package cn.ibizlab.util.service;

import cn.ibizlab.util.client.UaaFeignClient;
import cn.ibizlab.util.errors.BadRequestAlertException;
import cn.ibizlab.util.errors.ErrorConstants;
import cn.ibizlab.util.errors.InternalServerErrorException;
import cn.ibizlab.util.security.AuthenticationInfo;
import cn.ibizlab.util.security.AuthenticationUser;
import cn.ibizlab.util.security.AuthorizationLogin;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jose.crypto.MACSigner;
import com.nimbusds.jose.crypto.MACVerifier;
import com.nimbusds.jose.crypto.RSASSAVerifier;
import com.nimbusds.jose.jwk.RSAKey;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.SignedJWT;
import java.text.SimpleDateFormat;
import java.util.Collection;
import java.util.Date;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.autoconfigure.condition.ConditionalOnExpression;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.stereotype.Service;
import org.springframework.util.ObjectUtils;

@Service("IBZUAAUserService")
@ConditionalOnExpression(" '${ibiz.ref.service.rt.version:}'.equals('RT2') || '${ibiz.auth.service:Uaa20UserService}'.equals('Uaa20UserService') ")
/* loaded from: input_file:cn/ibizlab/util/service/Uaa20UserService.class */
public class Uaa20UserService implements UserServiceAdapter {

    @Value("${ibiz.jwt.secret:MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAKaTz4pgOR/p0RjlczM0dErf4ZUNziE/HJcfKDLPu77Gs2EJdDK0uGfPI3GX/eRwX9L9bTZJtz9sX2fkRqRt3gWnsMypT2P/cO/2GgtRCPHRFD7BI+Df32isEJZ6M4kD9tyKLw8Y9KuP0C20ZMMDeCrrbjMagMMrwTOM4/4eFjzVAgMBAAECgYEAnH3mj2hgolOmhg4hkOxpiGIV6lMi4OcKtAqoWDwCdHL12GbqTCytxZC7Cp+w/Wh5DZ3aeRL93c6xPsgdeaJh3kYa4ooo6b5tFHPU63VU5MBgwGzi26/6GB4GCXxGMB+SxmdigDmmPIYbXD+jO2oj1s8hj+DOE4U2fIjeZ//DumECQQDlA74KHNZlKxoWl0FoHCgcIHFBZcQWKO3puhrH7VsRYI7CVVguE57NBT6QvAmU9r32PDt64tS0Qd1sCrk4uEqtAkEAujSj/cwF4ctQZCbUoMMzK/mw8ZxW3M6VK3urbq8fyFJ2iT2aLV3jE3+tnDdpezcfnbs/9SVXeFmJpdg/L7hnyQJAQyxo1qCExmHxIgU1uyrfHPjrH2qRLIrO1gqvhkr5tkwjM59C4SkCIFLUejGdgeMp7wrVy4KzLzhOkT1H/PoZdQJAEbKxJ409veFKKcq7CPCkq3hXBg/a/a+w4+okOCfy+GJGG/M79TXoQFExWhi2MNzjZ2WFxbIf5zNzbszn7Iw1aQJBAIXpKrQ0sLxr0rFzsoHBrobPcnQeutzypQNTPkoItILVP9pWz+aUfIKnOHEC5GAdD2LPZZ/pF7ixdRd9nBab+pk=}")
    private String secret;

    @Value("${ibiz.jwt.expiration:7200000}")
    private Long expiration;

    @Value("${ibiz.jwt.signature:MAC}")
    private String signature;

    @Autowired
    private UaaFeignClient uaaFeignClient;
    protected SimpleDateFormat sdf = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");
    protected static final String SIGNATURE_RSA = "RSA";
    protected static final String SIGNATURE_MAC = "MAC";

    @Override // cn.ibizlab.util.service.UserServiceAdapter
    public AuthenticationInfo loadUserByLogin(String str, String str2) {
        String[] split = str.split("[|]");
        String str3 = str;
        String str4 = ErrorConstants.PROBLEM_BASE_URL;
        if (split.length == 2) {
            str3 = split[0].trim();
            str4 = split[1].trim();
        }
        AuthorizationLogin authorizationLogin = new AuthorizationLogin();
        authorizationLogin.setDomain(str4);
        authorizationLogin.setLoginname(str3);
        authorizationLogin.setPassword(str2);
        AuthenticationInfo login = this.uaaFeignClient.login(authorizationLogin);
        if (login.getUser() == null) {
            throw new BadRequestAlertException("登录失败", "IBZUAAUser", str);
        }
        return login;
    }

    @Override // cn.ibizlab.util.service.UserServiceAdapter
    public AuthenticationUser loadUserByUsername(String str) {
        return this.uaaFeignClient.loadUserByUsername(str);
    }

