package com.alibaba.buc.sso.client.util;

import com.alibaba.buc.sso.client.conf.ClientConfTask;
import com.alibaba.buc.sso.client.handler.SSOCallback;
import com.alibaba.buc.sso.client.log.util.LogUtils;
import com.alibaba.buc.sso.client.spi.Redirector;
import com.alibaba.buc.sso.client.vo.HeartBeatSSOToken;
import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson.JSONObject;
import com.alibaba.fastjson.support.spring.FastJsonJsonView;
import com.alibaba.platform.buc.sso.common.SSOException;
import com.alibaba.platform.buc.sso.common.constants.BucSSOConstants;
import com.alibaba.platform.buc.sso.common.dto.DingCodeDTO;
import com.alibaba.platform.buc.sso.common.dto.TokenUserDTO;
import com.alibaba.platform.buc.sso.common.tool.BucSSOUtil;
import com.alibaba.platform.buc.sso.common.tool.CookieUtil;
import com.alibaba.platform.buc.sso.common.tool.HTTPUtil;
import com.alibaba.platform.buc.sso.common.tool.RegexUtil;
import com.alibaba.platform.buc.sso.common.tool.SSOEncodeUtil;
import com.alibaba.platform.buc.sso.common.tool.TimerService;
import com.aliyun.openservices.log.common.Consts;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;
import java.security.InvalidKeyException;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.concurrent.TimeUnit;
import java.util.regex.Pattern;
import javax.crypto.BadPaddingException;
import javax.crypto.IllegalBlockSizeException;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringUtils;
import org.apache.http.HttpHeaders;
import org.apache.http.client.methods.HttpPost;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:lib/buc.sso.client-1.1.2.jar:com/alibaba/buc/sso/client/util/BucSSOClientUtil.class */
public class BucSSOClientUtil {
    private static final Logger log = LoggerFactory.getLogger(BucSSOClientUtil.class);
    private static final Pattern IPV4_PATTERN = Pattern.compile("^(25[0-5]|2[0-4]\\d|[0-1]?\\d?\\d)(\\.(25[0-5]|2[0-4]\\d|[0-1]?\\d?\\d)){3}$");

    public static String getClientVersion() {
        return FilterManager.getClientVersion();
    }

    public static String getSsoServerUrl() {
        return FilterManager.getSsoServerUrl();
    }

    public static String getAppName() {
        return FilterManager.getAppName();
    }

    public static String getSsoLoginUrl() {
        return FilterManager.getSsoLoginUrl();
    }

    public static String getSsoLogoutUrl() {
        return FilterManager.getSsoLogoutUrl();
    }

    public static String getSsoTokenApi() {
        return FilterManager.getSsoTokenApi();
    }

    public static String[] getExclusions() {
        return FilterManager.getExclusions();
    }

    public static Pattern[] getExclusionPatterns() {
        return FilterManager.getExclusionPatterns();
    }

    public static SSOCallback getSsoCallback() {
        return FilterManager.getSsoCallback();
    }

    public static boolean getSsoCheckEnable() {
        return FilterManager.getSsoCheckEnable();
    }

    public static String getSsoCheckTimePeriod() {
        return FilterManager.getSsoCheckTimePeriod();
    }

    public static String getLocalLoginUrl() {
        return FilterManager.getLocalLoginUrl();
    }

    public static boolean getSsoAvailable() {
        return FilterManager.getSsoAvailable();
    }

    public static String getSsoCookieDomain() {
        return FilterManager.getSsoCookieDomain();
    }

    public static String getCustomLoginUrl() {
        return FilterManager.getCustomLoginUrl();
    }

    public static void setCustomLoginUrl(String str) {
        FilterManager.setCustomLoginUrl(str);
    }

    public static boolean isExclusionMatched(Pattern[] patternArr, String str) {
        if (patternArr == null) {
            return false;
        }
        String trim = str.trim();
        for (Pattern pattern : patternArr) {
            if (RegexUtil.isWildCardMatched(trim, pattern)) {
                return true;
            }
        }
        return false;
    }

    public static Pattern[] compilePatterns(String[] strArr) {
        return RegexUtil.compilePatterns(strArr);
    }

    public static void updateClientVersionUrl(String str) {
        if (StringUtils.isNotBlank(str)) {
            try {
                HashMap hashMap = new HashMap();
                hashMap.put(BucSSOConstants.APP_NAME, FilterManager.getAppName());
                hashMap.put(BucSSOConstants.EXCLUSIONS, StringUtils.join(FilterManager.getExclusions(), BucSSOConstants.COMMA));
                hashMap.put(BucSSOConstants.CLIENT_VERSION, FilterManager.getClientVersion());
                hashMap.put(BucSSOConstants.CLIENT_IP, LogUtils.getLocalMachineIp());
                hashMap.put(BucSSOConstants.APP_PROFILE, FilterManager.getAppProfile());
                HTTPUtil.retrieve(str, hashMap);
            } catch (Exception e) {
                log.error(e.getLocalizedMessage(), (Throwable) e);
            }
        }
    }

