package com.elitescloud.boot.auth.provider.config;

import cn.hutool.core.text.CharSequenceUtil;
import com.elitescloud.boot.auth.cas.AuthorizeCacheable;
import com.elitescloud.boot.auth.cas.model.AuthUserDTO;
import com.elitescloud.boot.auth.cas.model.AuthorizeDTO;
import com.elitescloud.boot.auth.cas.provider.OAuth2ClientTemplate;
import com.elitescloud.boot.auth.cas.provider.PwdStrategyTransferHelper;
import com.elitescloud.boot.auth.cas.provider.UserTransferHelper;
import com.elitescloud.boot.auth.client.common.AuthorizationException;
import com.elitescloud.boot.auth.client.config.AuthorizationProperties;
import com.elitescloud.boot.auth.client.config.support.AuthenticationCallable;
import com.elitescloud.boot.auth.client.token.AbstractCustomAuthenticationToken;
import com.elitescloud.boot.auth.client.tool.RedisHelper;
import com.elitescloud.boot.auth.config.AuthorizationSdkProperties;
import com.elitescloud.boot.auth.model.Result;
import com.elitescloud.boot.auth.provider.cas.controller.CasSupportController;
import com.elitescloud.boot.auth.provider.cas.support.CasLoginSupportProvider;
import com.elitescloud.boot.auth.provider.cas.support.CasTokenPropertiesProvider;
import com.elitescloud.boot.auth.provider.provider.PwdExpiredTimeProvider;
import com.elitescloud.boot.auth.provider.security.AuthenticationCheckService;
import com.elitescloud.boot.auth.provider.security.TokenPropertiesProvider;
import com.elitescloud.boot.auth.provider.security.grant.CredentialCheckable;
import com.elitescloud.boot.auth.provider.security.grant.InternalAuthenticationGranter;
import com.elitescloud.cloudt.security.entity.GeneralUserDetails;
import java.util.HashMap;
import java.util.List;
import java.util.concurrent.TimeUnit;
import javax.annotation.Nullable;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.validation.constraints.NotNull;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.condition.ConditionalOnBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.context.annotation.Bean;
import org.springframework.security.authentication.AccountStatusException;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.userdetails.UsernameNotFoundException;

/* loaded from: input_file:com/elitescloud/boot/auth/provider/config/CloudtCasClientConfig.class */
class CloudtCasClientConfig {
    private final AuthorizationSdkProperties sdkProperties;

    @ConditionalOnProperty(prefix = "elitesland.authorization.sdk.cas-client", name = {"enabled"}, havingValue = "true")
    /* loaded from: input_file:com/elitescloud/boot/auth/provider/config/CloudtCasClientConfig$CasClientSupportConfig.class */
    static class CasClientSupportConfig {
        private static final Logger log = LoggerFactory.getLogger(CasClientSupportConfig.class);
        private final AuthorizationSdkProperties sdkProperties;

        public CasClientSupportConfig(AuthorizationSdkProperties authorizationSdkProperties) {
            this.sdkProperties = authorizationSdkProperties;
        }

        @Bean
        public AuthenticationCallable authenticationCallableCasClient(AuthorizationSdkProperties authorizationSdkProperties) {
            final String authServer = authorizationSdkProperties.getAuthServer();
            return new AuthenticationCallable() { // from class: com.elitescloud.boot.auth.provider.config.CloudtCasClientConfig.CasClientSupportConfig.1
                public void onLoginFailure(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, @Nullable Authentication authentication, @NotNull AuthenticationException authenticationException) {
                    CasClientSupportConfig.log.info("用户认证异常：", authenticationException);
                    if ((authenticationException instanceof UsernameNotFoundException) || (authenticationException instanceof AccountStatusException)) {
                        UserTransferHelper userTransferHelper = UserTransferHelper.getInstance(authServer);
                        if (authentication instanceof InternalAuthenticationGranter.InternalAuthenticationToken) {
                            InternalAuthenticationGranter.InternalAuthenticationToken internalAuthenticationToken = (InternalAuthenticationGranter.InternalAuthenticationToken) authentication;
                            Long l = null;
                            if (internalAuthenticationToken.getIdType() == InternalAuthenticationGranter.IdType.USER_ID) {
                                l = Long.valueOf(Long.parseLong(internalAuthenticationToken.getId()));
                            } else if (internalAuthenticationToken.getIdType() == InternalAuthenticationGranter.IdType.USERNAME) {
                                AuthUserDTO data = userTransferHelper.getUserByUsername(internalAuthenticationToken.getId()).getData();
                                if (data == null) {
                                    CasClientSupportConfig.log.error("自动禁用账号失败，账号{}不存在", internalAuthenticationToken.getId());
                                    return;
                                }
                                l = data.getId();
                            } else if (internalAuthenticationToken.getIdType() == InternalAuthenticationGranter.IdType.MOBILE) {
                                Result userIdByMobile = userTransferHelper.getUserIdByMobile(List.of(internalAuthenticationToken.getId()));
                                if (userIdByMobile.getData() == null || ((HashMap) userIdByMobile.getData()).isEmpty()) {
                                    CasClientSupportConfig.log.error("自动禁用账号失败，{}", userIdByMobile.getMsg());
                                    return;
                                }
                                l = (Long) ((HashMap) userIdByMobile.getData()).get(internalAuthenticationToken.getId());
                            } else if (internalAuthenticationToken.getIdType() == InternalAuthenticationGranter.IdType.EMAIL) {
                                Result userIdByEmail = userTransferHelper.getUserIdByEmail(List.of(internalAuthenticationToken.getId()));
                                if (userIdByEmail.getData() == null || ((HashMap) userIdByEmail.getData()).isEmpty()) {
                                    CasClientSupportConfig.log.error("自动禁用账号失败，{}", userIdByEmail.getMsg());
                                    return;
                                }
                                l = (Long) ((HashMap) userIdByEmail.getData()).get(internalAuthenticationToken.getId());
                            }
                            if (l == null) {
                                CasClientSupportConfig.log.error("暂不支持自动禁用账号：" + internalAuthenticationToken.getIdType());
                                return;
                            }
                            Result updateEnabled = userTransferHelper.updateEnabled(l.longValue(), false);
                            if (Boolean.FALSE.equals(updateEnabled.getSuccess())) {
                                CasClientSupportConfig.log.error("自动禁用账号失败：" + updateEnabled.getMsg());
                            }
                        }
                    }
                }
            };
        }

