package com.codingapi.sso.bus.service.impl;

import com.codingapi.common.mysql_mybatis.mybatis.syntax.Finder;
import com.codingapi.common.tools.util.Maps;
import com.codingapi.security.component.common.util.IpUtils;
import com.codingapi.security.sso.bus.client.ao.LoginReq;
import com.codingapi.security.sso.bus.client.ao.LoginRes;
import com.codingapi.security.sso.bus.client.ao.VerifyRes;
import com.codingapi.security.sso.client.ao.AuthenticationResult;
import com.codingapi.sso.bus.SsoBusException;
import com.codingapi.sso.bus.ao.token.ChildDevice;
import com.codingapi.sso.bus.db.ao.TokenOpsInfo;
import com.codingapi.sso.bus.db.domain.SubToken;
import com.codingapi.sso.bus.db.domain.TokenConfig;
import com.codingapi.sso.bus.db.domain.TokenStore;
import com.codingapi.sso.bus.db.mapper.SubTokenMapper;
import com.codingapi.sso.bus.db.redis.TokenOperator;
import com.codingapi.sso.bus.db.redis.UserPasswordCheckCounter;
import com.codingapi.sso.bus.service.SubTokenService;
import com.codingapi.sso.bus.service.UserSessionService;
import com.codingapi.sso.bus.utils.DeviceResolveHelper;
import com.codingapi.sso.bus.utils.RejectUtil;
import com.codingapi.sso.bus.utils.SsoUtil;
import java.time.LocalDateTime;
import java.time.format.DateTimeFormatter;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import java.util.stream.Collectors;
import javax.servlet.http.HttpServletRequest;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.lang.Nullable;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.util.Assert;
import org.springframework.util.StringUtils;

@Service
/* loaded from: input_file:com/codingapi/sso/bus/service/impl/SubTokenServiceImpl.class */
public class SubTokenServiceImpl implements SubTokenService {
    private static final Logger log = LoggerFactory.getLogger(SubTokenServiceImpl.class);
    private final TokenOperator tokenOperator;
    private final UserPasswordCheckCounter userPasswordCheckCounter;
    private final SubTokenMapper subTokenMapper;
    private final UserSessionService userSessionService;

    public SubTokenServiceImpl(SubTokenMapper subTokenMapper, TokenOperator tokenOperator, UserPasswordCheckCounter userPasswordCheckCounter, UserSessionService userSessionService) {
        this.tokenOperator = tokenOperator;
        this.userPasswordCheckCounter = userPasswordCheckCounter;
        this.subTokenMapper = subTokenMapper;
        this.userSessionService = userSessionService;
    }

    @Override // com.codingapi.sso.bus.service.SubTokenService
    @Transactional
    public LoginRes subTokenLogin(LoginReq loginReq, HttpServletRequest httpServletRequest) throws SsoBusException {
        Assert.hasText(loginReq.getUserType(), "登录凭证不完整（USER_TYPE）");
        Assert.hasText(loginReq.getUserId(), "登录凭证不完整（USER_ID）");
        Assert.hasText(loginReq.getPassword(), "登录凭证不完整（PASSWORD）");
        TokenConfig tokenConfig = SsoUtil.tokenConfig(loginReq.getUserType());
        Assert.notNull(tokenConfig, "不存在该用户类型的配置");
        if (SsoUtil.masterDeviceLeading(loginReq.getUserType())) {
            SsoBusException.raise("仅允许主设备授权后登录");
        }
        if (this.userPasswordCheckCounter.countOfUserAndType("SUB_" + loginReq.getUserId(), loginReq.getUserType()) >= tokenConfig.getSubMaxRetryCount().intValue()) {
            SsoBusException.raise(String.format("已达到最大重试次数%d，请%d分钟后再试", tokenConfig.getMaxRetryCount(), Long.valueOf(tokenConfig.getMaxRetryCdTime().longValue() / 60000)));
        }
        AuthenticationResult doAuthenticate = SsoUtil.doAuthenticate(loginReq.getUserType(), loginReq.getUserId(), loginReq.getPassword());
        Finder.store(SubToken.class).where("sub_token not in ('" + String.join("','", this.tokenOperator.tokens(loginReq.getUserType(), doAuthenticate.getUserId())) + "')");
        this.subTokenMapper.deleteByFinderWithoutValues();
        String device = DeviceResolveHelper.device(httpServletRequest);
        String clientIp = IpUtils.getClientIp(httpServletRequest);
        Finder.store(SubToken.class).where("user_type=#{userType} and user_id=#{userId}");
        List findByFinder = this.subTokenMapper.findByFinder(Maps.of("userType", loginReq.getUserType(), "userId", doAuthenticate.getUserId()));
        if (findByFinder.size() >= tokenConfig.getSubMaxLoginCount().longValue()) {
            RejectUtil.checkLoginCount(tokenConfig, new RejectUtil.LoginContext(device, clientIp), str -> {
                Iterator it = findByFinder.subList(0, (int) ((findByFinder.size() - tokenConfig.getSubMaxLoginCount().longValue()) + 1)).iterator();
                while (it.hasNext()) {
                    markSubTokenOffline(null, ((SubToken) it.next()).getSubToken(), str);
                }
            });
        }
        if (!this.tokenOperator.usableUser(loginReq.getUserType(), doAuthenticate.getUserId())) {
            SsoBusException.raise("账号已被禁用，请联系管理员");
        }
        String str2 = token(doAuthenticate.getUserId(), loginReq.getUserType(), device, clientIp, doAuthenticate.getIpList(), doAuthenticate.getUserLevel(), doAuthenticate.getAttachment());
        SubToken subToken = new SubToken();
        subToken.setUserId(doAuthenticate.getUserId());
        subToken.setUserType(loginReq.getUserType());
        subToken.setSubToken(str2);
        subToken.setDevice(device);
        subToken.setIp(clientIp);
        subToken.setCreateTime(LocalDateTime.now());
        this.subTokenMapper.save(subToken);
        LoginRes loginRes = new LoginRes();
        loginRes.setMessage("success");
        loginRes.setAttachment(doAuthenticate.getAttachment());
        loginRes.setToken(subToken.getSubToken());
        return loginRes;
    }

