000R\u001a\u0010\u0005\u001a\u000e\u0012\u0004\u0012\u00020\u0007\u0012\u0004\u0012\u00020\b0\u0006X\u0082\u0004¢\u0006\u0002\n\u0000¨\u0006\u001c"}, d2 = {"Lcom/bytedance/sdk/xbridge/auth/secure/SecureJSBPerimissionPool;", "", "()V", "RSAPublicKeyInClient", "Lcom/bytedance/sdk/xbridge/auth/secure/SecureJSBAuthPublicKey;", "secureRulePool", "Ljava/util/concurrent/ConcurrentHashMap;", "", "Lcom/bytedance/sdk/xbridge/auth/secure/SecureJSBPerimissionPool$SecurePermissionRule;", "createAndUpdatePermissionRule", "call", "Lcom/bytedance/sdk/xbridge/protocol/entity/BridgeCall;", "keyCureentUrl", "Landroid/net/Uri;", "secureJSBToken", "getSecureRule", "currentUrl", "isInfoMatch", "", "keyCurrentUrl", "pathsRegexFromToken", "hostRegexFromToken", "hostsFromToken", "Lorg/json/JSONObject;", "pathsFromToken", "methodsFromToken", "Lorg/json/JSONArray;", "SecurePermissionRule", "sdk_authSimpleRelease"}, k = 1, mv = {1, 1, TeXFont.R})
/* loaded from: classes2.dex */
public final class SecureJSBPerimissionPool {
    public static final SecureJSBPerimissionPool INSTANCE = new SecureJSBPerimissionPool();
    public static final SecureJSBAuthPublicKey RSAPublicKeyInClient = new SecureJSBAuthPublicKey("MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmrjnhFSv3K66fyKzNJkZ\nq2Xq5sMAcRJhRVWHFzg6mxT2lymt8O27TA5wAiFlqwdDhZDDANb6jTk87nqokFT/\nSOzoniGgMVauhsVdk3sVGlivrePs35o03+N7iN7ApJ4R0i8RTuSi+zidZyylFLko\nR+H/guusjNxZiIhRm9g2i9/ur18dYbz/g4XoKLMsnTWBubtjAEjtzIOX6zsJqrwk\nfEmHgdnokvC7xQjSnE3fWulXavwNTtabXcTIa0Rn4YQWazB56kTKel4dS5zoghys\n5IvH1kqjte+Yu3qoitnph69jxXukSl08jQzY1aE1OP4misJ3zUKoZOvzHBR5iedh\nQQIDAQAB\n", SecureJSBAuthPublicKeyStatus.USING);
    public static final ConcurrentHashMap<String, SecurePermissionRule> secureRulePool = new ConcurrentHashMap<>();

