package com.lengine.sdk.uaas.singlesignon;

import com.alipay.sdk.sys.a;
import com.lengine.sdk.core.AppLicenseReader;
import com.lengine.sdk.core.AsymmetricCryptor;
import com.lengine.sdk.core.SymmetricCryptor;
import com.lengine.sdk.core.oxm.SerializerUtility;
import com.lengine.sdk.core.ssousedsecuremethods.SecureUtility;
import com.lengine.sdk.core.tools.Base64;
import java.net.URLEncoder;
import java.util.ArrayList;
import java.util.UUID;

/* loaded from: classes.dex */
public class SSOUtility {
    public static String SSOVersion1 = "1";
    public static String SSOVersion2 = "2";
    public static String SSOVersion3 = "3";
    public static String SSOVersion4 = "4";
    public static ArrayList<String> RequestKeyCache = new ArrayList<>();

    public static String buildSignInRequest(String str, String str2, String str3) throws Exception {
        return buildSignInRequest(str, str2, str3, null, null, null, null, false, SSOVersion4);
    }

    public static String buildSignInRequest(String str, String str2, String str3, String str4) throws Exception {
        return buildSignInRequest(str, str2, str3, null, null, null, null, false, str4);
    }

    public static String buildSignInRequest(String str, String str2, String str3, String str4, String str5, String str6, String str7, boolean z2) throws Exception {
        return buildSignInRequest(str, str2, str3, str4, str5, str6, str7, z2, SSOVersion4);
    }

    public static String buildSignInRequest(String str, String str2, String str3, String str4, String str5, String str6, String str7, boolean z2, String str8) throws Exception {
        if (!SSOVersion1.equals(str8) && !SSOVersion2.equals(str8) && !SSOVersion3.equals(str8) && !SSOVersion4.equals(str8)) {
            throw new Exception("不支持的单点登录版本。");
        }
        String uuid = UUID.randomUUID().toString();
        RequestKeyCache.add(uuid);
        String str9 = str2 + (str2.indexOf("?") >= 0 ? a.f1431b : "?") + "r=" + URLEncoder.encode(str, "UTF-8") + "&a=" + URLEncoder.encode(str3, "UTF-8") + "&k=" + URLEncoder.encode(uuid, "UTF-8") + "&v=" + URLEncoder.encode(str8, "UTF-8");
        if (str4 != null && !"".equals(str4)) {
            str9 = str9 + "&o=" + URLEncoder.encode(str4, "UTF-8");
        }
        if (str5 != null && !"".equals(str5)) {
            str9 = str9 + "&u=" + URLEncoder.encode(str5, "UTF-8");
        }
        if (str6 != null && !"".equals(str6) && str7 != null && !"".equals(str7)) {
            str9 = str9 + "&p=" + URLEncoder.encode(new SymmetricCryptor(str7).encrypt(uuid + "\r" + str6), "UTF-8");
        }
        return z2 ? str9 + "&s=1" : str9;
    }

    public static String buildSignInRequest(String str, String str2, String str3, String str4, String str5, String str6, boolean z2) throws Exception {
        return buildSignInRequest(str, str2, str3, null, str4, str5, str6, z2, SSOVersion4);
    }

    public static String buildSignInRequest(String str, String str2, String str3, String str4, String str5, boolean z2) throws Exception {
        return buildSignInRequest(str, str2, str3, str4, str5, null, null, z2, SSOVersion4);
    }

    public static String buildSignOutRequest(String str, String str2) throws Exception {
        return str + "?ReturnUrl=" + URLEncoder.encode(str2, "UTF-8");
    }

    public static SignInResponse resolveSignInResponse(String str, String str2, String str3, String str4) throws Exception {
        String str5;
        if (str2 == null || str2.length() == 0) {
            str2 = SSOVersion1;
        }
        if (str2.equals(SSOVersion1)) {
            try {
                str5 = new String(Base64.decode(str), "UTF-8");
            } catch (Exception e2) {
                throw new Exception("登录失败，登录服务器给定的凭据无效。Token格式错误。");
            }
        } else if (str2.equals(SSOVersion2)) {
            try {
                str5 = new SymmetricCryptor("ssopass@wordv2*^%").decrypt(str);
            } catch (Exception e3) {
                throw new Exception("登录失败，登录服务器给定的凭据无效。Token格式错误。");
            }
        } else {
            if (!str2.equals(SSOVersion3) && !str2.equals(SSOVersion4)) {
                throw new Exception("不支持的单点登录版本");
            }
            try {
                String[] split = str.split("\\|");
                AppLicenseReader loadLicenseKey = AppLicenseReader.loadLicenseKey(str4);
                str5 = new String(new SymmetricCryptor(AsymmetricCryptor.decrypt(Base64.decode(split[1]), loadLicenseKey.getDecryptModulus(), loadLicenseKey.getDecryptD())).decrypt(Base64.decode(split[0])), "UTF-8");
            } catch (Exception e4) {
                throw new Exception("登录失败，登录服务器给定的凭据无效。Token格式错误。");
            }
        }
        if (!str2.equals(SSOVersion1) && !str2.equals(SSOVersion2) && !str2.equals(SSOVersion3) && !str2.equals(SSOVersion4)) {
            throw new Exception("不支持的单点登录版本");
        }
        try {
            SignInResponse signInResponse = (SignInResponse) SerializerUtility.read(SignInResponse.class, str5);
            if (!RequestKeyCache.contains(signInResponse.getRequestKey())) {
                throw new Exception("登录失败，登录服务器给定的凭据无效。请求已经过期。");
            }
            RequestKeyCache.remove(signInResponse.getRequestKey());
            if (!signInResponse.getAppId().equals(str3)) {
                throw new Exception("登录失败，登录服务器给定的凭据无效。凭据发放对象错误。");
            }
            if (SecureUtility.verifyTokenData(Base64.decode(signInResponse.getToken()), Base64.decode(signInResponse.getSignature())).booleanValue()) {
                return signInResponse;
            }
            throw new Exception("登录失败，登录服务器给定的凭据无效。凭据签名无效。");
        } catch (Exception e5) {
            throw new Exception("登录失败，登录服务器给定的凭据无效。Token格式错误。");
        }
    }
}
