package com.bingo.sled.http;

import android.text.TextUtils;
import android.util.Base64;
import android.webkit.CookieManager;
import bingo.sso.client.android.Constants;
import bingo.sso.client.android.Credentials;
import com.bingo.camera.ICameraResult;
import com.bingo.sled.BaseApplication;
import com.bingo.sled.atcompile.ATCompileUtil;
import com.bingo.sled.authentication.AuthManager;
import com.bingo.sled.authentication.LoginInfo;
import com.bingo.sled.authentication.R;
import com.bingo.sled.authentication.TokenModel;
import com.bingo.sled.exception.CustomException;
import com.bingo.sled.httpclient.CMOkHttpClientFactory;
import com.bingo.sled.httpclient.HttpRequestClient;
import com.bingo.sled.httpclient.OkHttpClientFactory;
import com.bingo.sled.httpclient.RetrofitRequestClient;
import com.bingo.sled.model.DLoginCookieModel;
import com.bingo.sled.module.ModuleApiManager;
import com.bingo.sled.util.AppSharedPreferences;
import com.bingo.sled.util.JsonUtil;
import com.bingo.sled.util.LogPrint;
import com.bingo.sled.util.SharedPrefManager;
import com.bingo.sled.util.UITools;
import com.google.gson.JsonArray;
import com.google.gson.JsonElement;
import com.google.gson.JsonObject;
import com.google.gson.JsonParser;
import com.google.gson.extension.GsonFactory;
import com.google.gson.reflect.TypeToken;
import com.iflytek.speech.VoiceWakeuperAidl;
import com.sina.weibo.sdk.constant.WBConstants;
import io.reactivex.Observable;
import io.reactivex.functions.Function;
import java.io.IOException;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import net.bingosoft.link.secure.crypto.sm2.LinkSM2;
import okhttp3.FormBody;
import okhttp3.HttpUrl;
import okhttp3.Interceptor;
import okhttp3.OkHttpClient;
import okhttp3.Request;
import okhttp3.Response;
import org.json.JSONObject;
import retrofit2.BGRxJavaCallAdapterFactory;
import retrofit2.HttpException;
import retrofit2.Retrofit;
import retrofit2.converter.gson.GsonConverterFactory;
import retrofit2.http.Field;
import retrofit2.http.FieldMap;
import retrofit2.http.FormUrlEncoded;
import retrofit2.http.GET;
import retrofit2.http.Header;
import retrofit2.http.POST;
import retrofit2.http.Path;
import retrofit2.http.Query;
import rx.extension.RxHelper;

/* loaded from: classes2.dex */
public class SsoService {
    public static final String GRANT_TYPE_AUTHORIZATION_CODE = "authorization_code";
    public static final String GRANT_TYPE_CLIENT_CREDENTIALS = "client_credentials";
    public static final String GRANT_TYPE_PARENT_ACCESS_TOKEN = "parent_access_token";
    public static final String GRANT_TYPE_PASSWORD = "password";
    public static final String GRANT_TYPE_REFRESH_TOKEN = "refresh_token";
    public static final String GRANT_TYPE_TOKEN_CLIENT_CREDENTIALS = "token_client_credentials";
    public static ISsoService Instance = null;
    public static final String[] LOGIN_GRANT_TYPE = {"password"};
    public static final String REFERRAL_TYPE_REFRESH_TOKEN = "refresh_token";
    public static final String REFERRAL_TYPE_RELOGIN_AUTO = "password_grant";
    public static final String REFERRAL_TYPE_RELOGIN_LOGOUT = "relogin";
    public static final String REFERRAL_TYPE_RETRY = "retry";
    protected static Function<TokenModel, TokenModel> tokenExpiresTimeProcess;

    /* loaded from: classes2.dex */
    public interface ISsoService {
        @GET("oauth2/authzcode")
        Observable<JsonObject> getAuthzcode(@Header("Authorization") String str, @Query("client_id") String str2);

