package com.digiwin.dap.middleware.iam.service.user.impl;

import com.digiwin.dap.middle.kms.constants.KeyConstant;
import com.digiwin.dap.middleware.auth.AuthoredUser;
import com.digiwin.dap.middleware.commons.crypto.AES;
import com.digiwin.dap.middleware.commons.crypto.DigestUtils;
import com.digiwin.dap.middleware.dict.domain.DictDataDTO;
import com.digiwin.dap.middleware.dict.entity.DictData;
import com.digiwin.dap.middleware.dict.service.DictDataService;
import com.digiwin.dap.middleware.entity.BaseEntity;
import com.digiwin.dap.middleware.exception.BusinessException;
import com.digiwin.dap.middleware.iam.constant.I18nCode;
import com.digiwin.dap.middleware.iam.constant.I18nError;
import com.digiwin.dap.middleware.iam.constant.IamConstants;
import com.digiwin.dap.middleware.iam.constant.enums.BooleanStrEnum;
import com.digiwin.dap.middleware.iam.constant.enums.TenantEnterpriseTypeEnum;
import com.digiwin.dap.middleware.iam.constant.enums.UserTypeEnum;
import com.digiwin.dap.middleware.iam.domain.EnvProperties;
import com.digiwin.dap.middleware.iam.domain.login.IdentityType;
import com.digiwin.dap.middleware.iam.domain.login.LoginUser;
import com.digiwin.dap.middleware.iam.domain.role.QueryRoleResultVO;
import com.digiwin.dap.middleware.iam.domain.tenant.ReassignAdminVO;
import com.digiwin.dap.middleware.iam.domain.tenant.UserInTenantSimpleDTO;
import com.digiwin.dap.middleware.iam.domain.tenant.UserInTenantVO;
import com.digiwin.dap.middleware.iam.domain.tenant.metadata.TenantMetadataLdapVO;
import com.digiwin.dap.middleware.iam.domain.user.CheckPasswordVO;
import com.digiwin.dap.middleware.iam.domain.user.EMCEmailContactDTO;
import com.digiwin.dap.middleware.iam.domain.user.InternalUserUnfreezeVO;
import com.digiwin.dap.middleware.iam.domain.user.ModUserVO;
import com.digiwin.dap.middleware.iam.domain.user.RegisterTempUserVO;
import com.digiwin.dap.middleware.iam.domain.user.RegisterUserWithTenantVO;
import com.digiwin.dap.middleware.iam.domain.user.UpdatePasswordByIdVO;
import com.digiwin.dap.middleware.iam.domain.user.UserBasicInfoVO;
import com.digiwin.dap.middleware.iam.domain.user.UserDataVO;
import com.digiwin.dap.middleware.iam.domain.user.UserInfo;
import com.digiwin.dap.middleware.iam.domain.user.UserMetadataVO;
import com.digiwin.dap.middleware.iam.domain.user.UserTypeVO;
import com.digiwin.dap.middleware.iam.entity.Association;
import com.digiwin.dap.middleware.iam.entity.InvitedUserHistory;
import com.digiwin.dap.middleware.iam.entity.Role;
import com.digiwin.dap.middleware.iam.entity.Tenant;
import com.digiwin.dap.middleware.iam.entity.User;
import com.digiwin.dap.middleware.iam.entity.UserDeregisterRecord;
import com.digiwin.dap.middleware.iam.entity.UserInTenant;
import com.digiwin.dap.middleware.iam.mapper.UserInTenantMapper;
import com.digiwin.dap.middleware.iam.mapper.UserMapper;
import com.digiwin.dap.middleware.iam.repository.TenantRepository;
import com.digiwin.dap.middleware.iam.repository.UserDeregisterRecordRepository;
import com.digiwin.dap.middleware.iam.repository.UserRepository;
import com.digiwin.dap.middleware.iam.service.login.IdentityService;
import com.digiwin.dap.middleware.iam.service.login.LoginFailureHandlingService;
import com.digiwin.dap.middleware.iam.service.metadata.MetadataUpdateService;
import com.digiwin.dap.middleware.iam.service.role.RoleCrudService;
import com.digiwin.dap.middleware.iam.service.tenant.InvitedUserHistoryCrudService;
import com.digiwin.dap.middleware.iam.service.tenant.TenantCrudService;
import com.digiwin.dap.middleware.iam.service.tenant.TenantRelationWithUserService;
import com.digiwin.dap.middleware.iam.service.tenant.TenantService;
import com.digiwin.dap.middleware.iam.service.tenantmetadata.TenantMetadataCrudService;
import com.digiwin.dap.middleware.iam.service.user.UserCrudService;
import com.digiwin.dap.middleware.iam.service.user.UserInRoleCrudService;
import com.digiwin.dap.middleware.iam.service.user.UserInRoleService;
import com.digiwin.dap.middleware.iam.service.user.UserInTenantCrudService;
import com.digiwin.dap.middleware.iam.service.user.UserInTenantOperationService;
import com.digiwin.dap.middleware.iam.service.user.UserService;
import com.digiwin.dap.middleware.iam.support.cache.CommonCacheService;
import com.digiwin.dap.middleware.iam.support.clean.PolicyCascadeDeleteService;
import com.digiwin.dap.middleware.iam.support.log.ChangeLogService;
import com.digiwin.dap.middleware.iam.support.obsolete.service.UserV2Service;
import com.digiwin.dap.middleware.iam.support.remote.CacService;
import com.digiwin.dap.middleware.iam.support.remote.LdapConstants;
import com.digiwin.dap.middleware.iam.support.remote.LdapService;
import com.digiwin.dap.middleware.iam.support.remote.OmcService;
import com.digiwin.dap.middleware.iam.support.remote.RemoteEocService;
import com.digiwin.dap.middleware.iam.support.remote.domain.EmpInfoVO;
import com.digiwin.dap.middleware.iam.support.remote.domain.ad.AdOu;
import com.digiwin.dap.middleware.iam.support.remote.domain.ad.AdTenantInfoDTO;
import com.digiwin.dap.middleware.iam.support.remote.domain.ad.AdUser;
import com.digiwin.dap.middleware.iam.support.validate.OtherValidateService;
import com.digiwin.dap.middleware.iam.util.StringUtil;
import com.digiwin.dap.middleware.iam.util.vlidator.PasswordValidator;
import com.digiwin.dap.middleware.util.EntityUtils;
import com.digiwin.dap.middleware.util.I18nUtils;
import com.digiwin.dap.middleware.util.JsonUtils;
import com.digiwin.dap.middleware.util.UserUtils;
import java.time.LocalDateTime;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.stream.Collectors;
import javax.naming.NamingException;
import javax.naming.ldap.LdapContext;
import org.apache.logging.log4j.util.Strings;
import org.jetbrains.annotations.NotNull;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.scheduling.concurrent.ThreadPoolTaskExecutor;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.util.CollectionUtils;
import org.springframework.util.ObjectUtils;
import org.springframework.util.StringUtils;

