package com.tydic.commodity.estore.busi.impl;

import cn.hutool.core.date.DateTime;
import cn.hutool.core.date.DateUnit;
import cn.hutool.core.date.DateUtil;
import cn.hutool.core.util.CharsetUtil;
import cn.hutool.core.util.RandomUtil;
import cn.hutool.crypto.SmUtil;
import cn.hutool.crypto.symmetric.SymmetricCrypto;
import com.alibaba.fastjson.JSONObject;
import com.ohaotian.plugin.base.exception.ZTBusinessException;
import com.ohaotian.plugin.cache.CacheClient;
import com.ohaotian.plugin.db.SnowFlake;
import com.tydic.commodity.dao.AbilityProvideOauthMapper;
import com.tydic.commodity.estore.ability.bo.Oauth2ModifyUserReqBo;
import com.tydic.commodity.estore.ability.bo.Oauth2ModifyUserRspBo;
import com.tydic.commodity.estore.ability.bo.Oauth2addUserReqBo;
import com.tydic.commodity.estore.ability.bo.Oauth2addUserRspBo;
import com.tydic.commodity.estore.ability.bo.RefreshTokenReqBo;
import com.tydic.commodity.estore.ability.bo.RefreshTokenRspBo;
import com.tydic.commodity.estore.busi.api.Oauth2PluginUserService;
import com.tydic.commodity.estore.utils.CnncUccOauth2DateUtil;
import com.tydic.commodity.po.AbilityProvideOauthPo;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import java.util.ArrayList;
import java.util.Date;
import java.util.List;
import java.util.Objects;
import javax.annotation.Resource;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Service;
import org.springframework.util.ObjectUtils;

@Service
/* loaded from: input_file:com/tydic/commodity/estore/busi/impl/Oauth2PluginUserServiceImpl.class */
public class Oauth2PluginUserServiceImpl implements Oauth2PluginUserService {
    private static final Logger log = LoggerFactory.getLogger(Oauth2PluginUserServiceImpl.class);

    @Resource
    private AbilityProvideOauthMapper abilityProvideOauthMapper;

    @Autowired
    private CacheClient cacheClient;

    @Value("${ability.oauth.add.enabled:true}")
    private Boolean addUserEnabled;

    @Value("${ability.oauth.refresh.offset:60}")
    private int refreshOffset;

    @Value("${ability.oauth.refresh.stand.time:30}")
    private int reqRefreshStandTime;

    @Override // com.tydic.commodity.estore.busi.api.Oauth2PluginUserService
    public Oauth2addUserRspBo addUser(Oauth2addUserReqBo oauth2addUserReqBo) {
        try {
            if (Boolean.FALSE.equals(this.addUserEnabled)) {
                throw new ZTBusinessException("用户创建异常");
            }
            AbilityProvideOauthPo abilityProvideOauthPo = new AbilityProvideOauthPo();
            abilityProvideOauthPo.setOauthId(String.valueOf(new SnowFlake(30L, 29L).nextId()));
            abilityProvideOauthPo.setUsername(oauth2addUserReqBo.getUsername());
            abilityProvideOauthPo.setClientId(oauth2addUserReqBo.getClientId());
            abilityProvideOauthPo.setClusterId(oauth2addUserReqBo.getClusterId());
            String randomString = RandomUtil.randomString(RandomUtil.randomInt(9, 11));
            abilityProvideOauthPo.setPassword(SmUtil.sm4(StringUtils.leftPad(StringUtils.left(randomString + oauth2addUserReqBo.getClusterId() + oauth2addUserReqBo.getUsername(), 16), 16, "@").getBytes(CharsetUtil.CHARSET_UTF_8)).encryptHex(oauth2addUserReqBo.getPassword()));
            abilityProvideOauthPo.setClientSecret(randomString);
            abilityProvideOauthPo.setAccessTokenValidity(String.valueOf(86400));
            abilityProvideOauthPo.setStartSwitch(1);
            AbilityProvideOauthPo abilityProvideOauthPo2 = new AbilityProvideOauthPo();
            abilityProvideOauthPo2.setUsername(oauth2addUserReqBo.getUsername());
            abilityProvideOauthPo2.setClientId(oauth2addUserReqBo.getClientId());
            abilityProvideOauthPo2.setClusterId(oauth2addUserReqBo.getClusterId());
            if (!ObjectUtils.isEmpty(this.abilityProvideOauthMapper.selectByAllOne(abilityProvideOauthPo2))) {
                throw new ZTBusinessException("用户已经存在！");
            }
            this.abilityProvideOauthMapper.insert(abilityProvideOauthPo);
            Oauth2addUserRspBo oauth2addUserRspBo = new Oauth2addUserRspBo();
            oauth2addUserRspBo.setSuccess(Boolean.TRUE.booleanValue());
            oauth2addUserRspBo.setResultCode("0000");
            oauth2addUserRspBo.setResultMessage("用户创建成功");
            oauth2addUserRspBo.setResult(randomString);
            return oauth2addUserRspBo;
        } catch (Exception e) {
            Oauth2addUserRspBo oauth2addUserRspBo2 = new Oauth2addUserRspBo();
            oauth2addUserRspBo2.setSuccess(Boolean.FALSE.booleanValue());
            oauth2addUserRspBo2.setResultCode("9999");
            oauth2addUserRspBo2.setResultMessage("创建失败");
            oauth2addUserRspBo2.setResult(e.getMessage());
            return oauth2addUserRspBo2;
        }
    }

