package kd.bos.openapi.form.plugin.thirdapp.service.impl;

import com.alibaba.fastjson.JSON;
import java.util.HashMap;
import java.util.Map;
import kd.bos.dataentity.entity.DynamicObject;
import kd.bos.dataentity.entity.DynamicObjectCollection;
import kd.bos.dataentity.entity.MulBasedataDynamicObjectCollection;
import kd.bos.dataentity.metadata.dynamicobject.DynamicObjectType;
import kd.bos.dataentity.resource.ResManager;
import kd.bos.dataentity.utils.StringUtils;
import kd.bos.entity.datamodel.IDataModel;
import kd.bos.isc.util.dt.D;
import kd.bos.logging.Log;
import kd.bos.logging.LogFactory;
import kd.bos.openapi.common.constant.ApiErrorCode;
import kd.bos.openapi.common.exception.OpenApiException;
import kd.bos.openapi.common.util.StringUtil;
import kd.bos.openapi.form.plugin.script.util.ScriptCategory;
import kd.bos.openapi.form.plugin.thirdapp.ThirdAppPlugin;
import kd.bos.openapi.form.plugin.thirdapp.entity.ThirdAppEditDto;
import kd.bos.openapi.form.plugin.thirdapp.service.StrategyUpdateService;
import kd.bos.openapi.form.plugin.thirdapp.service.StrategyValidateService;
import kd.bos.util.PasswordEncryptUtil;

/* loaded from: input_file:kd/bos/openapi/form/plugin/thirdapp/service/impl/AccessTokenUpdateServiceImpl.class */
public class AccessTokenUpdateServiceImpl extends AbstractStrategyUpdateService implements StrategyUpdateService, StrategyValidateService {
    private static final Log log = LogFactory.getLog(AccessTokenUpdateServiceImpl.class);

    @Override // kd.bos.openapi.form.plugin.thirdapp.service.StrategyUpdateService
    public void init(IDataModel iDataModel, ThirdAppEditDto thirdAppEditDto) {
        thirdAppEditDto.setAccessToken((String) iDataModel.getValue(ThirdAppPlugin.KEY_SYSAUTH));
        thirdAppEditDto.setNumber(D.s(iDataModel.getValue(ThirdAppPlugin.KEY_NUMBER)));
        Long l = (Long) iDataModel.getValue("id");
        if (l == null || l.longValue() == 0) {
            thirdAppEditDto.setEnhanceToken(true);
        } else {
            thirdAppEditDto.setEnhanceToken(D.x(iDataModel.getValue(ThirdAppPlugin.KEY_IS_ENHANCE_TOKEN)));
        }
        thirdAppEditDto.setAgencyUser(D.x(iDataModel.getValue(ThirdAppPlugin.IS_AGENCY_USER)));
        DynamicObjectCollection entryEntity = iDataModel.getEntryEntity(ThirdAppPlugin.AGENCY_USER);
        iDataModel.setValue(ThirdAppPlugin.ACCESS_TOKEN_OLD, iDataModel.getValue(ThirdAppPlugin.KEY_SYSAUTH));
        thirdAppEditDto.setJwtAuthEnable(D.x(iDataModel.getValue(ThirdAppPlugin.JWTASYMMETIC)));
        thirdAppEditDto.setJwtShaKey((String) iDataModel.getValue(ThirdAppPlugin.SECURITYPUBLICKEY));
        thirdAppEditDto.setJwtSignType((Long) iDataModel.getValue(ThirdAppPlugin.KEY_JWT_TYPE));
        if (entryEntity != null) {
            HashMap hashMap = new HashMap();
            entryEntity.forEach(dynamicObject -> {
                hashMap.put(Long.valueOf(dynamicObject.getLong("fbasedataid.id")), 1);
            });
            thirdAppEditDto.setAgencyUserMap(hashMap);
        }
    }

