package com.lc.ibps.cloud.oauth.server.provider;

import com.lc.ibps.api.org.constant.UserStatus;
import com.lc.ibps.api.org.service.IPartyEmployeeMgrService;
import com.lc.ibps.api.tenant.service.ITenantQueryService;
import com.lc.ibps.auth.constants.ClientStatus;
import com.lc.ibps.auth.constants.GrantType;
import com.lc.ibps.auth.constants.Scope;
import com.lc.ibps.auth.persistence.entity.AuthClientPo;
import com.lc.ibps.auth.repository.AuthClientRepository;
import com.lc.ibps.base.core.exception.BaseException;
import com.lc.ibps.base.core.util.BeanUtils;
import com.lc.ibps.base.core.util.UUIDUtil;
import com.lc.ibps.base.core.util.string.StringUtil;
import com.lc.ibps.base.core.util.string.StringValidator;
import com.lc.ibps.base.core.util.time.DateUtil;
import com.lc.ibps.base.web.context.RequestContext;
import com.lc.ibps.cloud.identifier.IdGenerator;
import com.lc.ibps.cloud.identifier.config.IdConfig;
import com.lc.ibps.cloud.oauth.exception.ExcessiveAttemptsException;
import com.lc.ibps.cloud.oauth.exception.ExpiredAccountException;
import com.lc.ibps.cloud.oauth.exception.ExpiredCredentialsException;
import com.lc.ibps.cloud.oauth.exception.ExpiredSecretException;
import com.lc.ibps.cloud.oauth.exception.InactiveException;
import com.lc.ibps.cloud.oauth.exception.IncorrectCredentialsException;
import com.lc.ibps.cloud.oauth.exception.LockedAccountException;
import com.lc.ibps.cloud.oauth.exception.ManyIncorrectCredentialsException;
import com.lc.ibps.cloud.oauth.exception.NopassException;
import com.lc.ibps.cloud.oauth.exception.PenddingException;
import com.lc.ibps.cloud.oauth.exception.UnknownAccountException;
import com.lc.ibps.cloud.oauth.helper.RegDataToUser;
import com.lc.ibps.cloud.oauth.server.config.TokenConfig;
import com.lc.ibps.cloud.oauth.server.config.UserConfig;
import com.lc.ibps.cloud.oauth.server.config.UserLimitConfig;
import com.lc.ibps.cloud.provider.GenericProvider;
import com.lc.ibps.cloud.redis.config.AppConfig;
import com.lc.ibps.cloud.redis.utils.RedisUtil;
import com.lc.ibps.cloud.utils.RequestUtil;
import com.lc.ibps.org.auth.persistence.entity.UserSecurityPo;
import com.lc.ibps.org.auth.repository.UserSecurityRepository;
import com.lc.ibps.org.party.persistence.entity.PartyEmployeePo;
import com.lc.ibps.org.party.persistence.entity.PartyUserPo;
import com.lc.ibps.org.party.repository.DefaultPartyRoleRepository;
import com.lc.ibps.org.party.repository.DefaultPartyUserRepository;
import com.lc.ibps.org.party.repository.PartyEmployeeRepository;
import com.lc.ibps.org.party.repository.PartyOrgRepository;
import com.lc.ibps.org.party.repository.PartyPositionRepository;
import com.lc.ibps.org.party.repository.PartyUserLimitRepository;
import com.lc.ibps.org.party.repository.PartyUserRepository;
import com.lc.ibps.register.constants.RegDBConstants;
import com.lc.ibps.register.persistence.entity.RegDataPo;
import com.lc.ibps.register.repository.RegDataRepository;
import java.util.Date;
import java.util.concurrent.TimeUnit;
import javax.annotation.Resource;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;

/* loaded from: input_file:com/lc/ibps/cloud/oauth/server/provider/BaseProvider.class */
public class BaseProvider extends GenericProvider {
    protected Logger logger = LoggerFactory.getLogger(getClass());

