package cn.authing.internal;

import cn.authing.AuthParams;
import cn.authing.Authing;
import cn.authing.UserInfo;
import cn.authing.UserPool;
import cn.authing.common.AuthingResult;
import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson.TypeReference;
import com.alibaba.fastjson.parser.Feature;
import com.auth0.jwt.exceptions.SignatureVerificationException;
import com.auth0.jwt.interfaces.DecodedJWT;
import java.io.DataOutputStream;
import java.io.OutputStream;
import java.net.URL;
import java.net.URLEncoder;
import java.util.Calendar;
import java.util.Date;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.Timer;
import java.util.TimerTask;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.TimeUnit;
import javax.net.ssl.HttpsURLConnection;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:cn/authing/internal/AuthingImpl.class */
public class AuthingImpl {
    private static final String PATH_SIGN_IN = "/oidc/auth?client_id=";
    private static final String PATH_GET_AK = "/oidc/token";
    private static final String PATH_ME = "/oidc/me?access_token=";
    private static final String PATH_USERS_ME = "/api/v2/users/me";
    private static final String PATH_JWKS = "/oidc/.well-known/jwks.json";
    private static final String PATH_GET_APP_INFO = "/api/v2/applications/getAppInfo/default";
    private static final String PATH_GET_USER_POOL_LIST = "/api/v2/userpools/getUserPoolList";
    private static final String APP_SESSION_ID = "authing_app_session_id";
    private static final String APP_ID_TOKEN = "authing_id_token";
    private static final String DOMAIN_SUFFIX = ".";
    private static final int CONNECTION_TIMEOUT = 10000;
    static String sUserPoolId;
    static String sAppId;
    static String sAppSecret;
    static String sHost;
    static String sCallbackUrl;
    static Jwk sJWK;
    static boolean sVerifyRemotely;
    static String sRootUserPoolId;
    static String sRootUserPoolSecret;
    private static final Logger logger = LoggerFactory.getLogger(AuthingImpl.class);
    private static long sCacheValidDuration = 36000000;
    static boolean sSetCookieOnTopDomain = true;
    static boolean sIncludeIDTokenInCookie = true;
    static boolean sUseDynamicAppInfo = false;
    static final Map<String, AppInfo> sDomainAppInfoRegistry = new ConcurrentHashMap();
    private static final Map<String, AuthInfo> sCache = new ConcurrentHashMap();
    private static final CleanCacheTask cleanCacheTask = new CleanCacheTask();
    private static final Timer timer = new Timer();

    /* loaded from: input_file:cn/authing/internal/AuthingImpl$CleanCacheTask.class */
    private static class CleanCacheTask extends TimerTask {
        private CleanCacheTask() {
        }

        @Override // java.util.TimerTask, java.lang.Runnable
        public void run() {
            Date date = new Date();
            Calendar calendar = Calendar.getInstance();
            calendar.setTime(date);
            if (calendar.get(11) == 3) {
                StatsUtil.trace();
            }
            try {
                long currentTimeMillis = System.currentTimeMillis();
                for (Map.Entry entry : AuthingImpl.sCache.entrySet()) {
                    if (currentTimeMillis - ((AuthInfo) entry.getValue()).getLastValidTime() > AuthingImpl.sCacheValidDuration) {
                        AuthingImpl.sCache.remove(entry.getKey());
                    }
                }
            } catch (Exception e) {
                AuthingImpl.logger.error("Error when clean cache " + e.getMessage());
            }
        }
    }

    public static void setUserPoolId(String str) {
        sUserPoolId = str;
    }

    public static void setAppInfo(String str, String str2) {
        sAppId = str;
        sAppSecret = str2;
    }

    public static void setHost(String str) {
        sHost = str;
        if (sHost != null) {
            sJWK = Jwk.create(sHost + PATH_JWKS);
        }
    }

    public static void setCallback(String str) {
        sCallbackUrl = str;
    }

    public static void setVerifyRemotely(boolean z) {
        sVerifyRemotely = z;
    }

