package com.qihai.sms.modules.sso.service.impl;

import com.alibaba.dubbo.config.annotation.Reference;
import com.qihai.commerce.framework.enums.BizErrorCode;
import com.qihai.commerce.framework.utils.EncryptUtils;
import com.qihai.commerce.framework.utils.R;
import com.qihai.commerce.framework.utils.StringUtil;
import com.qihai.framework.security.cache.ProfileCache;
import com.qihai.framework.security.common.utils.ContextUtils;
import com.qihai.framework.security.common.vo.Context;
import com.qihai.framework.security.common.vo.UserDimension;
import com.qihai.framework.security.common.vo.UserInfo;
import com.qihai.framework.security.common.vo.UserResourceColumn;
import com.qihai.framework.security.common.vo.UserResources;
import com.qihai.framework.security.common.vo.UserResourcesDimension;
import com.qihai.framework.security.model.MyProfile;
import com.qihai.framework.security.utils.CacheUtils;
import com.qihai.framework.security.utils.ProfileUtils;
import com.qihai.sms.constant.CommonContstant;
import com.qihai.sms.constant.Constants;
import com.qihai.sms.modules.sso.constant.LoginParamContstant;
import com.qihai.sms.modules.sso.dto.request.UserInfoRequest;
import com.qihai.sms.modules.sso.dto.response.UserInfoRespose;
import com.qihai.sms.modules.sso.entity.UserInfoEntity;
import com.qihai.sms.modules.sso.service.UserInfoService;
import com.qihai.sms.utils.EncryptHash;
import com.qihai.wms.base.api.dto.request.AddLoginLogVo;
import com.qihai.wms.base.api.enums.QcStandStatusEnum;
import com.qihai.wms.base.api.service.LoginLogApiService;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.stream.Collectors;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.lang3.StringUtils;
import org.apache.shiro.util.CollectionUtils;
import org.pac4j.core.config.Config;
import org.pac4j.core.context.WebContext;
import org.pac4j.core.credentials.TokenCredentials;
import org.pac4j.core.profile.CommonProfile;
import org.pac4j.core.profile.ProfileManager;
import org.pac4j.http.client.direct.DirectFormClient;
import org.pac4j.http.client.direct.HeaderClient;
import org.pac4j.jwt.config.encryption.SecretEncryptionConfiguration;
import org.pac4j.jwt.config.signature.SecretSignatureConfiguration;
import org.pac4j.jwt.profile.JwtGenerator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.data.redis.core.RedisTemplate;
import org.springframework.stereotype.Service;

@Service
/* loaded from: input_file:com/qihai/sms/modules/sso/service/impl/SsoAuthenticationService.class */
public class SsoAuthenticationService {
    private static Logger logger = LoggerFactory.getLogger(SsoAuthenticationService.class);

    @Value("${salt}")
    private String salt;

    @Value("${rf.key.rsaPrivateKey}")
    private String privateKey;

    @Value("${webuser.session.timeout}")
    private long webSessionTimeout;

    @Value("${appuser.session.timeout}")
    private long appSessionTimeout;

    @Autowired
    private Config config;

    @Autowired
    private UserInfoService userInfoService;

    @Reference
    private LoginLogApiService loginLogApiService;

    @Autowired
    private RedisTemplate<String, Object> redisTemplate;

    public R<Map<String, Object>> login(WebContext webContext, Long l, Map<String, String> map) {
        return kyErpLogin(webContext, "登录失败！", l, map);
    }

    public R<Map<String, Object>> refreshToken(WebContext webContext) {
        CommonProfile profile;
        MyProfile myProfile4Context = MyProfile.getMyProfile4Context();
        MyProfile commonProfileFromSession = getCommonProfileFromSession(webContext);
        if (commonProfileFromSession != null && commonProfileFromSession.getProfile() != null) {
            myProfile4Context.setProfile(commonProfileFromSession.getProfile());
        }
        if (myProfile4Context != null && (profile = myProfile4Context.getProfile()) != null) {
            ProfileCache.delete(myProfile4Context.getSid());
            profile.removeAttribute("iat");
        }
        return generatorJwt(webContext, myProfile4Context, "刷新accessToken失败！");
    }

