package com.cmcm.threat.expImpl;

import com.cheetahmobile.iotsecurity.log.LogUtils;
import com.cmcm.bean.Constant;
import com.cmcm.bean.DeviceItem;
import com.cmcm.bean.Vulnerability;
import com.cmcm.callback.CallBackI;
import com.cmcm.utils.Base64;
import com.cmcm.utils.HttpUtil;
import com.cmcm.utils.StringUtil;
import com.cmcm.utils.Utils;
import com.cmcm.utils.wrapHttpUtil;
import com.kinfoc.FileUtil;
import java.io.File;
import java.io.FileInputStream;
import java.io.InputStream;
import java.io.Serializable;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.concurrent.LinkedBlockingQueue;
import java.util.concurrent.ThreadPoolExecutor;
import java.util.concurrent.TimeUnit;
import org.apache.http.HttpHost;
import org.json.JSONArray;
import org.json.JSONException;
import org.json.JSONObject;

/* loaded from: classes.dex */
public class VulnerabilityExploit implements Serializable {
    public static JSONArray m_allLoginRule = null;
    public static JSONArray m_allRule = null;
    public static JSONObject[] m_jsLoginRule = null;
    private static final long serialVersionUID = 1;
    private boolean isCommonFinish = false;
    private boolean isManuFinish = false;
    private int isRandomUrl200 = 0;
    private DeviceItem mDeviceItem;
    private static String[] resultFilter = {"you have no authority to access this router!", "window.parent.location.href = ", "invalid session key, please try again", "Access Error: Unauthorized", "403 forbidden", "<input type='password'", "you will now be redirected to the login page", "this page is not supported.", "getById(\"login_fail\").style.display=\"none\"", "Authentication Fail. Please Login First!"};
    public static JSONArray m_jsRule = new JSONArray();
    public static ArrayList<VulnerExploit> mRouterVue = new ArrayList<>();
    public static ArrayList<VulnerExploit> mCameraVue = new ArrayList<>();
    public static int mCoreThread = 5;
    public static int mMaxThread = 10;
    public static boolean mIsInit = false;

    public VulnerabilityExploit(DeviceItem deviceItem) {
        this.mDeviceItem = deviceItem;
    }

    private boolean checkResult(String str, JSONObject jSONObject, byte[] bArr) {
        String str2 = new String(bArr, 0, bArr.length);
        boolean z = false;
        if (jSONObject.has("echo")) {
            try {
                if (jSONObject.getBoolean("echo")) {
                    if (str2.contains("cmtestcm")) {
                        return true;
                    }
                }
            } catch (JSONException e) {
            }
        }
        if (jSONObject.has("result")) {
            try {
                JSONObject jSONObject2 = jSONObject.getJSONObject("result");
                int i = 3;
                if (jSONObject2.has("check_type")) {
                    try {
                        i = jSONObject2.getInt("check_type");
                    } catch (JSONException e2) {
                        return false;
                    }
                }
                if (i == 1) {
                    z = true;
                    try {
                        JSONArray jSONArray = jSONObject2.getJSONArray(FileUtil.ID_DATA);
                        if (jSONArray.length() == 0) {
                            synchronized (this) {
                                if (this.isRandomUrl200 == 0) {
                                    this.isRandomUrl200 = -1;
                                    HttpUtil.HttpUtilResponse hGet = wrapHttpUtil.hGet(str + "randomtest");
                                    if (hGet != null && hGet.retCode == 200) {
                                        this.isRandomUrl200 = 1;
                                    }
                                }
                            }
                        }
                        if (this.isRandomUrl200 == 1) {
                            return false;
                        }
                        int i2 = 0;
                        while (true) {
                            if (i2 >= jSONArray.length()) {
                                break;
                            }
                            if (str2.toLowerCase().contains(jSONArray.getString(i2).toLowerCase())) {
                                z = false;
                                break;
                            }
                            i2++;
                        }
                    } catch (JSONException e3) {
                        z = false;
                        LogUtils.b("exception", e3.getMessage());
                    }
                } else if (i == 2) {
                    try {
                        JSONArray jSONArray2 = jSONObject2.getJSONArray(FileUtil.ID_DATA);
                        int i3 = 0;
                        while (true) {
                            if (i3 >= jSONArray2.length()) {
                                break;
                            }
                            if (str2.toLowerCase().contains(jSONArray2.getString(i3).toLowerCase())) {
                                z = true;
                                break;
                            }
                            i3++;
                        }
                    } catch (JSONException e4) {
                        z = false;
                        LogUtils.b("exception", e4.getMessage());
                    }
                } else {
                    z = true;
                    try {
                        JSONArray jSONArray3 = jSONObject2.getJSONArray(FileUtil.ID_DATA);
                        int i4 = 0;
                        while (true) {
                            if (i4 >= jSONArray3.length()) {
                                break;
                            }
                            if (!str2.toLowerCase().contains(jSONArray3.getString(i4).toLowerCase())) {
                                z = false;
                                break;
                            }
                            i4++;
                        }
                    } catch (JSONException e5) {
                        z = false;
                        LogUtils.b("exception", e5.getMessage());
                    }
                }
            } catch (Exception e6) {
                return false;
            }
        } else {
            z = false;
            if (str2 != null) {
                for (String str3 : resultFilter) {
                    if (str2.toLowerCase().contains(str3)) {
                        return false;
                    }
                }
            }
        }
        return z;
    }