    public static void setCookieOnTopDomain(boolean z) {
        sSetCookieOnTopDomain = z;
    }

    public static void setIncludeIDTokenInCookie(boolean z) {
        sIncludeIDTokenInCookie = z;
    }

    public static void setUseDynamicAppInfo(boolean z) {
        sUseDynamicAppInfo = z;
    }

    public static void setRootUserPoolId(String str) {
        sRootUserPoolId = str;
    }

    public static void setRootUserPoolSecret(String str) {
        sRootUserPoolSecret = str;
    }

    public static UserInfo getUserInfo(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthParams authParams) {
        if (getAppId(httpServletRequest) == null || getAppSecret(httpServletRequest) == null) {
            logger.error("app info not set. Please call Authing.setAppInfo(appId, appSecret) during app startup when useDynamicAppInfo is false. Please call Authing.setRootUserPoolId(String rootUserPoolId) and Authing.setRootUserPoolSecret(String rootUserPoolSecret) during app startup when useDynamicAppInfo is true");
            return null;
        }
        if (sHost == null) {
            logger.error("app host not set. Please call Authing.setHost(host) during app startup. Note this host is your app specific, e.g. https://myapp.authing.cn");
            return null;
        }
        if (getCallbackUrl(httpServletRequest) == null) {
            logger.error("callback url not set. Please call Authing.setCallback(callbackUrl) during app startup. as per OAuth 2.0 specification, callback has to be negotiated during registration");
            return null;
        }
        try {
            UserInfo verify = verify(httpServletRequest);
            if (verify != null) {
                return verify;
            }
            String header = httpServletRequest.getHeader("Authorization");
            if (header == null) {
                header = httpServletRequest.getHeader("authorization");
            }
            if (header != null) {
                verify = getUserInfoByToken(header);
            }
            if (verify == null) {
                gotoSignIn(httpServletRequest, httpServletResponse, authParams);
            }
            return verify;
        } catch (Exception e) {
            logger.error("getUserInfo exception", e);
            return null;
        }
    }

    private static void gotoSignIn(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthParams authParams) throws Exception {
        if (authParams == null || !authParams.isGotoLogin()) {
            return;
        }
        httpServletRequest.getSession(true).setAttribute(Authing.LAST_VISITED_URL, Util.getRequestURLWithParas(httpServletRequest));
        String callbackUrl = authParams.getCallbackUrl();
        if (callbackUrl == null) {
            callbackUrl = getCallbackUrl(httpServletRequest);
        }
        httpServletResponse.sendRedirect(sHost + PATH_SIGN_IN + getAppId(httpServletRequest) + "&scope=" + authParams.getScope() + "&state=" + Util.randomString(12) + "&nonce=" + Util.randomString(12) + "&response_type=" + authParams.getResponseType() + "&redirect_uri=" + URLEncoder.encode(callbackUrl, "utf-8"));
    }