    public R<UserInfo> getUserInfo(WebContext webContext) {
        CommonProfile userProfile;
        R<UserInfo> r = null;
        try {
            HeaderClient findClient = this.config.getClients().findClient("HeaderClient");
            TokenCredentials credentials = findClient.getCredentials(webContext);
            if (credentials != null && (userProfile = findClient.getUserProfile(credentials, webContext)) != null) {
                r = new R().ok(ProfileUtils.toUserInfo(userProfile.getAttributes()));
            }
        } catch (Exception e) {
            logger.info("获取用户信息失败： 用户未登录或登录超时！", e);
        }
        if (r == null) {
            r = new R().error(BizErrorCode.UserErrorType.USER_ACCOUNT_ERROR.getCode(), "获取用户信息失败！");
            logger.info("获取用户信息失败： 用户未登录或登录超时！");
        }
        return r;
    }

    public MyProfile getCommonProfile(WebContext webContext) {
        MyProfile myProfile = new MyProfile();
        CommonProfile commonProfile = null;
        try {
            DirectFormClient findClient = this.config.getClients().findClient("DirectFormClient");
            commonProfile = findClient.getUserProfile(findClient.getCredentials(webContext), webContext);
        } catch (Exception e) {
            logger.error("获取CommonProfile出错！", e);
        }
        myProfile.setProfile(commonProfile);
        return myProfile;
    }

    public void logout(WebContext webContext) {
        MyProfile myProfile4Context = MyProfile.getMyProfile4Context();
        if (myProfile4Context != null) {
            try {
                ProfileCache.delete(myProfile4Context.getSid());
                if (LoginParamContstant.DeviceTypeEnum.QC_CHECK_TOOL.getType().toString().equals(myProfile4Context.getUserInfo().getExtendsProps().get("deviceType").toString())) {
                    this.loginLogApiService.updateQcStandStatus(myProfile4Context.getUserInfo().getExtendsProps().get("qcStandNo").toString(), QcStandStatusEnum.NOT_USE.getType());
                }
                String obj = myProfile4Context.getUserInfo().getExtendsProps().get("serializeNo").toString();
                logger.debug("---------------登出操作:" + obj);
                this.loginLogApiService.logout(obj);
            } catch (Exception e) {
                logger.error("登出时, 删除缓存出错！", e);
            }
        }
    }