        @GET("clientinfo/{clientId}")
        Observable<SsoClientModel> getClientInfo(@Path("clientId") String str);

        @GET("oauth2/authorize?response_type=create_session&redirect_uri=A&logout_uri=A&responseJson=true")
        Observable<JsonObject> getLoginCookies(@Header("Authorization") String str, @Query("client_id") String str2, @Query("access_token") String str3, @Query("cipher_token") String str4);

        @GET("oauth2/logintoken")
        Observable<JsonObject> getLoginToken(@Header("Authorization") String str, @Query("access_token") String str2);

        @FormUrlEncoded
        @POST("oauth2/token")
        Observable<TokenModel> getToken(@Header("LoginMode") String str, @Field("grant_type") String str2, @Header("Authorization") String str3, @Field("code") String str4, @Field("client_id") String str5, @Field("client_secret") String str6, @Field("username") String str7, @Field("password") String str8, @Field("refresh_token") String str9, @Field("access_token") String str10, @Field("encrypt_type") String str11);

        @FormUrlEncoded
        @POST("oauth2/token")
        Observable<TokenModel> getTokenExtra(@Header("LoginMode") String str, @Header("Authorization") String str2, @FieldMap Map<String, String> map);
    }

    /* loaded from: classes2.dex */
    public static class SsoAuthInterceptor implements Interceptor {
        protected static boolean isLoginRequest(Request request) {
            return request.url().toString().endsWith("oauth2/token") && (request.body() instanceof FormBody) && TextUtils.isEmpty(OkHttpClientFactory.getFormBodyValue((FormBody) request.body(), "access_token"));
        }

        protected static boolean isRefreshTokenRequest(Request request) {
            return request.url().toString().endsWith("oauth2/token") && (request.body() instanceof FormBody) && "refresh_token".equals(OkHttpClientFactory.getFormBodyValue((FormBody) request.body(), WBConstants.AUTH_PARAMS_GRANT_TYPE));
        }

        protected Response handleReferralTypeRefreshToken(Interceptor.Chain chain, Request request) throws Throwable {
            HttpRequestClient.updateToken();
            Request.Builder newBuilder = request.newBuilder();
            if (!replaceParams(request, newBuilder, "access_token", SsoService.getAccessToken())) {
                newBuilder.removeHeader("Authorization").header("Authorization", "Bearer " + SsoService.getAccessToken());
            }
            return chain.proceed(newBuilder.build());
        }

        protected Response handleReferralTypeReloginAuto(Interceptor.Chain chain, Request request) throws Throwable {
            HttpRequestClient.login();
            Request.Builder newBuilder = request.newBuilder();
            replaceParams(request, newBuilder, "access_token", SsoService.getAccessToken());
            replaceParams(request, newBuilder, "refresh_token", SsoService.getRefreshToken());
            return chain.proceed(newBuilder.build());
        }

        @Override // okhttp3.Interceptor
        public Response intercept(Interceptor.Chain chain) throws IOException {
            try {
                Request request = chain.request();
                Response proceed = chain.proceed(request);
                if (proceed.code() != 401 || isLoginRequest(request)) {
                    return proceed;
                }
                String str = "refresh_token";
                String str2 = ICameraResult.Msg.ERROR_UNKNOWN;
                try {
                    String string = proceed.body().string();
                    str2 = ICameraResult.Msg.ERROR_UNKNOWN + ":" + string;
                    JSONObject jSONObject = new JSONObject(string);
                    str = JsonUtil.getString(jSONObject, "referral", "refresh_token");
                    str2 = JsonUtil.getString(jSONObject, Constants.ERROR_DESCRIPTION, str2);
                } catch (Throwable th) {
                    th.printStackTrace();
                }
                if (SsoService.REFERRAL_TYPE_RETRY.equals(str)) {
                    return chain.proceed(request);
                }
                if (!SsoService.REFERRAL_TYPE_RELOGIN_LOGOUT.equals(str)) {
                    return (!SsoService.REFERRAL_TYPE_RELOGIN_AUTO.equals(str) || isRefreshTokenRequest(request)) ? handleReferralTypeRefreshToken(chain, request) : handleReferralTypeReloginAuto(chain, request);
                }
                HttpRequestClient.logoutWithServerRefuse(str2);
                return proceed;
            } catch (Throwable th2) {
                th2.printStackTrace();
                throw new IOException(th2);
            }
        }

