package com.xiaomi.iauth.java.sdk.service.utils;

import com.xiaomi.common.perfcounter.PerfCounter;
import com.xiaomi.iauth.java.sdk.configuration.IAuthConfiguration;
import com.xiaomi.iauth.java.sdk.exception.ErrorCode;
import com.xiaomi.iauth.java.sdk.service.extend.IAuthExtendThriftUtil;
import com.xiaomi.iauth.java.sdk.service.token.IAuthServiceToken;
import com.xiaomi.iauth.java.sdk.utils.TimeUtil;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: classes3.dex */
public class IAuthScopeJudger {
    private static final String DECRYPT_FAIL = "decrypttoken_fail_";
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) IAuthScopeJudger.class);
    private long appId;
    private ErrorCode errorCode;
    private Map<String, String> extras;
    private IAuthServiceToken iauthToken;
    private List<Integer> scopeList;
    private int statusCode;
    private String tokenString;

    public IAuthScopeJudger(String str, long j) {
        this.tokenString = str;
        this.appId = j;
        this.scopeList = new ArrayList();
        this.errorCode = ErrorCode.UNKNOW_ERROR;
        this.statusCode = 400;
        this.iauthToken = null;
    }

    public IAuthScopeJudger(String str, long j, List<Integer> list) {
        this.tokenString = str;
        this.appId = j;
        this.scopeList = list;
        this.errorCode = ErrorCode.UNKNOW_ERROR;
        this.statusCode = 400;
        this.iauthToken = null;
    }

    public IAuthScopeJudger(String str, long j, List<Integer> list, Map<String, String> map) {
        this.tokenString = str;
        this.appId = j;
        this.scopeList = list;
        this.errorCode = ErrorCode.UNKNOW_ERROR;
        this.statusCode = 400;
        this.extras = map;
        this.iauthToken = null;
    }

    private boolean appIdInvalid() {
        if (this.appId == this.iauthToken.getAppId()) {
            return false;
        }
        LOGGER.error("appId error, appId in param: [{}], appId in token:[{}]", Long.valueOf(this.appId), Long.valueOf(this.iauthToken.getAppId()));
        return true;
    }

    private IAuthServiceToken decryptToken(String str) {
        String str2;
        IAuthServiceToken decrypt;
        long currentTimeMillis = System.currentTimeMillis();
        String sid = IAuthConfiguration.getInstance().getSid();
        String tokenKey = IAuthSDKKeyStoreFactory.getInstance().getTokenKey(sid, true);
        if (StringUtils.isNotEmpty(tokenKey)) {
            try {
                IAuthServiceToken decrypt2 = IAuthServiceToken.decrypt(str, tokenKey);
                PerfCounter.count("iauth_decrypt_first", 1L);
                PerfCounter.count("iauth_decrypttoken_success_" + sid, 1L, System.currentTimeMillis() - currentTimeMillis);
                return decrypt2;
            } catch (Exception e) {
                Logger logger = LOGGER;
                logger.debug("decrypt iauth token by old serviceKey fail, token:[{}]", str);
                logger.error("decrypt iauth token by old serviceKey fail", (Throwable) e);
            }
        }
        String tokenKey2 = IAuthSDKKeyStoreFactory.getInstance().getTokenKey(sid, false);
        if (tokenKey != null && tokenKey2 != null && tokenKey.equals(tokenKey2)) {
            PerfCounter.count("iauth_decrypttoken_fail_" + sid, 1L, System.currentTimeMillis() - currentTimeMillis);
            LOGGER.error("decrypt iauth token error, token:[{}]", str);
            return null;
        }
        if (!StringUtils.isNotEmpty(tokenKey2)) {
            LOGGER.error("service keys decrypt iauth token failed, token: {}, firstkey: {}, secondkey: {}", str, tokenKey, tokenKey2);
            PerfCounter.count("iauth_decrypttoken_fail_" + sid, 1L, System.currentTimeMillis() - currentTimeMillis);
            return null;
        }
        try {
            decrypt = IAuthServiceToken.decrypt(str, tokenKey2);
            PerfCounter.count("iauth_decrypt_second", 1L);
            str2 = tokenKey;
        } catch (Exception e2) {
            e = e2;
            str2 = tokenKey;
        }
        try {
            PerfCounter.count("iauth_decrypttoken_success_" + sid, 1L, System.currentTimeMillis() - currentTimeMillis);
            return decrypt;
        } catch (Exception e3) {
            e = e3;
            Logger logger2 = LOGGER;
            logger2.error("service keys decrypt iauth token failed, token: {}, firstkey: {}, secondkey: {}", str, str2, tokenKey2);
            logger2.error("service keys decrypt iauth token failed", (Throwable) e);
            PerfCounter.count("iauth_decrypttoken_fail_" + sid, 1L, System.currentTimeMillis() - currentTimeMillis);
            return null;
        }
    }

    private boolean extraInvalid() {
        if (!IAuthConfiguration.getInstance().isAuthIp()) {
            return false;
        }
        String optString = this.iauthToken.getContentJsonObject().optString("ip", "");
        Map<String, String> map = this.extras;
        String str = map == null ? null : map.get("ip");
        if (StringUtils.isEmpty(optString) || StringUtils.isEmpty(str)) {
            LOGGER.error("token ip:{} or request ip:{} is empty", optString, str);
            return true;
        }
        if (optString.equals(str)) {
            return false;
        }
        LOGGER.error("request ip:{} not equals to the token ip:{}", str, optString);
        return true;
    }