    private R<Map<String, Object>> kyErpLogin(WebContext webContext, String str, Long l, Map<String, String> map) {
        R<Map<String, Object>> error;
        HashMap hashMap = new HashMap();
        String requestParameter = webContext.getRequestParameter("username");
        if (!verifyPw(requestParameter, webContext.getRequestParameter("password"))) {
            return new R().error(BizErrorCode.UserErrorType.USER_ACCOUNT_ERROR.getCode(), BizErrorCode.UserErrorType.USER_ACCOUNT_ERROR.getDesc());
        }
        hashMap.put("login_name", requestParameter);
        List selectByMap = this.userInfoService.selectByMap(hashMap);
        if (null == selectByMap || selectByMap.size() != 1) {
            error = (null == selectByMap || selectByMap.size() <= 1) ? new R().error(BizErrorCode.UserErrorType.USER_ACCOUNT_ERROR.getCode(), BizErrorCode.UserErrorType.USER_ACCOUNT_ERROR.getDesc()) : new R().error(BizErrorCode.UserErrorType.USER_HAS_EXIST.getCode(), BizErrorCode.UserErrorType.USER_HAS_EXIST.getDesc());
        } else {
            UserInfoEntity userInfoEntity = (UserInfoEntity) selectByMap.get(0);
            if (CommonContstant.UserStatusEnum.ACTIVATE.getType().equals(userInfoEntity.getStatus())) {
                String l2 = userInfoEntity.getId().toString();
                MyProfile myProfile = null;
                if (0 == 0) {
                    myProfile = getCommonProfileFromSession(webContext);
                }
                if (myProfile.getUserInfo() == null) {
                    myProfile = getCommonProfile(webContext);
                }
                if (l2 == null || myProfile.getProfile() == null || myProfile.getUserInfo() == null) {
                    myProfile = null;
                } else {
                    myProfile.getProfile().setId(l2);
                    myProfile.getProfile().addAttribute("uid", l2);
                    myProfile.getUserInfo().setDeportId(l.toString());
                    myProfile.getUserInfo().setDeportName(map.get("depotName"));
                    myProfile.getUserInfo().setExtendsProps(map);
                    myProfile.getUserInfo().setId(l2);
                    myProfile.getUserInfo().setUsername(userInfoEntity.getLoginName());
                    myProfile.getUserInfo().setNickname(userInfoEntity.getUserName());
                    myProfile.getUserInfo().setAllResourceColumns(this.userInfoService.getAllResourceColumn());
                    myProfile.getUserInfo().setAllPublicResources(this.userInfoService.getAllPublicResources());
                    myProfile.getUserInfo().setResources(getUserResourcesById(l2));
                }
                AddLoginLogVo addLoginLogVo = new AddLoginLogVo();
                UserInfo userInfo = myProfile.getUserInfo();
                addLoginLogVo.setUserNo(userInfo.getUsername());
                addLoginLogVo.setUserName(userInfo.getNickname());
                addLoginLogVo.setIpAddress(map.get("ipAddress"));
                addLoginLogVo.setLoginWarehouseCode(map.get("depotCode"));
                addLoginLogVo.setLoginWarehouse(map.get("depotName"));
                addLoginLogVo.setRemarks("登陆操作");
                String str2 = map.get("deviceType");
                addLoginLogVo.setDeviceType(Integer.valueOf(str2));
                if (LoginParamContstant.DeviceTypeEnum.BAR_CODE_SCANNER.getType().equals(str2)) {
                    String requestParameter2 = webContext.getRequestParameter("barScannerNo");
                    if (StringUtils.isNotBlank(requestParameter2)) {
                        addLoginLogVo.setIpAddress(requestParameter2);
                    }
                } else if (LoginParamContstant.DeviceTypeEnum.QC_CHECK_TOOL.getType().equals(str2)) {
                    String requestParameter3 = webContext.getRequestParameter("qcStandNo");
                    if (StringUtils.isBlank(requestParameter3)) {
                        return new R().error(BizErrorCode.ReturnType.IS_FAIL.getCode(), "QC台编码编码不能为空");
                    }
                    this.loginLogApiService.updateQcStandStatus(requestParameter3, QcStandStatusEnum.IN_USE.getType());
                } else if (LoginParamContstant.DeviceTypeEnum.PC.getType().equals(str2)) {
                }
                String add = this.loginLogApiService.add(addLoginLogVo);
                logger.info("serializeNo---------:" + add);
                if (org.apache.commons.lang.StringUtils.isNotBlank(add)) {
                    map.put("serializeNo", add);
                } else {
                    map.put("serializeNo", "");
                }
                error = generatorJwt(webContext, myProfile, str);
            } else {
                error = new R().error(BizErrorCode.UserErrorType.USER_ACCOUNT_FORBIDDEN.getCode(), BizErrorCode.UserErrorType.USER_ACCOUNT_FORBIDDEN.getDesc());
            }
        }
        return error;
    }

    private boolean verifyPw(String str, String str2) {
        HashMap hashMap = new HashMap();
        hashMap.put("login_name", str);
        List selectByMap = this.userInfoService.selectByMap(hashMap);
        if (selectByMap == null || selectByMap.size() <= 0) {
            return false;
        }
        return EncryptHash.verifyRsaPassword(str, ((UserInfoEntity) selectByMap.get(0)).getPassword(), str2, this.privateKey);
    }

    private List<UserResources> getUserResourcesById(String str) {
        List<UserResources> userResourcesById = this.userInfoService.getUserResourcesById(str);
        if (CollectionUtils.isEmpty(userResourcesById)) {
            return userResourcesById;
        }
        Map map = (Map) this.userInfoService.getResourceColumnById(str).parallelStream().collect(Collectors.groupingBy((v0) -> {
            return v0.getPermissionId();
        }));
        if (!CollectionUtils.isEmpty(map)) {
            for (UserResources userResources : userResourcesById) {
                if (map.containsKey(userResources.getId())) {
                    HashSet hashSet = new HashSet();
                    Iterator it = ((List) map.get(userResources.getId())).iterator();
                    while (it.hasNext()) {
                        hashSet.add(((UserResourceColumn) it.next()).getAttribute());
                    }
                    userResources.setUserResourceColumns(hashSet);
                }
            }
        }
        List<UserDimension> userDimensionById = this.userInfoService.getUserDimensionById(str);
        if (CollectionUtils.isEmpty(userDimensionById)) {
            return userResourcesById;
        }
        HashMap hashMap = new HashMap();
        for (UserDimension userDimension : userDimensionById) {
            hashMap.put(userDimension.getId(), userDimension);
        }
        List<UserResourcesDimension> userResourcesDimensionById = this.userInfoService.getUserResourcesDimensionById(str);
        if (CollectionUtils.isEmpty(userResourcesDimensionById)) {
            return userResourcesById;
        }
        for (UserResources userResources2 : userResourcesById) {
            for (UserResourcesDimension userResourcesDimension : userResourcesDimensionById) {
                if (userResources2.getId().equals(userResourcesDimension.getPermissionId())) {
                    if (null == userResources2.getDimensionList()) {
                        userResources2.setDimensionList(new ArrayList());
                    }
                    userResourcesDimension.setDimension((UserDimension) hashMap.get(userResourcesDimension.getDimensionId()));
                    userResources2.getDimensionList().add(userResourcesDimension);
                }
            }
        }
        return userResourcesById;
    }

