TIM v2.3.1版本的 MD5 值为:d6957e3ee7ce901ccc491cefdea0da8c
以下内容为反编译后的 WebSecurityPlugin.java 源代码,内容仅作参考
package com.tencent.mobileqq.webview;
import android.app.Activity;
import android.content.Context;
import android.content.Intent;
import android.net.Uri;
import android.os.Bundle;
import android.os.Handler;
import android.os.Looper;
import android.text.TextUtils;
import com.tencent.biz.AuthorizeConfig;
import com.tencent.biz.ProtoServlet;
import com.tencent.biz.WebCgiWhiteListManager;
import com.tencent.biz.common.util.Util;
import com.tencent.biz.pubaccount.CustomWebView;
import com.tencent.biz.webviewplugin.SosoPlugin;
import com.tencent.common.app.AppInterface;
import com.tencent.common.app.BaseApplicationImpl;
import com.tencent.mobileqq.app.QQAppInterface;
import com.tencent.mobileqq.dating.HotChatFlashPicActivity;
import com.tencent.mobileqq.pb.ByteStringMicro;
import com.tencent.mobileqq.statistics.DcReportUtil;
import com.tencent.mobileqq.statistics.ReportController;
import com.tencent.mobileqq.transfile.SosoSrvAddrProvider;
import com.tencent.mobileqq.webview.swift.WebViewPlugin;
import com.tencent.mobileqq.webview.swift.WebviewPluginEventConfig;
import com.tencent.pb.webview.UrlQuery;
import com.tencent.qphone.base.util.QLog;
import com.tencent.smtt.sdk.WebView;
import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;
import java.util.HashSet;
import java.util.Map;
import java.util.Random;
import java.util.Set;
import mqq.app.AppRuntime;
import mqq.app.NewIntent;
import mqq.observer.BusinessObserver;
import org.json.JSONException;
import org.json.JSONObject;
public class WebSecurityPlugin extends WebViewPlugin {
private static long f34542a = 0;
public static final String f34543a = "WebSecurityPlugin";
private static final int f94980b = 10240;
private static final long f34545b = 1800000;
public static final String f34546b = "UrlSaveVerify";
private static boolean f34547b = false;
public static final String f94981c = "key_isReadModeEnabled";
public static final String d = "/cgi-bin/httpconn?htcmd=0x6ff0080";
public static final String e = "key_isFromQZone";
public static final String f = "webViewUrlCheckSp";
public static final String g = "webViewUrlCheckSwitchKey";
private static final String i = "http://pub.idqqimg.com/qqmobile/client/android/forbidden.html";
WebView f34549a;
private boolean f34553c;
String h;
public static String[] f34544a = SosoPlugin.f6850a;
private static int f94979a = 20;
boolean f34552a = true;
private Set f34550a = new HashSet();
public Handler f34548a = new Handler(Looper.getMainLooper());
private final BusinessObserver f34551a = new vud(this);
public WebSecurityPlugin() {
this.mPluginNameSpace = f34546b;
}
@Override
public void onWebViewCreated(CustomWebView customWebView) {
super.onWebViewCreated(customWebView);
this.f34549a = customWebView;
}
@Override
public void onAppRuntimeReady(AppInterface appInterface) {
this.h = appInterface.getCurrentAccountUin();
}
public static boolean a(Context context) {
if (context == null) {
return false;
}
int i2 = context.getSharedPreferences(f, 4).getInt(g, 0);
QLog.d(f34543a, 1, "hasUrlSsoCheckSwitchOn isSSOCheckValidate = " + i2);
return i2 == 1;
}
@Override
public boolean handleSchemaRequest(String str, String str2) {
if ("http".equals(str2) || "https".equals(str2)) {
if (this.mRuntime == null || this.mRuntime.a() == null) {
