package cn.hangar.agp.module.security.oauth;

import cn.hangar.agp.module.security.authentication.IAuthenticationTokensEncoder;
import cn.hangar.agp.module.security.repository.IUserRepository;
import cn.hangar.agp.module.security.spring.SecurityUtils;
import cn.hangar.agp.platform.core.app.AppContext;
import cn.hangar.agp.platform.core.app.AppException;
import cn.hangar.agp.platform.core.app.IUser;
import cn.hangar.agp.platform.core.app.LoginFailException;
import cn.hangar.agp.platform.core.app.NeedLoginException;
import cn.hangar.agp.platform.core.data.MobileDictionary;
import cn.hangar.agp.platform.core.ioc.ContextManager;
import cn.hangar.agp.platform.core.log.Logger;
import cn.hangar.agp.platform.core.log.LoggerFactory;
import cn.hangar.agp.platform.core.rest.WebHelper;
import cn.hangar.agp.platform.utils.CollectionUtil;
import cn.hangar.agp.platform.utils.Convert;
import cn.hangar.agp.platform.utils.Endecrypt;
import cn.hangar.agp.platform.utils.GeneralUtil;
import cn.hangar.agp.platform.utils.RefObject;
import cn.hangar.agp.platform.utils.StringUtils;
import cn.hangar.agp.service.model.sys.AuthenticationTokenInfo;
import cn.hangar.agp.service.model.sys.OauthInfo;
import cn.hangar.agp.service.model.sys.SysAppAuthCfg;
import cn.hangar.agp.service.model.sys.SysUserAuthenArgument;
import java.net.URLDecoder;
import java.util.Date;
import java.util.List;
import java.util.Map;
import org.springframework.stereotype.Component;

@Component("LocalProvider")
/* loaded from: input_file:cn/hangar/agp/module/security/oauth/LocalOauthProvider.class */
public class LocalOauthProvider implements IOauthProvider {
    private static final String AuthTypeWx = "WX";
    protected Logger log = LoggerFactory.getLogger(getClass());
    private IAuthenticationTokensEncoder tokensEncoder;

    @Override // cn.hangar.agp.module.security.oauth.IOauthProvider
    public IUser checkAuthenticate(String str, String str2) {
        if (StringUtils.isEmpty(str)) {
            return null;
        }
        if (AppContext.getCurrentUser() != null && StringUtils.equals(AppContext.getCurrentUser().getAuthenTokens(), str)) {
            return AppContext.getCurrentUser();
        }
        String decode = URLDecoder.decode(str);
        IAuthenticationTokensEncoder iAuthenticationTokensEncoder = (IAuthenticationTokensEncoder) ContextManager.find(IAuthenticationTokensEncoder.class);
        AuthenticationTokenInfo authenticationTokenInfo = new AuthenticationTokenInfo();
        if (!iAuthenticationTokensEncoder.decodeToken(decode, authenticationTokenInfo)) {
            return null;
        }
        SysAppAuthCfg sysAppAuthCfg = (SysAppAuthCfg) SysAppAuthCfg.class.cast(AppContext.getCurrentData("appAuthCfgs"));
        if (sysAppAuthCfg != null && Convert.toBoolean(sysAppAuthCfg.getAllowAuthByOtherApps()) && !StringUtils.isEmpty(sysAppAuthCfg.getAllowApps()) && !CollectionUtil.any(sysAppAuthCfg.getAllowApps().split(","), str3 -> {
            return str3.toLowerCase().contains(str2.toLowerCase());
        })) {
            this.log.warn("用其它APP的认证信息登录不允许！" + str2);
            return null;
        }
        String currentAppId = AppContext.getCurrentAppId(str2 == null ? authenticationTokenInfo.AppId : str2);
        IUserRepository userRepository = getUserRepository();
        Map<String, Object> userSession = userRepository.getUserSession(currentAppId, Endecrypt.escape(decode));
        Date date = userSession == null ? null : Convert.toDate(userSession.get(IUserRepository.SESSIONTABLE_FIELDS[12]));
        if (date != null && date.before(GeneralUtil.Now())) {
            throw new NeedLoginException("登入会话超时，请重新登入。");
        }
        IUser user = getUser(userRepository, authenticationTokenInfo);
        if (user == null) {
            return null;
        }
        appendUserExtArgument(userRepository, str2, user);
        user.setSessionId(IUserRepository.SESSIONTABLE_FIELDS[0]);
        user.setAuthenTokens(decode, getAuthMode(), true);
        WebHelper.setSessionAttr(user.getAuthenTokens() + "/" + (str2 == null ? "" : str2), user);
        return user;
    }

