package com.digiwin.dap.middleware.iam.api;

import com.alibaba.excel.util.CollectionUtils;
import com.digiwin.dap.middle.kms.constants.KeyConstant;
import com.digiwin.dap.middleware.auth.AuthoredUser;
import com.digiwin.dap.middleware.commons.crypto.AES;
import com.digiwin.dap.middleware.domain.StdData;
import com.digiwin.dap.middleware.exception.BusinessException;
import com.digiwin.dap.middleware.iam.constant.I18nError;
import com.digiwin.dap.middleware.iam.constant.IamConstants;
import com.digiwin.dap.middleware.iam.constant.enums.BooleanStrEnum;
import com.digiwin.dap.middleware.iam.domain.tenant.TenantMetadataVO;
import com.digiwin.dap.middleware.iam.domain.tenant.metadata.TenantMetadataCasDTO;
import com.digiwin.dap.middleware.iam.domain.tenant.metadata.TenantMetadataCasVO;
import com.digiwin.dap.middleware.iam.domain.tenant.metadata.TenantMetadataLdapDTO;
import com.digiwin.dap.middleware.iam.domain.tenant.metadata.TenantMetadataLdapVO;
import com.digiwin.dap.middleware.iam.domain.tenant.metadata.TenantMetadataOIDCDTO;
import com.digiwin.dap.middleware.iam.domain.tenant.metadata.TenantMetadataOIDCVO;
import com.digiwin.dap.middleware.iam.domain.tenant.metadata.TenantMetadataSAMLDTO;
import com.digiwin.dap.middleware.iam.domain.tenant.metadata.TenantMetadataSAMLVO;
import com.digiwin.dap.middleware.iam.entity.Tenant;
import com.digiwin.dap.middleware.iam.service.tenant.AutoEOCService;
import com.digiwin.dap.middleware.iam.service.tenant.TenantCrudService;
import com.digiwin.dap.middleware.iam.service.tenant.TenantQueryService;
import com.digiwin.dap.middleware.iam.service.tenantmetadata.TenantMetadataColumnCrudService;
import com.digiwin.dap.middleware.iam.service.tenantmetadata.TenantMetadataCrudService;
import com.digiwin.dap.middleware.iam.service.tenantmetadata.TenantMetadataUpdateService;
import com.digiwin.dap.middleware.iam.service.user.UserInRoleService;
import com.digiwin.dap.middleware.iam.support.remote.LdapService;
import com.digiwin.dap.middleware.iam.support.remote.domain.ad.AdOu;
import com.digiwin.dap.middleware.iam.util.IDPCredentialsUtil;
import com.digiwin.dap.middleware.iam.util.StringUtil;
import com.digiwin.dap.middleware.util.StringUtils;
import com.digiwin.dap.middleware.util.UserUtils;
import io.github.resilience4j.ratelimiter.annotation.RateLimiter;
import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
import java.util.Optional;
import javax.transaction.Transactional;
import javax.validation.Valid;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.util.Assert;
import org.springframework.util.ObjectUtils;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestAttribute;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;

@RequestMapping({"/api/iam/v2/tenant"})
@RestController
/* loaded from: input_file:WEB-INF/classes/com/digiwin/dap/middleware/iam/api/TenantMetadataController.class */
public class TenantMetadataController {
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) TenantMetadataController.class);
    public static final String ADMIN_PASSWORD = "adminPassword";

    @Autowired
    private TenantQueryService tenantQueryService;

    @Autowired
    private TenantCrudService tenantCrudService;

    @Autowired
    private TenantMetadataCrudService tenantMetadataCrudService;

    @Autowired
    private TenantMetadataUpdateService tenantMetadataUpdateService;

    @Autowired
    private AutoEOCService autoEOCService;

    @Autowired
    private TenantMetadataColumnCrudService tenantMetadataColumnCrudService;

    @Autowired
    private LdapService ldapService;

    @Autowired
    private UserInRoleService userInRoleService;

    @PostMapping({"/metadata/language"})
    @Transactional(rollbackOn = {Exception.class})
    public StdData<?> updateTenantMetadata(@RequestAttribute("digi-middleware-auth-user-data") AuthoredUser authoredUser, @RequestBody TenantMetadataVO tenantMetadataVO) {
        try {
            Assert.isTrue(authoredUser.getTenantSid() > 0, IamConstants.ErrorMessage.CANNOT_TENANT_INFO);
            this.tenantMetadataUpdateService.updateTenantMetadataValue(authoredUser.getTenantSid(), tenantMetadataVO.getCatalogId(), tenantMetadataVO.getKey(), tenantMetadataVO.getValue());
            return StdData.ok().build();
        } catch (Exception e) {
            return StdData.of(500, e.getMessage());
        }
    }