        protected boolean replaceParams(Request request, Request.Builder builder, String str, String str2) {
            if ("GET".equals(request.method())) {
                HttpUrl url = request.url();
                if (TextUtils.isEmpty(url.queryParameter(str))) {
                    return false;
                }
                builder.url(url.newBuilder().removeAllQueryParameters(str).addQueryParameter(str, str2).build());
                return true;
            }
            if (!"POST".equals(request.method()) || !(request.body() instanceof FormBody)) {
                return false;
            }
            FormBody formBody = (FormBody) request.body();
            if (TextUtils.isEmpty(OkHttpClientFactory.getFormBodyValue(formBody, str))) {
                return false;
            }
            FormBody.Builder builder2 = new FormBody.Builder();
            int size = formBody.size();
            for (int i = 0; i < size; i++) {
                String name = formBody.name(i);
                String value = formBody.value(i);
                if (str.equals(name)) {
                    value = str2;
                }
                builder2.add(name, value);
            }
            builder.post(builder2.build());
            return true;
        }
    }

    static {
        init();
        tokenExpiresTimeProcess = new Function<TokenModel, TokenModel>() { // from class: com.bingo.sled.http.SsoService.1
            @Override // io.reactivex.functions.Function
            public TokenModel apply(TokenModel tokenModel) throws Exception {
                tokenModel.setExpiresTime(System.currentTimeMillis() + (tokenModel.getExpiresIn() * 1000));
                return tokenModel;
            }
        };
    }

    public static TokenModel _getToken(String str, String str2, String str3) throws Throwable {
        String str4 = null;
        if (ATCompileUtil.ATLogin.LOGIN_ENCRYPT_TYPE == ATCompileUtil.LoginEncryptType.SM2) {
            str3 = LinkSM2.encryptString(str3);
            str4 = "sm2";
        }
        return (TokenModel) RxHelper.getNextFirstResult(Instance.getToken(str, "password", getClientInfoAuthorizationHeader(), null, null, null, str2, str3, null, null, str4).map(tokenExpiresTimeProcess));
    }

    public static Observable<TokenModel> authorizeClientToken(String str) {
        return Instance.getToken(null, GRANT_TYPE_PARENT_ACCESS_TOKEN, getClientInfoAuthorizationHeader(), null, str, null, null, null, null, getAccessToken(), null).map(tokenExpiresTimeProcess);
    }

    public static Observable<String> createAuthzcode(String str) {
        return Instance.getAuthzcode("Bearer " + getAccessToken(), str).map(new Function<JsonObject, String>() { // from class: com.bingo.sled.http.SsoService.3
            @Override // io.reactivex.functions.Function
            public String apply(JsonObject jsonObject) throws Exception {
                String jsonObject2 = jsonObject.toString();
                try {
                    return jsonObject.get("code").getAsString();
                } catch (Throwable th) {
                    th.printStackTrace();
                    return jsonObject2;
                }
            }
        });
    }

    public static String getAccessToken() {
        return SharedPrefManager.getInstance(BaseApplication.Instance).getAccessToken().token;
    }

    public static String getClientInfoAuthorizationHeader() {
        return "Basic " + new String(Base64.encode((ATCompileUtil.ATLogin.SSO_CLIENT_ID + ":" + ATCompileUtil.ATLogin.SSO_CLIENT_SECRET).getBytes(), 2));
    }

