package com.bytedance.sdk.xbridge.auth.secure;

import android.net.Uri;
import android.util.Base64;
import com.bytedance.sdk.xbridge.auth.secure.SecureAuthManager;
import com.bytedance.sdk.xbridge.protocol.entity.BridgeCall;
import com.bytedance.sdk.xbridge.protocol.impl.errors.JSBErrorReportModel;
import com.huawei.hms.support.hianalytics.HiAnalyticsConstant;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.concurrent.ConcurrentHashMap;
import java.util.regex.Pattern;
import org.json.JSONArray;
import org.json.JSONObject;
import x.e0.a;
import x.e0.l;
import x.x.d.n;

/* compiled from: SecureJSBPerimissionPool.kt */
/* loaded from: classes4.dex */
public final class SecureJSBPerimissionPool {
    public static final SecureJSBPerimissionPool INSTANCE = new SecureJSBPerimissionPool();
    private static final SecureJSBAuthPublicKey RSAPublicKeyInClient = new SecureJSBAuthPublicKey("MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmrjnhFSv3K66fyKzNJkZ\nq2Xq5sMAcRJhRVWHFzg6mxT2lymt8O27TA5wAiFlqwdDhZDDANb6jTk87nqokFT/\nSOzoniGgMVauhsVdk3sVGlivrePs35o03+N7iN7ApJ4R0i8RTuSi+zidZyylFLko\nR+H/guusjNxZiIhRm9g2i9/ur18dYbz/g4XoKLMsnTWBubtjAEjtzIOX6zsJqrwk\nfEmHgdnokvC7xQjSnE3fWulXavwNTtabXcTIa0Rn4YQWazB56kTKel4dS5zoghys\n5IvH1kqjte+Yu3qoitnph69jxXukSl08jQzY1aE1OP4misJ3zUKoZOvzHBR5iedh\nQQIDAQAB\n", SecureJSBAuthPublicKeyStatus.USING);
    private static final ConcurrentHashMap<String, SecurePermissionRule> secureRulePool = new ConcurrentHashMap<>();

    /* compiled from: SecureJSBPerimissionPool.kt */
    /* loaded from: classes4.dex */
    public static final class SecurePermissionRule {
        private boolean hostRegex;
        private ArrayList<String> methods;
        private boolean pathRegex;
        private String secureJSBToken;
        private Uri url;

        public final boolean getHostRegex() {
            return this.hostRegex;
        }

        public final ArrayList<String> getMethods() {
            return this.methods;
        }

        public final boolean getPathRegex() {
            return this.pathRegex;
        }

        public final String getSecureJSBToken() {
            return this.secureJSBToken;
        }

        public final Uri getUrl() {
            return this.url;
        }

        public final void setHostRegex(boolean z2) {
            this.hostRegex = z2;
        }

        public final void setMethods(ArrayList<String> arrayList) {
            this.methods = arrayList;
        }

        public final void setPathRegex(boolean z2) {
            this.pathRegex = z2;
        }

        public final void setSecureJSBToken(String str) {
            this.secureJSBToken = str;
        }