    @RateLimiter(name = "/api/iam/v2/tenant/metadata/language")
    @GetMapping({"/metadata/language"})
    public StdData<?> getTenantMetadata(@RequestAttribute("digi-middleware-auth-user-data") AuthoredUser authoredUser) {
        try {
            Assert.isTrue(authoredUser.getTenantSid() > 0, IamConstants.ErrorMessage.CANNOT_TENANT_INFO);
            return StdData.ok(this.tenantMetadataCrudService.getTenantMetadataValue(authoredUser.getTenantSid(), "basic", IamConstants.LANGUAGE_TENANT_LANGUAGE));
        } catch (Exception e) {
            logger.error(e.getMessage(), (Throwable) e);
            return StdData.of(500, e.getMessage());
        }
    }

    @GetMapping({"/metadata/corpid"})
    public StdData<?> getTenantMetadataCorpId(@RequestAttribute("digi-middleware-auth-user-data") AuthoredUser authoredUser) {
        try {
            Assert.isTrue(authoredUser.getTenantSid() > 0, IamConstants.ErrorMessage.CANNOT_TENANT_INFO);
            return StdData.ok(this.tenantMetadataCrudService.getTenantMetadataValue(authoredUser.getTenantSid(), IamConstants.METADATA_CONTACT_CATALOG_NAME, "corpId"));
        } catch (Exception e) {
            logger.error(e.getMessage(), (Throwable) e);
            return StdData.of(500, e.getMessage());
        }
    }

    @PostMapping({"/metadata/corpid"})
    public StdData<?> updateTenantMetadataCorpId(@RequestAttribute("digi-middleware-auth-user-data") AuthoredUser authoredUser, @RequestBody TenantMetadataVO tenantMetadataVO) {
        Assert.isTrue(authoredUser.getTenantSid() > 0, IamConstants.ErrorMessage.CANNOT_TENANT_INFO);
        this.tenantMetadataUpdateService.updateTenantMetadataCorpId(authoredUser.getTenantSid(), tenantMetadataVO.getCatalogId(), tenantMetadataVO.getKey(), tenantMetadataVO.getValue());
        return StdData.ok().build();
    }

    @PostMapping({"/metadata/corpid/cbm"})
    public StdData<?> updateTenantMetadataCorpId4Cbm(@RequestAttribute("digi-middleware-auth-user-data") AuthoredUser authoredUser, @RequestBody TenantMetadataVO tenantMetadataVO) {
        Assert.isTrue(authoredUser.getTenantSid() > 0, IamConstants.ErrorMessage.CANNOT_TENANT_INFO);
        this.tenantMetadataUpdateService.updateTenantMetadataCorpId4CBM(authoredUser.getTenantSid(), tenantMetadataVO.getCatalogId(), tenantMetadataVO.getKey(), tenantMetadataVO.getValue());
        return StdData.ok().build();
    }

    @GetMapping({"/metadata/corpid/appconfig/exist"})
    public StdData<?> getTenantCorpIdAndAppConfig(@RequestAttribute("digi-middleware-auth-user-data") AuthoredUser authoredUser, @RequestParam(name = "tenantId", required = false) String str) {
        try {
            Assert.isTrue(authoredUser.getTenantSid() > 0, IamConstants.ErrorMessage.CANNOT_TENANT_INFO);
            long tenantSid = authoredUser.getTenantSid();
            if (ObjectUtils.isEmpty(str) || str.equalsIgnoreCase(authoredUser.getTenantId())) {
                return StdData.ok(this.tenantQueryService.getTenantCorpIdAndAppConfig(tenantSid));
            }
            throw new BusinessException(I18nError.IAM_TENANT_PERMISSION_ERROR);
        } catch (Exception e) {
            logger.error(e.getMessage(), (Throwable) e);
            return StdData.of(500, e.getMessage());
        }
    }

    @GetMapping({"/metadata/corpid/appconfig/exist/cbm"})
    public StdData<?> getTenantCorpIdAndAppConfig4CBM(@RequestParam(name = "tenantId", required = false) String str) {
        Tenant findById;
        long tenantSid = UserUtils.getTenantSid();
        if (StringUtils.hasLength(str) && null != (findById = this.tenantCrudService.findById(str))) {
            tenantSid = findById.getSid();
        }
        return StdData.ok(this.tenantQueryService.getTenantCorpIdAndAppConfig4CBM(tenantSid));
    }