    public static UserInfo onLogin(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthParams authParams) {
        UserInfo verify;
        String parameter = httpServletRequest.getParameter("code");
        if (parameter == null || parameter.length() == 0) {
            logger.error("Auth failed. Code is empty");
            return null;
        }
        try {
            HttpsURLConnection httpsURLConnection = (HttpsURLConnection) new URL(sHost + PATH_GET_AK).openConnection();
            httpsURLConnection.setConnectTimeout(CONNECTION_TIMEOUT);
            httpsURLConnection.setRequestMethod("POST");
            httpsURLConnection.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
            httpsURLConnection.setDoOutput(true);
            OutputStream outputStream = httpsURLConnection.getOutputStream();
            String callbackUrl = authParams.getCallbackUrl();
            if (callbackUrl == null) {
                callbackUrl = getCallbackUrl(httpServletRequest);
            }
            outputStream.write(("client_id=" + getAppId(httpServletRequest) + "&client_secret=" + getAppSecret(httpServletRequest) + "&grant_type=" + authParams.getGrantType() + "&code=" + parameter + "&redirect_uri=" + callbackUrl).getBytes());
            outputStream.flush();
            outputStream.close();
            int responseCode = httpsURLConnection.getResponseCode();
            if (responseCode != 200) {
                logger.error("get access token failed. Status code:" + responseCode + " Error:" + Util.getStringFromStream(httpsURLConnection.getErrorStream()));
                return null;
            }
            AuthInfo authInfo = (AuthInfo) JSON.parseObject(Util.getStringFromStream(httpsURLConnection.getInputStream()), AuthInfo.class);
            if (authInfo == null || authInfo.getId_token() == null || authInfo.getAccess_token() == null) {
                logger.error("Auth failed. AK or ID Token is empty");
                return null;
            }
            String appSessionID = getAppSessionID(httpServletRequest);
            if (sVerifyRemotely) {
                verify = verifyTokenRemotely(authInfo.getAccess_token());
                if (verify != null) {
                    authInfo.setLastValidTime(System.currentTimeMillis());
                    sCache.put(appSessionID, authInfo);
                }
            } else {
                verify = verify(appSessionID, authInfo.getId_token(), getAppSecret(httpServletRequest));
            }
            Util.createCookie(httpServletRequest, httpServletResponse, APP_SESSION_ID, appSessionID, sSetCookieOnTopDomain);
            if (sIncludeIDTokenInCookie) {
                Util.createCookie(httpServletRequest, httpServletResponse, APP_ID_TOKEN, authInfo.getId_token(), sSetCookieOnTopDomain);
            }
            if (verify == null) {
                logger.error("Auth failed. verify token failed");
            } else {
                verify.setAccessToken(authInfo.getAccess_token());
            }
            return verify;
        } catch (Exception e) {
            logger.error("get access token failed:", e);
            return null;
        }
    }

    private static String getAppId(HttpServletRequest httpServletRequest) {
        if (!sUseDynamicAppInfo) {
            return sAppId;
        }
        AppInfo dynamicAppInfoByRequestDomain = getDynamicAppInfoByRequestDomain(httpServletRequest);
        if (dynamicAppInfoByRequestDomain == null) {
            return null;
        }
        return dynamicAppInfoByRequestDomain.getId();
    }

    private static String getAppSecret(HttpServletRequest httpServletRequest) {
        if (!sUseDynamicAppInfo) {
            return sAppSecret;
        }
        AppInfo dynamicAppInfoByRequestDomain = getDynamicAppInfoByRequestDomain(httpServletRequest);
        if (dynamicAppInfoByRequestDomain == null) {
            return null;
        }
        return dynamicAppInfoByRequestDomain.getSecret();
    }

    private static String getCallbackUrl(HttpServletRequest httpServletRequest) {
        if (!sUseDynamicAppInfo) {
            return sCallbackUrl;
        }
        AppInfo dynamicAppInfoByRequestDomain = getDynamicAppInfoByRequestDomain(httpServletRequest);
        if (dynamicAppInfoByRequestDomain == null || dynamicAppInfoByRequestDomain.getRedirectUris() == null || dynamicAppInfoByRequestDomain.getRedirectUris().size() == 0) {
            return null;
        }
        return dynamicAppInfoByRequestDomain.getRedirectUris().get(0);
    }

    private static String getAuthorization(HttpServletRequest httpServletRequest) {
        String header = httpServletRequest.getHeader("Authorization");
        if (header == null) {
            header = httpServletRequest.getHeader("authorization");
        }
        return header;
    }

