package com.digiwin.dap.middleware.iam.service.login.impl;

import com.alibaba.nacos.shaded.com.google.common.collect.Lists;
import com.digiwin.dap.middle.kms.constants.KeyConstant;
import com.digiwin.dap.middleware.auth.AppAuthContextHolder;
import com.digiwin.dap.middleware.auth.AuthoredDevice;
import com.digiwin.dap.middleware.auth.AuthoredSys;
import com.digiwin.dap.middleware.auth.AuthoredUser;
import com.digiwin.dap.middleware.auth.domain.AuthResult;
import com.digiwin.dap.middleware.auth.domain.AuthType;
import com.digiwin.dap.middleware.cache.RedisUtils;
import com.digiwin.dap.middleware.commons.core.codec.Base64;
import com.digiwin.dap.middleware.commons.crypto.PwdUtils;
import com.digiwin.dap.middleware.domain.CommonErrorCode;
import com.digiwin.dap.middleware.exception.BusinessException;
import com.digiwin.dap.middleware.exception.UnauthorizedException;
import com.digiwin.dap.middleware.iam.constant.I18nError;
import com.digiwin.dap.middleware.iam.constant.IamConstants;
import com.digiwin.dap.middleware.iam.constant.RedisConstants;
import com.digiwin.dap.middleware.iam.domain.EnvProperties;
import com.digiwin.dap.middleware.iam.domain.login.IdentityType;
import com.digiwin.dap.middleware.iam.domain.login.LoginSource;
import com.digiwin.dap.middleware.iam.domain.login.LoginUser;
import com.digiwin.dap.middleware.iam.domain.oauth.OauthScopeApiVO;
import com.digiwin.dap.middleware.iam.domain.tenant.TenantRelevantInfoVO;
import com.digiwin.dap.middleware.iam.domain.token.GrantTypeInfo;
import com.digiwin.dap.middleware.iam.domain.user.UserAndTenantSimpleInfo;
import com.digiwin.dap.middleware.iam.domain.user.UserMetadataVO;
import com.digiwin.dap.middleware.iam.entity.Sys;
import com.digiwin.dap.middleware.iam.entity.SysInTenant;
import com.digiwin.dap.middleware.iam.entity.Tenant;
import com.digiwin.dap.middleware.iam.entity.User;
import com.digiwin.dap.middleware.iam.entity.UserInTenant;
import com.digiwin.dap.middleware.iam.mapper.UserInTenantMapper;
import com.digiwin.dap.middleware.iam.mapper.UserMappingMapper;
import com.digiwin.dap.middleware.iam.service.WhiteListService;
import com.digiwin.dap.middleware.iam.service.login.AuthoredUserService;
import com.digiwin.dap.middleware.iam.service.tenant.TenantCrudService;
import com.digiwin.dap.middleware.iam.service.user.UserCrudService;
import com.digiwin.dap.middleware.iam.service.user.UserInRoleQueryService;
import com.digiwin.dap.middleware.iam.service.user.UserInTenantCrudService;
import com.digiwin.dap.middleware.iam.support.auth.RamService;
import com.digiwin.dap.middleware.iam.support.auth.domain.IamAuthoredUser;
import com.digiwin.dap.middleware.iam.support.cache.CommonCacheService;
import com.digiwin.dap.middleware.iam.support.remote.LdapConstants;
import com.digiwin.dap.middleware.iam.support.validate.LoginCheckService;
import com.digiwin.dap.middleware.util.JsonUtils;
import com.digiwin.dap.middleware.util.UserUtils;
import com.fasterxml.jackson.databind.ObjectMapper;
import eu.bitwalker.useragentutils.DeviceType;
import java.time.Duration;
import java.time.LocalDateTime;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.UUID;
import java.util.stream.Collectors;
import javax.servlet.http.HttpServletRequest;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Primary;
import org.springframework.stereotype.Service;
import org.springframework.util.Assert;
import org.springframework.util.CollectionUtils;
import org.springframework.util.ObjectUtils;
import org.springframework.util.StringUtils;

@Primary
@Service
/* loaded from: input_file:com/digiwin/dap/middleware/iam/service/login/impl/AuthoredLoginUserServiceImpl.class */
public class AuthoredLoginUserServiceImpl implements AuthoredUserService {
    private static final Logger logger = LoggerFactory.getLogger(AuthoredLoginUserServiceImpl.class);
    private static ObjectMapper objectMapper = JsonUtils.createObjectMapper();

    @Autowired
    private EnvProperties envProperties;

    @Autowired
    private CommonCacheService commonCacheService;

    @Autowired
    private UserInTenantCrudService userInTenantCrudService;

    @Autowired
    private UserCrudService userCrudService;

    @Autowired
    private TenantCrudService tenantCrudService;

    @Autowired
    private AuthoredUserService authoredUserService;

    @Autowired(required = false)
    private RamService ramService;

    @Autowired
    private UserInRoleQueryService userInRoleQueryService;

    @Autowired
    private WhiteListService whiteListService;

    @Autowired
    private UserMappingMapper userMappingMapper;

    @Autowired
    private LoginCheckService loginCheckService;

    @Autowired
    private UserInTenantMapper userInTenantMapper;

    @Override // com.digiwin.dap.middleware.iam.service.login.AuthoredUserService
    public IamAuthoredUser generate(LoginUser loginUser, Boolean bool, Boolean bool2) {
        return generate(loginUser, bool, bool2, getTokenExpire(loginUser));
    }

