package cn.stylefeng.roses.kernel.auth.auth;

import cn.hutool.core.codec.Base64;
import cn.hutool.core.date.DateField;
import cn.hutool.core.date.DateUtil;
import cn.hutool.core.util.CharsetUtil;
import cn.hutool.core.util.ObjectUtil;
import cn.hutool.core.util.StrUtil;
import cn.hutool.crypto.SecureUtil;
import cn.stylefeng.roses.kernel.auth.api.AuthServiceApi;
import cn.stylefeng.roses.kernel.auth.api.SessionManagerApi;
import cn.stylefeng.roses.kernel.auth.api.context.AuthJwtContext;
import cn.stylefeng.roses.kernel.auth.api.context.LoginContext;
import cn.stylefeng.roses.kernel.auth.api.exception.AuthException;
import cn.stylefeng.roses.kernel.auth.api.exception.enums.AuthExceptionEnum;
import cn.stylefeng.roses.kernel.auth.api.expander.AuthConfigExpander;
import cn.stylefeng.roses.kernel.auth.api.pojo.auth.LoginRequest;
import cn.stylefeng.roses.kernel.auth.api.pojo.auth.LoginResponse;
import cn.stylefeng.roses.kernel.auth.api.pojo.login.LoginUser;
import cn.stylefeng.roses.kernel.auth.api.pojo.payload.DefaultJwtPayload;
import cn.stylefeng.roses.kernel.auth.api.pojo.sso.DecryptCaLoginUser;
import cn.stylefeng.roses.kernel.auth.api.pojo.sso.DecryptCaTokenInfo;
import cn.stylefeng.roses.kernel.auth.api.pojo.sso.LoginBySsoTokenRequest;
import cn.stylefeng.roses.kernel.auth.api.pojo.sso.LogoutBySsoTokenRequest;
import cn.stylefeng.roses.kernel.cache.api.CacheOperatorApi;
import cn.stylefeng.roses.kernel.demo.expander.DemoConfigExpander;
import cn.stylefeng.roses.kernel.jwt.api.JwtApi;
import cn.stylefeng.roses.kernel.jwt.api.exception.JwtException;
import cn.stylefeng.roses.kernel.jwt.api.exception.enums.JwtExceptionEnum;
import cn.stylefeng.roses.kernel.log.api.LoginLogServiceApi;
import cn.stylefeng.roses.kernel.sys.api.SysUserServiceApi;
import cn.stylefeng.roses.kernel.sys.api.pojo.user.UserValidateDTO;
import com.alibaba.fastjson.JSON;
import java.util.Date;
import javax.annotation.Resource;
import org.springframework.stereotype.Service;

@Service
/* loaded from: input_file:cn/stylefeng/roses/kernel/auth/auth/AuthServiceImpl.class */
public class AuthServiceImpl implements AuthServiceApi {

    @Resource
    private SysUserServiceApi sysUserServiceApi;

    @Resource
    private SessionManagerApi sessionManagerApi;

    @Resource
    private LoginLogServiceApi loginLogServiceApi;

    @Resource(name = "loginErrorCountCacheApi")
    private CacheOperatorApi<Integer> loginErrorCountCacheApi;

    @Resource(name = "caClientTokenCacheApi")
    private CacheOperatorApi<String> caClientTokenCacheApi;

    @Resource
    private JwtApi jwtApi;

    @Resource
    private LoginService loginService;

    public LoginResponse login(LoginRequest loginRequest) {
        return this.loginService.loginAction(loginRequest, true, null);
    }

    public LoginResponse loginWithUserName(String str) {
        LoginRequest loginRequest = new LoginRequest();
        loginRequest.setAccount(str);
        return this.loginService.loginAction(loginRequest, false, null);
    }

    public LoginResponse loginWithUserNameAndCaToken(String str, String str2) {
        LoginRequest loginRequest = new LoginRequest();
        loginRequest.setAccount(str);
        return this.loginService.loginAction(loginRequest, false, str2);
    }

