package com.lc.ibps.cloud.oauth.server.provider;

import cn.hutool.core.date.DateUtil;
import cn.hutool.core.date.SystemClock;
import com.lc.ibps.api.base.constants.StateEnum;
import com.lc.ibps.api.base.page.Page;
import com.lc.ibps.api.base.query.QueryFilter;
import com.lc.ibps.api.org.constant.UserStatus;
import com.lc.ibps.auth.constants.ApiGrantType;
import com.lc.ibps.auth.constants.GrantType;
import com.lc.ibps.auth.constants.Scope;
import com.lc.ibps.base.core.encrypt.EncryptUtil;
import com.lc.ibps.base.core.exception.Assert;
import com.lc.ibps.base.core.exception.BaseException;
import com.lc.ibps.base.core.exception.NotRequiredI18nException;
import com.lc.ibps.base.core.util.AppUtil;
import com.lc.ibps.base.core.util.BeanUtils;
import com.lc.ibps.base.core.util.ExceptionUtil;
import com.lc.ibps.base.core.util.I18nUtil;
import com.lc.ibps.base.core.util.JacksonUtil;
import com.lc.ibps.base.core.util.string.StringUtil;
import com.lc.ibps.base.datasource.dynamic.DbContextHolder;
import com.lc.ibps.base.datasource.util.DbUtil;
import com.lc.ibps.base.db.tenant.utils.TenantQueryUtil;
import com.lc.ibps.base.db.tenant.utils.TenantUtil;
import com.lc.ibps.base.framework.page.PageList;
import com.lc.ibps.base.framework.page.PageResult;
import com.lc.ibps.base.saas.context.TenantContext;
import com.lc.ibps.cloud.config.AuthorizationConfig;
import com.lc.ibps.cloud.entity.APIPageList;
import com.lc.ibps.cloud.entity.APIRequest;
import com.lc.ibps.cloud.entity.APIResult;
import com.lc.ibps.cloud.oauth.entity.AccessTokenVo;
import com.lc.ibps.cloud.oauth.entity.LoginVo;
import com.lc.ibps.cloud.oauth.entity.SwitchVo;
import com.lc.ibps.cloud.oauth.entity.TokenEntity;
import com.lc.ibps.cloud.oauth.entity.TokenParamVo;
import com.lc.ibps.cloud.oauth.entity.TokenVo;
import com.lc.ibps.cloud.oauth.exception.DisabledAccountException;
import com.lc.ibps.cloud.oauth.exception.ExcessiveAttemptsException;
import com.lc.ibps.cloud.oauth.exception.ExpiredAccountException;
import com.lc.ibps.cloud.oauth.exception.ExpiredCredentialsException;
import com.lc.ibps.cloud.oauth.exception.InactiveException;
import com.lc.ibps.cloud.oauth.exception.IncorrectCredentialsException;
import com.lc.ibps.cloud.oauth.exception.LockedAccountException;
import com.lc.ibps.cloud.oauth.exception.ManyIncorrectCredentialsException;
import com.lc.ibps.cloud.oauth.exception.UnknownAccountException;
import com.lc.ibps.cloud.oauth.server.context.InnerContextUtil;
import com.lc.ibps.cloud.oauth.server.event.SwitchUserEvent;
import com.lc.ibps.cloud.oauth.server.event.SwitchUserModel;
import com.lc.ibps.cloud.redis.utils.RedisUtil;
import com.lc.ibps.components.cache.redis.RedisUtil;
import com.lc.ibps.components.httpclient.http.ApacheHttpClient;
import com.lc.ibps.org.party.persistence.entity.DefaultPartyUserPo;
import com.lc.ibps.org.party.persistence.entity.PartyUserPo;
import com.lc.ibps.org.party.repository.impl.DefaultPartyUserRepositoryImpl;
import com.lc.ibps.register.constants.RegDBConstants;
import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation;
import io.swagger.annotations.ApiParam;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.TimeUnit;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.data.redis.connection.DataType;
import org.springframework.stereotype.Service;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestHeader;
import org.springframework.web.bind.annotation.RequestParam;

@Api(tags = {"认证中心"}, value = "token")
@Service
/* loaded from: input_file:com/lc/ibps/cloud/oauth/server/provider/TokenProvider.class */
public class TokenProvider extends BaseProvider implements ITokenService {

    @Value("${user.client-encrypt.encrypt:false}")
    private boolean encryptEnabled;

    @ApiOperation(value = "申请access_token", notes = "传入授权AppKey，申请access_token")
    public APIResult<TokenEntity> accessToken(@ApiParam(name = "accessTokenVo", value = "访问令牌请求对象", required = true) @RequestBody(required = true) AccessTokenVo accessTokenVo) {
        if (logger.isDebugEnabled()) {
            logger.debug("request access_token");
        }
        APIResult<TokenEntity> aPIResult = new APIResult<>();
        try {
            String grant_type = accessTokenVo.getGrant_type();
            String client_id = accessTokenVo.getClient_id();
            String client_secret = accessTokenVo.getClient_secret();
            if (this.encryptEnabled) {
                client_id = EncryptUtil.decrypt(client_id);
                client_secret = EncryptUtil.decrypt(client_secret);
            }
            String username = accessTokenVo.getUsername();
            String password = accessTokenVo.getPassword();
            String refresh_token = accessTokenVo.getRefresh_token();
            String authorize_code = accessTokenVo.getAuthorize_code();
            String redirect_uri = accessTokenVo.getRedirect_uri();
            TokenEntity tokenEntity = new TokenEntity();
            if (logger.isDebugEnabled()) {
                logger.debug("grant type is {}", grant_type);
            }
            if ("authorization_code".equalsIgnoreCase(grant_type)) {
                genTokenByAuthorizationCode(client_id, client_secret, authorize_code, aPIResult, tokenEntity);
            } else if ("authorization_nfdw".equalsIgnoreCase(grant_type)) {
                genTokenByAuthorizationNfdw(client_id, client_secret, authorize_code, aPIResult, tokenEntity);
            } else if ("password_credentials".equalsIgnoreCase(grant_type)) {
                genTokenByPasswordCredentials(client_id, client_secret, username, password, aPIResult, tokenEntity);
            } else if ("client_credentials".equalsIgnoreCase(grant_type)) {
                genTokenByClientCredentials(client_id, client_secret, aPIResult, tokenEntity);
            } else {
                if (!"refresh_token".equalsIgnoreCase(grant_type)) {
                    aPIResult.setState(StateEnum.ILLEGAL_GRANT_TYPE.getCode());
                    throw new BaseException(StateEnum.ILLEGAL_GRANT_TYPE.getCode(), StateEnum.ILLEGAL_GRANT_TYPE.getText(), new Object[0]);
                }
                genTokenByRefreshToken(username, password, client_id, client_secret, refresh_token, aPIResult, tokenEntity);
            }
            aPIResult.setData(tokenEntity);
            aPIResult.addVariable("redirect_uri", redirect_uri);
        } catch (InactiveException e) {
            if (StateEnum.SUCCESS.getCode() == aPIResult.getState()) {
                aPIResult.setState(StateEnum.ILLEGAL_ACCOUNT_INACTIVE.getCode());
            }
            aPIResult.setCause(ExceptionUtil.analysisCause(e));
            logger.error("access token failed:", e);
        } catch (ExpiredCredentialsException e2) {
            if (StateEnum.SUCCESS.getCode() == aPIResult.getState()) {
                aPIResult.setState(StateEnum.ILLEGAL_ACCOUNT_EXPIRED_CREDENTIALS.getCode());
            }
            aPIResult.setCause(ExceptionUtil.analysisCause(e2));
            logger.error("access token failed:", e2);
        } catch (ExpiredAccountException e3) {
            if (StateEnum.SUCCESS.getCode() == aPIResult.getState()) {
                aPIResult.setState(StateEnum.ILLEGAL_ACCOUNT_EXPIRED.getCode());
            }
            aPIResult.setCause(ExceptionUtil.analysisCause(e3));
            logger.error("access token failed:", e3);
        } catch (UnknownAccountException e4) {
            if (StateEnum.SUCCESS.getCode() == aPIResult.getState() && RegDBConstants.REGISTER_ENABLED) {
                aPIResult.setState(StateEnum.ILLEGAL_ACCOUNT_UNKOWN_REGISTER_FIRST.getCode());
            } else if (StateEnum.SUCCESS.getCode() == aPIResult.getState()) {
                aPIResult.setState(StateEnum.ILLEGAL_ACCOUNT_UNKOWN.getCode());
            }
            aPIResult.setCause(ExceptionUtil.analysisCause(e4));
            logger.error("access token failed:", e4);
        } catch (Exception e5) {
            if (StateEnum.SUCCESS.getCode() == aPIResult.getState()) {
                aPIResult.setState(StateEnum.ILLEGAL_REQUEST.getCode());
            }
            aPIResult.setCause(ExceptionUtil.analysisCause(e5));
            logger.error("access token failed:", e5);
        } catch (DisabledAccountException e6) {
            if (StateEnum.SUCCESS.getCode() == aPIResult.getState()) {
                aPIResult.setState(StateEnum.ILLEGAL_ACCOUNT_DISABLED.getCode());
            }
            aPIResult.setCause(ExceptionUtil.analysisCause(e6));
            logger.error("access token failed:", e6);
        } catch (ExcessiveAttemptsException e7) {
            if (StateEnum.SUCCESS.getCode() == aPIResult.getState()) {
                aPIResult.setState(StateEnum.ILLEGAL_ACCOUNT_LOCKED.getCode());
            }
            aPIResult.setCause(ExceptionUtil.analysisCause(e7));
            logger.error("access token failed:", e7);
        } catch (IncorrectCredentialsException e8) {
            if (StateEnum.SUCCESS.getCode() == aPIResult.getState()) {
                aPIResult.setState(StateEnum.ILLEGAL_ACCOUNT_PASSWORD.getCode());
            }
            aPIResult.setCause(ExceptionUtil.analysisCause(e8));
            logger.error("access token failed:", e8);
        } catch (LockedAccountException e9) {
            if (StateEnum.SUCCESS.getCode() == aPIResult.getState()) {
                aPIResult.setState(StateEnum.ILLEGAL_ACCOUNT_LOCKED.getCode());
            }
            aPIResult.setCause(ExceptionUtil.analysisCause(e9));
            logger.error("access token failed:", e9);
        } catch (ManyIncorrectCredentialsException e10) {
            if (StateEnum.SUCCESS.getCode() == aPIResult.getState()) {
                aPIResult.setState(StateEnum.ILLEGAL_ACCOUNT_PASSWORD_REQUEST_VALIDCODE.getCode());
            }
            aPIResult.setCause(ExceptionUtil.analysisCause(e10));
            logger.error("access token failed:", e10);
        }
        return aPIResult;
    }