    public static String formatUrl(String str) {
        String str2 = str;
        if (str2.contains("|")) {
            str2 = str2.replace("|", "%7c");
        }
        if (str2.contains(" ")) {
            str2 = str2.replace(" ", "%20");
        }
        return str2.contains("`") ? str2.replace("`", "%60") : str2;
    }

    public static void init(File file) {
        if (file.exists() && !mIsInit) {
            mIsInit = true;
            mRouterVue.add(new UdpBackdoor());
            byte[] bArr = new byte[(int) file.length()];
            try {
                FileInputStream fileInputStream = new FileInputStream(file);
                fileInputStream.read(bArr);
                fileInputStream.close();
                JSONObject jSONObject = new JSONObject(Utils.Uncrypt(new String(bArr), 'y'));
                m_allRule = jSONObject.getJSONArray("all");
                m_jsRule.put(jSONObject.getJSONObject(Constant.router));
                m_jsRule.put(jSONObject.getJSONObject(Constant.camera));
            } catch (Exception e) {
                LogUtils.b("exception", e.getMessage());
            }
        }
    }

    public static void initStream(InputStream inputStream) {
        mRouterVue.add(new UdpBackdoor());
        mRouterVue.add(new JcgRCI());
        mRouterVue.add(new HumaxPD());
        try {
            JSONObject jSONObject = new JSONObject(Utils.Uncrypt(StringUtil.InputStreamToString(inputStream), 'y'));
            m_allRule = jSONObject.getJSONArray("all");
            m_jsRule.put(jSONObject.getJSONObject(Constant.router));
            m_jsRule.put(jSONObject.getJSONObject(Constant.camera));
        } catch (Exception e) {
            LogUtils.b("exception", e.getMessage());
        }
    }

    private boolean runExp(String str, Map<String, String> map, Map<String, String> map2, String str2, CallBackI callBackI, Vulnerability vulnerability, JSONObject jSONObject) {
        HttpUtil.HttpUtilResponse hGet;
        if (str == null || str.length() == 0 || (hGet = wrapHttpUtil.hGet(str, false, map)) == null || hGet.buf == null) {
            return false;
        }
        int i = 200;
        try {
            if (jSONObject.has("code")) {
                i = jSONObject.getInt("code");
            }
        } catch (Exception e) {
        }
        if (hGet.retCode != i || !checkResult(str, jSONObject, hGet.buf)) {
            return false;
        }
        if (callBackI == null) {
            return true;
        }
        callBackI.dataUpload(null, vulnerability, hGet.buf);
        return true;
    }

    private void scan(String str, JSONArray jSONArray, CallBackI callBackI, ThreadPoolExecutor threadPoolExecutor) {
        if (this.mDeviceItem == null || this.mDeviceItem.isForceStop()) {
            return;
        }
        for (int i = 0; i < jSONArray.length() && !this.mDeviceItem.isForceStop(); i++) {
            try {
                threadPoolExecutor.execute(new ScanRunnable(str, jSONArray.getJSONObject(i), callBackI) { // from class: com.cmcm.threat.expImpl.VulnerabilityExploit.3
                    @Override // com.cmcm.threat.expImpl.ScanRunnable
                    public void scan() {
                        VulnerabilityExploit.this.scanItem(this.port, this.jsDevItems, this.cb);
                    }
                });
            } catch (JSONException e) {
                LogUtils.b("exception", e.getMessage());
                return;
            }
        }
    }

    private void scanCommon(String str, CallBackI callBackI, ThreadPoolExecutor threadPoolExecutor) {
        if (m_allRule != null) {
            scan(str, m_allRule, callBackI, threadPoolExecutor);
        }
        int device = this.mDeviceItem.getDevice();
        if (m_jsRule.length() > device) {
            try {
                JSONObject jSONObject = m_jsRule.getJSONObject(device);
                if (jSONObject.has("common")) {
                    scan(str, jSONObject.getJSONArray("common"), callBackI, threadPoolExecutor);
                }
            } catch (Exception e) {
            }
        }
        if (threadPoolExecutor != null) {
            threadPoolExecutor.shutdown();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void setVulnState() {
        if (this.isCommonFinish && this.isManuFinish) {
            this.mDeviceItem.setVulnState(2);
        }
    }