    @Override // com.digiwin.dap.middleware.iam.service.login.AuthoredUserService
    public IamAuthoredUser generate(LoginUser loginUser, Boolean bool, Boolean bool2, long j) {
        loginUser.afterPropertiesSet();
        if (bool.booleanValue()) {
            checkCanUseApp(AuthResult.of(), loginUser.getTenantId(), loginUser.getUserId(), loginUser.getApp());
        }
        IamAuthoredUser iamAuthoredUser = null;
        String str = null;
        String uniqueKey = loginUser.uniqueKey();
        String str2 = (String) RedisUtils.get(uniqueKey, String.class);
        if (str2 != null) {
            str = LoginUser.tokenKey(str2);
            iamAuthoredUser = (IamAuthoredUser) RedisUtils.get(str, IamAuthoredUser.class);
        }
        if (iamAuthoredUser != null) {
            if (loginUser.getUserSid() != iamAuthoredUser.getSid() || loginUser.getTenantSid() != iamAuthoredUser.getTenantSid()) {
                iamAuthoredUser.setSid(loginUser.getUserSid());
                iamAuthoredUser.setTenantSid(loginUser.getTenantSid());
                RedisUtils.set(str, iamAuthoredUser);
            }
            if (!uniqueKey.equals(LoginUser.uniqueKey(iamAuthoredUser.getUserId(), iamAuthoredUser.getTenantId(), iamAuthoredUser.getAppId(), iamAuthoredUser.getDeviceType(), loginUser.getIdentityType(), loginUser.getAgentUserId(), iamAuthoredUser.getDevice(), loginUser.getSysMultiLogin())) || !str2.equals(iamAuthoredUser.getToken())) {
                logger.warn("用户缓存信息不一致，loginKey:{}, tokenKey:{}", uniqueKey, str);
                RedisUtils.set(str.replace("token", "exception"), iamAuthoredUser);
                iamAuthoredUser = generate(loginUser, uniqueKey, str, j);
            }
            if ((loginUser.getSysMultiLogin().booleanValue() || loginUser.getDeviceType() != iamAuthoredUser.getDeviceType() || IdentityType.secretKey == loginUser.getIdentityType() || Arrays.asList(this.envProperties.getKickedAllowUsers().split(",")).contains(loginUser.getUserId())) ? false : true) {
                iamAuthoredUser.setKickedTime(LocalDateTime.now());
                iamAuthoredUser.setKicked(true);
                RedisUtils.delete(uniqueKey);
                RedisUtils.set(str, iamAuthoredUser, Duration.ofDays(1L));
                iamAuthoredUser = null;
            }
        }
        if (iamAuthoredUser == null) {
            str = LoginUser.tokenKey(UUID.randomUUID().toString());
            iamAuthoredUser = generate(loginUser, uniqueKey, str, j);
        } else {
            resetAuthoredUser(iamAuthoredUser);
        }
        if (bool2.booleanValue() && loginUser.getSysDoubleCheck().booleanValue() && loginUser.doubleCheckEnabledByTenantAndUser() && !RedisUtils.hasKey(loginUser.verificationSuccessKey())) {
            String verificationTokenKey = LoginUser.verificationTokenKey(iamAuthoredUser.getToken());
            iamAuthoredUser.setNeedVerificationCode(true);
            iamAuthoredUser.setUserToken(iamAuthoredUser.getToken());
            iamAuthoredUser.setIdentityCodeAcceptType(loginUser.decideIdentityCodeAcceptType());
            iamAuthoredUser.setSetBy(loginUser.decideDoubleCheckSetBy());
            RedisUtils.delete(str);
            RedisUtils.set(verificationTokenKey, iamAuthoredUser, Duration.ofDays(1L));
        } else {
            iamAuthoredUser.renewal(str, Long.valueOf(j), null, this.envProperties.getCustomizeTokenExpired().booleanValue());
        }
        resetUserMetadata(iamAuthoredUser);
        iamAuthoredUser.fixData(this.envProperties.getDeployArea());
        return iamAuthoredUser;
    }