    public static void startSSOCheck() throws ServletException {
        if (FilterManager.getSsoCheckEnable()) {
            synchronized (BucSSOClientUtil.class) {
                log.info("Starting SSO Check");
                if (null == FilterManager.getSsoCheckTimePeriod()) {
                    throw new ServletException("SSO_CHECK_TIME_PERIOD must be set when SSO_CHECK_ENABLE is enabled.Unit:millisec");
                }
                if (null == FilterManager.getLocalLoginUrl()) {
                    throw new ServletException("LOCAL_LOGIN_URL must be set when SSO_CHECK_ENABLE is enabled.");
                }
                if (null == FilterManager.getSsoCheckUrl()) {
                    throw new ServletException("SSO_CHECK_URL must be set when SSO_CHECK_ENABLE is enabled.");
                }
                TimerService.scheduleWithFixedDelay(new Runnable() { // from class: com.alibaba.buc.sso.client.util.BucSSOClientUtil.1
                    @Override // java.lang.Runnable
                    public void run() {
                        BucSSOClientUtil.refreshSsoCheck();
                    }
                }, 0L, Long.parseLong(FilterManager.getSsoCheckTimePeriod()), TimeUnit.MILLISECONDS);
            }
        }
    }

    public static void refreshSsoCheck() {
        boolean z = false;
        try {
            String retrieve = HTTPUtil.retrieve(FilterManager.getSsoCheckUrl());
            if (StringUtils.isNotEmpty(retrieve)) {
                String ssoCheckValue = FilterManager.getSsoCheckValue();
                z = retrieve.contains(StringUtils.isNotBlank(ssoCheckValue) ? ssoCheckValue : "true");
            }
        } catch (Exception e) {
            log.error(e.getLocalizedMessage(), (Throwable) e);
            z = false;
        }
        FilterManager.setSsoAvailable(z);
        log.info("CHECKING SSO Server..........." + z);
    }

    public static String encodeCookie(String str) throws InvalidKeyException, IllegalBlockSizeException, BadPaddingException, UnsupportedEncodingException {
        return SSOEncodeUtil.encodeText(FilterManager.getClientCookieEncryptCipher(), str, "UTF-8");
    }

    public static String decodeCookie(String str) throws InvalidKeyException, IllegalBlockSizeException, BadPaddingException, UnsupportedEncodingException {
        return SSOEncodeUtil.decodeText(FilterManager.getClientCookieDecryptCipher(), str, "UTF-8");
    }

    public static boolean handleSSOLogin(String str, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        return handleSSOLogin(str, true, httpServletRequest, httpServletResponse);
    }

    public static boolean handleSSOLogin(String str, boolean z, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        TokenUserDTO tokenUserDTO = null;
        try {
            tokenUserDTO = BucSSOUtil.renewToken(FilterManager.getSsoCallback().reWriteRequestUrl(httpServletRequest, httpServletResponse, FilterManager.getSsoTokenApi()), str, FilterManager.getAppCode(), true);
        } catch (Exception e) {
            log.error(e.getMessage(), (Throwable) e);
        }
        if (tokenUserDTO == null || tokenUserDTO.getUser() == null || tokenUserDTO.getUser().getId().intValue() <= 0) {
            CookieUtil.removeCookie(FilterManager.getSSOTokenCookieNameV2(), "/", FilterManager.getSsoCookieDomain(), httpServletResponse);
            return false;
        }
        if (StringUtils.isBlank(tokenUserDTO.getAppName()) || !tokenUserDTO.getAppName().equals(FilterManager.getAppName())) {
            StringBuilder sb = new StringBuilder();
            sb.append("renewToken error,token:").append(tokenUserDTO.getToken()).append(",login appName:").append(FilterManager.getAppName()).append(",token appName:").append(tokenUserDTO.getAppName());
            if (z) {
                httpServletResponse.sendRedirect(String.format(FilterManager.getErrorUrl(), Integer.valueOf(BucSSOConstants.ERROR_1402), sb.toString()));
                return false;
            }
            log.error(sb.toString());
            return false;
        }
        FilterManager.getSsoCallback().addUser(tokenUserDTO.getUser(), tokenUserDTO.getUmid(), httpServletRequest, httpServletResponse);
        if (httpServletResponse.isCommitted()) {
            return false;
        }
        try {
            try {
                handleLoginCookies(tokenUserDTO, httpServletRequest, httpServletResponse);
                httpServletResponse.setHeader("P3P", "CP=\"CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR\"");
                httpServletRequest.setAttribute(BucSSOConstants.SSO_TICKET_USER, tokenUserDTO);
                FilterManager.getSsoCallback().afterLogin(httpServletRequest, httpServletResponse);
                return true;
            } catch (Exception e2) {
                log.error(e2.getMessage(), (Throwable) e2);
                FilterManager.getSsoCallback().afterLogin(httpServletRequest, httpServletResponse);
                return false;
            }
        } catch (Throwable th) {
            FilterManager.getSsoCallback().afterLogin(httpServletRequest, httpServletResponse);
            throw th;
        }
    }

