package com.holly.unit.auth.auth;

import cn.hutool.core.codec.Base64;
import cn.hutool.core.date.DateUnit;
import cn.hutool.core.date.DateUtil;
import cn.hutool.core.util.CharsetUtil;
import cn.hutool.core.util.ObjectUtil;
import cn.hutool.core.util.StrUtil;
import cn.hutool.crypto.SecureUtil;
import cn.hutool.http.HttpRequest;
import cn.hutool.http.HttpResponse;
import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson.JSONObject;
import com.holly.unit.auth.api.AuthServiceApi;
import com.holly.unit.auth.api.SessionManagerApi;
import com.holly.unit.auth.api.UserDataMapApi;
import com.holly.unit.auth.api.context.LoginContext;
import com.holly.unit.auth.api.context.LoginUserHolder;
import com.holly.unit.auth.api.exception.AuthException;
import com.holly.unit.auth.api.exception.enums.AuthExceptionEnum;
import com.holly.unit.auth.api.expander.AuthConfigExpander;
import com.holly.unit.auth.api.password.PasswordStoredEncryptApi;
import com.holly.unit.auth.api.password.PasswordTransferEncryptApi;
import com.holly.unit.auth.api.pojo.SsoProperties;
import com.holly.unit.auth.api.pojo.auth.LoginRecord;
import com.holly.unit.auth.api.pojo.auth.LoginRequest;
import com.holly.unit.auth.api.pojo.auth.LoginResponse;
import com.holly.unit.auth.api.pojo.auth.LoginWithTokenRequest;
import com.holly.unit.auth.api.pojo.login.LoginUser;
import com.holly.unit.auth.util.RSAUtils;
import com.holly.unit.config.api.context.ConfigContext;
import com.holly.unit.core.util.HttpServletUtil;
import com.holly.unit.demo.expander.DemoConfigExpander;
import com.holly.unit.jwt.JwtTokenOperator;
import com.holly.unit.jwt.api.context.JwtContext;
import com.holly.unit.jwt.api.exception.enums.JwtExceptionEnum;
import com.holly.unit.jwt.api.pojo.config.JwtConfig;
import com.holly.unit.jwt.api.pojo.payload.DefaultJwtPayload;
import com.holly.unit.log.api.LoginLogServiceApi;
import com.holly.unit.message.api.expander.WebSocketConfigExpander;
import com.holly.unit.scanner.api.exception.ScannerException;
import com.holly.unit.scanner.api.exception.enums.ScannerExceptionEnum;
import com.holly.unit.security.api.DragCaptchaApi;
import com.holly.unit.security.api.ImageCaptchaApi;
import com.holly.unit.system.api.HisUserPasswordServiceApi;
import com.holly.unit.system.api.NoticeServiceApi;
import com.holly.unit.system.api.ResourceServiceApi;
import com.holly.unit.system.api.UserServiceApi;
import com.holly.unit.system.api.enums.UserStatusEnum;
import com.holly.unit.system.api.pojo.notice.SysNoticeRequest;
import com.holly.unit.system.api.pojo.user.HisUserPasswordDTO;
import com.holly.unit.system.api.pojo.user.UserLoginInfoDTO;
import com.holly.unit.validator.api.exception.enums.ValidatorExceptionEnum;
import io.jsonwebtoken.JwtException;
import java.util.Date;
import javax.annotation.Resource;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;

@Service
/* loaded from: input_file:com/holly/unit/auth/auth/AuthServiceImpl.class */
public class AuthServiceImpl implements AuthServiceApi {
    private static final Object SESSION_OPERATE_LOCK = new Object();

    @Resource
    private UserServiceApi userServiceApi;

    @Resource
    private SessionManagerApi sessionManagerApi;

    @Resource
    private PasswordStoredEncryptApi passwordStoredEncryptApi;

    @Resource
    private PasswordTransferEncryptApi passwordTransferEncryptApi;

    @Resource
    private LoginLogServiceApi loginLogServiceApi;

    @Autowired
    private NoticeServiceApi noticeServiceApi;

    @Resource
    private ImageCaptchaApi captchaApi;

    @Resource
    private DragCaptchaApi dragCaptchaApi;

    @Resource
    private SsoProperties ssoProperties;

    @Resource
    private ResourceServiceApi resourceServiceApi;

    @Resource
    private UserDataMapApi userDataMapApi;

    @Resource
    private HisUserPasswordServiceApi hisUserPasswordServiceApi;

