package com.f2bpm.web.interceptors;

import com.alibaba.fastjson.JSONObject;
import com.alibaba.nacos.api.common.Constants;
import com.alibaba.nacos.client.identify.IdentifyConstants;
import com.f2bpm.base.core.app.AppConfig;
import com.f2bpm.base.core.cache.CacheManagePool;
import com.f2bpm.base.core.cache.CachePrefixEnum;
import com.f2bpm.base.core.cache.MemoryCache;
import com.f2bpm.base.core.crypto.Des3Util;
import com.f2bpm.base.core.entity.AuthorEntity;
import com.f2bpm.base.core.utils.DebugUtil;
import com.f2bpm.base.core.utils.JsonHelper;
import com.f2bpm.base.core.utils.string.StringUtil;
import com.f2bpm.base.core.utils.time.DateUtil;
import com.f2bpm.base.core.utils.time.TimeUtil;
import com.f2bpm.base.core.web.RequestContext;
import com.f2bpm.process.org.api.integrate.imodel.IUser;
import com.f2bpm.system.security.factory.OrgEngineFactory;
import com.f2bpm.system.security.impl.model.AppSystemConfig;
import com.f2bpm.system.security.oauthor.LoginUserCacheHelper;
import com.f2bpm.system.security.utils.AppSystemConfigUtil;
import com.f2bpm.system.security.utils.LogUtil;
import com.f2bpm.system.security.utils.TenantUtil;
import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;
import java.util.Date;
import javax.servlet.http.HttpServletRequest;

/* loaded from: input_file:BOOT-INF/classes/com/f2bpm/web/interceptors/SecurityOAuth.class */
public class SecurityOAuth {
    private static MemoryCache tokenCache = CacheManagePool.getInstance(CacheManagePool.tokensCache);
    private static final String tokenKeyPreFix = CachePrefixEnum.TokenCache_.toString();

    public static boolean certificationOnlyOnePlaceLogin(String str) {
        boolean isOnlyOnePlaceLogin = AppConfig.getIsOnlyOnePlaceLogin();
        if (!StringUtil.isNotEmpty(str) || !isOnlyOnePlaceLogin || !str.startsWith(CachePrefixEnum.OnePlaceLogin_.toString())) {
            return true;
        }
        Object byKey = tokenCache.getByKey(CachePrefixEnum.OnePlaceLogin_.toString() + getHeaderAuthorEntity(str.replace(CachePrefixEnum.OnePlaceLogin_.toString(), "")).getLoginUserId());
        return byKey == null || byKey.toString().equalsIgnoreCase(str);
    }

    public static boolean certificationJWToken(HttpServletRequest httpServletRequest, StringBuilder sb) {
        AuthorEntity headerAuthorEntity;
        StringBuilder sb2 = new StringBuilder();
        String str = "";
        int intValue = AppConfig.getIntApp("renewAuthorMaxAge", -1).intValue();
        if (intValue == -1) {
            headerAuthorEntity = getHeaderAuthorEntity(httpServletRequest);
        } else {
            int intValue2 = AppConfig.getIntApp("authorMaxAge", -1).intValue();
            str = getHeaderToken(httpServletRequest);
            headerAuthorEntity = getHeaderAuthorEntity(refreshToken(str, intValue2, intValue, sb2));
            if (DebugUtil.isDebug) {
                DebugUtil.addHereCostTime("refreshToken  ", RequestContext.getHttpServletRequest());
            }
        }
        boolean certification = certification(headerAuthorEntity, sb);
        if (DebugUtil.isDebug) {
            DebugUtil.addHereCostTime("认证Token时间", httpServletRequest);
        }
        if (certification) {
            Date currentDate = DateUtil.getCurrentDate();
            String loginUserId = headerAuthorEntity.getLoginUserId();
            String loginOrgId = headerAuthorEntity.getLoginOrgId();
            IUser userCache = LoginUserCacheHelper.getUserCache(loginUserId, loginOrgId);
            if (userCache == null) {
                userCache = StringUtil.isNotEmpty(loginOrgId) ? OrgEngineFactory.getOrgEngine().getUserService().getUserByIdOrgId(loginUserId, loginOrgId) : OrgEngineFactory.getOrgEngine().getUserService().getUserById(loginUserId);
                if (userCache == null) {
                    sb.append(loginUserId + "：鉴权用户不存在");
                    return false;
                }
                LoginUserCacheHelper.setUserCache(userCache);
            }
            if (DebugUtil.isDebug) {
                DebugUtil.addHereCostTime("获取用户信息信息", TimeUtil.getMillSecondDiff(DateUtil.getCurrentDate(), currentDate), httpServletRequest);
            }
            httpServletRequest.setAttribute("user", userCache);
        }
        if (certification && intValue != -1 && Boolean.valueOf(sb2.toString()).booleanValue() && StringUtil.isNotEmpty(str)) {
            insertOrUpdateCacheToken(tokenKeyPreFix + str, headerAuthorEntity.getToken());
        }
        return certification;
    }