    public static boolean handleBucSsoToken(String str, String str2, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        try {
            TokenUserDTO tokenUserDTO = null;
            if (StringUtils.isNotBlank(FilterManager.getBucSsoTokenApi())) {
                tokenUserDTO = BucSSOUtil.renewToken(FilterManager.getSsoCallback().reWriteRequestUrl(httpServletRequest, httpServletResponse, FilterManager.getBucSsoTokenApi()), str, str2, true);
            }
            return handleTokenUser(tokenUserDTO, httpServletRequest, httpServletResponse);
        } catch (Exception e) {
            log.error(e.getMessage(), (Throwable) e);
            return false;
        }
    }

    public static boolean handleDingtalkCode(String str, String str2, String str3, String str4, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        try {
            TokenUserDTO tokenUserDTO = null;
            if (StringUtils.isNotBlank(FilterManager.getDingtalkCodeApi())) {
                tokenUserDTO = BucSSOUtil.validateDingtalkCode(FilterManager.getSsoCallback().reWriteRequestUrl(httpServletRequest, httpServletResponse, FilterManager.getDingtalkCodeApi()), str, str2, str3, str4);
            }
            return handleTokenUser(tokenUserDTO, httpServletRequest, httpServletResponse);
        } catch (Exception e) {
            log.error(e.getMessage(), (Throwable) e);
            return false;
        }
    }

    public static boolean handleTokenUser(TokenUserDTO tokenUserDTO, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        boolean z = false;
        if (tokenUserDTO != null) {
            try {
                if (tokenUserDTO.getUser() != null && tokenUserDTO.getUser().getId().intValue() > 0) {
                    if (StringUtils.isBlank(tokenUserDTO.getAppName()) || !tokenUserDTO.getAppName().equals(FilterManager.getAppName())) {
                        StringBuilder sb = new StringBuilder();
                        sb.append("renewToken error,token:").append(tokenUserDTO.getToken()).append(",login appName:").append(FilterManager.getAppName()).append(",token appName:").append(tokenUserDTO.getAppName());
                        httpServletResponse.sendRedirect(String.format(FilterManager.getErrorUrl(), Integer.valueOf(BucSSOConstants.ERROR_1402), sb.toString()));
                        return false;
                    }
                    FilterManager.getSsoCallback().addUser(tokenUserDTO.getUser(), tokenUserDTO.getUmid(), httpServletRequest, httpServletResponse);
                    if (!httpServletResponse.isCommitted()) {
                        try {
                            handleLoginCookies(tokenUserDTO, httpServletRequest, httpServletResponse);
                            httpServletResponse.setHeader("P3P", "CP=\"CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR\"");
                            httpServletRequest.setAttribute(BucSSOConstants.SSO_TICKET_USER, tokenUserDTO);
                            z = true;
                        } catch (Exception e) {
                            log.error(e.getMessage(), (Throwable) e);
                        }
                        FilterManager.getSsoCallback().afterLogin(httpServletRequest, httpServletResponse);
                    }
                }
            } catch (Exception e2) {
                log.error(e2.getMessage(), (Throwable) e2);
            }
        }
        return z;
    }

    public static void handleSSOLogout(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        CookieUtil.removeCookie(FilterManager.getSSOTokenCookieNameV2(), "/", FilterManager.getSsoCookieDomain(), httpServletResponse);
        removeBuRootDomainCookie(httpServletRequest, httpServletResponse);
        removeEmpIdRootDomainCookie(httpServletRequest, httpServletResponse);
        httpServletResponse.setHeader("P3P", "CP=\"CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR\"");
        FilterManager.getSsoCallback().removeUser(httpServletRequest, httpServletResponse);
    }

    public static String builderRedirectSso(String str, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, ServletException {
        FilterManager.getSsoCallback().beforeLogin(httpServletRequest, httpServletResponse);
        if (FilterManager.getSsoCheckEnable() && FilterManager.getSsoAvailable()) {
            refreshSsoCheck();
        }
        if (!FilterManager.getSsoAvailable() && StringUtils.isNotBlank(FilterManager.getLocalLoginUrl())) {
            String queryString = httpServletRequest.getQueryString();
            String localLoginUrl = FilterManager.getLocalLoginUrl();
            if (StringUtils.isNotBlank(queryString)) {
                localLoginUrl = localLoginUrl + "?" + httpServletRequest.getQueryString();
            }
            return localLoginUrl;
        }
        StringBuilder sb = new StringBuilder();
        sb.append(FilterManager.getSsoLoginUrl());
        sb.append("?").append(BucSSOConstants.APP_NAME).append(BucSSOConstants.EQUALS).append(FilterManager.getAppName());
        appendParameter(sb, BucSSOConstants.BACK_URL, str);
        String contextPath = StringUtils.isNotBlank(FilterManager.getContextPath()) ? FilterManager.getContextPath() : httpServletRequest.getContextPath();
        if (StringUtils.isNotBlank(contextPath)) {
            appendParameter(sb, BucSSOConstants.CONTEXT_PATH, contextPath);
        }
        if (StringUtils.isNotBlank(FilterManager.getBucRequestSuffix())) {
            appendParameter(sb, BucSSOConstants.RQ_SUFFIX, FilterManager.getBucRequestSuffix());
        }
        if (StringUtils.isNotBlank(FilterManager.getCustomLoginUrl())) {
            appendParameter(sb, BucSSOConstants.CUSTOM_LOGIN_URL_NAME, FilterManager.getCustomLoginUrl());
        }
        if (isAppendDingParamsEnabled(httpServletRequest)) {
            String requestParameter = getRequestParameter(httpServletRequest, BucSSOConstants.DING_CORP_ID);
            if (StringUtils.isNotBlank(requestParameter)) {
                appendParameter(sb, BucSSOConstants.DING_CORP_ID, requestParameter);
            }
            DingCodeDTO dingCode = getDingCode(httpServletRequest);
            if (dingCode != null) {
                appendParameter(sb, BucSSOConstants.DING_DT_CODE, dingCode.getCode());
                appendParameter(sb, BucSSOConstants.DING_CODY_TYPE, dingCode.getCodeType());
            }
        }
        if (isFromDingTalk(httpServletRequest)) {
            appendParameter(sb, BucSSOConstants.DING_ADD_COOKIE, "true");
        }
        String requestParameter2 = getRequestParameter(httpServletRequest, BucSSOConstants.HAVANA_PROXY_TOKEN);
        if (StringUtils.isNotBlank(requestParameter2)) {
            appendParameter(sb, BucSSOConstants.HAVANA_PROXY_TOKEN, requestParameter2);
        }
        return sb.toString();
    }