        public final void setUrl(Uri uri) {
            this.url = uri;
        }
    }

    private SecureJSBPerimissionPool() {
    }

    private final SecurePermissionRule createAndUpdatePermissionRule(BridgeCall bridgeCall, Uri uri, String str) {
        boolean verifySignature;
        DecryptUtils decryptUtils = DecryptUtils.INSTANCE;
        byte[] decode = Base64.decode(str, 0);
        n.b(decode, "Base64.decode(secureJSBToken, Base64.DEFAULT)");
        String str2 = new String(decryptUtils.decryptAESCBC128(decode), a.f16249a);
        List L = l.L(str2, new String[]{HiAnalyticsConstant.REPORT_VAL_SEPARATOR}, false, 2, 2);
        if (L.size() != 2) {
            bridgeCall.getJsbSDKErrorReportModel().putJsbExtension("jsb_secure_aes_decrypt_format_error", d.a.b.a.a.b2("secureJSBToken: ", str, ", secureTokenDecrypt:", str2));
            return null;
        }
        SecureAuthManager.Companion companion = SecureAuthManager.Companion;
        ArrayList<SecureJSBAuthPublicKey> securePublicKeyList = companion.getSecureJSBAuthConfig$sdk_authSimpleRelease().getSecurePublicKeyList();
        if (securePublicKeyList == null || securePublicKeyList.isEmpty()) {
            verifySignature = decryptUtils.verifySignature(RSAPublicKeyInClient.getPublicKey(), (String) L.get(1), (String) L.get(0));
        } else {
            ArrayList<SecureJSBAuthPublicKey> securePublicKeyList2 = companion.getSecureJSBAuthConfig$sdk_authSimpleRelease().getSecurePublicKeyList();
            if (securePublicKeyList2 == null) {
                n.m();
                throw null;
            }
            int size = securePublicKeyList2.size();
            verifySignature = false;
            for (int i = 0; i < size; i++) {
                ArrayList<SecureJSBAuthPublicKey> securePublicKeyList3 = SecureAuthManager.Companion.getSecureJSBAuthConfig$sdk_authSimpleRelease().getSecurePublicKeyList();
                if (securePublicKeyList3 == null) {
                    n.m();
                    throw null;
                }
                SecureJSBAuthPublicKey secureJSBAuthPublicKey = securePublicKeyList3.get(i);
                n.b(secureJSBAuthPublicKey, "SecureAuthManager.secure….securePublicKeyList!![i]");
                SecureJSBAuthPublicKey secureJSBAuthPublicKey2 = secureJSBAuthPublicKey;
                try {
                    String publicKey = secureJSBAuthPublicKey2.getPublicKey();
                    if (DecryptUtils.INSTANCE.verifySignature(publicKey, (String) L.get(1), (String) L.get(0))) {
                        if (secureJSBAuthPublicKey2.getStatus() == SecureJSBAuthPublicKeyStatus.DEPRECATED) {
                            bridgeCall.getJsbSDKErrorReportModel().putJsbExtension("jsb_secure_using_deprecated_public_key", publicKey);
                            bridgeCall.getJsbSDKErrorReportModel().reportSecurePublicKeyStatus$sdk_authSimpleRelease();
                        }
                        verifySignature = true;
                    }
                } catch (Exception e) {
                    bridgeCall.getJsbSDKErrorReportModel().putJsbExtension("jsb_secure_rsa_decrypt_error", "secureJSBToken:" + str + ", publicKey:" + secureJSBAuthPublicKey2 + ".publicKey, error:" + e.getMessage());
                }
                if (verifySignature) {
                    break;
                }
            }
        }
        if (!verifySignature) {
            JSBErrorReportModel jsbSDKErrorReportModel = bridgeCall.getJsbSDKErrorReportModel();
            StringBuilder d2 = d.a.b.a.a.d("securePublicKeyList: ");
            d2.append(SecureAuthManager.Companion.getSecureJSBAuthConfig$sdk_authSimpleRelease().getSecurePublicKeyList());
            d2.append(", aesDecryptString:");
            d2.append(str2);
            jsbSDKErrorReportModel.putJsbExtension("jsb_secure_verify_failed", d2.toString());
            return null;
        }
        JSONObject jSONObject = new JSONObject((String) L.get(1));
        JSONObject optJSONObject = jSONObject.optJSONObject("host");
        JSONObject optJSONObject2 = jSONObject.optJSONObject("paths");
        JSONArray optJSONArray = jSONObject.optJSONArray("methods");
        boolean optBoolean = jSONObject.has("pathsRegex") ? jSONObject.optBoolean("pathsRegex", false) : !jSONObject.optBoolean("exact", true);
        boolean optBoolean2 = jSONObject.optBoolean("hostRegex", false);
        if (optJSONObject == null || optJSONObject2 == null) {
            bridgeCall.getJsbSDKErrorReportModel().putJsbExtension("jsb_secure_host_or_path_empty", Boolean.TRUE);
            return null;
        }
        if (optJSONArray == null || optJSONArray.length() == 0) {
            bridgeCall.getJsbSDKErrorReportModel().putJsbExtension("jsb_secure_method_empty", Boolean.TRUE);
            return null;
        }
        if (!isInfoMatch(uri, optBoolean, optBoolean2, optJSONObject, optJSONObject2, optJSONArray, bridgeCall)) {
            bridgeCall.getJsbSDKErrorReportModel().putJsbExtension("jsb_secure_url_match_error_data", L.get(1));
            return null;
        }
        SecurePermissionRule securePermissionRule = new SecurePermissionRule();
        ArrayList<String> arrayList = new ArrayList<>();
        int length = optJSONArray.length();
        for (int i2 = 0; i2 < length; i2++) {
            arrayList.add(optJSONArray.optString(i2));
        }
        securePermissionRule.setMethods(arrayList);
        securePermissionRule.setUrl(uri);
        securePermissionRule.setSecureJSBToken(str);
        securePermissionRule.setPathRegex(optBoolean);
        securePermissionRule.setHostRegex(optBoolean2);
        secureRulePool.put(uri.toString(), securePermissionRule);
        return securePermissionRule;
    }

