package net.ymate.module.sso.impl;

import java.util.HashMap;
import javax.crypto.BadPaddingException;
import javax.servlet.http.HttpServletRequest;
import net.ymate.module.sso.ISingleSignOn;
import net.ymate.module.sso.ISingleSignOnConfig;
import net.ymate.module.sso.IToken;
import net.ymate.module.sso.ITokenAdapter;
import net.ymate.module.sso.ITokenAttributeAdapter;
import net.ymate.module.sso.ITokenBuilder;
import net.ymate.module.sso.ITokenStorageAdapter;
import net.ymate.platform.commons.http.HttpClientHelper;
import net.ymate.platform.commons.http.IHttpResponse;
import net.ymate.platform.commons.json.IJsonObjectWrapper;
import net.ymate.platform.commons.json.JsonWrapper;
import net.ymate.platform.commons.lang.BlurObject;
import net.ymate.platform.commons.util.ClassUtils;
import net.ymate.platform.commons.util.ParamUtils;
import net.ymate.platform.commons.util.RuntimeUtils;
import net.ymate.platform.commons.util.UUIDUtils;
import net.ymate.platform.webmvc.IWebResult;
import net.ymate.platform.webmvc.context.WebContext;
import net.ymate.platform.webmvc.util.CookieHelper;
import net.ymate.platform.webmvc.util.WebResult;
import net.ymate.platform.webmvc.util.WebUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

/* loaded from: input_file:net/ymate/module/sso/impl/DefaultTokenAdapter.class */
public class DefaultTokenAdapter implements ITokenAdapter {
    private static final Log LOG = LogFactory.getLog(DefaultTokenAdapter.class);
    private static final int TOKEN_PART_LENGTH = 4;
    private ISingleSignOn owner;
    private boolean initialized;

    public void initialize(ISingleSignOn iSingleSignOn) throws Exception {
        if (this.initialized) {
            return;
        }
        this.owner = iSingleSignOn;
        this.initialized = true;
    }

    public boolean isInitialized() {
        return this.initialized;
    }

    public void close() throws Exception {
        if (this.initialized) {
            this.owner = null;
            this.initialized = false;
        }
    }

    protected ISingleSignOn getOwner() {
        return this.owner;
    }

    @Override // net.ymate.module.sso.ITokenAdapter
    public String generateTokenKey() {
        return UUIDUtils.UUID();
    }

    @Override // net.ymate.module.sso.ITokenAdapter
    public boolean validateToken(IToken iToken) throws Exception {
        if (this.owner.getConfig().isClientMode()) {
            return doValidateTokenIfClientMode(iToken);
        }
        ITokenStorageAdapter tokenStorageAdapter = this.owner.getConfig().getTokenStorageAdapter();
        IToken load = tokenStorageAdapter.load(iToken.getId());
        if (load == null || !StringUtils.equals(iToken.getUid(), load.getUid()) || !StringUtils.equals(iToken.getUserAgent(), load.getUserAgent())) {
            return false;
        }
        boolean z = this.owner.getConfig().isIpCheckEnabled() && !StringUtils.equals(iToken.getRemoteAddr(), load.getRemoteAddr());
        if (this.owner.isTimeout(load) || z) {
            tokenStorageAdapter.remove(load);
            return false;
        }
        ITokenAttributeAdapter tokenAttributeAdapter = this.owner.getConfig().getTokenAttributeAdapter();
        if (tokenAttributeAdapter == null) {
            return true;
        }
        tokenAttributeAdapter.loadAttributes(iToken);
        return true;
    }

    protected boolean doValidateTokenIfClientMode(IToken iToken) throws Exception {
        HashMap hashMap = new HashMap(6);
        hashMap.put(IToken.PARAM_TOKEN_ID, iToken.getId());
        hashMap.put(IToken.PARAM_UID, iToken.getUid());
        hashMap.put(IToken.PARAM_REMOTE_ADDR, iToken.getRemoteAddr());
        hashMap.put(IToken.PARAM_USER_AGENT, iToken.getUserAgent());
        if (StringUtils.isNotBlank(this.owner.getConfig().getServiceAuthKey())) {
            hashMap.put(IToken.PARAM_NONCE, ParamUtils.createNonceStr());
            hashMap.put(IToken.PARAM_SIGN, ParamUtils.createSignature(hashMap, false, true, new String[]{this.owner.getConfig().getServiceAuthKey()}));
        }
        IHttpResponse post = HttpClientHelper.create().post(StringUtils.join(new String[]{this.owner.getConfig().getServiceBaseUrl(), this.owner.getConfig().getServicePrefix(), ISingleSignOnConfig.DEFAULT_CONTROLLER_MAPPING}), hashMap);
        if (post == null) {
            return false;
        }
        if (post.getStatusCode() != 200) {
            if (!LOG.isDebugEnabled()) {
                return false;
            }
            LOG.debug(post.toString());
            return false;
        }
        IWebResult build = WebResult.builder().fromJson(post.getContent()).build();
        if (!build.isSuccess()) {
            if (!LOG.isDebugEnabled()) {
                return false;
            }
            LOG.debug(post.toString());
            return false;
        }
        this.owner.getConfig().getTokenAdapter().setToken(iToken);
        IJsonObjectWrapper asJsonObject = JsonWrapper.toJson(build.data()).getAsJsonObject();
        if (asJsonObject == null || asJsonObject.isEmpty()) {
            return true;
        }
        asJsonObject.toMap().forEach((str, obj) -> {
            iToken.addAttribute(str, BlurObject.bind(obj).toStringValue());
        });
        return true;
    }