    public static boolean handleRedirect(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain, String str, String str2, Map<String, Object> map) throws IOException, ServletException {
        List<Redirector> redirectors = FilterManager.getRedirectors();
        if (redirectors == null) {
            return false;
        }
        Iterator<Redirector> it = redirectors.iterator();
        while (it.hasNext()) {
            if (it.next().doRedirect(httpServletRequest, httpServletResponse, filterChain, str, str2, map)) {
                return true;
            }
        }
        return false;
    }

    private static void appendParameter(StringBuilder sb, String str, String str2) throws UnsupportedEncodingException {
        sb.append(BucSSOConstants.AMPERSAND);
        sb.append(str);
        sb.append(BucSSOConstants.EQUALS);
        sb.append(URLEncoder.encode(str2, "UTF-8"));
    }

    private static DingCodeDTO getDingCode(HttpServletRequest httpServletRequest) {
        String cookieValue = CookieUtil.getCookieValue(BucSSOConstants.DING_UT_COOKIE_NAME, httpServletRequest);
        if (StringUtils.isNotBlank(cookieValue)) {
            return new DingCodeDTO(cookieValue, BucSSOConstants.DING_CODY_TYPE_COOKIE);
        }
        if (StringUtils.equalsIgnoreCase(FilterManager.getBucRequestMethod(), HttpPost.METHOD_NAME)) {
            String parameter = httpServletRequest.getParameter(BucSSOConstants.DING_JSAPI_CODE);
            if (StringUtils.isBlank(parameter)) {
                parameter = httpServletRequest.getParameter(BucSSOConstants.DING_DT_CODE);
            }
            if (StringUtils.isNotBlank(parameter)) {
                return new DingCodeDTO(parameter, BucSSOConstants.DING_CODY_TYPE_JSAPI);
            }
            String parameter2 = httpServletRequest.getParameter(BucSSOConstants.DING_CODE);
            if (StringUtils.isNotBlank(parameter2)) {
                return new DingCodeDTO(parameter2, BucSSOConstants.DING_CODY_TYPE_ADMIN);
            }
            return null;
        }
        Map<String, String> splitQueryString = HTTPUtil.splitQueryString(httpServletRequest.getQueryString());
        String str = splitQueryString.get(BucSSOConstants.DING_JSAPI_CODE);
        if (StringUtils.isBlank(str)) {
            str = splitQueryString.get(BucSSOConstants.DING_DT_CODE);
        }
        if (StringUtils.isNotBlank(str)) {
            return new DingCodeDTO(str, BucSSOConstants.DING_CODY_TYPE_JSAPI);
        }
        String str2 = splitQueryString.get(BucSSOConstants.DING_CODE);
        if (StringUtils.isNotBlank(str2)) {
            return new DingCodeDTO(str2, BucSSOConstants.DING_CODY_TYPE_ADMIN);
        }
        return null;
    }

    private static boolean isAppendDingParamsEnabled(HttpServletRequest httpServletRequest) {
        return StringUtils.isNotBlank(getRequestParameter(httpServletRequest, BucSSOConstants.DING_CORP_ID));
    }

    public static boolean checkIsJsonType(String str, String str2, Pattern[] patternArr) {
        String[] split;
        if (StringUtils.isNotBlank(str2) && (split = str2.split(";")) != null && split.length > 0) {
            for (String str3 : split) {
                if (StringUtils.isNotBlank(str3) && str.endsWith(str3)) {
                    return true;
                }
            }
        }
        return patternArr != null && patternArr.length > 0 && RegexUtil.isMatched(patternArr, str);
    }

    public static boolean checkJsonRequestNeedRedirect(String str, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        String requestURI = httpServletRequest.getRequestURI();
        boolean checkIsJsonType = checkIsJsonType(requestURI, FilterManager.getHttp302JsonResponse(), FilterManager.getHttp302JsonUriPatterns());
        boolean checkIsJsonType2 = checkIsJsonType(requestURI, FilterManager.getHttp302JsonpResponse(), FilterManager.getHttp302JsonpUriPatterns());
        if (checkIsJsonType || checkIsJsonType2) {
        }
        return false;
    }

