package net.ymate.module.sso;

import javax.servlet.http.HttpSessionEvent;
import net.ymate.module.sso.controller.GeneralAuthController;
import net.ymate.module.sso.controller.ServerAuthController;
import net.ymate.module.sso.impl.DefaultSingleSignOnConfig;
import net.ymate.module.sso.impl.DefaultTokenBuilder;
import net.ymate.module.sso.interceptor.UserSessionAlready;
import net.ymate.module.sso.interceptor.UserSessionAlreadyInterceptor;
import net.ymate.module.sso.interceptor.UserSessionCheck;
import net.ymate.module.sso.interceptor.UserSessionCheckInterceptor;
import net.ymate.module.sso.interceptor.UserSessionConfirm;
import net.ymate.module.sso.interceptor.UserSessionConfirmInterceptor;
import net.ymate.module.sso.interceptor.UserSessionStatus;
import net.ymate.module.sso.interceptor.UserSessionStatusInterceptor;
import net.ymate.platform.commons.util.ClassUtils;
import net.ymate.platform.commons.util.RuntimeUtils;
import net.ymate.platform.core.IApplication;
import net.ymate.platform.core.IApplicationConfigureFactory;
import net.ymate.platform.core.IApplicationConfigurer;
import net.ymate.platform.core.Version;
import net.ymate.platform.core.YMP;
import net.ymate.platform.core.beans.BeanMeta;
import net.ymate.platform.core.beans.IBeanFactory;
import net.ymate.platform.core.beans.intercept.InterceptContext;
import net.ymate.platform.core.beans.intercept.InterceptSettings;
import net.ymate.platform.core.event.Events;
import net.ymate.platform.core.module.IModule;
import net.ymate.platform.core.module.IModuleConfigurer;
import net.ymate.platform.core.module.impl.DefaultModuleConfigurer;
import net.ymate.platform.webmvc.IWebMvc;
import net.ymate.platform.webmvc.WebEvent;
import net.ymate.platform.webmvc.WebMVC;
import org.apache.commons.lang.NullArgumentException;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

/* loaded from: input_file:net/ymate/module/sso/SingleSignOn.class */
public final class SingleSignOn implements IModule, ISingleSignOn {
    private static final Log LOG = LogFactory.getLog(SingleSignOn.class);
    private static volatile ISingleSignOn instance;
    private IApplication owner;
    private ISingleSignOnConfig config;
    private boolean initialized;

    public static ISingleSignOn get() {
        ISingleSignOn iSingleSignOn = instance;
        if (iSingleSignOn == null) {
            synchronized (SingleSignOn.class) {
                iSingleSignOn = instance;
                if (iSingleSignOn == null) {
                    ISingleSignOn iSingleSignOn2 = (ISingleSignOn) YMP.get().getModuleManager().getModule(SingleSignOn.class);
                    iSingleSignOn = iSingleSignOn2;
                    instance = iSingleSignOn2;
                }
            }
        }
        return iSingleSignOn;
    }

    public SingleSignOn() {
    }

    public SingleSignOn(ISingleSignOnConfig iSingleSignOnConfig) {
        this.config = iSingleSignOnConfig;
    }