    private IamAuthoredUser generate(LoginUser loginUser, String str, String str2, long j) {
        IamAuthoredUser createAuthoredUser = IamAuthoredUser.createAuthoredUser(loginUser.getUser(), loginUser.getTenant());
        createAuthoredUser.setAppId(loginUser.getSysId());
        createAuthoredUser.setShared(loginUser.getSysMultiLogin().booleanValue());
        createAuthoredUser.setDeviceType(loginUser.getDeviceType());
        createAuthoredUser.setIdentityType(loginUser.getIdentityType());
        createAuthoredUser.setTokenExpiresAt(System.currentTimeMillis() + Duration.ofMinutes(j).toMillis());
        createAuthoredUser.setTokenExpiresIn(j * 60 * 1000);
        createAuthoredUser.setToken(str2.replace("iam:token:", IamConstants.EMPTY));
        createAuthoredUser.setLoginInfo(str);
        createAuthoredUser.setLoginSource(loginUser.getLoginSource());
        createAuthoredUser.setDevice(loginUser.getDevice());
        createAuthoredUser.setTokenExpireSysId(loginUser.getTokenExpireSysId());
        if (str.startsWith("iam:login:agent:key:")) {
            createAuthoredUser.setAgentAuthorizationCode(loginUser.getAgentAuthorizationCode());
            createAuthoredUser.setAgentUserId(loginUser.getAgentUserId());
            RedisUtils.set(str2, createAuthoredUser, Duration.ofHours(4L));
            RedisUtils.set(str, createAuthoredUser.getToken(), Duration.ofHours(4L));
            RedisUtils.opsForList().rightPush(LoginUser.agentListKey(createAuthoredUser.getTenantId(), createAuthoredUser.getUserId()), str);
        } else if (IdentityType.crossRegion == loginUser.getIdentityType()) {
            createAuthoredUser.setTokenExpiresIn(Duration.ofDays(1L).toMillis());
            createAuthoredUser.setTokenExpiresAt(System.currentTimeMillis() + Duration.ofDays(1L).toMillis());
            RedisUtils.set(str2, createAuthoredUser, Duration.ofDays(1L));
            RedisUtils.set(str, createAuthoredUser.getToken(), Duration.ofDays(1L));
        } else {
            RedisUtils.set(str2, createAuthoredUser, Duration.ofMinutes(j));
            RedisUtils.set(str, createAuthoredUser.getToken(), Duration.ofMinutes(j));
        }
        return createAuthoredUser;
    }

    @Override // com.digiwin.dap.middleware.iam.service.login.AuthoredUserService
    public void resetAuthoredUser(IamAuthoredUser iamAuthoredUser) {
        User userBySid = this.commonCacheService.getUserBySid(iamAuthoredUser.getSid());
        if (Objects.isNull(userBySid)) {
            throw new BusinessException(I18nError.USER_NOT_EXIST, new Object[]{iamAuthoredUser.getUserId()});
        }
        Tenant tenantBySid = this.commonCacheService.getTenantBySid(iamAuthoredUser.getTenantSid());
        Sys sysById = this.commonCacheService.getSysById(iamAuthoredUser.getAppId());
        iamAuthoredUser.updateUser(userBySid);
        iamAuthoredUser.updateTenant(tenantBySid);
        iamAuthoredUser.updateSys(sysById);
    }

    @Override // com.digiwin.dap.middleware.iam.service.login.AuthoredUserService
    public void resetUserMetadata(IamAuthoredUser iamAuthoredUser) {
        List<UserMetadataVO> metadata = this.commonCacheService.getMetadata(iamAuthoredUser.getTenantSid(), iamAuthoredUser.getSid());
        List<UserMetadataVO> metadata2 = this.commonCacheService.getMetadata(0L, iamAuthoredUser.getSid());
        iamAuthoredUser.setMetadata(metadata);
        iamAuthoredUser.getMetadata().addAll(metadata2);
        iamAuthoredUser.setAcceptLanguage(null);
        Optional<UserMetadataVO> findFirst = metadata.stream().filter(userMetadataVO -> {
            return "basic".equals(userMetadataVO.getCatalogId()) && IamConstants.LANGUAGE_KEY.equals(userMetadataVO.getKey());
        }).findFirst();
        if (findFirst.isPresent()) {
            iamAuthoredUser.setAcceptLanguage(findFirst.get().getValue());
        } else {
            metadata2.stream().filter(userMetadataVO2 -> {
                return "basic".equals(userMetadataVO2.getCatalogId()) && IamConstants.LANGUAGE_KEY.equals(userMetadataVO2.getKey());
            }).findFirst().ifPresent(userMetadataVO3 -> {
                iamAuthoredUser.setAcceptLanguage(userMetadataVO3.getValue());
            });
        }
    }

    @Override // com.digiwin.dap.middleware.iam.service.login.AuthoredUserService
    public IamAuthoredUser getByUserToken(String str) {
        String str2 = LoginUser.tokenKey(str);
        IamAuthoredUser iamAuthoredUser = (IamAuthoredUser) RedisUtils.get(str2, IamAuthoredUser.class);
        if (iamAuthoredUser == null) {
            throw new BusinessException(CommonErrorCode.USER_TOKEN_INVALID, String.format("解析UserToken[%s]为null", str));
        }
        if (iamAuthoredUser.isKicked()) {
            throw new BusinessException(I18nError.LOGIN_KICKED_ERROR, new Object[]{iamAuthoredUser.getKickedTime()});
        }
        checkUserInTenant(iamAuthoredUser.getSid(), iamAuthoredUser.getUserId(), iamAuthoredUser.getTenantSid(), iamAuthoredUser.getTenantId());
        resetAuthoredUser(iamAuthoredUser);
        if (iamAuthoredUser.getTokenExpiresAt() > 0) {
            iamAuthoredUser.setTokenExpiresIn(iamAuthoredUser.getTokenExpiresAt() - System.currentTimeMillis());
        }
        iamAuthoredUser.renewal(str2, null, this::getTokenExpire, this.envProperties.getCustomizeTokenExpired().booleanValue());
        return iamAuthoredUser;
    }