    public static boolean buildJsonBackContent(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        boolean checkIsJsonType;
        boolean z = false;
        boolean z2 = false;
        try {
            try {
                String requestURI = httpServletRequest.getRequestURI();
                z2 = checkIsJsonType(requestURI, FilterManager.getHttp302JsonResponse(), FilterManager.getHttp302JsonUriPatterns());
                checkIsJsonType = checkIsJsonType(requestURI, FilterManager.getHttp302JsonpResponse(), FilterManager.getHttp302JsonpUriPatterns());
            } catch (Exception e) {
                log.error(e.getMessage(), (Throwable) e);
                if (z) {
                    httpServletResponse.setDateHeader(HttpHeaders.EXPIRES, 0L);
                    httpServletResponse.setHeader(HttpHeaders.CACHE_CONTROL, "no-cache");
                    httpServletResponse.setHeader(HttpHeaders.PRAGMA, "no-cache");
                    if (z2) {
                        httpServletResponse.setContentType(Consts.CONST_SLS_JSON);
                    } else {
                        httpServletResponse.setContentType(FastJsonJsonView.DEFAULT_JSONP_CONTENT_TYPE);
                    }
                }
            }
            if (!z2 && !checkIsJsonType) {
                if (0 != 0) {
                    httpServletResponse.setDateHeader(HttpHeaders.EXPIRES, 0L);
                    httpServletResponse.setHeader(HttpHeaders.CACHE_CONTROL, "no-cache");
                    httpServletResponse.setHeader(HttpHeaders.PRAGMA, "no-cache");
                    if (z2) {
                        httpServletResponse.setContentType(Consts.CONST_SLS_JSON);
                    } else {
                        httpServletResponse.setContentType(FastJsonJsonView.DEFAULT_JSONP_CONTENT_TYPE);
                    }
                }
                return z;
            }
            String str = "";
            if (z2) {
                str = getHttp302JsonText();
            } else if (checkIsJsonType) {
                str = getHttp302JsonpText(httpServletRequest);
            }
            z = true;
            httpServletResponse.getWriter().write(str);
            httpServletResponse.getWriter().flush();
            if (1 != 0) {
                httpServletResponse.setDateHeader(HttpHeaders.EXPIRES, 0L);
                httpServletResponse.setHeader(HttpHeaders.CACHE_CONTROL, "no-cache");
                httpServletResponse.setHeader(HttpHeaders.PRAGMA, "no-cache");
                if (z2) {
                    httpServletResponse.setContentType(Consts.CONST_SLS_JSON);
                } else {
                    httpServletResponse.setContentType(FastJsonJsonView.DEFAULT_JSONP_CONTENT_TYPE);
                }
            }
            return true;
        } catch (Throwable th) {
            if (z) {
                httpServletResponse.setDateHeader(HttpHeaders.EXPIRES, 0L);
                httpServletResponse.setHeader(HttpHeaders.CACHE_CONTROL, "no-cache");
                httpServletResponse.setHeader(HttpHeaders.PRAGMA, "no-cache");
                if (z2) {
                    httpServletResponse.setContentType(Consts.CONST_SLS_JSON);
                } else {
                    httpServletResponse.setContentType(FastJsonJsonView.DEFAULT_JSONP_CONTENT_TYPE);
                }
            }
            throw th;
        }
    }

    private static String getHttp302JsonText() {
        String http302JsonText = FilterManager.getHttp302JsonText();
        return StringUtils.isNotBlank(http302JsonText) ? http302JsonText : BucSSOConstants.HTTP_302_JSON_RESPONSE_VALUE;
    }

    private static String getHttp302JsonpText(HttpServletRequest httpServletRequest) {
        String http302JsonpText = FilterManager.getHttp302JsonpText();
        String parameter = httpServletRequest.getParameter("callback");
        if (!StringUtils.isNotBlank(http302JsonpText)) {
            return StringUtils.isBlank(parameter) ? BucSSOConstants.HTTP_302_JSONP_RESPONSE_VALUE : StringUtils.replaceOnce(BucSSOConstants.HTTP_302_JSONP_RESPONSE_VALUE, "onJSONPCallback", parameter);
        }
        if (StringUtils.isBlank(parameter)) {
            return http302JsonpText;
        }
        String substringBetween = StringUtils.substringBetween(http302JsonpText, "(", ")");
        return StringUtils.isNotBlank(substringBetween) ? parameter + "(" + substringBetween + ");" : parameter + "(" + http302JsonpText + ");";
    }