    private boolean scopeInvalid() {
        ArrayList arrayList = new ArrayList(this.scopeList);
        arrayList.retainAll(this.iauthToken.getScopeList());
        if (!arrayList.isEmpty()) {
            return false;
        }
        LOGGER.debug("scope error, scope in param: [{}], scope in token:[{}]", this.scopeList, this.iauthToken.getScopeList());
        return true;
    }

    private boolean tokenExpired() {
        long currentTimeMillis = System.currentTimeMillis();
        String stampToDate = TimeUtil.stampToDate(currentTimeMillis);
        long time = this.iauthToken.getTime();
        String stampToDate2 = TimeUtil.stampToDate(time);
        if (currentTimeMillis - time <= 86400000) {
            return false;
        }
        LOGGER.error("token expired error, currentTimeMillis: [{}@{}], token time:[{}@{}], tokenExpiredTimeMS:[24H]", Long.valueOf(currentTimeMillis), stampToDate, Long.valueOf(time), stampToDate2);
        return true;
    }

    public ErrorCode getErrorCode() {
        return this.errorCode;
    }

    public IAuthServiceToken getIauthToken() {
        return this.iauthToken;
    }

    public int getStatusCode() {
        return this.statusCode;
    }

    public boolean isTokenExpired() {
        if (this.iauthToken != null || isValidTokenString()) {
            return tokenExpired();
        }
        return true;
    }

    public boolean isValidClient() {
        ErrorCode judge = judge();
        return judge == ErrorCode.OA_INVALID_SCOPE || judge == ErrorCode.SUCCESS;
    }

    public boolean isValidTokenString() {
        ErrorCode judge = judge();
        return (judge == ErrorCode.OA_INVALID_TOKEN || judge == ErrorCode.PARAMETER_ERROR) ? false : true;
    }

    public ErrorCode judge() {
        long currentTimeMillis = System.currentTimeMillis();
        this.statusCode = 400;
        if (StringUtils.isBlank(this.tokenString)) {
            LOGGER.error("parameter error, tokenString:[{}]", this.tokenString);
            ErrorCode errorCode = ErrorCode.PARAMETER_ERROR;
            this.errorCode = errorCode;
            return errorCode;
        }
        IAuthServiceToken decryptToken = decryptToken(this.tokenString);
        this.iauthToken = decryptToken;
        if (decryptToken == null) {
            LOGGER.error("decrypt token failed!  tokenString:[{}]", this.tokenString);
            ErrorCode errorCode2 = ErrorCode.OA_INVALID_TOKEN;
            this.errorCode = errorCode2;
            return errorCode2;
        }
        if (tokenExpired()) {
            this.iauthToken = null;
            ErrorCode errorCode3 = ErrorCode.TOKEN_EXPIRED;
            this.errorCode = errorCode3;
            return errorCode3;
        }
        if (appIdInvalid()) {
            ErrorCode errorCode4 = ErrorCode.OA_INVALID_CLIENT;
            this.errorCode = errorCode4;
            return errorCode4;
        }
        if (extraInvalid()) {
            ErrorCode errorCode5 = ErrorCode.SURPASS_TOTAL_QUOTA;
            this.errorCode = errorCode5;
            return errorCode5;
        }
        if (scopeInvalid()) {
            ErrorCode errorCode6 = ErrorCode.OA_INVALID_SCOPE;
            this.errorCode = errorCode6;
            return errorCode6;
        }
        PerfCounter.count("iauth_before_success_" + IAuthConfiguration.getInstance().getSid(), 1L, System.currentTimeMillis() - currentTimeMillis);
        ErrorCode errorCode7 = ErrorCode.SUCCESS;
        this.errorCode = errorCode7;
        this.statusCode = 200;
        return errorCode7;
    }

    public ErrorCode judgeByScopesNotAuthExpired(List<Integer> list) {
        this.scopeList = list;
        if (this.iauthToken == null) {
            return judge();
        }
        this.statusCode = 400;
        if (appIdInvalid()) {
            ErrorCode errorCode = ErrorCode.OA_INVALID_CLIENT;
            this.errorCode = errorCode;
            return errorCode;
        }
        if (extraInvalid()) {
            ErrorCode errorCode2 = ErrorCode.INVALID_PARAMETER_VALUE;
            this.errorCode = errorCode2;
            return errorCode2;
        }
        if (scopeInvalid()) {
            ErrorCode errorCode3 = ErrorCode.OA_INVALID_SCOPE;
            this.errorCode = errorCode3;
            return errorCode3;
        }
        this.errorCode = ErrorCode.SUCCESS;
        this.statusCode = 200;
        IAuthExtendThriftUtil.save(this.appId, this.extras);
        return this.errorCode;
    }

    public void reload(String str, long j, List<Integer> list, Map<String, String> map) {
        this.tokenString = str;
        this.appId = j;
        this.scopeList = list;
        this.errorCode = ErrorCode.UNKNOW_ERROR;
        this.statusCode = 400;
        this.extras = map;
        this.iauthToken = null;
    }
}