    @PostMapping({"/metadata/span"})
    public StdData<?> updateTenantSpan(@RequestBody TenantMetadataVO tenantMetadataVO, @RequestAttribute("digi-middleware-auth-user-data") AuthoredUser authoredUser) {
        Assert.isTrue(authoredUser.getTenantSid() > 0, IamConstants.ErrorMessage.CANNOT_TENANT_INFO);
        this.tenantMetadataUpdateService.updateTenantPasswordSpan(authoredUser.getTenantSid(), tenantMetadataVO.getValue());
        return StdData.ok().build();
    }

    @PostMapping({"/metadata/attempts"})
    public StdData<?> updateTenantAttempts(@RequestBody TenantMetadataVO tenantMetadataVO, @RequestAttribute("digi-middleware-auth-user-data") AuthoredUser authoredUser) {
        this.tenantMetadataUpdateService.updateTenantAttempts(authoredUser.getTenantSid(), tenantMetadataVO.getValue());
        return StdData.ok().build();
    }

    @PostMapping({"/metadata/eoc"})
    public StdData<?> updateTenantEocEntrance(@RequestBody TenantMetadataVO tenantMetadataVO, @RequestAttribute("digi-middleware-auth-user-data") AuthoredUser authoredUser) {
        this.tenantMetadataUpdateService.updateTenantEocEntrance(authoredUser.getTenantSid(), tenantMetadataVO.getValue());
        Optional.ofNullable(tenantMetadataVO.getAutoEOC()).ifPresent(str -> {
            this.tenantMetadataUpdateService.updateTenantAutoEOC(authoredUser.getTenantSid(), str);
        });
        this.autoEOCService.autoEocInit(UserUtils.getTenantSid());
        return StdData.ok().build();
    }

    @PostMapping({"/metadata/data/column/default/save"})
    public StdData<?> initMetadataLdap() {
        this.tenantMetadataColumnCrudService.saveDefaultAll();
        return StdData.ok().build();
    }

    @GetMapping({"/metadata/data/catalogid/ldap"})
    public StdData<?> getTenantMetadataLdap(@RequestAttribute("digi-middleware-auth-user-data") AuthoredUser authoredUser) {
        return StdData.ok(new TenantMetadataLdapVO(this.tenantMetadataCrudService.getTenantMetadataValue(authoredUser.getTenantSid(), IamConstants.TENANT_METADATA_CATALOG_ID_LDAP, IamConstants.LDAP_KEY_LIST)));
    }

    @PostMapping({"/metadata/data/catalogid/ldap/save"})
    public StdData<?> updateTenantMetadataLdap(@Valid @RequestBody TenantMetadataLdapDTO tenantMetadataLdapDTO, @RequestAttribute("digi-middleware-auth-user-data") AuthoredUser authoredUser) {
        Assert.hasText(tenantMetadataLdapDTO.getAdminPassword(), "管理员密码不能为空");
        try {
            AES.decrypt(tenantMetadataLdapDTO.getAdminPassword(), KeyConstant.WECHAT_UNION_ID);
            if (!this.userInRoleService.checkSuperAdmin(Long.valueOf(authoredUser.getTenantSid()), Long.valueOf(authoredUser.getSid()))) {
                throw new BusinessException(I18nError.IAM_USER_NOT_SUPER_ADMIN);
            }
            this.tenantMetadataUpdateService.updateTenantMetadataValueList(authoredUser.getTenantSid(), tenantMetadataLdapDTO.getTenantMetadataVOList());
            return StdData.ok().build();
        } catch (Exception e) {
            throw new BusinessException(I18nError.PASSWORD_DECRYPT_ERROR);
        }
    }