@Service
/* loaded from: input_file:com/digiwin/dap/middleware/iam/service/user/impl/UserServiceImpl.class */
public class UserServiceImpl implements UserService {
    private static final Logger log = LoggerFactory.getLogger(UserServiceImpl.class);
    private static final Logger logger = LoggerFactory.getLogger(UserServiceImpl.class);

    @Autowired
    private RoleCrudService roleCrudService;

    @Autowired
    private UserInRoleCrudService userInRoleCrudService;

    @Autowired
    private TenantCrudService tenantCrudService;

    @Autowired
    private UserCrudService userCrudService;

    @Autowired
    private UserInRoleService userInRoleService;

    @Autowired
    private UserInTenantCrudService userInTenantCrudService;

    @Autowired
    private InvitedUserHistoryCrudService invitedUserHistoryCrudService;

    @Autowired
    private UserV2Service userV2Service;

    @Autowired
    private OtherValidateService otherValidateService;

    @Autowired
    private UserInTenantOperationService userInTenantOperationService;

    @Autowired
    private MetadataUpdateService metadataUpdateService;

    @Autowired
    private CacService cacService;

    @Autowired
    private EnvProperties envProperties;

    @Autowired
    private UserMapper userMapper;

    @Autowired
    private TenantRepository tenantRepository;

    @Autowired
    private DictDataService dictDataService;

    @Autowired
    private RemoteEocService remoteEocService;

    @Autowired
    private TenantMetadataCrudService tenantMetadataCrudService;

    @Autowired
    private LoginFailureHandlingService loginFailureHandlingService;

    @Autowired
    private LdapService ldapService;

    @Autowired
    private PasswordEncoder iamPasswordEncoder;

    @Autowired
    private TenantRelationWithUserService tenantRelationWithUserService;

    @Autowired
    @Qualifier("internalIdentityService")
    private IdentityService internalIdentityService;

    @Autowired
    private ThreadPoolTaskExecutor dapTaskExecutor;

    @Autowired
    private PolicyCascadeDeleteService policyCascadeDeleteService;

    @Autowired
    private UserDeregisterRecordRepository userDeregisterRecordRepository;

    @Autowired
    private ChangeLogService changeLogService;

    @Autowired
    private UserRepository userRepository;

    @Autowired
    private CommonCacheService commonCacheService;

    @Autowired
    private UserInTenantMapper userInTenantMapper;

    @Autowired
    private TenantService tenantService;

    @Autowired
    private OmcService omcService;

    @Override // com.digiwin.dap.middleware.iam.service.user.UserService
    public void disableUser(long j, long j2) {
        this.otherValidateService.checkParam(j, j2);
        UserInTenant findByUnionKey = this.userInTenantCrudService.findByUnionKey(j, j2);
        if (findByUnionKey == null) {
            throw new BusinessException(I18nError.USER_NOT_IN_TENANT, new Object[]{Long.valueOf(j2), Long.valueOf(j)});
        }
        if (findByUnionKey.isDisabled()) {
            return;
        }
        findByUnionKey.setDisabled(true);
        this.userInTenantCrudService.update(findByUnionKey);
    }

    @Override // com.digiwin.dap.middleware.iam.service.user.UserService
    public void enableUser(long j, long j2) {
        this.otherValidateService.checkParam(j, j2);
        UserInTenant findByUnionKey = this.userInTenantCrudService.findByUnionKey(j, j2);
        if (findByUnionKey == null) {
            throw new BusinessException(I18nError.USER_NOT_IN_TENANT, new Object[]{Long.valueOf(j2), Long.valueOf(j)});
        }
        if (findByUnionKey.isDisabled()) {
            findByUnionKey.setDisabled(false);
            this.userInTenantCrudService.update(findByUnionKey);
        }
    }

    @Override // com.digiwin.dap.middleware.iam.service.user.UserService
    public void updateUserInAdmin(long j, long j2) {
        this.otherValidateService.checkParam(j, j2);
        Role findByTenantSidAndId = this.roleCrudService.findByTenantSidAndId(j, "superadmin");
        if (findByTenantSidAndId == null) {
            throw new BusinessException("没有管理员角色");
        }
        BaseEntity association = new Association();
        association.setTenantSid(j);
        association.setRoleSid(findByTenantSidAndId.getSid());
        association.setUserSid(j2);
        if (this.userInRoleCrudService.findByUnionKey(j, j2, findByTenantSidAndId.getSid()) == null) {
            this.userInRoleCrudService.create(association);
        }
    }