    public static boolean insertOrUpdateCacheToken(String str, String str2) {
        String format = StringUtil.format("{0},{1}", str2, DateUtil.formatDateTime(new Date(JWTUtil.getExpiresAt(str2).getTime() + (AppConfig.getIntApp("renewAuthorMaxAge").intValue() * 60 * 1000))));
        if (tokenCache.containKey(str)) {
            tokenCache.remove(str);
        }
        if (DebugUtil.isDebug) {
        }
        tokenCache.add(str, format);
        return true;
    }

    public static String refreshToken(String str, int i, int i2, StringBuilder sb) {
        MemoryCache<Object> cacheManagePool = CacheManagePool.getInstance(CacheManagePool.tokensCache);
        String str2 = tokenKeyPreFix + str;
        if (!JWTUtil.getIsExpired(str)) {
            if (!cacheManagePool.containKey(str2)) {
                sb.append("true");
            }
            return str;
        }
        if (!cacheManagePool.containKey(str2)) {
            sb.append("true");
            return str;
        }
        String[] split = cacheManagePool.getByKey(str2).toString().split(",");
        String str3 = split[0];
        if (DateUtil.getSecondDiff(DateUtil.convertToDateTime(split[1]), DateUtil.getCurrentDate()) <= 0) {
            cacheManagePool.remove(str2);
        } else if (JWTUtil.getIsExpired(str3)) {
            AuthorEntity authorEntity = (AuthorEntity) JsonHelper.jsonToObject(JWTUtil.getAuthorJson(str), AuthorEntity.class);
            String createJWTToken = createJWTToken(authorEntity.getTenantId(), authorEntity.getLoginUserId(), authorEntity.getLoginOrgId(), authorEntity.getCorpId());
            str = createJWTToken;
            insertOrUpdateCacheToken(str2, createJWTToken);
        } else {
            str = str3;
        }
        return str;
    }

    public static AuthorEntity getHeaderAuthorEntity(HttpServletRequest httpServletRequest) {
        return getHeaderAuthorEntity(getHeaderToken(httpServletRequest));
    }

    public static String getHeaderToken(HttpServletRequest httpServletRequest) {
        String header = httpServletRequest.getHeader(AppConfig.getApp("f2bpmTokenKey"));
        if (StringUtil.isNotEmpty(header) && AppConfig.getIsOnlyOnePlaceLogin() && header.startsWith(CachePrefixEnum.OnePlaceLogin_.toString())) {
            header = header.replace(CachePrefixEnum.OnePlaceLogin_.toString(), "");
        }
        return header;
    }

    public static AuthorEntity getHeaderAuthorEntity(String str) {
        try {
            String authorJson = JWTUtil.getAuthorJson(str);
            if (!StringUtil.isNotEmpty(authorJson)) {
                return null;
            }
            AuthorEntity authorEntity = (AuthorEntity) JsonHelper.jsonToObject(authorJson, AuthorEntity.class);
            authorEntity.setToken(str);
            if (!TenantUtil.getIsMultiTenant() && StringUtil.isEmpty(authorEntity.getTenantId())) {
                authorEntity.setTenantId("BPM");
            }
            return authorEntity;
        } catch (Exception e) {
            System.err.println("error:解析出错F2bpmAuthor:" + e.toString());
            LogUtil.writeLog("error:解析出错F2bpmAuthor:" + e.toString(), (Class<?>) SecurityOAuth.class);
            return null;
        }
    }

    public static boolean certification(AuthorEntity authorEntity, StringBuilder sb) {
        if (authorEntity == null) {
            return false;
        }
        String token = authorEntity.getToken();
        if (StringUtil.isNullOrEmpty(token)) {
            sb.append("无JWToken，请重新登录");
            return false;
        }
        if (!JWTUtil.verifyToken(token.replace(CachePrefixEnum.OnePlaceLogin_.toString(), ""))) {
            sb.append("JWToken无效！");
            return false;
        }
        if (!certificationAuthor(authorEntity.getCorpId(), authorEntity.getLoginUserId(), authorEntity.getTimeStamp(), authorEntity.getNonce(), authorEntity.getSignature(), sb)) {
            return false;
        }
        if (!TenantUtil.getIsMultiTenant() || !StringUtil.isEmpty(authorEntity.getTenantId())) {
            return true;
        }
        sb.append("缺少租户ID参数");
        return false;
    }

    private static boolean certificationAuthor(String str, String str2, String str3, String str4, String str5, StringBuilder sb) {
        return certificationAuthor(null, str, str2, str3, str4, str5, sb);
    }