    private R<Map<String, Object>> generatorJwt(WebContext webContext, MyProfile myProfile, String str) {
        HashMap hashMap = new HashMap();
        String code = BizErrorCode.ReturnType.IS_FAIL.getCode();
        String str2 = "";
        if (myProfile != null && myProfile.getUserInfo() != null) {
            String generate = new JwtGenerator(new SecretSignatureConfiguration(this.salt), new SecretEncryptionConfiguration(this.salt)).generate(myProfile.getProfile());
            myProfile.setJwt(generate);
            myProfile.setSid(MyProfile.calculateSID(generate));
            myProfile.setCheckSum(EncryptUtils.md5(myProfile.getJwt()));
            myProfile.setRefreshToken(myProfile.getCheckSum());
            boolean isEmpty = StringUtil.isEmpty(webContext.getRequestHeader("x-device"));
            long j = isEmpty ? this.webSessionTimeout : this.appSessionTimeout;
            if (j < 1) {
                j = CacheUtils.TIME_OUT_TWO_HOUR;
            }
            myProfile.setExpire(Long.valueOf(j));
            ProfileCache.add(myProfile, j);
            logger.debug("username:" + myProfile.getUserInfo().getUsername() + "---profile:" + myProfile.getSid());
            if (!isEmpty) {
                hashMap.put("refresh_token", myProfile.getRefreshToken());
            }
            hashMap.put("expire_time", myProfile.getExpire());
            str2 = MyProfile.wrapToken(generate, myProfile.getSid());
            code = BizErrorCode.ReturnType.IS_SUCCESS.getCode();
            str = "OK";
        }
        hashMap.put("token", str2);
        R<Map<String, Object>> r = new R<>();
        r.setCode(code);
        r.setMsg(str);
        r.setData(hashMap);
        return r;
    }

    private MyProfile getCommonProfileFromSession(WebContext webContext) {
        MyProfile myProfile = new MyProfile();
        CommonProfile commonProfile = null;
        try {
            Optional optional = new ProfileManager(webContext).get(true);
            if (optional.isPresent()) {
                commonProfile = (CommonProfile) optional.get();
            }
        } catch (Exception e) {
            logger.error("获取CommonProfile出错！", e);
        }
        myProfile.setProfile(commonProfile);
        return myProfile;
    }

    public R<UserInfo> getUserInfo(UserInfoRequest userInfoRequest) {
        R<UserInfo> error;
        R<UserInfoRespose> userInfo = this.userInfoService.getUserInfo(userInfoRequest);
        if (Constants.ResultMapCodeState.OK.equals(userInfo.getCode())) {
            UserInfo userInfo2 = new UserInfo();
            UserInfoRespose userInfoRespose = (UserInfoRespose) userInfo.getData();
            userInfo2.setId(userInfoRespose.getId() == null ? null : userInfoRespose.getId().toString());
            userInfo2.setUsername(userInfoRespose.getLoginName());
            userInfo2.setNickname(userInfoRespose.getUserName());
            error = new R().ok(userInfo2);
        } else {
            error = new R().error(userInfo.getCode(), userInfo.getMsg());
        }
        return error;
    }

    public void saveContext(HttpServletRequest httpServletRequest) {
        Context context = new Context();
        context.setIpAddress(getIpAdrress(httpServletRequest));
        ContextUtils.set(context);
    }

