package kd.bos.openapi.base.security.api.impl;

import java.util.ArrayList;
import java.util.Base64;
import java.util.List;
import java.util.Map;
import kd.bos.context.RequestContext;
import kd.bos.dataentity.OperateOption;
import kd.bos.dataentity.SqlParameter;
import kd.bos.dataentity.entity.DynamicObject;
import kd.bos.dataentity.entity.DynamicObjectCollection;
import kd.bos.dataentity.resource.ResManager;
import kd.bos.db.DB;
import kd.bos.db.DBRoute;
import kd.bos.entity.operate.result.IOperateInfo;
import kd.bos.entity.operate.result.OperationResult;
import kd.bos.logging.Log;
import kd.bos.logging.LogFactory;
import kd.bos.login.user.LoginUserService;
import kd.bos.openapi.base.security.auth.impl.AuthHandleServiceFactory;
import kd.bos.openapi.base.util.LocalCacheUtil;
import kd.bos.openapi.base.util.ThirdAppSecurityUtil;
import kd.bos.openapi.common.constant.ApiErrorCode;
import kd.bos.openapi.common.constant.ResSystemType;
import kd.bos.openapi.common.exception.OpenApiException;
import kd.bos.openapi.common.util.CacheUtil;
import kd.bos.openapi.common.util.CollectionUtil;
import kd.bos.openapi.common.util.StringUtil;
import kd.bos.openapi.form.plugin.thirdapp.entity.StrategyTypeCodeEnum;
import kd.bos.openapi.kcf.context.OpenApiAuthContext;
import kd.bos.openapi.security.auth.OpenApiAuthService;
import kd.bos.openapi.security.model.Open3rdappsDto;
import kd.bos.openapi.security.model.SsoIpInfoDto;
import kd.bos.service.authorize.model.AccessTokenInfo;
import kd.bos.service.authorize.model.ApiCommonResult;
import kd.bos.service.authorize.model.AuthInfo;
import kd.bos.service.authorize.model.AuthResult;
import kd.bos.service.authorize.model.OAuth2Authentication;
import kd.bos.servicehelper.BusinessDataServiceHelper;
import kd.bos.servicehelper.operation.OperationServiceHelper;
import org.apache.commons.lang3.RandomUtils;

/* loaded from: input_file:kd/bos/openapi/base/security/api/impl/OpenApiAuthServiceImpl.class */
public class OpenApiAuthServiceImpl implements OpenApiAuthService {
    private static final Log log = LogFactory.getLog(OpenApiAuthServiceImpl.class);
    public static final String ENTITY_THIRD_APP = "third_app";
    public static final String ENTITY_SSOIP = "entity_ssoip";
    public static final String ENTITY_SUB_STRATEGY = "strategy";
    public static final String DOMAIN_IP = "domain_ip";
    public static final String STRATEGYTYPEID_ID = "strategytypeid_id";

    public AuthResult auth(AuthInfo authInfo) {
        AuthResult fail;
        String str = "traceId:";
        if (ApiSecurityFactory.isSecurityLogOpen()) {
            str = str + (RequestContext.get() == null ? RandomUtils.nextLong() + "" : RequestContext.get().getTraceId());
        }
        try {
            fail = AuthHandleServiceFactory.getInstance(authInfo.getAuthType()).doAuthCheck(authInfo);
        } catch (Exception e) {
            String str2 = str + " auth error:" + e.getMessage();
            log.error(str2, e);
            if (e instanceof OpenApiException) {
                throw e;
            }
            fail = AuthResult.fail(str2);
        }
        return fail;
    }

    public Long getThirdIdByNum(String str, String str2) {
        return ThirdAppSecurityUtil.getThirdIdByNum(str, str2);
    }

    public Open3rdappsDto getThirdAppDtoByNum(String str, String str2) {
        return ThirdAppSecurityUtil.getThirdByAccountAndThirdId(str2, ThirdAppSecurityUtil.getThirdIdByNum(str, str2));
    }

    public Map<String, String> getUserInfoByUserName(String str) {
        return LoginUserService.getErpUserInfoByUserName(OpenApiAuthContext.getContext().getCurrentCenter(), str, OpenApiAuthContext.getContext().getLang().getLangTag());
    }

    public String getAccountIdByToken(String str) {
        String str2 = str;
        if (str.startsWith("OPENAPIAUTH_")) {
            try {
                str2 = new String(Base64.getUrlDecoder().decode(str.substring("OPENAPIAUTH_".length())));
            } catch (Exception e) {
                throw new OpenApiException(ApiErrorCode.Data_Invalid, ResManager.loadKDString("无效Token，请检查。", "ApiTokenServiceImpl_18", ResSystemType.BASE.getType(), new Object[0]), new Object[0]);
            }
        }
        OAuth2Authentication oAuth2Authentication = new OAuth2Authentication();
        AccessTokenInfo accessTokenInfo = new AccessTokenInfo();
        accessTokenInfo.setToken(str2);
        oAuth2Authentication.setToken(accessTokenInfo);
        ApiCommonResult accountIdByToken = ApiSecurityFactory.getAccessTokenService().getAccountIdByToken(oAuth2Authentication);
        if (accountIdByToken != null && accountIdByToken.getStatus().booleanValue() && !StringUtil.isEmpty((String) accountIdByToken.getData())) {
            return (String) accountIdByToken.getData();
        }
        if (str2.indexOf("_") > 0) {
            return str2.substring(0, str2.indexOf("_"));
        }
        return null;
    }

