package com.jxdinfo.hussar.support.security.core.sso;

import com.jxdinfo.hussar.support.security.core.SecurityManager;
import com.jxdinfo.hussar.support.security.core.config.SecuritySsoConfig;
import com.jxdinfo.hussar.support.security.core.context.SecurityHolder;
import com.jxdinfo.hussar.support.security.core.context.model.SecurityRequest;
import com.jxdinfo.hussar.support.security.core.context.model.SecurityResponse;
import com.jxdinfo.hussar.support.security.core.exception.SecurityTokenException;
import com.jxdinfo.hussar.support.security.core.sso.SecuritySsoConsts;
import com.jxdinfo.hussar.support.security.core.stp.SecurityLogic;
import com.jxdinfo.hussar.support.security.core.util.SecurityFoxUtil;
import com.jxdinfo.hussar.support.security.core.util.SecurityResult;

/* loaded from: input_file:BOOT-INF/lib/hussar-security-core-0.0.7-cus-zhongqi.jar:com/jxdinfo/hussar/support/security/core/sso/SecuritySsoHandle.class */
public class SecuritySsoHandle {
    public static Object serverRequest() {
        SecurityRequest request = SecurityHolder.getRequest();
        SecuritySsoConfig sso = SecurityManager.getConfig().getSso();
        return request.isPath(SecuritySsoConsts.Api.ssoAuth) ? ssoAuth() : request.isPath(SecuritySsoConsts.Api.ssoDoLogin) ? ssoDoLogin() : (request.isPath(SecuritySsoConsts.Api.ssoCheckTicket) && sso.isHttp.booleanValue()) ? ssoCheckTicket() : (request.isPath(SecuritySsoConsts.Api.ssoLogout) && sso.isSlo.booleanValue()) ? ssoServerLogout() : "{\"msg\": \"not handle\"}";
    }

    public static Object ssoAuth() {
        SecurityRequest request = SecurityHolder.getRequest();
        SecurityResponse response = SecurityHolder.getResponse();
        SecuritySsoConfig sso = SecurityManager.getConfig().getSso();
        SecurityLogic securityLogic = SecuritySsoUtil.securitySsoTemplate.securityLogic;
        return !securityLogic.isLogin() ? sso.notLoginView.get() : response.redirect(SecuritySsoUtil.buildRedirectUrl(securityLogic.getLoginId(), request.getParam(SecuritySsoConsts.ParamName.redirect)));
    }

    public static Object ssoDoLogin() {
        SecurityRequest request = SecurityHolder.getRequest();
        return SecurityManager.getConfig().getSso().doLoginHandle.apply(request.getParam(SecuritySsoConsts.ParamName.name), request.getParam(SecuritySsoConsts.ParamName.pwd));
    }

    public static Object ssoCheckTicket() {
        SecurityRequest request = SecurityHolder.getRequest();
        String param = request.getParam(SecuritySsoConsts.ParamName.ticket);
        String param2 = request.getParam(SecuritySsoConsts.ParamName.ssoLogoutCall);
        Object checkTicket = SecuritySsoUtil.checkTicket(param);
        SecuritySsoUtil.registerSloCallbackUrl(checkTicket, param2);
        return checkTicket;
    }

    public static Object ssoServerLogout() {
        SecurityRequest request = SecurityHolder.getRequest();
        SecuritySsoConfig sso = SecurityManager.getConfig().getSso();
        SecurityLogic securityLogic = SecuritySsoUtil.securitySsoTemplate.securityLogic;
        String param = request.getParam(SecuritySsoConsts.ParamName.loginId);
        SecuritySsoUtil.checkSecretkey(request.getParam(SecuritySsoConsts.ParamName.secretkey));
        SecuritySsoUtil.forEachSloUrl(param, str -> {
            sso.sendHttp.apply(str);
        });
        securityLogic.logoutByTokenValue(securityLogic.getTokenValueByLoginId(param), param);
        return "ok";
    }

