package com.elitesland.yst.core.security.component;

import cn.hutool.core.date.LocalDateTimeUtil;
import cn.hutool.core.lang.Assert;
import cn.hutool.core.util.BooleanUtil;
import cn.hutool.core.util.NumberUtil;
import cn.hutool.core.util.ObjectUtil;
import cn.hutool.core.util.StrUtil;
import com.alibaba.fastjson.JSON;
import com.elitesland.yst.common.util.RedisUtils;
import com.elitesland.yst.core.exception.YstAccountLockException;
import com.elitesland.yst.core.security.config.properties.OauthPasswordProperties;
import com.elitesland.yst.core.security.jwt.JwtProperties;
import com.elitesland.yst.system.vo.SysUserDTO;
import java.time.LocalDateTime;
import java.time.temporal.ChronoUnit;
import java.util.Optional;
import java.util.concurrent.TimeUnit;
import javax.validation.constraints.NotNull;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.oauth2.common.DefaultOAuth2AccessToken;
import org.springframework.stereotype.Service;

@Service
/* loaded from: input_file:com/elitesland/yst/core/security/component/LoginLimitService.class */
public class LoginLimitService {
    private static final Logger log = LoggerFactory.getLogger(LoginLimitService.class);
    private final RedisUtils redisUtils;
    private final OauthPasswordProperties oauthPasswordProperties;
    private final JwtProperties jwtProperties;

    public boolean validBeforeLogin(@NotNull String str, @NotNull String str2) {
        log.info("op=start validBeforeLogin, loginId={},clientId=", str, str2);
        Assert.notBlank(str, "账号唯一标识(loginId)不能为空！", new Object[0]);
        String str3 = getUserAccountLockStatusRedisKeyPrefix() + str;
        if (BooleanUtil.isTrue(Boolean.valueOf(this.redisUtils.hasKey(str3))) && "lock".equals(this.redisUtils.get(str3))) {
            throw new YstAccountLockException(StrUtil.format("密码输入错误次数过多，账号已锁定，请联系管理员重置密码再登录或者使用正确密码{}小时后重试！", new Object[]{Long.valueOf(TimeUnit.MINUTES.toHours(this.oauthPasswordProperties.getLockAccountMinutes().intValue()))}));
        }
        if (getErrorTimesByUserId(str).intValue() >= this.oauthPasswordProperties.getLockAccountWhenErrorTimes().intValue()) {
            throw new YstAccountLockException(StrUtil.format("密码输入错误次数过多，账号已锁定，请联系管理员重置密码再登录或者使用正确密码{}小时后重试！", new Object[]{Long.valueOf(TimeUnit.MINUTES.toHours(this.oauthPasswordProperties.getLockAccountMinutes().intValue()))}));
        }
        handleRepeatLoginRedisKey(str, StrUtil.trimToEmpty(str2));
        return Boolean.TRUE.booleanValue();
    }

    public Boolean handleRepeatLoginRedisKey(@NotNull String str, String str2) {
        if (isHadLogin(str, str2)) {
            removeLoginStatusByUserId(str, str2);
        } else {
            log.info("用户{}没有在token有效期内再次登录", str);
        }
        return Boolean.TRUE;
    }

    public boolean isHadLogin(String str, String str2) {
        return this.redisUtils.hasKey(getUserAccountLoginStatusRedisKey(str, str2));
    }

    private boolean removeErrorTimesByUserId(String str) {
        log.info("op=start removeErrorTimesByUserId, loginId={}", str);
        Assert.notBlank(str, "账号唯一标识(loginId)不能为空！", new Object[0]);
        this.redisUtils.del(new String[]{getUserErrorTimesRedisKeyPrefix() + str});
        this.redisUtils.del(new String[]{getUserAccountLockStatusRedisKeyPrefix() + str});
        return Boolean.TRUE.booleanValue();
    }

    private boolean removeLoginStatusByUserId(String str, String str2) {
        log.info("op=start removeLoginStatusByUserId, loginId={}", str);
        Assert.notBlank(str, "账号唯一标识(loginId)不能为空！", new Object[0]);
        this.redisUtils.del(new String[]{getUserAccountLoginStatusRedisKey(str, str2)});
        return Boolean.TRUE.booleanValue();
    }