    @ApiOperation(value = "切换用户", notes = "传入已授权凭证，申请access_token")
    public APIResult<TokenEntity> switchUser(@ApiParam(name = "switchVo", value = "切换用户请求对象", required = true) @RequestBody(required = true) SwitchVo switchVo) {
        String grant_type;
        String client_id;
        String client_secret;
        String username;
        String access_token;
        String tenantId;
        APIResult<String> verify;
        APIResult<TokenEntity> aPIResult = new APIResult<>();
        try {
            grant_type = switchVo.getGrant_type();
            client_id = switchVo.getClient_id();
            client_secret = switchVo.getClient_secret();
            if (this.encryptEnabled) {
                client_id = EncryptUtil.decrypt(client_id);
                client_secret = EncryptUtil.decrypt(client_secret);
            }
            username = switchVo.getUsername();
            access_token = switchVo.getAccess_token();
            tenantId = switchVo.getTenantId();
            verify = verify(access_token, false, false, tenantId);
        } catch (Exception e) {
            if (StateEnum.SUCCESS.getCode() == aPIResult.getState()) {
                aPIResult.setState(StateEnum.ILLEGAL_REQUEST.getCode());
            }
            aPIResult.setCause(ExceptionUtil.analysisCause(e));
            logger.error("switch user failed:", e);
        }
        if (!verify.isSuccess()) {
            aPIResult.setState(verify.getState());
            aPIResult.setCause(I18nUtil.getMessage(StringUtil.build(new Object[]{"state.", Integer.valueOf(verify.getState())})));
            return aPIResult;
        }
        if (!"authorization_code".equalsIgnoreCase(grant_type) && !"password_credentials".equalsIgnoreCase(grant_type)) {
            throw new BaseException(StateEnum.ILLEGAL_SWITCHING_AUTH_TYPE_NOT_SUPPORT.getCode(), String.format(StateEnum.ILLEGAL_SWITCHING_AUTH_TYPE_NOT_SUPPORT.getText(), grant_type), new Object[]{grant_type});
        }
        String redisKey = this.appConfig.getRedisKey(new String[]{"access.token", access_token});
        Object obj = RedisUtil.redisTemplate.opsForHash().get(redisKey, "client.id");
        Object obj2 = RedisUtil.redisTemplate.opsForHash().get(redisKey, "client.secret");
        if (BeanUtils.isEmpty(obj) || BeanUtils.isEmpty(obj2)) {
            aPIResult.setState(StateEnum.EXPIRED_TOKEN.getCode());
            throw new BaseException(StateEnum.EXPIRED_TOKEN.getCode(), StateEnum.EXPIRED_TOKEN.getText(), new Object[0]);
        }
        String obj3 = obj.toString();
        String obj4 = obj2.toString();
        if (!client_id.equals(obj3) || !client_secret.equals(obj4)) {
            aPIResult.setState(StateEnum.ILLEGAL_CLIENT_ID_SECRET.getCode());
            throw new BaseException(StateEnum.ILLEGAL_CLIENT_ID_SECRET_NO_MATCH.getCode(), StateEnum.ILLEGAL_CLIENT_ID_SECRET_NO_MATCH.getText(), new Object[0]);
        }
        Object obj5 = RedisUtil.redisTemplate.opsForHash().get(redisKey, "user.name");
        if (BeanUtils.isEmpty(obj5)) {
            aPIResult.setState(StateEnum.ILLEGAL_LOGIN_STATE.getCode());
            throw new BaseException(StateEnum.ILLEGAL_LOGIN_STATE.getCode(), StateEnum.ILLEGAL_LOGIN_STATE.getText(), new Object[0]);
        }
        PartyUserPo byAccount = this.partyUserRepository.getByAccount(obj5.toString());
        Assert.notNull(byAccount, StateEnum.ILLEGAL_ACCOUNT_NOT_EXIST.getText(), StateEnum.ILLEGAL_ACCOUNT_NOT_EXIST.getCode(), new Object[0]);
        if (!byAccount.isSuper()) {
            throw new BaseException(StateEnum.ILLEGAL_ACCOUNT_SWITCHING_NOT_ADMIN.getCode(), StateEnum.ILLEGAL_ACCOUNT_SWITCHING_NOT_ADMIN.getText(), new Object[0]);
        }
        if (BeanUtils.isNotEmpty(RedisUtil.redisTemplate.opsForHash().get(redisKey, "primary.refresh.token"))) {
            throw new BaseException(StateEnum.ILLEGAL_ACCOUNT_SWITCHING_CANNOT_STATE.getCode(), StateEnum.ILLEGAL_ACCOUNT_SWITCHING_CANNOT_STATE.getText(), new Object[0]);
        }
        TokenEntity tokenEntity = new TokenEntity();
        genTokenByPrimaryAccessToken(grant_type, client_id, client_secret, access_token, username, aPIResult, tokenEntity);
        aPIResult.setData(tokenEntity);
        AppUtil.publishEvent(new SwitchUserEvent(new SwitchUserModel(byAccount.getAccount(), byAccount.getFullname(), username, tenantId)));
        return aPIResult;
    }

    @ApiOperation(value = "退出切换用户", notes = "传入已授权凭证，申请access_token")
    public APIResult<TokenEntity> exitSwitchUser(@ApiParam(name = "switchVo", value = "切换用户请求对象", required = true) @RequestBody(required = true) SwitchVo switchVo) {
        String grant_type;
        String client_id;
        String client_secret;
        String access_token;
        String username;
        APIResult<String> verify;
        APIResult<TokenEntity> aPIResult = new APIResult<>();
        try {
            grant_type = switchVo.getGrant_type();
            client_id = switchVo.getClient_id();
            client_secret = switchVo.getClient_secret();
            if (this.encryptEnabled) {
                client_id = EncryptUtil.decrypt(client_id);
                client_secret = EncryptUtil.decrypt(client_secret);
            }
            access_token = switchVo.getAccess_token();
            username = switchVo.getUsername();
            verify = verify(access_token, false, false, switchVo.getTenantId());
        } catch (Exception e) {
            if (StateEnum.SUCCESS.getCode() == aPIResult.getState()) {
                aPIResult.setState(StateEnum.ILLEGAL_REQUEST.getCode());
            }
            aPIResult.setCause(ExceptionUtil.analysisCause(e));
            logger.error("exit switch user failed:", e);
        }
        if (!verify.isSuccess()) {
            aPIResult.setState(verify.getState());
            aPIResult.setCause(I18nUtil.getMessage(StringUtil.build(new Object[]{"state.", Integer.valueOf(verify.getState())})));
            return aPIResult;
        }
        if (!"authorization_code".equalsIgnoreCase(grant_type) && !"password_credentials".equalsIgnoreCase(grant_type)) {
            throw new BaseException(StateEnum.ILLEGAL_SWITCHING_AUTH_TYPE_NOT_SUPPORT.getCode(), String.format(StateEnum.ILLEGAL_SWITCHING_AUTH_TYPE_NOT_SUPPORT.getText(), grant_type), new Object[]{grant_type});
        }
        String redisKey = this.appConfig.getRedisKey(new String[]{"access.token", access_token});
        Object obj = RedisUtil.redisTemplate.opsForHash().get(redisKey, "client.id");
        Object obj2 = RedisUtil.redisTemplate.opsForHash().get(redisKey, "client.secret");
        if (BeanUtils.isEmpty(obj) || BeanUtils.isEmpty(obj2)) {
            aPIResult.setState(StateEnum.EXPIRED_TOKEN.getCode());
            throw new BaseException(StateEnum.EXPIRED_TOKEN.getCode(), StateEnum.EXPIRED_TOKEN.getText(), new Object[0]);
        }
        String obj3 = obj.toString();
        String obj4 = obj2.toString();
        if (!client_id.equals(obj3) || !client_secret.equals(obj4)) {
            aPIResult.setState(StateEnum.ILLEGAL_CLIENT_ID_SECRET.getCode());
            throw new BaseException(StateEnum.ILLEGAL_CLIENT_ID_SECRET_NO_MATCH.getCode(), StateEnum.ILLEGAL_CLIENT_ID_SECRET_NO_MATCH.getText(), new Object[0]);
        }
        Object obj5 = RedisUtil.redisTemplate.opsForHash().get(redisKey, "primary.refresh.token");
        if (BeanUtils.isEmpty(obj5)) {
            throw new BaseException(StateEnum.ILLEGAL_ACCOUNT_SWITCHING_CANNOT_QUIT.getCode(), StateEnum.ILLEGAL_ACCOUNT_SWITCHING_CANNOT_QUIT.getText(), new Object[0]);
        }
        TokenEntity tokenEntity = new TokenEntity();
        genTokenByRefreshToken(username, null, client_id, client_secret, obj5.toString(), false, aPIResult, tokenEntity);
        aPIResult.setData(tokenEntity);
        return aPIResult;
    }

    private void genTokenByPrimaryAccessToken(String str, String str2, String str3, String str4, String str5, APIResult<TokenEntity> aPIResult, TokenEntity tokenEntity) {
        APIResult<String> verify = verify(str4);
        if (!verify.isSuccess()) {
            aPIResult.setState(verify.getState());
            throw new NotRequiredI18nException(verify.getState(), verify.getCause());
        }
        String redisKey = this.appConfig.getRedisKey(new String[]{"access.token", str4});
        this.appConfig.getRedisKey(new String[]{"access.token", str4, "0"});
        Object obj = RedisUtil.redisTemplate.opsForHash().get(redisKey, "refresh.token");
        if (BeanUtils.isEmpty(obj)) {
            aPIResult.setState(StateEnum.EXPIRED_TOKEN.getCode());
            throw new BaseException(StateEnum.EXPIRED_TOKEN.getCode(), StateEnum.EXPIRED_TOKEN.getText(), new Object[0]);
        }
        String obj2 = obj.toString();
        tokenEntity.setAccess_token(uuid());
        tokenEntity.setExpires_in(this.tokenConfig.getExpires());
        tokenEntity.setRefresh_token(uuid());
        tokenEntity.setPrimary_refresh_token(obj2);
        tokenEntity.setRemind_in(this.tokenConfig.getRemind());
        PartyUserPo byAccount = InnerContextUtil.getByAccount(new LoginVo(str5, (String) null, (String) null, (String) null), true);
        if (BeanUtils.isNotEmpty(byAccount) && this.tokenConfig.isResponseUid()) {
            tokenEntity.setUid(byAccount.getUserId());
        }
        if (((Boolean) AppUtil.getProperty("user.context.default", Boolean.class, false)).booleanValue() && BeanUtils.isNotEmpty(byAccount)) {
            String header = getRequest().getHeader("X-Authorization-systemid");
            aPIResult.addVariable("systemId", header);
            String mobile = byAccount != null ? byAccount.getMobile() : "";
            aPIResult.addVariable("mobile", mobile);
            String email = byAccount != null ? byAccount.getEmail() : "";
            aPIResult.addVariable("email", email);
            APIResult aPIResult2 = new APIResult();
            InnerContextUtil.createContextData(byAccount.getTenantId(), header, str5, aPIResult2, str5, mobile, email);
            if (!aPIResult2.isSuccess()) {
                throw new BaseException(aPIResult2.getState(), aPIResult2.getCause(), new Object[0]);
            }
            aPIResult.addVariable("context", aPIResult2.getData());
        }
        String redisKey2 = this.appConfig.getRedisKey(new String[]{"access.token", tokenEntity.getAccess_token()});
        RedisUtil.redisTemplate.opsForHash().put(redisKey2, "grant.type", str);
        RedisUtil.redisTemplate.opsForHash().put(redisKey2, "access.token", tokenEntity.getAccess_token());
        RedisUtil.redisTemplate.opsForHash().put(redisKey2, "refresh.token", tokenEntity.getRefresh_token());
        RedisUtil.redisTemplate.opsForHash().put(redisKey2, "primary.refresh.token", obj2);
        RedisUtil.redisTemplate.opsForHash().put(redisKey2, "client.id", str2);
        RedisUtil.redisTemplate.opsForHash().put(redisKey2, "client.secret", str3);
        RedisUtil.redisTemplate.opsForHash().put(redisKey2, "user.name", str5);
        RedisUtil.redisTemplate.expire(redisKey2, this.tokenConfig.getExpires().intValue(), TimeUnit.SECONDS);
        String redisKey3 = this.appConfig.getRedisKey(new String[]{"access.token", tokenEntity.getAccess_token(), "0"});
        RedisUtil.redisTemplate.opsForValue().set(redisKey3, "0");
        RedisUtil.redisTemplate.expire(redisKey3, this.tokenConfig.getRemind().intValue(), TimeUnit.SECONDS);
        String redisKey4 = this.appConfig.getRedisKey(new String[]{"refresh.token", tokenEntity.getRefresh_token()});
        RedisUtil.redisTemplate.opsForHash().put(redisKey4, "refresh.token", tokenEntity.getRefresh_token());
        RedisUtil.redisTemplate.opsForHash().put(redisKey4, "grant.type", str);
        RedisUtil.redisTemplate.opsForHash().put(redisKey4, "access.token", tokenEntity.getAccess_token());
        RedisUtil.redisTemplate.opsForHash().put(redisKey4, "primary.refresh.token", obj2);
        RedisUtil.redisTemplate.opsForHash().put(redisKey4, "client.id", str2);
        RedisUtil.redisTemplate.opsForHash().put(redisKey4, "client.secret", str3);
        RedisUtil.redisTemplate.opsForHash().put(redisKey4, "user.name", str5);
        RedisUtil.redisTemplate.expire(redisKey4, this.tokenConfig.getRemind().intValue(), TimeUnit.SECONDS);
        if ("authorization_code".equalsIgnoreCase(str)) {
            String redisKey5 = this.appConfig.getRedisKey(new String[]{"key", str5});
            if (this.tokenConfig.getAuthorizationCode().isSingle()) {
                cleanAndCacheKeys(redisKey5, redisKey2, redisKey4);
                return;
            } else {
                cacheKeys(redisKey5, redisKey2, redisKey4);
                return;
            }
        }
        if ("password_credentials".equalsIgnoreCase(str)) {
            String redisKey6 = this.appConfig.getRedisKey(new String[]{"key", str5});
            if (this.tokenConfig.getAuthorizationPassword().isSingle()) {
                cleanAndCacheKeys(redisKey6, redisKey2, redisKey4);
            } else {
                cacheKeys(redisKey6, redisKey2, redisKey4);
            }
        }
    }