    protected IUser getUser(IUserRepository iUserRepository, AuthenticationTokenInfo authenticationTokenInfo) {
        try {
            return iUserRepository.getUser(authenticationTokenInfo.AppId, authenticationTokenInfo.UserOwner, authenticationTokenInfo.WorkNo, null, authenticationTokenInfo.MemberNo, false, authenticationTokenInfo.ClientInfo, null, true);
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    protected IUser getUser(IUserRepository iUserRepository, SysUserAuthenArgument sysUserAuthenArgument) {
        IUser user;
        if (sysUserAuthenArgument.isNoPwgLogin()) {
            return iUserRepository.mo7getNoPwdUser(sysUserAuthenArgument.getAuthAppId(), sysUserAuthenArgument.getUserName(), null);
        }
        boolean z = !StringUtils.isEmpty(sysUserAuthenArgument.getWeiXinId());
        if (!z && (!userCodeValide(sysUserAuthenArgument.getUserName()) || (!"2".equals(sysUserAuthenArgument.getNeedValidCode()) && !passwordValide(sysUserAuthenArgument.getUserSecret())))) {
            throw new LoginFailException("无效的账号或密码.已连续失败1次。超过5次账号将被锁定。");
        }
        if (StringUtils.isBlank(sysUserAuthenArgument.getAuthAppId())) {
            throw new AppException("AuthAppId is null.");
        }
        String authAppId = sysUserAuthenArgument.getAuthAppId();
        if (z) {
            String userOwner = sysUserAuthenArgument.getUserOwner();
            user = iUserRepository.mo11getUserByWx(authAppId, sysUserAuthenArgument.getWeiXinId(), false);
            if (user == null) {
                user = iUserRepository.mo10createWxUser(authAppId, sysUserAuthenArgument, userOwner);
            }
        } else if ("2".equals(sysUserAuthenArgument.getNeedValidCode())) {
            user = iUserRepository.mo9getUserByPhone(authAppId, sysUserAuthenArgument.getUserName());
            if (user == null) {
                user = iUserRepository.mo8createPhoneUser(authAppId, sysUserAuthenArgument.getUserName(), sysUserAuthenArgument.getUserOwner());
            }
        } else {
            user = iUserRepository.getUser(authAppId, sysUserAuthenArgument.getUserOwner(), sysUserAuthenArgument.getUserName(), sysUserAuthenArgument.getUserSecret(), sysUserAuthenArgument.getMemberNo(), true, sysUserAuthenArgument.getClientInfo(), SysAppAuthCfg.getSysAppAuthCfg(authAppId, true), true);
            if (user != null) {
            }
        }
        return user;
    }

    private IUserRepository getUserRepository() {
        return (IUserRepository) ContextManager.findService(IUserRepository.class);
    }

    void appendUserExtArgument(IUserRepository iUserRepository, String str, IUser iUser) {
        if (iUser != null) {
            if (iUser.getExtArgument() == null) {
                iUser.setExtArgument(new MobileDictionary());
            }
            if ("POST_ADMIN".equals(iUser.getExtArgument().get("POSTID"))) {
                iUser.getExtArgument().put("clientIp", SecurityUtils.getClientIp());
            } else {
                List<String> userForbidActInsIds = getUserRepository().getUserForbidActInsIds(str, iUser.getId());
                if (userForbidActInsIds != null) {
                    iUser.getExtArgument().put("userLimitIds", userForbidActInsIds);
                    iUser.getExtArgument().put("clientIp", SecurityUtils.getClientIp());
                }
            }
            Map<String, String> roleObjPower = getUserRepository().getRoleObjPower(str, iUser.getId());
            if (roleObjPower != null) {
                iUser.getExtArgument().put("roleObjPower", roleObjPower);
            }
        }
    }

    protected boolean generalLogin(IUserRepository iUserRepository, SysUserAuthenArgument sysUserAuthenArgument, RefObject<IUser> refObject) {
        refObject.argValue = getUser(iUserRepository, sysUserAuthenArgument);
        return refObject.argValue != null;
    }

    public boolean userCodeValide(String str) {
        return !StringUtils.isBlank(str) && StringUtils.indexOfAny(str, " ',;:?(){}+-|\\%*&~`!^".toCharArray()) < 0 && str.length() <= 100;
    }