    @Override // com.digiwin.dap.middleware.iam.service.user.UserService
    public void updateUserCancelAdmin(long j, long j2) {
        this.otherValidateService.checkParam(j, j2);
        Role findByTenantSidAndId = this.roleCrudService.findByTenantSidAndId(j, "superadmin");
        if (findByTenantSidAndId == null) {
            throw new BusinessException("没有管理员角色");
        }
        if (this.userInRoleCrudService.findByUnionKey(j, j2, findByTenantSidAndId.getSid()) != null) {
            this.userInRoleCrudService.deleteByUnionKey(j, j2, findByTenantSidAndId.getSid());
        }
    }

    @Override // com.digiwin.dap.middleware.iam.service.user.UserService
    public void activateUser(long j, long j2) {
        this.otherValidateService.checkParam(j, j2);
        BaseEntity baseEntity = (User) this.userCrudService.findBySid(j2);
        if (baseEntity == null) {
            throw new BusinessException(I18nError.USER_NOT_EXIST);
        }
        if (baseEntity.isActivated()) {
            return;
        }
        baseEntity.setActivated(true);
        this.userCrudService.update(baseEntity);
    }

    @Override // com.digiwin.dap.middleware.iam.service.user.UserService
    public void updateBasicInfo(long j, long j2, UserBasicInfoVO userBasicInfoVO) {
        this.otherValidateService.checkParam(j, j2);
        if (userBasicInfoVO == null) {
            throw new IllegalArgumentException("bossUpdateBasicInfoVO is null");
        }
        if (this.userCrudService.findBySid(j2) == null) {
            throw new BusinessException(I18nError.USER_NOT_EXIST);
        }
        if (this.tenantCrudService.findBySid(j) == null) {
            throw new BusinessException(I18nError.TENANT_NOT_EXISTED, new Object[]{Long.valueOf(j)});
        }
        ArrayList arrayList = new ArrayList();
        Iterator<QueryRoleResultVO> it = userBasicInfoVO.getRole().iterator();
        while (it.hasNext()) {
            arrayList.add(it.next().getId());
        }
        this.userInRoleService.updateUserInRoleByUser(Long.valueOf(j), Long.valueOf(j2), arrayList);
        this.userV2Service.updateUserInOrgByUser(j, j2, "all", userBasicInfoVO.getUserInOrg());
    }

    @Override // com.digiwin.dap.middleware.iam.service.user.UserService
    public void agreeTenantInvited(long j, long j2) {
        InvitedUserHistory invitedUserHistory = (InvitedUserHistory) this.invitedUserHistoryCrudService.findBySid(j2);
        if (null == invitedUserHistory) {
            throw new BusinessException(String.format("邀请记录【%s】不存在", Long.valueOf(j2)));
        }
        User findBySid = this.userCrudService.findBySid(j);
        Tenant findBySid2 = this.tenantCrudService.findBySid(invitedUserHistory.getTenantSid().longValue());
        this.otherValidateService.checkInvitedParam(invitedUserHistory, j, findBySid, findBySid2);
        invitedUserHistory.setConfirmDate(LocalDateTime.now());
        invitedUserHistory.setAcceptedstatus(IamConstants.AcceptedStatus.Agree.toString());
        this.invitedUserHistoryCrudService.update(invitedUserHistory);
        this.userInTenantCrudService.createUserInTenant(findBySid2.getSid(), findBySid.getSid(), false);
    }

    @Override // com.digiwin.dap.middleware.iam.service.user.UserService
    public void updateUserType(UserTypeVO userTypeVO, AuthoredUser authoredUser) {
        UserInTenant findByUnionKey = this.userInTenantCrudService.findByUnionKey(userTypeVO.getTenantSid().longValue(), userTypeVO.getUserSid().longValue());
        if (findByUnionKey == null) {
            throw new BusinessException("用户" + userTypeVO.getUserSid() + "不在租户" + userTypeVO.getTenantSid() + "中");
        }
        if (userTypeVO.getUserType().intValue() == 0) {
            findByUnionKey.setUserType(false);
        } else {
            findByUnionKey.setUserType(true);
        }
        findByUnionKey.setDisabled(userTypeVO.getDisable().booleanValue());
        this.userInTenantCrudService.update(findByUnionKey);
        this.remoteEocService.changeEmpStatus(findByUnionKey.getTenantSid(), this.userCrudService.findBySid(findByUnionKey.getUserSid()).getId(), !userTypeVO.getDisable().booleanValue(), authoredUser.getToken());
    }

    @Override // com.digiwin.dap.middleware.iam.service.user.UserService
    @Transactional
    public Long addUser(long j, RegisterUserWithTenantVO registerUserWithTenantVO) {
        if (ObjectUtils.isEmpty(registerUserWithTenantVO.getEmail()) && ObjectUtils.isEmpty(registerUserWithTenantVO.getTelephone())) {
            throw new BusinessException(I18nCode.EXCEL_IMPORT_USER_ERROR_EMPTY_TELEPHONE_EMAIL.getMessage());
        }
        if (StringUtils.hasText(registerUserWithTenantVO.getPasswordHash())) {
            try {
                String decrypt = AES.decrypt(registerUserWithTenantVO.getPasswordHash(), KeyConstant.WECHAT_UNION_ID);
                if (PasswordValidator.validatePassword(decrypt)) {
                    throw new BusinessException(I18nError.PASSWORD_UPDATE_FORMAT_ERROR);
                }
                registerUserWithTenantVO.setPassword(decrypt);
            } catch (Exception e) {
                logger.error("密码解密异常: {}", e.getMessage());
            }
        }
        this.otherValidateService.verifyRegisterBody(registerUserWithTenantVO, false, StringUtils.hasLength(registerUserWithTenantVO.getTelephone()), StringUtils.hasLength(registerUserWithTenantVO.getEmail()));
        Tenant findBySid = this.tenantCrudService.findBySid(j);
        if (findBySid == null) {
            throw new BusinessException(I18nError.TENANT_NOT_EXISTED, new Object[]{Long.valueOf(j)});
        }
        User user = new User(registerUserWithTenantVO, this.envProperties.getCloud());
        long create = this.userCrudService.create(user);
        UserInTenant userInTenant = new UserInTenant();
        userInTenant.setUserSid(create);
        userInTenant.setUserType(registerUserWithTenantVO.getType().booleanValue());
        userInTenant.setTenantSid(j);
        this.userInTenantCrudService.create(userInTenant);
        if (!StringUtils.isEmpty(registerUserWithTenantVO.getTelephone())) {
            this.metadataUpdateService.updateMetadataValue(new UserMetadataVO(IamConstants.METADATA_CONTACT_CATALOG_NAME, "mobilephone1", registerUserWithTenantVO.getTelephone(), 0L, Long.valueOf(create)));
        }
        this.userInTenantOperationService.initializeUserData(findBySid, user, registerUserWithTenantVO.getRole(), registerUserWithTenantVO.getOrg(), registerUserWithTenantVO.getApp(), IamConstants.EMPTY, IamConstants.EMPTY);
        return Long.valueOf(create);
    }