    private void genTokenByRefreshToken(String str, String str2, String str3, String str4, String str5, APIResult<TokenEntity> aPIResult, TokenEntity tokenEntity) {
        genTokenByRefreshToken(str, str2, str3, str4, str5, true, aPIResult, tokenEntity);
    }

    private void genTokenByRefreshToken(String str, String str2, String str3, String str4, String str5, boolean z, APIResult<TokenEntity> aPIResult, TokenEntity tokenEntity) {
        if (StringUtil.isBlank(str5)) {
            aPIResult.setState(StateEnum.ILLEGAL_TOKEN.getCode());
            throw new BaseException(StateEnum.ILLEGAL_TOKEN.getCode(), StateEnum.ILLEGAL_TOKEN.getText(), new Object[0]);
        }
        String redisKey = this.appConfig.getRedisKey(new String[]{"refresh.token", str5});
        if (!RedisUtil.redisTemplate.hasKey(redisKey).booleanValue()) {
            aPIResult.setState(StateEnum.ILLEGAL_TOKEN.getCode());
            throw new BaseException(StateEnum.ILLEGAL_TOKEN.getCode(), StateEnum.ILLEGAL_TOKEN.getText(), new Object[0]);
        }
        Object obj = RedisUtil.redisTemplate.opsForHash().get(redisKey, "grant.type");
        Object obj2 = RedisUtil.redisTemplate.opsForHash().get(redisKey, "access.token");
        Object obj3 = RedisUtil.redisTemplate.opsForHash().get(redisKey, "client.id");
        Object obj4 = RedisUtil.redisTemplate.opsForHash().get(redisKey, "client.secret");
        Object obj5 = RedisUtil.redisTemplate.opsForHash().get(redisKey, "user.name");
        Object obj6 = RedisUtil.redisTemplate.opsForHash().get(redisKey, "password");
        if (BeanUtils.isEmpty(obj)) {
            aPIResult.setState(StateEnum.ILLEGAL_LOGIN_STATE.getCode());
            throw new BaseException(StateEnum.ILLEGAL_LOGIN_STATE.getCode(), StateEnum.ILLEGAL_LOGIN_STATE.getText(), new Object[0]);
        }
        String obj7 = obj.toString();
        String str6 = null;
        String str7 = null;
        String str8 = null;
        String str9 = null;
        if ("authorization_code".equalsIgnoreCase(obj7)) {
            if (!this.tokenConfig.getAuthorizationCode().isEnable()) {
                aPIResult.setState(StateEnum.ILLEGAL_GRANT_TYPE.getCode());
                throw new BaseException(StateEnum.ILLEGAL_GRANT_TYPE.getCode(), StateEnum.ILLEGAL_GRANT_TYPE.getText(), new Object[0]);
            }
            str6 = obj3.toString();
            str7 = obj4.toString();
            if (z && this.tokenConfig.isRefreshTokenValidComplex()) {
                if (StringUtil.isBlank(str3) || StringUtil.isBlank(str4)) {
                    aPIResult.setState(StateEnum.ILLEGAL_CLIENT_ID_SECRET.getCode());
                    throw new BaseException(StateEnum.ILLEGAL_CLIENT_ID_SECRET_NO_COMPLETE.getCode(), StateEnum.ILLEGAL_CLIENT_ID_SECRET_NO_COMPLETE.getText(), new Object[0]);
                }
                if (!str3.equals(str6) || !str4.equals(str7)) {
                    aPIResult.setState(StateEnum.ILLEGAL_CLIENT_ID_SECRET.getCode());
                    throw new BaseException(StateEnum.ILLEGAL_CLIENT_ID_SECRET_NO_MATCH.getCode(), StateEnum.ILLEGAL_CLIENT_ID_SECRET_NO_MATCH.getText(), new Object[0]);
                }
            }
            str8 = obj5.toString();
            PartyUserPo byAccount = InnerContextUtil.getByAccount(new LoginVo(str8, (String) null, (String) null, (String) null), true);
            if (BeanUtils.isEmpty(byAccount)) {
                aPIResult.setState(StateEnum.ILLEGAL_ACCOUNT_PASSWORD.getCode());
                throw new BaseException(StateEnum.ILLEGAL_CLIENT_ID_SECRET_NO_COMPLETE.getCode(), StateEnum.ILLEGAL_CLIENT_ID_SECRET_NO_COMPLETE.getText(), new Object[0]);
            }
            if (this.tokenConfig.isResponseUid()) {
                tokenEntity.setUid(byAccount.getUserId());
            }
            if (((Boolean) AppUtil.getProperty("user.context.default", Boolean.class, false)).booleanValue() && BeanUtils.isNotEmpty(byAccount)) {
                String header = getRequest().getHeader("X-Authorization-systemid");
                aPIResult.addVariable("systemId", header);
                String mobile = byAccount != null ? byAccount.getMobile() : "";
                aPIResult.addVariable("mobile", mobile);
                String email = byAccount != null ? byAccount.getEmail() : "";
                aPIResult.addVariable("email", email);
                APIResult aPIResult2 = new APIResult();
                InnerContextUtil.createContextData(byAccount.getTenantId(), header, str, aPIResult2, str, mobile, email);
                if (!aPIResult2.isSuccess()) {
                    throw new BaseException(aPIResult2.getState(), aPIResult2.getCause(), new Object[0]);
                }
                aPIResult.addVariable("context", aPIResult2.getData());
            }
        } else if ("authorization_nfdw".equalsIgnoreCase(obj7)) {
            if (!this.tokenConfig.getAuthorizationCode().isEnable()) {
                aPIResult.setState(StateEnum.ILLEGAL_GRANT_TYPE.getCode());
                throw new BaseException(StateEnum.ILLEGAL_GRANT_TYPE.getCode(), StateEnum.ILLEGAL_GRANT_TYPE.getText(), new Object[0]);
            }
            str8 = obj5.toString();
            PartyUserPo byAccount2 = InnerContextUtil.getByAccount(new LoginVo(str8, (String) null, (String) null, (String) null), true);
            if (BeanUtils.isEmpty(byAccount2)) {
                aPIResult.setState(StateEnum.ILLEGAL_ACCOUNT_PASSWORD.getCode());
                throw new BaseException(StateEnum.ILLEGAL_CLIENT_ID_SECRET_NO_COMPLETE.getCode(), StateEnum.ILLEGAL_CLIENT_ID_SECRET_NO_COMPLETE.getText(), new Object[0]);
            }
            if (this.tokenConfig.isResponseUid()) {
                tokenEntity.setUid(byAccount2.getUserId());
            }
            if (((Boolean) AppUtil.getProperty("user.context.default", Boolean.class, false)).booleanValue() && BeanUtils.isNotEmpty(byAccount2)) {
                String header2 = getRequest().getHeader("X-Authorization-systemid");
                aPIResult.addVariable("systemId", header2);
                String mobile2 = byAccount2 != null ? byAccount2.getMobile() : "";
                aPIResult.addVariable("mobile", mobile2);
                String email2 = byAccount2 != null ? byAccount2.getEmail() : "";
                aPIResult.addVariable("email", email2);
                APIResult aPIResult3 = new APIResult();
                InnerContextUtil.createContextData(byAccount2.getTenantId(), header2, str, aPIResult3, str, mobile2, email2);
                if (!aPIResult3.isSuccess()) {
                    throw new BaseException(aPIResult3.getState(), aPIResult3.getCause(), new Object[0]);
                }
                aPIResult.addVariable("context", aPIResult3.getData());
            }
        } else if ("password_credentials".equalsIgnoreCase(obj7)) {
            if (!this.tokenConfig.getAuthorizationPassword().isEnable()) {
                aPIResult.setState(StateEnum.ILLEGAL_GRANT_TYPE.getCode());
                throw new BaseException(StateEnum.ILLEGAL_GRANT_TYPE.getCode(), StateEnum.ILLEGAL_GRANT_TYPE.getText(), new Object[0]);
            }
            str6 = obj3.toString();
            str7 = obj4.toString();
            if (z && this.tokenConfig.isRefreshTokenValidComplex()) {
                if (StringUtil.isBlank(str3) || StringUtil.isBlank(str4)) {
                    aPIResult.setState(StateEnum.ILLEGAL_CLIENT_ID_SECRET.getCode());
                    throw new BaseException(StateEnum.ILLEGAL_CLIENT_ID_SECRET_NO_COMPLETE.getCode(), StateEnum.ILLEGAL_CLIENT_ID_SECRET_NO_COMPLETE.getText(), new Object[0]);
                }
                if (!str3.equals(str6) || !str4.equals(str7)) {
                    aPIResult.setState(StateEnum.ILLEGAL_CLIENT_ID_SECRET.getCode());
                    throw new BaseException(StateEnum.ILLEGAL_CLIENT_ID_SECRET_NO_MATCH.getCode(), StateEnum.ILLEGAL_CLIENT_ID_SECRET_NO_MATCH.getText(), new Object[0]);
                }
            }
            str8 = obj5.toString();
            str9 = obj6.toString();
            if (z && this.tokenConfig.isRefreshTokenValidComplex()) {
                if (StringUtil.isBlank(str) || StringUtil.isBlank(str2)) {
                    aPIResult.setState(StateEnum.ILLEGAL_ACCOUNT_PASSWORD.getCode());
                    throw new BaseException(StateEnum.ILLEGAL_ACCOUNT_INCOMPLETE_INFORMATION.getCode(), StateEnum.ILLEGAL_ACCOUNT_INCOMPLETE_INFORMATION.getText(), new Object[0]);
                }
                if (!str.equals(str8) || !EncryptUtil.encryptSha256(str2).equals(str9)) {
                    aPIResult.setState(StateEnum.ILLEGAL_ACCOUNT_PASSWORD.getCode());
                    throw new BaseException(StateEnum.ILLEGAL_ACCOUNT_INFORMATION_NOT_MATCH.getCode(), StateEnum.ILLEGAL_ACCOUNT_INFORMATION_NOT_MATCH.getText(), new Object[0]);
                }
            }