    public static String getFullUrl(HttpServletRequest httpServletRequest) {
        StringBuilder sb = new StringBuilder();
        if (StringUtils.isNotBlank(FilterManager.getAppServer()) || StringUtils.isNotBlank(FilterManager.getAppPort()) || StringUtils.isNotBlank(FilterManager.getAppRequestSchema())) {
            String appRequestSchema = StringUtils.isNotBlank(FilterManager.getAppRequestSchema()) ? FilterManager.getAppRequestSchema() : getActualScheme(httpServletRequest);
            String appServer = StringUtils.isNotBlank(FilterManager.getAppServer()) ? FilterManager.getAppServer() : httpServletRequest.getServerName();
            String appPort = StringUtils.isNotBlank(FilterManager.getAppPort()) ? FilterManager.getAppPort() : String.valueOf(httpServletRequest.getLocalPort());
            sb.append(appRequestSchema).append("://").append(appServer);
            if (!"80".equals(appPort) && !"443".equals(appPort)) {
                sb.append(":").append(appPort);
            }
            if (StringUtils.isNotBlank(FilterManager.getPrefixPath())) {
                sb.append(FilterManager.getPrefixPath());
            }
            sb.append(httpServletRequest.getRequestURI());
        } else if (StringUtils.isNotBlank(FilterManager.getPrefixPath())) {
            String actualScheme = getActualScheme(httpServletRequest);
            String serverName = httpServletRequest.getServerName();
            String valueOf = String.valueOf(httpServletRequest.getLocalPort());
            sb.append(actualScheme).append("://").append(serverName);
            if (!"80".equals(valueOf) && !"443".equals(valueOf)) {
                sb.append(":").append(valueOf);
            }
            sb.append(FilterManager.getPrefixPath());
            sb.append(httpServletRequest.getRequestURI());
        } else {
            String actualScheme2 = getActualScheme(httpServletRequest);
            String stringBuffer = httpServletRequest.getRequestURL().toString();
            if (!stringBuffer.startsWith(actualScheme2 + "://")) {
                stringBuffer = actualScheme2 + stringBuffer.substring(stringBuffer.indexOf("://"));
            }
            sb.append(stringBuffer);
        }
        if (StringUtils.isNotBlank(httpServletRequest.getQueryString())) {
            sb.append("?").append(httpServletRequest.getQueryString());
        }
        return sb.toString();
    }

    public static String getBucSsoTicket(HttpServletRequest httpServletRequest) {
        try {
            HeartBeatSSOToken heartBeatSSOToken = getHeartBeatSSOToken(httpServletRequest);
            String ssoToken = heartBeatSSOToken != null ? heartBeatSSOToken.getSsoToken() : null;
            if (StringUtils.isBlank(ssoToken) && httpServletRequest.getAttribute(BucSSOConstants.SSO_TICKET_USER) != null && (httpServletRequest.getAttribute(BucSSOConstants.SSO_TICKET_USER) instanceof TokenUserDTO)) {
                TokenUserDTO tokenUserDTO = (TokenUserDTO) httpServletRequest.getAttribute(BucSSOConstants.SSO_TICKET_USER);
                ssoToken = tokenUserDTO != null ? tokenUserDTO.getToken() : ssoToken;
            }
            if (!StringUtils.isNotBlank(ssoToken)) {
                return "";
            }
            HashMap hashMap = new HashMap();
            hashMap.put(BucSSOConstants.SSO_TOKEN, ssoToken);
            hashMap.put(BucSSOConstants.APP_NAME, FilterManager.getAppName());
            hashMap.put(BucSSOConstants.APP_CODE, FilterManager.getAppCode());
            String retrieve = HTTPUtil.retrieve(FilterManager.getSsoTicketApi(), hashMap);
            if (!StringUtils.isNotBlank(retrieve)) {
                return "";
            }
            JSONObject parseObject = JSON.parseObject(retrieve);
            return !((Boolean) parseObject.get(BucSSOConstants.HAS_ERROR_VALUE)).booleanValue() ? (String) parseObject.get(BucSSOConstants.CONTENT_VALUE) : "";
        } catch (Exception e) {
            log.error(e.getMessage(), (Throwable) e);
            return "";
        }
    }

    public static String getRequestParameter(HttpServletRequest httpServletRequest, String str) {
        return (httpServletRequest == null && StringUtils.isBlank(str)) ? "" : StringUtils.equalsIgnoreCase(FilterManager.getBucRequestMethod(), HttpPost.METHOD_NAME) ? httpServletRequest.getParameter(str) : HTTPUtil.splitQueryString(httpServletRequest.getQueryString()).get(str);
    }

    public static void changeLang(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) {
        handleLangRootDomainCookie(str, isSecure(httpServletRequest), httpServletRequest, httpServletResponse);
    }

    public static String getChangeLangUrl(String str) {
        StringBuilder sb = new StringBuilder();
        sb.append(FilterManager.getSsoServerUrl()).append("/ssoRefreshLang.htm?APP_NAME=").append(FilterManager.getAppName()).append("&lang=").append(str);
        return sb.toString();
    }

    public static void startPullConfThread() {
        TimerService.scheduleWithFixedDelay(new ClientConfTask(), 300L, 300L, TimeUnit.SECONDS);
    }

    public static boolean isCorpCheckEnable() {
        return BucSSOConstants.TRUE.equals(FilterManager.getCorpCheckEnable());
    }

    public static Map<String, String> getRequestParamAndValue(String str) {
        HashMap hashMap = new HashMap();
        String truncateUrlPage = truncateUrlPage(str);
        if (truncateUrlPage == null) {
            return hashMap;
        }
        for (String str2 : truncateUrlPage.split("[&]")) {
            String[] split = str2.split("[=]");
            if (split.length > 1) {
                hashMap.put(split[0], split[1]);
            } else if (split[0] != "") {
                hashMap.put(split[0], "");
            }
        }
        return hashMap;
    }

