package com.tencent.mm.opensdk.openapi; import android.content.Context; import android.content.SharedPreferences; import android.net.Uri; import android.os.Handler; import android.os.Looper; import com.alipay.sdk.cons.c; import com.tencent.mm.opensdk.modelbase.BaseReq; import com.tencent.mm.opensdk.modelmsg.SendMessageToWX; import com.tencent.mm.opensdk.modelmsg.WXWebpageObject; import com.tencent.mm.opensdk.utils.Log; import com.tencent.mm.opensdk.utils.b; import java.io.BufferedReader; import java.io.InputStreamReader; import java.net.HttpURLConnection; import java.net.URL; import java.net.URLEncoder; import java.util.ArrayList; import java.util.Collection; import java.util.List; import java.util.Random; import java.util.Timer; import java.util.TimerTask; import java.util.concurrent.CopyOnWriteArraySet; import org.json.JSONArray; import org.json.JSONObject; /* access modifiers changed from: package-private */ public class WXAPiSecurityHelper { private static final int MAX_STORE_KEY = 100; private static final int MAX_STORE_VALUE = 2048; private static final String SECURITY_KEY_TIMESTAMP_SECOND = "security_key_timestamp_second"; private static final String STORE_VALUE_DATA = "security_key_resp"; private static final String TAG = "MicroMsg.SDK.WXAPiSecurityHelper"; private final Context context; private final CopyOnWriteArraySet<String> overtimeSyncReqSet = new CopyOnWriteArraySet<>(); private final SharedPreferences sp; private static class CheckRuleResult { public static final int NoPass = 2; public static final int Pass = 1; public static final int Unknown = 0; private CheckRuleResult() { } } public static class ExtraSecurityCheckRes { public static final int Directly_NoPass = 1; public static final int Directly_Pass = 0; public static final int Need_Deep_Check = 2; } /* access modifiers changed from: package-private */ public interface IHttpCheckCallback { void onHttpCheckFinish(PromiseShareRule promiseShareRule); } /* access modifiers changed from: package-private */ public interface ISecurityCheck { void onCheckFinish(boolean z); } /* access modifiers changed from: package-private */ public interface ISecuritySyncCheck { void onSyncCheckFinish(boolean z); } /* access modifiers changed from: private */ public static class PassContext { String appid; String inputUrl; PromiseShareRule localRule; String reqSessionId; String version; private PassContext() { this.reqSessionId = ""; this.appid = ""; this.inputUrl = ""; this.version = ""; this.localRule = new PromiseShareRule(); } } /* access modifiers changed from: private */ public static class PromiseShareRule { String appidInRule; String buffer; public long nextRequestIntervalSecond; String orgJsonData; String reqAppid; int state; List<UrlRule> urlRuleList; long userWaitTimeMs; private PromiseShareRule() { this.orgJsonData = ""; this.reqAppid = ""; this.appidInRule = ""; this.urlRuleList = new ArrayList(); this.buffer = ""; } public long getLegalReqInterval() { long j = this.nextRequestIntervalSecond; if (j <= 0 || j >= 86400) { j = 3600; } Log.d(WXAPiSecurityHelper.TAG, "getLegalReqInterval = " + j); return j; } public long getLegalUserWaitTime() { long j = this.userWaitTimeMs; if (j <= 100 || j >= 60000) { j = 5000; } Log.d(WXAPiSecurityHelper.TAG, "getLegalUserWaitTime = " + j); return j; } } private static class RuleState { public static final int InRule = 1; public static final int None = 0; public static final int NotInRule = 2; private RuleState() { } } /* access modifiers changed from: private */ public static class UrlRule { String host; List<String> mustQueryKey; private UrlRule() { this.host = ""; this.mustQueryKey = new ArrayList(); } } /* access modifiers changed from: private */ public static class WXSecurityData { String appid; long lastStoreTimeStampSecond; String respDataJson; private WXSecurityData() { this.appid = ""; this.respDataJson = ""; } public boolean isBasicParamsAllowed() { long j = this.lastStoreTimeStampSecond; return ((j > 0 ? 