            PartyUserPo byAccount3 = InnerContextUtil.getByAccount(new LoginVo(str8, (String) null, (String) null, (String) null), true);
            if (BeanUtils.isEmpty(byAccount3)) {
                aPIResult.setState(StateEnum.ILLEGAL_ACCOUNT_PASSWORD.getCode());
                throw new BaseException(StateEnum.ILLEGAL_ACCOUNT_INCOMPLETE_INFORMATION.getCode(), StateEnum.ILLEGAL_ACCOUNT_INCOMPLETE_INFORMATION.getText(), new Object[0]);
            }
            if (this.tokenConfig.isResponseUid()) {
                tokenEntity.setUid(byAccount3.getUserId());
            }
            if (BeanUtils.isNotEmpty(byAccount3)) {
                String header3 = getRequest().getHeader("X-Authorization-systemid");
                aPIResult.addVariable("systemId", header3);
                String mobile3 = byAccount3 != null ? byAccount3.getMobile() : "";
                aPIResult.addVariable("mobile", mobile3);
                String email3 = byAccount3 != null ? byAccount3.getEmail() : "";
                aPIResult.addVariable("email", email3);
                APIResult aPIResult4 = new APIResult();
                InnerContextUtil.createContextData(byAccount3.getTenantId(), header3, str, aPIResult4, str, mobile3, email3);
                if (!aPIResult4.isSuccess()) {
                    throw new BaseException(aPIResult4.getState(), aPIResult4.getCause(), new Object[0]);
                }
                aPIResult.addVariable("context", aPIResult4.getData());
            }
        } else {
            if (!"client_credentials".equalsIgnoreCase(obj7)) {
                aPIResult.setState(StateEnum.ILLEGAL_GRANT_TYPE.getCode());
                throw new BaseException(StateEnum.ILLEGAL_GRANT_TYPE.getCode(), StateEnum.ILLEGAL_GRANT_TYPE.getText(), new Object[0]);
            }
            if (!this.tokenConfig.getAuthorizationClient().isEnable()) {
                aPIResult.setState(StateEnum.ILLEGAL_GRANT_TYPE.getCode());
                throw new BaseException(StateEnum.ILLEGAL_GRANT_TYPE.getCode(), StateEnum.ILLEGAL_GRANT_TYPE.getText(), new Object[0]);
            }
            str6 = obj3.toString();
            str7 = obj4.toString();
            if (z && this.tokenConfig.isRefreshTokenValidComplex()) {
                if (StringUtil.isBlank(str3) || StringUtil.isBlank(str4)) {
                    aPIResult.setState(StateEnum.ILLEGAL_CLIENT_ID_SECRET.getCode());
                    throw new BaseException(StateEnum.ILLEGAL_CLIENT_ID_SECRET_NO_COMPLETE.getCode(), StateEnum.ILLEGAL_CLIENT_ID_SECRET_NO_COMPLETE.getText(), new Object[0]);
                }
                if (!str3.equals(str6) || !str4.equals(str7)) {
                    aPIResult.setState(StateEnum.ILLEGAL_CLIENT_ID_SECRET.getCode());
                    throw new BaseException(StateEnum.ILLEGAL_CLIENT_ID_SECRET_NO_MATCH.getCode(), StateEnum.ILLEGAL_CLIENT_ID_SECRET_NO_MATCH.getText(), new Object[0]);
                }
            }
        }
        tokenEntity.setAccess_token(uuid());
        tokenEntity.setExpires_in(this.tokenConfig.getExpires());
        if (this.tokenConfig.isRefreshCycle()) {
            tokenEntity.setRefresh_token(uuid());
            tokenEntity.setRemind_in(this.tokenConfig.getRemind());
        }
        RedisUtil.redisTemplate.delete(this.appConfig.getRedisKey(new String[]{"access.token", obj2.toString()}));
        RedisUtil.redisTemplate.delete(redisKey);
        String redisKey2 = this.appConfig.getRedisKey(new String[]{"access.token", tokenEntity.getAccess_token()});
        RedisUtil.redisTemplate.opsForHash().put(redisKey2, "grant.type", obj7);
        RedisUtil.redisTemplate.opsForHash().put(redisKey2, "access.token", tokenEntity.getAccess_token());
        if (this.tokenConfig.isRefreshCycle()) {
            RedisUtil.redisTemplate.opsForHash().put(redisKey2, "refresh.token", tokenEntity.getRefresh_token());
            String redisKey3 = this.appConfig.getRedisKey(new String[]{"access.token", tokenEntity.getAccess_token(), "0"});
            RedisUtil.redisTemplate.opsForValue().set(redisKey3, "0");
            RedisUtil.redisTemplate.expire(redisKey3, this.tokenConfig.getRemind().intValue(), TimeUnit.SECONDS);
            redisKey = this.appConfig.getRedisKey(new String[]{"refresh.token", tokenEntity.getRefresh_token()});
            RedisUtil.redisTemplate.opsForHash().put(redisKey, "grant.type", obj7);
            RedisUtil.redisTemplate.opsForHash().put(redisKey, "access.token", tokenEntity.getAccess_token());
            RedisUtil.redisTemplate.opsForHash().put(redisKey, "refresh.token", tokenEntity.getRefresh_token());
        }
        if ("authorization_code".equalsIgnoreCase(obj7)) {
            RedisUtil.redisTemplate.opsForHash().put(redisKey2, "client.id", str6);
            RedisUtil.redisTemplate.opsForHash().put(redisKey2, "client.secret", str7);
            RedisUtil.redisTemplate.opsForHash().put(redisKey2, "user.name", str8);
            if (this.tokenConfig.isRefreshCycle()) {
                RedisUtil.redisTemplate.opsForHash().put(redisKey, "client.id", str6);
                RedisUtil.redisTemplate.opsForHash().put(redisKey, "client.secret", str7);
                RedisUtil.redisTemplate.opsForHash().put(redisKey, "user.name", str8);
            }
        } else if ("authorization_nfdw".equalsIgnoreCase(obj7)) {
            RedisUtil.redisTemplate.opsForHash().put(redisKey2, "user.name", str8);
            if (this.tokenConfig.isRefreshCycle()) {
                RedisUtil.redisTemplate.opsForHash().put(redisKey, "user.name", str8);
            }
        } else if ("password_credentials".equalsIgnoreCase(obj7)) {
            RedisUtil.redisTemplate.opsForHash().put(redisKey2, "user.name", str8);
            RedisUtil.redisTemplate.opsForHash().put(redisKey2, "password", str9);
            RedisUtil.redisTemplate.opsForHash().put(redisKey2, "client.id", str6);
            RedisUtil.redisTemplate.opsForHash().put(redisKey2, "client.secret", str7);
            if (this.tokenConfig.isRefreshCycle()) {
                RedisUtil.redisTemplate.opsForHash().put(redisKey, "user.name", str8);
                RedisUtil.redisTemplate.opsForHash().put(redisKey, "password", str9);
                RedisUtil.redisTemplate.opsForHash().put(redisKey, "client.id", str6);
                RedisUtil.redisTemplate.opsForHash().put(redisKey, "client.secret", str7);
            }
        } else if ("client_credentials".equalsIgnoreCase(obj7)) {
            RedisUtil.redisTemplate.opsForHash().put(redisKey2, "client.id", str6);
            RedisUtil.redisTemplate.opsForHash().put(redisKey2, "client.secret", str7);
            if (this.tokenConfig.isRefreshCycle()) {
                RedisUtil.redisTemplate.opsForHash().put(redisKey, "client.id", str6);
                RedisUtil.redisTemplate.opsForHash().put(redisKey, "client.secret", str7);
            }
        }
        RedisUtil.redisTemplate.expire(redisKey2, this.tokenConfig.getExpires().intValue(), TimeUnit.SECONDS);
        if (this.tokenConfig.isRefreshCycle()) {
            RedisUtil.redisTemplate.expire(redisKey, this.tokenConfig.getRemind().intValue(), TimeUnit.SECONDS);
        }
        if ("authorization_code".equalsIgnoreCase(obj7)) {
            String redisKey4 = this.appConfig.getRedisKey(new String[]{"key", str8});
            if (this.tokenConfig.getAuthorizationCode().isSingle()) {
                cleanAndCacheKeys(redisKey4, redisKey2, redisKey);
                return;
            } else {
                cacheKeys(redisKey4, redisKey2, redisKey);
                return;
            }
        }
        if ("authorization_nfdw".equalsIgnoreCase(obj7)) {
            String redisKey5 = this.appConfig.getRedisKey(new String[]{"key", str8});
            if (this.tokenConfig.getAuthorizationCode().isSingle()) {
                cleanAndCacheKeys(redisKey5, redisKey2, redisKey);
                return;
            } else {
                cacheKeys(redisKey5, redisKey2, redisKey);
                return;
            }
        }
        if ("password_credentials".equalsIgnoreCase(obj7)) {
            String redisKey6 = this.appConfig.getRedisKey(new String[]{"key", str8});
            if (this.tokenConfig.getAuthorizationPassword().isSingle()) {
                cleanAndCacheKeys(redisKey6, redisKey2, redisKey);
                return;
            } else {
                cacheKeys(redisKey6, redisKey2, redisKey);
                return;
            }
        }
        if ("client_credentials".equalsIgnoreCase(obj7)) {
            String redisKey7 = this.appConfig.getRedisKey(new String[]{"key", str3});
            if (this.tokenConfig.getAuthorizationClient().isSingle()) {
                cleanAndCacheKeys(redisKey7, redisKey2, redisKey);
            } else {
                cacheKeys(redisKey7, redisKey2, redisKey);
            }
        }
    }

