package com.iplatform.security;

import com.iplatform.base.AsyncManager;
import com.iplatform.base.PlatformLoginCallback;
import com.iplatform.base.SecuritySpi;
import com.iplatform.base.callback.AfterLoginCallback;
import com.iplatform.base.callback.PlatformCallbackPostProcessor;
import com.iplatform.base.config.LogProperties;
import com.iplatform.base.exception.LoginException;
import com.iplatform.base.pojo.RequestLogin;
import com.iplatform.base.service.LogServiceImpl;
import com.iplatform.base.service.LoginServiceImpl;
import com.iplatform.base.support.strategy.LoginStrategyManager;
import com.iplatform.base.util.TokenUtils;
import com.iplatform.base.util.UserUtils;
import com.iplatform.core.BeanContextAware;
import com.iplatform.model.po.S_login_info;
import com.iplatform.model.po.S_user_core;
import com.iplatform.security.config.SecurityProperties;
import com.iplatform.security.util.LoginCallbackUtils;
import com.iplatform.security.util.SecurityConfigUtils;
import com.walker.cache.CacheProvider;
import com.walker.infrastructure.arguments.ArgumentsManager;
import com.walker.infrastructure.arguments.Variable;
import com.walker.infrastructure.utils.DateUtils;
import com.walker.infrastructure.utils.NumberGenerator;
import com.walker.infrastructure.utils.StringUtils;
import com.walker.web.CaptchaProvider;
import com.walker.web.CaptchaResult;
import com.walker.web.CaptchaType;
import com.walker.web.LoginType;
import com.walker.web.ResponseCode;
import com.walker.web.TokenGenerator;
import com.walker.web.UserOnlineProvider;
import com.walker.web.UserPrincipal;
import com.walker.web.WebAgentService;
import com.walker.web.WebRuntimeException;
import com.walker.web.WebUserAgent;
import com.walker.web.util.IdUtils;
import com.walker.web.util.ServletUtils;
import jakarta.servlet.http.HttpServletRequest;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.TimerTask;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.crypto.password.PasswordEncoder;

/* loaded from: input_file:com/iplatform/security/DefaultSecuritySpi.class */
public class DefaultSecuritySpi implements SecuritySpi {
    protected final transient Logger logger = LoggerFactory.getLogger(getClass());
    private static final String BEAN_NAME_CAPTCHA_CACHE = "captchaCacheProvider";

    public boolean isAllowMobileLoginRegister() {
        return getSecurityProperties().isAllowMobileLoginReg();
    }

    public Map<String, Object> login(RequestLogin requestLogin) throws LoginException {
        String execute;
        String username = requestLogin.getUsername();
        PlatformLoginCallback loginCallbackBean = LoginCallbackUtils.getLoginCallbackBean(LoginType.getType(requestLogin.getLoginType()), true);
        if (getArgumentVariable("security.captcha.enabled").getBooleanValue()) {
            CaptchaProvider<CaptchaResult> captchaProvider = loginCallbackBean.getCaptchaProvider();
            if (captchaProvider == null) {
                throw new LoginException("系统需要验证码，但登录未配置:" + loginCallbackBean.getClass().getName());
            }
            if (StringUtils.isEmpty(requestLogin.getVerifyType())) {
                throw new LoginException("请求错误：验证码类型为空");
            }
            if (captchaProvider.getCaptchaType() != CaptchaType.ThirdParty && !requestLogin.getVerifyType().equals(captchaProvider.getCaptchaType().getIndex())) {
                throw new LoginException("前端配置的验证码类型与后台不一致! verifyType = " + captchaProvider.getCaptchaType());
            }
            if (loginCallbackBean.isValidateCaptcha()) {
                this.logger.debug("需要验证码，getCaptchaType={}", loginCallbackBean.getCaptchaProvider().getCaptchaType());
                String validateCaptcha = validateCaptcha(requestLogin.getCode(), requestLogin.getUuid(), captchaProvider);
                if (validateCaptcha != null) {
                    throw new LoginException(validateCaptcha);
                }
            }
        }
        if (getLogProperties().isLoginEnabled() && (execute = getLoginStrategyManager().execute(requestLogin)) != null) {
            throw new LoginException(execute);
        }
        try {
            DefaultAuthenticationToken defaultAuthenticationToken = new DefaultAuthenticationToken(username, requestLogin.getPassword(), requestLogin);
            SecurityContextHolder.getContext().setAuthentication(defaultAuthenticationToken);
            DefaultUserDetails defaultUserDetails = (DefaultUserDetails) getAuthenticationManager().authenticate(defaultAuthenticationToken).getPrincipal();
            if (this.logger.isDebugEnabled()) {
                this.logger.debug(defaultUserDetails.getUserPrincipal().toString());
            }
            CaptchaType captchaType = loginCallbackBean.getCaptchaProvider().getCaptchaType();
            if (captchaType == CaptchaType.None || captchaType == CaptchaType.ThirdParty) {
                requestLogin.setUuid(IdUtils.simpleUUID());
            }
            long tokenExpireMinutes = SecurityConfigUtils.getTokenExpireMinutes(requestLogin.getClientType(), getSecurityProperties());
            String generateToken = TokenUtils.generateToken(defaultUserDetails.getUserPrincipal().getId(), defaultUserDetails.getUsername(), requestLogin.getUuid(), getTokenGenerator(), tokenExpireMinutes);
            this.logger.debug("token失效分钟:{}", Long.valueOf(tokenExpireMinutes));
            getUserOnlineProvider().cacheUserPrincipal(requestLogin.getUuid(), defaultUserDetails.getUserPrincipal());
            recordLoginInfo(username, String.valueOf(ResponseCode.SUCCESS.getCode()), "登录成功", ((S_user_core) defaultUserDetails.getUserPrincipal().getUserInfo()).getId().longValue(), requestLogin.getUuid(), requestLogin.getClientType());
            AfterLoginCallback afterLoginCallback = (AfterLoginCallback) PlatformCallbackPostProcessor.getCallbackObject(AfterLoginCallback.class);
            if (afterLoginCallback != null) {
                afterLoginCallback.onSuccess(requestLogin, defaultUserDetails.getUserPrincipal());
            }
            HashMap hashMap = new HashMap(2);
            hashMap.put("token", generateToken);
            hashMap.put("userInfo", UserUtils.acquireClientUserInfo((S_user_core) defaultUserDetails.getUserPrincipal().getUserInfo(), generateToken));
            hashMap.put("userInfoApp", defaultUserDetails.getUserPrincipal());
            return hashMap;
        } catch (Exception e) {
            recordLoginInfo(requestLogin.getUsername(), String.valueOf(ResponseCode.ERROR.getCode()), "登录未成功认证", 0L, null, null);
            if (e instanceof UsernameNotFoundException) {
                throw new LoginException("用户账号不存在，或已停用：" + requestLogin.getUsername(), e, true);
            }
            if (!(e instanceof BadCredentialsException)) {
                throw new LoginException(e.getMessage());
            }
            this.logger.debug("++++++++++++++++++ 密码错误");
            throw new LoginException(ResponseCode.USER_CREDENTIALS_ERROR.getMessage());
        }
    }

