package cn.dev33.satoken.sso.template;

import cn.dev33.satoken.SaManager;
import cn.dev33.satoken.session.SaSession;
import cn.dev33.satoken.sign.SaSignManager;
import cn.dev33.satoken.sign.config.SaSignConfig;
import cn.dev33.satoken.sign.template.SaSignTemplate;
import cn.dev33.satoken.sso.SaSsoManager;
import cn.dev33.satoken.sso.config.SaSsoClientModel;
import cn.dev33.satoken.sso.config.SaSsoServerConfig;
import cn.dev33.satoken.sso.error.SaSsoErrorCode;
import cn.dev33.satoken.sso.exception.SaSsoException;
import cn.dev33.satoken.sso.message.SaSsoMessage;
import cn.dev33.satoken.sso.message.handle.server.SaSsoMessageCheckTicketHandle;
import cn.dev33.satoken.sso.message.handle.server.SaSsoMessageSignoutHandle;
import cn.dev33.satoken.sso.model.SaSsoClientInfo;
import cn.dev33.satoken.sso.model.TicketModel;
import cn.dev33.satoken.sso.strategy.SaSsoServerStrategy;
import cn.dev33.satoken.sso.util.SaSsoConsts;
import cn.dev33.satoken.stp.parameter.SaLogoutParameter;
import cn.dev33.satoken.strategy.SaStrategy;
import cn.dev33.satoken.util.SaFoxUtil;
import cn.dev33.satoken.util.SaResult;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import java.util.TreeMap;

/* loaded from: input_file:cn/dev33/satoken/sso/template/SaSsoServerTemplate.class */
public class SaSsoServerTemplate extends SaSsoTemplate {
    public SaSsoServerStrategy strategy = new SaSsoServerStrategy();

    public SaSsoServerTemplate() {
        this.messageHolder.addHandle(new SaSsoMessageCheckTicketHandle());
        this.messageHolder.addHandle(new SaSsoMessageSignoutHandle());
    }

    public void saveTicket(TicketModel ticketModel) {
        SaManager.getSaTokenDao().setObject(splicingTicketModelSaveKey(ticketModel.getTicket()), ticketModel, getServerConfig().getTicketTimeout());
    }

    public void deleteTicket(String str) {
        if (str == null) {
            return;
        }
        SaManager.getSaTokenDao().deleteObject(splicingTicketModelSaveKey(str));
    }

    public TicketModel createTicket(String str, Object obj, String str2) {
        TicketModel ticketModel = new TicketModel();
        ticketModel.setTicket(randomTicket(obj));
        ticketModel.setClient(str);
        ticketModel.setLoginId(obj);
        ticketModel.setTokenValue(str2);
        return ticketModel;
    }

    public String createTicketAndSave(String str, Object obj, String str2) {
        TicketModel createTicket = createTicket(str, obj, str2);
        saveTicket(createTicket);
        saveTicketIndex(str, obj, createTicket.getTicket());
        return createTicket.getTicket();
    }

    public String randomTicket(Object obj) {
        return SaFoxUtil.getRandomString(64);
    }

    public TicketModel getTicket(String str) {
        if (SaFoxUtil.isEmpty(str)) {
            return null;
        }
        return (TicketModel) SaManager.getSaTokenDao().getObject(splicingTicketModelSaveKey(str), TicketModel.class);
    }

    public Object getLoginId(String str) {
        TicketModel ticket = getTicket(str);
        if (ticket == null) {
            return null;
        }
        return ticket.getLoginId();
    }

    public <T> T getLoginId(String str, Class<T> cls) {
        return (T) SaFoxUtil.getValueByType(getLoginId(str), cls);
    }

    public TicketModel checkTicket(String str) {
        TicketModel ticket = getTicket(str);
        if (ticket == null) {
            throw new SaSsoException("无效 ticket : " + str).m0setCode(SaSsoErrorCode.CODE_30004);
        }
        return ticket;
    }

    public TicketModel checkTicketParamAndDelete(String str) {
        return checkTicketParamAndDelete(str, SaSsoConsts.CLIENT_WILDCARD);
    }