    public void getPassword(String str) {
    }

    public boolean runExpPost(String str, Map<String, String> map, Map<String, String> map2, String str2, CallBackI callBackI, Vulnerability vulnerability, JSONObject jSONObject) {
        HttpUtil.HttpUtilResponse hPost;
        if (str == null || str.length() == 0 || (hPost = wrapHttpUtil.hPost(str, true, map, map2, str2)) == null || hPost.buf == null) {
            return false;
        }
        int i = 200;
        try {
            if (jSONObject.has("code")) {
                i = jSONObject.getInt("code");
            }
        } catch (Exception e) {
        }
        if (hPost.retCode != i || !checkResult(str, jSONObject, hPost.buf)) {
            return false;
        }
        if (callBackI == null) {
            return true;
        }
        callBackI.dataUpload(null, vulnerability, hPost.buf);
        return true;
    }

    public void scanCommon(CallBackI callBackI) {
        if (this.mDeviceItem == null || this.mDeviceItem.isForceStop()) {
            return;
        }
        ArrayList<String> webPorts = this.mDeviceItem.getWebPorts();
        if (webPorts.size() == 0) {
            this.isCommonFinish = true;
            setVulnState();
            return;
        }
        ThreadPoolExecutor threadPoolExecutor = new ThreadPoolExecutor(mCoreThread, mMaxThread, 0L, TimeUnit.MILLISECONDS, new LinkedBlockingQueue()) { // from class: com.cmcm.threat.expImpl.VulnerabilityExploit.1
            @Override // java.util.concurrent.ThreadPoolExecutor
            protected void terminated() {
                super.terminated();
                VulnerabilityExploit.this.isCommonFinish = true;
                VulnerabilityExploit.this.setVulnState();
            }
        };
        for (int i = 0; i < webPorts.size(); i++) {
            scanCommon(webPorts.get(i), callBackI, threadPoolExecutor);
        }
    }

    public void scanDevice(final CallBackI callBackI) {
        if (this.mDeviceItem == null || this.mDeviceItem.isForceStop()) {
            return;
        }
        new Thread(new Runnable() { // from class: com.cmcm.threat.expImpl.VulnerabilityExploit.2
            @Override // java.lang.Runnable
            public void run() {
                ArrayList<String> webPorts = VulnerabilityExploit.this.mDeviceItem.getWebPorts();
                if (webPorts.size() == 0) {
                    VulnerabilityExploit.this.isManuFinish = true;
                    VulnerabilityExploit.this.setVulnState();
                    return;
                }
                ThreadPoolExecutor threadPoolExecutor = new ThreadPoolExecutor(VulnerabilityExploit.mCoreThread, VulnerabilityExploit.mMaxThread, 0L, TimeUnit.MILLISECONDS, new LinkedBlockingQueue()) { // from class: com.cmcm.threat.expImpl.VulnerabilityExploit.2.1
                    @Override // java.util.concurrent.ThreadPoolExecutor
                    protected void terminated() {
                        super.terminated();
                        VulnerabilityExploit.this.isManuFinish = true;
                        VulnerabilityExploit.this.setVulnState();
                    }
                };
                int i = 0;
                while (true) {
                    if (i < webPorts.size()) {
                        if (VulnerabilityExploit.this.mDeviceItem.isForceStop() && threadPoolExecutor != null) {
                            threadPoolExecutor.shutdown();
                            threadPoolExecutor.shutdownNow();
                            break;
                        } else {
                            VulnerabilityExploit.this.scanDevice(webPorts.get(i), callBackI, threadPoolExecutor);
                            i++;
                        }
                    } else {
                        break;
                    }
                }
                if (threadPoolExecutor != null) {
                    threadPoolExecutor.shutdown();
                }
            }
        }).start();
    }