    private String token(String str, String str2, String str3, String str4, List<String> list, String str5, Object obj) {
        TokenStore tokenStore = new TokenStore();
        tokenStore.setIps(list);
        tokenStore.setUserLevel(str5);
        tokenStore.setAttachment(obj);
        tokenStore.setIp(str4);
        tokenStore.setDevice(str3);
        return this.tokenOperator.newToken(str2, str, tokenStore);
    }

    @Override // com.codingapi.sso.bus.service.SubTokenService
    @Transactional
    public String newSubTokenByToken(String str, String str2, String str3) throws SsoBusException {
        TokenOpsInfo tokenOpsInfo = this.tokenOperator.getTokenOpsInfo(str3);
        if (StringUtils.hasText(tokenOpsInfo.getMessage())) {
            throw new SsoBusException(40103, tokenOpsInfo.getMessage());
        }
        String str4 = token(tokenOpsInfo.getUserId(), tokenOpsInfo.getUserType(), "扫码授权登录设备", tokenOpsInfo.getTokenStore().getIp(), tokenOpsInfo.getTokenStore().getIps(), tokenOpsInfo.getTokenStore().getUserLevel(), tokenOpsInfo.getTokenStore().getAttachment());
        SubToken subToken = new SubToken();
        subToken.setUserId(tokenOpsInfo.getUserId());
        subToken.setUserType(tokenOpsInfo.getUserType());
        subToken.setSubToken(str4);
        subToken.setDevice(tokenOpsInfo.getTokenStore().getDevice());
        subToken.setIp(tokenOpsInfo.getTokenStore().getIp());
        subToken.setCreateTime(LocalDateTime.now());
        this.subTokenMapper.save(subToken);
        return str4;
    }

    @Override // com.codingapi.sso.bus.service.SubTokenService
    @Transactional
    public void markSubTokenOffline(@Nullable String str, String str2, String str3) throws SsoBusException {
        Assert.isTrue(!str2.equals(str), "主设备下线失败[NonSubToken]");
        if (Objects.nonNull(str)) {
            SsoUtil.verifyToken(str);
            Finder.store(SubToken.class).where("sub_token=#{subToken}");
            Assert.isTrue(this.subTokenMapper.findByFinder(Maps.of("subToken", str)).isEmpty(), "权限错误（子令牌REJECT）");
        }
        Finder.store(SubToken.class).where("sub_token=#{subToken}");
        this.subTokenMapper.deleteByFinder(Maps.of("subToken", str2));
        this.userSessionService.logout(str2, str3);
    }

    @Override // com.codingapi.sso.bus.service.SubTokenService
    public List<ChildDevice> listChildDevices(String str) throws SsoBusException {
        VerifyRes verifyToken = SsoUtil.verifyToken(str);
        Finder.store(SubToken.class).where("sub_token=#{subToken}");
        Assert.isTrue(this.subTokenMapper.findByFinder(Maps.of("subToken", str)).isEmpty(), "权限错误（子令牌REJECT）");
        Finder.store(SubToken.class).where("user_type=#{userType} and user_id=#{userId}");
        return (List) this.subTokenMapper.findByFinder(Maps.of("userType", verifyToken.getSsoUser().getUserType(), "userId", verifyToken.getSsoUser().getUserId())).stream().map(subToken -> {
            ChildDevice childDevice = new ChildDevice();
            childDevice.setIp(subToken.getIp());
            childDevice.setCreateTime(subToken.getCreateTime().format(DateTimeFormatter.ofPattern("yyyy-MM-dd HH:mm:ss")));
            childDevice.setDevice(subToken.getDevice());
            childDevice.setSubToken(subToken.getSubToken());
            return childDevice;
        }).collect(Collectors.toList());
    }
}