QLog.e(f34543a, 1, "handleSchemaRequest mRuntime empty");
return false;
} else if (this.f34550a.contains(str)) {
QLog.d(f34543a, 1, "handleSchemaRequest url has checked, url = " + Util.c(str, new String[0]));
return false;
} else if (a() && this.f34550a.size() >= f94979a) {
QLog.d(f34543a, 1, "handleSchemaRequest url check times enough, url = " + Util.c(str, new String[0]));
return false;
} else if (AuthorizeConfig.a().m848b(str)) {
if (QLog.isColorLevel()) {
QLog.d(f34543a, 2, "Url is on cig skip white list,the url:" + Util.b(str, new String[0]));
return false;
}
return false;
} else if (a(this.mRuntime.a())) {
if (this.f34553c) {
QLog.d(f34543a, 1, "handleSchemaRequest hasSSOChecked , url = " + Util.c(str, new String[0]));
return false;
}
m9595a(str);
return false;
} else {
try {
Uri parse = Uri.parse(str);
if (parse != null && parse.isHierarchical()) {
String host = parse.getHost();
if (!TextUtils.isEmpty(host) && host.endsWith(".qq.com") && (str.contains(URLEncoder.encode("/cgi-bin/httpconn?htcmd=0x6ff0080")) || str.contains("/cgi-bin/httpconn?htcmd=0x6ff0080"))) {
if (QLog.isColorLevel()) {
QLog.i(f34543a, 2, "SosoPlugin: url contains /cgi-bin/httpconn?htcmd=0x6ff0080, url: " + Util.c(str, new String[0]));
return false;
}
return false;
}
}
} catch (Exception e2) {
QLog.e(f34543a, 1, "", e2);
}
if (QLog.isColorLevel()) {
QLog.d(f34543a, 2, "check url safety with old solution (<5.3)");
}
String a2 = a(str);
if (str.equalsIgnoreCase(a2)) {
return false;
}
this.f34549a.loadUrl(a2);
return true;
}
}
return false;
}
private boolean b() {
if (this.mRuntime == null || this.mRuntime.a() == null) {
return false;
}
return this.mRuntime.a().getIntent().getBooleanExtra("key_isReadModeEnabled", false);
}
private String a(Intent intent) {
if (intent == null) {
return "";
}
if (intent.getBooleanExtra("fromQrcode", false)) {
return "mqq.qrcode";
}
if (intent.getBooleanExtra(e, false)) {
return "mqq.qzone";
}
switch (intent.getIntExtra(HotChatFlashPicActivity.f21720g, -1)) {
case 0:
return "mqq.c2c";
case 1:
return "mqq.group";
case 3000:
return "mqq.discussion";
default:
return "";
}
}
private void m9595a(String str) {
String str2;
if (TextUtils.isEmpty(str) || this.mRuntime == null) {
QLog.e(f34543a, 1, "sendSSOReq url or runtime is empty");
return;
}
UrlQuery.UrlQueryReq urlQueryReq = new UrlQuery.UrlQueryReq();
int length = str.length();
if (length > 10240) {
QLog.e(f34543a, 1, "This is illegal url, because the length " + length + " has been beyond the max length 10240");
str2 = str.substring(0, 10240);
} else {
str2 = str;
}
urlQueryReq.bytes_url.set(ByteStringMicro.copyFrom(str2.getBytes()));
String a2 = a(this.mRuntime.a().getIntent());
if (a2 != null) {
urlQueryReq.bytes_qq_pf_to.set(ByteStringMicro.copyFrom(a2.getBytes()));
}
NewIntent newIntent = new NewIntent(this.mRuntime.a(), ProtoServlet.class);
newIntent.setWithouLogin(true);
newIntent.putExtra("cmd", "UrlSecSvc.Webview");
newIntent.putExtra("data", urlQueryReq.toByteArray());
newIntent.setObserver(this.f34551a);
AppRuntime m1871a = BaseApplicationImpl.a().m1871a();
if (m1871a != null) {
m1871a.startServlet(newIntent);
this.f34550a.add(str);
return;
}
QLog.e(f34543a, 1, "sendSSOReq app = null");
}
public void a(boolean z, Bundle bundle) {
if (z) {
byte[] byteArray = bundle.getByteArray("data");
if (byteArray == null) {
QLog.e(f34543a, 1, "urlCheckObserver data == null");
