package com.alipay.mobile.nebulax.integration.base.security;

import com.alibaba.ariver.app.api.App;
import com.alibaba.ariver.app.api.EmbedType;
import com.alibaba.ariver.app.api.Page;
import com.alibaba.ariver.app.api.PermissionUtil;
import com.alibaba.ariver.app.api.point.page.PageEnterPoint;
import com.alibaba.ariver.app.api.service.TinyAppInnerProxy;
import com.alibaba.ariver.engine.api.bridge.BridgeResponseHelper;
import com.alibaba.ariver.engine.api.bridge.model.NativeCallContext;
import com.alibaba.ariver.engine.api.security.BridgeAccessPoint;
import com.alibaba.ariver.kernel.RVConstants;
import com.alibaba.ariver.kernel.api.security.Accessor;
import com.alibaba.ariver.kernel.api.security.ApiPermissionCheckResult;
import com.alibaba.ariver.kernel.api.security.Group;
import com.alibaba.ariver.kernel.api.security.Guard;
import com.alibaba.ariver.kernel.api.security.Permission;
import com.alibaba.ariver.kernel.common.RVProxy;
import com.alibaba.ariver.kernel.common.service.RVConfigService;
import com.alibaba.ariver.kernel.common.service.executor.ExecutorType;
import com.alibaba.ariver.kernel.common.utils.ExecutorUtils;
import com.alibaba.ariver.kernel.common.utils.JSONUtils;
import com.alibaba.ariver.kernel.common.utils.RVKernelUtils;
import com.alibaba.ariver.kernel.common.utils.RVLogger;
import com.alibaba.ariver.permission.AppPermissionUtils;
import com.alibaba.ariver.permission.api.AppPermissionManager;
import com.alibaba.ariver.permission.api.PermissionManager;
import com.alibaba.ariver.permission.api.proxy.AuthenticationProxy;
import com.alibaba.ariver.permission.model.RVGroupInit;
import com.alibaba.ariver.resource.api.models.AppModel;
import com.alibaba.fastjson.JSONObject;
import com.alipay.dexaop.DexAOPCenter;
import com.alipay.dexaop.DexAOPEntry;
import com.alipay.dexaop.stub.java.lang.Runnable_run__stub;
import com.alipay.mobile.framework.MpaasClassInfo;
import com.alipay.mobile.nebula.dev.H5DevConfig;
import java.util.List;

@MpaasClassInfo(ExportJarName = "unknown", Level = "product", Product = ":mobile-nebulaintegration")
/* loaded from: classes9.dex */
public class BridgeAccessExtension implements PageEnterPoint, BridgeAccessPoint {

    /* renamed from: a, reason: collision with root package name */
    private PermissionManager f22724a;
    private boolean b = true;
    private boolean c = true;

    @MpaasClassInfo(ExportJarName = "unknown", Level = "product", Product = ":mobile-nebulaintegration")
    /* renamed from: com.alipay.mobile.nebulax.integration.base.security.BridgeAccessExtension$1, reason: invalid class name */
    /* loaded from: classes9.dex */
    final class AnonymousClass1 implements Runnable_run__stub, Runnable {

        /* renamed from: a, reason: collision with root package name */
        final /* synthetic */ Page f22725a;

        AnonymousClass1(Page page) {
            this.f22725a = page;
        }

        private final void __run_stub_private() {
            BridgeAccessExtension.this.a(this.f22725a);
        }

        @Override // com.alipay.dexaop.stub.java.lang.Runnable_run__stub
        public final void __run_stub() {
            __run_stub_private();
        }

        @Override // java.lang.Runnable
        public final void run() {
            if ((DexAOPCenter.sFlag & 1) == 0 || getClass() != AnonymousClass1.class) {
                __run_stub_private();
            } else {
                DexAOPEntry.bg_java_lang_Runnable_run_proxy(AnonymousClass1.class, this);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void a(Accessor accessor) {
        if (this.f22724a == null) {
            synchronized (this) {
                if (this.f22724a == null) {
                    boolean isAppPermission = AppPermissionUtils.isAppPermission(accessor);
                    RVLogger.d("AriverPermission:BridgeAccessExtension", "init permissionManager with isAppPermissionType " + isAppPermission);
                    if (isAppPermission) {
                        this.f22724a = new AppPermissionManager(new a());
                    } else {
                        this.f22724a = new DomainPermissionManager();
                    }
                    this.f22724a.init(accessor);
                }
            }
        }
    }

    @Override // com.alibaba.ariver.engine.api.security.BridgeAccessPoint
    public boolean asyncCheckPermission(Permission permission, Accessor accessor, NativeCallContext nativeCallContext, BridgeResponseHelper bridgeResponseHelper) {
        a(accessor);
        return this.f22724a.asyncCheckPermission(permission, accessor, nativeCallContext, bridgeResponseHelper);
    }

    @Override // com.alibaba.ariver.engine.api.security.BridgeAccessPoint
    public boolean bizCheckPermission(Permission permission, Accessor accessor, NativeCallContext nativeCallContext, BridgeResponseHelper bridgeResponseHelper) {
        a(accessor);
        boolean bizCheckPermission = this.f22724a.bizCheckPermission(permission, accessor, nativeCallContext, bridgeResponseHelper);
        if (!bizCheckPermission) {
            RVLogger.d("AriverPermission:BridgeAccessExtension", accessor + " bizCheckPermission " + permission.authority() + ", result=false");
        }
        return bizCheckPermission;
    }