    public boolean passwordValide(String str) {
        return !StringUtils.isBlank(str);
    }

    private String getAuthMode() {
        return "acpLocal";
    }

    @Override // cn.hangar.agp.module.security.oauth.IOauthProvider
    public boolean quitAuthenticate(String str) {
        IAuthenticationTokensEncoder iAuthenticationTokensEncoder = (IAuthenticationTokensEncoder) ContextManager.find(IAuthenticationTokensEncoder.class);
        AuthenticationTokenInfo authenticationTokenInfo = new AuthenticationTokenInfo();
        if (iAuthenticationTokensEncoder.decodeToken(str, authenticationTokenInfo) && !StringUtils.isEmpty(authenticationTokenInfo.AuthAccessName)) {
            IOauthProvider iOauthProvider = (IOauthProvider) ContextManager.find(authenticationTokenInfo.AuthAccessName, IOauthProvider.class);
            if (iOauthProvider != null) {
                try {
                    iOauthProvider.quitAuthenticate(str);
                } catch (Exception e) {
                    this.log.error(e);
                }
            }
            this.log.info("调用三方登出:" + authenticationTokenInfo.AuthAccessName + "  authenTokens：" + str + " token：" + authenticationTokenInfo.UserToken);
        }
        this.log.info("删除Db用户Session");
        try {
            getUserRepository().quitLogCommand(authenticationTokenInfo.AppId, str);
            return true;
        } catch (Exception e2) {
            this.log.error(e2);
            return false;
        }
    }

    @Override // cn.hangar.agp.module.security.oauth.IOauthProvider
    public OauthInfo authenticate(Object obj, String str) {
        SysUserAuthenArgument sysUserAuthenArgument = (SysUserAuthenArgument) SysUserAuthenArgument.class.cast(obj);
        RefObject<IUser> refObject = new RefObject<>();
        generalLogin(getUserRepository(), sysUserAuthenArgument, refObject);
        IUser iUser = (IUser) refObject.argValue;
        if (iUser == null) {
            return null;
        }
        OauthInfo oauthInfo = new OauthInfo();
        oauthInfo.setToken(iUser.getAuthenTokens());
        oauthInfo.setTokenType(iUser.getAuthenticationType());
        oauthInfo.setClientId(sysUserAuthenArgument.getAuthAppId());
        oauthInfo.setTagUser(iUser);
        return oauthInfo;
    }

    @Override // cn.hangar.agp.module.security.oauth.IOauthProvider
    /* renamed from: checkToken */
    public IUser mo4checkToken(OauthInfo oauthInfo, RefObject<Object> refObject) {
        return oauthInfo.getTagUser() != null ? oauthInfo.getTagUser() : checkAuthenticate(oauthInfo.getToken(), oauthInfo.getClientId());
    }

    @Override // cn.hangar.agp.module.security.oauth.IOauthProvider
    public boolean checkAuthenticate(Object obj) {
        SysUserAuthenArgument sysUserAuthenArgument = (SysUserAuthenArgument) SysUserAuthenArgument.class.cast(obj);
        RefObject<IUser> refObject = new RefObject<>();
        try {
            generalLogin(getUserRepository(), sysUserAuthenArgument, refObject);
        } catch (Exception e) {
            this.log.warn(e);
        }
        return refObject.argValue != null;
    }

    @Override // cn.hangar.agp.module.security.oauth.IOauthProvider
    public OauthInfo refushTolen(OauthInfo oauthInfo) {
        if (this.tokensEncoder == null) {
            this.tokensEncoder = (IAuthenticationTokensEncoder) ContextManager.find(IAuthenticationTokensEncoder.class);
        }
        AuthenticationTokenInfo authenticationTokenInfo = new AuthenticationTokenInfo();
        if (!this.tokensEncoder.decodeToken(oauthInfo.getToken(), authenticationTokenInfo)) {
            return null;
        }
        oauthInfo.setToken(this.tokensEncoder.encodeToken(authenticationTokenInfo));
        oauthInfo.setJti(GeneralUtil.UUID());
        oauthInfo.setExpiresIn(authenticationTokenInfo.ExpiresIn);
        return oauthInfo;
    }

    @Override // cn.hangar.agp.module.security.oauth.IOauthProvider
    public String parseRedirectUri(String str, String str2) {
        return null;
    }
}
