package com.elitescloud.cloudt.system.service.impl;

import com.elitescloud.boot.SpringContextHolder;
import com.elitescloud.boot.auth.config.AuthorizationSdkProperties;
import com.elitescloud.boot.auth.model.OAuthToken;
import com.elitescloud.boot.auth.provider.security.grant.InternalAuthenticationGranter;
import com.elitescloud.boot.auth.provider.sso2.common.TicketProvider;
import com.elitescloud.boot.core.base.BaseServiceImpl;
import com.elitescloud.boot.exception.BusinessException;
import com.elitescloud.boot.util.JwtUtil;
import com.elitescloud.boot.util.RsaUtil;
import com.elitescloud.boot.util.encrypt.BaseEncrypt;
import com.elitescloud.cloudt.common.base.ApiResult;
import com.elitescloud.cloudt.context.util.HttpServletUtil;
import com.elitescloud.cloudt.system.common.IdEncodedTypeEnum;
import com.elitescloud.cloudt.system.service.AuthUserService;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.UnrecoverableKeyException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.cloud.bootstrap.encrypt.KeyProperties;
import org.springframework.security.crypto.encrypt.TextEncryptor;
import org.springframework.stereotype.Service;
import org.springframework.util.Assert;
import org.springframework.util.StringUtils;

@Service
/* loaded from: input_file:com/elitescloud/cloudt/system/service/impl/AuthUserServiceImpl.class */
public class AuthUserServiceImpl extends BaseServiceImpl implements AuthUserService {
    private static final Logger log = LoggerFactory.getLogger(AuthUserServiceImpl.class);

    @Autowired
    private InternalAuthenticationGranter authenticationGranter;

    @Autowired
    private AuthorizationSdkProperties authorizationSdkProperties;

    @Autowired
    private TextEncryptor encryptor;

    @Autowired
    private KeyProperties keyProperties;
    private PrivateKey privateKey;

    @Override // com.elitescloud.cloudt.system.service.AuthUserService
    public ApiResult<OAuthToken> authenticate(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, String str2) {
        Assert.hasText(str2, "账户标识为空");
        InternalAuthenticationGranter.IdType idType = InternalAuthenticationGranter.IdType.USERNAME;
        if (StringUtils.hasText(str)) {
            try {
                idType = InternalAuthenticationGranter.IdType.valueOf(str);
            } catch (IllegalArgumentException e) {
                return ApiResult.fail("不支持的账号标识类型：" + str);
            }
        }
        InternalAuthenticationGranter.InternalAuthenticationToken internalAuthenticationToken = new InternalAuthenticationGranter.InternalAuthenticationToken(idType, str2);
        if (httpServletRequest == null) {
            httpServletRequest = HttpServletUtil.currentRequest();
        }
        if (httpServletRequest != null) {
            httpServletRequest.setAttribute("cloudtClientId", this.authorizationSdkProperties.getCasClient().getOauth2Client().getClientId());
        }
        try {
            return ApiResult.ok(this.authenticationGranter.authenticate(httpServletRequest, httpServletResponse, internalAuthenticationToken));
        } catch (Exception e2) {
            log.info("认证异常：", e2);
            return ApiResult.fail("认证失败，" + e2.getMessage());
        }
    }

    @Override // com.elitescloud.cloudt.system.service.AuthUserService
    public ApiResult<OAuthToken> authenticateForEncoded(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, String str2, String str3) {
        Assert.hasText(str2, "账户标识为空");
        try {
            return authenticate(httpServletRequest, httpServletResponse, str, decode(str2, str3));
        } catch (Exception e) {
            log.info("解密认证异常：{}，{}", new Object[]{str2, str3, e});
            return ApiResult.fail("解密失败，" + e.getMessage());
        }
    }

    @Override // com.elitescloud.cloudt.system.service.AuthUserService
    public ApiResult<String> ticket2Token(String str) {
        return !StringUtils.hasText(str) ? ApiResult.fail("ticket为空") : ApiResult.ok((String) ((TicketProvider) SpringContextHolder.getBean(TicketProvider.class)).exchangeTicket(str));
    }

    private String decode(String str, String str2) throws Exception {
        String str3;
        IdEncodedTypeEnum idEncodedTypeEnum = IdEncodedTypeEnum.RSA;
        if (StringUtils.hasText(str2)) {
            try {
                idEncodedTypeEnum = IdEncodedTypeEnum.valueOf(str2);
            } catch (IllegalArgumentException e) {
                throw new IllegalArgumentException("不支持的解密算法" + str2);
            }
        }
        switch (idEncodedTypeEnum) {
            case NOOP:
                str3 = str;
                break;
            case CONFIG:
                str3 = this.encryptor.decrypt(str);
                break;
            case RSA:
                str3 = RsaUtil.decrypt(loadPrivateKey(), (String) null, str);
                break;
            case BASE64:
                str3 = new String(BaseEncrypt.decodeBase64(str));
                break;
            default:
                throw new BusinessException("暂不支持的加密方式" + str2);
        }
        String[] split = str3.split("&");
        if (split.length < 2) {
            throw new IllegalArgumentException("账号标识的格式不正确");
        }
        if (Math.abs(System.currentTimeMillis() - Long.parseLong(split[1])) > 300000) {
            throw new IllegalArgumentException("认证已超时");
        }
        return split[0];
    }

    private PrivateKey loadPrivateKey() throws UnrecoverableKeyException, KeyStoreException, NoSuchAlgorithmException {
        if (this.privateKey != null) {
            return this.privateKey;
        }
        KeyProperties.KeyStore keyStore = this.keyProperties.getKeyStore();
        this.privateKey = (PrivateKey) JwtUtil.loadKeystore(keyStore.getLocation(), keyStore.getType(), keyStore.getPassword(), keyStore.getAlias(), keyStore.getSecret()).getKey(keyStore.getAlias(), keyStore.getSecret().toCharArray());
        return this.privateKey;
    }
}