    public String getIpAdrress(HttpServletRequest httpServletRequest) {
        String header = httpServletRequest.getHeader("X-Real-IP");
        String header2 = httpServletRequest.getHeader("X-Forwarded-For");
        if (StringUtils.isNotEmpty(header2) && !"unKnown".equalsIgnoreCase(header2)) {
            int indexOf = header2.indexOf(",");
            return indexOf != -1 ? header2.substring(0, indexOf) : header2;
        }
        String str = header;
        if (StringUtils.isNotEmpty(str) && !"unKnown".equalsIgnoreCase(str)) {
            return str;
        }
        if (StringUtils.isBlank(str) || "unknown".equalsIgnoreCase(str)) {
            str = httpServletRequest.getHeader("Proxy-Client-IP");
        }
        if (StringUtils.isBlank(str) || "unknown".equalsIgnoreCase(str)) {
            str = httpServletRequest.getHeader("WL-Proxy-Client-IP");
        }
        if (StringUtils.isBlank(str) || "unknown".equalsIgnoreCase(str)) {
            str = httpServletRequest.getHeader("HTTP_CLIENT_IP");
        }
        if (StringUtils.isBlank(str) || "unknown".equalsIgnoreCase(str)) {
            str = httpServletRequest.getHeader("HTTP_X_FORWARDED_FOR");
        }
        if (StringUtils.isBlank(str) || "unknown".equalsIgnoreCase(str)) {
            str = httpServletRequest.getRemoteAddr();
        }
        return str;
    }

    public R<Map<String, Object>> lgn(WebContext webContext, Long l, Map<String, String> map) {
        new R().error(BizErrorCode.ValidateErrorType.PARAMS_IS_INVALID.getCode(), BizErrorCode.ValidateErrorType.PARAMS_IS_INVALID.getDesc());
        return kyWmsLgn(webContext, "登录失败！", l, map);
    }

    private R<Map<String, Object>> kyWmsLgn(WebContext webContext, String str, Long l, Map<String, String> map) {
        R<Map<String, Object>> error;
        HashMap hashMap = new HashMap();
        String requestParameter = webContext.getRequestParameter("username");
        webContext.getRequestParameter("123");
        hashMap.put("login_name", requestParameter);
        List selectByMap = this.userInfoService.selectByMap(hashMap);
        if (null == selectByMap || selectByMap.size() != 1) {
            error = (null == selectByMap || selectByMap.size() <= 1) ? new R().error(BizErrorCode.UserErrorType.USER_ACCOUNT_ERROR.getCode(), BizErrorCode.UserErrorType.USER_ACCOUNT_ERROR.getDesc()) : new R().error(BizErrorCode.UserErrorType.USER_HAS_EXIST.getCode(), BizErrorCode.UserErrorType.USER_HAS_EXIST.getDesc());
        } else {
            UserInfoEntity userInfoEntity = (UserInfoEntity) selectByMap.get(0);
            String status = userInfoEntity.getStatus();
            String type = userInfoEntity.getType();
            Boolean bool = false;
            Boolean valueOf = Boolean.valueOf("A".equals(status));
            if (bool.booleanValue() || valueOf.booleanValue()) {
                String l2 = userInfoEntity.getId().toString();
                MyProfile myProfile = null;
                if (0 == 0) {
                    myProfile = getCommonProfileFromSession(webContext);
                }
                if (myProfile.getUserInfo() == null) {
                    myProfile = getCommonProfile(webContext);
                }
                if (l2 == null || myProfile.getProfile() == null || myProfile.getUserInfo() == null) {
                    myProfile = null;
                } else {
                    myProfile.getProfile().setId(l2);
                    myProfile.getProfile().addAttribute("uid", l2);
                    myProfile.getUserInfo().setId(l2);
                    myProfile.getUserInfo().setNickname(userInfoEntity.getUserName());
                    myProfile.getUserInfo().setType(type);
                    myProfile.getUserInfo().setDeportId(l.toString());
                    myProfile.getUserInfo().setDeportName(map.get("depotName"));
                    myProfile.getUserInfo().setExtendsProps(map);
                    myProfile.getUserInfo().setId(l2);
                    myProfile.getUserInfo().setUsername(userInfoEntity.getLoginName());
                    myProfile.getUserInfo().setNickname(userInfoEntity.getUserName());
                    myProfile.getUserInfo().setAllResourceColumns(this.userInfoService.getAllResourceColumn());
                    myProfile.getUserInfo().setAllPublicResources(this.userInfoService.getAllPublicResources());
                    myProfile.getUserInfo().setResources(getUserResourcesById(l2));
                }
                error = generatorJwt(webContext, myProfile, str);
            } else {
                error = new R().error(BizErrorCode.UserErrorType.USER_ACCOUNT_FORBIDDEN.getCode(), BizErrorCode.UserErrorType.USER_ACCOUNT_FORBIDDEN.getDesc());
            }
        }
        return error;
    }
}
