package kd.bos.openapi.base.security.auth.impl;

import java.util.Map;
import kd.bos.dataentity.resource.ResManager;
import kd.bos.encrypt.EncrypterFactory;
import kd.bos.logging.Log;
import kd.bos.logging.LogFactory;
import kd.bos.openapi.base.security.api.impl.ApiSecurityFactory;
import kd.bos.openapi.base.security.auth.AuthCheckService;
import kd.bos.openapi.base.util.ThirdAppSecurityUtil;
import kd.bos.openapi.common.constant.ApiErrorCode;
import kd.bos.openapi.common.constant.ResSystemType;
import kd.bos.openapi.common.exception.OpenApiException;
import kd.bos.openapi.common.util.StringUtil;
import kd.bos.openapi.kcf.spi.OpenApiServiceManager;
import kd.bos.openapi.security.model.BaseAuthInfoDto;
import kd.bos.openapi.security.model.Open3rdappsDto;
import kd.bos.service.authorize.model.AuthInfo;
import kd.bos.service.authorize.model.AuthResult;
import kd.bos.service.authorize.model.JwtInfo;

/* loaded from: input_file:kd/bos/openapi/base/security/auth/impl/JwtAuthCheckServiceImpl.class */
public class JwtAuthCheckServiceImpl implements AuthCheckService {
    private static final Log log = LogFactory.getLog(JwtAuthCheckServiceImpl.class);

    @Override // kd.bos.openapi.base.security.auth.AuthCheckService
    public AuthResult doAuthCheck(AuthInfo authInfo) {
        if (authInfo == null || authInfo.getJwtInfo() == null) {
            return AuthResult.fail(ResManager.loadKDString("认证不通过，参数为空", "JwtAuthCheckServiceImpl_0", ResSystemType.BASE.getType(), new Object[0]));
        }
        JwtInfo jwtInfo = authInfo.getJwtInfo();
        BaseAuthInfoDto baseAuthInfoDto = null;
        if (authInfo.isCommonAuth()) {
            if (StringUtil.isEmpty(authInfo.getAccessKey())) {
                return AuthResult.fail(ResManager.loadKDString("认证不通过，参数为空", "JwtAuthCheckServiceImpl_0", ResSystemType.BASE.getType(), new Object[0]));
            }
            baseAuthInfoDto = ThirdAppSecurityUtil.getBaseAuthInfoBySign(authInfo.getAccountId(), EncrypterFactory.getEncrypter().encode(authInfo.getAccessKey()));
            authInfo.setUser(baseAuthInfoDto.getAgentUserId().toString());
            jwtInfo.setThirdId(baseAuthInfoDto.getThirdId());
            jwtInfo.setThirdAppNumber(baseAuthInfoDto.getThirdNumber());
        }
        try {
            Map map = (Map) ApiSecurityFactory.getSignService().versifyJWTToken(jwtInfo);
            if (map == null) {
                return AuthResult.fail(ResManager.loadKDString("认证不通过，用户信息为空", "JwtAuthCheckServiceImpl_1", ResSystemType.BASE.getType(), new Object[0]));
            }
            AuthResult authResult = new AuthResult();
            authResult.setStatus(true);
            authResult.setUserInfo(map);
            if (!authInfo.isCommonAuth()) {
                Open3rdappsDto thirdAppDtoByNum = OpenApiServiceManager.getOpenApiAuthService().getThirdAppDtoByNum(authInfo.getJwtInfo().getThirdAppNumber(), authInfo.getJwtInfo().getAccountId());
                if (thirdAppDtoByNum == null || thirdAppDtoByNum.getFid() == null) {
                    return AuthResult.fail(ResManager.loadKDString("第三方应用ID为空", "JwtAuthCheckServiceImpl_2", ResSystemType.BASE.getType(), new Object[0]));
                }
                authResult.setThirdAppNumber(thirdAppDtoByNum.getNumber());
                authResult.setThirdId(thirdAppDtoByNum.getFid());
            } else {
                if (baseAuthInfoDto == null || baseAuthInfoDto.getThirdId() == null) {
                    return AuthResult.fail(ResManager.loadKDString("第三方应用ID为空", "JwtAuthCheckServiceImpl_2", ResSystemType.BASE.getType(), new Object[0]));
                }
                authResult.setThirdAppNumber(baseAuthInfoDto.getThirdNumber());
                authResult.setThirdId(baseAuthInfoDto.getThirdId());
            }
            return authResult;
        } catch (Exception e) {
            log.info("JWT failed:" + e.getMessage(), e);
            return AuthResult.fail(ResManager.loadKDString("认证不通过，认证失败", "JwtAuthCheckServiceImpl_1", ResSystemType.BASE.getType(), new Object[0]));
        }
    }

    public <T> String generateJWTToken(JwtInfo<T> jwtInfo) {
        if (OpenApiServiceManager.getOpenApiAuthService().getThirdAppDtoByNum(jwtInfo.getThirdAppNumber(), jwtInfo.getAccountId()).isJwtAuthEnable()) {
            return ApiSecurityFactory.getSignService().generateJWTToken(jwtInfo);
        }
        throw new OpenApiException(ApiErrorCode.Data_Invalid, "The thirdApp's JwtAuthEnable is false.", new Object[0]);
    }
}
