package kd.bos.mservice.auth.authorization;

import java.util.Map;
import kd.bos.bundle.BosRes;
import kd.bos.dc.utils.AccountUtils;
import kd.bos.mservice.auth.api.AuthContext;
import kd.bos.mservice.auth.api.AuthorizationService;
import kd.bos.mservice.auth.api.UserTokenAuthorization;
import kd.bos.mservice.auth.context.JWTAuthContext;
import kd.bos.mservice.auth.exception.AuthErrorCode;
import kd.bos.mservice.auth.exception.AuthException;
import kd.bos.mservice.auth.factory.JWTAlgorithmFactory;
import kd.bos.mservice.auth.util.AuthUtils;
import kd.bos.mservice.auth.util.JWTUtils;
import kd.bos.mservice.sdk.extension.SdkExtensionFactory;
import org.jetbrains.annotations.NotNull;

/* loaded from: input_file:kd/bos/mservice/auth/authorization/JWTAuthorizationServiceImpl.class */
public class JWTAuthorizationServiceImpl implements AuthorizationService {
    private static final SdkExtensionFactory<UserTokenAuthorization> userTokenAuthorizationSdkExtensionFactory = SdkExtensionFactory.getExtensionFacotry(UserTokenAuthorization.class);

    public boolean authorize(@NotNull AuthContext authContext) {
        Map<String, String> verifyJWT = JWTUtils.verifyJWT(JWTAlgorithmFactory.getAlgorithm(), ((JWTAuthContext) authContext).getJwtToken());
        if (authContext.isEnableUserTokenAuth() || !AuthUtils.isTianShuService()) {
            checkUserToken(verifyJWT);
            return true;
        }
        checkAccountInfo(verifyJWT);
        return true;
    }

    private void checkUserToken(Map<String, String> map) {
        String str = map.get("userAuthToken");
        String str2 = map.get("sourceAppNumber");
        String property = System.getProperty(str2 + ".usertokenauthtype", str2);
        if (!userTokenAuthorizationSdkExtensionFactory.existsExtension(property)) {
            throw new AuthException(AuthErrorCode.UNAUTHORIZED, new Object[]{BosRes.get("bos-mservice-auth", "authCheck6", "没有应用对应的用户验证器，应用：" + str2, new Object[0])});
        }
        ((UserTokenAuthorization) userTokenAuthorizationSdkExtensionFactory.getExtension(property)).doAuth(str);
    }

    private void checkAccountInfo(Map<String, String> map) {
        try {
            AccountUtils.getCorrectAccount(map.get("accountId"), map.get("tenantId"));
        } catch (Exception e) {
            throw new AuthException(e, AuthErrorCode.UNAUTHORIZED, new Object[]{BosRes.get("bos-mservice-auth", "authCheck4", "微服务鉴权不通过，不正确的租户信息。", new Object[0])});
        }
    }
}