    public DynamicObject updateSsoIpInfoByThirdAppNum(String str, List<String> list, boolean z) {
        if (CollectionUtil.isEmpty(list)) {
            throw new OpenApiException(ApiErrorCode.Data_Invalid, "domainIps is null.", new Object[0]);
        }
        if (StringUtil.isEmpty(str)) {
            throw new OpenApiException(ApiErrorCode.Data_Invalid, "The thirdAppNum is null.", new Object[0]);
        }
        Long thirdIdByNum = ThirdAppSecurityUtil.getThirdIdByNum(str, RequestContext.get().getAccountId());
        if (thirdIdByNum == null) {
            throw new OpenApiException(ApiErrorCode.Data_Invalid, "updateSsoIpInfoByThirdAppNum failed: thirdId is null", new Object[0]);
        }
        LocalCacheUtil.removeCacheByKey("THIRDAPP_SSOLIST", getSsoIPCacheKey(thirdIdByNum));
        return updateSsoInfoListByThirdAppId(thirdIdByNum, list, z);
    }

    public List<SsoIpInfoDto> findSsoIpInfoByThirdAppNum(String str) {
        List<SsoIpInfoDto> list;
        if (StringUtil.isEmpty(str)) {
            throw new OpenApiException(ApiErrorCode.Data_Invalid, "The thirdAppNum is null.", new Object[0]);
        }
        Long thirdIdByNum = ThirdAppSecurityUtil.getThirdIdByNum(str, RequestContext.get().getAccountId());
        if (thirdIdByNum == null) {
            throw new OpenApiException(ApiErrorCode.Data_Invalid, "findSsoIpInfoByThirdAppNum failed: thirdId is null", new Object[0]);
        }
        String ssoIPCacheKey = getSsoIPCacheKey(thirdIdByNum);
        Object cacheByKey = CacheUtil.getCacheByKey("THIRDAPP_SSOLIST", ssoIPCacheKey, RequestContext.get().getAccountId());
        if (cacheByKey == null) {
            list = getSsoInfoListByThirdAppId(thirdIdByNum);
            if (list != null) {
                LocalCacheUtil.setCacheByKey("THIRDAPP_SSOLIST", ssoIPCacheKey, list);
            }
        } else {
            list = (List) cacheByKey;
        }
        return list;
    }

    private static String getSsoIPCacheKey(Long l) {
        return "THIRDAPP_SSOLIST".concat("_").concat(l.toString());
    }

    private List<SsoIpInfoDto> getSsoInfoListByThirdAppId(Long l) {
        return (List) DB.query(DBRoute.basedata, " select fid,fentryid,fseq,fdomain_ip from t_open_3rdapps_ssoip t where t.fid = ? ", new SqlParameter[]{new SqlParameter(":fid", -5, l)}, resultSet -> {
            ArrayList arrayList = new ArrayList(8);
            while (resultSet.next()) {
                SsoIpInfoDto ssoIpInfoDto = new SsoIpInfoDto();
                ssoIpInfoDto.setDomainIp(resultSet.getString("fdomain_ip"));
                ssoIpInfoDto.setEntryId(Long.valueOf(resultSet.getLong("fentryid")));
                ssoIpInfoDto.setThirdAppId(l);
                ssoIpInfoDto.setSeq(resultSet.getInt("fseq"));
                arrayList.add(ssoIpInfoDto);
            }
            return arrayList;
        });
    }

    private DynamicObject updateSsoInfoListByThirdAppId(Long l, List<String> list, boolean z) {
        DynamicObject loadSingle = BusinessDataServiceHelper.loadSingle(l, ENTITY_THIRD_APP);
        DynamicObjectCollection dynamicObjectCollection = loadSingle.getDynamicObjectCollection(ENTITY_SSOIP);
        dynamicObjectCollection.clear();
        for (String str : list) {
            DynamicObject dynamicObject = new DynamicObject(dynamicObjectCollection.getDynamicObjectType());
            dynamicObject.set(DOMAIN_IP, str);
            dynamicObjectCollection.add(dynamicObject);
        }
        DynamicObjectCollection dynamicObjectCollection2 = loadSingle.getDynamicObjectCollection(ENTITY_SUB_STRATEGY);
        if (dynamicObjectCollection2.stream().noneMatch(dynamicObject2 -> {
            return StrategyTypeCodeEnum.SSOIP_POLICY.getId().longValue() == dynamicObject2.getLong(STRATEGYTYPEID_ID);
        })) {
            DynamicObject dynamicObject3 = new DynamicObject(dynamicObjectCollection2.getDynamicObjectType());
            dynamicObject3.set(STRATEGYTYPEID_ID, StrategyTypeCodeEnum.SSOIP_POLICY.getId());
            dynamicObjectCollection2.add(dynamicObject3);
        }
        OperateOption create = OperateOption.create();
        if (z) {
            create.setVariableValue("ishasright", String.valueOf(true));
        }
        check(OperationServiceHelper.executeOperate("save", ENTITY_THIRD_APP, new DynamicObject[]{loadSingle}, create));
        return loadSingle;
    }

    public static void check(OperationResult operationResult) {
        if (operationResult.isSuccess()) {
            return;
        }
        StringBuilder sb = new StringBuilder();
        for (IOperateInfo iOperateInfo : operationResult.getAllErrorOrValidateInfo()) {
            if (sb.length() > 0) {
                sb.append("\r\n");
            }
            sb.append(iOperateInfo.getTitle()).append(' ').append(iOperateInfo.getMessage());
        }
        if (sb.length() != 0) {
            throw new OpenApiException(ApiErrorCode.HTTP_INTERNAL_ERROR, sb.toString(), new Object[0]);
        }
        throw new OpenApiException(ApiErrorCode.HTTP_INTERNAL_ERROR, operationResult.getMessage(), new Object[0]);
    }
}