    private static AppInfo getDynamicAppInfoByRequestDomain(HttpServletRequest httpServletRequest) {
        if (sRootUserPoolId == null || sRootUserPoolSecret == null) {
            logger.error("Get dynamic app info fail, rootUserPoolId is null or rootUserPoolSecret is null");
            return null;
        }
        StringBuffer requestURL = httpServletRequest.getRequestURL();
        String substring = requestURL.substring(httpServletRequest.getScheme().length() + 3, requestURL.length() - httpServletRequest.getRequestURI().length());
        if (!substring.contains(DOMAIN_SUFFIX)) {
            logger.error("Get dynamic app info fail, invalid host named [{}]", substring);
            return null;
        }
        String lowerCase = substring.substring(0, substring.indexOf(DOMAIN_SUFFIX)).toLowerCase();
        AppInfo appInfo = sDomainAppInfoRegistry.get(lowerCase);
        if (appInfo != null) {
            return appInfo;
        }
        try {
            HttpsURLConnection httpsURLConnection = (HttpsURLConnection) new URL(sHost + PATH_GET_APP_INFO).openConnection();
            httpsURLConnection.setRequestMethod("POST");
            httpsURLConnection.setRequestProperty("Content-Type", "application/json;charset=UTF-8");
            httpsURLConnection.setRequestProperty("Authorization", getAuthorization(httpServletRequest));
            httpsURLConnection.setConnectTimeout(CONNECTION_TIMEOUT);
            httpsURLConnection.setDoOutput(true);
            DataOutputStream dataOutputStream = new DataOutputStream(httpsURLConnection.getOutputStream());
            Properties properties = new Properties();
            properties.put("rootUserPoolId", sRootUserPoolId);
            properties.put("rootUserPoolSecret", sRootUserPoolSecret);
            properties.put("domain", lowerCase);
            dataOutputStream.write(JSON.toJSONString(properties).getBytes());
            dataOutputStream.flush();
            dataOutputStream.close();
            int responseCode = httpsURLConnection.getResponseCode();
            if (responseCode == 200 || 201 == responseCode) {
                AuthingResult authingResult = (AuthingResult) JSON.parseObject(Util.getStringFromStream(httpsURLConnection.getInputStream()), new TypeReference<AuthingResult<AppInfo>>() { // from class: cn.authing.internal.AuthingImpl.1
                }, new Feature[0]);
                if (200 == authingResult.getCode()) {
                    AppInfo appInfo2 = (AppInfo) authingResult.getData();
                    if (appInfo2 == null || appInfo2.getId() == null || appInfo2.getSecret() == null) {
                        logger.error("Get app info failed. App id or app secret is empty");
                        return null;
                    }
                    sDomainAppInfoRegistry.put(lowerCase, appInfo2);
                    return appInfo2;
                }
                logger.error("Get app info failed. Authing result code:" + authingResult.getCode() + ", Authing result message:" + authingResult.getMessage());
            } else {
                logger.error("Get app info failed. Status code:" + responseCode + ", Error:" + Util.getStringFromStream(httpsURLConnection.getErrorStream()));
            }
            return null;
        } catch (Exception e) {
            logger.error("Get app info failed. ", e);
            return null;
        }
    }

    private static UserInfo verify(HttpServletRequest httpServletRequest) {
        AuthInfo authInfo;
        Cookie[] cookies = httpServletRequest.getCookies();
        String appSessionIDFromCookie = getAppSessionIDFromCookie(cookies);
        if (sIncludeIDTokenInCookie) {
            String iDTokenFromCookie = getIDTokenFromCookie(cookies);
            return sVerifyRemotely ? verifyTokenRemotely(iDTokenFromCookie) : verify(appSessionIDFromCookie, iDTokenFromCookie, getAppSecret(httpServletRequest));
        }
        if (!sVerifyRemotely) {
            return verify(appSessionIDFromCookie, null, getAppSecret(httpServletRequest));
        }
        if (appSessionIDFromCookie == null || (authInfo = sCache.get(appSessionIDFromCookie)) == null) {
            return null;
        }
        return verifyTokenRemotely(authInfo.getAccess_token());
    }

