package com.lc.ibps.cloud.oauth.server.provider;

import cn.hutool.core.lang.UUID;
import com.lc.ibps.api.base.constants.StateEnum;
import com.lc.ibps.api.base.exception.PermissionNoExistException;
import com.lc.ibps.api.org.constant.UserStatus;
import com.lc.ibps.auth.constants.ClientStatus;
import com.lc.ibps.auth.constants.GrantType;
import com.lc.ibps.auth.constants.Scope;
import com.lc.ibps.auth.persistence.entity.AuthClientPo;
import com.lc.ibps.auth.repository.AuthClientRepository;
import com.lc.ibps.base.core.exception.BaseException;
import com.lc.ibps.base.core.util.AppUtil;
import com.lc.ibps.base.core.util.BeanUtils;
import com.lc.ibps.base.core.util.I18nUtil;
import com.lc.ibps.base.core.util.LogUtil;
import com.lc.ibps.base.core.util.string.StringUtil;
import com.lc.ibps.base.core.util.string.StringValidator;
import com.lc.ibps.base.core.util.time.DateUtil;
import com.lc.ibps.base.db.tenant.utils.TenantUtil;
import com.lc.ibps.base.disruptor.engine.DisruptorEngine;
import com.lc.ibps.base.disruptor.model.DisruptorModel;
import com.lc.ibps.base.framework.model.OperatorParamter;
import com.lc.ibps.base.saas.context.TenantContext;
import com.lc.ibps.base.web.context.RequestContext;
import com.lc.ibps.cloud.config.SecrectConfig;
import com.lc.ibps.cloud.identifier.IdGenerator;
import com.lc.ibps.cloud.identifier.config.IdConfig;
import com.lc.ibps.cloud.oauth.entity.ContextDTO;
import com.lc.ibps.cloud.oauth.entity.LoginVo;
import com.lc.ibps.cloud.oauth.exception.DisabledAccountException;
import com.lc.ibps.cloud.oauth.exception.ExcessiveAttemptsException;
import com.lc.ibps.cloud.oauth.exception.ExpiredAccountException;
import com.lc.ibps.cloud.oauth.exception.ExpiredCredentialsException;
import com.lc.ibps.cloud.oauth.exception.ExpiredSecretException;
import com.lc.ibps.cloud.oauth.exception.InactiveException;
import com.lc.ibps.cloud.oauth.exception.IncorrectCredentialsException;
import com.lc.ibps.cloud.oauth.exception.LengthCredentialsException;
import com.lc.ibps.cloud.oauth.exception.LockedAccountException;
import com.lc.ibps.cloud.oauth.exception.ManyIncorrectCredentialsException;
import com.lc.ibps.cloud.oauth.exception.NopassException;
import com.lc.ibps.cloud.oauth.exception.PenddingException;
import com.lc.ibps.cloud.oauth.exception.UnknownAccountException;
import com.lc.ibps.cloud.oauth.jwt.JwtUtil;
import com.lc.ibps.cloud.oauth.server.config.TokenConfig;
import com.lc.ibps.cloud.oauth.server.config.UserConfig;
import com.lc.ibps.cloud.oauth.server.config.UserLimitConfig;
import com.lc.ibps.cloud.oauth.server.context.InnerContextUtil;
import com.lc.ibps.cloud.provider.GenericProvider;
import com.lc.ibps.cloud.redis.config.AppConfig;
import com.lc.ibps.cloud.redis.utils.RedisUtil;
import com.lc.ibps.cloud.utils.RequestUtil;
import com.lc.ibps.org.auth.persistence.entity.UserSecurityPo;
import com.lc.ibps.org.auth.repository.UserSecurityRepository;
import com.lc.ibps.org.party.domain.PartyEmployee;
import com.lc.ibps.org.party.domain.PartyUser;
import com.lc.ibps.org.party.persistence.entity.DefaultPartyUserPo;
import com.lc.ibps.org.party.persistence.entity.PartyUserPo;
import com.lc.ibps.org.party.repository.DefaultPartyRoleRepository;
import com.lc.ibps.org.party.repository.DefaultPartyUserRepository;
import com.lc.ibps.org.party.repository.PartyEmployeeRepository;
import com.lc.ibps.org.party.repository.PartyGroupRepository;
import com.lc.ibps.org.party.repository.PartyOrgRepository;
import com.lc.ibps.org.party.repository.PartyPositionRepository;
import com.lc.ibps.org.party.repository.PartyUserGroupRepository;
import com.lc.ibps.org.party.repository.PartyUserLimitRepository;
import com.lc.ibps.org.party.repository.PartyUserRepository;
import com.lc.ibps.register.constants.RegDBConstants;
import com.lc.ibps.register.domain.RegData;
import com.lc.ibps.register.persistence.entity.RegDataPo;
import com.lc.ibps.register.repository.RegDataRepository;
import java.util.Date;
import java.util.concurrent.TimeUnit;
import java.util.function.Function;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Lazy;
import org.springframework.data.util.Pair;