    private String validateCaptcha(String str, String str2, CaptchaProvider<CaptchaResult> captchaProvider) {
        if (StringUtils.isEmpty(str2) || StringUtils.isEmpty(str)) {
            return "请输入验证码";
        }
        CaptchaResult captchaResult = new CaptchaResult();
        captchaResult.setUuid(str2);
        captchaResult.setCode(str);
        boolean validateCaptcha = captchaProvider.validateCaptcha(captchaResult);
        if (captchaProvider.getCaptchaType() != CaptchaType.SmsCode) {
            getCaptchaCacheProvider().removeCacheData("captcha_codes:" + str2);
        }
        if (validateCaptcha) {
            return null;
        }
        this.logger.error("验证码校验失败: code = " + str);
        return "验证码错误";
    }

    private void recordLoginInfo(String str, String str2, String str3, long j, String str4, String str5) {
        if (getLogProperties().isLoginEnabled()) {
            this.logger.debug("异步记录登录日志，后续要补充:" + str2 + ", " + str3);
            AsyncManager.me().execute(acquireLoginInfoTask(str, str2, str3, Long.valueOf(j), str4, str5));
        }
    }

    private TimerTask acquireLoginInfoTask(final String str, final String str2, final String str3, final Long l, final String str4, final String str5) {
        HttpServletRequest request = ServletUtils.getRequest();
        final WebUserAgent webUserAgent = getWebAgentService().getWebUserAgent(request.getHeader("User-Agent"), request);
        return new TimerTask() { // from class: com.iplatform.security.DefaultSecuritySpi.1
            @Override // java.util.TimerTask, java.lang.Runnable
            public void run() {
                S_login_info s_login_info = new S_login_info();
                s_login_info.setLogin_time(Long.valueOf(Long.parseLong(DateUtils.getDateTimeSecondForShow())));
                s_login_info.setUser_name(str);
                s_login_info.setMsg(str3);
                s_login_info.setStatus(str2);
                s_login_info.setInfo_id(Long.valueOf(NumberGenerator.getLongSequenceNumber()));
                if (webUserAgent != null) {
                    s_login_info.setLogin_location(webUserAgent.getLocation());
                    s_login_info.setBrowser(webUserAgent.getBrowserName());
                    s_login_info.setIpaddr(webUserAgent.getIp());
                    s_login_info.setOs(webUserAgent.getOsName());
                }
                if (!str2.equals(String.valueOf(ResponseCode.SUCCESS.getCode()))) {
                    DefaultSecuritySpi.this.getLogService().execInsertLoginLog(s_login_info, l);
                } else if (DefaultSecuritySpi.this.getLoginStrategyManager().hasUserLogin(str)) {
                    DefaultSecuritySpi.this.getLoginStrategyManager().updateUserLoginCache(DefaultSecuritySpi.this.getLoginService().execUpdateUserLogin(l.longValue(), str, str4, str5, s_login_info, true));
                } else {
                    DefaultSecuritySpi.this.getLoginStrategyManager().putUserLoginCache(DefaultSecuritySpi.this.getLoginService().execUpdateUserLogin(l.longValue(), str, str4, str5, s_login_info, false));
                }
            }
        };
    }

