package net.ibizsys.central.cloud.core.sysutil;

import com.fasterxml.jackson.core.type.TypeReference;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.net.URLDecoder;
import java.nio.charset.Charset;
import java.security.KeyFactory;
import java.security.PublicKey;
import java.security.spec.X509EncodedKeySpec;
import java.util.Base64;
import java.util.Collection;
import java.util.Date;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import net.ibizsys.central.cloud.core.cloudutil.ICloudSaaSUtilRuntime;
import net.ibizsys.central.cloud.core.cloudutil.ICloudUtilRuntime;
import net.ibizsys.central.cloud.core.cloudutil.client.ICloudUAAClient;
import net.ibizsys.central.cloud.core.security.AuthenticationUser;
import net.ibizsys.central.cloud.core.security.EmployeeContext;
import net.ibizsys.central.cloud.core.security.IAuthenticationUser;
import net.ibizsys.central.cloud.core.security.IAuthenticationUserRuntime;
import net.ibizsys.central.cloud.core.security.IEmployeeContext;
import net.ibizsys.central.cloud.core.security.IUAAGrantedAuthority;
import net.ibizsys.central.cloud.core.servlet.IServiceHubFilter;
import net.ibizsys.central.cloud.core.util.CloudCacheTagUtils;
import net.ibizsys.central.cloud.core.util.domain.AppData;
import net.ibizsys.central.cloud.core.util.domain.Employee;
import net.ibizsys.runtime.SystemRuntimeException;
import net.ibizsys.runtime.security.IUserContext;
import net.ibizsys.runtime.security.UserContext;
import net.ibizsys.runtime.util.DataTypeUtils;
import net.ibizsys.runtime.util.IAction;
import org.apache.commons.io.IOUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.http.HttpStatus;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.util.ObjectUtils;
import org.springframework.util.StringUtils;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;

/* loaded from: input_file:net/ibizsys/central/cloud/core/sysutil/SysUAAUtilRuntimeBase.class */
public abstract class SysUAAUtilRuntimeBase extends SysUtilRuntimeBase implements ISysUAAUtilRuntime, IServiceHubFilter {
    private static final Log log = LogFactory.getLog(SysUAAUtilRuntimeBase.class);
    public static final String UAAFILTERTAG = "_IBIZ_UAAFILTERTAG_";
    public final TypeReference<Collection<IUAAGrantedAuthority>> UAAGrantedAuthorityListType = new TypeReference<Collection<IUAAGrantedAuthority>>() { // from class: net.ibizsys.central.cloud.core.sysutil.SysUAAUtilRuntimeBase.1
    };
    private String strTokenHeader = ISysUAAUtilRuntime.HEADER_TOKEN;
    private String strTokenPrefix = ISysUAAUtilRuntime.DEFAULT_TOKENPREFIX;
    private ISysCloudClientUtilRuntime iSysCloudClientUtilRuntime = null;

    protected void onPrepareDefaultSetting() throws Exception {
        String param = getSystemRuntimeSetting().getParam(getConfigFolder() + ".tokenheader", ISysUAAUtilRuntime.HEADER_TOKEN);
        if (StringUtils.hasLength(param)) {
            setTokenHeader(param);
        }
        String param2 = getSystemRuntimeSetting().getParam(getConfigFolder() + ".tokenprefix", ISysUAAUtilRuntime.DEFAULT_TOKENPREFIX);
        if (StringUtils.hasLength(param2)) {
            setTokenPrefix(param2);
        }
        super.onPrepareDefaultSetting();
    }

    protected void onInstall() throws Exception {
        super.onInstall();
        if (getSysCacheUtilRuntime(true) == null) {
            log.warn(String.format("系统UAA功能组件未指定系统缓存功能组件，无法提供与认证相关能力", new Object[0]));
            getSystemRuntime().log(30000, getLogCat(), String.format("系统UAA功能组件未指定系统缓存功能组件，无法提供与认证相关能力", new Object[0]), (Object) null);
        }
    }

    protected ISysCloudClientUtilRuntime getSysCloudClientUtilRuntime() {
        if (this.iSysCloudClientUtilRuntime == null) {
            this.iSysCloudClientUtilRuntime = (ISysCloudClientUtilRuntime) getSystemRuntime().getSysUtilRuntime(ISysCloudClientUtilRuntime.class, false);
        }
        return this.iSysCloudClientUtilRuntime;
    }

