package kd.bos.openapi.base.security.gate.impl;

import java.util.Iterator;
import java.util.List;
import kd.bos.dataentity.resource.ResManager;
import kd.bos.logging.Log;
import kd.bos.logging.LogFactory;
import kd.bos.openapi.base.acl.IplimitManager;
import kd.bos.openapi.base.model.IpconfigSenseEnum;
import kd.bos.openapi.base.model.IpinfoModel;
import kd.bos.openapi.base.util.ThirdAppSecurityUtil;
import kd.bos.openapi.common.constant.ApiErrorCode;
import kd.bos.openapi.common.constant.ResSystemType;
import kd.bos.openapi.common.exception.OpenApiException;
import kd.bos.openapi.common.model.IpTypeEnum;
import kd.bos.openapi.common.util.IPWhiteListUtil;
import kd.bos.openapi.common.util.StringUtil;
import kd.bos.openapi.security.ApiGateService;
import kd.bos.openapi.security.model.ApiIpInfoDto;
import kd.bos.service.authorize.model.ApiCommonResult;

/* loaded from: input_file:kd/bos/openapi/base/security/gate/impl/ApiGateServiceImpl.class */
public class ApiGateServiceImpl implements ApiGateService {
    private static Log log = LogFactory.getLog(ApiGateServiceImpl.class);

    public ApiCommonResult checkIP(ApiIpInfoDto apiIpInfoDto) {
        String ip = apiIpInfoDto.getIp();
        if (IPWhiteListUtil.LOCAL_IP_127.equals(ip) || IPWhiteListUtil.LOCAL_IP.equals(ip)) {
            return ApiCommonResult.getSuccessResult("0", ResManager.loadKDString("本地开发直接返回", "ApiAuthServiceImpl_1", ResSystemType.BASE.getType(), new Object[0]));
        }
        if (StringUtil.isEmpty(ip)) {
            return ApiCommonResult.getFailResult(ApiErrorCode.Data_Invalid.getStatusCode(), String.format(ResManager.loadKDString("%s 参数为空", "ApiAuthServiceImpl_2", ResSystemType.BASE.getType(), new Object[0]), "IP"));
        }
        if (StringUtil.isEmpty(apiIpInfoDto.getThirdAppNumber()) && apiIpInfoDto.getThirdId() == null) {
            return ApiCommonResult.getFailResult(ApiErrorCode.Data_Invalid.getStatusCode(), String.format(ResManager.loadKDString("%s 参数不能同时为空", "ApiAuthServiceImpl_2", ResSystemType.BASE.getType(), new Object[0]), "thirdAppNumber and ThirdId"));
        }
        IpinfoModel ipInfoModelFromCacheByAccountId = IplimitManager.getIpInfoModelFromCacheByAccountId((StringUtil.isNotEmpty(apiIpInfoDto.getThirdAppNumber()) ? ThirdAppSecurityUtil.getThirdIdByNum(apiIpInfoDto.getThirdAppNumber(), apiIpInfoDto.getAccountId()) : apiIpInfoDto.getThirdId()).toString(), apiIpInfoDto.getAccountId());
        if (ipInfoModelFromCacheByAccountId.isNoLimitAccess()) {
            return ApiCommonResult.getSuccessResult("0", ResManager.loadKDString("允许全部IP访问", "ApiAuthServiceImpl_1", ResSystemType.BASE.getType(), new Object[0]));
        }
        String str = ip;
        if (ip.contains(IPWhiteListUtil.LOCAL_IP_127)) {
            str = ip.replaceAll(IPWhiteListUtil.LOCAL_IP_127, "");
        }
        List allIpLIst = IPWhiteListUtil.getAllIpLIst(ip);
        String str2 = allIpLIst.size() > 0 ? (String) allIpLIst.get(0) : "";
        IpTypeEnum ipType = IPWhiteListUtil.getIpType(str2);
        if (ipType != null && IpTypeEnum.IPV6 == ipType) {
            return ipv6CheckIP(ipInfoModelFromCacheByAccountId, str2);
        }
        boolean z = false;
        if (IpconfigSenseEnum.NO_CONFIG.getSense() == ipInfoModelFromCacheByAccountId.getSense()) {
            throw new OpenApiException(ApiErrorCode.HTTP_FORBIDDEN, String.format("Client's IP: %s is not allow access.", str), new Object[0]);
        }
        if (IpconfigSenseEnum.WHITE.getSense() == ipInfoModelFromCacheByAccountId.getSense()) {
            Iterator it = allIpLIst.iterator();
            while (it.hasNext()) {
                z = IPWhiteListUtil.checkIp(((String) it.next()).trim(), ipInfoModelFromCacheByAccountId.getMapList());
                if (z) {
                    break;
                }
            }
            if (!z) {
                throw new OpenApiException(ApiErrorCode.HTTP_FORBIDDEN, String.format("Client's IP: %s is not in white IP list", str), new Object[0]);
            }
        } else if (IpconfigSenseEnum.BLACK.getSense() == ipInfoModelFromCacheByAccountId.getSense()) {
            Iterator it2 = allIpLIst.iterator();
            while (it2.hasNext()) {
                z = IPWhiteListUtil.checkIp(((String) it2.next()).trim(), ipInfoModelFromCacheByAccountId.getMapBlackList());
                if (z) {
                    break;
                }
            }
            if (z) {
                throw new OpenApiException(ApiErrorCode.HTTP_FORBIDDEN, String.format("Client's IP: %s is in black IP list", str), new Object[0]);
            }
        } else {
            if (IpconfigSenseEnum.WHITE_AND_BLACK.getSense() != ipInfoModelFromCacheByAccountId.getSense()) {
                throw new OpenApiException(ApiErrorCode.HTTP_FORBIDDEN, String.format("This client IP check's sense: %s cannot to be support, please check it.", Integer.valueOf(ipInfoModelFromCacheByAccountId.getSense())), new Object[0]);
            }
            Iterator it3 = allIpLIst.iterator();
            while (it3.hasNext()) {
                z = IPWhiteListUtil.checkIp(((String) it3.next()).trim(), ipInfoModelFromCacheByAccountId.getMapList());
                if (z) {
                    break;
                }
            }
            if (!z) {
                Iterator it4 = allIpLIst.iterator();
                while (it4.hasNext()) {
                    z = IPWhiteListUtil.checkIp(((String) it4.next()).trim(), ipInfoModelFromCacheByAccountId.getMapBlackList());
                    if (z) {
                        break;
                    }
                }
                if (z) {
                    throw new OpenApiException(ApiErrorCode.HTTP_FORBIDDEN, String.format("Client's IP: %s is in black IP list", str), new Object[0]);
                }
            }
        }
        return ApiCommonResult.getSuccessResult("0", "OK");
    }

