package cn.ibizlab.util.service;

import cn.ibizlab.util.client.IBZUAAFeignClient;
import cn.ibizlab.util.errors.BadRequestAlertException;
import cn.ibizlab.util.errors.UnauthorizedException;
import cn.ibizlab.util.helper.BeanCache;
import cn.ibizlab.util.security.AuthenticationUser;
import cn.ibizlab.util.security.AuthenticationUserImpl;
import cn.ibizlab.util.security.UAACustomAuthority;
import cn.ibizlab.util.security.UAADEAuthority;
import cn.ibizlab.util.security.UAAGrantedAuthority;
import com.fasterxml.jackson.core.type.TypeReference;
import com.fasterxml.jackson.databind.ObjectMapper;
import java.io.IOException;
import java.net.URLDecoder;
import java.nio.charset.StandardCharsets;
import java.util.Collection;
import java.util.HashMap;
import java.util.LinkedHashMap;
import java.util.Map;
import java.util.stream.Collectors;
import javax.servlet.http.HttpServletRequest;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.autoconfigure.condition.ConditionalOnExpression;
import org.springframework.context.annotation.Lazy;
import org.springframework.data.redis.core.RedisTemplate;
import org.springframework.stereotype.Service;
import org.springframework.util.DigestUtils;
import org.springframework.util.ObjectUtils;
import org.springframework.util.StringUtils;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;

@Service("CloudUserService")
@ConditionalOnExpression("${ibiz.enablePermissionValid:false} && ( '${ibiz.ref.service.rt.version:}'.equals('CLOUDRT') || '${ibiz.auth.service:IBZUAAUserService}'.equals('CloudUserService') )")
/* loaded from: input_file:cn/ibizlab/util/service/CloudUserService.class */
public class CloudUserService extends IBZUAAUserService {
    private static final Logger log = LoggerFactory.getLogger(CloudUserService.class);

    @Autowired
    @Lazy
    private RedisTemplate redisTemplate;

    @Value("${ibiz.jwt.header:Authorization}")
    private String tokenHeader;
    private ObjectMapper objectMapper = new ObjectMapper();
    private TypeReference<Collection<UAAGrantedAuthority>> UAAGrantedAuthorityListType = new TypeReference<Collection<UAAGrantedAuthority>>() { // from class: cn.ibizlab.util.service.CloudUserService.1
    };

    @Autowired
    private IBZUAAFeignClient uaaFeignClient;

    public AuthenticationUser loadUserByUsername(String str) {
        HttpServletRequest request;
        String header;
        Object obj = this.redisTemplate.opsForValue().get("ibiz-cloud-uaa-user-" + str);
        if (obj == null) {
            throw new BadRequestAlertException("登录失败", "CloudUser", str);
        }
        try {
            AuthenticationUser authenticationUser = (AuthenticationUser) this.objectMapper.readValue(this.objectMapper.writeValueAsBytes(obj), AuthenticationUserImpl.class);
            ServletRequestAttributes requestAttributes = RequestContextHolder.getRequestAttributes();
            if (requestAttributes != null && (header = (request = requestAttributes.getRequest()).getHeader(this.tokenHeader)) != null && header.startsWith("Bearer ")) {
                String substring = header.substring(7);
                String header2 = request.getHeader("srforgid");
                String header3 = request.getHeader("srfsystemid");
                String header4 = request.getHeader("srfdcsystemid");
                String header5 = request.getHeader("srfuserid");
                String header6 = request.getHeader("srfdcid");
                if ("undefined".equals(header3)) {
                    header3 = null;
                }
                if ("undefined".equals(header2)) {
                    header2 = null;
                }
                if (StringUtils.hasLength(header3) && StringUtils.hasLength(header6) && StringUtils.hasLength(header4) && StringUtils.hasLength(header5)) {
                    if (!authenticationUser.isApiUser() && !authenticationUser.isSuperUser()) {
                        log.error(String.format("用户[%1$s][%2$s]使用API模式访问系统", authenticationUser.getUserid(), authenticationUser.getUsername()));
                        throw new UnauthorizedException(String.format("用户[%1$s][%2$s]使用API模式访问系统", authenticationUser.getUserid(), authenticationUser.getUsername()));
                    }
                    String header7 = request.getHeader("srfusername");
                    authenticationUser.set("srfdcid", header6);
                    authenticationUser.setUserid(header5);
                    authenticationUser.set("dcsystemid", header4);
                    if (StringUtils.hasLength(header7)) {
                        try {
                            authenticationUser.setPersonName(URLDecoder.decode(header7, "UTF-8"));
                        } catch (Exception e) {
                            log.error(e.getMessage());
                            authenticationUser.setPersonName(header7);
                        }
                    }
                    authenticationUser.setOrgId(header2);
                    String header8 = request.getHeader("srforgcode");
                    if (StringUtils.hasLength(header8)) {
                        authenticationUser.setOrgCode(header8);
                    }
                    String header9 = request.getHeader("srfdeptid");
                    if (StringUtils.hasLength(header9)) {
                        authenticationUser.setMainDeptId(header9);
                    }
                    String header10 = request.getHeader("srfdeptcode");
                    if (StringUtils.hasLength(header10)) {
                        authenticationUser.setMainDeptCode(header10);
                    }
                    String header11 = request.getHeader("srfporgids");
                    if (StringUtils.hasLength(header11)) {
                        authenticationUser.getSessionParams().put("srfporg", header11);
                    }
                    String header12 = request.getHeader("srfsorgids");
                    if (StringUtils.hasLength(header12)) {
                        authenticationUser.getSessionParams().put("srfsorg", header12);
                    }
                    String header13 = request.getHeader("srfpdeptids");
                    if (StringUtils.hasLength(header13)) {
                        authenticationUser.getSessionParams().put("srfpdept", header13);
                    }
                    String header14 = request.getHeader("srfsdeptids");
                    if (StringUtils.hasLength(header14)) {
                        authenticationUser.getSessionParams().put("srfsdept", header14);
                    }
                } else if (StringUtils.hasLength(header3) && StringUtils.hasLength(header2)) {
                    this.uaaFeignClient.getAppData();
                    AuthenticationUser employee = getEmployee(header3, header2, authenticationUser.getUsername(), substring);
                    if (employee != null) {
                        if (authenticationUser.isSuperUser()) {
                            employee.setSuperUser(1);
                        }
                        authenticationUser = employee;
                    }
                    String str2 = null;
                    if (authenticationUser != null && authenticationUser.get("dcsystemid") != null) {
                        str2 = authenticationUser.get("dcsystemid").toString();
                    }
                    if (StringUtils.hasLength(str2)) {
                        Collection grantedAuthorities = getGrantedAuthorities(str2, authenticationUser.getUsername(), substring);
                        if (!ObjectUtils.isEmpty(grantedAuthorities)) {
                            if (authenticationUser.isSuperUser()) {
                                grantedAuthorities.add("ROLE_SUPERADMIN");
                            }
                            HashMap hashMap = new HashMap();
                            hashMap.put("authorities", grantedAuthorities);
                            authenticationUser.setPermissionList(hashMap);
                        }
                    }
                }
            }
            return authenticationUser;
        } catch (IOException e2) {
            throw new BadRequestAlertException("登录失败", "CloudUser", str);
        }
    }