    @PostMapping({"/metadata/data/catalogid/ldap/test"})
    public StdData<?> testTenantMetadataLdap(@Valid @RequestBody TenantMetadataLdapDTO tenantMetadataLdapDTO, @RequestAttribute("digi-middleware-auth-user-data") AuthoredUser authoredUser) {
        if (ObjectUtils.isEmpty(tenantMetadataLdapDTO.getAdminPassword())) {
            String tenantMetadataValue = this.tenantMetadataCrudService.getTenantMetadataValue(authoredUser.getTenantSid(), IamConstants.TENANT_METADATA_CATALOG_ID_LDAP, "adminPassword");
            if (ObjectUtils.isEmpty(tenantMetadataValue)) {
                Assert.hasText(tenantMetadataValue, "管理员密码不能为空");
            }
            tenantMetadataLdapDTO.setAdminPassword(tenantMetadataValue);
        }
        try {
            String decrypt = AES.decrypt(tenantMetadataLdapDTO.getAdminPassword(), KeyConstant.WECHAT_UNION_ID);
            boolean equals = BooleanStrEnum.TRUE.getValue().equals(tenantMetadataLdapDTO.getSslEnabled());
            if (this.ldapService.connect(tenantMetadataLdapDTO.getUrl(), tenantMetadataLdapDTO.getAdminAccount(), decrypt, equals) == null) {
                return StdData.of(500, (equals ? "SSL " : "") + I18nError.IAM_LOGIN_AD_TEST_AUTH_ERROR.getErrorMessage());
            }
            TenantMetadataLdapVO tenantMetadataLdapVO = new TenantMetadataLdapVO();
            tenantMetadataLdapVO.setUserLoginAttr(tenantMetadataLdapDTO.getUserLoginAttr());
            tenantMetadataLdapVO.setUserNameAttr(tenantMetadataLdapDTO.getUserNameAttr());
            tenantMetadataLdapVO.setUserFilter(tenantMetadataLdapDTO.getUserFilter());
            tenantMetadataLdapVO.setOuFilter(tenantMetadataLdapDTO.getOuFilter());
            tenantMetadataLdapVO.setOuUniqueIdAttr(tenantMetadataLdapDTO.getOuUniqueIdAttr());
            Collection arrayList = new ArrayList();
            try {
                arrayList = this.ldapService.listAdUser(tenantMetadataLdapDTO.getUrl(), tenantMetadataLdapDTO.getAdminAccount(), decrypt, equals, tenantMetadataLdapDTO.getBaseDn(), tenantMetadataLdapVO);
            } catch (Exception e) {
                logger.error("测试AD用户查询失败", (Throwable) e);
            }
            if (CollectionUtils.isEmpty((Collection<?>) arrayList)) {
                return StdData.of(500, I18nError.IAM_LOGIN_AD_USER_TEST_SEARCH_ERROR.getErrorMessage());
            }
            if (BooleanStrEnum.TRUE.getValue().equals(tenantMetadataLdapDTO.getScheduledSyncOuEnabled())) {
                List<AdOu> list = null;
                try {
                    list = this.ldapService.listAdOu(tenantMetadataLdapDTO.getUrl(), tenantMetadataLdapDTO.getAdminAccount(), decrypt, equals, tenantMetadataLdapDTO.getBaseDn(), tenantMetadataLdapVO);
                } catch (Exception e2) {
                    logger.error("测试AD组织查询失败", (Throwable) e2);
                }
                if (CollectionUtils.isEmpty(list)) {
                    return StdData.of(500, I18nError.IAM_LOGIN_AD_OU_TEST_SEARCH_ERROR.getErrorMessage());
                }
            }
            return StdData.ok(true);
        } catch (Exception e3) {
            throw new BusinessException(I18nError.PASSWORD_DECRYPT_ERROR);
        }
    }

    @GetMapping({"/metadata/data/catalogid/saml"})
    public StdData<?> getTenantMetadataSAML(@RequestAttribute("digi-middleware-auth-user-data") AuthoredUser authoredUser) {
        return StdData.ok(new TenantMetadataSAMLVO(this.tenantMetadataCrudService.getTenantMetadataValue(authoredUser.getTenantSid(), IamConstants.TENANT_METADATA_CATALOG_ID_SAML, IamConstants.SAML_KEY_LIST)));
    }

    @PostMapping({"/metadata/data/catalogid/saml/save"})
    public StdData<?> updateTenantMetadataSAML(@Valid @RequestBody TenantMetadataSAMLDTO tenantMetadataSAMLDTO, @RequestAttribute("digi-middleware-auth-user-data") AuthoredUser authoredUser) {
        if (!this.userInRoleService.checkSuperAdmin(Long.valueOf(authoredUser.getTenantSid()), Long.valueOf(authoredUser.getSid()))) {
            throw new BusinessException(I18nError.IAM_USER_NOT_SUPER_ADMIN);
        }
        tenantMetadataSAMLDTO.setCredentials(IDPCredentialsUtil.removeCertificateBeginEndLines(tenantMetadataSAMLDTO.getCredentials()));
        try {
            IDPCredentialsUtil.getBasicX509CredentialFromString(tenantMetadataSAMLDTO.getCredentials());
            this.tenantMetadataUpdateService.updateTenantMetadataValueList(authoredUser.getTenantSid(), tenantMetadataSAMLDTO.getTenantMetadataVOList());
            return StdData.ok().build();
        } catch (Exception e) {
            throw new BusinessException(I18nError.IAM_SAML_IDP_CREDENTIALS_ERROR);
        }
    }