1 : (j == 0 ? 0 : -1)) > 0 && (j > (System.currentTimeMillis() / 1000) ? 1 : (j == (System.currentTimeMillis() / 1000) ? 0 : -1)) < 0) && (b.b(this.appid) ^ true) && (b.b(this.respDataJson) ^ true); } } public WXAPiSecurityHelper(Context context2) { this.context = context2; this.sp = context2.getSharedPreferences("__wx_opensdk_sp__", 0); } /* access modifiers changed from: private */ /* access modifiers changed from: public */ private int checkRuleCanPass(String str, PromiseShareRule promiseShareRule) { String str2; Log.d(TAG, "checkRuleCanPass, start check!"); if (promiseShareRule.orgJsonData.length() > 2048) { Log.w(TAG, "response json is too long!"); return 0; } int i = promiseShareRule.state; if (i == 2) { str2 = "checkRuleCanPass, not in rule"; } else if (i != 1 || !promiseShareRule.appidInRule.equals(promiseShareRule.reqAppid)) { Log.d(TAG, "checkRuleCanPass, unknown"); return 0; } else if (promiseShareRule.urlRuleList.size() == 0) { str2 = "checkRuleCanPass, urlRuleList empty!"; } else { boolean checkUrlParametersLegal = checkUrlParametersLegal(str, promiseShareRule); Log.d(TAG, "checkRuleCanPass, urlCheckResult = " + checkUrlParametersLegal); if (!checkUrlParametersLegal) { Log.d(TAG, "checkRuleCanPass, no pass"); return 2; } str2 = "checkRuleCanPass, pass"; } Log.d(TAG, str2); return 1; } private boolean checkUrlParametersLegal(String str, PromiseShareRule promiseShareRule) { Uri parse = Uri.parse(str); String host = parse.getHost(); if (b.b(host)) { Log.i(TAG, "checkUrlParameters, host empty!"); return false; } for (int i = 0; i < promiseShareRule.urlRuleList.size(); i++) { UrlRule urlRule = promiseShareRule.urlRuleList.get(i); if (host.equals(urlRule.host)) { int i2 = 0; for (int i3 = 0; i3 < urlRule.mustQueryKey.size(); i3++) { try { String str2 = urlRule.mustQueryKey.get(i3); Log.d(TAG, "checkRuleCanPass, key = " + str2); if (!b.b(parse.getQueryParameter(str2))) { i2++; } } catch (Exception e) { Log.e(TAG, "checkRuleCanPass, parse fail, e = %s" + e.getMessage()); } } boolean z = i2 == urlRule.mustQueryKey.size(); Log.d(TAG, "checkRuleCanPass, rule.host = " + urlRule.host + ", queryOk = " + z); return z; } } return false; } private void doRequest(final PassContext passContext, final IHttpCheckCallback iHttpCheckCallback) { b.b.submit(new Runnable() { /* class com.tencent.mm.opensdk.openapi.WXAPiSecurityHelper.AnonymousClass6 */ public void run() { WXAPiSecurityHelper wXAPiSecurityHelper = WXAPiSecurityHelper.this; PassContext passContext = passContext; iHttpCheckCallback.onHttpCheckFinish(WXAPiSecurityHelper.this.convert2ShareRule(passContext.appid, wXAPiSecurityHelper.postHttpRequest(passContext.appid, passContext.version, passContext.localRule.buffer).toString())); } }); } private void doRequestAsync(PassContext passContext) { Log.d(TAG, "doRequestAsync"); doRequest(passContext, new IHttpCheckCallback() { /* class com.tencent.mm.opensdk.openapi.WXAPiSecurityHelper.AnonymousClass3 */ @Override // com.tencent.mm.opensdk.openapi.WXAPiSecurityHelper.IHttpCheckCallback public void onHttpCheckFinish(PromiseShareRule promiseShareRule) { WXAPiSecurityHelper.this.storeIfNecessary(promiseShareRule); } }); } private void doRequestSync(final PassContext passContext, final ISecuritySyncCheck iSecuritySyncCheck) { Log.i(TAG, "requestId = " + passContext.reqSessionId); final Timer timer = new Timer(passContext.reqSessionId); timer.schedule(new TimerTask() { /* class com.tencent.mm.opensdk.openapi.WXAPiSecurityHelper.AnonymousClass4 */ public void run() { Log.i(WXAPiSecurityHelper.TAG, "sync request overtime, requestId = " + passContext.reqSessionId); WXAPiSecurityHelper.this.overtimeSyncReqSet.add(passContext.reqSessionId); ISecuritySyncCheck iSecuritySyncCheck = iSecuritySyncCheck; if (iSecuritySyncCheck != null) { iSecuritySyncCheck.onSyncCheckFinish(true); } } }, passContext.localRule.getLegalUserWaitTime()); doRequest(passContext, new IHttpCheckCallback() { /* class com.tencent.mm.opensdk.openapi.WXAPiSecurityHelper.AnonymousClass5 */ @Override // com.tencent.mm.opensdk.openapi.WXAPiSecurityHelper.IHttpCheckCallback public void onHttpCheckFinish(PromiseShareRule promiseShareRule) { timer.cancel(); if (WXAPiSecurityHelper.this.overtimeSyncReqSet.contains(passContext.reqSessionId)) { WXAPiSecurityHelper.this.overtimeSyncReqSet.remove(passContext.reqSessionId); } else if (iSecuritySyncCheck != null) { int checkRuleCanPass = WXAPiSecurityHelper.this.checkRuleCanPass(passContext.inputUrl, promiseShareRule); boolean z = true; if (checkRuleCanPass == 1) { iSecuritySyncCheck.onSyncCheckFinish(true); } else if (checkRuleCanPass == 2) { iSecuritySyncCheck.onSyncCheckFinish(false); } else { int checkRuleCanPass2 = WXAPiSecurityHelper.this.checkRuleCanPass(passContext.inputUrl, WXAPiSecurityHelper.this.convert2ShareRule(passContext.appid, WXAPiSecurityHelper.this.getStoredData(passContext.appid).respDataJson)); ISecuritySyncCheck iSecuritySyncCheck = iSecuritySyncCheck; if (checkRuleCanPass2 == 2) { z = false; } iSecuritySyncCheck.onSyncCheckFinish(z); } } WXAPiSecurityHelper.this.storeIfNecessary(promiseShareRule); } }); } /* access modifiers changed from: private */ /* access modifiers changed from: public */ private void extraSecurityCheckDoCallback(final ISecurityCheck iSecurityCheck, final boolean z) { if (iSecurityCheck != null) { new Handler(Looper.getMainLooper()).post(new Runnable() { /* class com.tencent.mm.opensdk.openapi.WXAPiSecurityHelper.AnonymousClass2 */ public void run() { Log.d(WXAPiSecurityHelper.TAG, "has got result, callback on Main Thread."); iSecurityCheck.onCheckFinish(z); } }); } } private String getStoreKey(String str) { return "security_key_appid_" + str; } private void storeCheckResp(String str, PromiseShareRule promiseShareRule) { String cookStoreJson = cookStoreJson(str, promiseShareRule); Log.d(TAG, "cookStoreJson = " + cookStoreJson); if (b.b(cookStoreJson)) { Log.w(TAG, "cookStoreJson get null!"); return; } try { JSONObject jSONObject = new JSONObject(); jSONObject.put(SECURITY_KEY_TIMESTAMP_SECOND, System.currentTimeMillis() / 1000); jSONObject.put(STORE_VALUE_DATA, cookStoreJson); commitSp(str, jSONObject.toString()); } catch (Exception e) { Log.e(TAG, "storeCheckResp fail, ex = " + e.getMessage()); } } /* access modifiers changed from: private */ /* access modifiers changed from: public */ private void storeIfNecessary(PromiseShareRule promiseShareRule) { String str; Log.d(TAG, "storeIfNecessary"); if (b.b(promiseShareRule.reqAppid) || promiseShareRule.reqAppid.length() > 100) { str = "store fail! reqAppid illegal!"; } else if (b.b(promiseShareRule.orgJsonData) || promiseShareRule.orgJsonData.length() > 2048) { str = "store fail! response json illegal!"; } else { if (promiseShareRule.state == 1 && promiseShareRule.reqAppid.equals(promiseShareRule.appidInRule)) { Log.d(TAG, "storeIfNecessary, in rule"); storeCheckResp(promiseShareRule.reqAppid, promiseShareRule); } if (promiseShareRule.state == 2) { Log.d(TAG, "storeIfNecessary, not rule"); storeCheckResp(promiseShareRule.reqAppid, promiseShareRule); return; } return; } Log.i(TAG, str); } /* access modifiers changed from: protected */ public void commitSp(String str, String str2) { SharedPreferences.Editor edit = this.sp.edit(); edit.putString(getStoreKey(str), str2); edit.commit(); } /* access modifiers changed from: protected */ public PromiseShareRule convert2ShareRule(String str, String str2) { PromiseShareRule promiseShareRule = new PromiseShareRule(); promiseShareRule.reqAppid = str; promiseShareRule.orgJsonData = str2; if (b.b(str2)) { Log.d(TAG, "convert2ShareRule: jsonRespData is empty"); return promiseShareRule; } try { JSONObject jSONObject = new JSONObject(str2); promiseShareRule.state = jSONObject.optInt("state", 0); promiseShareRule.appidInRule = jSONObject.optString("appid_rule", ""); promiseShareRule.userWaitTimeMs = jSONObject.optLong("wait_time", 0); promiseShareRule.nextRequestIntervalSecond = jSONObject.optLong("interval", 0); promiseShareRule.buffer = jSONObject.optString("buffer", ""); JSONArray optJSONArray = jSONObject.optJSONArray("rules"); if (optJSONArray != null) { for (int i = 0; i < optJSONArray.length(); i++) { JSONObject jSONObject2 = optJSONArray.getJSONObject(i); UrlRule urlRule = new UrlRule(); urlRule.host = jSONObject2.optString(c.f); JSONArray optJSONArray2 = jSONObject2.optJSONArray("querys"); if (optJSONArray2 != null) { for (int i2 = 0; i2 < optJSONArray2.length(); i2++) { if (!b.b(optJSONArray2.optString(i2, ""))) { urlRule.mustQueryKey.add(optJSONArray2.optString(i2, "")); } } } promiseShareRule.urlRuleList.add(urlRule); } } } catch (Exception e) { Log.e(TAG, "coverJson2ShareRule fail, ex = " + e.getMessage()); } return promiseShareRule; } /* access modifiers changed from: protected */ public String cookStoreJson(String str, PromiseShareRule promiseShareRule) { String str2; if (promiseShareRule != null && !b.b(str)) { try { int i = promiseShareRule.state; if (i == 2) { JSONObject jSONObject = new JSONObject(); jSONObject.put("state", promiseShareRule.state); jSONObject.put("interval", promiseShareRule.getLegalReqInterval()); jSONObject.put("buffer", promiseShareRule.buffer.length() > 64 ? "" : promiseShareRule.buffer); str2 = jSONObject.toString(); } else if (i != 1) { return ""; } else { str2 = covertShareRule2Json(promiseShareRule); } return str2; } catch (Exception e) { Log.e(TAG, "storeCheckResp fail, ex = " + e.getMessage()); } } return ""; } /* access modifiers changed from: protected */ public String covertShareRule2Json(PromiseShareRule promiseShareRule) { if (promiseShareRule == null) { return ""; } try { JSONObject jSONObject = new JSONObject(); jSONObject.put("state", promiseShareRule.state); jSONObject.put("appid_rule", promiseShareRule.appidInRule); jSONObject.put("wait_time", promiseShareRule.userWaitTimeMs); jSONObject.put("interval", promiseShareRule.nextRequestIntervalSecond); jSONObject.put("buffer", promiseShareRule.buffer.length() > 64 ? "" : promiseShareRule.buffer); JSONArray jSONArray = new JSONArray(); for (UrlRule urlRule : promiseShareRule.urlRuleList) { JSONObject jSONObject2 = new JSONObject(); jSONObject2.put(c.f, urlRule.host); jSONObject2.put("querys", new JSONArray((Collection) urlRule.mustQueryKey)); jSONArray.put(jSONObject2); } jSONObject.put("rules", jSONArray); return jSONObject.toString(); } catch (Exception e) { Log.e(TAG, "covertShareRule2Json fail, ex = " + e.getMessage()); return ""; } } public int doExtraSecurityCheck(String str, String str2, String str3, final ISecurityCheck iSecurityCheck) { Log.i(TAG, "doExtraSecurityCheck: start!"); if (b.b(str) || b.b(str3)) { Log.e(TAG, "doExtraSecurityCheck: appid or inputurl is empty!"); return 0; } long currentTimeMillis = System.currentTimeMillis(); PassContext passContext = new PassContext(); passContext.reqSessionId = String.format("%s", currentTimeMillis + "" + new Random().nextInt(9999)); passContext.appid = str; passContext.inputUrl = str3; passContext.version = str2; WXSecurityData storedData = getStoredData(str); if (this.context.getPackageManager().checkPermission("android.permission.INTERNET", this.context.getPackageName()) != 0) { Log.w(TAG, "doExtraSecurityCheck: No Internet permission!"); return 0; } else if (!storedData.isBasicParamsAllowed()) { Log.d(TAG, "doExtraSecurityCheck: local data illegal!"); doRequestAsync(passContext); return 0; } else { PromiseShareRule convert2ShareRule = convert2ShareRule(passContext.appid, storedData.respDataJson); passContext.localRule = convert2ShareRule; boolean z = (storedData.lastStoreTimeStampSecond + convert2ShareRule.getLegalReqInterval()) * 1000 < System.currentTimeMillis(); Log.d(TAG, "doExtraSecurityCheck: needDoNextReq: " + z + ", last req time stamp:" + storedData.lastStoreTimeStampSecond); if (!z) { int checkRuleCanPass = checkRuleCanPass(passContext.inputUrl, passContext.localRule); Log.d(TAG, "doExtraSecurityCheck: no needDoNextReq, read local rule: " + checkRuleCanPass); return checkRuleCanPass == 2 ? 