    @Override // cn.ibizlab.util.service.UserServiceAdapter
    public Map<String, Object> getAppData(String str, boolean z) {
        HashMap hashMap = new HashMap();
        HashSet hashSet = new HashSet();
        HashSet hashSet2 = new HashSet();
        AuthenticationUser authenticationUser = AuthenticationUser.getAuthenticationUser();
        Collection<GrantedAuthority> authorities = authenticationUser.getAuthorities();
        if (z && !ObjectUtils.isEmpty(str) && !ObjectUtils.isEmpty(authorities)) {
            authorities.forEach(grantedAuthority -> {
                String authority = grantedAuthority.getAuthority();
                if (authority.startsWith(str)) {
                    hashSet2.add(authority);
                }
                if (authority.startsWith(String.format("%1$s-APPMENU", str))) {
                    hashSet.add(authority.substring(str.length() + 9));
                }
            });
        }
        if (!ObjectUtils.isEmpty(authenticationUser.getExpiration())) {
            hashMap.put("expireddate", dtFormat.format(authenticationUser.getExpiration()));
        }
        HashMap hashMap2 = new HashMap();
        hashMap2.putAll(authenticationUser.getSessionParams());
        hashMap2.put("srfusername", authenticationUser.getDisplayName());
        hashMap.put("context", hashMap2);
        hashMap.put("unires", hashSet2);
        hashMap.put("appmenu", hashSet);
        hashMap.put("enablepermissionvalid", Boolean.valueOf(!authenticationUser.isSuperUser() && z));
        return hashMap;
    }

    @Override // cn.ibizlab.util.service.UserServiceAdapter
    public Map<String, List<String>> getOrgInfo(String str, String str2) {
        return this.uaaFeignClient.getOrgInfo(str, str2);
    }

    @Override // cn.ibizlab.util.service.UserServiceAdapter
    public String generateToken(UserDetails userDetails) {
        if (ObjectUtils.isEmpty(this.signature) || SIGNATURE_MAC.equalsIgnoreCase(this.signature)) {
            return generateTokenByMAC(userDetails);
        }
        throw new InternalServerErrorException(String.format("生成访问令牌出错，签名暂未支持[%1$s]加密算法", this.signature));
    }

    protected String generateTokenByMAC(UserDetails userDetails) {
        Date date = new Date();
        MACSigner mACSigner = new MACSigner(getSecret());
        SignedJWT signedJWT = new SignedJWT(new JWSHeader.Builder(JWSAlgorithm.HS512).contentType("JWS").build(), new JWTClaimsSet.Builder().subject(userDetails.getUsername()).issueTime(date).expirationTime(new Date(date.getTime() + getExpiration().longValue())).build());
        signedJWT.sign(mACSigner);
        return signedJWT.serialize();
    }

    @Override // cn.ibizlab.util.service.UserServiceAdapter
    public Boolean validateToken(String str, UserDetails userDetails) {
        if (ObjectUtils.isEmpty(this.signature) || SIGNATURE_MAC.equalsIgnoreCase(this.signature)) {
            return validateTokenByMAC(str, userDetails);
        }
        if (SIGNATURE_RSA.equalsIgnoreCase(this.signature)) {
            return validateTokenByRSA(str, userDetails);
        }
        throw new InternalServerErrorException(String.format("验证访问令牌出错，签名暂未支持[%1$s]加密算法", this.signature));
    }

    protected Boolean validateTokenByMAC(String str, UserDetails userDetails) {
        Date date = new Date();
        MACVerifier mACVerifier = new MACVerifier(getSecret());
        SignedJWT parse = SignedJWT.parse(str);
        JWTClaimsSet jWTClaimsSet = parse.getJWTClaimsSet();
        if (!parse.verify(mACVerifier) || !date.before(jWTClaimsSet.getExpirationTime())) {
            return false;
        }
        if (userDetails instanceof AuthenticationUser) {
            AuthenticationUser authenticationUser = (AuthenticationUser) userDetails;
            authenticationUser.setToken(str);
            authenticationUser.setExpiration(jWTClaimsSet.getExpirationTime());
        }
        return true;
    }

    protected Boolean validateTokenByRSA(String str, UserDetails userDetails) {
        String signatureKey = this.uaaFeignClient.signatureKey();
        if (ObjectUtils.isEmpty(signatureKey)) {
            throw new BadRequestAlertException("验证访问令牌出错，未能获取到公钥信息", "Token", str);
        }
        Date date = new Date();
        RSASSAVerifier rSASSAVerifier = new RSASSAVerifier(RSAKey.parse(signatureKey));
        SignedJWT parse = SignedJWT.parse(str);
        JWTClaimsSet jWTClaimsSet = parse.getJWTClaimsSet();
        if (!parse.verify(rSASSAVerifier)) {
            return false;
        }
        if (date.after(jWTClaimsSet.getExpirationTime())) {
            throw new BadRequestAlertException(String.format("访问令牌已过期，令牌有效期为[%1$s]，当前时间为[%2$s]", this.sdf.format(jWTClaimsSet.getExpirationTime()), this.sdf.format(date)), "Token", str);
        }
        AuthenticationUser authenticationUser = (AuthenticationUser) userDetails;
        authenticationUser.set("token", str);
        authenticationUser.set("expiration", jWTClaimsSet.getExpirationTime());
        return true;
    }

    @Override // cn.ibizlab.util.service.UserServiceAdapter
    public String getSecret() {
        return this.secret;
    }

    @Override // cn.ibizlab.util.service.UserServiceAdapter
    public Long getExpiration() {
        return this.expiration;
    }
}