    @Override // com.digiwin.dap.middleware.iam.service.login.AuthoredUserService
    public long getTokenExpire(IamAuthoredUser iamAuthoredUser) {
        long tokenExpire = this.envProperties.getTokenExpire();
        if ("WHALE".equalsIgnoreCase(iamAuthoredUser.getAppId())) {
            iamAuthoredUser.setDeviceType(DeviceType.MOBILE);
        }
        if (this.envProperties.getCustomizeTokenExpired().booleanValue()) {
            if (IamConstants.VIRTUAL.equalsIgnoreCase(iamAuthoredUser.getUserId()) || IamConstants.INTEGRATION.equalsIgnoreCase(iamAuthoredUser.getUserId()) || DeviceType.MOBILE.equals(iamAuthoredUser.getDeviceType()) || IamConstants.ALLOW_LONG_TOKEN_SOURCE.contains(Optional.ofNullable(iamAuthoredUser.getDevice()).map((v0) -> {
                return v0.getSourceType();
            }).orElse(null))) {
                tokenExpire = this.envProperties.getTokenExpire();
            } else {
                tokenExpire = IamConstants.TOKEN_MIN_MINUTES.longValue();
                Sys sysById = this.commonCacheService.getSysById(iamAuthoredUser.getAppId());
                if (Objects.isNull(sysById)) {
                    return IamConstants.TOKEN_MAX_MINUTES.longValue();
                }
                if (sysById.isCustomizeTokenExpired()) {
                    iamAuthoredUser.setTokenExpireSysId(sysById.getId());
                    if (sysById.isAllowTenantAdjustTime()) {
                        SysInTenant sysInTenant = this.commonCacheService.getSysInTenant(sysById.getId(), Long.valueOf(iamAuthoredUser.getTenantSid()));
                        tokenExpire = (Objects.nonNull(sysInTenant) && sysInTenant.isTokenExpireAdjusted()) ? sysInTenant.getTokenExpire() : sysById.getTokenExpire();
                    } else {
                        tokenExpire = sysById.getTokenExpire();
                    }
                } else {
                    Map map = (Map) this.whiteListService.getWhiteList(IamConstants.WHITE_LIST_APPS_TOKEN_EXPIRE).stream().map(str -> {
                        return str.split(IamConstants.COLON);
                    }).filter(strArr -> {
                        return strArr.length == 2;
                    }).collect(Collectors.toMap(strArr2 -> {
                        return strArr2[0].toUpperCase();
                    }, strArr3 -> {
                        return Long.valueOf(strArr3[1]);
                    }));
                    if (map.containsKey(sysById.getId().toUpperCase())) {
                        iamAuthoredUser.setTokenExpireSysId(sysById.getId());
                        tokenExpire = ((Long) map.get(sysById.getId().toUpperCase())).longValue();
                    } else {
                        String tokenExpireSysId = iamAuthoredUser.getTokenExpireSysId();
                        if (StringUtils.hasText(tokenExpireSysId)) {
                            Sys sysById2 = this.commonCacheService.getSysById(tokenExpireSysId);
                            if (Objects.nonNull(sysById2) && sysById2.isCustomizeTokenExpired()) {
                                if (sysById2.isAllowTenantAdjustTime()) {
                                    SysInTenant sysInTenant2 = this.commonCacheService.getSysInTenant(sysById2.getId(), Long.valueOf(iamAuthoredUser.getTenantSid()));
                                    tokenExpire = (Objects.nonNull(sysInTenant2) && sysInTenant2.isTokenExpireAdjusted()) ? sysInTenant2.getTokenExpire() : sysById2.getTokenExpire();
                                } else {
                                    tokenExpire = sysById2.getTokenExpire();
                                }
                            } else if (map.containsKey(tokenExpireSysId.toUpperCase())) {
                                tokenExpire = ((Long) map.get(tokenExpireSysId.toUpperCase())).longValue();
                            } else {
                                iamAuthoredUser.setTokenExpireSysId(null);
                            }
                        }
                    }
                }
            }
        }
        return tokenExpire;
    }