    private static UserInfo verify(String str, String str2, String str3) {
        UserInfo verifyIdToken;
        if (str == null || str.length() == 0) {
            return null;
        }
        AuthInfo authInfo = sCache.get(str);
        if (authInfo != null) {
            long currentTimeMillis = System.currentTimeMillis();
            if (currentTimeMillis - authInfo.getLastValidTime() < sCacheValidDuration) {
                authInfo.setLastValidTime(currentTimeMillis);
                return authInfo.getUserInfo();
            }
            sCache.remove(str);
            return null;
        }
        if (str2 == null || str2.length() <= 0 || (verifyIdToken = verifyIdToken(str2, str3)) == null) {
            return null;
        }
        AuthInfo authInfo2 = new AuthInfo();
        authInfo2.setUserInfo(verifyIdToken);
        authInfo2.setLastValidTime(System.currentTimeMillis());
        sCache.put(str, authInfo2);
        return verifyIdToken;
    }

    private static UserInfo verifyTokenRemotely(String str) {
        if (str == null || str.length() == 0) {
            return null;
        }
        try {
            HttpsURLConnection httpsURLConnection = (HttpsURLConnection) new URL(sHost + PATH_ME + str).openConnection();
            httpsURLConnection.setConnectTimeout(CONNECTION_TIMEOUT);
            int responseCode = httpsURLConnection.getResponseCode();
            if (responseCode != 200) {
                logger.error("verify access token failed. Status code:" + responseCode + " Error:" + Util.getStringFromStream(httpsURLConnection.getErrorStream()));
                return null;
            }
            UserInfo userInfo = (UserInfo) JSON.parseObject(Util.getStringFromStream(httpsURLConnection.getInputStream()), UserInfo.class);
            if (userInfo != null) {
                return userInfo;
            }
            logger.error("Get user info failed");
            return null;
        } catch (Exception e) {
            logger.error("verify access token failed:", e);
            return null;
        }
    }

    private static UserInfo getUserInfoByToken(String str) {
        if (str == null || str.length() == 0 || sUserPoolId == null) {
            return null;
        }
        try {
            HttpsURLConnection httpsURLConnection = (HttpsURLConnection) new URL(sHost + PATH_USERS_ME).openConnection();
            httpsURLConnection.setRequestProperty("x-authing-userpool-id", sUserPoolId);
            httpsURLConnection.setRequestProperty("Authorization", str);
            httpsURLConnection.setConnectTimeout(CONNECTION_TIMEOUT);
            int responseCode = httpsURLConnection.getResponseCode();
            if (responseCode != 200) {
                logger.error("verify access token failed. Status code:" + responseCode + " Error:" + Util.getStringFromStream(httpsURLConnection.getErrorStream()));
                return null;
            }
            GetUserByTokenResponse getUserByTokenResponse = (GetUserByTokenResponse) JSON.parseObject(Util.getStringFromStream(httpsURLConnection.getInputStream()), GetUserByTokenResponse.class);
            if (getUserByTokenResponse != null) {
                return getUserByTokenResponse.getData();
            }
            logger.error("Get user info failed");
            return null;
        } catch (Exception e) {
            logger.error("verify access token failed:", e);
            return null;
        }
    }

    private static UserInfo verifyIdToken(String str, String str2) {
        try {
            DecodedJWT verifyToken = verifyToken(str, str2);
            if (verifyToken == null) {
                return null;
            }
            if (verifyToken.getExpiresAt().before(Calendar.getInstance().getTime())) {
                throw new RuntimeException("Expired token!");
            }
            sCacheValidDuration = verifyToken.getExpiresAt().getTime() - Calendar.getInstance().getTimeInMillis();
            return Util.getUserInfo(verifyToken);
        } catch (Exception e) {
            logger.error("jwt verification exception", e);
            return null;
        } catch (SignatureVerificationException e2) {
            logger.error("jwt verification failed", e2);
            return null;
        }
    }

    private static DecodedJWT verifyToken(String str, String str2) {
        DecodedJWT verifyToken = Jwk.verifyToken(str, sJWK, str2);
        if (verifyToken == null) {
            sJWK = Jwk.create(sHost + PATH_JWKS);
            verifyToken = Jwk.verifyToken(str, sJWK, str2);
        }
        return verifyToken;
    }

