package com.alibaba.sdk.android.security.impl;

import android.text.TextUtils;
import com.alibaba.sdk.android.config.PropertyChangeListener;
import com.alibaba.sdk.android.initialization.InitializationHandler;
import com.alibaba.sdk.android.oss.common.RequestParameters;
import com.alibaba.sdk.android.plugin.PluginManager;
import com.alibaba.sdk.android.security.AccessController;
import com.alibaba.sdk.android.security.WebAccessPermission;
import com.alibaba.sdk.android.trace.AliSDKLogger;
import com.alibaba.sdk.android.util.CommonUtils;
import com.alibaba.sdk.android.util.JSONUtils;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import org.json.JSONArray;
import org.json.JSONObject;

/* compiled from: TbsSdkJava */
/* loaded from: classes2.dex */
public class AccessControllerManager implements InitializationHandler<Void>, AccessController {
    private static final String ACCESS_PERMISSIONS_KEY = "alisdk.sdk_access_permissions";
    private static final String LAST_ACCESS_PERMISSIONS_QUERY_TIMESTAMP_KEY = "alisdk.last_sdk_access_permissions_timestamp";
    private static final String NEXT_ACCESS_PERMISSIONS_QUERY_TIMESTAMP_KEY = "alisdk.next_sdk_access_permissions_timestamp";
    private volatile JSONObject configs;
    private boolean ignoreAclInterval;
    private volatile long lastQueryTimestamp;
    private volatile long nextQueryTimestamp;
    private static final String TAG = AccessControllerManager.class.getSimpleName();
    public static final AccessControllerManager INSTANCE = new AccessControllerManager();
    private volatile Set<String> prohibitedPlugins = Collections.emptySet();
    private volatile List<? extends WebAccessPermission> webAccessPermissions = Collections.singletonList(new GrantAllWebAccessPermission());
    private volatile boolean initialized = false;

    private AccessControllerManager() {
    }

    private synchronized void updateAccessPermissions(String str) {
        JSONArray optJSONArray;
        synchronized (this) {
            try {
                JSONObject jSONObject = new JSONObject(str);
                HashSet hashSet = new HashSet();
                JSONObject optJSONObject = jSONObject.optJSONObject("plugins");
                if (optJSONObject != null && (optJSONArray = optJSONObject.optJSONArray("prohibited_list")) != null) {
                    int length = optJSONArray.length();
                    for (int i = 0; i < length; i++) {
                        hashSet.add(optJSONArray.getString(i));
                    }
                }
                this.prohibitedPlugins = hashSet;
                ArrayList arrayList = new ArrayList();
                JSONObject optJSONObject2 = jSONObject.optJSONObject("webpages");
                if (optJSONObject2 == null) {
                    arrayList.add(new GrantAllWebAccessPermission());
                } else {
                    JSONArray optJSONArray2 = optJSONObject2.optJSONArray("grant_list");
                    if (optJSONArray2 == null) {
                        arrayList.add(new GrantAllWebAccessPermission());
                    } else {
                        int length2 = optJSONArray2.length();
                        for (int i2 = 0; i2 < length2; i2++) {
                            JSONObject jSONObject2 = optJSONArray2.getJSONObject(i2);
                            String optString = jSONObject2.optString("value");
                            String optString2 = jSONObject2.optString("type");
                            if (TextUtils.isEmpty(optString) || TextUtils.isEmpty(optString2)) {
                                AliSDKLogger.w(TAG, "Empty type/value for the current web access permission " + jSONObject2);
                            } else if (RequestParameters.PREFIX.equals(optString2)) {
                                arrayList.add(new PrefixWebAccessPermission(optString));
                            } else if ("regexp".equals(optString2)) {
                                arrayList.add(new RegexpWebAccessPermission(optString));
                            } else if ("strict".equals(optString2)) {
                                arrayList.add(new StrictWebAccessPermission(optString));
                            } else {
                                AliSDKLogger.w(TAG, "Unrecognized url permssion " + jSONObject2);
                            }
                        }
                    }
                }
                this.webAccessPermissions = arrayList;
                this.configs = jSONObject.optJSONObject("configs");
            } catch (Exception e) {
                AliSDKLogger.e(TAG, "Fail to update the access controller, the error message is " + e.getMessage());
            }
        }
    }

    @Override // com.alibaba.sdk.android.security.AccessController
    public boolean checkPluginLoadPermission(String str) {
        return !this.prohibitedPlugins.contains(str);
    }

    @Override // com.alibaba.sdk.android.security.AccessController
    public boolean checkWebPageAccessPermission(String str) {
        Iterator<? extends WebAccessPermission> it = this.webAccessPermissions.iterator();
        while (it.hasNext()) {
            if (it.next().checkPermission(str)) {
                return true;
            }
        }
        return false;
    }

    @Override // com.alibaba.sdk.android.initialization.InitializationHandler
    public Object createRequestParameters() {
        return null;
    }

    @Override // com.alibaba.sdk.android.security.AccessController
    public String getConfigProperty(String str) {
        if (this.configs == null) {
            return null;
        }
        return JSONUtils.optString(this.configs, str);
    }

    @Override // com.alibaba.sdk.android.initialization.InitializationHandler
    public String getRequestParameterKey() {
        return RequestParameters.SUBRESOURCE_ACL;
    }

    @Override // com.alibaba.sdk.android.initialization.InitializationHandler
    public int getRequestRequirement() {
        if (CommonUtils.isApplicationDefaultProcess() == 0 && SecurityContext.pluginConfigurations.getBooleanValue("refreshInMainProcess", true)) {
            return 2;
        }
        return (this.ignoreAclInterval || System.currentTimeMillis() > this.nextQueryTimestamp) ? 1 : 3;
    }