    private ApiCommonResult ipv6CheckIP(IpinfoModel ipinfoModel, String str) {
        if (IpconfigSenseEnum.NO_CONFIG.getSense() == ipinfoModel.getIpv6Sense()) {
            throw new OpenApiException(ApiErrorCode.HTTP_FORBIDDEN, String.format("Client's IP: %s is not allow access.", str), new Object[0]);
        }
        if (IpconfigSenseEnum.WHITE.getSense() == ipinfoModel.getIpv6Sense()) {
            if (!IPWhiteListUtil.checkIpv6(str, ipinfoModel.getMapIPv6WhiteList())) {
                throw new OpenApiException(ApiErrorCode.HTTP_FORBIDDEN, String.format("Client's IP: %s is not in white IP list", str), new Object[0]);
            }
        } else if (IpconfigSenseEnum.BLACK.getSense() == ipinfoModel.getIpv6Sense()) {
            if (IPWhiteListUtil.checkIpv6(str, ipinfoModel.getMapIPv6BlackList())) {
                throw new OpenApiException(ApiErrorCode.HTTP_FORBIDDEN, String.format("Client's IP: %s is in black IP list", str), new Object[0]);
            }
        } else {
            if (IpconfigSenseEnum.WHITE_AND_BLACK.getSense() != ipinfoModel.getIpv6Sense()) {
                throw new OpenApiException(ApiErrorCode.HTTP_FORBIDDEN, String.format("This client IP check's sense: %s cannot to be support, please check it.", Integer.valueOf(ipinfoModel.getSense())), new Object[0]);
            }
            if (!IPWhiteListUtil.checkIpv6(str, ipinfoModel.getMapIPv6WhiteList()) && IPWhiteListUtil.checkIpv6(str, ipinfoModel.getMapIPv6BlackList())) {
                throw new OpenApiException(ApiErrorCode.HTTP_FORBIDDEN, String.format("Client's IP: %s is in black IP list", str), new Object[0]);
            }
        }
        return ApiCommonResult.getSuccessResult("0", "OK");
    }
}