    public LoginResponse LoginByCaToken(LoginBySsoTokenRequest loginBySsoTokenRequest) {
        try {
            DecryptCaTokenInfo decryptCaTokenInfo = (DecryptCaTokenInfo) JSON.parseObject(SecureUtil.aes(Base64.decode(AuthConfigExpander.getSsoDataDecryptSecret())).decryptStr(loginBySsoTokenRequest.getToken(), CharsetUtil.CHARSET_UTF_8), DecryptCaTokenInfo.class);
            if (DateUtil.parse(decryptCaTokenInfo.getGenerationDateTime()).offset(DateField.MINUTE, 2).isBefore(new Date())) {
                throw new AuthException(AuthExceptionEnum.SSO_TOKEN_PARSE_ERROR, new Object[]{"sso token过期"});
            }
            DecryptCaLoginUser caLoginUser = decryptCaTokenInfo.getCaLoginUser();
            if (caLoginUser == null) {
                throw new AuthException(AuthExceptionEnum.SSO_TOKEN_GET_USER_ERROR);
            }
            if (ObjectUtil.isEmpty(caLoginUser.getAccount()) || ObjectUtil.isEmpty(caLoginUser.getCaToken())) {
                throw new AuthException(AuthExceptionEnum.SSO_TOKEN_GET_USER_ERROR);
            }
            LoginResponse loginWithUserNameAndCaToken = loginWithUserNameAndCaToken(caLoginUser.getAccount(), caLoginUser.getCaToken());
            this.caClientTokenCacheApi.put(caLoginUser.getCaToken(), loginWithUserNameAndCaToken.getToken());
            return loginWithUserNameAndCaToken;
        } catch (Exception e) {
            throw new AuthException(AuthExceptionEnum.SSO_TOKEN_PARSE_ERROR, new Object[]{"sso token无法解析"});
        }
    }

    public void logout() {
        String token = LoginContext.me().getToken();
        if (!DemoConfigExpander.getDemoEnvFlag().booleanValue() && StrUtil.isNotEmpty(token)) {
            this.loginLogServiceApi.loginOutSuccess(LoginContext.me().getLoginUser().getUserId());
        }
        logoutWithToken(token);
    }

    public void logoutWithToken(String str) {
        this.sessionManagerApi.removeSession(str);
    }

    public DefaultJwtPayload validateToken(String str) throws AuthException {
        try {
            this.jwtApi.validateTokenWithException(str);
            DefaultJwtPayload defaultPayload = AuthJwtContext.me().getDefaultPayload(str);
            if (!defaultPayload.getRememberMe().booleanValue() && this.sessionManagerApi.getSession(str) == null) {
                throw new AuthException(AuthExceptionEnum.AUTH_EXPIRED_ERROR);
            }
            return defaultPayload;
        } catch (JwtException e) {
            if (JwtExceptionEnum.JWT_EXPIRED_ERROR.getErrorCode().equals(e.getErrorCode())) {
                throw new AuthException(AuthExceptionEnum.AUTH_EXPIRED_ERROR);
            }
            throw new AuthException(AuthExceptionEnum.TOKEN_PARSE_ERROR);
        } catch (io.jsonwebtoken.JwtException e2) {
            throw new AuthException(AuthExceptionEnum.TOKEN_PARSE_ERROR);
        }
    }

    public void checkAuth(String str, String str2) {
        if (StrUtil.isEmpty(str)) {
            throw new AuthException(AuthExceptionEnum.TOKEN_GET_ERROR);
        }
        validateToken(str);
    }

    public void cancelFreeze(LoginRequest loginRequest) {
        this.loginErrorCountCacheApi.remove(new String[]{loginRequest.getAccount()});
    }

    public LoginUser createNewLoginInfo(String str, DefaultJwtPayload defaultJwtPayload) {
        UserValidateDTO userLoginValidateDTO = this.sysUserServiceApi.getUserLoginValidateDTO(defaultJwtPayload.getUserId());
        LoginUser loginUser = new LoginUser(userLoginValidateDTO.getUserId(), userLoginValidateDTO.getAccount(), str, userLoginValidateDTO.getTenantId());
        this.sessionManagerApi.updateSession(str, loginUser);
        return loginUser;
    }

    public void logoutByCaToken(LogoutBySsoTokenRequest logoutBySsoTokenRequest) {
        String str = (String) this.caClientTokenCacheApi.get(logoutBySsoTokenRequest.getCaToken());
        if (ObjectUtil.isEmpty(str)) {
            return;
        }
        this.sessionManagerApi.removeSession(str);
    }
}