/* loaded from: input_file:com/lc/ibps/cloud/oauth/server/provider/BaseProvider.class */
public class BaseProvider extends GenericProvider {
    protected static final Logger logger = LoggerFactory.getLogger(BaseProvider.class);
    private IdGenerator idGenerator;
    private PartyEmployee partyEmployee;
    private IdConfig idConfig;
    protected SecrectConfig secrectConfig;
    protected TokenConfig tokenConfig;
    protected AppConfig appConfig;
    protected UserConfig userConfig;
    protected UserLimitConfig userLimitConfig;
    protected PartyUserRepository partyUserRepository;
    protected PartyUser partyUser;
    protected DefaultPartyUserRepository defaultPartyUserRepository;
    protected PartyEmployeeRepository partyEmployeeRepository;
    protected AuthClientRepository authClientRepository;
    protected PartyUserLimitRepository partyUserLimitRepository;
    protected UserSecurityRepository userSecurityRepository;
    protected PartyOrgRepository partyOrgRepository;
    protected PartyPositionRepository partyPositionRepository;
    protected PartyUserGroupRepository partyUserGroupRepository;
    protected PartyGroupRepository partyGroupRepository;
    protected DefaultPartyRoleRepository defaultPartyRoleRepository;
    protected RegDataRepository regDataRepository;
    protected RegData regData;

    @Autowired
    @Lazy
    public void setIdGenerator(IdGenerator idGenerator) {
        this.idGenerator = idGenerator;
    }

    @Autowired
    @Lazy
    public void setPartyEmployee(PartyEmployee partyEmployee) {
        this.partyEmployee = partyEmployee;
    }

    @Autowired
    @Lazy
    public void setIdConfig(IdConfig idConfig) {
        this.idConfig = idConfig;
    }

    @Autowired
    @Lazy
    public void setSecrectConfig(SecrectConfig secrectConfig) {
        this.secrectConfig = secrectConfig;
    }

    @Autowired
    @Lazy
    public void setTokenConfig(TokenConfig tokenConfig) {
        this.tokenConfig = tokenConfig;
    }

    @Autowired
    @Lazy
    public void setAppConfig(AppConfig appConfig) {
        this.appConfig = appConfig;
    }

    @Autowired
    @Lazy
    public void setUserConfig(UserConfig userConfig) {
        this.userConfig = userConfig;
    }

    @Autowired
    @Lazy
    public void setUserLimitConfig(UserLimitConfig userLimitConfig) {
        this.userLimitConfig = userLimitConfig;
    }

    @Autowired
    @Lazy
    public void setPartyUserRepository(PartyUserRepository partyUserRepository) {
        this.partyUserRepository = partyUserRepository;
    }

    @Autowired
    @Lazy
    public void setPartyUser(PartyUser partyUser) {
        this.partyUser = partyUser;
    }

    @Autowired
    @Lazy
    public void setDefaultPartyUserRepository(DefaultPartyUserRepository defaultPartyUserRepository) {
        this.defaultPartyUserRepository = defaultPartyUserRepository;
    }

    @Autowired
    @Lazy
    public void setPartyEmployeeRepository(PartyEmployeeRepository partyEmployeeRepository) {
        this.partyEmployeeRepository = partyEmployeeRepository;
    }

    @Autowired
    @Lazy
    public void setAuthClientRepository(AuthClientRepository authClientRepository) {
        this.authClientRepository = authClientRepository;
    }

