package com.digiwin.dap.middleware.iam.service.login.impl;

import com.digiwin.dap.middle.kms.constants.KeyConstant;
import com.digiwin.dap.middleware.commons.crypto.PwdUtils;
import com.digiwin.dap.middleware.exception.BusinessException;
import com.digiwin.dap.middleware.iam.constant.I18nError;
import com.digiwin.dap.middleware.iam.constant.IamConstants;
import com.digiwin.dap.middleware.iam.domain.login.IdentityType;
import com.digiwin.dap.middleware.iam.domain.login.LoginSource;
import com.digiwin.dap.middleware.iam.domain.login.LoginUser;
import com.digiwin.dap.middleware.iam.entity.Org;
import com.digiwin.dap.middleware.iam.entity.Tenant;
import com.digiwin.dap.middleware.iam.entity.User;
import com.digiwin.dap.middleware.iam.entity.UserInOrg;
import com.digiwin.dap.middleware.iam.entity.UserInTenant;
import com.digiwin.dap.middleware.iam.repository.OrgRepository;
import com.digiwin.dap.middleware.iam.service.login.IdentityService;
import com.digiwin.dap.middleware.iam.service.user.UserCrudService;
import com.digiwin.dap.middleware.iam.service.user.UserInOrgCrudService;
import com.digiwin.dap.middleware.iam.service.user.UserInTenantCrudService;
import com.digiwin.dap.middleware.iam.support.auth.domain.IamAuthoredUser;
import com.digiwin.dap.middleware.iam.support.exception.IncorrectUsernameOrPasswordException;
import com.digiwin.dap.middleware.iam.support.remote.LdapService;
import com.digiwin.dap.middleware.iam.support.remote.digiwinadwsdl.domain.AdExecution;
import org.apache.logging.log4j.util.Strings;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.core.annotation.Order;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;

@Order(3)
@Service("digiwinIdentityService")
/* loaded from: input_file:BOOT-INF/lib/iam-business-4.37.4.0.jar:com/digiwin/dap/middleware/iam/service/login/impl/DigiwinIdentityServiceImpl.class */
public class DigiwinIdentityServiceImpl extends IdentityServiceBase implements IdentityService {
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) DigiwinIdentityServiceImpl.class);

    @Autowired
    private UserCrudService userCrudService;

    @Autowired
    private OrgRepository orgRepository;

    @Autowired
    private UserInOrgCrudService userInOrgCrudService;

    @Autowired
    private UserInTenantCrudService userInTenantCrudService;

    @Autowired
    private PasswordEncoder iamPasswordEncoder;

    @Autowired
    private LdapService ldapService;

    @Override // com.digiwin.dap.middleware.iam.service.login.IdentityService
    @Transactional
    public IamAuthoredUser login(LoginUser loginUser) {
        boolean z;
        String str;
        Tenant tenant;
        try {
            if (Strings.isNotBlank(loginUser.getClientEncryptPublicKey())) {
                loginUser.setPassword(PwdUtils.getPassWord(loginUser.getPasswordHash(), loginUser.getClientEncryptPublicKey(), KeyConstant.BASE64_PRIVATE_KEY));
            }
            z = Strings.isBlank(loginUser.getPassword()) ? false : true;
        } catch (Exception e) {
            z = false;
            logger.error("AD登录解密异常");
        }
        if (!z) {
            User user = loginUser.getUser();
            if (user == null) {
                user = this.userCrudService.queryUserByIdOrEmailOrTelephoneAndType(loginUser.getUserId(), loginUser.getUserId(), loginUser.getUserId(), 0);
                if (user == null) {
                    throw new IncorrectUsernameOrPasswordException(I18nError.PASSWORD_UPDATE_USER_NOT_EXIST);
                }
                loginUser.setUser(user);
            }
            if (!user.getPassword().equals(loginUser.getPasswordHash())) {
                throw new IncorrectUsernameOrPasswordException(I18nError.ERROR_21011);
            }
            Tenant tenant2 = getTenant(loginUser, user);
            if (tenant2 != null && tenant2.getConfirm() == 1) {
                loginUser.setTenant(tenant2);
            }
            loginUser.setIdentityType(IdentityType.token);
            loginUser.setLoginSource(LoginSource.loginServiceDigiwin);
            return this.authoredUserService.generate(loginUser, false, true);
        }
        String userId = loginUser.getUserId();
        if (!userId.contains("@")) {
            str = userId;
        } else {
            if (!userId.toLowerCase().endsWith(IamConstants.DEFAULT_EMAIL)) {
                throw new BusinessException(I18nError.ERROR_21011);
            }
            str = loginUser.getUserId().split("@")[0];
        }
        AdExecution checkAccount = this.ldapService.checkAccount(str, loginUser.getPassword(), this.envProperties.getCountry());
        if (checkAccount.getInfo() == null) {
            throw new IncorrectUsernameOrPasswordException(I18nError.ERROR_21011);
        }
        loginUser.setUserId(checkAccount.getInfo().getMail());
        User user2 = loginUser.getUser();
        if (user2 == null) {
            user2 = this.userCrudService.queryUserByIdOrEmailOrTelephoneAndType(loginUser.getUserId(), loginUser.getUserId(), loginUser.getUserId(), 0);
        }
        boolean z2 = true;
        if (user2 == null) {
            user2 = new User(checkAccount.getInfo());
            user2.setPassword(this.iamPasswordEncoder.encode(loginUser.getPassword()));
            this.userCrudService.create(user2);
            tenant = this.tenantCrudService.findById(IamConstants.DIGIWIN_TENANT_ID);
        } else {
            tenant = getTenant(loginUser, user2);
            z2 = false;
        }
        loginUser.setUser(user2);
        if (tenant != null) {
            if (tenant.getConfirm() == 1) {
                if (this.userInTenantCrudService.findByUnionKey(tenant.getSid(), user2.getSid()) == null) {
                    this.userInTenantCrudService.create(new UserInTenant(user2.getSid(), tenant.getSid()));
                }
                if (Strings.isNotBlank(checkAccount.getInfo().getDept())) {
                    for (Org org2 : this.orgRepository.findByTenantSidAndId(tenant.getSid(), checkAccount.getInfo().getDept())) {
                        if (!this.userInOrgCrudService.existsByUnionKey(Long.valueOf(user2.getSid()), Long.valueOf(org2.getSid()))) {
                            this.userInOrgCrudService.create(new UserInOrg(user2.getSid(), org2.getSid()));
                        }
                    }
                }
                loginUser.setTenant(tenant);
            } else {
                logger.error(String.format("租户%s状态为%s，没有审核", tenant.getId(), Integer.valueOf(tenant.getConfirm())));
            }
        }
        loginUser.setLoginSource(LoginSource.loginServiceDigiwin);
        IamAuthoredUser generate = this.authoredUserService.generate(loginUser, Boolean.valueOf(z2), true);
        generate.setJobCode(checkAccount.getInfo().getjCode());
        generate.setDept(checkAccount.getInfo().getDept());
        return generate;
    }

    @Override // com.digiwin.dap.middleware.iam.service.login.IdentityService
    public boolean support(LoginUser loginUser) {
        return loginUser.getIdentityType() == IdentityType.service && "digiwin".equals(loginUser.getServiceName());
    }
}
