package kd.bos.openapi.base.security.auth.impl;

import kd.bos.dataentity.resource.ResManager;
import kd.bos.encrypt.EncrypterFactory;
import kd.bos.openapi.base.security.auth.AuthCheckService;
import kd.bos.openapi.base.util.ThirdAppSecurityUtil;
import kd.bos.openapi.common.constant.ApiErrorCode;
import kd.bos.openapi.common.constant.ResSystemType;
import kd.bos.openapi.common.exception.OpenApiException;
import kd.bos.openapi.common.util.CollectionUtil;
import kd.bos.openapi.common.util.StringUtil;
import kd.bos.openapi.security.model.BaseAuthInfoDto;
import kd.bos.openapi.security.model.Open3rdappsDto;
import kd.bos.service.authorize.model.AuthInfo;
import kd.bos.service.authorize.model.AuthResult;

/* loaded from: input_file:kd/bos/openapi/base/security/auth/impl/BasicAuthCheckServiceImpl.class */
public class BasicAuthCheckServiceImpl implements AuthCheckService {
    @Override // kd.bos.openapi.base.security.auth.AuthCheckService
    public AuthResult doAuthCheck(AuthInfo authInfo) {
        if (authInfo == null || StringUtil.isEmpty(authInfo.getAccessKey())) {
            return AuthResult.fail(ResManager.loadKDString("认证不通过，参数为空", "BasicAuthCheckServiceImpl_0", ResSystemType.BASE.getType(), new Object[0]));
        }
        BaseAuthInfoDto baseAuthInfoBySign = ThirdAppSecurityUtil.getBaseAuthInfoBySign(authInfo.getAccountId(), EncrypterFactory.getEncrypter().encode(authInfo.getAccessKey()));
        if (!baseAuthInfoBySign.isBasicAuth()) {
            return AuthResult.fail(ResManager.loadKDString("基本认证未开启，认证不通过，", "BasicAuthCheckServiceImpl_0", ResSystemType.BASE.getType(), new Object[0]));
        }
        Open3rdappsDto thirdByAccountAndAppId = ThirdAppSecurityUtil.getThirdByAccountAndAppId(authInfo.getAccountId(), baseAuthInfoBySign.getThirdNumber());
        if (thirdByAccountAndAppId == null) {
            throw new OpenApiException(ApiErrorCode.HTTP_UNAUTHORIZED, ResManager.loadKDString("第三方应用不存在或未启用。", "DigestAuthCheckServiceImpl_4", ResSystemType.BASE.getType(), new Object[0]), new Object[0]);
        }
        if (thirdByAccountAndAppId.isEnableAgency() && (CollectionUtil.isEmpty(thirdByAccountAndAppId.getAgentUserIdList()) || !thirdByAccountAndAppId.getAgentUserIdList().contains(baseAuthInfoBySign.getAgentUserId()))) {
            throw new OpenApiException(ApiErrorCode.HTTP_UNAUTHORIZED, ResManager.loadKDString("第三方应用未设置代理用户或用户不在该代理用户中。", "DigestAuthCheckServiceImpl_3", ResSystemType.BASE.getType(), new Object[0]), new Object[0]);
        }
        AuthResult authResult = new AuthResult();
        authResult.setThirdId(baseAuthInfoBySign.getThirdId());
        authResult.setThirdAppNumber(baseAuthInfoBySign.getThirdNumber());
        authResult.setAgentUserId(baseAuthInfoBySign.getAgentUserId());
        authResult.setStatus(baseAuthInfoBySign.isStatus());
        return authResult;
    }
}