    @Autowired
    @Lazy
    public void setPartyUserLimitRepository(PartyUserLimitRepository partyUserLimitRepository) {
        this.partyUserLimitRepository = partyUserLimitRepository;
    }

    @Autowired
    @Lazy
    public void setUserSecurityRepository(UserSecurityRepository userSecurityRepository) {
        this.userSecurityRepository = userSecurityRepository;
    }

    @Autowired
    @Lazy
    public void setPartyOrgRepository(PartyOrgRepository partyOrgRepository) {
        this.partyOrgRepository = partyOrgRepository;
    }

    @Autowired
    @Lazy
    public void setPartyPositionRepository(PartyPositionRepository partyPositionRepository) {
        this.partyPositionRepository = partyPositionRepository;
    }

    @Autowired
    @Lazy
    public void setPartyUserGroupRepository(PartyUserGroupRepository partyUserGroupRepository) {
        this.partyUserGroupRepository = partyUserGroupRepository;
    }

    @Autowired
    @Lazy
    public void setPartyGroupRepository(PartyGroupRepository partyGroupRepository) {
        this.partyGroupRepository = partyGroupRepository;
    }

    @Autowired
    @Lazy
    public void setDefaultPartyRoleRepository(DefaultPartyRoleRepository defaultPartyRoleRepository) {
        this.defaultPartyRoleRepository = defaultPartyRoleRepository;
    }

    @Autowired
    @Lazy
    public void setRegDataRepository(RegDataRepository regDataRepository) {
        this.regDataRepository = regDataRepository;
    }

    @Autowired
    @Lazy
    public void setRegData(RegData regData) {
        this.regData = regData;
    }

    protected AuthClientPo validate(String str) {
        AuthClientPo byClientId4Cache = this.authClientRepository.getByClientId4Cache(str);
        if (BeanUtils.isEmpty(byClientId4Cache)) {
            throw new PermissionNoExistException(StateEnum.NO_EXIST_PERMISSION.getText());
        }
        return byClientId4Cache;
    }

    protected AuthClientPo validateScope(String str, String str2) {
        AuthClientPo validate = validate(str);
        validateScope(str2, validate);
        return validate;
    }

    protected AuthClientPo validateGrantType(String str, String str2) {
        AuthClientPo validate = validate(str);
        validateGrantType(str2, validate);
        return validate;
    }

    protected AuthClientPo validate(String str, String str2) {
        AuthClientPo validate = validate(str);
        if (!validate.getClientSecret().equals(str2)) {
            throw new BaseException(StateEnum.ILLEGAL_KEY.getCode(), StateEnum.ILLEGAL_KEY.getText(), new Object[0]);
        }
        if (DateUtil.compare(validate.getExpireTime(), new Date())) {
            throw new BaseException(StateEnum.ILLEGAL_PERMISSION_EXPIRED.getCode(), StateEnum.ILLEGAL_PERMISSION_EXPIRED.getText(), new Object[0]);
        }
        if (StringUtil.isBlank(validate.getStatus())) {
            throw new BaseException(StateEnum.ILLEGAL_PERMISSION_ACCESS_AUTHORIZATION_STATUS_VALUE_EMPTY.getCode(), StateEnum.ILLEGAL_PERMISSION_ACCESS_AUTHORIZATION_STATUS_VALUE_EMPTY.getText(), new Object[0]);
        }
        if (ClientStatus.PEDDING.getValue().equalsIgnoreCase(validate.getStatus())) {
            throw new PenddingException(I18nUtil.getMessage("com.lc.ibps.cloud.oauth.server.provider.BaseProvider.validate.ex.pending"));
        }
        if (ClientStatus.NOPASS.getValue().equalsIgnoreCase(validate.getStatus())) {
            throw new NopassException(I18nUtil.getMessage("com.lc.ibps.cloud.oauth.server.provider.BaseProvider.validate.ex.nopass"));
        }
        if (ClientStatus.EXPIRED.getValue().equalsIgnoreCase(validate.getStatus())) {
            throw new ExpiredSecretException(I18nUtil.getMessage("com.lc.ibps.cloud.oauth.server.provider.BaseProvider.validate.ex.expired"));
        }
        return validate;
    }