    @Override // com.digiwin.dap.middleware.iam.service.user.UserService
    public void addUserInTenantWithAuth(Tenant tenant, String str, RegisterTempUserVO registerTempUserVO) {
        String appId = registerTempUserVO.getAppId();
        List<String> appIds = registerTempUserVO.getAppIds();
        String roleId = registerTempUserVO.getRoleId();
        User user = (User) this.userCrudService.findById(str);
        if (user == null) {
            throw new BusinessException(I18nError.USER_NOT_EXIST, new Object[]{str});
        }
        this.userInTenantCrudService.createUserInTenant(tenant.getSid(), user.getSid(), false);
        if (!StringUtils.isEmpty(appId)) {
            this.cacService.addAuthorization(this.envProperties.getCacUri(), tenant.getId(), appId, user.getId());
        }
        if (!CollectionUtils.isEmpty(appIds)) {
            this.cacService.batchUpdateAuthorization(tenant.getId(), str, appIds, new ArrayList());
        }
        if (StringUtils.hasLength(roleId)) {
            long sidByTenantAndId = this.roleCrudService.getSidByTenantAndId(tenant.getSid(), roleId);
            if (sidByTenantAndId <= 0 || this.userInRoleCrudService.findByUnionKey(tenant.getSid(), user.getSid(), sidByTenantAndId) != null) {
                return;
            }
            this.userInRoleService.addUsersInRole(Long.valueOf(sidByTenantAndId), Collections.singletonList(Long.valueOf(user.getSid())), tenant.getSid());
        }
    }

    @Override // com.digiwin.dap.middleware.iam.service.user.UserService
    public void reassignAdmin(ReassignAdminVO reassignAdminVO) {
        long tenantSid = UserUtils.getTenantSid();
        Tenant findBySid = this.tenantCrudService.findBySid(tenantSid);
        if (findBySid == null) {
            throw new BusinessException(I18nError.TENANT_NOT_EXISTED, new Object[]{Long.valueOf(tenantSid)});
        }
        Role findByTenantSidAndId = this.roleCrudService.findByTenantSidAndId(tenantSid, "superadmin");
        if (findByTenantSidAndId == null) {
            throw new BusinessException("没有管理员角色");
        }
        List<UserDataVO> userInTenantByIds = this.userMapper.getUserInTenantByIds(reassignAdminVO.getUserIds(), Collections.singletonList(findBySid.getId()));
        if (userInTenantByIds.isEmpty()) {
            throw new BusinessException(String.format("用户%s不存在或不在租户[%s]下,不能移转", Strings.join(reassignAdminVO.getUserIds(), ','), findBySid.getId()));
        }
        ArrayList arrayList = new ArrayList();
        for (UserDataVO userDataVO : userInTenantByIds) {
            Association association = new Association();
            association.setTenantSid(tenantSid);
            association.setRoleSid(findByTenantSidAndId.getSid());
            association.setUserSid(userDataVO.getUserSid().longValue());
            if (this.userInRoleCrudService.findByUnionKey(tenantSid, userDataVO.getUserSid().longValue(), findByTenantSidAndId.getSid()) == null) {
                arrayList.add(association);
            }
        }
        this.userInRoleCrudService.insertAll(arrayList);
        User findBySid2 = this.userCrudService.findBySid(findBySid.getOwnerUserSid());
        if (findBySid2 == null) {
            log.error(String.format("租户%s的创建者[%s]不存在", findBySid.getId(), Long.valueOf(findBySid.getOwnerUserSid())));
            findBySid.setOwnerUserSid(userInTenantByIds.get(0).getUserSid().longValue());
            EntityUtils.setModifyFields(findBySid);
            this.tenantRepository.save(findBySid);
            return;
        }
        if (findBySid2.getSid() != UserUtils.getUserSid()) {
            log.error(String.format("当前用户%s非租户%的创建者[%s],没有权限移转", UserUtils.getUserId(), findBySid.getId(), findBySid2.getId()));
            return;
        }
        this.userInRoleCrudService.deleteByUnionKey(tenantSid, findBySid2.getSid(), findByTenantSidAndId.getSid());
        findBySid.setOwnerUserSid(userInTenantByIds.get(0).getUserSid().longValue());
        EntityUtils.setModifyFields(findBySid);
        this.tenantRepository.save(findBySid);
        if (StringUtils.isEmpty(reassignAdminVO.getRoleId())) {
            return;
        }
        Role findByTenantSidAndId2 = this.roleCrudService.findByTenantSidAndId(tenantSid, reassignAdminVO.getRoleId());
        if (findByTenantSidAndId2 == null) {
            throw new BusinessException(String.format("没有角色%s", reassignAdminVO.getRoleId()));
        }
        BaseEntity association2 = new Association();
        association2.setTenantSid(tenantSid);
        association2.setRoleSid(findByTenantSidAndId2.getSid());
        association2.setUserSid(findBySid2.getSid());
        if (this.userInRoleCrudService.findByUnionKey(tenantSid, findBySid2.getSid(), findByTenantSidAndId2.getSid()) != null) {
            return;
        }
        this.userInRoleCrudService.create(association2);
    }