    @Override // com.alibaba.sdk.android.initialization.InitializationHandler
    public int getRequestServiceType() {
        return 16;
    }

    @Override // com.alibaba.sdk.android.initialization.InitializationHandler
    public String getResponseValueKey() {
        return RequestParameters.SUBRESOURCE_ACL;
    }

    @Override // com.alibaba.sdk.android.initialization.InitializationHandler
    public void handleResponseError(int i, String str) {
    }

    @Override // com.alibaba.sdk.android.initialization.InitializationHandler
    public Void handleResponseValue(JSONObject jSONObject) {
        if (jSONObject == null) {
            AliSDKLogger.e(TAG, "Null response returned for acl");
        } else {
            int optInt = jSONObject.optInt("code", -1);
            if (optInt == -1) {
                AliSDKLogger.e(TAG, "Failed to query acl info, the error code = " + optInt + " message = " + jSONObject.optString("message"));
            } else {
                JSONObject optJSONObject = jSONObject.optJSONObject("data");
                if (optJSONObject == null) {
                    AliSDKLogger.e(TAG, "Failed to query acl info, no data in the response");
                } else {
                    long optLong = optJSONObject.optLong("expireIn", 86400000L);
                    this.lastQueryTimestamp = System.currentTimeMillis();
                    this.nextQueryTimestamp = optLong + this.lastQueryTimestamp;
                    SecurityGuardWrapper.INSTANCE.putValueInDynamicDataStore(NEXT_ACCESS_PERMISSIONS_QUERY_TIMESTAMP_KEY, String.valueOf(this.nextQueryTimestamp));
                    SecurityGuardWrapper.INSTANCE.putValueInDynamicDataStore(LAST_ACCESS_PERMISSIONS_QUERY_TIMESTAMP_KEY, String.valueOf(this.lastQueryTimestamp));
                    String optString = optJSONObject.optString("authData");
                    if (TextUtils.isEmpty(optString)) {
                        AliSDKLogger.e(TAG, "Failed to query acl info, no auth data in the response");
                    } else {
                        updateAccessPermissions(optString);
                        SecurityGuardWrapper.INSTANCE.putValueInDynamicDataStore(ACCESS_PERMISSIONS_KEY, optString);
                        if (this.prohibitedPlugins.size() > 0) {
                            SecurityContext.executorService.postTask(new Runnable() { // from class: com.alibaba.sdk.android.security.impl.AccessControllerManager.2
                                @Override // java.lang.Runnable
                                public void run() {
                                    PluginManager pluginManager = (PluginManager) SecurityContext.appContext.getService(PluginManager.class, null);
                                    for (String str : AccessControllerManager.this.prohibitedPlugins) {
                                        try {
                                            pluginManager.stopPlugin(str);
                                        } catch (Exception e) {
                                            AliSDKLogger.e(AccessControllerManager.TAG, "Fail to stop the plugin " + str + ", the error message is " + e.getMessage());
                                        }
                                    }
                                }
                            });
                        }
                    }
                }
            }
        }
        return null;
    }

    public synchronized void init() {
        if (!this.initialized) {
            SecurityGuardWrapper securityGuardWrapper = SecurityGuardWrapper.INSTANCE;
            String valueFromDynamicDataStore = securityGuardWrapper.getValueFromDynamicDataStore(ACCESS_PERMISSIONS_KEY);
            if (valueFromDynamicDataStore != null) {
                updateAccessPermissions(valueFromDynamicDataStore);
            }
            String valueFromDynamicDataStore2 = securityGuardWrapper.getValueFromDynamicDataStore(NEXT_ACCESS_PERMISSIONS_QUERY_TIMESTAMP_KEY);
            if (valueFromDynamicDataStore2 != null) {
                try {
                    this.nextQueryTimestamp = Long.parseLong(valueFromDynamicDataStore2);
                } catch (Exception e) {
                    this.nextQueryTimestamp = 0L;
                }
            }
            String valueFromDynamicDataStore3 = securityGuardWrapper.getValueFromDynamicDataStore(LAST_ACCESS_PERMISSIONS_QUERY_TIMESTAMP_KEY);
            if (valueFromDynamicDataStore3 != null) {
                try {
                    this.lastQueryTimestamp = Long.parseLong(valueFromDynamicDataStore3);
                } catch (Exception e2) {
                    this.lastQueryTimestamp = 0L;
                }
            }
            this.ignoreAclInterval = SecurityContext.pluginConfigurations.getBooleanValue("ignoreACLInterval", false);
            SecurityContext.pluginConfigurations.registerGlobalPropertyChangeListener(new PropertyChangeListener() { // from class: com.alibaba.sdk.android.security.impl.AccessControllerManager.1
                @Override // com.alibaba.sdk.android.config.PropertyChangeListener
                public void propertyChanged(String str, String str2, String str3) {
                    if (!"ACL_EXPIREDIN".equals(str) || TextUtils.isEmpty(str3)) {
                        return;
                    }
                    try {
                        long parseLong = Long.parseLong(str3);
                        AccessControllerManager.this.nextQueryTimestamp = parseLong + AccessControllerManager.this.lastQueryTimestamp;
                        SecurityGuardWrapper.INSTANCE.putValueInDynamicDataStore(AccessControllerManager.NEXT_ACCESS_PERMISSIONS_QUERY_TIMESTAMP_KEY, String.valueOf(AccessControllerManager.this.nextQueryTimestamp));
                    } catch (Exception e3) {
                        AliSDKLogger.e("security", "Fail to update ACL_EXPIREDIN", e3);
                    }
                }
            });
            this.initialized = true;
        }
    }
}