        @Bean
        public TokenPropertiesProvider casTokenPropertiesProvider(AuthorizationProperties authorizationProperties) {
            return new CasTokenPropertiesProvider(authorizationProperties, UserTransferHelper.getInstance(this.sdkProperties.getAuthServer()));
        }

        @ConditionalOnBean({RedisHelper.class})
        @Bean
        public AuthorizeCacheable authorizeCacheableRedis(final RedisHelper redisHelper) {
            return new AuthorizeCacheable() { // from class: com.elitescloud.boot.auth.provider.config.CloudtCasClientConfig.CasClientSupportConfig.2
                private static final String KEY_PREFIX = "cas:authorize:";

                public void setCache(String str, AuthorizeDTO authorizeDTO) {
                    try {
                        redisHelper.execute(redisUtils -> {
                            return Boolean.valueOf(redisUtils.set("cas:authorize:" + str, authorizeDTO, 7L, TimeUnit.DAYS));
                        });
                    } catch (Exception e) {
                        throw new IllegalStateException("登录异常", e);
                    }
                }

                public AuthorizeDTO get(String str) {
                    try {
                        return (AuthorizeDTO) redisHelper.execute(redisUtils -> {
                            return redisUtils.get("cas:authorize:" + str);
                        });
                    } catch (Exception e) {
                        throw new IllegalStateException("登录异常", e);
                    }
                }
            };
        }

        @Bean
        public CredentialCheckable credentialCheckableCasClient() {
            return new CredentialCheckable() { // from class: com.elitescloud.boot.auth.provider.config.CloudtCasClientConfig.CasClientSupportConfig.3
                private final UserTransferHelper userTransferHelper;

                {
                    this.userTransferHelper = UserTransferHelper.getInstance(CasClientSupportConfig.this.sdkProperties.getAuthServer());
                }

                @Override // com.elitescloud.boot.auth.provider.security.grant.CredentialCheckable
                public <T extends AbstractCustomAuthenticationToken<T>> boolean needCheck(T t, GeneralUserDetails generalUserDetails) {
                    String str = (String) t.getCredentials();
                    if (CharSequenceUtil.isBlank(str)) {
                        throw new BadCredentialsException("账号或密码不正确");
                    }
                    Long casUserId = generalUserDetails.getUser().getCasUserId();
                    if (casUserId == null) {
                        CasClientSupportConfig.log.info("未向CAS同步的账号，走本地密码校验：{}", casUserId);
                        return true;
                    }
                    if (Boolean.TRUE.equals(this.userTransferHelper.validatePwd(casUserId, str).getData())) {
                        return false;
                    }
                    throw new AuthorizationException("账号或密码错误");
                }
            };
        }

        @Bean
        public AuthenticationCheckService pwdExpiredTimeProvider() {
            return new PwdExpiredTimeProvider(this.sdkProperties, PwdStrategyTransferHelper.getInstance(this.sdkProperties.getAuthServer()));
        }
    }

    public CloudtCasClientConfig(AuthorizationSdkProperties authorizationSdkProperties) {
        this.sdkProperties = authorizationSdkProperties;
    }

    @Bean
    public CasLoginSupportProvider casLoginSupportProvider(AuthorizationProperties authorizationProperties, @Autowired(required = false) OAuth2ClientTemplate oAuth2ClientTemplate, @Autowired(required = false) InternalAuthenticationGranter internalAuthenticationGranter) {
        return new CasLoginSupportProvider(authorizationProperties, this.sdkProperties, oAuth2ClientTemplate, internalAuthenticationGranter);
    }

    @Bean
    public CasSupportController oAuth2LoginSupportController(CasLoginSupportProvider casLoginSupportProvider) {
        return new CasSupportController(casLoginSupportProvider);
    }
}