return;
}
UrlQuery.UrlQueryRsp urlQueryRsp = new UrlQuery.UrlQueryRsp();
try {
urlQueryRsp.mergeFrom(byteArray);
if (urlQueryRsp.uint32_result.get() == 0 && urlQueryRsp.uint32_jump_result.get() >= 1) {
String stringUtf8 = urlQueryRsp.bytes_jump_url.get().toStringUtf8();
if (!TextUtils.isEmpty(stringUtf8)) {
CustomWebView m9631a = this.mRuntime != null ? this.mRuntime.m9631a() : null;
if (m9631a != null) {
this.f34553c = true;
m9631a.stopLoading();
m9631a.clearHistory();
m9631a.loadUrl(stringUtf8);
QLog.d(f34543a, 1, "onReceive jumpUrl = " + stringUtf8);
}
}
}
} catch (Exception e2) {
QLog.e(f34543a, 1, "onReceive exception e = ", e2);
}
}
}
String a(Intent intent, String str, SosoSrvAddrProvider sosoSrvAddrProvider) {
if (!str.contains(URLEncoder.encode("/cgi-bin/httpconn?htcmd=0x6ff0080")) && !str.contains("/cgi-bin/httpconn?htcmd=0x6ff0080")) {
try {
String str2 = f34544a[new Random().nextInt(2)];
StringBuilder sb = new StringBuilder();
sb.append(str2);
sb.append("&u=");
sb.append(URLEncoder.encode(str, "UTF-8"));
sb.append("&wap=3");
sb.append("&qq-pf-to=").append(a(intent));
String stringExtra = intent.getStringExtra("uin");
if (!TextUtils.isEmpty(stringExtra)) {
sb.append("&uin=").append(stringExtra);
} else if (!TextUtils.isEmpty(this.h)) {
sb.append("&uin=").append(this.h);
}
String stringExtra2 = intent.getStringExtra("friendUin");
if (!TextUtils.isEmpty(stringExtra2)) {
sb.append("&originuin=").append(stringExtra2);
}
str = sb.toString();
return str;
} catch (UnsupportedEncodingException e2) {
e2.printStackTrace();
return str;
}
}
return str;
}
private String a(String str) {
if (this.f34552a) {
return a(this.mRuntime.a().getIntent(), str, SosoSrvAddrProvider.a());
}
return str;
}
@Override
public boolean handleEvent(String str, long j, Map map) {
if (j == WebviewPluginEventConfig.n) {
this.f34552a = true;
if (this.f34553c) {
this.f34549a.clearHistory();
return false;
} else if (!TextUtils.isEmpty(str) && str.startsWith("http")) {
ReportController.b(null, "P_CliOper", "BizTechReport", "", "web_safe", "url_safe_check", 0, 0, "", "", "", "");
return false;
} else {
return false;
}
} else if (j == WebviewPluginEventConfig.o) {
this.f34552a = true;
return false;
} else if (j == WebviewPluginEventConfig.m) {
this.f34552a = false;
return false;
} else if (j == WebviewPluginEventConfig.H) {
Activity a2 = this.mRuntime == null ? null : this.mRuntime.a();
Intent intent = a2 == null ? null : a2.getIntent();
StringBuilder sb = new StringBuilder();
String a3 = a(intent);
sb.append(str).append("|");
sb.append(str).append("|");
sb.append(a3);
DcReportUtil.a((QQAppInterface) null, "dc01985", sb.toString(), true);
return false;
} else {
return false;
}
}
public static boolean a() {
long currentTimeMillis = System.currentTimeMillis();
if (currentTimeMillis - f34542a > 1800000) {
f34542a = currentTimeMillis;
String string = BaseApplicationImpl.a().getSharedPreferences(WebCgiWhiteListManager.f82214a, 4).getString(WebCgiWhiteListManager.d, null);
if (QLog.isColorLevel()) {
QLog.i(f34543a, 1, "update max_verify_times : " + string);
}
if (string != null) {
try {
JSONObject jSONObject = new JSONObject(string);
f34547b = jSONObject.optInt("is_switch", 0) == 1;
f94979a = jSONObject.optInt("limit_count", 20);
} catch (JSONException e2) {
QLog.e(f34543a, 1, "parse max verify config failed!", e2);
}
}
}
return f34547b;
}
}