    public static Observable<List<DLoginCookieModel>> getLoginCookies() {
        String cipherToken = SharedPrefManager.getInstance(BaseApplication.Instance).getCipherToken();
        if ((ModuleApiManager.getFaceVerifyApi() != null && ModuleApiManager.getFaceVerifyApi().isLoginByFace(BaseApplication.Instance)) || (cipherToken != null && cipherToken.length() >= 50000)) {
            cipherToken = "";
        }
        return Instance.getLoginCookies(getClientInfoAuthorizationHeader(), ATCompileUtil.ATLogin.SSO_CLIENT_ID, getAccessToken(), cipherToken).map(new Function<JsonObject, List<DLoginCookieModel>>() { // from class: com.bingo.sled.http.SsoService.4
            @Override // io.reactivex.functions.Function
            public List<DLoginCookieModel> apply(JsonObject jsonObject) {
                JsonArray asJsonArray = jsonObject.get("tokens").getAsJsonArray();
                Iterator<JsonElement> it = asJsonArray.iterator();
                while (it.hasNext()) {
                    JsonObject asJsonObject = it.next().getAsJsonObject();
                    asJsonObject.addProperty("expiresIn", Long.valueOf(System.currentTimeMillis() + (1000 * asJsonObject.get("expiresIn").getAsLong())));
                }
                return (List) GsonFactory.getGson().fromJson(asJsonArray, new TypeToken<List<DLoginCookieModel>>() { // from class: com.bingo.sled.http.SsoService.4.1
                }.getType());
            }
        });
    }

    public static String getLoginToken() throws Throwable {
        return ((JsonObject) RxHelper.getNextFirstResult(Instance.getLoginToken(getClientInfoAuthorizationHeader(), getAccessToken()))).get("login_token").getAsString();
    }

    public static String getRefreshToken() {
        return SharedPrefManager.getInstance(BaseApplication.Instance).getRefreshToken().token;
    }

    public static TokenModel getTokenWithExtra(Credentials.LoginMode loginMode, String str, Map<String, String> map) throws Throwable {
        try {
            HashMap hashMap = new HashMap();
            hashMap.put(WBConstants.AUTH_PARAMS_GRANT_TYPE, str);
            hashMap.putAll(map);
            return (TokenModel) RxHelper.getNextFirstResult(Instance.getTokenExtra(loginMode.name(), getClientInfoAuthorizationHeader(), hashMap));
        } catch (Throwable th) {
            handleLoginError(th, loginMode);
            throw th;
        }
    }

    public static TokenModel getTokenWithPassword(String str, String str2, Credentials.LoginMode loginMode) throws Throwable {
        if (loginMode == Credentials.LoginMode.auto && ModuleApiManager.getAuthApi().isLogin() && !ATCompileUtil.ATLogin.IS_ALLOW_SAVE_PWD && AppSharedPreferences.getCurVerCount() > 3) {
            String string = UITools.getString(R.string.accesstoken_invalid_relogin_please, new Object[0]);
            AuthManager.logoutAndshowErrorDialog(string);
            throw new CustomException(string);
        }
        try {
            TokenModel _getToken = _getToken(loginMode.name(), str, str2);
            LogPrint.debug("at:" + _getToken.getAccessToken());
            LogPrint.debug("rt:" + _getToken.getRefreshToken());
            return _getToken;
        } catch (Throwable th) {
            handleLoginError(th, loginMode);
            throw th;
        }
    }

    public static TokenModel getTokenWithoutValidPassword() throws Throwable {
        try {
            LoginInfo loginInfo = ModuleApiManager.getAuthApi().getLoginInfo();
            String loginId = loginInfo.getLoginId();
            String passWord2 = loginInfo.getPassWord2();
            if (!TextUtils.isEmpty(ATCompileUtil.ATLogin.LOGIN_NAME_SUFFIX) && !loginId.endsWith(ATCompileUtil.ATLogin.LOGIN_NAME_SUFFIX)) {
                loginId = loginId + ATCompileUtil.ATLogin.LOGIN_NAME_SUFFIX;
            }
            return _getToken(null, loginId, passWord2);
        } catch (Throwable th) {
            handleLoginError(th, Credentials.LoginMode.auto);
            throw th;
        }
    }