    protected AuthClientPo validateScope(String str, String str2, String str3) {
        AuthClientPo validate = validate(str, str2);
        validateScope(str3, validate);
        return validate;
    }

    private void validateScope(String str, AuthClientPo authClientPo) {
        if (!Scope.isValid(str)) {
            throw new BaseException(StateEnum.ILLEGAL_PERMISSION_SCOPE_NOT_EXIST.getCode(), StateEnum.ILLEGAL_PERMISSION_SCOPE_NOT_EXIST.getText(), new Object[0]);
        }
        if (StringUtil.isBlank(authClientPo.getScope())) {
            throw new BaseException(StateEnum.ILLEGAL_PERMISSION_SCOPE_NOT_SUPPORT.getCode(), String.format(StateEnum.ILLEGAL_PERMISSION_SCOPE_NOT_SUPPORT.getText(), str), new Object[]{str});
        }
    }

    protected AuthClientPo validateGrantType(String str, String str2, String str3) {
        AuthClientPo validate = validate(str, str2);
        validateGrantType(str3, validate);
        return validate;
    }

    private void validateGrantType(String str, AuthClientPo authClientPo) {
        if (!GrantType.isValid(str)) {
            throw new BaseException(StateEnum.ILLEGAL_PERMISSION_AUTHORIZATION_MODEL_NOT_EXIST.getCode(), StateEnum.ILLEGAL_PERMISSION_AUTHORIZATION_MODEL_NOT_EXIST.getText(), new Object[0]);
        }
        if (StringUtil.isBlank(authClientPo.getGrantTypes())) {
            throw new BaseException(StateEnum.ILLEGAL_PERMISSION_AUTHORIZATION_MODEL_NOT_SUPPORT.getCode(), String.format(StateEnum.ILLEGAL_PERMISSION_AUTHORIZATION_MODEL_NOT_SUPPORT.getText(), str), new Object[]{str});
        }
        if (!authClientPo.getGrantTypes().contains(str)) {
            throw new BaseException(StateEnum.ILLEGAL_PERMISSION_AUTHORIZATION_MODEL_NOT_SUPPORT.getCode(), String.format(StateEnum.ILLEGAL_PERMISSION_AUTHORIZATION_MODEL_NOT_SUPPORT.getText(), str), new Object[]{str});
        }
    }

    private PartyUserPo login1(LoginVo loginVo) {
        String username = loginVo.getUsername();
        String password = loginVo.getPassword();
        this.defaultPartyUserRepository.setSkipCache();
        PartyUserPo byAccount = InnerContextUtil.getByAccount(username, false, OperatorParamter.Builder.create().add("clientKey", loginVo.getClientKey()).build());
        this.defaultPartyUserRepository.removeSkipCache();
        return login(password, byAccount);
    }

    private PartyUserPo loginTenant(LoginVo loginVo) {
        return login(loginVo.getPassword(), InnerContextUtil.getByAccount(loginVo, false));
    }

    protected PartyUserPo login0(LoginVo loginVo) {
        PartyUserPo partyUserPo = null;
        if (TenantUtil.isTenantEnabled()) {
            partyUserPo = loginTenant(loginVo);
        }
        if (BeanUtils.isEmpty(partyUserPo)) {
            partyUserPo = login1(loginVo);
        }
        return partyUserPo;
    }

