package com.digiwin.dap.middleware.iam.service.login.impl;

import com.digiwin.dap.middle.kms.constants.KeyConstant;
import com.digiwin.dap.middleware.auth.domain.AuthResult;
import com.digiwin.dap.middleware.auth.domain.AuthType;
import com.digiwin.dap.middleware.cache.RedisUtils;
import com.digiwin.dap.middleware.commons.crypto.PwdUtils;
import com.digiwin.dap.middleware.exception.BusinessException;
import com.digiwin.dap.middleware.iam.constant.I18nError;
import com.digiwin.dap.middleware.iam.constant.IamConstants;
import com.digiwin.dap.middleware.iam.domain.EnvProperties;
import com.digiwin.dap.middleware.iam.domain.authorization.record.ServiceAuthorizationRecordVO;
import com.digiwin.dap.middleware.iam.domain.login.IdentityType;
import com.digiwin.dap.middleware.iam.domain.login.LoginSource;
import com.digiwin.dap.middleware.iam.domain.login.LoginUser;
import com.digiwin.dap.middleware.iam.entity.Sys;
import com.digiwin.dap.middleware.iam.entity.Tenant;
import com.digiwin.dap.middleware.iam.entity.User;
import com.digiwin.dap.middleware.iam.entity.UserInTenant;
import com.digiwin.dap.middleware.iam.service.login.IdentityService;
import com.digiwin.dap.middleware.iam.service.service.authorization.code.ServiceAuthorizationCodeService;
import com.digiwin.dap.middleware.iam.service.service.authorization.record.ServiceAuthorizationRecordService;
import com.digiwin.dap.middleware.iam.service.user.UserCrudService;
import com.digiwin.dap.middleware.iam.service.user.UserInTenantCrudService;
import com.digiwin.dap.middleware.iam.support.auth.domain.IamAuthoredUser;
import com.digiwin.dap.middleware.iam.support.remote.LdapService;
import com.digiwin.dap.middleware.iam.support.remote.digiwinadwsdl.domain.AdExecution;
import java.util.List;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.core.annotation.Order;
import org.springframework.stereotype.Service;
import org.springframework.util.StringUtils;

@Order(9)
@Service("agentIdentityService")
/* loaded from: input_file:com/digiwin/dap/middleware/iam/service/login/impl/AgentIdentityServiceImpl.class */
public class AgentIdentityServiceImpl extends IdentityServiceBase implements IdentityService {

    @Autowired
    private UserCrudService userCrudService;

    @Autowired
    private LdapService ldapService;

    @Autowired
    private EnvProperties envProperties;

    @Autowired
    private ServiceAuthorizationCodeService serviceAuthorizationCodeService;

    @Autowired
    private UserInTenantCrudService userInTenantCrudService;

    @Autowired
    private ServiceAuthorizationRecordService serviceAuthorizationRecordService;