    public TicketModel checkTicketParamAndDelete(String str, String str2) {
        TicketModel checkTicket = checkTicket(str);
        String client = checkTicket.getClient();
        if (!SaSsoConsts.CLIENT_WILDCARD.equals(str2) && (!(SaFoxUtil.isEmpty(str2) && SaFoxUtil.isEmpty(client)) && SaFoxUtil.notEquals(str2, client))) {
            throw new SaSsoException("该 ticket 不属于 client=" + str2 + ", ticket 值: " + str).m0setCode(SaSsoErrorCode.CODE_30011);
        }
        deleteTicket(str);
        deleteTicketIndex(str2, checkTicket.getLoginId());
        return checkTicket;
    }

    public void saveTicketIndex(String str, Object obj, String str2) {
        SaManager.getSaTokenDao().set(splicingTicketIndexKey(str, obj), String.valueOf(str2), getServerConfig().getTicketTimeout());
    }

    public void deleteTicketIndex(String str, Object obj) {
        if (obj == null) {
            return;
        }
        SaManager.getSaTokenDao().delete(splicingTicketIndexKey(str, obj));
    }

    public String getTicketValue(String str, Object obj) {
        if (obj == null) {
            return null;
        }
        return SaManager.getSaTokenDao().get(splicingTicketIndexKey(str, obj));
    }

    public List<SaSsoClientModel> getClients() {
        return new ArrayList(getServerConfig().getClients().values());
    }

    public SaSsoClientModel getClient(String str) {
        return getServerConfig().getClients().get(str);
    }

    public SaSsoClientModel getClientNotNull(String str) {
        if (SaFoxUtil.isEmpty(str)) {
            if (getConfigOfAllowAnonClient()) {
                return getAnonClient();
            }
            throw new SaSsoException("client 标识不可为空");
        }
        SaSsoClientModel client = getClient(str);
        if (client == null) {
            throw new SaSsoException("未能获取应用信息，client=" + str).m0setCode(SaSsoErrorCode.CODE_30013);
        }
        return client;
    }

    public boolean getConfigOfAllowAnonClient() {
        return getServerConfig().getAllowAnonClient().booleanValue();
    }

    public SaSsoClientModel getAnonClient() {
        SaSsoServerConfig serverConfig = getServerConfig();
        SaSsoClientModel saSsoClientModel = new SaSsoClientModel();
        saSsoClientModel.setAllowUrl(serverConfig.getAllowUrl());
        saSsoClientModel.setIsSlo(serverConfig.getIsSlo());
        saSsoClientModel.setSecretKey(serverConfig.getSecretKey());
        if (SaFoxUtil.isEmpty(saSsoClientModel.getSecretKey())) {
            saSsoClientModel.setSecretKey(SaSignManager.getSaSignTemplate().getSignConfigOrGlobal().getSecretKey());
        }
        return saSsoClientModel;
    }

    public List<SaSsoClientModel> getNeedPushClients() {
        ArrayList arrayList = new ArrayList();
        for (SaSsoClientModel saSsoClientModel : getClients()) {
            if (saSsoClientModel.getIsPush().booleanValue()) {
                arrayList.add(saSsoClientModel);
            }
        }
        return arrayList;
    }

    public String buildRedirectUrl(String str, String str2, Object obj, String str3) {
        checkRedirectUrl(str, str2);
        deleteTicket(getTicketValue(str, obj));
        return SaFoxUtil.joinParam(encodeBackParam(str2), this.paramName.ticket, createTicketAndSave(str, obj, str3));
    }

    public String encodeBackParam(String str) {
        int indexOf = str.indexOf("?" + this.paramName.back + "=");
        if (indexOf == -1) {
            indexOf = str.indexOf("&" + this.paramName.back + "=");
            if (indexOf == -1) {
                return str;
            }
        }
        int length = this.paramName.back.length() + 2;
        return str.substring(0, indexOf + length) + SaFoxUtil.encodeUrl(str.substring(indexOf + length));
    }

    public void checkRedirectUrl(String str, String str2) {
        if (!SaFoxUtil.isUrl(str2)) {
            throw new SaSsoException("无效redirect：" + str2).m0setCode(SaSsoErrorCode.CODE_30001);
        }
        int indexOf = str2.indexOf("?");
        if (indexOf != -1) {
            str2 = str2.substring(0, indexOf);
        }
        if (str2.contains("@")) {
            throw new SaSsoException("无效redirect（不允许出现@字符）：" + str2).m0setCode(SaSsoErrorCode.CODE_30001);
        }
        List<String> asList = Arrays.asList(getClientNotNull(str).getAllowUrl().replaceAll(" ", "").split(","));
        checkAllowUrlList(asList);
        if (!((Boolean) SaStrategy.instance.hasElement.apply(asList, str2)).booleanValue()) {
            throw new SaSsoException("非法redirect：" + str2).m0setCode(SaSsoErrorCode.CODE_30002);
        }
    }