    @Override // net.ibizsys.central.cloud.core.sysutil.ISysUAAUtilRuntime
    public String getTokenHeader() {
        return this.strTokenHeader;
    }

    protected void setTokenHeader(String str) {
        this.strTokenHeader = str;
    }

    @Override // net.ibizsys.central.cloud.core.sysutil.ISysUAAUtilRuntime
    public String getTokenPrefix() {
        return this.strTokenPrefix;
    }

    protected void setTokenPrefix(String str) {
        this.strTokenPrefix = str;
    }

    @Override // net.ibizsys.central.cloud.core.sysutil.ISysUAAUtilRuntime
    public boolean validateToken(String str, IAuthenticationUser iAuthenticationUser) {
        try {
            boolean onValidateToken = onValidateToken(str, iAuthenticationUser);
            if (!onValidateToken || iAuthenticationUser.getApiuser() == 1 || str.equals(getSysCacheUtilRuntime().get(CloudCacheTagUtils.getAuthenticationUserCat(iAuthenticationUser.getUsername(), str), ISysUAAUtilRuntime.AUTHENTICATIONUSERCAT_UAATOKEN))) {
                return onValidateToken;
            }
            throw new Exception(String.format("鉴别凭证已注销", new Object[0]));
        } catch (Throwable th) {
            log.error(String.format("%1$s鉴别凭证发生异常，%2$s", getLogicName(), th.getMessage()), th);
            throw dealException(String.format("鉴别凭证发生异常，%1$s", th.getMessage()), th);
        }
    }

    protected boolean onValidateToken(String str, IAuthenticationUser iAuthenticationUser) throws Throwable {
        throw new Exception("没有实现");
    }

    @Override // net.ibizsys.central.cloud.core.sysutil.ISysUAAUtilRuntime
    public String getUsernameFromToken(String str) {
        try {
            return onGetUsernameFromToken(str);
        } catch (Throwable th) {
            log.error(String.format("%1$s获取Token用户标识发生异常，%2$s", getLogicName(), th.getMessage()), th);
            throw dealException(String.format("获取Token用户标识发生异常，%1$s", th.getMessage()), th);
        }
    }

    protected String onGetUsernameFromToken(String str) throws Throwable {
        throw new Exception("没有实现");
    }

    @Override // net.ibizsys.central.cloud.core.sysutil.ISysUAAUtilRuntime
    public Date getExpirationDateFromToken(String str) {
        try {
            return onGetExpirationDateFromToken(str);
        } catch (Throwable th) {
            log.error(String.format("%1$s获取Token过期时间发生异常，%2$s", getLogicName(), th.getMessage()), th);
            throw dealException(String.format("获取Token过期时间发生异常，%1$s", th.getMessage()), th);
        }
    }

    protected Date onGetExpirationDateFromToken(String str) throws Throwable {
        throw new Exception("没有实现");
    }

    @Override // net.ibizsys.central.cloud.core.sysutil.ISysUAAUtilRuntime
    public int getExpireInFromToken(String str) {
        return Long.valueOf((getExpirationDateFromToken(str).getTime() - System.currentTimeMillis()) / 1000).intValue();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public PublicKey getPublicKey(String str) throws Throwable {
        return KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(Base64.getDecoder().decode(str)));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String getPublicKeyString() throws Throwable {
        File file = new File(System.getProperty("user.home") + "/.ibzrt", "ibzrt_rsa.pub");
        return !file.exists() ? IOUtils.toString(getClass().getResourceAsStream("/uaa/keypair/ibzrt_rsa.pub"), Charset.defaultCharset()) : IOUtils.toString(new FileInputStream(file), Charset.defaultCharset());
    }