    @Override // com.digiwin.dap.middleware.iam.service.login.IdentityService
    public IamAuthoredUser login(LoginUser loginUser) {
        IamAuthoredUser generate;
        loginUser.setLoginSource(LoginSource.agent);
        Sys app = loginUser.getApp();
        String userId = loginUser.getUserId();
        User queryUserByIdOrEmailOrTelephoneAndType = userId.contains(IamConstants.INNER_USER_DELIMITER) ? (User) this.userCrudService.findById(userId) : this.userCrudService.queryUserByIdOrEmailOrTelephoneAndType(loginUser.getUserId(), loginUser.getUserId(), loginUser.getUserId(), 0);
        if (queryUserByIdOrEmailOrTelephoneAndType == null) {
            throw new BusinessException(I18nError.LOGIN_USERNAME_PASSWORD_ERROR, new Object[]{loginUser.getUserId()});
        }
        if (StringUtils.isEmpty(loginUser.getAgentToken())) {
            loginUser.setPassword(PwdUtils.getPassWord(loginUser.getPasswordHash(), loginUser.getClientEncryptPublicKey(), KeyConstant.BASE64_PRIVATE_KEY));
            AdExecution checkAccount = this.ldapService.checkAccount(userId.toLowerCase().endsWith(IamConstants.DEFAULT_EMAIL) ? loginUser.getUserId().split(IamConstants.AT)[0] : userId, loginUser.getPassword(), this.envProperties.getCountry());
            if (checkAccount.getInfo() == null) {
                throw new BusinessException(I18nError.ERROR_21011);
            }
            loginUser.setUserId(checkAccount.getInfo().getMail());
            List<ServiceAuthorizationRecordVO> proxyUsers = this.serviceAuthorizationCodeService.getProxyUsers(loginUser.getAgentAuthorizationCode());
            if (proxyUsers.isEmpty()) {
                throw new BusinessException(I18nError.AUTHORIZE_CODE_NO_USER, new Object[]{loginUser.getAgentAuthorizationCode()});
            }
            getTenant(proxyUsers.get(0).getTenantId(), queryUserByIdOrEmailOrTelephoneAndType, app, loginUser, false);
            loginUser.setRecordVOS(proxyUsers);
            generate = this.authoredUserService.getProxyUsers(loginUser, app);
        } else {
            IamAuthoredUser iamAuthoredUser = (IamAuthoredUser) RedisUtils.get(LoginUser.agentTokenKey(loginUser.getAgentToken()), IamAuthoredUser.class);
            if (iamAuthoredUser == null) {
                throw new BusinessException(I18nError.AGENT_TOKEN_DISABLE);
            }
            if (app == null) {
                if (!StringUtils.isEmpty(iamAuthoredUser.getAppId())) {
                    throw new BusinessException(I18nError.AGENT_USER_ERROR);
                }
            } else if (!app.getId().equals(iamAuthoredUser.getAppId())) {
                throw new BusinessException(I18nError.AGENT_USER_ERROR);
            }
            if (!Boolean.valueOf(this.serviceAuthorizationRecordService.checkCanAgent(iamAuthoredUser.getAgentAuthorizationCode(), loginUser.getUserId())).booleanValue()) {
                throw new BusinessException(I18nError.AGENT_USER_DISABLE, new Object[]{loginUser.getUserId()});
            }
            getTenant(iamAuthoredUser.getTenantId(), queryUserByIdOrEmailOrTelephoneAndType, app, loginUser, true);
            loginUser.setAgentUserId(iamAuthoredUser.getUserId());
            loginUser.setAgentAuthorizationCode(iamAuthoredUser.getAgentAuthorizationCode());
            generate = this.authoredUserService.generate(loginUser, false, false);
            generate.setAgentUserId(null);
            generate.setAgentAuthorizationCode(null);
        }
        return generate;
    }

    private void getTenant(String str, User user, Sys sys, LoginUser loginUser, boolean z) {
        AuthResult of = AuthResult.of();
        Tenant tenant = (Tenant) this.tenantCrudService.findById(str);
        if (tenant == null) {
            throw new BusinessException(I18nError.ERROR_21005, new Object[]{str});
        }
        if (z) {
            UserInTenant findByUnionKey = this.userInTenantCrudService.findByUnionKey(tenant.getSid(), user.getSid());
            if (findByUnionKey == null) {
                throw new BusinessException(I18nError.LOGIN_USER_NOT_TENANT, new Object[]{user.getId(), tenant.getName()});
            }
            if (findByUnionKey.isDisabled() || findByUnionKey.isDeleted()) {
                throw new BusinessException(I18nError.ERROR_21004);
            }
            if (sys != null) {
                if (!this.commonCacheService.existsBySysIdAndTenantId(sys.getId(), tenant.getId())) {
                    of.setAuthType(AuthType.AppNone);
                }
                this.authoredUserService.checkCanUseApp(of, str, user.getId(), sys);
            } else {
                of.setAuthType(AuthType.AppNone);
            }
        }
        loginUser.setUser(user);
        loginUser.setTenant(tenant);
    }

    @Override // com.digiwin.dap.middleware.iam.service.login.IdentityService
    public boolean support(LoginUser loginUser) {
        return IdentityType.agent == loginUser.getIdentityType();
    }
}