    private void genTokenByAuthorizationCode(String str, String str2, String str3, APIResult<TokenEntity> aPIResult, TokenEntity tokenEntity) {
        if (!this.tokenConfig.getAuthorizationCode().isEnable()) {
            aPIResult.setState(StateEnum.ILLEGAL_GRANT_TYPE.getCode());
            throw new BaseException(StateEnum.ILLEGAL_GRANT_TYPE.getCode(), StateEnum.ILLEGAL_GRANT_TYPE.getText(), new Object[0]);
        }
        if (StringUtil.isBlank(str3) || StringUtil.isBlank(str) || StringUtil.isBlank(str2)) {
            aPIResult.setState(StateEnum.ILLEGAL_CLIENT_ID_SECRET.getCode());
            throw new BaseException(StateEnum.ILLEGAL_CLIENT_ID_SECRET_NO_COMPLETE.getCode(), StateEnum.ILLEGAL_CLIENT_ID_SECRET_NO_COMPLETE.getText(), new Object[0]);
        }
        String redisKey = this.appConfig.getRedisKey(new String[]{"authorize.code", str3});
        if (!RedisUtil.redisTemplate.hasKey(redisKey).booleanValue()) {
            if (logger.isWarnEnabled()) {
                logger.warn("mode={}, authorizeCode={}, ackey={}", new Object[]{"authorize.code", str3, redisKey});
            }
            aPIResult.setState(StateEnum.ILLEGAL_LOGIN_STATE.getCode());
            throw new BaseException(StateEnum.ILLEGAL_LOGIN_STATE.getCode(), StateEnum.ILLEGAL_LOGIN_STATE.getText(), new Object[0]);
        }
        Object obj = RedisUtil.redisTemplate.opsForHash().get(redisKey, "client.id");
        Object obj2 = RedisUtil.redisTemplate.opsForHash().get(redisKey, "user.name");
        if (BeanUtils.isEmpty(obj) || BeanUtils.isEmpty(obj2)) {
            aPIResult.setState(StateEnum.ILLEGAL_LOGIN_STATE.getCode());
            throw new BaseException(StateEnum.ILLEGAL_LOGIN_STATE.getCode(), StateEnum.ILLEGAL_LOGIN_STATE.getText(), new Object[0]);
        }
        if (!obj.toString().equals(str)) {
            aPIResult.setState(StateEnum.ILLEGAL_CLIENT_ID_SECRET.getCode());
            throw new BaseException(StateEnum.ILLEGAL_CLIENT_ID_SECRET_NO_MATCH.getCode(), StateEnum.ILLEGAL_CLIENT_ID_SECRET_NO_MATCH.getText(), new Object[0]);
        }
        validateScope(str, str2, Scope.SSO.getValue());
        validateGrantType(str, str2, GrantType.CODE.getValue());
        tokenEntity.setAccess_token(uuid());
        tokenEntity.setExpires_in(this.tokenConfig.getExpires());
        tokenEntity.setRefresh_token(uuid());
        tokenEntity.setRemind_in(this.tokenConfig.getRemind());
        String uuid = uuid();
        aPIResult.addVariable("code", uuid);
        String obj3 = obj2.toString();
        PartyUserPo byAccount = InnerContextUtil.getByAccount(new LoginVo(obj3, (String) null, (String) null, (String) null), true);
        if (BeanUtils.isNotEmpty(byAccount) && this.tokenConfig.isResponseUid()) {
            tokenEntity.setUid(byAccount.getUserId());
        }
        if (((Boolean) AppUtil.getProperty("user.context.default", Boolean.class, false)).booleanValue() && BeanUtils.isNotEmpty(byAccount)) {
            String header = getRequest().getHeader("X-Authorization-systemid");
            aPIResult.addVariable("systemId", header);
            String mobile = byAccount != null ? byAccount.getMobile() : "";
            aPIResult.addVariable("mobile", mobile);
            String email = byAccount != null ? byAccount.getEmail() : "";
            aPIResult.addVariable("email", email);
            APIResult aPIResult2 = new APIResult();
            InnerContextUtil.createContextData(byAccount.getTenantId(), header, obj3, aPIResult2, obj3, mobile, email);
            if (!aPIResult2.isSuccess()) {
                throw new BaseException(aPIResult2.getState(), aPIResult2.getCause(), new Object[0]);
            }
            aPIResult.addVariable("context", aPIResult2.getData());
        }
        RedisUtil.redisTemplate.delete(redisKey);
        String redisKey2 = this.appConfig.getRedisKey(new String[]{"access.token", tokenEntity.getAccess_token()});
        RedisUtil.redisTemplate.opsForHash().put(redisKey2, "grant.type", "authorization_code");
        RedisUtil.redisTemplate.opsForHash().put(redisKey2, "client.id", str);
        RedisUtil.redisTemplate.opsForHash().put(redisKey2, "client.secret", str2);
        RedisUtil.redisTemplate.opsForHash().put(redisKey2, "user.name", obj3);
        RedisUtil.redisTemplate.opsForHash().put(redisKey2, "refresh.token", tokenEntity.getRefresh_token());
        RedisUtil.redisTemplate.opsForHash().put(redisKey2, "access.token", tokenEntity.getAccess_token());
        RedisUtil.redisTemplate.opsForHash().put(redisKey2, "check.code", uuid);
        RedisUtil.redisTemplate.expire(redisKey2, this.tokenConfig.getExpires().intValue(), TimeUnit.SECONDS);
        String redisKey3 = this.appConfig.getRedisKey(new String[]{"access.token", tokenEntity.getAccess_token(), "0"});
        RedisUtil.redisTemplate.opsForValue().set(redisKey3, "0");
        RedisUtil.redisTemplate.expire(redisKey3, this.tokenConfig.getRemind().intValue(), TimeUnit.SECONDS);
        String redisKey4 = this.appConfig.getRedisKey(new String[]{"refresh.token", tokenEntity.getRefresh_token()});
        RedisUtil.redisTemplate.opsForHash().put(redisKey4, "grant.type", "authorization_code");
        RedisUtil.redisTemplate.opsForHash().put(redisKey4, "client.id", str);
        RedisUtil.redisTemplate.opsForHash().put(redisKey4, "client.secret", str2);
        RedisUtil.redisTemplate.opsForHash().put(redisKey4, "user.name", obj3);
        RedisUtil.redisTemplate.opsForHash().put(redisKey4, "access.token", tokenEntity.getAccess_token());
        RedisUtil.redisTemplate.opsForHash().put(redisKey4, "refresh.token", tokenEntity.getRefresh_token());
        RedisUtil.redisTemplate.expire(redisKey4, this.tokenConfig.getRemind().intValue(), TimeUnit.SECONDS);
        String redisKey5 = this.appConfig.getRedisKey(new String[]{"key", obj3});
        if (this.tokenConfig.getAuthorizationCode().isSingle()) {
            cleanAndCacheKeys(redisKey5, redisKey2, redisKey4);
        } else {
            cacheKeys(redisKey5, redisKey2, redisKey4);
        }
    }

    private void genTokenByAuthorizationNfdw(String str, String str2, String str3, APIResult<TokenEntity> aPIResult, TokenEntity tokenEntity) {
        if (!this.tokenConfig.getAuthorizationCode().isEnable()) {
            aPIResult.setState(StateEnum.ILLEGAL_GRANT_TYPE.getCode());
            throw new BaseException(StateEnum.ILLEGAL_GRANT_TYPE.getCode(), StateEnum.ILLEGAL_GRANT_TYPE.getText(), new Object[0]);
        }
        if (StringUtil.isBlank(str3)) {
            aPIResult.setState(StateEnum.ILLEGAL_LOGIN_STATE.getCode());
            throw new BaseException("用户未登录");
        }
        String str4 = (String) ((Map) ((Map) JacksonUtil.toMap(ApacheHttpClient.doGet((String) AppUtil.getProperty("nfdw.oauth.token.url", String.class), ApacheHttpClient.HearderBuilder.create().a("access-token", str3).build())).get("data")).get("user")).get("account");
        DefaultPartyUserPo byAccount = ((DefaultPartyUserRepositoryImpl) AppUtil.getBean(DefaultPartyUserRepositoryImpl.class)).getByAccount(str4);
        if (!BeanUtils.isNotEmpty(byAccount) || !this.tokenConfig.isResponseUid()) {
            throw new UnknownAccountException(I18nUtil.getMessage("com.lc.ibps.cloud.oauth.server.provider.BaseProvider.login.ex.unknown"));
        }
        tokenEntity.setUid(byAccount.getId());
        tokenEntity.setAccess_token(str3);
        tokenEntity.setExpires_in(this.tokenConfig.getExpires());
        tokenEntity.setRefresh_token(uuid());
        tokenEntity.setRemind_in(this.tokenConfig.getRemind());
        String uuid = uuid();
        aPIResult.addVariable("code", uuid);
        if (((Boolean) AppUtil.getProperty("user.context.default", Boolean.class, false)).booleanValue() && BeanUtils.isNotEmpty(byAccount)) {
            String header = getRequest().getHeader("X-Authorization-systemid");
            aPIResult.addVariable("systemId", header);
            String mobile = byAccount.getMobile();
            aPIResult.addVariable("mobile", mobile);
            String email = byAccount.getEmail();
            aPIResult.addVariable("email", email);
            APIResult aPIResult2 = new APIResult();
            InnerContextUtil.createContextData(byAccount.getTenantId(), header, str4, aPIResult2, str4, mobile, email);
            if (!aPIResult2.isSuccess()) {
                throw new BaseException(aPIResult2.getState(), aPIResult2.getCause(), new Object[0]);
            }
            aPIResult.addVariable("context", aPIResult2.getData());
        }
        String redisKey = this.appConfig.getRedisKey(new String[]{"access.token", tokenEntity.getAccess_token()});
        RedisUtil.redisTemplate.opsForHash().put(redisKey, "grant.type", "authorization_nfdw");
        RedisUtil.redisTemplate.opsForHash().put(redisKey, "client.id", str);
        RedisUtil.redisTemplate.opsForHash().put(redisKey, "client.secret", str2);
        RedisUtil.redisTemplate.opsForHash().put(redisKey, "user.name", str4);
        RedisUtil.redisTemplate.opsForHash().put(redisKey, "refresh.token", tokenEntity.getRefresh_token());
        RedisUtil.redisTemplate.opsForHash().put(redisKey, "access.token", tokenEntity.getAccess_token());
        RedisUtil.redisTemplate.opsForHash().put(redisKey, "check.code", uuid);
        RedisUtil.redisTemplate.expire(redisKey, this.tokenConfig.getExpires().intValue(), TimeUnit.SECONDS);
        String redisKey2 = this.appConfig.getRedisKey(new String[]{"access.token", tokenEntity.getAccess_token(), "0"});
        RedisUtil.redisTemplate.opsForValue().set(redisKey2, "0");
        RedisUtil.redisTemplate.expire(redisKey2, this.tokenConfig.getRemind().intValue(), TimeUnit.SECONDS);
        String redisKey3 = this.appConfig.getRedisKey(new String[]{"refresh.token", tokenEntity.getRefresh_token()});
        RedisUtil.redisTemplate.opsForHash().put(redisKey3, "grant.type", "authorization_nfdw");
        RedisUtil.redisTemplate.opsForHash().put(redisKey3, "client.id", str);
        RedisUtil.redisTemplate.opsForHash().put(redisKey3, "client.secret", str2);
        RedisUtil.redisTemplate.opsForHash().put(redisKey3, "user.name", str4);
        RedisUtil.redisTemplate.opsForHash().put(redisKey3, "access.token", tokenEntity.getAccess_token());
        RedisUtil.redisTemplate.opsForHash().put(redisKey3, "refresh.token", tokenEntity.getRefresh_token());
        RedisUtil.redisTemplate.expire(redisKey3, this.tokenConfig.getRemind().intValue(), TimeUnit.SECONDS);
        String redisKey4 = this.appConfig.getRedisKey(new String[]{"key", str4});
        if (this.tokenConfig.getAuthorizationCode().isSingle()) {
            cleanAndCacheKeys(redisKey4, redisKey, redisKey3);
        } else {
            cacheKeys(redisKey4, redisKey, redisKey3);
        }
    }