    /* compiled from: SecureJSBPerimissionPool.kt */
    @Metadata(bv = {1, 0, 3}, d1 = {"\u0000,\n\u0002\u0018\u0002\n\u0002\u0010\u0000\n\u0002\b\u0002\n\u0002\u0010\u000b\n\u0002\b\u0005\n\u0002\u0018\u0002\n\u0002\u0010\u000e\n\u0002\u0018\u0002\n\u0002\b\r\n\u0002\u0018\u0002\n\u0002\b\u0005\u0018\u00002\u00020\u0001B\u0005¢\u0006\u0002\u0010\u0002R\u001a\u0010\u0003\u001a\u00020\u0004X\u0086\u000e¢\u0006\u000e\n\u0000\u001a\u0004\b\u0005\u0010\u0006\"\u0004\b\u0007\u0010\bR.\u0010\t\u001a\u0016\u0012\u0004\u0012\u00020\u000b\u0018\u00010\nj\n\u0012\u0004\u0012\u00020\u000b\u0018\u0001`\fX\u0086\u000e¢\u0006\u000e\n\u0000\u001a\u0004\b\r\u0010\u000e\"\u0004\b\u000f\u0010\u0010R\u001a\u0010\u0011\u001a\u00020\u0004X\u0086\u000e¢\u0006\u000e\n\u0000\u001a\u0004\b\u0012\u0010\u0006\"\u0004\b\u0013\u0010\bR\u001c\u0010\u0014\u001a\u0004\u0018\u00010\u000bX\u0086\u000e¢\u0006\u000e\n\u0000\u001a\u0004\b\u0015\u0010\u0016\"\u0004\b\u0017\u0010\u0018R\u001c\u0010\u0019\u001a\u0004\u0018\u00010\u001aX\u0086\u000e¢\u0006\u000e\n\u0000\u001a\u0004\b\u001b\u0010\u001c\"\u0004\b\u001d\u0010\u001e¨\u0006\u001f"}, d2 = {"Lcom/bytedance/sdk/xbridge/auth/secure/SecureJSBPerimissionPool$SecurePermissionRule;", "", "()V", "hostRegex", "", "getHostRegex", "()Z", "setHostRegex", "(Z)V", "methods", "Ljava/util/ArrayList;", "", "Lkotlin/collections/ArrayList;", "getMethods", "()Ljava/util/ArrayList;", "setMethods", "(Ljava/util/ArrayList;)V", "pathRegex", "getPathRegex", "setPathRegex", "secureJSBToken", "getSecureJSBToken", "()Ljava/lang/String;", "setSecureJSBToken", "(Ljava/lang/String;)V", "url", "Landroid/net/Uri;", "getUrl", "()Landroid/net/Uri;", "setUrl", "(Landroid/net/Uri;)V", "sdk_authSimpleRelease"}, k = 1, mv = {1, 1, TeXFont.R})
    /* loaded from: classes2.dex */
    public static final class SecurePermissionRule {
        public boolean hostRegex;
        public ArrayList<String> methods;
        public boolean pathRegex;
        public String secureJSBToken;
        public Uri url;

        public final boolean getHostRegex() {
            return this.hostRegex;
        }

        public final ArrayList<String> getMethods() {
            return this.methods;
        }

        public final boolean getPathRegex() {
            return this.pathRegex;
        }

        public final String getSecureJSBToken() {
            return this.secureJSBToken;
        }

        public final Uri getUrl() {
            return this.url;
        }

        public final void setHostRegex(boolean z) {
            this.hostRegex = z;
        }

        public final void setMethods(ArrayList<String> arrayList) {
            this.methods = arrayList;
        }

        public final void setPathRegex(boolean z) {
            this.pathRegex = z;
        }

        public final void setSecureJSBToken(String str) {
            this.secureJSBToken = str;
        }