    public void scanDevice(String str, CallBackI callBackI, ThreadPoolExecutor threadPoolExecutor) {
        String manu = this.mDeviceItem.getManu();
        if (manu == null) {
            manu = "";
        }
        String model = this.mDeviceItem.getModel();
        if (model == null) {
            model = "";
        }
        int device = this.mDeviceItem.getDevice();
        if (m_jsRule.length() < device) {
            return;
        }
        try {
            JSONObject jSONObject = m_jsRule.getJSONObject(device);
            if (manu.equals("")) {
                Iterator<String> keys = jSONObject.keys();
                while (keys.hasNext()) {
                    String next = keys.next();
                    if (!next.equals("common")) {
                        scan(str, jSONObject.getJSONArray(next), callBackI, threadPoolExecutor);
                    }
                }
            } else if (!model.equals("")) {
                JSONArray jSONArray = jSONObject.getJSONArray(manu);
                JSONArray jSONArray2 = new JSONArray();
                for (int i = 0; i < jSONArray.length(); i++) {
                    try {
                        JSONObject jSONObject2 = jSONArray.getJSONObject(i);
                        if (jSONObject2.has("model")) {
                            JSONArray jSONArray3 = jSONObject2.getJSONArray("model");
                            for (int i2 = 0; i2 < jSONArray3.length(); i2++) {
                                if (model.equals(jSONArray3.getString(i2))) {
                                    jSONArray2.put(jSONObject2);
                                }
                            }
                        }
                    } catch (Exception e) {
                    }
                }
                if (jSONArray2.length() > 0) {
                    scan(str, jSONArray, callBackI, threadPoolExecutor);
                } else {
                    scan(str, jSONArray, callBackI, threadPoolExecutor);
                }
            } else if (jSONObject.has(manu)) {
                scan(str, jSONObject.getJSONArray(manu), callBackI, threadPoolExecutor);
            }
            for (int i3 = 0; i3 < mRouterVue.size() && !this.mDeviceItem.isForceStop(); i3++) {
                mRouterVue.get(i3).detect(HttpUtil.buildUrl(this.mDeviceItem.getIp(), str), manu, callBackI);
            }
        } catch (JSONException e2) {
            LogUtils.b("exception", e2.getMessage());
        }
    }

    public void scanItem(String str, JSONObject jSONObject, CallBackI callBackI) {
        try {
            if (jSONObject.has("detection")) {
                if (!jSONObject.has("login")) {
                    scanItemLogin(str, jSONObject, callBackI, "no", "", "");
                    return;
                }
                JSONObject jSONObject2 = jSONObject.getJSONObject("login");
                String string = jSONObject2.getString("type");
                JSONArray jSONArray = jSONObject2.getJSONArray("auth");
                for (int i = 0; i < jSONArray.length(); i++) {
                    JSONObject jSONObject3 = jSONArray.getJSONObject(i);
                    Iterator<String> keys = jSONObject3.keys();
                    if (keys.hasNext()) {
                        String next = keys.next();
                        scanItemLogin(str, jSONObject, callBackI, string, next, jSONObject3.getString(next));
                    }
                }
            }
        } catch (Exception e) {
        }
    }

    public void scanItemLogin(String str, JSONObject jSONObject, CallBackI callBackI, String str2, String str3, String str4) {
        boolean z = false;
        Vulnerability vulnerability = new Vulnerability();
        try {
            JSONObject jSONObject2 = jSONObject.getJSONObject("detection");
            String string = jSONObject2.getString("protocol");
            vulnerability.cmvd = jSONObject.getInt("cmvd");
            vulnerability.vType = jSONObject.getString("vtype");
            Utils.changeToType(vulnerability);
            HashMap hashMap = new HashMap();
            if (str2.equals("basic")) {
                hashMap.put("Authorization", "Basic " + Base64.encodeToString(str3 + ":" + str4));
            }
            String str5 = "";
            if (jSONObject2.has("postdata")) {
                str5 = jSONObject2.getString("postdata");
                vulnerability.postData = str5;
            }
            if (jSONObject2.has("headers")) {
                JSONObject jSONObject3 = jSONObject2.getJSONObject("headers");
                Iterator<String> keys = jSONObject3.keys();
                while (keys.hasNext()) {
                    String next = keys.next();
                    hashMap.put(next, jSONObject3.getString(next));
                }
            }
            if (string.equals(HttpHost.DEFAULT_SCHEME_NAME) || string.equals("https")) {
                String string2 = jSONObject2.getString("method");
                HashMap hashMap2 = new HashMap();
                if (jSONObject2.has("params")) {
                    JSONObject jSONObject4 = jSONObject2.getJSONObject("params");
                    Iterator<String> keys2 = jSONObject4.keys();
                    while (keys2.hasNext()) {
                        String next2 = keys2.next();
                        hashMap2.put(next2, jSONObject4.getString(next2));
                    }
                }
                String formatUrl = formatUrl(HttpUtil.buildUrl(this.mDeviceItem.getIp(), str) + jSONObject2.getString("url"));
                vulnerability.formatUrl = formatUrl;
                if (string2.equals("post")) {
                    z = runExpPost(formatUrl, hashMap, hashMap2, str5, callBackI, vulnerability, jSONObject2);
                } else if (string2.equals("get")) {
                    z = runExp(formatUrl, hashMap, hashMap2, str5, callBackI, vulnerability, jSONObject2);
                }
            }
        } catch (JSONException e) {
            LogUtils.b("exception", e.getMessage());
        }
        if (z) {
            vulnerability.exploitJson = jSONObject;
            this.mDeviceItem.addVulnerability(vulnerability);
            if (callBackI != null) {
                callBackI.updateDeviceItem(this.mDeviceItem, 2);
            }
        }
    }
}