    private AuthenticationManager getAuthenticationManager() {
        return (AuthenticationManager) BeanContextAware.getBeanByType(AuthenticationManager.class);
    }

    private TokenGenerator getTokenGenerator() {
        return (TokenGenerator) BeanContextAware.getBeanByType(TokenGenerator.class);
    }

    private CacheProvider<String> getCaptchaCacheProvider() {
        return (CacheProvider) BeanContextAware.getBeanByName(BEAN_NAME_CAPTCHA_CACHE);
    }

    private WebAgentService getWebAgentService() {
        return (WebAgentService) BeanContextAware.getBeanByType(WebAgentService.class);
    }

    private UserOnlineProvider getUserOnlineProvider() {
        return (UserOnlineProvider) BeanContextAware.getBeanByType(UserOnlineProvider.class);
    }

    private SecurityProperties getSecurityProperties() {
        return (SecurityProperties) BeanContextAware.getBeanByType(SecurityProperties.class);
    }

    private LogProperties getLogProperties() {
        return (LogProperties) BeanContextAware.getBeanByType(LogProperties.class);
    }

    private LoginServiceImpl getLoginService() {
        return (LoginServiceImpl) BeanContextAware.getBeanByType(LoginServiceImpl.class);
    }

    private LogServiceImpl getLogService() {
        return (LogServiceImpl) BeanContextAware.getBeanByType(LogServiceImpl.class);
    }

    private LoginStrategyManager getLoginStrategyManager() {
        return (LoginStrategyManager) BeanContextAware.getBeanByType(LoginStrategyManager.class);
    }

    @Deprecated
    public void loginAsWorkflowRole() {
        DefaultUserDetails currentUserDetails = getCurrentUserDetails();
        currentUserDetails.addGrantedAuthority("ROLE_ACTIVITI_USER");
        this.logger.debug("......loginAsWorkflowRole(), {}", currentUserDetails.getRoleIdList());
    }

    public List<String> getCurrentUserRoleIdList() {
        DefaultUserDetails currentUserDetails = getCurrentUserDetails();
        if (currentUserDetails != null) {
            return currentUserDetails.getRoleIdList();
        }
        this.logger.error("获取当前登录用户错误：getCurrentUserDetails() == null");
        return null;
    }

    public UserPrincipal<S_user_core> getCurrentUserPrincipal() {
        DefaultUserDetails currentUserDetails = getCurrentUserDetails();
        if (currentUserDetails != null) {
            return currentUserDetails.getUserPrincipal();
        }
        this.logger.error("获取当前登录用户错误：getCurrentUserDetails() == null");
        return null;
    }

    public S_user_core getCurrentUser() {
        UserPrincipal<S_user_core> currentUserPrincipal = getCurrentUserPrincipal();
        if (currentUserPrincipal == null) {
            throw new WebRuntimeException("当前操作未找到登录人员: userPrincipal not found in thread!");
        }
        return (S_user_core) currentUserPrincipal.getUserInfo();
    }

    public long getCurrentUserId() {
        return getCurrentUser().getId().longValue();
    }

    public String encryptPassword(String str) {
        return ((PasswordEncoder) BeanContextAware.getBeanByType(PasswordEncoder.class)).encode(str);
    }

    public boolean matchesPassword(String str, String str2) {
        return ((PasswordEncoder) BeanContextAware.getBeanByType(PasswordEncoder.class)).matches(str, str2);
    }

    private DefaultUserDetails getCurrentUserDetails() {
        Authentication authentication = getAuthentication();
        if (authentication == null) {
            throw new WebRuntimeException("当前操作未找到登录认证对象: authentication not found in thread!");
        }
        Object principal = authentication.getPrincipal();
        if (principal instanceof DefaultUserDetails) {
            return (DefaultUserDetails) principal;
        }
        return null;
    }

    private Authentication getAuthentication() {
        return SecurityContextHolder.getContext().getAuthentication();
    }

    private Variable getArgumentVariable(String str) {
        Variable variable = ((ArgumentsManager) BeanContextAware.getBeanByType(ArgumentsManager.class)).getVariable(str);
        if (variable == null) {
            throw new IllegalArgumentException("可变配置参数不存在: " + str);
        }
        return variable;
    }
}