    @Override // kd.bos.openapi.form.plugin.thirdapp.service.StrategyUpdateService
    public void loadData(IDataModel iDataModel) {
        ThirdAppEditDto loadThirdApp = loadThirdApp(iDataModel);
        iDataModel.setValue(ThirdAppPlugin.KEY_SYSAUTH, loadThirdApp.getAccessToken());
        iDataModel.setValue(ThirdAppPlugin.ACCESS_TOKEN_OLD, loadThirdApp.getAccessToken());
        iDataModel.setValue(ThirdAppPlugin.KEY_IS_ENHANCE_TOKEN, loadThirdApp.isEnhanceToken() ? "1" : ScriptCategory.ROOT_ID);
        iDataModel.setValue(ThirdAppPlugin.JWTASYMMETIC, loadThirdApp.isJwtAuthEnable() ? "1" : ScriptCategory.ROOT_ID);
        iDataModel.setValue(ThirdAppPlugin.KEY_JWT_TYPE, "1".equals(loadThirdApp.getIsNew()) ? "1" : loadThirdApp.getJwtSignType() + "");
        iDataModel.setValue(ThirdAppPlugin.SECURITYPUBLICKEY, loadThirdApp.getJwtShaKey());
        iDataModel.setValue(ThirdAppPlugin.IS_AGENCY_USER, Boolean.valueOf(loadThirdApp.isAgencyUser()));
        if (loadThirdApp.getAgencyUserMap() == null || loadThirdApp.getAgencyUserMap().size() <= 0) {
            return;
        }
        DynamicObjectCollection entryEntity = iDataModel.getEntryEntity(ThirdAppPlugin.AGENCY_USER);
        DynamicObjectType dynamicObjectType = entryEntity.getDynamicObjectType();
        for (Map.Entry<Long, Integer> entry : loadThirdApp.getAgencyUserMap().entrySet()) {
            DynamicObject dynamicObject = new DynamicObject(dynamicObjectType);
            dynamicObject.set("fbasedataid_id", entry.getKey());
            entryEntity.add(dynamicObject);
        }
        iDataModel.updateEntryCache(entryEntity);
    }

    @Override // kd.bos.openapi.form.plugin.thirdapp.service.StrategyValidateService
    public void validate(IDataModel iDataModel) {
        if (iDataModel == null) {
            return;
        }
        String s = D.s(iDataModel.getValue("issave"));
        String str = (String) iDataModel.getValue(ThirdAppPlugin.KEY_SYSAUTH);
        String str2 = (String) iDataModel.getValue(ThirdAppPlugin.ACCESS_TOKEN_OLD);
        if (!"1".equalsIgnoreCase(s) && !str2.equals(str) && StringUtils.isNotBlank(str) && !str.matches("^(?![A-Za-z0-9_]+$)(?![a-z0-9_\\W]+$)(?![A-Za-z_\\W]+$)(?![A-Z0-9_\\W]+$)[a-zA-Z0-9_\\W]{16,50}$")) {
            throw new OpenApiException(ApiErrorCode.Data_Invalid, ResManager.loadKDString("AccessToken认证密钥不符合密码复杂性及长度要求（16~50位字符，大小写及数字、特殊符号混合）。", "OpenApi3rdappsPlugin_2", "bos-open-formplugin", new Object[0]), new Object[0]);
        }
        Boolean valueOf = Boolean.valueOf(D.x(iDataModel.getValue(ThirdAppPlugin.JWTASYMMETIC)));
        String s2 = D.s(iDataModel.getValue(ThirdAppPlugin.KEY_JWT_TYPE));
        if (valueOf.booleanValue() && StringUtil.isEmpty(s2)) {
            throw new OpenApiException(ApiErrorCode.Data_Invalid, ResManager.loadKDString("启用JWT Token后，需要选择JWT签名策略。", "AccessTokenUpdateServiceImpl_0", "bos-open-formplugin", new Object[0]), new Object[0]);
        }
        if (Boolean.valueOf(D.x(iDataModel.getValue(ThirdAppPlugin.KEY_IS_ENHANCE_TOKEN))).booleanValue()) {
            if (!((Boolean) iDataModel.getValue(ThirdAppPlugin.IS_AGENCY_USER)).booleanValue() || iDataModel.getValue(ThirdAppPlugin.AGENCY_USER) == null || ((MulBasedataDynamicObjectCollection) iDataModel.getValue(ThirdAppPlugin.AGENCY_USER)).isEmpty()) {
                throw new OpenApiException(ApiErrorCode.Data_Invalid, ResManager.loadKDString("使用增强型Token认证，必须先启用代理用户控制并维护接口代理用户。", "AccessTokenUpdateServiceImpl_1", "bos-open-formplugin", new Object[0]), new Object[0]);
            }
        }
    }