    private final boolean isInfoMatch(Uri uri, boolean z2, boolean z3, JSONObject jSONObject, JSONObject jSONObject2, JSONArray jSONArray, BridgeCall bridgeCall) {
        boolean z4;
        String str;
        boolean z5;
        if (z3) {
            Iterator<String> keys = jSONObject.keys();
            n.b(keys, "hostsFromToken.keys()");
            String str2 = null;
            boolean z6 = false;
            while (keys.hasNext()) {
                String next = keys.next();
                Pattern compile = Pattern.compile(next);
                String host = uri.getHost();
                if (host != null && compile.matcher(host).find()) {
                    str2 = jSONObject.optString(next);
                    z6 = true;
                }
            }
            z4 = z6;
            str = str2;
        } else {
            z4 = jSONObject.has(uri.getHost());
            str = jSONObject.optString(uri.getHost());
        }
        if (!z4) {
            bridgeCall.getJsbSDKErrorReportModel().putJsbExtension("jsb_secure_url_match_error", 0);
            return false;
        }
        JSONArray optJSONArray = jSONObject2.optJSONArray(str);
        if (optJSONArray == null) {
            bridgeCall.getJsbSDKErrorReportModel().putJsbExtension("jsb_secure_url_match_error", 1);
            return false;
        }
        if (z2) {
            int length = optJSONArray.length();
            int i = 0;
            while (true) {
                if (i >= length) {
                    z5 = false;
                    break;
                }
                Pattern compile2 = Pattern.compile(optJSONArray.optString(i));
                String path = uri.getPath();
                if (path != null && compile2.matcher(path).find()) {
                    z5 = true;
                    break;
                }
                i++;
            }
        } else {
            int length2 = optJSONArray.length();
            z5 = false;
            for (int i2 = 0; i2 < length2; i2++) {
                if (n.a(optJSONArray.optString(i2), uri.getPath())) {
                    z5 = true;
                }
            }
        }
        if (!z5) {
            bridgeCall.getJsbSDKErrorReportModel().putJsbExtension("jsb_secure_url_match_error", 1);
            return false;
        }
        int length3 = jSONArray.length();
        for (int i3 = 0; i3 < length3; i3++) {
            if (n.a(jSONArray.getString(i3), bridgeCall.getBridgeName())) {
                return true;
            }
        }
        bridgeCall.getJsbSDKErrorReportModel().putJsbExtension("jsb_secure_url_match_error", 2);
        return false;
    }

    public final SecurePermissionRule getSecureRule(BridgeCall bridgeCall, String str, String str2) {
        SecurePermissionRule securePermissionRule;
        ArrayList<String> methods;
        n.f(bridgeCall, "call");
        n.f(str, "currentUrl");
        n.f(str2, "secureJSBToken");
        try {
            Uri build = Uri.parse(str).buildUpon().clearQuery().build();
            bridgeCall.getJsbSDKErrorReportModel().putJsbExtension("jsb_secure_url_marker", "original_url: " + str + ", auth_url: " + build);
            ConcurrentHashMap<String, SecurePermissionRule> concurrentHashMap = secureRulePool;
            boolean z2 = true;
            if (concurrentHashMap.containsKey(build.toString()) && (securePermissionRule = concurrentHashMap.get(build.toString())) != null && (methods = securePermissionRule.getMethods()) != null && methods.contains(bridgeCall.getBridgeName())) {
                bridgeCall.getJsbSDKErrorReportModel().putJsbExtension("jsb_secure_rule_cache", Boolean.TRUE);
                return concurrentHashMap.get(build.toString());
            }
            if (str2.length() <= 0) {
                z2 = false;
            }
            if (z2) {
                n.b(build, "keyCurrentUrl");
                return createAndUpdatePermissionRule(bridgeCall, build, str2);
            }
            bridgeCall.getJsbSDKErrorReportModel().putJsbExtension("jsb_secure_token_is_null_or_empty", Boolean.TRUE);
            return null;
        } catch (Exception e) {
            bridgeCall.getJsbSDKErrorReportModel().putJsbExtension("jsb_secure_create_or_update_error", e.getMessage());
            return null;
        }
    }
}