    private void genTokenBynNfdw(String str, String str2, String str3) {
        if (StringUtil.isBlank(str3)) {
            throw new BaseException("用户未登录");
        }
        String str4 = (String) ((Map) ((Map) JacksonUtil.toMap(ApacheHttpClient.doGet((String) AppUtil.getProperty("nfdw.oauth.token.url", String.class), ApacheHttpClient.HearderBuilder.create().a("access-token", str3).build())).get("data")).get("user")).get("account");
        DefaultPartyUserPo byAccount = ((DefaultPartyUserRepositoryImpl) AppUtil.getBean(DefaultPartyUserRepositoryImpl.class)).getByAccount(str4);
        if (BeanUtils.isEmpty(byAccount)) {
            throw new UnknownAccountException(I18nUtil.getMessage("com.lc.ibps.cloud.oauth.server.provider.BaseProvider.login.ex.unknown"));
        }
        String uuid = uuid();
        String uuid2 = uuid();
        if (((Boolean) AppUtil.getProperty("user.context.default", Boolean.class, false)).booleanValue() && BeanUtils.isNotEmpty(byAccount)) {
            String header = getRequest().getHeader("X-Authorization-systemid");
            String mobile = byAccount.getMobile();
            String email = byAccount.getEmail();
            APIResult aPIResult = new APIResult();
            InnerContextUtil.createContextData(byAccount.getTenantId(), header, str4, aPIResult, str4, mobile, email);
            if (!aPIResult.isSuccess()) {
                throw new BaseException(aPIResult.getState(), aPIResult.getCause(), new Object[0]);
            }
        }
        String redisKey = this.appConfig.getRedisKey(new String[]{"access.token", str3});
        RedisUtil.redisTemplate.opsForHash().put(redisKey, "grant.type", "authorization_nfdw");
        RedisUtil.redisTemplate.opsForHash().put(redisKey, "client.id", str);
        RedisUtil.redisTemplate.opsForHash().put(redisKey, "client.secret", str2);
        RedisUtil.redisTemplate.opsForHash().put(redisKey, "user.name", str4);
        RedisUtil.redisTemplate.opsForHash().put(redisKey, "refresh.token", uuid2);
        RedisUtil.redisTemplate.opsForHash().put(redisKey, "access.token", str3);
        RedisUtil.redisTemplate.opsForHash().put(redisKey, "check.code", uuid);
        RedisUtil.redisTemplate.expire(redisKey, this.tokenConfig.getExpires().intValue(), TimeUnit.SECONDS);
        String redisKey2 = this.appConfig.getRedisKey(new String[]{"access.token", str3, "0"});
        RedisUtil.redisTemplate.opsForValue().set(redisKey2, "0");
        RedisUtil.redisTemplate.expire(redisKey2, this.tokenConfig.getRemind().intValue(), TimeUnit.SECONDS);
        String redisKey3 = this.appConfig.getRedisKey(new String[]{"refresh.token", uuid2});
        RedisUtil.redisTemplate.opsForHash().put(redisKey3, "grant.type", "authorization_nfdw");
        RedisUtil.redisTemplate.opsForHash().put(redisKey3, "client.id", str);
        RedisUtil.redisTemplate.opsForHash().put(redisKey3, "client.secret", str2);
        RedisUtil.redisTemplate.opsForHash().put(redisKey3, "user.name", str4);
        RedisUtil.redisTemplate.opsForHash().put(redisKey3, "access.token", str3);
        RedisUtil.redisTemplate.opsForHash().put(redisKey3, "refresh.token", uuid2);
        RedisUtil.redisTemplate.expire(redisKey3, this.tokenConfig.getRemind().intValue(), TimeUnit.SECONDS);
    }

    private void genTokenByClientCredentials(String str, String str2, APIResult<TokenEntity> aPIResult, TokenEntity tokenEntity) {
        if (!this.tokenConfig.getAuthorizationClient().isEnable()) {
            aPIResult.setState(StateEnum.ILLEGAL_GRANT_TYPE.getCode());
            throw new BaseException(StateEnum.ILLEGAL_GRANT_TYPE.getCode(), StateEnum.ILLEGAL_GRANT_TYPE.getText(), new Object[0]);
        }
        if (StringUtil.isBlank(str) || StringUtil.isBlank(str2)) {
            aPIResult.setState(StateEnum.ILLEGAL_CLIENT_ID_SECRET.getCode());
            throw new BaseException(StateEnum.ILLEGAL_CLIENT_ID_SECRET_EMPTY.getCode(), StateEnum.ILLEGAL_CLIENT_ID_SECRET_EMPTY.getText(), new Object[0]);
        }
        validateScope(str, str2, Scope.SSO.getValue());
        validateGrantType(str, str2, GrantType.CLIENT.getValue());
        tokenEntity.setAccess_token(uuid());
        tokenEntity.setExpires_in(this.tokenConfig.getExpires());
        tokenEntity.setRefresh_token(uuid());
        tokenEntity.setRemind_in(this.tokenConfig.getRemind());
        String redisKey = this.appConfig.getRedisKey(new String[]{"access.token", tokenEntity.getAccess_token()});
        RedisUtil.redisTemplate.opsForHash().put(redisKey, "grant.type", "client_credentials");
        RedisUtil.redisTemplate.opsForHash().put(redisKey, "client.id", str);
        RedisUtil.redisTemplate.opsForHash().put(redisKey, "client.secret", str2);
        RedisUtil.redisTemplate.opsForHash().put(redisKey, "refresh.token", tokenEntity.getRefresh_token());
        RedisUtil.redisTemplate.opsForHash().put(redisKey, "access.token", tokenEntity.getAccess_token());
        RedisUtil.redisTemplate.expire(redisKey, this.tokenConfig.getExpires().intValue(), TimeUnit.SECONDS);
        String redisKey2 = this.appConfig.getRedisKey(new String[]{"access.token", tokenEntity.getAccess_token(), "0"});
        RedisUtil.redisTemplate.opsForValue().set(redisKey2, "0");
        RedisUtil.redisTemplate.expire(redisKey2, this.tokenConfig.getRemind().intValue(), TimeUnit.SECONDS);
        String redisKey3 = this.appConfig.getRedisKey(new String[]{"refresh.token", tokenEntity.getRefresh_token()});
        RedisUtil.redisTemplate.opsForHash().put(redisKey3, "grant.type", "client_credentials");
        RedisUtil.redisTemplate.opsForHash().put(redisKey3, "client.id", str);
        RedisUtil.redisTemplate.opsForHash().put(redisKey3, "client.secret", str2);
        RedisUtil.redisTemplate.opsForHash().put(redisKey3, "access.token", tokenEntity.getAccess_token());
        RedisUtil.redisTemplate.opsForHash().put(redisKey3, "refresh.token", tokenEntity.getRefresh_token());
        RedisUtil.redisTemplate.expire(redisKey3, this.tokenConfig.getRemind().intValue(), TimeUnit.SECONDS);
        String redisKey4 = this.appConfig.getRedisKey(new String[]{"key", str});
        if (this.tokenConfig.getAuthorizationClient().isSingle()) {
            cleanAndCacheKeys(redisKey4, redisKey, redisKey3);
        } else {
            cacheKeys(redisKey4, redisKey, redisKey3);
        }
    }

    private void genTokenByPasswordCredentials(String str, String str2, String str3, String str4, APIResult<TokenEntity> aPIResult, TokenEntity tokenEntity) {
        if (!this.tokenConfig.getAuthorizationPassword().isEnable()) {
            aPIResult.setState(StateEnum.ILLEGAL_GRANT_TYPE.getCode());
            throw new BaseException(StateEnum.ILLEGAL_GRANT_TYPE.getCode(), StateEnum.ILLEGAL_GRANT_TYPE.getText(), new Object[0]);
        }
        if (StringUtil.isBlank(str) || StringUtil.isBlank(str2)) {
            aPIResult.setState(StateEnum.ILLEGAL_CLIENT_ID_SECRET.getCode());
            throw new BaseException(StateEnum.ILLEGAL_CLIENT_ID_SECRET_NO_COMPLETE.getCode(), StateEnum.ILLEGAL_CLIENT_ID_SECRET_NO_COMPLETE.getText(), new Object[0]);
        }
        if (StringUtil.isBlank(str3) || StringUtil.isBlank(str4)) {
            aPIResult.setState(StateEnum.ILLEGAL_ACCOUNT_PASSWORD.getCode());
            throw new BaseException(StateEnum.ILLEGAL_ACCOUNT_OR_PASSWORD_EMPTY.getCode(), StateEnum.ILLEGAL_ACCOUNT_OR_PASSWORD_EMPTY.getText(), new Object[0]);
        }
        validateScope(str, str2, Scope.SSO.getValue());
        validateGrantType(str, str2, GrantType.PASSWORD.getValue());
        PartyUserPo login0 = login0(new LoginVo(str3, str4, (String) null, (String) null));
        tokenEntity.setAccess_token(uuid());
        tokenEntity.setExpires_in(this.tokenConfig.getExpires());
        tokenEntity.setRefresh_token(uuid());
        tokenEntity.setRemind_in(this.tokenConfig.getRemind());
        if (this.tokenConfig.isResponseUid()) {
            tokenEntity.setUid(login0.getUserId());
        }
        if (((Boolean) AppUtil.getProperty("user.context.default", Boolean.class, false)).booleanValue() && BeanUtils.isNotEmpty(login0)) {
            String header = getRequest().getHeader("X-Authorization-systemid");
            aPIResult.addVariable("systemId", header);
            String mobile = login0 != null ? login0.getMobile() : "";
            aPIResult.addVariable("mobile", mobile);
            String email = login0 != null ? login0.getEmail() : "";
            aPIResult.addVariable("email", email);
            APIResult aPIResult2 = new APIResult();
            InnerContextUtil.createContextData(login0.getTenantId(), header, str3, aPIResult2, str3, mobile, email);
            if (!aPIResult2.isSuccess()) {
                throw new BaseException(aPIResult2.getState(), aPIResult2.getCause(), new Object[0]);
            }
            aPIResult.addVariable("context", aPIResult2.getData());
        }
        String redisKey = this.appConfig.getRedisKey(new String[]{"access.token", tokenEntity.getAccess_token()});
        RedisUtil.redisTemplate.opsForHash().put(redisKey, "grant.type", "password_credentials");
        RedisUtil.redisTemplate.opsForHash().put(redisKey, "user.name", str3);
        RedisUtil.redisTemplate.opsForHash().put(redisKey, "password", login0.getPassword());
        RedisUtil.redisTemplate.opsForHash().put(redisKey, "client.id", str);
        RedisUtil.redisTemplate.opsForHash().put(redisKey, "client.secret", str2);
        RedisUtil.redisTemplate.opsForHash().put(redisKey, "refresh.token", tokenEntity.getRefresh_token());
        RedisUtil.redisTemplate.opsForHash().put(redisKey, "access.token", tokenEntity.getAccess_token());
        RedisUtil.redisTemplate.expire(redisKey, this.tokenConfig.getExpires().intValue(), TimeUnit.SECONDS);
        String redisKey2 = this.appConfig.getRedisKey(new String[]{"access.token", tokenEntity.getAccess_token(), "0"});
        RedisUtil.redisTemplate.opsForValue().set(redisKey2, "0");
        RedisUtil.redisTemplate.expire(redisKey2, this.tokenConfig.getRemind().intValue(), TimeUnit.SECONDS);
        String redisKey3 = this.appConfig.getRedisKey(new String[]{"refresh.token", tokenEntity.getRefresh_token()});
        RedisUtil.redisTemplate.opsForHash().put(redisKey3, "grant.type", "password_credentials");
        RedisUtil.redisTemplate.opsForHash().put(redisKey3, "user.name", str3);
        RedisUtil.redisTemplate.opsForHash().put(redisKey3, "password", login0.getPassword());
        RedisUtil.redisTemplate.opsForHash().put(redisKey3, "client.id", str);
        RedisUtil.redisTemplate.opsForHash().put(redisKey3, "client.secret", str2);
        RedisUtil.redisTemplate.opsForHash().put(redisKey3, "access.token", tokenEntity.getAccess_token());
        RedisUtil.redisTemplate.opsForHash().put(redisKey3, "refresh.token", tokenEntity.getRefresh_token());
        RedisUtil.redisTemplate.expire(redisKey3, this.tokenConfig.getRemind().intValue(), TimeUnit.SECONDS);
        String redisKey4 = this.appConfig.getRedisKey(new String[]{"key", str3});
        if (this.tokenConfig.getAuthorizationPassword().isSingle()) {
            cleanAndCacheKeys(redisKey4, redisKey, redisKey3);
        } else {
            cacheKeys(redisKey4, redisKey, redisKey3);
        }
    }