    @Override // com.digiwin.dap.middleware.iam.service.user.UserService
    public void renewPassword() {
        BaseEntity baseEntity = (User) this.userCrudService.findBySid(UserUtils.getUserSid());
        if (baseEntity != null) {
            baseEntity.setChanged(true);
            this.userCrudService.update(baseEntity);
        }
    }

    @Override // com.digiwin.dap.middleware.iam.service.user.UserService
    public CheckPasswordVO checkPasswordChange() {
        CheckPasswordVO checkPasswordVO = new CheckPasswordVO();
        boolean z = false;
        String str = IamConstants.EMPTY;
        String str2 = IamConstants.EMPTY;
        if (User.isADAccount(UserUtils.getUserId())) {
            return checkPasswordVO;
        }
        User findBySid = this.userCrudService.findBySid(UserUtils.getUserSid());
        int fetchPasswordLifeSpan = fetchPasswordLifeSpan();
        if (!findBySid.isChanged()) {
            z = true;
            str2 = "default";
            str = I18nCode.USER_PW_DEFAULT.getMessage();
        } else if (findBySid.getPwDate().plusMonths(fetchPasswordLifeSpan).isBefore(LocalDateTime.now())) {
            z = true;
            str2 = "overdue";
            str = I18nUtils.getMessage(I18nCode.USER_PW_OVERDUE.getCode(), new Object[]{Integer.valueOf(fetchPasswordLifeSpan)});
        }
        if (z) {
            checkPasswordVO.setChangeRequired(true);
            checkPasswordVO.setPwChangeNotification(str);
            checkPasswordVO.setPwChangeType(str2);
        }
        return checkPasswordVO;
    }

    @Override // com.digiwin.dap.middleware.iam.service.user.UserService
    public UserInfo getCurrentInfo(AuthoredUser authoredUser, boolean z) {
        User findBySid = this.userCrudService.findBySid(authoredUser.getSid());
        if (null == findBySid) {
            findBySid = (User) this.userCrudService.findById(authoredUser.getUserId());
        }
        if (null == findBySid) {
            throw new BusinessException(I18nError.USER_NOT_EXIST, new Object[]{authoredUser.getUserId()});
        }
        EmpInfoVO empInfoVO = null;
        if (z) {
            if (0 == authoredUser.getTenantSid()) {
                throw new BusinessException(IamConstants.EMPTY);
            }
            empInfoVO = this.remoteEocService.getEmpByTenantAndUserId(Long.valueOf(authoredUser.getTenantSid()), authoredUser.getUserId());
        }
        return new UserInfo(findBySid, empInfoVO);
    }

    public int fetchPasswordLifeSpan() {
        int fetchPasswordLifeSpanByTenant = fetchPasswordLifeSpanByTenant();
        return fetchPasswordLifeSpanByTenant > 0 ? fetchPasswordLifeSpanByTenant : fetchPasswordByOMConfig();
    }

    private int fetchPasswordLifeSpanByTenant() {
        String tenantMetadataValue = this.tenantMetadataCrudService.getTenantMetadataValue(UserUtils.getTenantSid(), "basic", IamConstants.PASSWORDSPAN_KEY);
        int i = 0;
        if (!StringUtils.isEmpty(tenantMetadataValue)) {
            try {
                i = Integer.parseInt(tenantMetadataValue);
            } catch (Exception e) {
                log.error("parse password span error", e);
            }
        }
        return i;
    }

    private int fetchPasswordByOMConfig() {
        List selectDictDataList;
        int i = 6;
        try {
            DictDataDTO dictDataDTO = new DictDataDTO();
            dictDataDTO.setDictId(IamConstants.PW_LIFESPAN_DICT_KEY);
            dictDataDTO.setDictKey(IamConstants.PW_LIFESPAN_DICT_KEY);
            selectDictDataList = this.dictDataService.selectDictDataList(dictDataDTO);
        } catch (Exception e) {
            log.error("fail to get password life span");
        }
        if (CollectionUtils.isEmpty(selectDictDataList)) {
            return 6;
        }
        i = Integer.parseInt(((DictData) selectDictDataList.get(0)).getDictValue());
        return i;
    }

    @Override // com.digiwin.dap.middleware.iam.service.user.UserService
    public List<EMCEmailContactDTO> queryEmailBySids(List<Long> list) {
        return CollectionUtils.isEmpty(list) ? new ArrayList() : this.userMapper.queryEmailBySids(list);
    }

    @Override // com.digiwin.dap.middleware.iam.service.user.UserService
    public List<EMCEmailContactDTO> queryEmailByIds(List<String> list) {
        return CollectionUtils.isEmpty(list) ? new ArrayList() : this.userMapper.queryEmailByIds(list);
    }

