package com.baomidou.kisso;

import com.alibaba.fastjson.JSON;
import com.baomidou.kisso.Token;
import com.baomidou.kisso.common.Browser;
import com.baomidou.kisso.common.CookieHelper;
import com.baomidou.kisso.common.IpHelper;
import com.baomidou.kisso.common.encrypt.AES;
import com.baomidou.kisso.common.encrypt.Encrypt;
import com.baomidou.kisso.common.encrypt.MD5;
import com.baomidou.kisso.common.util.HttpUtil;
import com.baomidou.kisso.common.util.RandomUtil;
import com.baomidou.kisso.common.util.ReflectUtil;
import com.baomidou.kisso.exception.KissoException;
import java.io.IOException;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/baomidou/kisso/SSOHelper.class */
public class SSOHelper {
    private static final Logger logger = LoggerFactory.getLogger(SSOHelper.class);

    public static String getSecretKey() {
        return RandomUtil.getCharacterAndNumber(18);
    }

    private static String encryptCookie(HttpServletRequest httpServletRequest, Token token, Encrypt encrypt) throws Exception {
        if (token == null) {
            throw new KissoException(" Token not for null.");
        }
        String jsonToken = token.jsonToken();
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append(jsonToken);
        stringBuffer.append(SSOConstant.CUT_SYMBOL);
        if (SSOConfig.getCookieBrowser()) {
            stringBuffer.append(Browser.getUserAgent(httpServletRequest, jsonToken));
        } else {
            stringBuffer.append(RandomUtil.getCharacterAndNumber(8));
        }
        return encrypt.encrypt(stringBuffer.toString(), SSOConfig.getSecretKey());
    }

    private static Token checkIp(HttpServletRequest httpServletRequest, Token token) {
        if (SSOConfig.getCookieCheckip()) {
            String ipAddr = IpHelper.getIpAddr(httpServletRequest);
            if (token != null && ipAddr != null && !ipAddr.equals(token.getIp())) {
                logger.info("ip inconsistent! return token null, token userIp:{}, reqIp:{}", new Object[]{token.getIp(), ipAddr});
                return null;
            }
        }
        return token;
    }

    private static String getJsonToken(HttpServletRequest httpServletRequest, Encrypt encrypt, String str) {
        Cookie findCookieByName = CookieHelper.findCookieByName(httpServletRequest, str);
        if (findCookieByName == null) {
            return null;
        }
        String[] strArr = new String[2];
        try {
            strArr = encrypt.decrypt(findCookieByName.getValue(), SSOConfig.getSecretKey()).split(SSOConstant.CUT_SYMBOL);
        } catch (Exception e) {
            logger.error("jsonToken decrypt error.", e);
        }
        if (SSOConfig.getCookieBrowser() && !Browser.isLegalUserAgent(httpServletRequest, strArr[0], strArr[1])) {
            logger.error("SSOHelper getToken, find Browser is illegal.");
            return null;
        }
        return strArr[0];
    }

    private static Cookie generateCookie(HttpServletRequest httpServletRequest, Token token, Encrypt encrypt) {
        try {
            Cookie cookie = new Cookie(SSOConfig.getCookieName(), encryptCookie(httpServletRequest, token, encrypt));
            cookie.setPath(SSOConfig.getCookiePath());
            cookie.setSecure(SSOConfig.getCookieSecure());
            cookie.setDomain(SSOConfig.getCookieDomain());
            int cookieMaxage = SSOConfig.getCookieMaxage();
            if (cookieMaxage >= 0) {
                cookie.setMaxAge(cookieMaxage);
            }
            return cookie;
        } catch (Exception e) {
            logger.error("generateCookie is exception!", e);
            return null;
        }
    }

    private static void setSSOCookie(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Token token, Encrypt encrypt) {
        if (encrypt == null) {
            throw new KissoException(" Encrypt not for null.");
        }
        try {
            TokenCache configTokenCache = ReflectUtil.getConfigTokenCache();
            if (configTokenCache != null && !configTokenCache.set(hashCookie(httpServletRequest), token, SSOConfig.getTokenCacheExpires())) {
                token.setFlag(Token.Flag.CACHE_SHUT);
            }
            Cookie generateCookie = generateCookie(httpServletRequest, token, encrypt);
            if (SSOConfig.getCookieHttponly()) {
                CookieHelper.addHttpOnlyCookie(httpServletResponse, generateCookie);
            } else {
                httpServletResponse.addCookie(generateCookie);
            }
        } catch (Exception e) {
            logger.error("set HTTPOnly cookie createAUID is exception! ", e);
        }
    }

    public static void setSSOCookie(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Token token) {
        setSSOCookie(httpServletRequest, httpServletResponse, token, ReflectUtil.getConfigEncrypt());
    }

    public static void authSSOCookie(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Token token) {
        CookieHelper.authJSESSIONID(httpServletRequest, RandomUtil.getCharacterAndNumber(8));
        setSSOCookie(httpServletRequest, httpServletResponse, token);
    }

    public static Token getToken(HttpServletRequest httpServletRequest) {
        return getToken(httpServletRequest, ReflectUtil.getConfigEncrypt(), ReflectUtil.getConfigTokenCache());
    }

    private static Token getToken(HttpServletRequest httpServletRequest, Encrypt encrypt, TokenCache tokenCache) {
        if (encrypt == null) {
            throw new KissoException(" Encrypt not for null.");
        }
        return checkIp(httpServletRequest, cacheToken(httpServletRequest, encrypt, tokenCache));
    }