    public void checkAllowUrlList(List<String> list) {
        checkAllowUrlListStaticMethod(list);
    }

    public static void checkAllowUrlListStaticMethod(List<String> list) {
        for (String str : list) {
            int indexOf = str.indexOf(SaSsoConsts.CLIENT_WILDCARD);
            if (indexOf != -1 && indexOf != str.length() - 1) {
                throw new SaSsoException("无效的 allow-url 配置（*通配符只允许出现在最后一位）：" + str).m0setCode(SaSsoErrorCode.CODE_30015);
            }
        }
    }

    public void registerSloCallbackUrl(Object obj, String str, String str2) {
        if (SaFoxUtil.isEmpty(obj)) {
            return;
        }
        SaSession sessionByLoginId = getStpLogicOrGlobal().getSessionByLoginId(obj);
        List<SaSsoClientInfo> list = (List) sessionByLoginId.get(SaSsoConsts.SSO_CLIENT_MODEL_LIST_KEY_, ArrayList::new);
        list.add(new SaSsoClientInfo(str, str2, calcNextIndex(list)));
        int i = getServerConfig().maxRegClient;
        if (i != -1) {
            while (list.size() > i) {
                SaSsoClientInfo remove = list.remove(0);
                this.strategy.asyncRun.run(() -> {
                    notifyClientLogout(obj, null, remove, true, true);
                });
            }
        }
        sessionByLoginId.set(SaSsoConsts.SSO_CLIENT_MODEL_LIST_KEY_, list);
    }

    public int calcNextIndex(List<SaSsoClientInfo> list) {
        if (list == null || list.isEmpty()) {
            return 0;
        }
        int i = list.get(list.size() - 1).index;
        if (i == Integer.MAX_VALUE) {
            return 0;
        }
        return i + 1;
    }

    public void ssoLogout(Object obj) {
        ssoLogout(obj, getStpLogicOrGlobal().createSaLogoutParameter(), null);
    }

    public void ssoLogout(Object obj, SaLogoutParameter saLogoutParameter, String str) {
        pushToAllClientByLogoutCall(obj, saLogoutParameter, str);
        SaSession sessionByLoginId = getStpLogicOrGlobal().getSessionByLoginId(obj, false);
        if (sessionByLoginId == null) {
            return;
        }
        ((List) sessionByLoginId.get(SaSsoConsts.SSO_CLIENT_MODEL_LIST_KEY_, ArrayList::new)).forEach(saSsoClientInfo -> {
            this.strategy.asyncRun.run(() -> {
                notifyClientLogout(obj, saLogoutParameter.getDeviceId(), saSsoClientInfo, false, false);
            });
        });
        getStpLogicOrGlobal().logout(obj, saLogoutParameter);
    }

    public String notifyClientLogout(Object obj, String str, SaSsoClientInfo saSsoClientInfo, boolean z, boolean z2) {
        if (saSsoClientInfo == null || saSsoClientInfo.mode != 3) {
            return null;
        }
        String sloCallbackUrl = saSsoClientInfo.getSloCallbackUrl();
        if (SaFoxUtil.isEmpty(sloCallbackUrl)) {
            if (z2 && SaFoxUtil.isNotEmpty(saSsoClientInfo.getClient())) {
                return pushToClientByLogoutCall(getClient(saSsoClientInfo.getClient()), obj, true, getStpLogicOrGlobal().createSaLogoutParameter());
            }
            return null;
        }
        TreeMap treeMap = new TreeMap();
        treeMap.put(this.paramName.client, saSsoClientInfo.getClient());
        treeMap.put(this.paramName.loginId, obj);
        treeMap.put(this.paramName.deviceId, str);
        treeMap.put(this.paramName.autoLogout, Boolean.valueOf(z));
        return this.strategy.sendRequest.apply(SaFoxUtil.joinParam(sloCallbackUrl, getSignTemplate(saSsoClientInfo.getClient()).addSignParamsAndJoin(treeMap)));
    }