    private PartyUserPo login(String str, PartyUserPo partyUserPo) {
        RegDataPo byMobile;
        if (BeanUtils.isEmpty(partyUserPo)) {
            if (RegDBConstants.REGISTER_ENABLED) {
                throw new UnknownAccountException(I18nUtil.getMessage("com.lc.ibps.cloud.oauth.server.provider.BaseProvider.login.ex.unknown.register.first"));
            }
            throw new UnknownAccountException(I18nUtil.getMessage("com.lc.ibps.cloud.oauth.server.provider.BaseProvider.login.ex.unknown"));
        }
        String account = partyUserPo.getAccount();
        DefaultPartyUserPo defaultPartyUserPo = new DefaultPartyUserPo();
        BeanUtils.copyNotNullProperties(defaultPartyUserPo, partyUserPo);
        String status = defaultPartyUserPo.getStatus();
        if (!RegDBConstants.REGISTER_ENABLED && BeanUtils.isNotEmpty(status)) {
            verifyStatus(status);
        }
        userSecurityVerify(partyUserPo, matchPassword(account, str, partyUserPo));
        RedisUtil.redisTemplateString.delete(this.appConfig.getRedisKey(new String[]{"login.retry", account}));
        if (RegDBConstants.REGISTER_ENABLED && StringValidator.isMobile(account) && (byMobile = this.regDataRepository.getByMobile(account)) != null) {
            byMobile.setLastLoginTime(new Date());
            byMobile.setLoginTimes(Long.valueOf(BeanUtils.isEmpty(byMobile.getLoginTimes()) ? 1L : byMobile.getLoginTimes().longValue() + 1));
            this.regData.update(byMobile);
        }
        return partyUserPo;
    }

    private void verifyStatus(String str) {
        if (StringUtil.isBlank(str)) {
            throw new BaseException(StateEnum.ILLEGAL_ACCOUNT_USER_STATUS_VALUE_EMPTY.getCode(), StateEnum.ILLEGAL_ACCOUNT_USER_STATUS_VALUE_EMPTY.getText(), new Object[0]);
        }
        if (UserStatus.INACTIVE.getValue().equalsIgnoreCase(str)) {
            throw new InactiveException(I18nUtil.getMessage("com.lc.ibps.cloud.oauth.server.provider.BaseProvider.verifyStatus.ex.inactive"));
        }
        if (UserStatus.LOCKED.getValue().equalsIgnoreCase(str)) {
            throw new LockedAccountException(I18nUtil.getMessage("com.lc.ibps.cloud.oauth.server.provider.BaseProvider.verifyStatus.ex.locked"));
        }
        if (UserStatus.EXPIRED.getValue().equalsIgnoreCase(str)) {
            throw new ExpiredAccountException(I18nUtil.getMessage("com.lc.ibps.cloud.oauth.server.provider.BaseProvider.verifyStatus.ex.expired"));
        }
        if (UserStatus.DISABLED.getValue().equalsIgnoreCase(str)) {
            throw new DisabledAccountException(I18nUtil.getMessage("com.lc.ibps.cloud.oauth.server.provider.BaseProvider.verifyStatus.ex.disabled"));
        }
        if (UserStatus.DELETED.getValue().equalsIgnoreCase(str)) {
            throw new UnknownAccountException(I18nUtil.getMessage("com.lc.ibps.cloud.oauth.server.provider.BaseProvider.verifyStatus.ex.deleted"));
        }
    }