    @Override // com.digiwin.dap.middleware.iam.service.user.UserService
    public void updatePasswordForce(UpdatePasswordByIdVO updatePasswordByIdVO) {
        User findBySid = updatePasswordByIdVO.getSid() != 0 ? this.userCrudService.findBySid(updatePasswordByIdVO.getSid()) : (User) this.userCrudService.findById(updatePasswordByIdVO.getId());
        if (findBySid == null) {
            throw new BusinessException(I18nError.USER_NOT_EXIST);
        }
        String sha256 = DigestUtils.sha256(updatePasswordByIdVO.getNewPassword());
        updateInternalUserPassword(findBySid.getSid(), sha256);
        findBySid.setPassword(sha256);
        findBySid.setChanged(false);
        this.userCrudService.update(findBySid);
    }

    private void updateInternalUserPassword(long j, String str) {
        for (Tenant tenant : this.tenantCrudService.queryTenantByOwnerUserSid(j)) {
            BaseEntity baseEntity = (User) this.userCrudService.findById(tenant.getId() + "@integration");
            if (baseEntity != null) {
                baseEntity.setPassword(str);
                baseEntity.setChanged(true);
                this.userCrudService.update(baseEntity);
            }
            BaseEntity baseEntity2 = (User) this.userCrudService.findById(tenant.getId() + "@superadmin");
            if (baseEntity2 != null) {
                baseEntity2.setPassword(str);
                baseEntity2.setChanged(true);
                this.userCrudService.update(baseEntity2);
            }
        }
    }

    @Override // com.digiwin.dap.middleware.iam.service.user.UserService
    public void unfreezeInternal(InternalUserUnfreezeVO internalUserUnfreezeVO) {
        Tenant findBySid = this.tenantCrudService.findBySid(UserUtils.getTenantSid());
        if (findBySid == null || !ObjectUtils.nullSafeEquals(findBySid.getId(), User.getTenantIdOfEnterpriseUser(internalUserUnfreezeVO.getId()))) {
            throw new BusinessException(I18nError.APP_PERMISSION_ERROR);
        }
        this.loginFailureHandlingService.unfreeze(internalUserUnfreezeVO.getId());
    }

    @Override // com.digiwin.dap.middleware.iam.service.user.UserService
    public void updateInviteHistory(Long l, Long l2) {
        Optional.ofNullable(l2).ifPresent(l3 -> {
            InvitedUserHistory invitedUserHistory = (InvitedUserHistory) this.invitedUserHistoryCrudService.findBySid(l3.longValue());
            if (invitedUserHistory != null && invitedUserHistory.getUserSid().longValue() == -1 && Boolean.FALSE.equals(invitedUserHistory.getUsed())) {
                invitedUserHistory.setUserSid(l);
                invitedUserHistory.setUsed(true);
                invitedUserHistory.setMode("userId");
                this.invitedUserHistoryCrudService.update(invitedUserHistory);
            }
        });
    }

    @Override // com.digiwin.dap.middleware.iam.service.user.UserService
    public void syncAdObject(Tenant tenant, TenantMetadataLdapVO tenantMetadataLdapVO, AuthoredUser authoredUser, boolean z) {
        if (ObjectUtils.isEmpty(tenantMetadataLdapVO.getUrl()) || ObjectUtils.isEmpty(tenantMetadataLdapVO.getAdminAccount()) || ObjectUtils.isEmpty(tenantMetadataLdapVO.getAdminPassword()) || ObjectUtils.isEmpty(tenantMetadataLdapVO.getBaseDn()) || ObjectUtils.isEmpty(tenantMetadataLdapVO.getUserLoginAttr())) {
            logger.info("租户{}的AD域参数补全，退出 {} <<<---", tenant.getId(), tenantMetadataLdapVO);
            return;
        }
        AuthoredUser authoredUser2 = getAuthoredUser(tenant, authoredUser);
        syncAdUser(tenant, tenantMetadataLdapVO, authoredUser2, true, z);
        if (z) {
            List<AdOu> listAdOu = this.ldapService.listAdOu(tenantMetadataLdapVO.getUrl(), tenantMetadataLdapVO.getAdminAccount(), AES.decrypt(tenantMetadataLdapVO.getAdminPassword(), KeyConstant.WECHAT_UNION_ID), BooleanStrEnum.TRUE.getValue().equals(tenantMetadataLdapVO.getSslEnabled()), tenantMetadataLdapVO.getBaseDn(), tenantMetadataLdapVO);
            logger.info("同步租户{}的AD组织，size={}", tenant.getId(), Integer.valueOf(listAdOu.size()));
            if (!listAdOu.isEmpty()) {
                this.remoteEocService.syncAdOu(new AdTenantInfoDTO(StringUtil.getAdCompanyId(null, listAdOu.get(0)), null, listAdOu), authoredUser2.getToken());
            }
            this.dapTaskExecutor.execute(() -> {
                syncAdUser(tenant, tenantMetadataLdapVO, authoredUser2, false, true);
            });
        }
    }