    @Override // net.ibizsys.central.cloud.core.servlet.IServiceHubFilter
    public boolean doFilter(ServletRequest servletRequest, ServletResponse servletResponse) throws IOException, ServletException {
        return doFilterInternal((HttpServletRequest) servletRequest, (HttpServletResponse) servletResponse);
    }

    protected boolean doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        UserContext.setCurrent((IUserContext) null);
        httpServletRequest.setAttribute(UAAFILTERTAG, "TRUE");
        String header = httpServletRequest.getHeader(getTokenHeader());
        if (header == null || !header.startsWith(getTokenPrefix())) {
            log.debug(String.format("请求[%1$s]未携带Token", httpServletRequest.getRequestURI()));
            httpServletResponse.setStatus(HttpStatus.UNAUTHORIZED.value());
            return false;
        }
        String substring = StringUtils.hasLength(getTokenPrefix()) ? header.substring(getTokenPrefix().length()) : header;
        try {
            String usernameFromToken = getUsernameFromToken(substring);
            if (!StringUtils.hasLength(usernameFromToken)) {
                throw new Exception(String.format("Token未包含用户标识", new Object[0]));
            }
            String header2 = httpServletRequest.getHeader(ISysUAAUtilRuntime.HEADER_ORGID);
            String header3 = httpServletRequest.getHeader(ISysUAAUtilRuntime.HEADER_SYSTEMID);
            if ("undefined".equals(header3)) {
                header3 = null;
            }
            if ("undefined".equals(header2)) {
                header2 = null;
            }
            String header4 = httpServletRequest.getHeader(ISysUAAUtilRuntime.HEADER_DCSYSTEMID);
            String header5 = httpServletRequest.getHeader(ISysUAAUtilRuntime.HEADER_USERID);
            String header6 = httpServletRequest.getHeader("srfdcid");
            try {
                IAuthenticationUser iAuthenticationUser = (IAuthenticationUser) getSysCacheUtilRuntime(false).get(CloudCacheTagUtils.getAuthenticationUserTag(usernameFromToken), AuthenticationUser.class);
                if (iAuthenticationUser == null) {
                    log.debug(String.format("无法从缓存中获取当前用户认证信息", new Object[0]));
                    httpServletResponse.setStatus(HttpStatus.UNAUTHORIZED.value());
                    return false;
                }
                try {
                    if (validateToken(substring, iAuthenticationUser)) {
                        if (iAuthenticationUser instanceof IAuthenticationUserRuntime) {
                            ((IAuthenticationUserRuntime) iAuthenticationUser).setToken(substring);
                            ((IAuthenticationUserRuntime) iAuthenticationUser).setExpirein(getExpireInFromToken(substring));
                        }
                        Employee employee = null;
                        Collection<IUAAGrantedAuthority> collection = null;
                        if (StringUtils.hasLength(header3) && StringUtils.hasLength(header6) && StringUtils.hasLength(header4) && StringUtils.hasLength(header5)) {
                            if (DataTypeUtils.getIntegerValue(Integer.valueOf(iAuthenticationUser.getApiuser()), 0).intValue() != 1 && DataTypeUtils.getIntegerValue(Integer.valueOf(iAuthenticationUser.getSuperuser()), 0).intValue() != 1) {
                                log.error(String.format("用户[%1$s][%2$s]使用API模式访问系统", iAuthenticationUser.getUserid(), iAuthenticationUser.getUsername()));
                                httpServletResponse.setStatus(HttpStatus.FORBIDDEN.value());
                                return false;
                            }
                            String header7 = httpServletRequest.getHeader(ISysUAAUtilRuntime.HEADER_USERNAME);
                            employee = new Employee();
                            employee.setSrfdcid(header6);
                            employee.setUserId(header5);
                            employee.setDCSystemId(header4);
                            if (StringUtils.hasLength(header7)) {
                                try {
                                    employee.setPersonName(URLDecoder.decode(header7, "UTF-8"));
                                } catch (Exception e) {
                                    log.error(e);
                                    employee.setPersonName(header7);
                                }
                            }
                            if (DataTypeUtils.getIntegerValue(Integer.valueOf(iAuthenticationUser.getApiuser()), 0).intValue() == 1) {
                                employee.setSuperUser(1);
                            }
                            employee.setOrgId(header2);
                            String header8 = httpServletRequest.getHeader(ISysUAAUtilRuntime.HEADER_ORGCODE);
                            if (StringUtils.hasLength(header8)) {