    public static Object clientRequest() {
        SecurityRequest request = SecurityHolder.getRequest();
        SecuritySsoConfig sso = SecurityManager.getConfig().getSso();
        return request.isPath(SecuritySsoConsts.Api.ssoLogin) ? ssoLogin() : (request.isPath(SecuritySsoConsts.Api.ssoLogout) && sso.isSlo.booleanValue() && !sso.isHttp.booleanValue()) ? ssoLogoutType2() : (request.isPath(SecuritySsoConsts.Api.ssoLogout) && sso.isSlo.booleanValue() && sso.isHttp.booleanValue()) ? ssoLogoutType3() : (request.isPath(SecuritySsoConsts.Api.ssoLogoutCall) && sso.isSlo.booleanValue() && sso.isHttp.booleanValue()) ? ssoLogoutCall() : "{\"msg\": \"not handle\"}";
    }

    public static Object ssoLogin() {
        Object checkTicket;
        SecurityRequest request = SecurityHolder.getRequest();
        SecurityResponse response = SecurityHolder.getResponse();
        SecuritySsoConfig sso = SecurityManager.getConfig().getSso();
        SecurityLogic securityLogic = SecuritySsoUtil.securitySsoTemplate.securityLogic;
        String param = request.getParam(SecuritySsoConsts.ParamName.back, "/");
        String param2 = request.getParam(SecuritySsoConsts.ParamName.ticket);
        if (securityLogic.isLogin()) {
            return response.redirect(param);
        }
        if (param2 == null) {
            return response.redirect(SecuritySsoUtil.buildServerAuthUrl(SecurityHolder.getRequest().getUrl(), param));
        }
        if (sso.isHttp.booleanValue()) {
            String str = null;
            if (sso.isSlo.booleanValue()) {
                str = SecurityHolder.getRequest().getUrl().replace(SecuritySsoConsts.Api.ssoLogin, SecuritySsoConsts.Api.ssoLogoutCall);
            }
            Object apply = sso.sendHttp.apply(SecuritySsoUtil.buildCheckTicketUrl(param2, str));
            checkTicket = SecurityFoxUtil.isEmpty(apply) ? null : apply;
        } else {
            checkTicket = SecuritySsoUtil.checkTicket(param2);
        }
        if (sso.ticketResultHandle != null) {
            return sso.ticketResultHandle.apply(checkTicket, param);
        }
        if (checkTicket == null) {
            throw new SecurityTokenException("无效ticket：" + param2);
        }
        securityLogic.login(checkTicket);
        return response.redirect(param);
    }

    public static Object ssoLogoutType2() {
        SecurityRequest request = SecurityHolder.getRequest();
        SecurityResponse response = SecurityHolder.getResponse();
        SecuritySsoUtil.securitySsoTemplate.securityLogic.logout();
        return ssoLogoutBack(request, response);
    }

    public static Object ssoLogoutType3() {
        SecurityRequest request = SecurityHolder.getRequest();
        SecurityResponse response = SecurityHolder.getResponse();
        SecuritySsoConfig sso = SecurityManager.getConfig().getSso();
        SecurityLogic securityLogic = SecuritySsoUtil.securitySsoTemplate.securityLogic;
        if (securityLogic.isLogin()) {
            return !"ok".equals(String.valueOf(sso.sendHttp.apply(SecuritySsoUtil.buildSloUrl(securityLogic.getLoginId())))) ? SecurityResult.error("单点注销失败") : ssoLogoutBack(request, response);
        }
        return SecurityResult.ok();
    }

    public static Object ssoLogoutCall() {
        SecurityRequest request = SecurityHolder.getRequest();
        SecurityLogic securityLogic = SecuritySsoUtil.securitySsoTemplate.securityLogic;
        String param = request.getParam(SecuritySsoConsts.ParamName.loginId);
        SecuritySsoUtil.checkSecretkey(request.getParam(SecuritySsoConsts.ParamName.secretkey));
        securityLogic.logoutByTokenValue(securityLogic.getTokenValueByLoginId(param), param);
        return "ok";
    }

    public static Object ssoLogoutBack(SecurityRequest securityRequest, SecurityResponse securityResponse) {
        String param = securityRequest.getParam(SecuritySsoConsts.ParamName.back);
        return SecurityFoxUtil.isNotEmpty(param) ? param.equals(SecuritySsoConsts.SELF) ? "<script>if(document.referrer != location.href){ location.replace(document.referrer || '/'); }</script>" : securityResponse.redirect(param) : SecurityResult.ok("单点注销成功");
    }
}