    @Autowired
    private LoginRecordServiceImpl loginRecordService;

    public LoginResponse login(LoginRequest loginRequest) {
        return loginAction(loginRequest, true, null);
    }

    public LoginResponse loginWithUserName(String str) {
        LoginRequest loginRequest = new LoginRequest();
        loginRequest.setAccount(str);
        return loginAction(loginRequest, false, null);
    }

    public LoginResponse loginWithUserNameAndCaToken(String str, String str2) {
        LoginRequest loginRequest = new LoginRequest();
        loginRequest.setAccount(str);
        return loginAction(loginRequest, false, str2);
    }

    public LoginResponse LoginWithToken(LoginWithTokenRequest loginWithTokenRequest) {
        JwtConfig jwtConfig = new JwtConfig();
        jwtConfig.setJwtSecret(AuthConfigExpander.getSsoJwtSecret());
        jwtConfig.setExpiredSeconds(0L);
        try {
            Object obj = new JwtTokenOperator(jwtConfig).getJwtPayloadClaims(loginWithTokenRequest.getToken()).get("userInfo");
            if (ObjectUtil.isEmpty(obj)) {
                throw new AuthException(AuthExceptionEnum.SSO_TOKEN_GET_USER_ERROR);
            }
            try {
                JSONObject parseObject = JSON.parseObject(SecureUtil.aes(Base64.decode(AuthConfigExpander.getSsoDataDecryptSecret())).decryptStr(obj.toString(), CharsetUtil.CHARSET_UTF_8));
                String string = parseObject.getString("account");
                String string2 = parseObject.getString("caToken");
                if (string == null) {
                    throw new AuthException(AuthExceptionEnum.SSO_TOKEN_DECRYPT_USER_ERROR);
                }
                return loginWithUserNameAndCaToken(string, string2);
            } catch (Exception e) {
                throw new AuthException(AuthExceptionEnum.SSO_TOKEN_DECRYPT_USER_ERROR, new Object[]{e.getMessage()});
            }
        } catch (Exception e2) {
            throw new AuthException(AuthExceptionEnum.SSO_TOKEN_PARSE_ERROR, new Object[]{e2.getMessage()});
        }
    }

    public void logout() {
        String token = LoginContext.me().getToken();
        if (!DemoConfigExpander.getDemoEnvFlag().booleanValue() && StrUtil.isNotEmpty(token)) {
            this.loginLogServiceApi.loginOutSuccess(LoginContext.me().getLoginUser().getUserId());
        }
        logoutWithToken(token);
        this.sessionManagerApi.destroySessionCookie();
    }

    public void logoutWithToken(String str) {
        this.sessionManagerApi.removeSession(str);
    }

    public void validateToken(String str) throws AuthException {
        try {
            JwtContext.me().validateTokenWithException(str);
            LoginUser session = this.sessionManagerApi.getSession(str);
            if (session == null) {
                throw new AuthException(AuthExceptionEnum.AUTH_EXPIRED_ERROR);
            }
            LoginUserHolder.set(session);
        } catch (JwtException e) {
            throw new AuthException(AuthExceptionEnum.TOKEN_PARSE_ERROR);
        } catch (com.holly.unit.jwt.api.exception.JwtException e2) {
            if (!JwtExceptionEnum.JWT_EXPIRED_ERROR.getErrorCode().equals(e2.getErrorCode())) {
                throw new AuthException(AuthExceptionEnum.TOKEN_PARSE_ERROR);
            }
            throw new AuthException(AuthExceptionEnum.AUTH_EXPIRED_ERROR);
        }
    }

    public void checkAuth(String str, String str2) {
        if (StrUtil.isEmpty(str)) {
            throw new AuthException(AuthExceptionEnum.TOKEN_GET_ERROR);
        }
        validateToken(str);
    }