    private String matchPassword(String str, String str2, PartyUserPo partyUserPo) {
        String str3 = "";
        this.userLimitConfig.verifyNoLogin(str);
        if (!this.secrectConfig.getRequestSecretValue().equals(str2)) {
            Pair encrypt1 = this.userConfig.encrypt1(str2);
            String str4 = (String) encrypt1.getFirst();
            str3 = (String) encrypt1.getSecond();
            if (!partyUserPo.getPassword().equals(str4)) {
                if (logger.isWarnEnabled()) {
                    logger.warn("user encrypt password {}, input encrypt password {}.", partyUserPo.getPassword(), str4);
                }
                String redisKey = this.appConfig.getRedisKey(new String[]{"login.retry", str});
                Integer num = (Integer) RedisUtil.redisTemplateInteger.opsForValue().get(redisKey);
                Integer valueOf = Integer.valueOf(num == null ? 0 : num.intValue());
                int retry = this.userConfig.getCaptcha().getRetry();
                int retry2 = this.userLimitConfig.getRetry();
                Integer valueOf2 = Integer.valueOf(valueOf.intValue() + 1);
                RedisUtil.redisTemplateInteger.opsForValue().set(redisKey, valueOf2);
                RedisUtil.redisTemplateInteger.expireAt(redisKey, getTomorrowDate());
                if (valueOf2.intValue() >= retry2) {
                    if (!this.userLimitConfig.isEnabled().booleanValue()) {
                        throw new IncorrectCredentialsException(I18nUtil.getMessage("com.lc.ibps.cloud.oauth.server.provider.BaseProvider.matchPassword.ex.incorrect.default"));
                    }
                    lockUser(partyUserPo);
                    throw new ExcessiveAttemptsException(I18nUtil.getMessage("com.lc.ibps.cloud.oauth.server.provider.BaseProvider.matchPassword.ex.locked"));
                }
                if (valueOf2.intValue() < retry) {
                    if (this.userLimitConfig.isEnabled().booleanValue()) {
                        throw new ManyIncorrectCredentialsException(I18nUtil.getMessage("com.lc.ibps.cloud.oauth.server.provider.BaseProvider.matchPassword.ex.incorrect", new Object[]{Integer.valueOf(retry2 - valueOf2.intValue()), Integer.valueOf(retry2)}));
                    }
                    throw new ManyIncorrectCredentialsException(I18nUtil.getMessage("com.lc.ibps.cloud.oauth.server.provider.BaseProvider.matchPassword.ex.incorrect.default"));
                }
                String redisKey2 = this.appConfig.getRedisKey(new String[]{"login.captcha", RequestUtil.getIpAddr(RequestContext.getHttpServletRequest())});
                RedisUtil.redisTemplateString.opsForValue().set(redisKey2, "Y");
                RedisUtil.redisTemplateString.expireAt(redisKey2, getTomorrowDate());
                if (logger.isWarnEnabled()) {
                    logger.warn(I18nUtil.getMessage("com.lc.ibps.cloud.oauth.server.provider.BaseProvider.matchPassword.ex.captcha", new Object[]{str}));
                }
                if (this.userLimitConfig.isEnabled().booleanValue()) {
                    throw new ManyIncorrectCredentialsException(I18nUtil.getMessage("com.lc.ibps.cloud.oauth.server.provider.BaseProvider.matchPassword.ex.incorrect", new Object[]{Integer.valueOf(retry2 - valueOf2.intValue()), Integer.valueOf(retry2)}));
                }
                throw new ManyIncorrectCredentialsException(I18nUtil.getMessage("com.lc.ibps.cloud.oauth.server.provider.BaseProvider.matchPassword.ex.incorrect.default"));
            }
            if (this.userConfig.getCaptcha().isAfterSuccessResetRetry()) {
                RedisUtil.redisTemplateInteger.delete(this.appConfig.getRedisKey(new String[]{"login.retry", str}));
                RedisUtil.redisTemplateString.delete(this.appConfig.getRedisKey(new String[]{"login.captcha", RequestUtil.getIpAddr(RequestContext.getHttpServletRequest())}));
            }
        } else if (logger.isDebugEnabled()) {
            logger.debug("Login from other sysytem.");
        }
        return str3;
    }

    private void lockUser(PartyUserPo partyUserPo) {
        DisruptorModel disruptorModel = new DisruptorModel();
        Function function = partyUserPo2 -> {
            if (BeanUtils.isEmpty(partyUserPo2)) {
                return null;
            }
            if (!TenantUtil.isTenantEnabled()) {
                this.partyEmployee.lockByAccount(partyUserPo2.getAccount(), this.userLimitConfig.getMode(), Integer.valueOf(this.userLimitConfig.getTime()));
                return null;
            }
            try {
                try {
                    TenantContext.setTenantId(partyUserPo2.getTenantId());
                    this.partyEmployee.lockByAccount(partyUserPo2.getAccount(), this.userLimitConfig.getMode(), Integer.valueOf(this.userLimitConfig.getTime()));
                    return null;
                } catch (Exception e) {
                    throw e;
                }
            } finally {
                TenantContext.clear();
            }
        };
        disruptorModel.setContext(LogUtil.getMDC());
        disruptorModel.setExecution(function);
        disruptorModel.setExecutionInput(partyUserPo);
        ((DisruptorEngine) AppUtil.getBean(DisruptorEngine.class)).publishEvent(disruptorModel);
    }

    protected void unlockByAccount(String str) {
        this.partyEmployee.unlockByAccount(str);
    }

