package com.digiwin.dap.middleware.iam.service.login.impl;

import com.digiwin.dap.middle.kms.constants.KeyConstant;
import com.digiwin.dap.middleware.commons.crypto.PwdUtils;
import com.digiwin.dap.middleware.exception.BusinessException;
import com.digiwin.dap.middleware.exception.OperateException;
import com.digiwin.dap.middleware.iam.constant.I18nError;
import com.digiwin.dap.middleware.iam.constant.enums.UserTypeEnum;
import com.digiwin.dap.middleware.iam.domain.login.IdentityType;
import com.digiwin.dap.middleware.iam.domain.login.LoginSource;
import com.digiwin.dap.middleware.iam.domain.login.LoginUser;
import com.digiwin.dap.middleware.iam.entity.Tenant;
import com.digiwin.dap.middleware.iam.entity.User;
import com.digiwin.dap.middleware.iam.entity.UserInTenant;
import com.digiwin.dap.middleware.iam.service.login.IdentityService;
import com.digiwin.dap.middleware.iam.service.user.UserCrudService;
import com.digiwin.dap.middleware.iam.service.user.UserInTenantCrudService;
import com.digiwin.dap.middleware.iam.support.auth.domain.IamAuthoredUser;
import com.digiwin.dap.middleware.iam.support.remote.LdapService;
import com.digiwin.dap.middleware.iam.support.remote.RemoteEocService;
import com.digiwin.dap.middleware.iam.support.remote.domain.ad.AdTenantInfoDTO;
import com.digiwin.dap.middleware.iam.support.remote.domain.ad.AdUser;
import com.digiwin.dap.middleware.iam.util.StringUtil;
import java.util.Collections;
import org.apache.logging.log4j.util.Strings;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.core.annotation.Order;
import org.springframework.scheduling.concurrent.ThreadPoolTaskExecutor;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.stereotype.Service;
import org.springframework.util.Assert;
import org.springframework.util.ObjectUtils;

@Order(11)
@Service("adIdentityService")
/* loaded from: input_file:BOOT-INF/lib/iam-business-4.37.4.0.jar:com/digiwin/dap/middleware/iam/service/login/impl/AdIdentityServiceImpl.class */
public class AdIdentityServiceImpl extends IdentityServiceBase implements IdentityService {
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) AdIdentityServiceImpl.class);

    @Autowired
    private UserCrudService userCrudService;

    @Autowired
    private UserInTenantCrudService userInTenantCrudService;

    @Autowired
    private PasswordEncoder iamPasswordEncoder;

    @Autowired
    private LdapService ldapService;

    @Autowired
    private RemoteEocService remoteEocService;

    @Autowired
    private ThreadPoolTaskExecutor dapTaskExecutor;

    @Override // com.digiwin.dap.middleware.iam.service.login.IdentityService
    public IamAuthoredUser login(LoginUser loginUser) {
        boolean z = loginUser.getUser() == null;
        Assert.notNull(loginUser, "loginUser参数为null");
        boolean z2 = true;
        if (!ObjectUtils.isEmpty(loginUser.getPasswordHash())) {
            if (ObjectUtils.isEmpty(loginUser.getClientEncryptPublicKey())) {
                z2 = false;
            } else {
                try {
                    loginUser.setPassword(PwdUtils.getPassWord(loginUser.getPasswordHash(), loginUser.getClientEncryptPublicKey(), KeyConstant.BASE64_PRIVATE_KEY));
                } catch (OperateException e) {
                    z2 = false;
                    logger.error("AD登录解密异常");
                }
            }
        }
        if (ObjectUtils.isEmpty(loginUser.getUserId())) {
            throw new BusinessException(I18nError.LOGIN_USER_ID_NOT_EMPTY);
        }
        if (ObjectUtils.isEmpty(loginUser.getTenantId())) {
            throw new BusinessException(I18nError.ERROR_TENANT_ID_EMPTY);
        }
        String passwordHash = loginUser.getPasswordHash();
        if (!ObjectUtils.isEmpty(loginUser.getPassword())) {
            passwordHash = this.iamPasswordEncoder.encode(loginUser.getPassword());
        }
        if (ObjectUtils.isEmpty(passwordHash)) {
            throw new BusinessException(I18nError.LOGIN_USER_ID_NOT_EMPTY);
        }
        Tenant tenant = loginUser.getTenant();
        if (tenant == null) {
            throw new BusinessException(I18nError.ERROR_21005, new String[]{loginUser.getTenantId()});
        }
        if (!tenant.isAdLogin()) {
            throw new BusinessException(I18nError.IAM_LOGIN_TENANT_AD_LOGIN_DISABLED_ERROR, new Object[]{loginUser.getTenantId()});
        }
        if (!z2) {
            throw new BusinessException(I18nError.IAM_LOGIN_AD_AUTH_FAIL_ERROR);
        }
        AdUser adUser = this.ldapService.getAdUser(loginUser, tenant);
        if (adUser == null) {
            throw new BusinessException(I18nError.ERROR_21011);
        }
        loginUser.setUser(getUser(loginUser, adUser, tenant));
        loginUser.setTenant(tenant);
        loginUser.setLoginSource(LoginSource.loginAd);
        IamAuthoredUser generate = this.authoredUserService.generate(loginUser, false, false);
        if (z && tenant.isEoc()) {
            logger.info("同步租户{}的AD用户 -> EOC员工{}", tenant.getId(), adUser);
            this.dapTaskExecutor.execute(() -> {
                this.remoteEocService.syncAdUser(new AdTenantInfoDTO(StringUtil.getAdCompanyId(null, adUser), Collections.singletonList(adUser), null), generate.getToken());
            });
        }
        return generate;
    }

    private User getUser(LoginUser loginUser, AdUser adUser, Tenant tenant) {
        String format = String.format("%s$%s", loginUser.getTenantId(), loginUser.getUserId());
        User findById = this.userCrudService.findById(format);
        if (findById == null) {
            findById = new User();
            if (Strings.isBlank(loginUser.getPasswordHash())) {
                loginUser.setPasswordHash(this.iamPasswordEncoder.encode(loginUser.getPassword()));
            }
            findById.setName(adUser.getName());
            findById.setNickname(adUser.getDisplayName());
            findById.setTelephone(adUser.getTelephoneNumber() != null ? adUser.getTelephoneNumber() : null);
            findById.setPhone(adUser.getMobile());
            findById.setEmail(adUser.getMail());
            findById.setId(format);
            findById.setPassword(loginUser.getPasswordHash());
            findById.setActivated(true);
            findById.setChanged(true);
            findById.setComeFrom(IdentityType.ad.name());
            findById.setType(Integer.valueOf(UserTypeEnum.INTERNAL.ordinal()));
            findById.setEnterprise(true);
            this.userCrudService.create(findById);
        } else if (!IdentityType.ad.name().equals(findById.getComeFrom())) {
            findById.setComeFrom(IdentityType.ad.name());
            this.userCrudService.update(findById);
        }
        if (this.userInTenantCrudService.findByUnionKey(tenant.getSid(), findById.getSid()) == null) {
            UserInTenant userInTenant = new UserInTenant();
            userInTenant.setUserSid(findById.getSid());
            userInTenant.setTenantSid(tenant.getSid());
            this.userInTenantCrudService.create(userInTenant);
        }
        return findById;
    }

    @Override // com.digiwin.dap.middleware.iam.service.login.IdentityService
    public boolean support(LoginUser loginUser) {
        return loginUser.getIdentityType() == IdentityType.ad;
    }
}