                                employee.setOrgCode(header8);
                            }
                            String header9 = httpServletRequest.getHeader(ISysUAAUtilRuntime.HEADER_DEPTID);
                            if (StringUtils.hasLength(header9)) {
                                employee.setMDeptId(header9);
                            }
                            String header10 = httpServletRequest.getHeader(ISysUAAUtilRuntime.HEADER_DEPTCODE);
                            if (StringUtils.hasLength(header10)) {
                                employee.setMDeptCode(header10);
                            }
                            String header11 = httpServletRequest.getHeader(ISysUAAUtilRuntime.HEADER_PORGIDS);
                            if (StringUtils.hasLength(header11)) {
                                employee.setPOrgIds(header11);
                            }
                            String header12 = httpServletRequest.getHeader(ISysUAAUtilRuntime.HEADER_SORGIDS);
                            if (StringUtils.hasLength(header12)) {
                                employee.setSOrgIds(header12);
                            }
                            String header13 = httpServletRequest.getHeader(ISysUAAUtilRuntime.HEADER_PDEPTIDS);
                            if (StringUtils.hasLength(header13)) {
                                employee.setPDeptIds(header13);
                            }
                            String header14 = httpServletRequest.getHeader(ISysUAAUtilRuntime.HEADER_SDEPTIDS);
                            if (StringUtils.hasLength(header14)) {
                                employee.setSDeptIds(header14);
                            }
                        } else if (StringUtils.hasLength(header3) && StringUtils.hasLength(header2)) {
                            employee = getEmployee(iAuthenticationUser.getUsername(), iAuthenticationUser.getToken(), header3, header2);
                            if (employee != null && iAuthenticationUser.getSuperuser() == 1) {
                                employee.setSuperUser(1);
                            }
                            String str = null;
                            if (employee != null) {
                                str = employee.getDCSystemId();
                            }
                            if (StringUtils.hasLength(str)) {
                                collection = getGrantedAuthorities(iAuthenticationUser.getUsername(), iAuthenticationUser.getToken(), str);
                            }
                        } else if (StringUtils.hasLength(header3) && ICloudSaaSUtilRuntime.SYSTEMID_PORTAL.equalsIgnoreCase(header3)) {
                            employee = new Employee();
                            employee.setUserId(iAuthenticationUser.getUserid());
                            employee.setUserName(iAuthenticationUser.getUsername());
                            employee.setPersonName(iAuthenticationUser.getPersonname());
                            employee.setUAAUserId(iAuthenticationUser.getUserid());
                        } else if (DataTypeUtils.getIntegerValue(Integer.valueOf(iAuthenticationUser.getSuperuser()), 0).intValue() == 1) {
                            employee = new Employee();
                            employee.setUserId(iAuthenticationUser.getUserid());
                            employee.setUserName(iAuthenticationUser.getUsername());
                            employee.setPersonName(iAuthenticationUser.getPersonname());
                            employee.setUAAUserId(iAuthenticationUser.getUserid());
                            employee.setSuperUser(1);
                        }
                        EmployeeContext employeeContext = null;
                        if (employee != null) {
                            employeeContext = new EmployeeContext(employee, null, header3, collection);
                        }
                        UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken(iAuthenticationUser, employeeContext, iAuthenticationUser.getAuthorities());
                        usernamePasswordAuthenticationToken.setDetails(employeeContext);
                        SecurityContextHolder.getContext().setAuthentication(usernamePasswordAuthenticationToken);
                        UserContext.setCurrent(employeeContext);
                        return true;
                    }
                } catch (Throwable th) {
                    log.debug(th);
                }
                httpServletResponse.setStatus(HttpStatus.UNAUTHORIZED.value());
                return false;
            } catch (Throwable th2) {
                throw new ServletException(th2);
            }
        } catch (Throwable th3) {
            log.debug(th3);
            httpServletResponse.setStatus(HttpStatus.UNAUTHORIZED.value());
            return false;
        }
    }