    @ApiOperation(value = "校验令牌", notes = "传入令牌")
    public APIResult<String> verify(@RequestParam(name = "access_token", required = true) @ApiParam(name = "access_token", value = "访问令牌", required = true) String str) {
        String redisKey;
        String redisKey2;
        if (logger.isDebugEnabled()) {
            logger.debug("verify access_token");
        }
        APIResult<String> aPIResult = new APIResult<>();
        try {
            redisKey = this.appConfig.getRedisKey(new String[]{"access.token", str});
            redisKey2 = this.appConfig.getRedisKey(new String[]{"access.token", str, "0"});
            if (logger.isDebugEnabled()) {
                logger.debug("verify accessToken {}, atkey has {}, jatkey has {}.", new Object[]{str, RedisUtil.redisTemplate.hasKey(redisKey), RedisUtil.redisTemplate.hasKey(redisKey2)});
            }
        } catch (Exception e) {
            if (StateEnum.SUCCESS.getCode() == aPIResult.getState()) {
                aPIResult.setState(StateEnum.ILLEGAL_TOKEN.getCode());
            }
            aPIResult.setCause(ExceptionUtil.analysisCause(e));
            logger.error("access token failed:", e);
        }
        if (!RedisUtil.redisTemplate.hasKey(redisKey).booleanValue()) {
            if (RedisUtil.redisTemplate.hasKey(redisKey2).booleanValue()) {
                aPIResult.setState(StateEnum.EXPIRED_TOKEN.getCode());
                throw new BaseException(StateEnum.EXPIRED_TOKEN.getCode(), StateEnum.EXPIRED_TOKEN.getText(), new Object[0]);
            }
            if (RedisUtil.redisTemplate.hasKey(this.appConfig.getRedisKey(new String[]{"login.temporary", str})).booleanValue()) {
                aPIResult.setState(StateEnum.ILLEGAL_LIMIT_STATE.getCode());
                return aPIResult;
            }
            aPIResult.setState(StateEnum.ILLEGAL_TOKEN.getCode());
            throw new BaseException(StateEnum.ILLEGAL_TOKEN.getCode(), StateEnum.ILLEGAL_TOKEN.getText(), new Object[0]);
        }
        Object obj = RedisUtil.redisTemplate.opsForHash().get(redisKey, "grant.type");
        Object obj2 = RedisUtil.redisTemplate.opsForHash().get(redisKey, "user.name");
        Object obj3 = RedisUtil.redisTemplate.opsForHash().get(redisKey, "client.id");
        String obj4 = obj.toString();
        aPIResult.addVariable("grant.type", obj4);
        if ("authorization_code".equalsIgnoreCase(obj4) || "password_credentials".equalsIgnoreCase(obj4) || "authorization_nfdw".equalsIgnoreCase(obj4)) {
            String obj5 = obj2.toString();
            aPIResult.setData(obj5);
            aPIResult.addVariable("clientId", obj3);
            DefaultPartyUserPo byAccount4Cache = this.defaultPartyUserRepository.getByAccount4Cache(obj5);
            aPIResult.addVariable("mobile", byAccount4Cache != null ? byAccount4Cache.getMobile() : "");
            aPIResult.addVariable("email", byAccount4Cache != null ? byAccount4Cache.getEmail() : "");
            if (byAccount4Cache != null) {
                String status = this.partyEmployeeRepository.get(byAccount4Cache.getId()).getStatus();
                if (UserStatus.INACTIVE.getValue().equalsIgnoreCase(status)) {
                    throw new InactiveException(I18nUtil.getMessage("com.lc.ibps.cloud.oauth.server.provider.BaseProvider.verifyStatus.ex.inactive"));
                }
                if (UserStatus.LOCKED.getValue().equalsIgnoreCase(status)) {
                    throw new LockedAccountException(I18nUtil.getMessage("com.lc.ibps.cloud.oauth.server.provider.BaseProvider.verifyStatus.ex.locked"));
                }
                if (UserStatus.EXPIRED.getValue().equalsIgnoreCase(status)) {
                    throw new ExpiredAccountException(I18nUtil.getMessage("com.lc.ibps.cloud.oauth.server.provider.BaseProvider.verifyStatus.ex.expired"));
                }
                if (UserStatus.DISABLED.getValue().equalsIgnoreCase(status)) {
                    throw new ExpiredAccountException(I18nUtil.getMessage("com.lc.ibps.cloud.oauth.server.provider.BaseProvider.verifyStatus.ex.disabled"));
                }
                if (UserStatus.DELETED.getValue().equalsIgnoreCase(status)) {
                    throw new UnknownAccountException(I18nUtil.getMessage("com.lc.ibps.cloud.oauth.server.provider.BaseProvider.verifyStatus.ex.deleted"));
                }
            }
        } else {
            if (!"client_credentials".equalsIgnoreCase(obj4)) {
                aPIResult.setState(StateEnum.ILLEGAL_GRANT_TYPE.getCode());
                throw new BaseException(StateEnum.ILLEGAL_GRANT_TYPE.getCode(), StateEnum.ILLEGAL_GRANT_TYPE.getText(), new Object[0]);
            }
            aPIResult.setData(obj3.toString());
            aPIResult.addVariable("clientId", obj3);
        }
        return aPIResult;
    }

    @ApiOperation(value = "校验令牌", notes = "传入令牌")
    public APIResult<String> verify(@RequestParam(name = "access_token", required = true) @ApiParam(name = "access_token", value = "访问令牌", required = true) String str, @RequestParam(name = "needContext", required = false, defaultValue = "false") @ApiParam(name = "needContext", value = "是否返回上下文", required = false) boolean z, @RequestParam(name = "lightContext", required = false, defaultValue = "false") @ApiParam(name = "lightContext", value = "是否精简后再返回上下文", required = false) boolean z2, @RequestHeader(name = "X-Authorization-tenantid", required = false) @ApiParam(name = "X-Authorization-tenantid", value = "租户ID", required = false) String str2) {
        String redisKey;
        String redisKey2;
        if (logger.isDebugEnabled()) {
            logger.debug("verify access_token");
        }
        APIResult<String> aPIResult = new APIResult<>();
        try {
            redisKey = this.appConfig.getRedisKey(new String[]{"access.token", str});
            redisKey2 = this.appConfig.getRedisKey(new String[]{"access.token", str, "0"});
            boolean booleanValue = ((Boolean) AppUtil.getProperty("nfdw.oauth.enable", Boolean.class)).booleanValue();
            if (!RedisUtil.redisTemplate.hasKey(redisKey).booleanValue() && booleanValue) {
                AuthorizationConfig authorizationConfig = (AuthorizationConfig) AppUtil.getBean(AuthorizationConfig.class);
                genTokenBynNfdw(authorizationConfig.getDefaultClient(), authorizationConfig.getDefaultSecret(), str);
                redisKey = this.appConfig.getRedisKey(new String[]{"access.token", str});
                redisKey2 = this.appConfig.getRedisKey(new String[]{"access.token", str, "0"});
            }
            if (logger.isDebugEnabled()) {
                logger.debug("verify accessToken {}, atkey has {}, jatkey has {}.", new Object[]{str, RedisUtil.redisTemplate.hasKey(redisKey), RedisUtil.redisTemplate.hasKey(redisKey2)});
            }
        } catch (Exception e) {
            if (StateEnum.SUCCESS.getCode() == aPIResult.getState()) {
                aPIResult.setState(StateEnum.ILLEGAL_TOKEN.getCode());
            }
            aPIResult.setCause(ExceptionUtil.analysisCause(e));
            logger.error("access token failed:", e);
        }
        if (!RedisUtil.redisTemplate.hasKey(redisKey).booleanValue()) {
            if (RedisUtil.redisTemplate.hasKey(redisKey2).booleanValue()) {
                aPIResult.setState(StateEnum.EXPIRED_TOKEN.getCode());
                throw new BaseException(StateEnum.EXPIRED_TOKEN.getCode(), StateEnum.EXPIRED_TOKEN.getText(), new Object[0]);
            }
            if (RedisUtil.redisTemplate.hasKey(this.appConfig.getRedisKey(new String[]{"login.temporary", str})).booleanValue()) {
                aPIResult.setState(StateEnum.ILLEGAL_LIMIT_STATE.getCode());
                return aPIResult;
            }
            aPIResult.setState(StateEnum.ILLEGAL_TOKEN.getCode());
            throw new BaseException(StateEnum.ILLEGAL_TOKEN.getCode(), StateEnum.ILLEGAL_TOKEN.getText(), new Object[0]);
        }
        Object obj = RedisUtil.redisTemplate.opsForHash().get(redisKey, "grant.type");
        Object obj2 = RedisUtil.redisTemplate.opsForHash().get(redisKey, "user.name");
        Object obj3 = RedisUtil.redisTemplate.opsForHash().get(redisKey, "client.id");
        String obj4 = obj.toString();
        aPIResult.addVariable("grant.type", obj4);
        String header = getRequest().getHeader("X-Authorization-systemid");
        aPIResult.addVariable("systemId", header);
        if ("authorization_code".equalsIgnoreCase(obj4) || "password_credentials".equalsIgnoreCase(obj4) || "authorization_nfdw".equalsIgnoreCase(obj4)) {
            try {
                String obj5 = obj2.toString();
                aPIResult.setData(obj5);
                aPIResult.addVariable("clientId", obj3);
                try {
                    if (TenantUtil.isTenantEnabled()) {
                        TenantContext.forceTenantObject(TenantQueryUtil.get(str2));
                        String realDsAlias = TenantUtil.TenantSchemaUtil.getRealDsAlias(str2, TenantUtil.getProviderId());
                        if (StringUtil.isNotBlank(realDsAlias)) {
                            DbContextHolder.setDataSource(realDsAlias, DbUtil.getCurDBtype());
                        }
                    }
                    DefaultPartyUserPo byAccount4Cache = this.defaultPartyUserRepository.getByAccount4Cache(obj5);
                    String mobile = byAccount4Cache != null ? byAccount4Cache.getMobile() : "";
                    aPIResult.addVariable("mobile", mobile);
                    String email = byAccount4Cache != null ? byAccount4Cache.getEmail() : "";
                    aPIResult.addVariable("email", email);
                    if (byAccount4Cache != null) {
                        String status = this.partyEmployeeRepository.get(byAccount4Cache.getId()).getStatus();
                        if (UserStatus.INACTIVE.getValue().equalsIgnoreCase(status)) {
                            throw new InactiveException(I18nUtil.getMessage("com.lc.ibps.cloud.oauth.server.provider.BaseProvider.verifyStatus.ex.inactive"));
                        }
                        if (UserStatus.LOCKED.getValue().equalsIgnoreCase(status)) {
                            throw new LockedAccountException(I18nUtil.getMessage("com.lc.ibps.cloud.oauth.server.provider.BaseProvider.verifyStatus.ex.locked"));
                        }
                        if (UserStatus.EXPIRED.getValue().equalsIgnoreCase(status)) {
                            throw new ExpiredAccountException(I18nUtil.getMessage("com.lc.ibps.cloud.oauth.server.provider.BaseProvider.verifyStatus.ex.expired"));
                        }
                        if (UserStatus.DISABLED.getValue().equalsIgnoreCase(status)) {
                            throw new ExpiredAccountException(I18nUtil.getMessage("com.lc.ibps.cloud.oauth.server.provider.BaseProvider.verifyStatus.ex.disabled"));
                        }
                        if (UserStatus.DELETED.getValue().equalsIgnoreCase(status)) {
                            throw new UnknownAccountException(I18nUtil.getMessage("com.lc.ibps.cloud.oauth.server.provider.BaseProvider.verifyStatus.ex.deleted"));
                        }
                    }
                    if (TenantUtil.isTenantEnabled()) {
                        DbContextHolder.setDataSource(TenantContext.getTenantDsAlias(), DbUtil.getCurDBtype());
                        TenantContext.clearForceTenantObject();
                    }
                    if (z && !z2) {
                        APIResult aPIResult2 = new APIResult();
                        InnerContextUtil.createContextData(str2, header, obj5, aPIResult2, obj5, mobile, email);
                        if (!aPIResult2.isSuccess()) {
                            throw new BaseException(aPIResult2.getState(), aPIResult2.getCause(), new Object[0]);
                        }
                        aPIResult.addVariable("context", aPIResult2.getData());
                    }
                } catch (Exception e2) {
                    throw e2;
                }
            } catch (Throwable th) {
                if (TenantUtil.isTenantEnabled()) {
                    DbContextHolder.setDataSource(TenantContext.getTenantDsAlias(), DbUtil.getCurDBtype());
                    TenantContext.clearForceTenantObject();
                }
                throw th;
            }
        } else {
            if (!"client_credentials".equalsIgnoreCase(obj4)) {
                aPIResult.setState(StateEnum.ILLEGAL_GRANT_TYPE.getCode());
                throw new BaseException(StateEnum.ILLEGAL_GRANT_TYPE.getCode(), StateEnum.ILLEGAL_GRANT_TYPE.getText(), new Object[0]);
            }
            aPIResult.setData(obj3.toString());
            aPIResult.addVariable("clientId", obj3);
        }
        return aPIResult;
    }