    public Integer getErrorTimesByUserId(String str) {
        log.info("op=start getErrorTimesByUserId, loginId={}", str);
        Assert.notBlank(str, "账号唯一标识(loginId)不能为空！", new Object[0]);
        String str2 = getUserErrorTimesRedisKeyPrefix() + str;
        if (this.redisUtils.hasKey(str2)) {
            String str3 = (String) this.redisUtils.get(str2);
            if (NumberUtil.isNumber(str3)) {
                return Integer.valueOf(NumberUtil.parseInt(str3));
            }
        }
        return 0;
    }

    public Integer getMaxCanErrorTimesByUserId(String str) {
        return (Integer) ObjectUtil.defaultIfNull(this.oauthPasswordProperties.getLockAccountWhenErrorTimes(), 5);
    }

    public boolean afterLoginSuccess(String str, String str2, DefaultOAuth2AccessToken defaultOAuth2AccessToken) {
        log.info("op=start afterLoginSuccess, loginId={}", str);
        Assert.notBlank(str, "账号唯一标识(loginId)不能为空！", new Object[0]);
        saveToken2Redis(str, str2, defaultOAuth2AccessToken.getValue(), Integer.valueOf(defaultOAuth2AccessToken.getExpiresIn()));
        return removeErrorTimesByUserId(str);
    }

    public String afterLoginFail(String str) {
        log.info("op=start afterLoginFail, loginId={}", str);
        Assert.notBlank(str, "账号唯一标识(loginId)不能为空！", new Object[0]);
        String str2 = getUserErrorTimesRedisKeyPrefix() + str;
        String str3 = getUserAccountLockStatusRedisKeyPrefix() + str;
        if (this.redisUtils.hasKey(str2)) {
            int parseInt = Integer.parseInt((String) this.redisUtils.get(str2)) + 1;
            this.redisUtils.set(str2, String.valueOf(parseInt), this.oauthPasswordProperties.getWatchErrorTimesDurationMinutes().intValue(), TimeUnit.MINUTES);
            if (ObjectUtil.compare(Integer.valueOf(parseInt), this.oauthPasswordProperties.getLockAccountWhenErrorTimes()) >= 0) {
                this.redisUtils.set(str3, "lock", this.oauthPasswordProperties.getLockAccountMinutes().intValue(), TimeUnit.MINUTES);
            }
        } else {
            this.redisUtils.set(str2, "1", this.oauthPasswordProperties.getWatchErrorTimesDurationMinutes().intValue(), TimeUnit.MINUTES);
        }
        return (String) this.redisUtils.get(str2);
    }

    public long getUserUnlockTime(String str, TimeUnit timeUnit) {
        return this.redisUtils.getExpire(getUserAccountLockStatusRedisKeyPrefix() + str, null == timeUnit ? TimeUnit.SECONDS : timeUnit);
    }

    private String getUserErrorTimesRedisKeyPrefix() {
        return this.redisUtils.createDefaultRedisKeyPrefix((String) null) + ":ACCOUNT_ERROR_TIMES:";
    }

    private String getUserAccountLockStatusRedisKeyPrefix() {
        return this.redisUtils.createDefaultRedisKeyPrefix((String) null) + ":ACCOUNT_LOCK_STATUS:";
    }

    public String getUserAccountLoginStatusRedisKeyPrefix() {
        return this.redisUtils.createDefaultRedisKeyPrefix((String) null) + ":ACCOUNT_LOGIN_STATUS:";
    }

    public String getUserAccountLoginStatusRedisKey(String str, String str2) {
        return this.redisUtils.createDefaultRedisKeyPrefix((String) null) + ":ACCOUNT_LOGIN_STATUS:" + str + ":" + StrUtil.trimToEmpty(str2);
    }