    private LoginResponse loginAction(LoginRequest loginRequest, Boolean bool, String str) {
        LoginRecord useLoginByUsername = this.loginRecordService.getUseLoginByUsername(loginRequest.getAccount());
        int intValue = ((Integer) ConfigContext.me().getSysConfigValueWithDefault("SYS_AUTH_ACCOUNT_LOCKED_TIME", Integer.class, 30)).intValue();
        int intValue2 = ((Integer) ConfigContext.me().getSysConfigValueWithDefault("SYS_AUTH_ACCOUNT_LOCKED_COUNT", Integer.class, 5)).intValue();
        if (useLoginByUsername != null && useLoginByUsername.getLocked().booleanValue()) {
            throw new AuthException(AuthExceptionEnum.SSO_ACCOUNT_LOCKED, new Object[]{Integer.valueOf(intValue2), Integer.valueOf(intValue)});
        }
        if (bool.booleanValue()) {
            if (loginRequest == null || StrUtil.hasBlank(new CharSequence[]{loginRequest.getAccount(), loginRequest.getPassword()})) {
                throw new AuthException(AuthExceptionEnum.PARAM_EMPTY);
            }
        } else if (loginRequest == null || StrUtil.hasBlank(new CharSequence[]{loginRequest.getAccount()})) {
            throw new AuthException(AuthExceptionEnum.ACCOUNT_IS_BLANK);
        }
        if (bool.booleanValue()) {
            String verKey = loginRequest.getVerKey();
            String verCode = loginRequest.getVerCode();
            if (StrUtil.isEmpty(verKey) || StrUtil.isEmpty(verCode)) {
                throw new AuthException(ValidatorExceptionEnum.CAPTCHA_EMPTY);
            }
            if (ObjectUtil.isNull(this.captchaApi.getVerCode(verKey))) {
                throw new AuthException(ValidatorExceptionEnum.CAPTCHA_NUll);
            }
            if (!this.captchaApi.validateCaptcha(verKey, verCode)) {
                throw new AuthException(ValidatorExceptionEnum.CAPTCHA_ERROR);
            }
        }
        Integer resourceCount = this.resourceServiceApi.getResourceCount();
        if (resourceCount == null || resourceCount.equals(0)) {
            throw new ScannerException(ScannerExceptionEnum.SYSTEM_RESOURCE_URL_NOT_INIT);
        }
        String decrypt = RSAUtils.decrypt(loginRequest.getPassword());
        if (decrypt == null) {
            throw new AuthException(ValidatorExceptionEnum.UNIQUE_VALIDATE_RSA_ERROR);
        }
        loginRequest.setPassword(decrypt);
        if (this.ssoProperties.getOpenFlag().booleanValue() && StrUtil.isEmpty(str)) {
            return new LoginResponse(getRemoteLoginCode(loginRequest));
        }
        UserLoginInfoDTO userLoginInfo = this.userServiceApi.getUserLoginInfo(loginRequest.getAccount());
        if (bool.booleanValue() && !this.passwordStoredEncryptApi.checkPassword(loginRequest.getPassword(), userLoginInfo.getUserPasswordHexed()).booleanValue()) {
            if (useLoginByUsername == null) {
                LoginRecord loginRecord = new LoginRecord();
                loginRecord.setErrorCount(0);
                loginRecord.setLockedTime(Long.valueOf(DateUtil.current()));
                loginRecord.setUsername(loginRequest.getAccount());
                this.loginRecordService.saveOrUpdateUserLogin(loginRecord);
                throw new AuthException(AuthExceptionEnum.USERNAME_PASSWORD_ERROR);
            }
            if (useLoginByUsername.getLocked().booleanValue()) {
                throw new AuthException(AuthExceptionEnum.SSO_ACCOUNT_LOCKED, new Object[]{Integer.valueOf(intValue2), Integer.valueOf(intValue)});
            }
            int intValue3 = useLoginByUsername.getErrorCount().intValue() + 1;
            if (intValue3 >= intValue2) {
                useLoginByUsername.setLocked(true);
                useLoginByUsername.setErrorCount(Integer.valueOf(intValue3));
                this.loginRecordService.saveOrUpdateUserLogin(useLoginByUsername);
                throw new AuthException(AuthExceptionEnum.SSO_ACCOUNT_LOCKED, new Object[]{Integer.valueOf(intValue2), Integer.valueOf(intValue)});
            }
            useLoginByUsername.setErrorCount(Integer.valueOf(intValue3));
            useLoginByUsername.setLockedTime(Long.valueOf(DateUtil.current()));
            this.loginRecordService.saveOrUpdateUserLogin(useLoginByUsername);
            throw new AuthException(AuthExceptionEnum.SSO_ACCOUNT_LOCKED_COUNT, new Object[]{Integer.valueOf(intValue2 - intValue3)});
        }
        if (!UserStatusEnum.ENABLE.getCode().equals(userLoginInfo.getUserStatus())) {
            throw new AuthException(AuthExceptionEnum.USER_STATUS_ERROR, new Object[]{UserStatusEnum.getCodeMessage(userLoginInfo.getUserStatus())});
        }
        LoginUser loginUser = userLoginInfo.getLoginUser();
        DefaultJwtPayload defaultJwtPayload = new DefaultJwtPayload(loginUser.getUserId(), loginUser.getAccount(), loginRequest.getRememberMe().booleanValue(), str);
        String generateTokenDefaultPayload = JwtContext.me().generateTokenDefaultPayload(defaultJwtPayload);
        loginUser.setToken(generateTokenDefaultPayload);
        loginUser.setTenantCode(loginRequest.getTenantCode());
        synchronized (SESSION_OPERATE_LOCK) {
            loginUser.setWsUrl(WebSocketConfigExpander.getWebSocketWsUrl());
            this.sessionManagerApi.createSession(generateTokenDefaultPayload, loginUser, loginRequest.getCreateCookie());
            if (AuthConfigExpander.getSingleAccountLoginFlag()) {
                this.sessionManagerApi.removeSessionExcludeToken(generateTokenDefaultPayload);
            }
        }
        if (!DemoConfigExpander.getDemoEnvFlag().booleanValue()) {
            this.userServiceApi.updateUserLoginInfo(loginUser.getUserId(), new Date(), HttpServletUtil.getRequestClientIp(HttpServletUtil.getRequest()));
            this.loginLogServiceApi.loginSuccess(loginUser.getUserId());
        }
        HisUserPasswordDTO findPasswordExpiringUser = this.hisUserPasswordServiceApi.findPasswordExpiringUser(loginUser.getUserId());
        if (findPasswordExpiringUser == null) {
            throw new AuthException(AuthExceptionEnum.USERNAME_TIMEOUT_ERROR);
        }
        if (findPasswordExpiringUser.getType().equals("1")) {
            loginUser.setPwdValid(false);
        } else {
            String extracted = extracted(loginUser, findPasswordExpiringUser);
            if (extracted != null) {
                loginUser.setPwdTimeOut(true);
                loginUser.setPwdTimeOutContent(extracted);
            } else {
                loginUser.setPwdTimeOut(false);
            }
        }
        this.loginRecordService.unlockedByUsername(loginRequest.getAccount());
        return new LoginResponse(loginUser, generateTokenDefaultPayload, defaultJwtPayload.getExpirationDate());
    }

