package cn.dev33.satoken.sso;

import cn.dev33.satoken.SaManager;
import cn.dev33.satoken.config.SaSsoConfig;
import cn.dev33.satoken.context.model.SaRequest;
import cn.dev33.satoken.session.SaSession;
import cn.dev33.satoken.sso.error.SaSsoErrorCode;
import cn.dev33.satoken.sso.exception.SaSsoException;
import cn.dev33.satoken.sso.name.ApiName;
import cn.dev33.satoken.sso.name.ParamName;
import cn.dev33.satoken.stp.StpLogic;
import cn.dev33.satoken.stp.StpUtil;
import cn.dev33.satoken.strategy.SaStrategy;
import cn.dev33.satoken.util.SaFoxUtil;
import cn.dev33.satoken.util.SaResult;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import java.util.TreeMap;

/* loaded from: input_file:cn/dev33/satoken/sso/SaSsoTemplate.class */
public class SaSsoTemplate {
    public ApiName apiName = new ApiName();
    public ParamName paramName = new ParamName();

    public SaSsoTemplate setParamName(ParamName paramName) {
        this.paramName = paramName;
        return this;
    }

    public SaSsoTemplate setApiName(ApiName apiName) {
        this.apiName = apiName;
        return this;
    }

    public StpLogic getStpLogic() {
        return StpUtil.stpLogic;
    }

    public SaSsoConfig getSsoConfig() {
        return SaSsoManager.getConfig();
    }

    public String createTicket(Object obj, String str) {
        String randomTicket = randomTicket(obj);
        saveTicket(randomTicket, obj, str);
        saveTicketIndex(randomTicket, obj);
        return randomTicket;
    }

    public void saveTicket(String str, Object obj, String str2) {
        String valueOf = String.valueOf(obj);
        if (SaFoxUtil.isNotEmpty(str2)) {
            valueOf = valueOf + "," + str2;
        }
        SaManager.getSaTokenDao().set(splicingTicketSaveKey(str), valueOf, SaSsoManager.getConfig().getTicketTimeout());
    }

    public void saveTicketIndex(String str, Object obj) {
        SaManager.getSaTokenDao().set(splicingTicketIndexKey(obj), String.valueOf(str), SaSsoManager.getConfig().getTicketTimeout());
    }

    public void deleteTicket(String str) {
        if (str == null) {
            return;
        }
        SaManager.getSaTokenDao().delete(splicingTicketSaveKey(str));
    }

    public void deleteTicketIndex(Object obj) {
        if (obj == null) {
            return;
        }
        SaManager.getSaTokenDao().delete(splicingTicketIndexKey(obj));
    }

    public Object getLoginId(String str) {
        if (SaFoxUtil.isEmpty(str)) {
            return null;
        }
        String str2 = SaManager.getSaTokenDao().get(splicingTicketSaveKey(str));
        if (str2 != null && str2.indexOf(",") > -1) {
            str2 = str2.split(",")[0];
        }
        return str2;
    }

    public <T> T getLoginId(String str, Class<T> cls) {
        return (T) SaFoxUtil.getValueByType(getLoginId(str), cls);
    }

    public String getTicketValue(Object obj) {
        if (obj == null) {
            return null;
        }
        return SaManager.getSaTokenDao().get(splicingTicketIndexKey(obj));
    }

    public Object checkTicket(String str) {
        return checkTicket(str, getSsoConfig().getClient());
    }

    public Object checkTicket(String str, String str2) {
        String str3 = SaManager.getSaTokenDao().get(splicingTicketSaveKey(str));
        if (str3 != null) {
            String str4 = null;
            if (str3.indexOf(",") > -1) {
                String[] split = str3.split(",");
                str3 = split[0];
                str4 = split[1];
            }
            if (SaFoxUtil.isNotEmpty(str2) && SaFoxUtil.notEquals(str2, str4)) {
                throw new SaSsoException("该 ticket 不属于 client=" + str2 + ", ticket 值: " + str).m2setCode(SaSsoErrorCode.CODE_30011);
            }
            deleteTicket(str);
            deleteTicketIndex(str3);
        }
        return str3;
    }