    @Override // net.ibizsys.central.cloud.core.servlet.IServiceHubFilter
    public boolean redoFilter() throws IOException, ServletException {
        HttpServletRequest httpServletRequest = null;
        ServletRequestAttributes requestAttributes = RequestContextHolder.getRequestAttributes();
        if (requestAttributes instanceof ServletRequestAttributes) {
            httpServletRequest = requestAttributes.getRequest();
        }
        if (httpServletRequest == null) {
            return false;
        }
        if (ObjectUtils.isEmpty(httpServletRequest.getAttribute(UAAFILTERTAG))) {
            log.debug(String.format("重做过滤操作", new Object[0]));
            return redoFilterInternal(httpServletRequest);
        }
        log.debug(String.format("无法重做过滤操作，已经进行过滤操作", new Object[0]));
        return false;
    }

    protected boolean redoFilterInternal(HttpServletRequest httpServletRequest) throws ServletException, IOException {
        UserContext.setCurrent((IUserContext) null);
        httpServletRequest.setAttribute(UAAFILTERTAG, "TRUE");
        String header = httpServletRequest.getHeader(getTokenHeader());
        if (header == null || !header.startsWith(getTokenPrefix())) {
            log.debug(String.format("请求[%1$s]未携带Token", httpServletRequest.getRequestURI()));
            return false;
        }
        String substring = StringUtils.hasLength(getTokenPrefix()) ? header.substring(getTokenPrefix().length()) : header;
        try {
            String usernameFromToken = getUsernameFromToken(substring);
            if (!StringUtils.hasLength(usernameFromToken)) {
                throw new Exception(String.format("Token未包含用户标识", new Object[0]));
            }
            String header2 = httpServletRequest.getHeader(ISysUAAUtilRuntime.HEADER_ORGID);
            String header3 = httpServletRequest.getHeader(ISysUAAUtilRuntime.HEADER_SYSTEMID);
            if ("undefined".equals(header3)) {
                header3 = null;
            }
            if ("undefined".equals(header2)) {
                header2 = null;
            }
            String header4 = httpServletRequest.getHeader(ISysUAAUtilRuntime.HEADER_DCSYSTEMID);
            String header5 = httpServletRequest.getHeader(ISysUAAUtilRuntime.HEADER_USERID);
            String header6 = httpServletRequest.getHeader("srfdcid");
            try {
                IAuthenticationUser iAuthenticationUser = (IAuthenticationUser) getSysCacheUtilRuntime(false).get(CloudCacheTagUtils.getAuthenticationUserTag(usernameFromToken), AuthenticationUser.class);
                if (iAuthenticationUser == null) {
                    log.debug(String.format("无法从缓存中获取当前用户认证信息", new Object[0]));
                    return false;
                }
                try {
                    if (!validateToken(substring, iAuthenticationUser)) {
                        return false;
                    }
                    if (iAuthenticationUser instanceof IAuthenticationUserRuntime) {
                        ((IAuthenticationUserRuntime) iAuthenticationUser).setToken(substring);
                        ((IAuthenticationUserRuntime) iAuthenticationUser).setExpirein(getExpireInFromToken(substring));
                    }
                    Employee employee = null;
                    Collection<IUAAGrantedAuthority> collection = null;
                    if (StringUtils.hasLength(header3) && StringUtils.hasLength(header6) && StringUtils.hasLength(header4) && StringUtils.hasLength(header5)) {
                        if (DataTypeUtils.getIntegerValue(Integer.valueOf(iAuthenticationUser.getApiuser()), 0).intValue() != 1 && DataTypeUtils.getIntegerValue(Integer.valueOf(iAuthenticationUser.getSuperuser()), 0).intValue() != 1) {
                            log.error(String.format("用户[%1$s][%2$s]使用API模式访问系统", iAuthenticationUser.getUserid(), iAuthenticationUser.getUsername()));
                            return false;
                        }
                        String header7 = httpServletRequest.getHeader(ISysUAAUtilRuntime.HEADER_USERNAME);
                        employee = new Employee();
                        employee.setSrfdcid(header6);
                        employee.setUserId(header5);
                        employee.setDCSystemId(header4);
                        if (StringUtils.hasLength(header7)) {
                            try {
                                employee.setPersonName(URLDecoder.decode(header7, "UTF-8"));
                            } catch (Exception e) {
                                log.error(e);
                                employee.setPersonName(header7);
                            }
                        }
                        if (DataTypeUtils.getIntegerValue(Integer.valueOf(iAuthenticationUser.getApiuser()), 0).intValue() == 1) {
