package com.springframework.boxes.oauth.starter.upm;

import com.github.dennisit.vplus.data.security.AuthorityIFace;
import com.spring.boxes.dollar.DigestUtils;
import com.spring.boxes.dollar.JSONUtils;
import com.spring.boxes.dollar.TimeUtils;
import com.spring.boxes.dollar.WebUtils;
import com.spring.boxes.dollar.support.ApiException;
import com.spring.boxes.dollar.term.Authority;
import com.springframework.boxes.oauth.starter.bean.SignInRequest;
import com.springframework.boxes.oauth.starter.jwt.JwtProperties;
import com.springframework.boxes.oauth.starter.jwt.JwtSubject;
import com.springframework.boxes.oauth.starter.jwt.JwtToken;
import java.util.HashMap;
import java.util.Map;
import java.util.Optional;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.DisabledAccountException;
import org.apache.shiro.authc.IncorrectCredentialsException;
import org.apache.shiro.authc.LockedAccountException;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.subject.Subject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.util.Assert;

/* loaded from: input_file:com/springframework/boxes/oauth/starter/upm/UpmTemplate.class */
public class UpmTemplate {
    private static final Logger log = LoggerFactory.getLogger(UpmTemplate.class);
    private JwtProperties jwtProperties;
    private AuthorityIFace<Authority, Long> authorityIFace;

    public Map<String, String> login(SignInRequest signInRequest) {
        Assert.isTrue(null != signInRequest, "登录信息不能为空");
        signInRequest.validate();
        Authority selectByEmail = this.authorityIFace.selectByEmail(signInRequest.getAccount());
        if (null == selectByEmail) {
            throw new ApiException("账号不存在");
        }
        if (!selectByEmail.getPassword().equals(DigestUtils.md5Hex(signInRequest.getPassword(), selectByEmail.getSalt()))) {
            throw new ApiException("密码不正确");
        }
        HashMap hashMap = new HashMap(4);
        hashMap.put(JwtSubject.Fields.USER_ID, String.valueOf(selectByEmail.getUserId()));
        hashMap.put(JwtSubject.Fields.ACCOUNT, signInRequest.getAccount());
        try {
            JwtToken jwtToken = new JwtToken(JwtSubject.create(hashMap, selectByEmail.getPassword()), this.jwtProperties.getExpiresInMinutes());
            Subject subject = SecurityUtils.getSubject();
            subject.login(jwtToken);
            if (subject.isAuthenticated()) {
                hashMap.put(JwtSubject.Fields.EXPIRE, String.valueOf(jwtToken.getExpiresInMinutes()));
                hashMap.put(this.jwtProperties.getTokenName(), String.valueOf(jwtToken.getCredentials()));
                log.info("[用户登入] account:{}, token:{}, time:{},", new Object[]{signInRequest.getAccount(), JSONUtils.toJSON(jwtToken), TimeUtils.nowFormat("yyyy-MM-dd HH:mm:ss")});
            }
            return hashMap;
        } catch (UnknownAccountException e) {
            throw new ApiException("账号或密码不正确!", e);
        } catch (LockedAccountException e2) {
            throw new ApiException("账号违规被锁定!", e2);
        } catch (DisabledAccountException e3) {
            throw new ApiException("用户权限级别太低无法登入!", e3);
        } catch (IncorrectCredentialsException e4) {
            throw new ApiException("账号或密码错误!", e4);
        } catch (AuthenticationException e5) {
            throw new ApiException("用户或密码不正确");
        } catch (Throwable th) {
            throw new ApiException("网络错误,请稍后重试!", th);
        }
    }

    public boolean logout() {
        Subject subject = SecurityUtils.getSubject();
        subject.logout();
        WebUtils.clearCookie(this.jwtProperties.getTokenName());
        log.info("[用户登出] account:{}, time:{}", Optional.ofNullable((Authority) subject.getPrincipal()).map(authority -> {
            return authority.getAccount();
        }), TimeUtils.nowFormat("yyyy-MM-dd HH:mm:ss"));
        return true;
    }

    public JwtProperties getJwtProperties() {
        return this.jwtProperties;
    }

    public AuthorityIFace<Authority, Long> getAuthorityIFace() {
        return this.authorityIFace;
    }

    public UpmTemplate() {
    }

    public UpmTemplate(JwtProperties jwtProperties, AuthorityIFace<Authority, Long> authorityIFace) {
        this.jwtProperties = jwtProperties;
        this.authorityIFace = authorityIFace;
    }
}