    public boolean afterUserUpdatePassword(String str) {
        removeErrorTimesByUserId(str);
        this.redisUtils.set(this.redisUtils.createDefaultRedisKeyPrefix((String) null) + ":LAST_UPDATE_PASSWORD_TIME:" + str, LocalDateTime.now(), 300L, TimeUnit.DAYS);
        return Boolean.TRUE.booleanValue();
    }

    public boolean afterUserResetPassword(String str) {
        removeErrorTimesByUserId(str);
        this.redisUtils.set(this.redisUtils.createDefaultRedisKeyPrefix((String) null) + ":LAST_UPDATE_PASSWORD_TIME:" + str, LocalDateTime.now(), 300L, TimeUnit.DAYS);
        return Boolean.TRUE.booleanValue();
    }

    public boolean handleUserNeedUpdatePasswordOrNot(SysUserDTO sysUserDTO) {
        log.info(" nacos的配置文件值为={}", JSON.toJSONString(this.oauthPasswordProperties));
        String username = sysUserDTO.getUsername();
        LocalDateTime localDateTime = (LocalDateTime) ObjectUtil.defaultIfNull((LocalDateTime) this.redisUtils.get(this.redisUtils.createDefaultRedisKeyPrefix((String) null) + ":LAST_UPDATE_PASSWORD_TIME:" + username), this.oauthPasswordProperties.getUnifiedTimeIsMmissingLastUpdateTime());
        Integer mustUpdatePasswordAfterDays = this.oauthPasswordProperties.getMustUpdatePasswordAfterDays();
        Integer tipsExpireInfoBeforeDays = this.oauthPasswordProperties.getTipsExpireInfoBeforeDays();
        long between = LocalDateTimeUtil.between(localDateTime, LocalDateTime.now(), ChronoUnit.DAYS);
        log.info(" {}用户计算的userLastUpdatePasswordTime={},maxEffectiveDays={},tipsExpireInfoBeforeDays={},betweenDays={}", new Object[]{username, localDateTime, mustUpdatePasswordAfterDays, tipsExpireInfoBeforeDays, Long.valueOf(between)});
        if (between >= mustUpdatePasswordAfterDays.intValue()) {
            sysUserDTO.setPasswordExpiredStatus("Expired");
            sysUserDTO.setWillExpiredLifeDays(0L);
        } else if (mustUpdatePasswordAfterDays.intValue() - tipsExpireInfoBeforeDays.intValue() > between || between >= mustUpdatePasswordAfterDays.intValue()) {
            sysUserDTO.setPasswordExpiredStatus("Not_Expired");
            sysUserDTO.setWillExpiredLifeDays(Long.valueOf(mustUpdatePasswordAfterDays.intValue() - Math.abs(between)));
        } else {
            sysUserDTO.setPasswordExpiredStatus("Expiring");
            sysUserDTO.setWillExpiredLifeDays(Long.valueOf(mustUpdatePasswordAfterDays.intValue() - between));
        }
        return Boolean.TRUE.booleanValue();
    }

    public boolean saveToken2Redis(String str, String str2, String str3, Integer num) {
        log.info("start saveToken2Redis, loginId={},token有效期={}", str, num);
        String userAccountLoginStatusRedisKey = getUserAccountLoginStatusRedisKey(str, str2);
        if (num == null || num.intValue() <= 0) {
            this.redisUtils.set(userAccountLoginStatusRedisKey, StrUtil.blankToDefault(str3, "Already login"), ((Integer) Optional.ofNullable(this.jwtProperties).map((v0) -> {
                return v0.getValidThru();
            }).orElse(360000)).intValue(), TimeUnit.SECONDS);
        } else {
            this.redisUtils.set(userAccountLoginStatusRedisKey, StrUtil.blankToDefault(str3, "Already login"), num.intValue(), TimeUnit.SECONDS);
        }
        return Boolean.TRUE.booleanValue();
    }

    public LoginLimitService(RedisUtils redisUtils, OauthPasswordProperties oauthPasswordProperties, JwtProperties jwtProperties) {
        this.redisUtils = redisUtils;
        this.oauthPasswordProperties = oauthPasswordProperties;
        this.jwtProperties = jwtProperties;
    }
}