                            employee.setSuperUser(1);
                        }
                        employee.setOrgId(header2);
                        String header8 = httpServletRequest.getHeader(ISysUAAUtilRuntime.HEADER_ORGCODE);
                        if (StringUtils.hasLength(header8)) {
                            employee.setOrgCode(header8);
                        }
                        String header9 = httpServletRequest.getHeader(ISysUAAUtilRuntime.HEADER_DEPTID);
                        if (StringUtils.hasLength(header9)) {
                            employee.setMDeptId(header9);
                        }
                        String header10 = httpServletRequest.getHeader(ISysUAAUtilRuntime.HEADER_DEPTCODE);
                        if (StringUtils.hasLength(header10)) {
                            employee.setMDeptCode(header10);
                        }
                        String header11 = httpServletRequest.getHeader(ISysUAAUtilRuntime.HEADER_PORGIDS);
                        if (StringUtils.hasLength(header11)) {
                            employee.setPOrgIds(header11);
                        }
                        String header12 = httpServletRequest.getHeader(ISysUAAUtilRuntime.HEADER_SORGIDS);
                        if (StringUtils.hasLength(header12)) {
                            employee.setSOrgIds(header12);
                        }
                        String header13 = httpServletRequest.getHeader(ISysUAAUtilRuntime.HEADER_PDEPTIDS);
                        if (StringUtils.hasLength(header13)) {
                            employee.setPDeptIds(header13);
                        }
                        String header14 = httpServletRequest.getHeader(ISysUAAUtilRuntime.HEADER_SDEPTIDS);
                        if (StringUtils.hasLength(header14)) {
                            employee.setSDeptIds(header14);
                        }
                    } else if (StringUtils.hasLength(header3) && StringUtils.hasLength(header2)) {
                        employee = getEmployee(iAuthenticationUser.getUsername(), iAuthenticationUser.getToken(), header3, header2);
                        if (employee != null && iAuthenticationUser.getSuperuser() == 1) {
                            employee.setSuperUser(1);
                        }
                        String str = null;
                        if (employee != null) {
                            str = employee.getDCSystemId();
                        }
                        if (StringUtils.hasLength(str)) {
                            collection = getGrantedAuthorities(iAuthenticationUser.getUsername(), iAuthenticationUser.getToken(), str);
                        }
                    } else if (StringUtils.hasLength(header3) && ICloudSaaSUtilRuntime.SYSTEMID_PORTAL.equalsIgnoreCase(header3)) {
                        employee = new Employee();
                        employee.setUserId(iAuthenticationUser.getUserid());
                        employee.setUserName(iAuthenticationUser.getUsername());
                        employee.setPersonName(iAuthenticationUser.getPersonname());
                        employee.setUAAUserId(iAuthenticationUser.getUserid());
                    } else if (DataTypeUtils.getIntegerValue(Integer.valueOf(iAuthenticationUser.getSuperuser()), 0).intValue() == 1) {
                        employee = new Employee();
                        employee.setUserId(iAuthenticationUser.getUserid());
                        employee.setUserName(iAuthenticationUser.getUsername());
                        employee.setPersonName(iAuthenticationUser.getPersonname());
                        employee.setUAAUserId(iAuthenticationUser.getUserid());
                        employee.setSuperUser(1);
                    }
                    EmployeeContext employeeContext = null;
                    if (employee != null) {
                        employeeContext = new EmployeeContext(employee, null, header3, collection);
                    }
                    UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken(iAuthenticationUser, employeeContext, iAuthenticationUser.getAuthorities());
                    usernamePasswordAuthenticationToken.setDetails(employeeContext);
                    SecurityContextHolder.getContext().setAuthentication(usernamePasswordAuthenticationToken);
                    UserContext.setCurrent(employeeContext);
                    return true;
                } catch (Throwable th) {
                    log.debug(th);
                    return false;
                }
            } catch (Throwable th2) {
                log.debug(th2);
                return false;
            }
        } catch (Throwable th3) {
            log.debug(th3);
            return false;
        }
    }