    @Override // kd.bos.openapi.form.plugin.thirdapp.service.StrategyUpdateService
    public ThirdAppEditDto confirm(IDataModel iDataModel) {
        validate(iDataModel);
        ThirdAppEditDto loadThirdApp = loadThirdApp(iDataModel);
        String str = (String) iDataModel.getValue(ThirdAppPlugin.KEY_SYSAUTH);
        String str2 = (String) iDataModel.getValue(ThirdAppPlugin.ACCESS_TOKEN_OLD);
        String str3 = "";
        if ((StringUtil.isEmpty(str) && StringUtil.isEmpty(str2)) || str2.equals(str) || str2.equals(PasswordEncryptUtil.getEncryptePasswordWithSalt(str))) {
            str3 = str;
        } else if (StringUtil.isNotEmpty(str)) {
            str3 = PasswordEncryptUtil.getEncryptePasswordWithSalt(str);
        }
        loadThirdApp.setAccessToken(str3);
        boolean x = D.x(iDataModel.getValue(ThirdAppPlugin.KEY_IS_ENHANCE_TOKEN));
        if (x != loadThirdApp.isEnhanceToken()) {
            loadThirdApp.setEnhanceToken(x);
        }
        loadThirdApp.setJwtAuthEnable(D.x(iDataModel.getValue(ThirdAppPlugin.JWTASYMMETIC)));
        loadThirdApp.setJwtShaKey(encode((String) iDataModel.getValue(ThirdAppPlugin.SECURITYPUBLICKEY)));
        loadThirdApp.setJwtSignType(Long.valueOf((String) iDataModel.getValue(ThirdAppPlugin.KEY_JWT_TYPE)));
        iDataModel.setValue(ThirdAppPlugin.THIRD_APP_MODEL, JSON.toJSONString(loadThirdApp));
        return loadThirdApp;
    }

    @Override // kd.bos.openapi.form.plugin.thirdapp.service.StrategyUpdateService
    public void updateModel(IDataModel iDataModel, ThirdAppEditDto thirdAppEditDto) {
        Long strategyId = thirdAppEditDto.getStrategyId();
        iDataModel.setValue(ThirdAppPlugin.KEY_SYSAUTH, thirdAppEditDto.getAccessToken());
        iDataModel.setValue(ThirdAppPlugin.KEY_IS_ENHANCE_TOKEN, thirdAppEditDto.isEnhanceToken() ? "1" : ScriptCategory.ROOT_ID);
        iDataModel.setValue(ThirdAppPlugin.SECURITYPUBLICKEY, thirdAppEditDto.getJwtShaKey());
        iDataModel.setValue(ThirdAppPlugin.JWTASYMMETIC, thirdAppEditDto.isJwtAuthEnable() ? "1" : ScriptCategory.ROOT_ID);
        iDataModel.setValue(ThirdAppPlugin.KEY_JWT_TYPE, thirdAppEditDto.getJwtSignType());
        save(iDataModel, strategyId);
    }

    @Override // kd.bos.openapi.form.plugin.thirdapp.service.StrategyUpdateService
    public void delete(IDataModel iDataModel, String str) {
        throw new OpenApiException(ApiErrorCode.Data_Invalid, ResManager.loadKDString("AccessToken认证策略不允许删除。", "ThirdAppPlugin_8", "bos-open-formplugin", new Object[0]), new Object[0]);
    }
}