        public final void setUrl(Uri uri) {
            this.url = uri;
        }
    }

    private final SecurePermissionRule createAndUpdatePermissionRule(BridgeCall call, Uri keyCureentUrl, String secureJSBToken) {
        boolean verifySignature;
        DecryptUtils decryptUtils = DecryptUtils.INSTANCE;
        byte[] decode = Base64.decode(secureJSBToken, 0);
        p.a((Object) decode, "Base64.decode(secureJSBToken, Base64.DEFAULT)");
        String str = new String(decryptUtils.decryptAESCBC128(decode), b.f38145a);
        List a2 = a.a((CharSequence) str, new String[]{"|"}, false, 2, 2);
        if (a2.size() != 2) {
            call.getJsbSDKErrorReportModel().putJsbExtension("jsb_secure_aes_decrypt_format_error", a.c.c.a.a.c("secureJSBToken: ", secureJSBToken, ", secureTokenDecrypt:", str));
            return null;
        }
        ArrayList<SecureJSBAuthPublicKey> securePublicKeyList = SecureAuthManager.INSTANCE.getSecureJSBAuthConfig$sdk_authSimpleRelease().getSecurePublicKeyList();
        if (securePublicKeyList == null || securePublicKeyList.isEmpty()) {
            verifySignature = DecryptUtils.INSTANCE.verifySignature(RSAPublicKeyInClient.getPublicKey(), (String) a2.get(1), (String) a2.get(0));
        } else {
            ArrayList<SecureJSBAuthPublicKey> securePublicKeyList2 = SecureAuthManager.INSTANCE.getSecureJSBAuthConfig$sdk_authSimpleRelease().getSecurePublicKeyList();
            if (securePublicKeyList2 == null) {
                p.a();
                throw null;
            }
            int size = securePublicKeyList2.size();
            verifySignature = false;
            for (int i2 = 0; i2 < size; i2++) {
                ArrayList<SecureJSBAuthPublicKey> securePublicKeyList3 = SecureAuthManager.INSTANCE.getSecureJSBAuthConfig$sdk_authSimpleRelease().getSecurePublicKeyList();
                if (securePublicKeyList3 == null) {
                    p.a();
                    throw null;
                }
                SecureJSBAuthPublicKey secureJSBAuthPublicKey = securePublicKeyList3.get(i2);
                p.a((Object) secureJSBAuthPublicKey, "SecureAuthManager.secure….securePublicKeyList!![i]");
                SecureJSBAuthPublicKey secureJSBAuthPublicKey2 = secureJSBAuthPublicKey;
                try {
                    String publicKey = secureJSBAuthPublicKey2.getPublicKey();
                    if (DecryptUtils.INSTANCE.verifySignature(publicKey, (String) a2.get(1), (String) a2.get(0))) {
                        if (secureJSBAuthPublicKey2.getStatus() == SecureJSBAuthPublicKeyStatus.DEPRECATED) {
                            call.getJsbSDKErrorReportModel().putJsbExtension("jsb_secure_using_deprecated_public_key", publicKey);
                            call.getJsbSDKErrorReportModel().reportSecurePublicKeyStatus$sdk_authSimpleRelease();
                        }
                        verifySignature = true;
                    }
                } catch (Exception e2) {
                    call.getJsbSDKErrorReportModel().putJsbExtension("jsb_secure_rsa_decrypt_error", "secureJSBToken:" + secureJSBToken + ", publicKey:" + secureJSBAuthPublicKey2 + ".publicKey, error:" + e2.getMessage());
                }
                if (verifySignature) {
                    break;
                }
            }
        }
        if (!verifySignature) {
            JSBErrorReportModel jsbSDKErrorReportModel = call.getJsbSDKErrorReportModel();
            StringBuilder a3 = a.c.c.a.a.a("securePublicKeyList: ");
            a3.append(SecureAuthManager.INSTANCE.getSecureJSBAuthConfig$sdk_authSimpleRelease().getSecurePublicKeyList());
            a3.append(", aesDecryptString:");
            a3.append(str);
            jsbSDKErrorReportModel.putJsbExtension("jsb_secure_verify_failed", a3.toString());
            return null;
        }
        JSONObject jSONObject = new JSONObject((String) a2.get(1));
        JSONObject optJSONObject = jSONObject.optJSONObject("host");
        JSONObject optJSONObject2 = jSONObject.optJSONObject("paths");
        JSONArray optJSONArray = jSONObject.optJSONArray("methods");
        boolean optBoolean = jSONObject.has("pathsRegex") ? jSONObject.optBoolean("pathsRegex", false) : !jSONObject.optBoolean("exact", true);
        boolean optBoolean2 = jSONObject.optBoolean("hostRegex", false);
        if (optJSONObject == null || optJSONObject2 == null) {
            call.getJsbSDKErrorReportModel().putJsbExtension("jsb_secure_host_or_path_empty", true);
            return null;
        }
        if (optJSONArray == null || optJSONArray.length() == 0) {
            call.getJsbSDKErrorReportModel().putJsbExtension("jsb_secure_method_empty", true);
            return null;
        }
        if (!isInfoMatch(keyCureentUrl, optBoolean, optBoolean2, optJSONObject, optJSONObject2, optJSONArray, call)) {
            call.getJsbSDKErrorReportModel().putJsbExtension("jsb_secure_url_match_error_data", a2.get(1));
            return null;
        }
        SecurePermissionRule securePermissionRule = new SecurePermissionRule();
        ArrayList<String> arrayList = new ArrayList<>();
        int length = optJSONArray.length();
        for (int i3 = 0; i3 < length; i3++) {
            arrayList.add(optJSONArray.optString(i3));
        }
        securePermissionRule.setMethods(arrayList);
        securePermissionRule.setUrl(keyCureentUrl);
        securePermissionRule.setSecureJSBToken(secureJSBToken);
        securePermissionRule.setPathRegex(optBoolean);
        securePermissionRule.setHostRegex(optBoolean2);
        secureRulePool.put(keyCureentUrl.toString(), securePermissionRule);
        return securePermissionRule;
    }