    @Override // net.ymate.module.sso.ITokenAdapter
    public IToken getToken() {
        IToken iToken = null;
        try {
            HttpServletRequest request = WebContext.getRequest();
            iToken = decryptToken(request.getParameter(this.owner.getConfig().getTokenParamName()));
            if (iToken == null) {
                iToken = decryptToken(request.getHeader(this.owner.getConfig().getTokenHeaderName()));
                if (iToken == null) {
                    String trimToNull = StringUtils.trimToNull(request.getHeader("Authorization"));
                    if (StringUtils.startsWithIgnoreCase(trimToNull, "Bearer")) {
                        trimToNull = StringUtils.trimToNull(StringUtils.substring(trimToNull, "Bearer".length()));
                    }
                    iToken = decryptToken(trimToNull);
                    if (iToken == null) {
                        iToken = decryptToken(CookieHelper.bind(WebContext.getContext().getOwner()).getCookie(this.owner.getConfig().getTokenCookieName()).toStringValue());
                    }
                }
            }
        } catch (Exception e) {
            if (LOG.isWarnEnabled()) {
                LOG.warn("An exception occurred while getting token for current user", RuntimeUtils.unwrapThrow(e));
            }
        }
        return iToken;
    }

    @Override // net.ymate.module.sso.ITokenAdapter
    public String setToken(IToken iToken) throws Exception {
        CookieHelper bind = CookieHelper.bind(WebContext.getContext().getOwner());
        String encryptToken = encryptToken(iToken);
        String tokenCookieName = this.owner.getConfig().getTokenCookieName();
        int tokenMaxAge = this.owner.getConfig().getTokenMaxAge();
        if (tokenMaxAge > 0) {
            bind.setCookie(tokenCookieName, encryptToken, tokenMaxAge);
        } else {
            bind.setCookie(tokenCookieName, encryptToken);
        }
        return encryptToken;
    }

    @Override // net.ymate.module.sso.ITokenAdapter
    public void cleanToken() {
        CookieHelper.bind(WebContext.getContext().getOwner()).removeCookie(this.owner.getConfig().getTokenCookieName());
    }

    @Override // net.ymate.module.sso.ITokenAdapter
    public String encryptToken(IToken iToken) throws Exception {
        String userAgent = iToken.getUserAgent();
        if (StringUtils.isBlank(userAgent)) {
            userAgent = WebContext.getRequest().getHeader("User-Agent");
        }
        return WebUtils.encryptStr(String.format("%s|%s|%s|%d", iToken.getId(), iToken.getUid(), iToken.getRemoteAddr(), Long.valueOf(iToken.getCreateTime())), userAgent + StringUtils.trimToEmpty(this.owner.getConfig().getServiceAuthKey()));
    }

    @Override // net.ymate.module.sso.ITokenAdapter
    public IToken decryptToken(String str) throws Exception {
        if (!StringUtils.isNotBlank(str)) {
            return null;
        }
        try {
            String header = WebContext.getRequest().getHeader("User-Agent");
            String[] split = StringUtils.split(WebUtils.decryptStr(str, header + StringUtils.trimToEmpty(this.owner.getConfig().getServiceAuthKey())), "|");
            if (split == null || split.length != TOKEN_PART_LENGTH) {
                return null;
            }
            return ((ITokenBuilder) ClassUtils.loadClass(ITokenBuilder.class, DefaultTokenBuilder.class)).id(split[0]).uid(split[1]).remoteAddr(split[2]).userAgent(header).createTime(BlurObject.bind(split[3]).toLongValue()).build();
        } catch (Exception e) {
            if (e instanceof BadPaddingException) {
                return null;
            }
            throw e;
        }
    }
}