    @GetMapping({"/metadata/data/catalogid/oidc"})
    public StdData<?> getTenantMetadataOidc(@RequestAttribute("digi-middleware-auth-user-data") AuthoredUser authoredUser) {
        return StdData.ok(new TenantMetadataOIDCVO(this.tenantMetadataCrudService.getTenantMetadataValue(authoredUser.getTenantSid(), IamConstants.TENANT_METADATA_CATALOG_ID_OIDC, IamConstants.OIDC_KEY_LIST)));
    }

    @PostMapping({"/metadata/data/catalogid/oidc/save"})
    public StdData<?> updateTenantMetadataOidc(@Valid @RequestBody TenantMetadataOIDCDTO tenantMetadataOIDCDTO, @RequestAttribute("digi-middleware-auth-user-data") AuthoredUser authoredUser) {
        if (!this.userInRoleService.checkSuperAdmin(Long.valueOf(authoredUser.getTenantSid()), Long.valueOf(authoredUser.getSid()))) {
            throw new BusinessException(I18nError.IAM_USER_NOT_SUPER_ADMIN);
        }
        this.tenantMetadataUpdateService.updateTenantMetadataValueList(authoredUser.getTenantSid(), tenantMetadataOIDCDTO.getTenantMetadataVOList());
        return StdData.ok().build();
    }

    @GetMapping({"/metadata/data/catalogid/cas"})
    public StdData<?> getTenantMetadataCas(@RequestAttribute("digi-middleware-auth-user-data") AuthoredUser authoredUser) {
        return StdData.ok(new TenantMetadataCasVO(this.tenantMetadataCrudService.getTenantMetadataValue(authoredUser.getTenantSid(), IamConstants.TENANT_METADATA_CATALOG_ID_CAS, IamConstants.CAS_KEY_LIST)));
    }

    @PostMapping({"/metadata/data/catalogid/cas/save"})
    public StdData<?> updateTenantMetadataCas(@Valid @RequestBody TenantMetadataCasDTO tenantMetadataCasDTO, @RequestAttribute("digi-middleware-auth-user-data") AuthoredUser authoredUser) {
        if (!StringUtil.checkUrl(tenantMetadataCasDTO.getSsoUrl())) {
            throw new BusinessException(I18nError.URL_ILLEGAL, new Object[]{tenantMetadataCasDTO.getSsoUrl()});
        }
        if (!StringUtil.checkUrl(tenantMetadataCasDTO.getValidateUrl())) {
            throw new BusinessException(I18nError.URL_ILLEGAL, new Object[]{tenantMetadataCasDTO.getValidateUrl()});
        }
        if (StringUtils.hasText(tenantMetadataCasDTO.getLogoutUrl()) && !StringUtil.checkUrl(tenantMetadataCasDTO.getLogoutUrl())) {
            throw new BusinessException(I18nError.URL_ILLEGAL, new Object[]{tenantMetadataCasDTO.getLogoutUrl()});
        }
        if (!this.userInRoleService.checkSuperAdmin(Long.valueOf(authoredUser.getTenantSid()), Long.valueOf(authoredUser.getSid()))) {
            throw new BusinessException(I18nError.IAM_USER_NOT_SUPER_ADMIN);
        }
        this.tenantMetadataUpdateService.updateTenantMetadataValueList(authoredUser.getTenantSid(), tenantMetadataCasDTO.getTenantMetadataVOList());
        return StdData.ok().build();
    }

    @GetMapping({"/metadata/corpid/from"})
    public StdData<?> getTenantCorpIdMetadata(@RequestParam String str, @RequestAttribute("digi-middleware-auth-user-data") AuthoredUser authoredUser) {
        return StdData.ok(this.tenantMetadataCrudService.getTenantMetadataValue(authoredUser.getTenantSid(), "corpId", str));
    }

    @GetMapping({"/metadata/swap/id"})
    public StdData<?> getTenantMetadataCas(@RequestParam String str, @RequestParam String str2) {
        return StdData.ok(this.tenantMetadataCrudService.getTenantIdFromCorpId(str, str2));
    }
}