    public String getName() {
        return ISingleSignOn.MODULE_NAME;
    }

    public void initialize(IApplication iApplication) throws Exception {
        if (this.initialized) {
            return;
        }
        YMP.showVersion("Initializing ymate-module-sso-${version}", new Version(2, 0, 1, SingleSignOn.class, Version.VersionType.Release));
        this.owner = iApplication;
        if (this.config == null) {
            IApplicationConfigureFactory configureFactory = iApplication.getConfigureFactory();
            if (configureFactory != null) {
                IApplicationConfigurer configurer = configureFactory.getConfigurer();
                IModuleConfigurer moduleConfigurer = configurer == null ? null : configurer.getModuleConfigurer(ISingleSignOn.MODULE_NAME);
                if (moduleConfigurer != null) {
                    this.config = DefaultSingleSignOnConfig.create(configureFactory.getMainClass(), moduleConfigurer);
                } else {
                    this.config = DefaultSingleSignOnConfig.create(configureFactory.getMainClass(), DefaultModuleConfigurer.createEmpty(ISingleSignOn.MODULE_NAME));
                }
            }
            if (this.config == null) {
                this.config = DefaultSingleSignOnConfig.defaultConfig();
            }
        }
        if (!this.config.isInitialized()) {
            this.config.initialize(this);
        }
        if (this.config.isEnabled()) {
            InterceptSettings interceptSettings = iApplication.getInterceptSettings();
            interceptSettings.registerInterceptAnnotation(UserSessionAlready.class, UserSessionAlreadyInterceptor.class);
            interceptSettings.registerInterceptAnnotation(UserSessionCheck.class, UserSessionCheckInterceptor.class);
            interceptSettings.registerInterceptAnnotation(UserSessionConfirm.class, UserSessionConfirmInterceptor.class);
            interceptSettings.registerInterceptAnnotation(UserSessionStatus.class, UserSessionStatusInterceptor.class);
            IBeanFactory beanFactory = iApplication.getBeanFactory();
            beanFactory.registerBean(BeanMeta.create(UserSessionAlreadyInterceptor.class, true));
            beanFactory.registerBean(BeanMeta.create(UserSessionCheckInterceptor.class, true));
            beanFactory.registerBean(BeanMeta.create(UserSessionConfirmInterceptor.class, true));
            beanFactory.registerBean(BeanMeta.create(UserSessionStatusInterceptor.class, true));
            IWebMvc module = iApplication.getModuleManager().getModule(WebMVC.class);
            if (this.config.isGeneralAuthEnabled()) {
                module.registerController(this.config.getServicePrefix(), GeneralAuthController.class);
            }
            if (!this.config.isClientMode()) {
                module.registerController(this.config.getServicePrefix(), ServerAuthController.class);
            }
            iApplication.getEvents().registerListener(Events.MODE.NORMAL, WebEvent.class, webEvent -> {
                IToken iToken;
                if (!WebEvent.EVENT.SESSION_DESTROYED.equals(webEvent.getEventName()) || (iToken = (IToken) ((HttpSessionEvent) webEvent.getEventSource()).getSession().getAttribute(IToken.class.getName())) == null) {
                    return false;
                }
                try {
                    ITokenStorageAdapter tokenStorageAdapter = this.config.getTokenStorageAdapter();
                    if (tokenStorageAdapter != null) {
                        tokenStorageAdapter.remove(iToken);
                        tokenStorageAdapter.cleanup(iToken.getUid());
                    }
                    return false;
                } catch (Exception e) {
                    if (!LOG.isWarnEnabled()) {
                        return false;
                    }
                    LOG.warn(String.format("An exception occurred while cleaning token for user '%s'", iToken.getUid()), RuntimeUtils.unwrapThrow(e));
                    return false;
                }
            });
        }
        this.initialized = true;
    }

    public boolean isInitialized() {
        return this.initialized;
    }

    public void close() throws Exception {
        if (this.initialized) {
            this.initialized = false;
            if (this.config.isEnabled()) {
                this.config.getTokenAdapter().close();
                if (this.config.isTokenConfirmEnabled() && this.config.getTokenConfirmHandler() != null) {
                    this.config.getTokenConfirmHandler().close();
                }
                if (!this.config.isClientMode()) {
                    if (this.config.getTokenAttributeAdapter() != null) {
                        this.config.getTokenAttributeAdapter().close();
                    }
                    if (this.config.getTokenStorageAdapter() != null) {
                        this.config.getTokenStorageAdapter().close();
                    }
                }
            }
            this.config = null;
            this.owner = null;
        }
    }

    @Override // net.ymate.module.sso.ISingleSignOn
    public IApplication getOwner() {
        return this.owner;
    }