    private void userSecurityVerify(PartyUserPo partyUserPo, String str) {
        UserSecurityPo defaultUserSecurity = this.userSecurityRepository.getDefaultUserSecurity(partyUserPo.getTenantId());
        if (BeanUtils.isEmpty(defaultUserSecurity)) {
            return;
        }
        short shortValue = defaultUserSecurity.getMinLength().shortValue();
        short shortValue2 = defaultUserSecurity.getMaxLength().shortValue();
        int length = str.length();
        if (length < shortValue || length > shortValue2) {
            throw new LengthCredentialsException(I18nUtil.getMessage("com.lc.ibps.cloud.oauth.server.provider.BaseProvider.lengthNotMatchPassword.ex"), partyUserPo.getId(), partyUserPo.getTenantId());
        }
        short shortValue3 = defaultUserSecurity.getTimeLimit().shortValue();
        Date createTime = partyUserPo.getCreateTime();
        Date updateTime = partyUserPo.getUpdateTime();
        Date date = BeanUtils.isEmpty(updateTime) ? createTime : updateTime;
        if (BeanUtils.isEmpty(date)) {
            date = new Date();
        }
        if (DateUtil.compare(DateUtil.addDays(date, shortValue3), new Date())) {
            throw new ExpiredCredentialsException(I18nUtil.getMessage("com.lc.ibps.cloud.oauth.server.provider.BaseProvider.expiredPassword.ex"), partyUserPo.getId(), partyUserPo.getTenantId());
        }
    }

    private Date getTomorrowDate() {
        return DateUtil.setMilliseconds(DateUtil.setSeconds(DateUtil.setMinutes(DateUtil.setHours(DateUtil.addDays(new Date(), 1), 0), 0), 0), 0);
    }

    protected Date getExpriedDate() {
        return cn.hutool.core.date.DateUtil.offsetMinute(new Date(), this.userLimitConfig.getTime()).toJdkDate();
    }

    protected String createToken(ContextDTO contextDTO) {
        return this.tokenConfig.isJwt().booleanValue() ? JwtUtil.createToken(this.tokenConfig.getJwtType(), this.tokenConfig.getJwtEncryptName(), this.tokenConfig.getIvKey(), this.tokenConfig.getPrivateKey(), this.tokenConfig.getPublicKey(), this.tokenConfig.getJwtSecret(), this.userConfig.getClientEncrypt().getEncryptName(), this.userConfig.getClientEncrypt().getIvKey(), this.userConfig.getClientEncrypt().getPrivateKey(), this.userConfig.getClientEncrypt().getPublicKey(), this.tokenConfig.getIssuer(), this.tokenConfig.getAudience(), this.tokenConfig.getSecret(), this.tokenConfig.getExpires().intValue(), contextDTO) : uuid();
    }

    protected String uuid() {
        return "SnowFlake".equalsIgnoreCase(this.idConfig.getType()) ? this.idGenerator.getId() : "uuid".equalsIgnoreCase(this.idConfig.getType()) ? UUID.fastUUID().toString(true) : UUID.fastUUID().toString(true);
    }

    protected void cleanAndCacheKeys(String str, String... strArr) {
        cleanCacheKeys(str);
        cacheKeys(str, strArr);
    }

    protected void cacheKeys(String str, String... strArr) {
        if (StringUtil.isBlank(str) || BeanUtils.isEmpty(strArr)) {
            return;
        }
        long longValue = RedisUtil.redisTemplateString.opsForList().rightPushAll(str, strArr).longValue();
        RedisUtil.redisTemplateString.expire(str, this.tokenConfig.getRemind().intValue(), TimeUnit.SECONDS);
        if (logger.isDebugEnabled()) {
            logger.debug("{} size {}.", str, Long.valueOf(longValue));
        }
    }

    protected void cleanCacheKeys(String str) {
        if (StringUtil.isBlank(str)) {
            return;
        }
        long longValue = RedisUtil.redisTemplateString.opsForList().size(str).longValue();
        if (logger.isDebugEnabled()) {
            logger.debug("{} size {}.", str, Long.valueOf(longValue));
        }
        RedisUtil.redisTemplateString.delete(RedisUtil.redisTemplateString.opsForList().range(str, 0L, longValue));
        RedisUtil.redisTemplateString.delete(str);
    }
}