    @Override // com.digiwin.dap.middleware.iam.service.login.AuthoredUserService
    public long getTokenExpire(LoginUser loginUser) {
        loginUser.afterPropertiesSet();
        long tokenExpire = this.envProperties.getTokenExpire();
        if (Objects.nonNull(loginUser.getApp()) && "WHALE".equalsIgnoreCase(loginUser.getApp().getId())) {
            loginUser.setDeviceType(DeviceType.MOBILE);
        }
        if (this.envProperties.getCustomizeTokenExpired().booleanValue()) {
            if (IamConstants.VIRTUAL.equalsIgnoreCase(loginUser.getUser().getId()) || IamConstants.INTEGRATION.equalsIgnoreCase(loginUser.getUser().getId()) || DeviceType.MOBILE.equals(loginUser.getDeviceType()) || IamConstants.ALLOW_LONG_TOKEN_SOURCE.contains(Optional.ofNullable(loginUser.getDevice()).map((v0) -> {
                return v0.getSourceType();
            }).orElse(null))) {
                tokenExpire = this.envProperties.getTokenExpire();
            } else {
                tokenExpire = IamConstants.TOKEN_MIN_MINUTES.longValue();
                Sys app = loginUser.getApp();
                if (Objects.isNull(app)) {
                    return IamConstants.TOKEN_MAX_MINUTES.longValue();
                }
                if (app.isCustomizeTokenExpired()) {
                    loginUser.setTokenExpireSysId(app.getId());
                    if (app.isAllowTenantAdjustTime()) {
                        SysInTenant sysInTenant = this.commonCacheService.getSysInTenant(app.getId(), Long.valueOf(loginUser.getTenantSid()));
                        tokenExpire = (Objects.nonNull(sysInTenant) && sysInTenant.isTokenExpireAdjusted()) ? sysInTenant.getTokenExpire() : app.getTokenExpire();
                    } else {
                        tokenExpire = app.getTokenExpire();
                    }
                } else {
                    Map map = (Map) this.whiteListService.getWhiteList(IamConstants.WHITE_LIST_APPS_TOKEN_EXPIRE).stream().map(str -> {
                        return str.split(IamConstants.COLON);
                    }).filter(strArr -> {
                        return strArr.length == 2;
                    }).collect(Collectors.toMap(strArr2 -> {
                        return strArr2[0].toUpperCase();
                    }, strArr3 -> {
                        return Long.valueOf(strArr3[1]);
                    }));
                    if (map.containsKey(app.getId().toUpperCase())) {
                        loginUser.setTokenExpireSysId(app.getId());
                        tokenExpire = ((Long) map.get(app.getId().toUpperCase())).longValue();
                    } else {
                        String tokenExpireSysId = loginUser.getTokenExpireSysId();
                        if (StringUtils.hasText(tokenExpireSysId)) {
                            Sys sysById = this.commonCacheService.getSysById(tokenExpireSysId);
                            if (Objects.nonNull(sysById) && sysById.isCustomizeTokenExpired()) {
                                if (sysById.isAllowTenantAdjustTime()) {
                                    SysInTenant sysInTenant2 = this.commonCacheService.getSysInTenant(sysById.getId(), Long.valueOf(loginUser.getTenantSid()));
                                    tokenExpire = (Objects.nonNull(sysInTenant2) && sysInTenant2.isTokenExpireAdjusted()) ? sysInTenant2.getTokenExpire() : sysById.getTokenExpire();
                                } else {
                                    tokenExpire = sysById.getTokenExpire();
                                }
                            } else if (map.containsKey(tokenExpireSysId.toUpperCase())) {
                                tokenExpire = ((Long) map.get(tokenExpireSysId.toUpperCase())).longValue();
                            } else {
                                loginUser.setTokenExpireSysId(null);
                            }
                        }
                    }
                }
            }
        }
        return tokenExpire;
    }

    @Override // com.digiwin.dap.middleware.iam.service.login.AuthoredUserService
    public void checkCanUseApp(IamAuthoredUser iamAuthoredUser, Sys sys) {
        AuthoredSys loginSys = Sys.loginSys(sys);
        AuthType.checkAuthResult(this.ramService.processAuth(AuthResult.of(), iamAuthoredUser, loginSys).getAuthType(), iamAuthoredUser, loginSys);
    }

    @Override // com.digiwin.dap.middleware.iam.service.login.AuthoredUserService
    public String checkCanUseApp(AuthResult authResult, String str, String str2, Sys sys) {
        AuthoredUser authoredUser = new AuthoredUser();
        authoredUser.setUserId(str2);
        authoredUser.setTenantId(str);
        AuthoredSys loginSys = Sys.loginSys(sys);
        AuthResult processAuth = this.ramService.processAuth(authResult, authoredUser, loginSys);
        if (Objects.isNull(processAuth)) {
            return null;
        }
        AuthType.checkAuthResult(processAuth.getAuthType(), authoredUser, loginSys);
        return processAuth.getTenantId();
    }

    @Override // com.digiwin.dap.middleware.iam.service.login.AuthoredUserService
    public IamAuthoredUser getByUserToken(String str, Sys sys) {
        IamAuthoredUser byUserToken = getByUserToken(str);
        checkCanUseApp(byUserToken, sys);
        return byUserToken;
    }