    public String randomTicket(Object obj) {
        return SaFoxUtil.getRandomString(64);
    }

    public String getAllowUrl() {
        return SaSsoManager.getConfig().getAllowUrl();
    }

    public void checkRedirectUrl(String str) {
        if (!SaFoxUtil.isUrl(str)) {
            throw new SaSsoException("无效redirect：" + str).m2setCode(SaSsoErrorCode.CODE_30001);
        }
        int indexOf = str.indexOf("?");
        if (indexOf != -1) {
            str = str.substring(0, indexOf);
        }
        if (!((Boolean) SaStrategy.me.hasElement.apply(Arrays.asList(getAllowUrl().replaceAll(" ", "").split(",")), str)).booleanValue()) {
            throw new SaSsoException("非法redirect：" + str).m2setCode(SaSsoErrorCode.CODE_30002);
        }
    }

    public void registerSloCallbackUrl(Object obj, String str) {
        if (SaFoxUtil.isEmpty(obj) || SaFoxUtil.isEmpty(str)) {
            return;
        }
        SaSession sessionByLoginId = getStpLogic().getSessionByLoginId(obj);
        Set set = (Set) sessionByLoginId.get(SaSsoConsts.SLO_CALLBACK_SET_KEY, () -> {
            return new HashSet();
        });
        set.add(str);
        sessionByLoginId.set(SaSsoConsts.SLO_CALLBACK_SET_KEY, set);
    }

    public void ssoLogout(Object obj) {
        SaSession sessionByLoginId = getStpLogic().getSessionByLoginId(obj, false);
        if (sessionByLoginId == null) {
            return;
        }
        SaSsoConfig config = SaSsoManager.getConfig();
        Iterator it = ((Set) sessionByLoginId.get(SaSsoConsts.SLO_CALLBACK_SET_KEY, () -> {
            return new HashSet();
        })).iterator();
        while (it.hasNext()) {
            config.getSendHttp().apply(addSignParams((String) it.next(), obj));
        }
        getStpLogic().logout(obj);
    }

    public Object getUserinfo(Object obj) {
        return SaSsoManager.getConfig().getSendHttp().apply(buildUserinfoUrl(obj));
    }

    public String buildServerAuthUrl(String str, String str2) {
        String splicingAuthUrl = SaSsoManager.getConfig().splicingAuthUrl();
        String client = SaSsoManager.getConfig().getClient();
        if (SaFoxUtil.isNotEmpty(client)) {
            splicingAuthUrl = SaFoxUtil.joinParam(splicingAuthUrl, this.paramName.client, client);
        }
        String encodeUrl = SaFoxUtil.encodeUrl(str2 == null ? "" : str2);
        if (str.indexOf(this.paramName.back + "=" + encodeUrl) == -1) {
            str = SaFoxUtil.joinParam(str, this.paramName.back, encodeUrl);
        }
        return SaFoxUtil.joinParam(splicingAuthUrl, this.paramName.redirect, str);
    }

    public String buildRedirectUrl(Object obj, String str, String str2) {
        checkRedirectUrl(str2);
        deleteTicket(getTicketValue(obj));
        return SaFoxUtil.joinParam(encodeBackParam(str2), this.paramName.ticket, createTicket(obj, str));
    }

    public String encodeBackParam(String str) {
        int indexOf = str.indexOf("?" + this.paramName.back + "=");
        if (indexOf == -1) {
            indexOf = str.indexOf("&" + this.paramName.back + "=");
            if (indexOf == -1) {
                return str;
            }
        }
        int length = this.paramName.back.length() + 2;
        return str.substring(0, indexOf + length) + SaFoxUtil.encodeUrl(str.substring(indexOf + length));
    }

    public String buildUserinfoUrl(Object obj) {
        return addSignParams(SaSsoManager.getConfig().splicingUserinfoUrl(), obj);
    }