    private String extracted(LoginUser loginUser, HisUserPasswordDTO hisUserPasswordDTO) {
        String str = null;
        try {
            int intValue = ((Integer) ConfigContext.me().getSysConfigValueWithDefault("SYS_AUTH_PASSWORD_TIMEOUT_DAY", Integer.class, 90)).intValue();
            if (intValue > 90 || intValue < 1) {
                intValue = 90;
            }
            int intValue2 = ((Integer) ConfigContext.me().getSysConfigValueWithDefault("SYS_AUTH_PASSWORD_NOTICE_DAY", Integer.class, 7)).intValue();
            if (intValue2 > 90 || intValue2 < 1) {
                intValue2 = 1;
            }
            Long.valueOf(intValue * 1000 * 60 * 60 * 24);
            Long.valueOf(intValue2 * 1000 * 60 * 60 * 24);
            long between = intValue - DateUtil.between(new Date(hisUserPasswordDTO.getCreateTime().longValue()), new Date(Long.valueOf(System.currentTimeMillis()).longValue()), DateUnit.DAY, false);
            if (between >= 0 && intValue2 >= between) {
                String str2 = "您的账户【" + loginUser.getAccount() + "】密码有效期还剩余" + between + "天，请尽快修改密码";
                SysNoticeRequest sysNoticeRequest = new SysNoticeRequest();
                sysNoticeRequest.setNoticeScope(loginUser.getUserId().toString());
                sysNoticeRequest.setNoticeContent(str2);
                sysNoticeRequest.setNoticeTitle("密码过期提醒");
                this.noticeServiceApi.add(sysNoticeRequest);
                str = str2;
            }
        } catch (Throwable th) {
        }
        return str;
    }

    private String getRemoteLoginCode(LoginRequest loginRequest) {
        HttpRequest post = HttpRequest.post(AuthConfigExpander.getSsoUrl() + "/sso/getLoginCode");
        post.body(JSON.toJSONString(loginRequest));
        HttpResponse execute = post.execute();
        String body = execute.body();
        JSONObject jSONObject = new JSONObject();
        if (StrUtil.isNotBlank(body)) {
            jSONObject = JSON.parseObject(body);
        }
        if (execute.getStatus() != 200) {
            throw new AuthException(AuthExceptionEnum.SSO_LOGIN_CODE_GET_ERROR, new Object[]{jSONObject.getString("message")});
        }
        String string = jSONObject.getString("data");
        if (string == null) {
            throw new AuthException(AuthExceptionEnum.SSO_LOGIN_CODE_GET_ERROR, new Object[]{"loginCode为空"});
        }
        return string;
    }

    public String getPublicKey() {
        return RSAUtils.getPublicKey();
    }
}