    @Override // com.digiwin.dap.middleware.iam.service.login.AuthoredUserService
    public IamAuthoredUser getByGrantTypeInfo(GrantTypeInfo grantTypeInfo) {
        Assert.hasText(grantTypeInfo.getTenantId(), "grantTypeInfo.tenantId不能为空");
        Assert.hasText(grantTypeInfo.getVerifyUserId(), "grantTypeInfo.verifyUserId不能为空");
        AuthoredSys authoredSys = AppAuthContextHolder.getContext().getAuthoredSys();
        String str = IamConstants.EMPTY;
        if (!StringUtils.isEmpty(grantTypeInfo.getAppId())) {
            str = grantTypeInfo.getAppId();
        } else if (authoredSys != null) {
            str = authoredSys.getId();
        }
        Tenant tenant = (Tenant) this.tenantCrudService.findById(grantTypeInfo.getTenantId());
        if (tenant == null) {
            throw new BusinessException(I18nError.TENANT_NOT_EXISTED, new Object[]{grantTypeInfo.getTenantId()});
        }
        List<Long> findUserSidsByVerifyUserId = this.userMappingMapper.findUserSidsByVerifyUserId(Long.valueOf(tenant.getSid()), grantTypeInfo.getVerifyUserId(), str, grantTypeInfo.getAccount());
        if (findUserSidsByVerifyUserId == null || findUserSidsByVerifyUserId.size() == 0) {
            throw new BusinessException(I18nError.ACCESS_TOKEN_MAPPING_ERROR, new Object[]{grantTypeInfo.getTenantId(), str, grantTypeInfo.getVerifyUserId()});
        }
        if (findUserSidsByVerifyUserId.size() > 1) {
            throw new BusinessException(I18nError.ACCESS_TOKEN_GRANT_MAPPING_ERROR, new Object[]{grantTypeInfo.getVerifyUserId()});
        }
        User findBySid = this.userCrudService.findBySid(findUserSidsByVerifyUserId.get(0).longValue());
        if (findBySid == null) {
            throw new BusinessException(I18nError.ERROR_21001, new Object[]{findUserSidsByVerifyUserId.get(0)});
        }
        if (findBySid.isDeleted() || findBySid.isDisabled()) {
            throw new BusinessException(I18nError.ERROR_21004);
        }
        UserInTenant findByUnionKey = this.userInTenantCrudService.findByUnionKey(tenant.getSid(), findBySid.getSid());
        if (findByUnionKey == null) {
            throw new BusinessException(I18nError.LOGIN_USER_NOT_TENANT, new Object[]{findBySid.getId(), tenant.getId()});
        }
        if (findByUnionKey.isDisabled() || findByUnionKey.isDeleted()) {
            throw new BusinessException(I18nError.LOGIN_USER_DISABLE_TENANT, new Object[]{tenant.getId(), findBySid.getId()});
        }
        Sys sysById = this.commonCacheService.getSysById(str);
        boolean z = true;
        if (sysById == null) {
            sysById = new Sys();
            sysById.setId(str);
            z = false;
        }
        LoginUser loginUser = new LoginUser();
        loginUser.setIdentityType(IdentityType.grant);
        loginUser.setTenant(tenant);
        loginUser.setUser(findBySid);
        loginUser.setApp(sysById);
        return (null == grantTypeInfo.getGrantType() || grantTypeInfo.getTokenExpire() == null || grantTypeInfo.getTokenExpire().longValue() <= 0) ? this.authoredUserService.generate(loginUser, Boolean.valueOf(z), false) : this.authoredUserService.generate(loginUser, Boolean.valueOf(z), false, grantTypeInfo.getTokenExpire().longValue());
    }

    @Override // com.digiwin.dap.middleware.iam.service.login.AuthoredUserService
    public IamAuthoredUser refreshUserToken(String str, Sys sys) {
        return getByUserToken(str, sys);
    }

    @Override // com.digiwin.dap.middleware.iam.service.login.AuthoredUserService
    public IamAuthoredUser refreshUserTokenInTenant(String str, Tenant tenant, Sys sys) {
        IamAuthoredUser byUserToken = getByUserToken(str);
        this.loginCheckService.checkIP(byUserToken.getIdentityType(), tenant, sys);
        if (tenant != null) {
            if (tenant.getSid() == byUserToken.getTenantSid()) {
                return byUserToken;
            }
            checkUserInTenant(byUserToken.getSid(), byUserToken.getUserId(), tenant.getSid(), tenant.getId(), true);
        }
        LoginUser loginUser = new LoginUser();
        loginUser.setTenant(tenant);
        loginUser.setUser((User) this.userCrudService.findBySid(byUserToken.getSid()));
        loginUser.setApp(sys);
        loginUser.setDeviceType(byUserToken.getDeviceType());
        loginUser.setDevice(byUserToken.getDevice());
        loginUser.setTokenExpireSysId(byUserToken.getTokenExpireSysId());
        loginUser.setLoginSource(LoginSource.refreshTenant);
        return this.authoredUserService.generate(loginUser, true, false);
    }

    private void checkUserInTenant(long j, String str, long j2, String str2) {
        checkUserInTenant(j, str, j2, str2, false);
    }

    private void checkUserInTenant(long j, String str, long j2, String str2, boolean z) {
        if (j2 == 0 || str2 == null) {
            return;
        }
        UserInTenant userInTenant = this.commonCacheService.getUserInTenant(j2, j);
        if (userInTenant == null) {
            if (!z) {
                throw new BusinessException(I18nError.USER_TENANT_EXISTED_ERROR, new Object[]{str2, str});
            }
            throw new BusinessException(I18nError.IAM_USER_PERMISSION_COMMON_ERROR, new Object[]{UserUtils.getUserName(), str, AppAuthContextHolder.getContext().getClientIP(), Base64.encode(JsonUtils.writeValue(str2))});
        }
        if (userInTenant.isDisabled() || userInTenant.isDeleted()) {
            throw new BusinessException(I18nError.TOKEN_USER_DISABLE_TENANT, new Object[]{str2, str});
        }
    }

    @Override // com.digiwin.dap.middleware.iam.service.login.AuthoredUserService
    public IamAuthoredUser refreshUserTokenInSys(String str, Sys sys, AuthoredDevice authoredDevice) {
        IamAuthoredUser byUserToken = getByUserToken(str);
        LoginUser loginUser = new LoginUser();
        loginUser.setTenant((Tenant) this.tenantCrudService.findBySid(byUserToken.getTenantSid()));
        loginUser.setUser((User) this.userCrudService.findBySid(byUserToken.getSid()));
        loginUser.setApp(sys);
        loginUser.setDeviceType(byUserToken.getDeviceType());
        loginUser.setDevice(byUserToken.getDevice());
        if (Objects.nonNull(authoredDevice)) {
            loginUser.setDevice(authoredDevice);
        }
        loginUser.setTokenExpireSysId(byUserToken.getTokenExpireSysId());
        loginUser.setLoginSource(LoginSource.refreshSys);
        return this.authoredUserService.generate(loginUser, true, false);
    }

    @Override // com.digiwin.dap.middleware.iam.service.login.AuthoredUserService
    public void clear(long j, long j2) {
    }