    public String pushMessage(SaSsoClientModel saSsoClientModel, SaSsoMessage saSsoMessage) {
        saSsoMessage.checkType();
        return this.strategy.sendRequest.apply(SaFoxUtil.joinParam(saSsoClientModel.splicingPushUrl(), getSignTemplate(saSsoClientModel.getClient()).addSignParamsAndJoin(saSsoMessage)));
    }

    public SaResult pushMessageAsSaResult(SaSsoClientModel saSsoClientModel, SaSsoMessage saSsoMessage) {
        return new SaResult(SaManager.getSaJsonTemplate().jsonToMap(pushMessage(saSsoClientModel, saSsoMessage)));
    }

    public String pushMessage(String str, SaSsoMessage saSsoMessage) {
        return pushMessage(getClientNotNull(str), saSsoMessage);
    }

    public SaResult pushMessageAsSaResult(String str, SaSsoMessage saSsoMessage) {
        return new SaResult(SaManager.getSaJsonTemplate().jsonToMap(pushMessage(str, saSsoMessage)));
    }

    public void pushToAllClient(SaSsoMessage saSsoMessage) {
        pushToAllClient(saSsoMessage, null);
    }

    public void pushToAllClient(SaSsoMessage saSsoMessage, String str) {
        for (SaSsoClientModel saSsoClientModel : getNeedPushClients()) {
            if (!SaFoxUtil.isNotEmpty(str) || !str.equals(saSsoClientModel.getClient())) {
                this.strategy.asyncRun.run(() -> {
                    pushMessage(saSsoClientModel, saSsoMessage);
                });
            }
        }
    }

    public void pushToAllClientByLogoutCall(Object obj, SaLogoutParameter saLogoutParameter, String str) {
        for (SaSsoClientModel saSsoClientModel : getNeedPushClients()) {
            if (!SaFoxUtil.isNotEmpty(str) || !str.equals(saSsoClientModel.getClient())) {
                if (saSsoClientModel.getIsSlo().booleanValue()) {
                    this.strategy.asyncRun.run(() -> {
                        pushToClientByLogoutCall(saSsoClientModel, obj, false, saLogoutParameter);
                    });
                }
            }
        }
    }

    public String pushToClientByLogoutCall(SaSsoClientModel saSsoClientModel, Object obj, boolean z, SaLogoutParameter saLogoutParameter) {
        SaSsoMessage saSsoMessage = new SaSsoMessage();
        saSsoMessage.setType(SaSsoConsts.MESSAGE_LOGOUT_CALL);
        saSsoMessage.m2set(this.paramName.loginId, obj);
        saSsoMessage.m2set(this.paramName.autoLogout, (Object) Boolean.valueOf(z));
        saSsoMessage.m2set(this.paramName.deviceId, (Object) saLogoutParameter.getDeviceId());
        return pushMessage(saSsoClientModel, saSsoMessage);
    }

    public SaSsoServerConfig getServerConfig() {
        return SaSsoManager.getServerConfig();
    }

    public SaSignTemplate getSignTemplate(String str) {
        SaSignConfig copy = SaSignManager.getSaSignTemplate().getSignConfigOrGlobal().copy();
        String secretKey = getClientNotNull(str).getSecretKey();
        if (SaFoxUtil.isEmpty(secretKey) && SaFoxUtil.isNotEmpty(str)) {
            secretKey = getServerConfig().getSecretKey();
        }
        if (SaFoxUtil.isEmpty(secretKey)) {
            secretKey = copy.getSecretKey();
        }
        copy.setSecretKey(secretKey);
        return new SaSignTemplate(copy);
    }

    public String splicingTicketModelSaveKey(String str) {
        return getStpLogicOrGlobal().getConfigOrGlobal().getTokenName() + ":ticket:" + str;
    }

    public String splicingTicketIndexKey(String str, Object obj) {
        if (SaFoxUtil.isEmpty(str) || SaSsoConsts.CLIENT_WILDCARD.equals(str)) {
            str = SaSsoConsts.CLIENT_ANON;
        }
        return getStpLogicOrGlobal().getConfigOrGlobal().getTokenName() + ":ticket-index:" + str + ":" + obj;
    }
}