    private static String truncateUrlPage(String str) {
        String str2 = null;
        String trim = str.trim();
        String[] split = trim.split("[?]");
        if (trim.length() > 1 && split.length > 1 && split[1] != null) {
            str2 = split[1];
        }
        return str2;
    }

    public static boolean isSecure(HttpServletRequest httpServletRequest) {
        return BucSSOConstants.HTTPS.equalsIgnoreCase(getActualScheme(httpServletRequest));
    }

    public static boolean isFromDingTalk(HttpServletRequest httpServletRequest) {
        return StringUtils.containsIgnoreCase(httpServletRequest.getHeader("User-Agent"), "DingTalk");
    }

    public static boolean isFromMobile(HttpServletRequest httpServletRequest) {
        return StringUtils.containsIgnoreCase(httpServletRequest.getHeader("User-Agent"), "AliApp");
    }

    public static void handleLoginCookies(TokenUserDTO tokenUserDTO, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws SSOException {
        boolean isSecure = isSecure(httpServletRequest);
        handleSSOTokenCookie(tokenUserDTO, isSecure, httpServletResponse);
        handleLangRootDomainCookie(tokenUserDTO, isSecure, httpServletRequest, httpServletResponse);
        handleEmpIdRootDomainCookie(tokenUserDTO, isSecure, httpServletRequest, httpServletResponse);
        handleBuRootDomainCookie(tokenUserDTO, isSecure, httpServletRequest, httpServletResponse);
    }

    public static void handleSSOTokenCookie(TokenUserDTO tokenUserDTO, boolean z, HttpServletResponse httpServletResponse) throws SSOException {
        if (tokenUserDTO == null || !StringUtils.isNotBlank(tokenUserDTO.getToken())) {
            return;
        }
        CookieUtil.addCookie(FilterManager.getSSOTokenCookieNameV2(), encodeHeartBeatSSOToken(tokenUserDTO.getToken(), System.currentTimeMillis()), BucSSOConstants.TOKEN_MAX_AGE, "/", FilterManager.getSsoCookieDomain(), true, z, httpServletResponse);
    }

    public static void handleLangRootDomainCookie(TokenUserDTO tokenUserDTO, boolean z, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        if (tokenUserDTO == null || tokenUserDTO.getUser() == null || !StringUtils.isNotBlank(tokenUserDTO.getUser().getSiteLanguage())) {
            return;
        }
        handleLangRootDomainCookie(tokenUserDTO.getUser().getSiteLanguage(), z, httpServletRequest, httpServletResponse);
    }

    public static void handleLangRootDomainCookie(String str, boolean z, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        handleRootDomainCookie(FilterManager.getLanguageCookieNameV2(), FilterManager.getLanguageCookieName(), str, BucSSOConstants.ROOT_DOMAIN_COOKIE_MAX_AGE, "/", false, z, httpServletRequest, httpServletResponse);
        httpServletRequest.setAttribute("BUC-SSO-LANG", str);
    }

    public static void handleBuRootDomainCookie(TokenUserDTO tokenUserDTO, boolean z, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        if (tokenUserDTO == null || !StringUtils.isNotBlank(tokenUserDTO.getBuHash())) {
            return;
        }
        handleGrayRootDomainCookie(FilterManager.getBuHashCookieNameV2(), null, tokenUserDTO.getBuHash(), z, httpServletRequest, httpServletResponse);
    }

    private static void removeBuRootDomainCookie(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        removeGrayRootDomainCookie(FilterManager.getBuHashCookieNameV2(), null, httpServletRequest, httpServletResponse);
    }

    public static void handleEmpIdRootDomainCookie(TokenUserDTO tokenUserDTO, boolean z, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        if (tokenUserDTO == null || !StringUtils.isNotBlank(tokenUserDTO.getEmpIdHash())) {
            return;
        }
        handleGrayRootDomainCookie(FilterManager.getEmpIdHashCookieNameV2(), FilterManager.getEmpIdHashCookieName(), tokenUserDTO.getEmpIdHash(), z, httpServletRequest, httpServletResponse);
    }

    private static void removeEmpIdRootDomainCookie(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        removeGrayRootDomainCookie(FilterManager.getEmpIdHashCookieNameV2(), FilterManager.getEmpIdHashCookieName(), httpServletRequest, httpServletResponse);
    }

    private static void removeGrayRootDomainCookie(String str, String str2, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        handleRootDomainCookie(str, str2, "", 0, "/", false, false, httpServletRequest, httpServletResponse);
    }

    private static void handleGrayRootDomainCookie(String str, String str2, String str3, boolean z, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        handleRootDomainCookie(str, str2, str3, BucSSOConstants.ROOT_DOMAIN_COOKIE_MAX_AGE, "/", false, z, httpServletRequest, httpServletResponse);
    }