1 : 0; } Log.d(TAG, "doExtraSecurityCheck: needDoNextReq, state: " + passContext.localRule.state); if (passContext.localRule.state != 1) { doRequestAsync(passContext); return 0; } doRequestSync(passContext, new ISecuritySyncCheck() { /* class com.tencent.mm.opensdk.openapi.WXAPiSecurityHelper.AnonymousClass1 */ @Override // com.tencent.mm.opensdk.openapi.WXAPiSecurityHelper.ISecuritySyncCheck public void onSyncCheckFinish(boolean z) { WXAPiSecurityHelper.this.extraSecurityCheckDoCallback(iSecurityCheck, z); } }); return 2; } } public String extractMayNeedDoSecurityCheckUrl(String str, BaseReq baseReq) { if (baseReq.getType() != 2) { return ""; } SendMessageToWX.Req req = (SendMessageToWX.Req) baseReq; if (req.message.getType() != 5) { return ""; } WXWebpageObject wXWebpageObject = (WXWebpageObject) req.message.mediaObject; if (b.b(wXWebpageObject.webpageUrl)) { Log.i(TAG, "webpageUrl empty, don't need check."); return ""; } Log.i(TAG, "need check."); return wXWebpageObject.webpageUrl; } /* access modifiers changed from: protected */ public String getLocalStoredJson(String str) { return getStoredData(str).respDataJson; } /* access modifiers changed from: protected */ public WXSecurityData getStoredData(String str) { String str2; WXSecurityData wXSecurityData = new WXSecurityData(); Log.d(TAG, "getStoredData, appid = " + str); try { if (!this.sp.contains(getStoreKey(str))) { str2 = "getStoredData, fail, not exist!"; } else { JSONObject jSONObject = new JSONObject(this.sp.getString(getStoreKey(str), "")); long optLong = jSONObject.optLong(SECURITY_KEY_TIMESTAMP_SECOND); String optString = jSONObject.optString(STORE_VALUE_DATA); wXSecurityData.appid = str; wXSecurityData.lastStoreTimeStampSecond = optLong; wXSecurityData.respDataJson = optString; str2 = "getStoredData, Ok, appid = " + str + "timeStampSecond: " + wXSecurityData.lastStoreTimeStampSecond; } Log.d(TAG, str2); } catch (Exception e) { Log.e(TAG, "getStoredData fail, ex = " + e.getMessage()); } return wXSecurityData; } /* access modifiers changed from: protected */ public StringBuffer postHttpRequest(String str, String str2, String str3) { StringBuffer stringBuffer = new StringBuffer(); try { String encode = URLEncoder.encode(str, "UTF-8"); String encode2 = URLEncoder.encode(str3, "UTF-8"); String format = String.format("https://mp.weixin.qq.com/publicpoc/opensdkconf?action=GetShareConf&appid=%s&sdkVersion=%s&buffer=%s", encode, str2, encode2); Log.d(TAG, "request http, url = " + format + ", appid = " + encode + ", version = " + str2 + ", buffer = " + encode2); HttpURLConnection httpURLConnection = (HttpURLConnection) new URL(format).openConnection(); httpURLConnection.setConnectTimeout(60000); httpURLConnection.setReadTimeout(60000); httpURLConnection.setRequestProperty("Content-Type", "application/json"); httpURLConnection.connect(); int responseCode = httpURLConnection.getResponseCode(); Log.i(TAG, "http respCode = " + responseCode); if (responseCode == 200) { BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(httpURLConnection.getInputStream())); while (true) { String readLine = bufferedReader.readLine(); if (readLine == null) { break; } stringBuffer.append(readLine); } Log.d(TAG, "http response = " + ((Object) stringBuffer)); bufferedReader.close(); } httpURLConnection.disconnect(); } catch (Exception e) { Log.e(TAG, "http request fail, ex = " + e.getMessage()); } return stringBuffer; } }