    @Autowired
    private IdGenerator idGenerator;

    @Autowired
    protected PartyUserRepository partyUserRepository;

    @Autowired
    protected DefaultPartyUserRepository defaultPartyUserRepository;

    @Resource
    protected IPartyEmployeeMgrService employeeService;

    @Autowired
    protected PartyEmployeeRepository partyEmployeeRepository;

    @Autowired
    protected AuthClientRepository authClientRepository;

    @Autowired
    protected PartyUserLimitRepository partyUserLimitRepository;

    @Autowired
    protected UserSecurityRepository userSecurityRepository;

    @Resource
    protected PartyOrgRepository partyOrgRepository;

    @Resource
    protected PartyPositionRepository partyPositionRepository;

    @Autowired
    protected DefaultPartyRoleRepository defaultPartyRoleRepository;

    @Resource
    protected RegDataRepository regDataRepository;

    @Resource
    protected ITenantQueryService tenantQueryService;

    @Autowired
    protected TokenConfig tokenConfig;

    @Autowired
    protected AppConfig appConfig;

    @Autowired
    protected UserConfig userConfig;

    @Autowired
    protected UserLimitConfig userLimitConfig;

    @Autowired
    private IdConfig idConfig;

    protected AuthClientPo validate(String str) {
        AuthClientPo byClientId = this.authClientRepository.getByClientId(str);
        if (BeanUtils.isEmpty(byClientId)) {
            throw new BaseException("授权不存在");
        }
        return byClientId;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public AuthClientPo validateScope(String str, String str2) {
        AuthClientPo validate = validate(str);
        validateScope(str2, validate);
        return validate;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public AuthClientPo validateGrantType(String str, String str2) {
        AuthClientPo validate = validate(str);
        validateGrantType(str2, validate);
        return validate;
    }

    protected AuthClientPo validate(String str, String str2) {
        AuthClientPo validate = validate(str);
        if (!validate.getClientSecret().equals(str2)) {
            throw new BaseException("密钥错误");
        }
        if (DateUtil.compare(validate.getExpireTime(), new Date())) {
            throw new BaseException("授权申请已过期");
        }
        if (StringUtil.isBlank(validate.getStatus())) {
            throw new BaseException("接入授权状态值为空");
        }
        if (ClientStatus.PEDDING.getValue().equalsIgnoreCase(validate.getStatus())) {
            throw new PenddingException("接入授权未审核");
        }
        if (ClientStatus.NOPASS.getValue().equalsIgnoreCase(validate.getStatus())) {
            throw new NopassException("接入授权未通过");
        }
        if (ClientStatus.EXPIRED.getValue().equalsIgnoreCase(validate.getStatus())) {
            throw new ExpiredSecretException("接入授权已过期");
        }
        return validate;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public AuthClientPo validateScope(String str, String str2, String str3) {
        AuthClientPo validate = validate(str, str2);
        validateScope(str3, validate);
        return validate;
    }

    private void validateScope(String str, AuthClientPo authClientPo) {
        if (!Scope.isValid(str)) {
            throw new BaseException("作用域不存在");
        }
        if (StringUtil.isBlank(authClientPo.getScope())) {
            throw new BaseException("作用域[" + str + "]不支持");
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public AuthClientPo validateGrantType(String str, String str2, String str3) {
        AuthClientPo validate = validate(str, str2);
        validateGrantType(str3, validate);
        return validate;
    }