    protected Collection getGrantedAuthorities(String str, String str2, String str3) {
        Object obj = this.redisTemplate.opsForHash().get(String.format("ibiz-cloud-uaa-cat-%1$s--%2$s", str2, DigestUtils.md5DigestAsHex(str3.getBytes(StandardCharsets.UTF_8))), String.format("authorities-%1$s", str));
        if (ObjectUtils.isEmpty(obj)) {
            return null;
        }
        try {
            LinkedHashMap linkedHashMap = new LinkedHashMap();
            Collection collection = (Collection) this.objectMapper.readValue(this.objectMapper.writeValueAsString(obj), this.UAAGrantedAuthorityListType);
            if (ObjectUtils.isEmpty(collection)) {
                return null;
            }
            collection.forEach(uAAGrantedAuthority -> {
                if (!(uAAGrantedAuthority instanceof UAADEAuthority)) {
                    linkedHashMap.put(uAAGrantedAuthority.getAuthority(), uAAGrantedAuthority.getAuthority());
                    return;
                }
                UAADEAuthority uAADEAuthority = (UAADEAuthority) uAAGrantedAuthority;
                uAADEAuthority.setEntityCode(BeanCache.get(uAADEAuthority.getEntity()).getCodeName());
                if (ObjectUtils.isEmpty(uAADEAuthority.getEntityCode())) {
                    return;
                }
                uAADEAuthority.getAuthorities().forEach(str4 -> {
                    if (!str4.endsWith("-custom")) {
                        linkedHashMap.put(str4, str4);
                        return;
                    }
                    UAACustomAuthority uAACustomAuthority = new UAACustomAuthority();
                    uAACustomAuthority.setSystemid(uAADEAuthority.getSystemid());
                    uAACustomAuthority.setEntity(uAADEAuthority.getEntity());
                    uAACustomAuthority.setEntityCode(uAADEAuthority.getEntityCode());
                    uAACustomAuthority.setBscope(uAADEAuthority.getBscope());
                    uAACustomAuthority.setAuthority(DigestUtils.md5DigestAsHex((str4 + uAADEAuthority.getBscope()).getBytes()));
                    linkedHashMap.put(uAACustomAuthority.getAuthority(), uAACustomAuthority);
                });
            });
            return (Collection) linkedHashMap.values().stream().collect(Collectors.toList());
        } catch (IOException e) {
            return null;
        }
    }

    protected AuthenticationUser getEmployee(String str, String str2, String str3, String str4) {
        Object obj = this.redisTemplate.opsForHash().get(String.format("ibiz-cloud-uaa-cat-%1$s--%2$s", str3, DigestUtils.md5DigestAsHex(str4.getBytes(StandardCharsets.UTF_8))), String.format("sysemp-%1$s--%2$s", str, str2));
        if (ObjectUtils.isEmpty(obj)) {
            return null;
        }
        try {
            return (AuthenticationUser) this.objectMapper.readValue(this.objectMapper.writeValueAsString(obj), AuthenticationUser.class);
        } catch (IOException e) {
            return null;
        }
    }

    public Map getAppData(String str, boolean z) {
        Map appData = this.uaaFeignClient.getAppData();
        return ObjectUtils.isEmpty(appData) ? super.getAppData(str, z) : appData;
    }
}