    @Override // net.ymate.module.sso.ISingleSignOn
    public ISingleSignOnConfig getConfig() {
        return this.config;
    }

    private IToken checkToken(IToken iToken) throws Exception {
        if (iToken != null) {
            if (isTimeout(iToken) || (isValidationRequired(iToken) && !this.config.getTokenAdapter().validateToken(iToken))) {
                cleanAndRemoveToken(iToken);
                return null;
            }
        }
        return iToken;
    }

    @Override // net.ymate.module.sso.ISingleSignOn
    public IToken getCurrentToken() throws Exception {
        IToken iToken = (IToken) InterceptContext.getLocalAttributes().get(IToken.class.getName());
        if (iToken != null) {
            iToken = checkToken(iToken);
            if (iToken == null) {
                InterceptContext.getLocalAttributes().remove(IToken.class.getName());
            }
        }
        if (iToken == null) {
            iToken = checkToken(this.config.getTokenAdapter().getToken());
            if (iToken != null) {
                InterceptContext.getLocalAttributes().put(IToken.class.getName(), iToken);
            }
        }
        return iToken;
    }

    @Override // net.ymate.module.sso.ISingleSignOn
    public IToken getToken(String str) throws Exception {
        if (this.config.isClientMode()) {
            throw new UnsupportedOperationException("This operation is not supported in client mode!");
        }
        return checkToken(this.config.getTokenStorageAdapter().load(str));
    }

    @Override // net.ymate.module.sso.ISingleSignOn
    public boolean isTimeout(IToken iToken) {
        long currentTimeMillis = System.currentTimeMillis();
        int tokenMaxAge = this.config.getTokenMaxAge();
        return (iToken.getExpirationTime() > 0 && currentTimeMillis > iToken.getExpirationTime()) || (tokenMaxAge > 0 && currentTimeMillis - iToken.getCreateTime() > ((long) tokenMaxAge) * 1000);
    }

    @Override // net.ymate.module.sso.ISingleSignOn
    public boolean isValidationRequired(IToken iToken) {
        int tokenValidationTimeInterval = this.config.getTokenValidationTimeInterval();
        return tokenValidationTimeInterval <= 0 || System.currentTimeMillis() - iToken.getLastValidationTime() > ((long) tokenValidationTimeInterval) * 1000;
    }

    @Override // net.ymate.module.sso.ISingleSignOn
    public IToken createToken(String str, String str2, String str3) throws Exception {
        if (StringUtils.isBlank(str)) {
            throw new NullArgumentException(IToken.PARAM_UID);
        }
        if (StringUtils.isBlank(str2)) {
            throw new NullArgumentException("remoteAddr");
        }
        if (StringUtils.isBlank(str3)) {
            throw new NullArgumentException("userAgent");
        }
        return ((ITokenBuilder) ClassUtils.loadClass(ITokenBuilder.class, DefaultTokenBuilder.class)).id(this.config.getTokenAdapter().generateTokenKey()).uid(str).remoteAddr(str2).userAgent(str3).build();
    }

    @Override // net.ymate.module.sso.ISingleSignOn
    public String saveOrUpdateToken(IToken iToken) throws Exception {
        return saveOrUpdateToken(iToken, true);
    }

    @Override // net.ymate.module.sso.ISingleSignOn
    public String saveOrUpdateToken(IToken iToken, boolean z) throws Exception {
        this.config.getTokenStorageAdapter().saveOrUpdate(iToken);
        return z ? this.config.getTokenAdapter().setToken(iToken) : this.config.getTokenAdapter().encryptToken(iToken);
    }

    @Override // net.ymate.module.sso.ISingleSignOn
    public void cleanAndRemoveToken(IToken iToken) throws Exception {
        cleanAndRemoveToken(iToken, true);
    }

    @Override // net.ymate.module.sso.ISingleSignOn
    public void cleanAndRemoveToken(IToken iToken, boolean z) throws Exception {
        if (z) {
            this.config.getTokenAdapter().cleanToken();
        }
        this.config.getTokenStorageAdapter().remove(iToken);
    }
}