    @Override // com.digiwin.dap.middleware.iam.service.login.AuthoredUserService
    public void clear(long j, long j2, String str) {
    }

    @Override // com.digiwin.dap.middleware.iam.service.login.AuthoredUserService
    public void logout(IamAuthoredUser iamAuthoredUser, String str, boolean z) {
        if (this.envProperties.isTokenExpired().booleanValue()) {
            List<String> whiteList = this.whiteListService.getWhiteList(IamConstants.WHITE_LIST_LOGOUT_VALID_TENANTS);
            if (ObjectUtils.isEmpty(this.envProperties.getTokenExpiredTenants()) && whiteList.isEmpty()) {
                clearUserTokenCache(iamAuthoredUser, str, z);
                return;
            }
            whiteList.addAll((Collection) Arrays.stream(this.envProperties.getTokenExpiredTenants().split(IamConstants.SEMICOLON)).collect(Collectors.toList()));
            if (whiteList.contains(iamAuthoredUser.getTenantId())) {
                clearUserTokenCache(iamAuthoredUser, str, z);
            }
        }
    }

    private void clearUserTokenCache(IamAuthoredUser iamAuthoredUser, String str, boolean z) {
        ArrayList arrayList = new ArrayList();
        arrayList.add(LoginUser.tokenKey(iamAuthoredUser.getToken()));
        if (z) {
            List<TenantRelevantInfoVO> findAllTenantByUser = this.userInTenantMapper.findAllTenantByUser(iamAuthoredUser.getSid());
            if (!CollectionUtils.isEmpty(findAllTenantByUser)) {
                arrayList.addAll(getTokenKeys((List) findAllTenantByUser.stream().map(tenantRelevantInfoVO -> {
                    return LoginUser.uniqueKey(iamAuthoredUser.getUserId(), tenantRelevantInfoVO.getId(), str, iamAuthoredUser.getDeviceType(), iamAuthoredUser.getIdentityType(), iamAuthoredUser.getAgentUserId(), iamAuthoredUser.getDevice(), Boolean.valueOf(iamAuthoredUser.isShared()));
                }).collect(Collectors.toList())));
            }
        }
        Lists.partition(arrayList, LdapConstants.PAGE_SIZE).forEach((v0) -> {
            RedisUtils.delete(v0);
        });
    }

    private List<String> getTokenKeys(List<String> list) {
        ArrayList arrayList = new ArrayList();
        if (CollectionUtils.isEmpty(list)) {
            return arrayList;
        }
        Lists.partition(list, LdapConstants.PAGE_SIZE).forEach(list2 -> {
            List multiGet = RedisUtils.opsForValue().multiGet(list2);
            if (CollectionUtils.isEmpty(multiGet)) {
                return;
            }
            arrayList.addAll((Collection) multiGet.stream().filter(Objects::nonNull).map(this::processTokenObject).filter((v0) -> {
                return Objects.nonNull(v0);
            }).collect(Collectors.toList()));
        });
        return arrayList;
    }

    private String processTokenObject(Object obj) {
        try {
            return LoginUser.tokenKey((String) objectMapper.readValue(obj.toString(), String.class));
        } catch (Exception e) {
            logger.error("{}Key值为:{}，错误信息：{}", new Object[]{"【Redis异常】", obj, e.getMessage()});
            return null;
        }
    }

    @Override // com.digiwin.dap.middleware.iam.service.login.AuthoredUserService
    public IamAuthoredUser getOauthUser(String str, HttpServletRequest httpServletRequest) {
        IamAuthoredUser iamAuthoredUser = (IamAuthoredUser) RedisUtils.get(String.format(RedisConstants.REDIS_OAUTH_ACCESS_TOKEN, str), IamAuthoredUser.class);
        if (iamAuthoredUser == null) {
            throw new BusinessException(I18nError.ACCESS_TOKEN_INVALID, String.format("解析AccessToken[%s]为null", str));
        }
        List<OauthScopeApiVO> authoredApis = iamAuthoredUser.getAuthoredApis();
        if (authoredApis.isEmpty()) {
            throw new UnauthorizedException(I18nError.OAUTH_ACCESS_TOKEN_NO_AUTH);
        }
        if (((List) authoredApis.stream().map((v0) -> {
            return v0.getApi();
        }).collect(Collectors.toList())).contains(httpServletRequest.getRequestURI())) {
            return iamAuthoredUser;
        }
        throw new UnauthorizedException(I18nError.OAUTH_ACCESS_TOKEN_NO_AUTH_1, new Object[]{httpServletRequest.getRequestURI()});
    }

