package com.bytedance.bdp.appbase.util;

import com.bytedance.bdp.appbase.base.bdptask.BdpPool;
import com.bytedance.bdp.appbase.base.bdptask.BdpTask;
import com.bytedance.bdp.appbase.base.event.BdpAppEvent;
import com.bytedance.bdp.appbase.base.log.BdpLogger;
import com.bytedance.bdp.appbase.context.BdpAppContext;
import com.bytedance.bdp.appbase.service.protocol.setting.SettingService;
import java.util.HashSet;
import java.util.Locale;
import kotlin.TypeCastException;
import kotlin.collections.m;
import kotlin.jvm.a.a;
import kotlin.jvm.internal.f;
import kotlin.jvm.internal.j;
import kotlin.l;
import kotlin.text.n;
import org.json.JSONArray;
import org.json.JSONObject;

/* loaded from: classes2.dex */
public final class SecurityUtil {
    private static final String BDP_REQUEST_UNSAFE_PARAM = "bdp_request_unsafe_param";
    private static final String MP_MULTI_REQUEST_WITH_UNSAFE_PARAM = "mp_mult_request_with_unsafe_param";
    private static final String TAG = "SecurityUtil";
    private static long lastHitTime;
    public static final Companion Companion = new Companion(null);
    private static final HashSet<String> reportedAppIds = new HashSet<>();

    /* loaded from: classes2.dex */
    public static final class Companion {
        private Companion() {
        }

        public /* synthetic */ Companion(f fVar) {
            this();
        }

        private final boolean checkUnsafeParamsInJsonObject(JSONObject jSONObject, JSONArray jSONArray) {
            int length = jSONArray.length();
            for (int i = 0; i < length; i++) {
                if (jSONObject.has(jSONArray.optString(i))) {
                    return true;
                }
            }
            return false;
        }

        private final boolean checkUnsafeParamsInUrl(String str, JSONArray jSONArray) {
            Locale locale = Locale.ROOT;
            j.a((Object) locale, "Locale.ROOT");
            if (str == null) {
                throw new TypeCastException("null cannot be cast to non-null type java.lang.String");
            }
            String lowerCase = str.toLowerCase(locale);
            j.a((Object) lowerCase, "(this as java.lang.String).toLowerCase(locale)");
            int length = jSONArray.length();
            for (int i = 0; i < length; i++) {
                String str2 = lowerCase;
                if (n.c((CharSequence) str2, (CharSequence) ('&' + jSONArray.optString(i) + '='), false, 2, (Object) null)) {
                    return true;
                }
                if (n.c((CharSequence) str2, (CharSequence) ('?' + jSONArray.optString(i) + '='), false, 2, (Object) null)) {
                    return true;
                }
            }
            return false;
        }

        private final void reportFrequentlyUploadLocation(final BdpAppContext bdpAppContext) {
            BdpLogger.i(SecurityUtil.TAG, "report frequently upload location");
            BdpPool.execute(BdpTask.TaskType.IO, new a<l>() { // from class: com.bytedance.bdp.appbase.util.SecurityUtil$Companion$reportFrequentlyUploadLocation$1
                /* JADX INFO: Access modifiers changed from: package-private */
                {
                    super(0);
                }

                @Override // kotlin.jvm.a.a
                public /* bridge */ /* synthetic */ l invoke() {
                    invoke2();
                    return l.a;
                }

                /* renamed from: invoke, reason: avoid collision after fix types in other method */
                public final void invoke2() {
                    BdpAppEvent.builder("mp_mult_request_with_unsafe_param", BdpAppContext.this.getAppInfo().getSchemeInfo(), BdpAppContext.this.getAppInfo().getMetaInfo()).build().flush();
                }
            });
        }

        public final void checkUnsafeParamsAndReportIfNeed(BdpAppContext context, String url, JSONObject jSONObject, JSONObject jSONObject2) {
            j.c(context, "context");
            j.c(url, "url");
            if (m.a(SecurityUtil.reportedAppIds, context.getAppInfo().getAppId())) {
                return;
            }
            JSONObject sDKRootSetting = ((SettingService) context.getService(SettingService.class)).getSDKRootSetting(SecurityUtil.BDP_REQUEST_UNSAFE_PARAM);
            BdpLogger.i(SecurityUtil.TAG, "mp_mult_request_with_unsafe_param: " + sDKRootSetting);
            if (sDKRootSetting == null || sDKRootSetting.optInt("enable") != 1) {
                return;
            }
            JSONArray unsafeParams = sDKRootSetting.optJSONArray("unsafe_params");
            Companion companion = SecurityUtil.Companion;
            j.a((Object) unsafeParams, "unsafeParams");
            boolean checkUnsafeParamsInUrl = companion.checkUnsafeParamsInUrl(url, unsafeParams);
            if (!checkUnsafeParamsInUrl && jSONObject != null) {
                checkUnsafeParamsInUrl = SecurityUtil.Companion.checkUnsafeParamsInJsonObject(jSONObject, unsafeParams);
            }
            if (!checkUnsafeParamsInUrl && jSONObject2 != null) {
                checkUnsafeParamsInUrl = SecurityUtil.Companion.checkUnsafeParamsInJsonObject(jSONObject2, unsafeParams);
            }
            if (checkUnsafeParamsInUrl) {
                long currentTimeMillis = System.currentTimeMillis();
                BdpLogger.i(SecurityUtil.TAG, "hit unsafe parasm, time: " + currentTimeMillis);
                if (currentTimeMillis - SecurityUtil.lastHitTime >= sDKRootSetting.optLong("max_interval")) {
                    SecurityUtil.lastHitTime = currentTimeMillis;
                    return;
                }
                String appId = context.getAppInfo().getAppId();
                if (appId != null) {
                    SecurityUtil.reportedAppIds.add(appId);
                }
                SecurityUtil.Companion.reportFrequentlyUploadLocation(context);
            }
        }
    }
}