    @Override // com.alibaba.ariver.engine.api.security.BridgeAccessPoint
    public ApiPermissionCheckResult checkPermission(Permission permission, Accessor accessor, NativeCallContext nativeCallContext, BridgeResponseHelper bridgeResponseHelper) {
        a(accessor);
        ApiPermissionCheckResult checkPermission = this.f22724a.checkPermission(permission, accessor, nativeCallContext, bridgeResponseHelper);
        if (checkPermission != null && checkPermission.ordinal() >= ApiPermissionCheckResult.DENY.ordinal()) {
            RVLogger.d("AriverPermission:BridgeAccessExtension", accessor + " checkPermission =" + permission.authority() + ", result=" + checkPermission);
        }
        return checkPermission;
    }

    @Override // com.alibaba.ariver.engine.api.security.BridgeAccessPoint
    public Group manageAccessorGroup(Accessor accessor) {
        RVGroupInit.init(com.alipay.mobile.nebulax.integration.base.security.a.a.a().f22727a);
        a(accessor);
        Group manageAccessorGroup = this.f22724a.manageAccessorGroup(accessor);
        RVLogger.d("AriverPermission:BridgeAccessExtension", accessor + " group=" + manageAccessorGroup.groupName());
        return manageAccessorGroup;
    }

    @Override // com.alibaba.ariver.engine.api.security.BridgeAccessPoint
    public boolean needPermissionCheck(Accessor accessor, List<? extends Guard> list) {
        App app;
        Page page;
        JSONObject extendInfos;
        JSONObject jSONObject;
        if (accessor instanceof Page) {
            Page page2 = (Page) accessor;
            app = page2.getApp();
            page = page2;
        } else {
            if (!(accessor instanceof App)) {
                return true;
            }
            app = (App) accessor;
            page = null;
        }
        TinyAppInnerProxy tinyAppInnerProxy = (TinyAppInnerProxy) RVProxy.get(TinyAppInnerProxy.class);
        if (tinyAppInnerProxy != null && page != null && app != null && tinyAppInnerProxy.isInner(app) && !tinyAppInnerProxy.isEmbedWebViewInnerAppBlack(page)) {
            if (!this.c) {
                RVLogger.d("AriverPermission:BridgeAccessExtension", "accessor " + accessor + " isInner app ");
                return false;
            }
            if (app.isTinyApp()) {
                if (page.getEmbedType() != EmbedType.NO && PermissionUtil.forceInnerWebViewCheck()) {
                    RVLogger.d("AriverPermission:BridgeAccessExtension", "accessor" + accessor.hashCode() + " isInner app but web-view , need check permission ");
                    return true;
                }
                AppModel appModel = (AppModel) app.getData(AppModel.class);
                if (appModel == null || (extendInfos = appModel.getExtendInfos()) == null || (jSONObject = JSONUtils.getJSONObject(extendInfos, RVConstants.EXTRA_RES_PARAM_MAP, null)) == null || !PermissionUtil.forceInnerPermissionCheck(jSONObject)) {
                    RVLogger.d("AriverPermission:BridgeAccessExtension", "accessor " + accessor + " isInner app ");
                    return false;
                }
                RVLogger.d("AriverPermission:BridgeAccessExtension", "force check permission paramMap");
                return true;
            }
        }
        if (RVKernelUtils.isDebug() && ((RVConfigService) RVProxy.get(RVConfigService.class)).getConfigBoolean(H5DevConfig.H5_JSAPI_PERMISSION, false)) {
            RVLogger.d("AriverPermission:BridgeAccessExtension", "accessor " + accessor + " debug app permission check switch is close");
            return false;
        }
        a(accessor);
        if (page != null && !PermissionUtil.forceDomainCheck(app.getAppId())) {
            if (app == null || ((AuthenticationProxy) RVProxy.get(AuthenticationProxy.class)).hasPermissionModel(app.getAppId(), page)) {
                return true;
            }
            if (this.b && !app.isTinyApp()) {
                return true;
            }
            return false;
        }
        return true;
    }

    @Override // com.alibaba.ariver.kernel.api.extension.Extension
    public void onFinalized() {
    }

    @Override // com.alibaba.ariver.kernel.api.extension.Extension
    public void onInitialized() {
    }

    @Override // com.alibaba.ariver.app.api.point.page.PageEnterPoint
    public void onPageEnter(Page page) {
        ExecutorUtils.execute(ExecutorType.URGENT_DISPLAY, new AnonymousClass1(page));
        this.b = "yes".equalsIgnoreCase(((RVConfigService) RVProxy.get(RVConfigService.class)).getConfigWithProcessCache("h5_needCheckPermissionFileExceptTiny", "no"));
        this.c = "yes".equalsIgnoreCase(((RVConfigService) RVProxy.get(RVConfigService.class)).getConfigWithProcessCache("h5_checkInnerAppPermissionForH5", "no"));
    }
}