    private void validateGrantType(String str, AuthClientPo authClientPo) {
        if (!GrantType.isValid(str)) {
            throw new BaseException("授权模式不存在");
        }
        if (StringUtil.isBlank(authClientPo.getGrantTypes())) {
            throw new BaseException("授权模式[" + str + "]不支持");
        }
        if (!authClientPo.getGrantTypes().contains(str)) {
            throw new BaseException("授权模式[" + str + "]不支持");
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public PartyUserPo getByAccount(String str) {
        if (StringUtil.isEmpty(str)) {
            throw new BaseException("account is empty.");
        }
        PartyUserPo partyUserPo = null;
        if (!RegDBConstants.REGISTER_ENABLED) {
            partyUserPo = StringValidator.isMobile(str) ? this.defaultPartyUserRepository.getByMobile(str) : StringValidator.isEmail(str) ? this.defaultPartyUserRepository.getByEmail(str) : this.defaultPartyUserRepository.getByAccount(str);
        } else {
            if (!StringValidator.isMobile(str)) {
                throw new BaseException("account is not phone number.");
            }
            RegDataPo byMobile = this.regDataRepository.getByMobile(str);
            if (byMobile != null) {
                partyUserPo = RegDataToUser.toUser(byMobile);
            }
        }
        return partyUserPo;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public PartyUserPo login(String str, String str2) {
        return login(str2, getByAccount(str));
    }

    private PartyUserPo login(String str, PartyUserPo partyUserPo) {
        RegDataPo byMobile;
        if (BeanUtils.isEmpty(partyUserPo)) {
            throw new UnknownAccountException("未知账号");
        }
        String account = partyUserPo.getAccount();
        if (!RegDBConstants.REGISTER_ENABLED) {
            PartyEmployeePo partyEmployeePo = this.partyEmployeeRepository.get(partyUserPo.getUserId());
            if (BeanUtils.isEmpty(partyEmployeePo)) {
                throw new UnknownAccountException("用户数据不完整");
            }
            verifyStatus(partyEmployeePo.getStatus());
        }
        matchPassword(account, str, partyUserPo);
        expriedPassword(partyUserPo);
        RedisUtil.redisTemplateString.delete(this.appConfig.getRedisKey(new String[]{"login.retry", account}));
        if (RegDBConstants.REGISTER_ENABLED && StringValidator.isMobile(account) && (byMobile = this.regDataRepository.getByMobile(account)) != null) {
            byMobile.setLastLoginTime(new Date());
            byMobile.setLoginTimes(Long.valueOf(BeanUtils.isEmpty(byMobile.getLoginTimes()) ? 1L : byMobile.getLoginTimes().longValue() + 1));
            this.regDataRepository.newInstance(byMobile).update();
        }
        return partyUserPo;
    }

    private void verifyStatus(String str) {
        if (StringUtil.isBlank(str)) {
            throw new BaseException("用户状态值为空");
        }
        if (UserStatus.INACTIVE.getValue().equalsIgnoreCase(str)) {
            throw new InactiveException("用户未激活");
        }
        if (UserStatus.LOCKED.getValue().equalsIgnoreCase(str)) {
            throw new LockedAccountException("用户被锁定");
        }
        if (UserStatus.EXPIRED.getValue().equalsIgnoreCase(str)) {
            throw new ExpiredAccountException("用户已过期");
        }
        if (UserStatus.DISABLED.getValue().equalsIgnoreCase(str)) {
            throw new ExpiredAccountException("用户被禁用");
        }
        if (UserStatus.DELETED.getValue().equalsIgnoreCase(str)) {
            throw new UnknownAccountException("用户被删除");
        }
    }

