package com.xdja.pams.iam.helper;

import com.alibaba.fastjson.JSON;
import com.xdja.pams.common.commonconst.PamsConst;
import com.xdja.pams.common.util.Util;
import com.xdja.pams.iam.bean.IdpException;
import com.xdja.pams.iam.bean.IdpParam;
import com.xdja.pams.iam.bean.IdpResult;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/xdja/pams/iam/helper/ParamCheckHelper.class */
public class ParamCheckHelper {
    private static final Logger LOGGER = LoggerFactory.getLogger(ParamCheckHelper.class);
    private String paramJson;
    private IdpParam param;
    private String secret;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/xdja/pams/iam/helper/ParamCheckHelper$ResponseBuilder.class */
    public static class ResponseBuilder {
        private StringBuilder sb;

        private ResponseBuilder() {
            this.sb = new StringBuilder();
        }

        ResponseBuilder append(String str) {
            this.sb.append(str == null ? "" : str).append(PamsConst.STR_COLON);
            return this;
        }

        String build() {
            String sb = this.sb.toString();
            if (sb.endsWith(PamsConst.STR_COLON)) {
                sb = sb.substring(0, sb.length() - 1);
            }
            return sb;
        }
    }

    public ParamCheckHelper(String str) {
        this.paramJson = str;
    }

    public void setSecret(String str) {
        this.secret = str;
    }

    public void checkParam() {
        if (Util.varCheckEmp(this.paramJson)) {
            throw new IdpException(IdpResult.ErrorCode.PARAM_LOSE);
        }
        try {
            this.param = (IdpParam) JSON.parseObject(this.paramJson, IdpParam.class);
            checkResponse();
            String authMode = this.param.getAuthMode();
            if (Util.varCheckEmp(authMode)) {
                throw new IdpException(IdpResult.ErrorCode.PARAM_LOSE);
            }
            String[] split = authMode.split(PamsConst.COMMA);
            for (String str : split) {
                if (!str.equals("1") && !str.equals("2")) {
                    throw new IdpException(IdpResult.ErrorCode.PARAM_ILLEGAL);
                }
            }
            for (String str2 : split) {
                if (str2.equals("1")) {
                    checkSafeCard();
                }
                if (str2.equals("2")) {
                    checkUserPwd();
                }
            }
        } catch (Exception e) {
            throw new IdpException(IdpResult.ErrorCode.PARAM_ILLEGAL, e);
        }
    }

    private void checkResponse() {
        if (Util.varCheckEmp(this.param.getResponse())) {
            throw new IdpException(IdpResult.ErrorCode.PARAM_LOSE);
        }
        try {
            if (Util.varCheckEmp(this.secret)) {
                throw new RuntimeException("idp secret 没有配置");
            }
            if (!Tools.Bytes2HexString(Func.hmac_sm3(this.secret.getBytes(), spellParam().getBytes())).equals(this.param.getResponse())) {
                throw new IdpException(IdpResult.ErrorCode.PARAM_ILLEGAL);
            }
        } catch (Exception e) {
            if (LOGGER.isDebugEnabled()) {
                LOGGER.error(e.getMessage(), e);
            } else {
                LOGGER.error(e.getMessage());
            }
            throw new IdpException(IdpResult.ErrorCode.SERVER_INTERNAL_EXCEPTION);
        }
    }

    private void checkUserPwd() {
        if (Util.varCheckEmp(this.param.getUname()) || Util.varCheckEmp(this.param.getPwd())) {
            throw new IdpException(IdpResult.ErrorCode.PARAM_LOSE);
        }
    }

    private void checkSafeCard() {
        if (Util.varCheckEmp(this.param.getChipId()) || Util.varCheckEmp(this.param.getSign()) || Util.varCheckEmp(this.param.getChallenge())) {
            throw new IdpException(IdpResult.ErrorCode.PARAM_LOSE);
        }
    }

    private String spellParam() {
        ResponseBuilder responseBuilder = new ResponseBuilder();
        responseBuilder.append(this.param.getUname()).append(this.param.getPwd()).append(this.param.getMobile()).append(this.param.getCode()).append(this.param.getIdentifier()).append(this.param.getChipId()).append(this.param.getSn()).append(this.param.getChallenge()).append(this.param.getSign()).append(this.param.getAuthMode());
        return responseBuilder.build();
    }
}