    @Override // com.digiwin.dap.middleware.iam.service.login.AuthoredUserService
    public IamAuthoredUser changeUserToken(IamAuthoredUser iamAuthoredUser, LoginUser loginUser, Sys sys) {
        List<String> whiteList = this.whiteListService.getWhiteList(IamConstants.IAM_URIS_WHITE_TENANTS);
        if (!whiteList.isEmpty() && !whiteList.contains(iamAuthoredUser.getTenantId())) {
            throw new BusinessException(I18nError.TENANT_CANNOT_OPERATE_USER_AGENT);
        }
        if (null == this.userInRoleQueryService.queryUserInRoleByUserAndRole(iamAuthoredUser.getTenantSid(), iamAuthoredUser.getSid(), IamConstants.AGENT_ADMIN)) {
            throw new BusinessException(I18nError.USER_CANNOT_AGENT_USER, new Object[]{iamAuthoredUser.getUserId()});
        }
        String passWord = PwdUtils.getPassWord(loginUser.getUserId(), loginUser.getClientEncryptPublicKey(), KeyConstant.BASE64_PRIVATE_KEY);
        User user = (User) this.userCrudService.findById(passWord);
        if (user == null) {
            throw new BusinessException(I18nError.USER_NOT_EXIST, new Object[]{passWord});
        }
        if (!this.userInTenantCrudService.existsByUnionKey(iamAuthoredUser.getTenantSid(), user.getSid())) {
            throw new BusinessException(I18nError.USER_CANNOT_AGENT_USER, new Object[]{passWord});
        }
        LoginUser loginUser2 = new LoginUser();
        Tenant tenant = (Tenant) this.tenantCrudService.findBySid(iamAuthoredUser.getTenantSid());
        loginUser2.setTenant(tenant);
        loginUser2.setUser(user);
        loginUser2.setApp(sys);
        loginUser2.setDeviceType(iamAuthoredUser.getDeviceType());
        loginUser2.setLoginSource(LoginSource.changeUser);
        checkCanUseApp(AuthResult.of(), tenant.getId(), passWord, sys);
        IamAuthoredUser iamAuthoredUser2 = null;
        Object[] objArr = new Object[4];
        objArr[0] = iamAuthoredUser.getUserId();
        objArr[1] = iamAuthoredUser.getTenantId();
        objArr[2] = (sys == null || StringUtils.isEmpty(sys.getId())) ? "nonsys" : sys.getId();
        objArr[3] = passWord;
        String lowerCase = String.format(RedisConstants.REDIS_IAM_USER_AGENT_KEY, objArr).toLowerCase();
        String str = (String) RedisUtils.get(lowerCase, String.class);
        if (str != null) {
            iamAuthoredUser2 = (IamAuthoredUser) RedisUtils.get(LoginUser.tokenKey(str), IamAuthoredUser.class);
        }
        if (iamAuthoredUser2 == null) {
            iamAuthoredUser2 = generate(loginUser2, false, false);
            String uuid = UUID.randomUUID().toString();
            iamAuthoredUser2.setToken(uuid);
            RedisUtils.set(lowerCase, uuid);
            RedisUtils.set(LoginUser.tokenKey(uuid), iamAuthoredUser2, Duration.ofHours(1L));
        }
        return iamAuthoredUser2;
    }

    @Override // com.digiwin.dap.middleware.iam.service.login.AuthoredUserService
    public IamAuthoredUser getProxyUsers(LoginUser loginUser, Sys sys) {
        User user = loginUser.getUser();
        Tenant tenant = loginUser.getTenant();
        String id = sys == null ? null : sys.getId();
        Object[] objArr = new Object[3];
        objArr[0] = user.getId();
        objArr[1] = tenant.getId();
        objArr[2] = StringUtils.isEmpty(id) ? "nonsys" : id;
        String lowerCase = String.format(RedisConstants.REDIS_IAM_ATHENA_USER_AGENT_KEY, objArr).toLowerCase();
        String str = (String) RedisUtils.get(lowerCase, String.class);
        IamAuthoredUser iamAuthoredUser = null;
        if (!StringUtils.isEmpty(str)) {
            iamAuthoredUser = (IamAuthoredUser) RedisUtils.get(LoginUser.agentTokenKey(str), IamAuthoredUser.class);
        }
        if (null == iamAuthoredUser) {
            iamAuthoredUser = IamAuthoredUser.createAuthoredUser(user, tenant);
            iamAuthoredUser.setAgentAuthorizationCode(loginUser.getAgentAuthorizationCode());
            iamAuthoredUser.setToken(UUID.randomUUID().toString());
            iamAuthoredUser.setTokenExpiresIn(600000L);
            iamAuthoredUser.setTokenExpiresAt(System.currentTimeMillis() + Duration.ofMinutes(10L).toMillis());
            iamAuthoredUser.setAppId(id);
            RedisUtils.set(lowerCase, iamAuthoredUser.getToken());
            RedisUtils.set(LoginUser.agentTokenKey(iamAuthoredUser.getToken()), iamAuthoredUser, Duration.ofMinutes(10L));
        } else if (!loginUser.getAgentAuthorizationCode().equals(iamAuthoredUser.getAgentAuthorizationCode())) {
            iamAuthoredUser.setAgentAuthorizationCode(loginUser.getAgentAuthorizationCode());
            RedisUtils.set(LoginUser.agentTokenKey(iamAuthoredUser.getToken()), iamAuthoredUser);
        }
        ArrayList arrayList = new ArrayList();
        loginUser.getRecordVOS().forEach(serviceAuthorizationRecordVO -> {
            UserAndTenantSimpleInfo userAndTenantSimpleInfo = new UserAndTenantSimpleInfo();
            userAndTenantSimpleInfo.setUserId(serviceAuthorizationRecordVO.getUserId());
            userAndTenantSimpleInfo.setUserName(serviceAuthorizationRecordVO.getUserName());
            arrayList.add(userAndTenantSimpleInfo);
        });
        iamAuthoredUser.setAgentUserList(arrayList);
        return iamAuthoredUser;
    }
}
