package com.digiwin.dap.middleware.iam.service.login.impl;

import com.digiwin.dap.middle.kms.constants.KeyConstant;
import com.digiwin.dap.middleware.commons.crypto.DigestUtils;
import com.digiwin.dap.middleware.commons.crypto.PwdUtils;
import com.digiwin.dap.middleware.exception.BusinessException;
import com.digiwin.dap.middleware.iam.constant.I18nError;
import com.digiwin.dap.middleware.iam.constant.enums.CloudTypeEnum;
import com.digiwin.dap.middleware.iam.domain.login.IdentityType;
import com.digiwin.dap.middleware.iam.domain.login.LoginSource;
import com.digiwin.dap.middleware.iam.domain.login.LoginUser;
import com.digiwin.dap.middleware.iam.entity.Tenant;
import com.digiwin.dap.middleware.iam.entity.User;
import com.digiwin.dap.middleware.iam.service.login.IdentityService;
import com.digiwin.dap.middleware.iam.service.user.UserCrudService;
import com.digiwin.dap.middleware.iam.support.auth.domain.IamAuthoredUser;
import com.digiwin.dap.middleware.iam.support.exception.IncorrectUsernameOrPasswordException;
import org.apache.logging.log4j.util.Strings;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Primary;
import org.springframework.core.annotation.Order;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.stereotype.Service;
import org.springframework.util.StringUtils;

@Order(1)
@Service("defaultIdentityService")
@Primary
/* loaded from: input_file:WEB-INF/lib/iam-business-4.37.4.0.jar:com/digiwin/dap/middleware/iam/service/login/impl/IdentityServiceImpl.class */
public class IdentityServiceImpl extends IdentityServiceBase implements IdentityService {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) IdentityServiceImpl.class);

    @Autowired
    private UserCrudService userCrudService;

    @Autowired
    private PasswordEncoder iamPasswordEncoder;

    @Override // com.digiwin.dap.middleware.iam.service.login.IdentityService
    public IamAuthoredUser login(LoginUser loginUser) {
        User user = loginUser.getUser();
        if (user == null) {
            user = this.userCrudService.queryUserByIdOrEmailOrTelephoneAndType(loginUser.getUserId(), loginUser.getUserId(), loginUser.getUserId(), 0);
            if (user == null) {
                if (CloudTypeEnum.isCloud(this.envProperties.getCloud())) {
                    throw new BusinessException(I18nError.ERROR_LOGIN_21001, new Object[]{loginUser.getUserId()});
                }
                throw new BusinessException(I18nError.ERROR_GROUND_LOGIN_21001);
            }
            loginUser.setUser(user);
        }
        if (user.isDeleted() || user.isDisabled()) {
            throw new BusinessException(I18nError.ERROR_21004);
        }
        if (!user.isActivated()) {
            throw new BusinessException(I18nError.LOGIN_USER_NOT_ACTIVE);
        }
        if (Strings.isBlank(loginUser.getPassword()) && Strings.isBlank(loginUser.getPasswordHash()) && Strings.isBlank(loginUser.getPasswordHash1())) {
            throw new BadCredentialsException("用户名或者密码不能为空");
        }
        if (Strings.isNotBlank(loginUser.getPasswordHash()) && Strings.isNotBlank(loginUser.getClientEncryptPublicKey())) {
            loginUser.setPassword(PwdUtils.getPassWord(loginUser.getPasswordHash(), loginUser.getClientEncryptPublicKey(), KeyConstant.BASE64_PRIVATE_KEY));
            loginUser.setPasswordHash(this.iamPasswordEncoder.encode(loginUser.getPassword()));
        }
        if (!StringUtils.isEmpty(loginUser.getPassword())) {
            if (Strings.isBlank(loginUser.getPasswordHash())) {
                loginUser.setPasswordHash(this.iamPasswordEncoder.encode(loginUser.getPassword()));
            }
            if (Strings.isBlank(loginUser.getPasswordHash1())) {
                if (user.getSalt() != null) {
                    loginUser.setPassword(loginUser.getPassword() + user.getSalt());
                }
                loginUser.setPasswordHash1(DigestUtils.md5Hex(loginUser.getPassword()));
            }
        }
        if (!user.getPassword().equals(loginUser.getPasswordHash()) && !user.getPassword().equals(loginUser.getPasswordHash1())) {
            log.error(String.format("用户[%s]的PasswordHash[%s],PasswordHash1[%s]与数据库中的password[%s]不匹配！", loginUser.getUserId(), loginUser.getPasswordHash(), loginUser.getPasswordHash1(), user.getPassword()));
            throw new IncorrectUsernameOrPasswordException(I18nError.LOGIN_USERNAME_PASSWORD_ERROR);
        }
        Tenant tenant = getTenant(loginUser, user);
        loginUser.setTenant(tenant);
        this.loginCheckService.checkIP(loginUser.getIdentityType(), tenant, loginUser.getApp());
        loginUser.setLoginSource(LoginSource.get(loginUser.getIdentityType()));
        return this.authoredUserService.generate(loginUser, false, true);
    }

    @Override // com.digiwin.dap.middleware.iam.service.login.IdentityService
    public boolean support(LoginUser loginUser) {
        return IdentityType.general(loginUser.getIdentityType());
    }
}