    protected static void handleLoginError(Throwable th, Credentials.LoginMode loginMode) throws Throwable {
        th.printStackTrace();
        if (!(th instanceof HttpException)) {
            throw th;
        }
        HttpException httpException = (HttpException) th;
        String string = httpException.response().errorBody().string();
        LogPrint.error(string);
        if (httpException.code() != 401) {
            throw th;
        }
        String str = "获取token失败";
        try {
            str = new JsonParser().parse(string).getAsJsonObject().get(Constants.ERROR_DESCRIPTION).getAsString();
        } catch (Throwable th2) {
            th2.printStackTrace();
        }
        if (loginMode == Credentials.LoginMode.auto) {
            HttpRequestClient.logoutWithServerRefuse(str);
        }
        throw new HttpRequestClient.AuthException(str);
    }

    public static void init() {
        Instance = (ISsoService) new Retrofit.Builder().client(new CMOkHttpClientFactory() { // from class: com.bingo.sled.http.SsoService.2
            @Override // com.bingo.sled.httpclient.CMOkHttpClientFactory, com.bingo.sled.httpclient.OkHttpClientFactory
            protected void authenticator(OkHttpClient.Builder builder) {
                builder.addInterceptor(new SsoAuthInterceptor());
            }
        }.createOkHttpClientBuilder().build()).addConverterFactory(GsonConverterFactory.create(GsonFactory.getGson())).addCallAdapterFactory(new BGRxJavaCallAdapterFactory()).baseUrl(RetrofitRequestClient.adjustBaseUrl(ATCompileUtil.SSO_URL)).build().create(ISsoService.class);
    }

    public static TokenModel refreshToken() throws Throwable {
        String refreshToken = getRefreshToken();
        try {
            LogPrint.debug("begin refresh token:" + refreshToken);
            TokenModel tokenModel = (TokenModel) RxHelper.getNextFirstResult(Instance.getToken(null, "refresh_token", getClientInfoAuthorizationHeader(), null, null, null, null, null, refreshToken, null, null).map(tokenExpiresTimeProcess));
            LogPrint.debug("end refresh token:" + tokenModel.getRefreshToken());
            return tokenModel;
        } catch (HttpException e) {
            String string = e.response().errorBody().string();
            String str = null;
            try {
                String cookie = CookieManager.getInstance().getCookie(HttpRequest.packUrl(ATCompileUtil.SSO_URL, "/oauth2/token"));
                if (!TextUtils.isEmpty(cookie)) {
                    String[] split = cookie.split(VoiceWakeuperAidl.PARAMS_SEPARATE);
                    int length = split.length;
                    int i = 0;
                    while (true) {
                        if (i >= length) {
                            break;
                        }
                        String[] split2 = split[i].split("=");
                        String trim = split2[0].trim();
                        String trim2 = split2[1].trim();
                        if ("SERVERID_SSO".equals(trim)) {
                            str = trim2;
                            break;
                        }
                        i++;
                    }
                }
            } catch (Throwable th) {
                e.printStackTrace();
                str = th.getMessage();
            }
            LogPrint.warning("refreshToken fail -> " + String.format("refreshToken:%s , responseText:%s , serverIdSso:%s", refreshToken, string, str));
            if (!(e instanceof HttpException)) {
                throw e;
            }
            if (e.code() != 401) {
                throw e;
            }
            if (ModuleApiManager.getAuthApi().isLogin() && !ATCompileUtil.ATLogin.IS_ALLOW_SAVE_PWD) {
                String string2 = UITools.getString(R.string.accesstoken_invalid_relogin_please, new Object[0]);
                AuthManager.logoutAndshowErrorDialog(string2);
                throw new CustomException(string2);
            }
            HttpRequestClient.login();
            TokenModel tokenModel2 = new TokenModel();
            tokenModel2.setAccessToken(getAccessToken());
            tokenModel2.setRefreshToken(getRefreshToken());
            return tokenModel2;
        }
    }
}