    public String getLogicName() {
        return String.format("系统UAA功能组件[%1$s]", getName());
    }

    @Override // net.ibizsys.central.cloud.core.sysutil.ISysUAAUtilRuntime
    public AppData getAppData(final String str, final String str2) {
        final IAuthenticationUser currentMust = AuthenticationUser.getCurrentMust();
        return (AppData) executeAction("获取用户应用数据", new IAction() { // from class: net.ibizsys.central.cloud.core.sysutil.SysUAAUtilRuntimeBase.2
            public Object execute(Object[] objArr) throws Throwable {
                return SysUAAUtilRuntimeBase.this.onGetAppData(currentMust, str, str2);
            }
        }, null, AppData.class);
    }

    protected AppData onGetAppData(IAuthenticationUser iAuthenticationUser, String str, String str2) throws Throwable {
        HttpServletRequest httpServletRequest = null;
        ServletRequestAttributes requestAttributes = RequestContextHolder.getRequestAttributes();
        if (requestAttributes instanceof ServletRequestAttributes) {
            httpServletRequest = requestAttributes.getRequest();
        }
        return ((ICloudUAAClient) getSysCloudClientUtilRuntime().getRawServiceClient(ICloudUtilRuntime.CLOUDSERVICE_UAA).getProxyClient(ICloudUAAClient.class)).getAppData(str, str2, StringUtils.hasLength(getTokenPrefix()) ? getTokenPrefix() + iAuthenticationUser.getToken() : iAuthenticationUser.getToken(), httpServletRequest.getHeader(ISysUAAUtilRuntime.HEADER_REALIP));
    }

    @Override // net.ibizsys.central.cloud.core.sysutil.ISysUAAUtilRuntime
    public IEmployeeContext getEmployeeContext(final String str, final String str2, final boolean z) {
        final IAuthenticationUser currentMust = AuthenticationUser.getCurrentMust();
        return (IEmployeeContext) executeAction("获取机构用户上下文", new IAction() { // from class: net.ibizsys.central.cloud.core.sysutil.SysUAAUtilRuntimeBase.3
            public Object execute(Object[] objArr) throws Throwable {
                IEmployeeContext onGetEmployeeContext = SysUAAUtilRuntimeBase.this.onGetEmployeeContext(currentMust, str, str2);
                if (z) {
                    UserContext.setCurrent(onGetEmployeeContext);
                }
                return onGetEmployeeContext;
            }
        }, null, IEmployeeContext.class);
    }

    protected IEmployeeContext onGetEmployeeContext(IAuthenticationUser iAuthenticationUser, String str, String str2) throws Throwable {
        Employee employee = getEmployee(iAuthenticationUser.getUsername(), iAuthenticationUser.getToken(), str, str2);
        if (employee == null) {
            throw new Exception(String.format("机构用户身份无效", new Object[0]));
        }
        return new EmployeeContext(employee, null, str, getGrantedAuthorities(iAuthenticationUser.getUsername(), iAuthenticationUser.getToken(), employee.getDCSystemId()));
    }