    private static Token cacheToken(HttpServletRequest httpServletRequest, Encrypt encrypt, TokenCache tokenCache) {
        if (tokenCache != null) {
            Token token = tokenCache.get(hashCookie(httpServletRequest));
            if (token == null) {
                return null;
            }
            if (token.getFlag() != Token.Flag.CACHE_SHUT) {
                return token;
            }
        }
        Token token2 = null;
        String jsonToken = getJsonToken(httpServletRequest, encrypt, SSOConfig.getCookieName());
        if (jsonToken == null || "".equals(jsonToken)) {
            logger.info("jsonToken is null.");
        } else {
            token2 = ReflectUtil.getConfigToken().parseToken(jsonToken);
        }
        return token2;
    }

    public static void logout(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        logout(httpServletRequest, httpServletResponse, ReflectUtil.getConfigTokenCache());
        String logoutUrl = SSOConfig.getLogoutUrl();
        if ("".equals(logoutUrl)) {
            httpServletResponse.getWriter().write("sso.properties Must include: sso.logout.url");
        } else {
            httpServletResponse.sendRedirect(logoutUrl);
        }
    }

    private static boolean logout(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, TokenCache tokenCache) {
        if (tokenCache != null && !tokenCache.delete(hashCookie(httpServletRequest))) {
            tokenCache.delete(hashCookie(httpServletRequest));
        }
        return CookieHelper.clearCookieByName(httpServletRequest, httpServletResponse, SSOConfig.getCookieName(), SSOConfig.getCookieDomain(), SSOConfig.getCookiePath());
    }

    public static boolean loginClear(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        return logout(httpServletRequest, httpServletResponse, ReflectUtil.getConfigTokenCache());
    }

    public static void login(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        loginClear(httpServletRequest, httpServletResponse);
        String loginUrl = SSOConfig.getLoginUrl();
        if ("".equals(loginUrl)) {
            httpServletResponse.getWriter().write("sso.properties Must include: sso.login.url");
            return;
        }
        String queryString = HttpUtil.getQueryString(httpServletRequest, SSOConfig.getEncoding());
        logger.debug("loginAgain redirect pageUrl.." + queryString);
        httpServletResponse.sendRedirect(HttpUtil.encodeRetURL(loginUrl, SSOConfig.getParamReturl(), queryString));
    }

    public static String hashCookie(HttpServletRequest httpServletRequest) {
        Cookie findCookieByName = CookieHelper.findCookieByName(httpServletRequest, SSOConfig.getCookieName());
        if (findCookieByName == null) {
            return null;
        }
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append("ssocookie_");
        stringBuffer.append(MD5.toMD5(findCookieByName.getValue()));
        return stringBuffer.toString();
    }

    public static Object attrToken(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getAttribute(SSOConstant.SSO_TOKEN_ATTR);
    }

    public static void setAuthCookie(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthToken authToken) {
        try {
            CookieHelper.addCookie(httpServletResponse, SSOConfig.getCookieDomain(), SSOConfig.getCookiePath(), SSOConfig.getAuthCookieName(), encryptCookie(httpServletRequest, authToken, ReflectUtil.getConfigEncrypt()), SSOConfig.getAuthCookieMaxage(), true, SSOConfig.getCookieSecure());
        } catch (Exception e) {
            logger.error("AuthToken encryptCookie error.", e);
        }
    }

    public static AuthToken getAuthToken(HttpServletRequest httpServletRequest, String str) {
        String jsonToken = getJsonToken(httpServletRequest, ReflectUtil.getConfigEncrypt(), SSOConfig.getAuthCookieName());
        if (jsonToken == null || "".equals(jsonToken)) {
            logger.info("jsonToken is null.");
            return null;
        }
        AuthToken authToken = (AuthToken) JSON.parseObject(jsonToken, AuthToken.class);
        if (checkIp(httpServletRequest, authToken) == null) {
            return null;
        }
        return authToken.verify(str);
    }

    public static String askCiphertext(AuthToken authToken, String str) {
        try {
            return AES.getInstance().encrypt(authToken.jsonToken(), str);
        } catch (Exception e) {
            logger.info("askCiphertext AES encrypt error.", e);
            return null;
        }
    }

    public static String replyCiphertext(HttpServletRequest httpServletRequest, String str, String str2, String str3, String str4, String str5) {
        String str6 = null;
        try {
            str6 = AES.getInstance().decrypt(str2, str5);
        } catch (Exception e) {
            logger.info("replyCiphertext AES decrypt error.", e);
        }
        if (str6 == null) {
            return null;
        }
        AuthToken authToken = (AuthToken) JSON.parseObject(str6, AuthToken.class);
        if (checkIp(httpServletRequest, authToken.verify(str4)) == null) {
            return null;
        }
        authToken.setUserId(str);
        try {
            authToken.sign(str3);
            return AES.getInstance().encrypt(authToken.jsonToken(), str5);
        } catch (Exception e2) {
            logger.info("replyCiphertext AES encrypt error.", e2);
            return null;
        }
    }

    public static String ok(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, String str2, String str3, String str4) {
        AuthToken authToken;
        AuthToken authToken2 = getAuthToken(httpServletRequest, str2);
        if (authToken2 == null) {
            return null;
        }
        String str5 = null;
        try {
            str5 = AES.getInstance().decrypt(str, str4);
        } catch (Exception e) {
            logger.error("kisso AES decrypt error.", e);
        }
        if (str5 == null || (authToken = (AuthToken) JSON.parseObject(str5, AuthToken.class)) == null || !authToken.getUuid().equals(authToken2.getUuid()) || authToken.verify(str3) == null) {
            return null;
        }
        CookieHelper.clearCookieByName(httpServletRequest, httpServletResponse, SSOConfig.getAuthCookieName(), SSOConfig.getCookieDomain(), SSOConfig.getCookiePath());
        return authToken.getUserId();
    }
}