    private final boolean isInfoMatch(Uri keyCurrentUrl, boolean pathsRegexFromToken, boolean hostRegexFromToken, JSONObject hostsFromToken, JSONObject pathsFromToken, JSONArray methodsFromToken, BridgeCall call) {
        boolean z;
        String str;
        boolean z2;
        if (hostRegexFromToken) {
            Iterator<String> keys = hostsFromToken.keys();
            p.a((Object) keys, "hostsFromToken.keys()");
            String str2 = null;
            boolean z3 = false;
            while (keys.hasNext()) {
                String next = keys.next();
                Pattern compile = Pattern.compile(next);
                String host = keyCurrentUrl.getHost();
                if (host != null && compile.matcher(host).find()) {
                    str2 = hostsFromToken.optString(next);
                    z3 = true;
                }
            }
            z = z3;
            str = str2;
        } else {
            z = hostsFromToken.has(keyCurrentUrl.getHost());
            str = hostsFromToken.optString(keyCurrentUrl.getHost());
        }
        if (!z) {
            call.getJsbSDKErrorReportModel().putJsbExtension("jsb_secure_url_match_error", 0);
            return false;
        }
        JSONArray optJSONArray = pathsFromToken.optJSONArray(str);
        if (optJSONArray == null) {
            call.getJsbSDKErrorReportModel().putJsbExtension("jsb_secure_url_match_error", 1);
            return false;
        }
        if (pathsRegexFromToken) {
            int length = optJSONArray.length();
            int i2 = 0;
            while (true) {
                if (i2 >= length) {
                    z2 = false;
                    break;
                }
                Pattern compile2 = Pattern.compile(optJSONArray.optString(i2));
                String path = keyCurrentUrl.getPath();
                if (path != null && compile2.matcher(path).find()) {
                    z2 = true;
                    break;
                }
                i2++;
            }
        } else {
            int length2 = optJSONArray.length();
            z2 = false;
            for (int i3 = 0; i3 < length2; i3++) {
                if (p.a((Object) optJSONArray.optString(i3), (Object) keyCurrentUrl.getPath())) {
                    z2 = true;
                }
            }
        }
        if (!z2) {
            call.getJsbSDKErrorReportModel().putJsbExtension("jsb_secure_url_match_error", 1);
            return false;
        }
        int length3 = methodsFromToken.length();
        for (int i4 = 0; i4 < length3; i4++) {
            if (p.a((Object) methodsFromToken.getString(i4), (Object) call.getBridgeName())) {
                return true;
            }
        }
        call.getJsbSDKErrorReportModel().putJsbExtension("jsb_secure_url_match_error", 2);
        return false;
    }

    public final SecurePermissionRule getSecureRule(BridgeCall call, String currentUrl, String secureJSBToken) {
        SecurePermissionRule securePermissionRule;
        ArrayList<String> methods;
        p.d(call, "call");
        p.d(currentUrl, "currentUrl");
        p.d(secureJSBToken, "secureJSBToken");
        try {
            Uri build = Uri.parse(currentUrl).buildUpon().clearQuery().build();
            call.getJsbSDKErrorReportModel().putJsbExtension("jsb_secure_url_marker", "original_url: " + currentUrl + ", auth_url: " + build);
            if (secureRulePool.containsKey(build.toString()) && (securePermissionRule = secureRulePool.get(build.toString())) != null && (methods = securePermissionRule.getMethods()) != null && methods.contains(call.getBridgeName())) {
                call.getJsbSDKErrorReportModel().putJsbExtension("jsb_secure_rule_cache", true);
                return secureRulePool.get(build.toString());
            }
            if (secureJSBToken.length() > 0) {
                p.a((Object) build, "keyCurrentUrl");
                return createAndUpdatePermissionRule(call, build, secureJSBToken);
            }
            call.getJsbSDKErrorReportModel().putJsbExtension("jsb_secure_token_is_null_or_empty", true);
            return null;
        } catch (Exception e2) {
            call.getJsbSDKErrorReportModel().putJsbExtension("jsb_secure_create_or_update_error", e2.getMessage());
            return null;
        }
    }
}