    private void matchPassword(String str, String str2, PartyUserPo partyUserPo) {
        this.userLimitConfig.verifyNoLogin(str);
        String encrypt = this.userConfig.encrypt(str2);
        if (partyUserPo.getPassword().equals(encrypt)) {
            return;
        }
        this.logger.warn("user encrypt password {}, input encrypt password {}.", partyUserPo.getPassword(), encrypt);
        String redisKey = this.appConfig.getRedisKey(new String[]{"login.retry", str});
        Integer num = (Integer) RedisUtil.redisTemplateInteger.opsForValue().get(redisKey);
        Integer valueOf = Integer.valueOf(num == null ? 0 : num.intValue());
        int retry = this.userConfig.getCaptcha().getRetry();
        int retry2 = this.userLimitConfig.getRetry();
        Integer valueOf2 = Integer.valueOf(valueOf.intValue() + 1);
        RedisUtil.redisTemplateInteger.opsForValue().set(redisKey, valueOf2);
        RedisUtil.redisTemplateInteger.expireAt(redisKey, getTomorrowDate());
        if (valueOf2.intValue() >= retry2) {
            this.employeeService.lockByAccount(str, this.userLimitConfig.getMode(), Integer.valueOf(this.userLimitConfig.getTime()));
            throw new ExcessiveAttemptsException("多次登录失败，用户被锁定");
        }
        if (valueOf2.intValue() < retry) {
            throw new IncorrectCredentialsException("用户名或密码错误");
        }
        String redisKey2 = this.appConfig.getRedisKey(new String[]{"login.captcha", RequestUtil.getIpAddr(RequestContext.getHttpServletRequest())});
        RedisUtil.redisTemplateString.opsForValue().set(redisKey2, "Y");
        RedisUtil.redisTemplateString.expireAt(redisKey2, getTomorrowDate());
        this.logger.warn("用户{}多次登录失败，强制要求输入验证码!", str);
        throw new ManyIncorrectCredentialsException("用户名或密码错误");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void unlockByAccount(String str) {
        this.employeeService.unlockByAccount(str);
    }

    private void expriedPassword(PartyUserPo partyUserPo) {
        UserSecurityPo defaultUserSecurity = this.userSecurityRepository.getDefaultUserSecurity();
        if (BeanUtils.isEmpty(defaultUserSecurity)) {
            return;
        }
        short shortValue = defaultUserSecurity.getTimeLimit().shortValue();
        Date createTime = partyUserPo.getCreateTime();
        Date updateTime = partyUserPo.getUpdateTime();
        Date date = BeanUtils.isEmpty(updateTime) ? createTime : updateTime;
        if (BeanUtils.isEmpty(date)) {
            date = new Date();
        }
        if (DateUtil.compare(DateUtil.addDays(date, shortValue), new Date())) {
            throw new ExpiredCredentialsException("密码过期，请修改密码后再登录");
        }
    }

    private Date getTomorrowDate() {
        return DateUtil.setMilliseconds(DateUtil.setSeconds(DateUtil.setMinutes(DateUtil.setHours(DateUtil.addDays(new Date(), 1), 0), 0), 0), 0);
    }

    protected Date getExpriedDate() {
        return cn.hutool.core.date.DateUtil.offsetMinute(new Date(), this.userLimitConfig.getTime()).toJdkDate();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String uuid() {
        return "SnowFlake".equalsIgnoreCase(this.idConfig.getType()) ? this.idGenerator.getId() : "uuid".equalsIgnoreCase(this.idConfig.getType()) ? UUIDUtil.uuid() : UUIDUtil.uuid();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void cleanAndCacheKeys(String str, String... strArr) {
        cleanCacheKeys(str);
        cacheKeys(str, strArr);
    }

    protected void cacheKeys(String str, String... strArr) {
        if (StringUtil.isBlank(str) || BeanUtils.isEmpty(strArr)) {
            return;
        }
        long longValue = RedisUtil.redisTemplateString.opsForList().rightPushAll(str, strArr).longValue();
        RedisUtil.redisTemplateString.expire(str, this.tokenConfig.getRemind().intValue(), TimeUnit.SECONDS);
        this.logger.debug("{} size {}.", str, Long.valueOf(longValue));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void cleanCacheKeys(String str) {
        if (StringUtil.isBlank(str)) {
            return;
        }
        long longValue = RedisUtil.redisTemplateString.opsForList().size(str).longValue();
        this.logger.debug("{} size {}.", str, Long.valueOf(longValue));
        RedisUtil.redisTemplateString.delete(RedisUtil.redisTemplateString.opsForList().range(str, 0L, longValue));
        RedisUtil.redisTemplateString.delete(str);
    }
}