    public void syncAdUser(Tenant tenant, TenantMetadataLdapVO tenantMetadataLdapVO, AuthoredUser authoredUser, boolean z, boolean z2) {
        if (!z) {
            try {
                Thread.sleep(60000L);
            } catch (InterruptedException e) {
                logger.warn("Interrupted!", e);
                Thread.currentThread().interrupt();
            }
        }
        LdapContext connect = this.ldapService.connect(tenantMetadataLdapVO.getUrl(), tenantMetadataLdapVO.getAdminAccount(), AES.decrypt(tenantMetadataLdapVO.getAdminPassword(), KeyConstant.WECHAT_UNION_ID), BooleanStrEnum.TRUE.getValue().equals(tenantMetadataLdapVO.getSslEnabled()));
        ArrayList arrayList = new ArrayList(1);
        arrayList.add(null);
        int i = 0;
        String str = null;
        do {
            try {
                try {
                    List<AdUser> listAdUserPage = this.ldapService.listAdUserPage(connect, tenantMetadataLdapVO.getBaseDn(), tenantMetadataLdapVO, LdapConstants.PAGE_SIZE, arrayList);
                    i += listAdUserPage.size();
                    if (!listAdUserPage.isEmpty()) {
                        if (z) {
                            logger.info("同步租户{}的AD用户，pageSize={}，size={}", new Object[]{tenant.getId(), Integer.valueOf(LdapConstants.PAGE_SIZE), Integer.valueOf(listAdUserPage.size())});
                            Iterator<AdUser> it = listAdUserPage.iterator();
                            while (it.hasNext()) {
                                syncAdUser(tenant, authoredUser, it.next());
                            }
                        }
                        if (z2) {
                            str = StringUtil.getAdCompanyId(str, listAdUserPage.get(0));
                            logger.info("同步租户{}的AD用户 -> EOC员工，pageSize={}，size={}", new Object[]{tenant.getId(), Integer.valueOf(LdapConstants.PAGE_SIZE), Integer.valueOf(listAdUserPage.size())});
                            this.remoteEocService.syncAdUser(new AdTenantInfoDTO(str, listAdUserPage, null), authoredUser.getToken());
                        }
                    }
                } finally {
                    if (connect != null) {
                        try {
                            connect.close();
                        } catch (NamingException e2) {
                        }
                    }
                }
            } catch (Exception e3) {
                throw new BusinessException(e3);
            }
        } while (arrayList.get(0) != null);
        logger.info("同步租户{}的AD用户，总量total={}", tenant.getId(), Integer.valueOf(i));
    }

    private void syncAdUser(Tenant tenant, AuthoredUser authoredUser, AdUser adUser) {
        boolean z = false;
        String format = String.format("%s$%s", tenant.getId(), adUser.getId());
        User user = (User) this.userCrudService.findById(format);
        if (user != null) {
            z = updateUser(tenant, authoredUser, adUser, user, false);
        } else {
            if (Boolean.TRUE.equals(adUser.getDisabled())) {
                logger.info("AD用户[{}]状态{}停用，跳过创建...", adUser.getId(), adUser.getUserAccountControl());
                return;
            }
            user = createUser(adUser, format, tenant);
        }
        if (this.userInTenantCrudService.findByUnionKey(tenant.getSid(), user.getSid()) == null) {
            UserInTenant userInTenant = new UserInTenant();
            userInTenant.setUserSid(user.getSid());
            userInTenant.setTenantSid(tenant.getSid());
            userInTenant.setDisabled(z);
            this.userInTenantCrudService.create(userInTenant);
            logger.info("AD域用户[{}]加入租户成功...", format);
        }
    }

    private boolean updateUser(Tenant tenant, AuthoredUser authoredUser, AdUser adUser, User user, boolean z) {
        UserInTenant findByUnionKey = this.userInTenantCrudService.findByUnionKey(tenant.getSid(), user.getSid());
        if (!Boolean.TRUE.equals(adUser.getDisabled())) {
            updateUser(adUser, user);
            if (findByUnionKey != null && findByUnionKey.isDisabled()) {
                this.tenantRelationWithUserService.enableTenantUser(user, authoredUser);
                logger.info("AD域用户[{}]启用成功...", user.getId());
            }
        } else if (findByUnionKey == null) {
            z = true;
        } else if (!findByUnionKey.isDisabled()) {
            this.tenantRelationWithUserService.disableTenantUser(user, authoredUser);
            logger.info("AD域用户[{}]禁用成功...", user.getId());
        }
        return z;
    }

    private void updateUser(AdUser adUser, User user) {
        boolean z = false;
        String name = adUser.getName();
        String telephoneNumber = adUser.getTelephoneNumber() != null ? adUser.getTelephoneNumber() : null;
        if (!Objects.equals(user.getName(), name)) {
            user.setName(name);
            z = true;
        }
        if (!Objects.equals(user.getNickname(), adUser.getDisplayName())) {
            user.setNickname(adUser.getDisplayName());
            z = true;
        }
        if (!Objects.equals(user.getTelephone(), telephoneNumber)) {
            user.setTelephone(telephoneNumber);
            z = true;
        }
        if (!Objects.equals(user.getEmail(), adUser.getMail())) {
            user.setEmail(adUser.getMail());
        }
        if (!IdentityType.ad.name().equals(user.getComeFrom())) {
            user.setComeFrom(IdentityType.ad.name());
            z = true;
        }
        if (z) {
            this.userCrudService.update(user);
            logger.info("AD域用户更新成功{}", adUser);
        }
    }

    @NotNull
    private User createUser(AdUser adUser, String str, Tenant tenant) {
        BaseEntity user = new User();
        user.setName(adUser.getName());
        user.setNickname(adUser.getDisplayName());
        user.setTelephone(adUser.getTelephoneNumber() != null ? adUser.getTelephoneNumber() : null);
        user.setPhone(adUser.getMobile());
        user.setEmail(adUser.getMail());
        user.setId(str);
        user.setPassword(this.iamPasswordEncoder.encode(tenant.getId() + IamConstants.DEFAULT_PASSWORD));
        user.setActivated(true);
        user.setChanged(true);
        user.setComeFrom(IdentityType.ad.name());
        user.setType(Integer.valueOf(UserTypeEnum.INTERNAL.ordinal()));
        user.setEnterprise(true);
        this.userCrudService.create(user);
        logger.info("AD域用户创建成功{}", adUser);
        return user;
    }

    private AuthoredUser getAuthoredUser(Tenant tenant, AuthoredUser authoredUser) {
        if (authoredUser != null) {
            return authoredUser;
        }
        LoginUser loginUser = new LoginUser();
        loginUser.setTenantId(tenant.getId());
        loginUser.setUserId(IamConstants.INTEGRATION);
        loginUser.setPasswordHash(this.envProperties.getIntegrationPasswordHash());
        loginUser.setIdentityType(IdentityType.internal);
        return this.internalIdentityService.login(loginUser);
    }