    private static void handleRootDomainCookie(String str, String str2, String str3, int i, String str4, boolean z, boolean z2, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        String ssoCookieDomain = FilterManager.getSsoCookieDomain();
        String host = HTTPUtil.getHost(getFullUrl(httpServletRequest));
        Cookie cookie = CookieUtil.getCookie(str2, httpServletRequest);
        if (StringUtils.isNotBlank(ssoCookieDomain)) {
            CookieUtil.addCookie(str, str3, i, str4, getRootDomainFromHost(ssoCookieDomain), z, z2, httpServletResponse);
            if (cookie != null) {
                CookieUtil.removeCookie(cookie.getName(), str4, ssoCookieDomain, httpServletResponse);
                return;
            }
            return;
        }
        if (isValidDomainHost(host)) {
            CookieUtil.addCookie(str, str3, i, str4, getRootDomainFromHost(host), z, z2, httpServletResponse);
        } else {
            CookieUtil.addCookie(str, str3, i, str4, null, z, z2, httpServletResponse);
        }
        if (cookie != null) {
            CookieUtil.removeCookie(cookie.getName(), str4, null, httpServletResponse);
        }
    }

    private static boolean isConfiguredRootDomain(String str, String str2) {
        String str3 = str;
        while (true) {
            String str4 = str3;
            if (!str4.startsWith(".")) {
                return str4.equals(str2);
            }
            str3 = str4.substring(1);
        }
    }

    private static boolean isValidDomainHost(String str) {
        return (StringUtils.isBlank(str) || !str.contains(".") || IPV4_PATTERN.matcher(str).matches()) ? false : true;
    }

    private static String getRootDomainFromHost(String str) {
        String str2 = str;
        while (true) {
            int indexOf = str2.indexOf(".");
            if (indexOf == str2.lastIndexOf(".")) {
                break;
            }
            str2 = str2.substring(indexOf + 1);
        }
        if (str2.length() != str.length() && isInDomainSuffix(getDomainSuffix(), str2)) {
            String substring = str.substring(0, (str.length() - str2.length()) - 1);
            if (substring.length() > 0) {
                int lastIndexOf = substring.lastIndexOf(".");
                str2 = lastIndexOf != -1 ? substring.substring(lastIndexOf + 1) + "." + str2 : str;
            }
        }
        return str2;
    }

    private static boolean isInDomainSuffix(String str, String str2) {
        if (StringUtils.isBlank(str)) {
            return false;
        }
        return (BucSSOConstants.COMMA + str + BucSSOConstants.COMMA).contains(BucSSOConstants.COMMA + str2 + BucSSOConstants.COMMA);
    }

    private static String getDomainSuffix() {
        return StringUtils.isBlank(FilterManager.getDomainSuffix()) ? BucSSOConstants.DEFAULT_DOMAIN_SUFFIX : BucSSOConstants.DEFAULT_DOMAIN_SUFFIX + BucSSOConstants.COMMA + FilterManager.getDomainSuffix();
    }

    private static String encodeHeartBeatSSOToken(String str, long j) throws SSOException {
        StringBuilder sb = new StringBuilder();
        sb.append(str).append("#").append(j);
        try {
            return encodeCookie(sb.toString());
        } catch (Exception e) {
            throw new SSOException(e.getMessage(), e);
        }
    }

    public static HeartBeatSSOToken decodeHeartBeatSSOToken(Cookie cookie) throws SSOException {
        if (cookie == null || StringUtils.isBlank(cookie.getValue())) {
            return null;
        }
        try {
            String decodeCookie = decodeCookie(cookie.getValue());
            if (StringUtils.isBlank(decodeCookie)) {
                return null;
            }
            String[] split = decodeCookie.split("#");
            if (split.length != 2) {
                log.error("Invalid sso token v2 value : " + decodeCookie);
                return null;
            }
            HeartBeatSSOToken heartBeatSSOToken = new HeartBeatSSOToken();
            heartBeatSSOToken.setSsoToken(split[0]);
            heartBeatSSOToken.setLastHeartBeatTime(Long.parseLong(split[1]));
            return heartBeatSSOToken;
        } catch (Exception e) {
            throw new SSOException(e.getMessage(), e);
        }
    }

    public static HeartBeatSSOToken getHeartBeatSSOToken(HttpServletRequest httpServletRequest) throws SSOException {
        return decodeHeartBeatSSOToken(CookieUtil.getCookie(FilterManager.getSSOTokenCookieNameV2(), httpServletRequest));
    }

    public static String getActualScheme(HttpServletRequest httpServletRequest) {
        String scheme = httpServletRequest.getScheme();
        if (BucSSOConstants.HTTPS.equalsIgnoreCase(scheme)) {
            return scheme;
        }
        if (BucSSOConstants.HTTPS.equalsIgnoreCase(httpServletRequest.getHeader("X-Forwarded-Proto")) || BucSSOConstants.HTTPS.equalsIgnoreCase(httpServletRequest.getHeader("X-Real-Scheme"))) {
            return BucSSOConstants.HTTPS;
        }
        String actualSchemeHeader = FilterManager.getActualSchemeHeader();
        if (StringUtils.isNotBlank(actualSchemeHeader)) {
            for (String str : actualSchemeHeader.split(BucSSOConstants.COMMA)) {
                if (BucSSOConstants.HTTPS.equalsIgnoreCase(httpServletRequest.getHeader(str))) {
                    return BucSSOConstants.HTTPS;
                }
            }
        }
        return scheme;
    }
}