    public String buildCheckTicketUrl(String str, String str2) {
        String splicingCheckTicketUrl = SaSsoManager.getConfig().splicingCheckTicketUrl();
        String client = getSsoConfig().getClient();
        if (SaFoxUtil.isNotEmpty(client)) {
            splicingCheckTicketUrl = SaFoxUtil.joinParam(splicingCheckTicketUrl, this.paramName.client, client);
        }
        String joinParam = SaFoxUtil.joinParam(splicingCheckTicketUrl, this.paramName.ticket, str);
        if (str2 != null) {
            joinParam = SaFoxUtil.joinParam(joinParam, this.paramName.ssoLogoutCall, str2);
        }
        return joinParam;
    }

    public String buildSloUrl(Object obj) {
        return addSignParams(SaSsoManager.getConfig().splicingSloUrl(), obj);
    }

    public String splicingTicketSaveKey(String str) {
        return SaManager.getConfig().getTokenName() + ":ticket:" + str;
    }

    public String splicingTicketIndexKey(Object obj) {
        return SaManager.getConfig().getTokenName() + ":id-ticket:" + obj;
    }

    public SaResult request(String str) {
        return new SaResult(SaManager.getSaJsonTemplate().parseJsonToMap(SaSsoManager.getConfig().getSendHttp().apply(str)));
    }

    public String getSecretkey() {
        String secretkey = SaSsoManager.getConfig().getSecretkey();
        if (SaFoxUtil.isEmpty(secretkey)) {
            throw new SaSsoException("请配置 secretkey 参数").m2setCode(SaSsoErrorCode.CODE_30009);
        }
        return secretkey;
    }

    @Deprecated
    public void checkSecretkey(String str) {
        if (SaFoxUtil.isEmpty(str) || !str.equals(getSecretkey())) {
            throw new SaSsoException("无效秘钥：" + str).m2setCode(SaSsoErrorCode.CODE_30003);
        }
    }

    public String getSign(Object obj, String str, String str2, String str3) {
        TreeMap treeMap = new TreeMap();
        treeMap.put(this.paramName.loginId, obj);
        treeMap.put(this.paramName.timestamp, str);
        treeMap.put(this.paramName.nonce, str2);
        return SaManager.getSaSignTemplate().createSign(treeMap, str3);
    }

    public String addSignParams(String str, Object obj) {
        String valueOf = String.valueOf(System.currentTimeMillis());
        String randomString = SaFoxUtil.getRandomString(20);
        return SaFoxUtil.joinParam(SaFoxUtil.joinParam(SaFoxUtil.joinParam(SaFoxUtil.joinParam(str, this.paramName.loginId, obj), this.paramName.timestamp, valueOf), this.paramName.nonce, randomString), this.paramName.sign, getSign(obj, valueOf, randomString, getSecretkey()));
    }

    public void checkSign(SaRequest saRequest) {
        String paramNotNull = saRequest.getParamNotNull(this.paramName.sign);
        String paramNotNull2 = saRequest.getParamNotNull(this.paramName.loginId);
        String paramNotNull3 = saRequest.getParamNotNull(this.paramName.timestamp);
        String paramNotNull4 = saRequest.getParamNotNull(this.paramName.nonce);
        checkTimestamp(Long.valueOf(paramNotNull3).longValue());
        String sign = getSign(paramNotNull2, paramNotNull3, paramNotNull4, getSecretkey());
        if (!sign.equals(paramNotNull)) {
            throw new SaSsoException("签名无效：" + sign).m2setCode(SaSsoErrorCode.CODE_30008);
        }
    }

    public void checkTimestamp(long j) {
        long abs = Math.abs(System.currentTimeMillis() - j);
        long timestampDisparity = SaSsoManager.getConfig().getTimestampDisparity();
        if (timestampDisparity != -1 && abs > timestampDisparity) {
            throw new SaSsoException("timestamp 超出允许的范围").m2setCode(SaSsoErrorCode.CODE_30007);
        }
    }
}