    @Override // com.digiwin.dap.middleware.iam.service.user.UserService
    public void modUser(ModUserVO modUserVO) {
        User findBySid = this.userCrudService.findBySid(modUserVO.getUserSid().longValue());
        Optional.ofNullable(findBySid).ifPresent(user -> {
            if (modUserVO.getDoubleCheck() != null) {
                user.setDoubleCheck(modUserVO.getDoubleCheck());
            }
            if (modUserVO.getIdentityCodeAcceptType() != null) {
                user.setIdentityCodeAcceptType(modUserVO.getIdentityCodeAcceptType());
            }
            if (StringUtils.hasLength(modUserVO.getUserName())) {
                user.setName(modUserVO.getUserName());
            }
            this.userCrudService.update(findBySid);
        });
    }

    @Override // com.digiwin.dap.middleware.iam.service.user.UserService
    @Transactional
    public void deleteUser(String str, String str2, String str3) {
        User user = (User) this.userRepository.findById(str);
        if (Objects.isNull(user)) {
            throw new BusinessException(I18nError.USER_NOT_EXIST, new Object[]{str});
        }
        UserDeregisterRecord userDeregisterRecord = new UserDeregisterRecord();
        userDeregisterRecord.setUserSid(user.getSid());
        userDeregisterRecord.setUserId(str);
        userDeregisterRecord.setUserData(JsonUtils.objToJson(user));
        userDeregisterRecord.setRemark(str3);
        userDeregisterRecord.setOperatorId(str2);
        userDeregisterRecord.setOperateDate(LocalDateTime.now());
        List<UserInTenantVO> listUserInTenant = this.userInTenantMapper.listUserInTenant(new UserInTenantSimpleDTO(Long.valueOf(user.getSid()), null));
        List list = (List) listUserInTenant.stream().filter(userInTenantVO -> {
            return Boolean.FALSE.equals(userInTenantVO.getDisabled()) && !TenantEnterpriseTypeEnum.INDIVIDUAL_TENANT.getValue().equals(userInTenantVO.getEnterpriseType());
        }).collect(Collectors.toList());
        if (!list.isEmpty()) {
            throw new BusinessException(I18nError.IAM_USER_TENANT_EXISTED, new Object[]{str, list.stream().map((v0) -> {
                return v0.getTenantId();
            }).collect(Collectors.joining(","))});
        }
        List list2 = (List) listUserInTenant.stream().filter(userInTenantVO2 -> {
            return Boolean.TRUE.equals(userInTenantVO2.getDisabled()) && !TenantEnterpriseTypeEnum.INDIVIDUAL_TENANT.getValue().equals(userInTenantVO2.getEnterpriseType());
        }).collect(Collectors.toList());
        if (!list2.isEmpty()) {
            throw new BusinessException(I18nError.IAM_USER_TENANT_DISABLED_EXISTED, new Object[]{str, list2.stream().map((v0) -> {
                return v0.getTenantId();
            }).collect(Collectors.joining(","))});
        }
        List<UserInTenantVO> list3 = (List) listUserInTenant.stream().filter(userInTenantVO3 -> {
            return TenantEnterpriseTypeEnum.INDIVIDUAL_TENANT.getValue().equals(userInTenantVO3.getEnterpriseType());
        }).collect(Collectors.toList());
        if (this.envProperties.isCloud()) {
            for (UserInTenantVO userInTenantVO4 : list3) {
                if (this.omcService.getOrdersByTenantId(userInTenantVO4.getTenantId()).getTotal() > 0) {
                    throw new BusinessException(I18nError.IAM_USER_TENANT_ORDER_UNPAID_EXISTED, new Object[]{str, userInTenantVO4.getTenantId()});
                }
            }
        }
        if (!list3.isEmpty()) {
            logger.warn("用户[{}]存在个人租户[{}]，进行退出、删除...", str, (String) list3.stream().map((v0) -> {
                return v0.getTenantId();
            }).collect(Collectors.joining(",")));
        }
        Iterator it = list3.iterator();
        while (it.hasNext()) {
            Tenant tenant = (Tenant) this.tenantRepository.findById(((UserInTenantVO) it.next()).getTenantId());
            this.userInTenantOperationService.exitTenant(Long.valueOf(tenant.getSid()), user);
            this.tenantService.delete(tenant);
        }
        this.commonCacheService.deleteUserCacheBySid(user.getSid());
        this.userCrudService.deleteById(user.getSid());
        this.invitedUserHistoryCrudService.deleteInvitedUserHistoryByUserSid(Long.valueOf(user.getSid()));
        this.policyCascadeDeleteService.deleteUser(user.getSid());
        this.cacService.batchDeleteUserAuthorization(str);
        this.userDeregisterRecordRepository.save(userDeregisterRecord);
    }

    @Override // com.digiwin.dap.middleware.iam.service.user.UserService
    @Transactional
    public void createAd(String str, String str2) {
        if (str.toLowerCase().endsWith(IamConstants.DEFAULT_EMAIL) && ((User) this.userCrudService.findById(str)) == null) {
            BaseEntity user = new User();
            user.setId(str);
            user.setName(str2);
            user.setEmail(str);
            user.setPassword(DigestUtils.sha256("default"));
            user.setActivated(true);
            user.setComeFrom(IamConstants.DIGIWIN_APP_AD);
            user.setType(UserTypeEnum.NORMAL.getCode());
            user.setChanged(true);
            user.setAgreeAgreement(true);
            this.userCrudService.create(user);
            Tenant tenant = (Tenant) this.tenantCrudService.findById(IamConstants.DIGIWIN_TENANT_ID);
            if (this.userInTenantCrudService.findByUnionKey(tenant.getSid(), user.getSid()) == null) {
                this.userInTenantCrudService.create(new UserInTenant(user.getSid(), tenant.getSid()));
            }
        }
    }
}