    private static boolean certificationAuthor(String str, String str2, String str3, String str4, String str5, String str6, StringBuilder sb) {
        if (DebugUtil.isDebug) {
            DebugUtil.addHereCostTime("AppSystemConfig check brfore", RequestContext.getHttpServletRequest());
        }
        AppSystemConfig cacheModelByCorpId = AppSystemConfigUtil.getCacheModelByCorpId(str2);
        if (cacheModelByCorpId == null) {
            sb.append(StringUtil.format("认证失败,找不到对应的corpId：{0}", str2));
            LogUtil.writeLogToTxtInfo(sb.toString());
            return false;
        }
        if (cacheModelByCorpId.getIsEnable() == 0) {
            sb.append(StringUtil.format("接入的应用系统“{0}”已禁用", cacheModelByCorpId.getCorpName()));
            LogUtil.writeLogToTxtInfo(sb.toString());
            return false;
        }
        if (DebugUtil.isDebug) {
            DebugUtil.addHereCostTime("AppSystemConfig check", RequestContext.getHttpServletRequest());
        }
        if (checkSignature(str2, str3, str4, str5, str6)) {
            return true;
        }
        sb.append(StringUtil.format("autho签名认证失败,corpId:{0}", str2));
        LogUtil.writeLogToTxtInfo(sb.toString());
        return false;
    }

    public static String createJWTToken(String str, String str2, String str3, String str4) {
        long currentTimeMillis = System.currentTimeMillis() + (AppConfig.getIntApp("authorMaxAge").intValue() == -1 ? 1471228928L : r0 * 60 * 1000);
        return JWTUtil.createToken(Long.valueOf(currentTimeMillis), createAuthorJson(str, str2, str3, str4, currentTimeMillis).toString());
    }

    public static JSONObject createAuthorJson(String str, String str2, String str3, String str4, long j) {
        JSONObject jSONObject = new JSONObject();
        jSONObject.put("loginOrgId", (Object) str3);
        jSONObject.put(IdentifyConstants.TENANT_ID, (Object) str);
        jSONObject.put("corpId", (Object) str4);
        jSONObject.put("loginUserId", (Object) str2);
        String valueOf = String.valueOf(j);
        jSONObject.put("timeStamp", (Object) valueOf);
        jSONObject.put("nonce", (Object) StringUtil.getRandom(1000, 10000));
        try {
            jSONObject.put("signature", (Object) buildSignature(str4, str2, valueOf, jSONObject.getString("nonce")));
            return jSONObject;
        } catch (Exception e) {
            e.printStackTrace();
            return null;
        }
    }

    private static boolean validateTimestamp(Long l) {
        try {
            return TimeUtil.getMillSecondDiff(new Date(l.longValue()), new Date()) > 0;
        } catch (Exception e) {
            LogUtil.writeDebugLog("Author已过期：" + e.toString());
            return false;
        }
    }

    private static boolean checkSignature(String str, String str2, String str3, String str4, String str5) {
        try {
            if (!validateTimestamp(Long.valueOf(str3))) {
                LogUtil.writeLogToTxtInfo("author鉴权凭证已过期：" + str3);
                return false;
            }
            if (DebugUtil.isDebug) {
                DebugUtil.addHereCostTime("validateTimestamp", RequestContext.getHttpServletRequest());
            }
            String buildSignature = buildSignature(str, str2, str3, str4);
            if (str5.equalsIgnoreCase(buildSignature)) {
                return true;
            }
            LogUtil.writeLogToTxtInfo("corpId：" + str);
            LogUtil.writeLogToTxtInfo("loginUserId：" + str2);
            LogUtil.writeLogToTxtInfo("timestamp：" + str3);
            LogUtil.writeLogToTxtInfo("nonce：" + str4);
            LogUtil.writeLogToTxtInfo("签名不正确，认证失败，服务器：" + buildSignature);
            LogUtil.writeLogToTxtInfo("签名不正确，认证失败，客户端：" + str5);
            return false;
        } catch (Exception e) {
            LogUtil.writeLogToTxtInfo("签名认证异常失败：" + str5);
            return false;
        }
    }

    private static String buildSignature(String str, String str2, String str3, String str4) throws Exception {
        return Des3Util.des3UrlEncodeAndEncode(StringUtil.format("{0}-{1}-{2}-{3}", str, str2, str3, str4), false).replace("0D%", "");
    }

    public static JSONObject getF2bpmAuthor(String str, String str2, String str3, String str4, String str5, String str6) throws UnsupportedEncodingException {
        JSONObject jSONObject = new JSONObject();
        jSONObject.put(Constants.TOKEN, (Object) createJWTToken(str, str2, str3, str6));
        jSONObject.put("userId", (Object) str2);
        jSONObject.put(IdentifyConstants.TENANT_ID, (Object) str);
        jSONObject.put("realName", (Object) URLEncoder.encode(str4, "UTF-8"));
        jSONObject.put("orgId", (Object) str3);
        jSONObject.put("orgName", (Object) URLEncoder.encode(str5, "UTF-8"));
        jSONObject.put("isMultiTenant", (Object) Boolean.valueOf(TenantUtil.getIsMultiTenant()));
        return jSONObject;
    }
}