    public static void logout(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) {
        try {
            String appSessionIDFromCookie = getAppSessionIDFromCookie(httpServletRequest.getCookies());
            if (appSessionIDFromCookie != null && appSessionIDFromCookie.length() > 0) {
                sCache.remove(appSessionIDFromCookie);
            }
            Util.deleteCookie(httpServletRequest, httpServletResponse, APP_SESSION_ID, sSetCookieOnTopDomain);
            Util.deleteCookie(httpServletRequest, httpServletResponse, APP_ID_TOKEN, sSetCookieOnTopDomain);
            String str2 = sHost + "/login/profile/logout";
            if (str != null) {
                str2 = str2 + "?redirect_uri=" + str;
            }
            httpServletResponse.sendRedirect(str2);
        } catch (Exception e) {
            logger.error("logout failed", e);
        }
    }

    private static String getAppSessionID(HttpServletRequest httpServletRequest) {
        String appSessionIDFromCookie = getAppSessionIDFromCookie(httpServletRequest.getCookies());
        return (appSessionIDFromCookie == null || appSessionIDFromCookie.length() <= 0) ? Util.randomString(16) : appSessionIDFromCookie;
    }

    private static String getAppSessionIDFromCookie(Cookie[] cookieArr) {
        if (cookieArr == null) {
            return null;
        }
        for (Cookie cookie : cookieArr) {
            if (APP_SESSION_ID.equals(cookie.getName())) {
                return cookie.getValue();
            }
        }
        return null;
    }

    private static String getIDTokenFromCookie(Cookie[] cookieArr) {
        if (cookieArr == null) {
            return null;
        }
        for (Cookie cookie : cookieArr) {
            if (APP_ID_TOKEN.equals(cookie.getName())) {
                return cookie.getValue();
            }
        }
        return null;
    }

    public static List<UserPool> getUserPoolListByRoot(HttpServletRequest httpServletRequest, String str, String str2) {
        try {
            HttpsURLConnection httpsURLConnection = (HttpsURLConnection) new URL(sHost + PATH_GET_USER_POOL_LIST).openConnection();
            httpsURLConnection.setRequestMethod("POST");
            httpsURLConnection.setRequestProperty("Content-Type", "application/json;charset=UTF-8");
            httpsURLConnection.setRequestProperty("Authorization", getAuthorization(httpServletRequest));
            httpsURLConnection.setConnectTimeout(CONNECTION_TIMEOUT);
            httpsURLConnection.setDoOutput(true);
            DataOutputStream dataOutputStream = new DataOutputStream(httpsURLConnection.getOutputStream());
            Properties properties = new Properties();
            properties.put("rootUserPoolId", str);
            properties.put("rootUserPoolSecret", str2);
            dataOutputStream.write(JSON.toJSONString(properties).getBytes());
            dataOutputStream.flush();
            dataOutputStream.close();
            int responseCode = httpsURLConnection.getResponseCode();
            if (responseCode == 200 || 201 == responseCode) {
                AuthingResult authingResult = (AuthingResult) JSON.parseObject(Util.getStringFromStream(httpsURLConnection.getInputStream()), new TypeReference<AuthingResult<List<UserPool>>>() { // from class: cn.authing.internal.AuthingImpl.2
                }, new Feature[0]);
                if (200 == authingResult.getCode()) {
                    return (List) authingResult.getData();
                }
                logger.error("Get user pool list by root info failed. Authing result code:" + authingResult.getCode() + ", Authing result message:" + authingResult.getMessage());
            } else {
                logger.error("Get app info failed. Status code:" + responseCode + ", Error:" + Util.getStringFromStream(httpsURLConnection.getErrorStream()));
            }
            return null;
        } catch (Exception e) {
            logger.error("Get app info failed. ", e);
            return null;
        }
    }

    static {
        timer.scheduleAtFixedRate(cleanCacheTask, 0L, TimeUnit.HOURS.toMillis(1L));
    }
}