    @ApiOperation(value = "获取令牌列表", notes = "传入令牌参数")
    public APIResult<APIPageList<TokenVo>> query(@RequestHeader(name = "X-Authorization-access_token", required = true) @ApiParam(name = "X-Authorization-access_token", value = "访问令牌", required = true) String str, @ApiParam(name = "request", value = "令牌参数(json格式)", required = true) @RequestBody(required = true) APIRequest aPIRequest) {
        APIResult<String> verify;
        APIResult<APIPageList<TokenVo>> aPIResult = new APIResult<>();
        try {
            verify = verify(str);
        } catch (Exception e) {
            aPIResult.setState(StateEnum.ERROR_SYSTEM_AUTH.getCode());
            aPIResult.setMessage(StateEnum.ERROR_SYSTEM_AUTH.getText());
            if (null != e) {
                aPIResult.setCause(ExceptionUtil.analysisCause(e));
                logger.error(e.getMessage(), e);
            }
        }
        if (verify.isSuccess()) {
            aPIResult.setData(pageList(aPIRequest));
            return aPIResult;
        }
        aPIResult.setState(verify.getState());
        aPIResult.setCause(I18nUtil.getMessage(StringUtil.build(new Object[]{"state.", Integer.valueOf(verify.getState())})));
        return aPIResult;
    }

    @ApiOperation(value = "令牌删除", notes = "传入令牌及类型")
    public APIResult<Void> remove(@RequestHeader(name = "X-Authorization-access_token", required = true) @ApiParam(name = "X-Authorization-access_token", value = "访问令牌", required = true) String str, @ApiParam(name = "tokenParamVo", value = "令牌参数", required = true) @RequestBody(required = true) TokenParamVo tokenParamVo) {
        APIResult<String> verify;
        APIResult<Void> aPIResult = new APIResult<>();
        try {
            verify = verify(str);
        } catch (Exception e) {
            aPIResult.setState(StateEnum.ERROR_SYSTEM_AUTH.getCode());
            aPIResult.setMessage(StateEnum.ERROR_SYSTEM_AUTH.getText());
            if (null != e) {
                aPIResult.setCause(ExceptionUtil.analysisCause(e));
                logger.error(e.getMessage(), e);
            }
        }
        if (!verify.isSuccess()) {
            aPIResult.setState(verify.getState());
            aPIResult.setCause(I18nUtil.getMessage(StringUtil.build(new Object[]{"state.", Integer.valueOf(verify.getState())})));
            return aPIResult;
        }
        if (tokenParamVo.getTokens().contains(str)) {
            throw new BaseException(StateEnum.ILLEGAL_TOKEN_DELETE.getCode(), StateEnum.ILLEGAL_TOKEN_DELETE.getText(), new Object[0]);
        }
        Object obj = RedisUtil.redisTemplate.opsForHash().get(this.appConfig.getRedisKey(new String[]{"access.token", str}), "refresh.token");
        if (null != obj && tokenParamVo.getTokens().contains(obj.toString())) {
            throw new BaseException(StateEnum.ILLEGAL_TOKEN_DELETE.getCode(), StateEnum.ILLEGAL_TOKEN_DELETE.getText(), new Object[0]);
        }
        if ("token".equals(tokenParamVo.getType())) {
            for (String str2 : tokenParamVo.getTokens()) {
                String redisKey = this.appConfig.getRedisKey(new String[]{"access.token", str2});
                RedisUtil.redisTemplate.opsForHash().get(redisKey, "refresh.token");
                String redisKey2 = this.appConfig.getRedisKey(new String[]{"access.token", str2, "0"});
                RedisUtil.redisTemplate.delete(redisKey);
                RedisUtil.redisTemplate.delete(redisKey2);
            }
        } else {
            if (!"refresh".equals(tokenParamVo.getType())) {
                throw new BaseException(StateEnum.ILLEGAL_TOKEN_TYPE_NOT_SUPPORT.getCode(), String.format(StateEnum.ILLEGAL_TOKEN_TYPE_NOT_SUPPORT.getText(), tokenParamVo.getType()), new Object[]{tokenParamVo.getType()});
            }
            Iterator it = tokenParamVo.getTokens().iterator();
            while (it.hasNext()) {
                String redisKey3 = this.appConfig.getRedisKey(new String[]{"refresh.token", (String) it.next()});
                Object obj2 = RedisUtil.redisTemplate.opsForHash().get(redisKey3, "access.token");
                String redisKey4 = this.appConfig.getRedisKey(new String[]{"access.token", obj2.toString()});
                String redisKey5 = this.appConfig.getRedisKey(new String[]{"access.token", obj2.toString(), "0"});
                RedisUtil.redisTemplate.delete(redisKey4);
                RedisUtil.redisTemplate.delete(redisKey5);
                RedisUtil.redisTemplate.delete(redisKey3);
            }
        }
        return aPIResult;
    }

    private APIPageList<TokenVo> pageList(APIRequest aPIRequest) {
        QueryFilter queryFilter = getQueryFilter(aPIRequest);
        com.lc.ibps.components.cache.redis.RedisUtil singleton = RedisUtil.Singleton.getInstance();
        return getAPIPageList(list(singleton, queryFilter, singleton.findByPrefix(Integer.MAX_VALUE, this.appConfig.getRedisKey(new String[]{"refresh.token"}))));
    }

    private List<TokenVo> list(com.lc.ibps.components.cache.redis.RedisUtil redisUtil, QueryFilter queryFilter, Set<String> set) {
        ArrayList arrayList = new ArrayList(set);
        Page page = queryFilter.getPage();
        PageList pageList = new PageList();
        pageList.setPageResult(new PageResult(page.getPageNo().intValue(), page.getPageSize().intValue(), set.size()));
        int intValue = page.getStartIndex().intValue();
        int size = arrayList.size();
        if (size < intValue) {
            return pageList;
        }
        int intValue2 = page.getPageSize().intValue();
        for (int i = intValue; i < intValue + intValue2 && i < size; i++) {
            String str = (String) arrayList.get(i);
            if (logger.isDebugEnabled()) {
                logger.debug("key={}", str);
            }
            if (DataType.HASH.name().equals(com.lc.ibps.cloud.redis.utils.RedisUtil.redisTemplate.type(str).name())) {
                Object obj = com.lc.ibps.cloud.redis.utils.RedisUtil.redisTemplate.opsForHash().get(str, "grant.type");
                Object obj2 = com.lc.ibps.cloud.redis.utils.RedisUtil.redisTemplate.opsForHash().get(str, "user.name");
                Object obj3 = com.lc.ibps.cloud.redis.utils.RedisUtil.redisTemplate.opsForHash().get(str, "client.id");
                Object obj4 = com.lc.ibps.cloud.redis.utils.RedisUtil.redisTemplate.opsForHash().get(str, "access.token");
                Object obj5 = com.lc.ibps.cloud.redis.utils.RedisUtil.redisTemplate.opsForHash().get(str, "refresh.token");
                TokenVo tokenVo = new TokenVo();
                if (null != obj5) {
                    tokenVo.setRefreshToken(obj5.toString());
                }
                tokenVo.setRefreshTokenTtlSeconds(redisUtil.ttl(str));
                tokenVo.setRefreshTokenTtlDate(DateUtil.calendar(SystemClock.now() + (tokenVo.getRefreshTokenTtlSeconds() * 1000)).getTime());
                if ("client_credentials".equals(obj.toString())) {
                    tokenVo.setIdentityType(ApiGrantType.CLIENT.getValue());
                    tokenVo.setIdentity(obj3.toString());
                } else {
                    tokenVo.setIdentityType(ApiGrantType.USER.getValue());
                    tokenVo.setIdentity(obj2.toString());
                }
                String redisKey = this.appConfig.getRedisKey(new String[]{"access.token", obj4.toString()});
                if (com.lc.ibps.cloud.redis.utils.RedisUtil.redisTemplate.hasKey(redisKey).booleanValue()) {
                    tokenVo.setAccessToken(obj4.toString());
                    tokenVo.setAccessTokenTtlSeconds(redisUtil.ttl(redisKey));
                    tokenVo.setAccessTokenTtlDate(DateUtil.calendar(SystemClock.now() + (tokenVo.getAccessTokenTtlSeconds() * 1000)).getTime());
                }
                pageList.add(tokenVo);
            }
        }
        return pageList;
    }
}