    @Override // net.ibizsys.central.cloud.core.sysutil.ISysUAAUtilRuntime
    public IEmployeeContext getEmployeeContext(final IAuthenticationUser iAuthenticationUser, final Employee employee, final String str) {
        return (IEmployeeContext) executeAction("获取机构用户上下文", new IAction() { // from class: net.ibizsys.central.cloud.core.sysutil.SysUAAUtilRuntimeBase.4
            public Object execute(Object[] objArr) throws Throwable {
                return SysUAAUtilRuntimeBase.this.onGetEmployeeContext(iAuthenticationUser, employee, str);
            }
        }, null, IEmployeeContext.class);
    }

    protected IEmployeeContext onGetEmployeeContext(IAuthenticationUser iAuthenticationUser, Employee employee, String str) throws Throwable {
        return new EmployeeContext(employee, null, str, getGrantedAuthorities(iAuthenticationUser.getUsername(), iAuthenticationUser.getToken(), employee.getDCSystemId()));
    }

    @Override // net.ibizsys.central.cloud.core.sysutil.ISysUAAUtilRuntime
    public IAuthenticationUser getAuthenticationUser(String str) {
        return getAuthenticationUser(str, true);
    }

    @Override // net.ibizsys.central.cloud.core.sysutil.ISysUAAUtilRuntime
    public IAuthenticationUser getAuthenticationUser(final String str, final boolean z) {
        return (IAuthenticationUser) executeAction("获取认证用户", new IAction() { // from class: net.ibizsys.central.cloud.core.sysutil.SysUAAUtilRuntimeBase.5
            public Object execute(Object[] objArr) throws Throwable {
                return SysUAAUtilRuntimeBase.this.onGetAuthenticationUser(str, z);
            }
        }, null, IAuthenticationUser.class);
    }

    protected IAuthenticationUser onGetAuthenticationUser(String str, boolean z) throws Throwable {
        String usernameFromToken = getUsernameFromToken(str);
        if (!StringUtils.hasLength(usernameFromToken)) {
            throw new Exception(String.format("Token未包含用户标识", new Object[0]));
        }
        IAuthenticationUser iAuthenticationUser = (IAuthenticationUser) getSysCacheUtilRuntime().get(CloudCacheTagUtils.getAuthenticationUserTag(usernameFromToken), AuthenticationUser.class);
        if (iAuthenticationUser == null) {
            throw new Exception(String.format("无法获取Token相关的用户身份信息", new Object[0]));
        }
        if (z && !validateToken(str, iAuthenticationUser)) {
            throw new Exception("鉴别用户凭证失败");
        }
        if (iAuthenticationUser instanceof IAuthenticationUserRuntime) {
            ((IAuthenticationUserRuntime) iAuthenticationUser).setToken(str);
            ((IAuthenticationUserRuntime) iAuthenticationUser).setExpirein(getExpireInFromToken(str));
        }
        return iAuthenticationUser;
    }

    protected Collection<IUAAGrantedAuthority> getGrantedAuthorities(String str, String str2, String str3) {
        return (Collection) getSysCacheUtilRuntime().get(CloudCacheTagUtils.getAuthenticationUserCat(str, str2), CloudCacheTagUtils.getUserAuthoritiesTag(str3), this.UAAGrantedAuthorityListType);
    }

    protected Employee getEmployee(String str, String str2, String str3, String str4) {
        return (Employee) getSysCacheUtilRuntime().get(CloudCacheTagUtils.getAuthenticationUserCat(str, str2), CloudCacheTagUtils.getUserEmployeeTag(str3, str4), Employee.class);
    }

    @Override // net.ibizsys.central.cloud.core.sysutil.ISysUAAUtilRuntime
    public Employee getEmployee(String str, String str2, boolean z) {
        IAuthenticationUser currentMust = AuthenticationUser.getCurrentMust();
        Employee employee = getEmployee(currentMust.getUsername(), currentMust.getToken(), str, str2);
        if (employee != null || z) {
            return employee;
        }
        throw new SystemRuntimeException(getSystemRuntimeBase(), this, String.format("无法从缓存中获取指定机构人员", new Object[0]));
    }
}