    private static JSONObject getAddAppUser(Oauth2addUserReqBo oauth2addUserReqBo) {
        JSONObject jSONObject = new JSONObject();
        jSONObject.put("appCode", oauth2addUserReqBo.getClientId());
        jSONObject.put("appContact", "Oauth2插件");
        jSONObject.put("appName", oauth2addUserReqBo.getUsername());
        jSONObject.put("appPhone", "12345678900");
        jSONObject.put("isProvider", "0");
        jSONObject.put("remark", "创建订购用户");
        JSONObject jSONObject2 = new JSONObject();
        jSONObject2.put("appFive", "默认");
        jSONObject2.put("appFour", "默认");
        jSONObject2.put("appOne", "默认");
        jSONObject2.put("appThree", "默认");
        jSONObject2.put("appTwo", "默认");
        jSONObject.put("appExtColumnReqBO", jSONObject2);
        return jSONObject;
    }

    @Override // com.tydic.commodity.estore.busi.api.Oauth2PluginUserService
    public RefreshTokenRspBo accessToken(RefreshTokenReqBo refreshTokenReqBo) {
        try {
            if (Boolean.FALSE.equals(checkTime(refreshTokenReqBo))) {
                throw new ZTBusinessException("时间戳已过期！");
            }
            AbilityProvideOauthPo abilityProvideOauthPo = new AbilityProvideOauthPo();
            abilityProvideOauthPo.setUsername(refreshTokenReqBo.getUserName());
            abilityProvideOauthPo.setClientId(refreshTokenReqBo.getClientId());
            abilityProvideOauthPo.setStartSwitch(1);
            SymmetricCrypto sm4 = SmUtil.sm4(refreshTokenReqBo.getTimestamp().replace(":", "").replace(" ", "").getBytes(CharsetUtil.CHARSET_UTF_8));
            String decryptStr = sm4.decryptStr(refreshTokenReqBo.getClientSecret(), CharsetUtil.CHARSET_UTF_8);
            abilityProvideOauthPo.setClientSecret(decryptStr);
            AbilityProvideOauthPo selectByAllOne = this.abilityProvideOauthMapper.selectByAllOne(abilityProvideOauthPo);
            if (ObjectUtils.isEmpty(selectByAllOne)) {
                RefreshTokenRspBo refreshTokenRspBo = new RefreshTokenRspBo();
                refreshTokenRspBo.setSuccess(Boolean.FALSE.booleanValue());
                refreshTokenRspBo.setResultCode("9999");
                refreshTokenRspBo.setResultMessage("用户不存在！");
                return refreshTokenRspBo;
            }
            if (!selectByAllOne.getPassword().equals(SmUtil.sm4(StringUtils.leftPad(StringUtils.left(decryptStr + selectByAllOne.getClusterId() + refreshTokenReqBo.getUserName(), 16), 16, "@").getBytes(CharsetUtil.CHARSET_UTF_8)).encryptHex(sm4.decryptStr(refreshTokenReqBo.getUserPassword(), CharsetUtil.CHARSET_UTF_8), CharsetUtil.CHARSET_UTF_8))) {
                RefreshTokenRspBo refreshTokenRspBo2 = new RefreshTokenRspBo();
                refreshTokenRspBo2.setSuccess(Boolean.FALSE.booleanValue());
                refreshTokenRspBo2.setResultCode("9999");
                refreshTokenRspBo2.setResultMessage("鉴权失败！");
                return refreshTokenRspBo2;
            }
            ArrayList arrayList = new ArrayList();
            arrayList.add(refreshTokenReqBo.getClientId());
            String createToken = createToken(refreshTokenReqBo.getUserName(), decryptStr, arrayList, Long.parseLong(selectByAllOne.getAccessTokenValidity()) * 1000);
            AbilityProvideOauthPo abilityProvideOauthPo2 = new AbilityProvideOauthPo();
            abilityProvideOauthPo2.setOauthId(selectByAllOne.getOauthId());
            abilityProvideOauthPo2.setAccessToken(createToken);
            this.abilityProvideOauthMapper.updateByPrimaryKeySelective(abilityProvideOauthPo2);
            String str = "Mall-OAuth-" + refreshTokenReqBo.getHsn().toUpperCase() + "-" + selectByAllOne.getAccessToken();
            if (!ObjectUtils.isEmpty(this.cacheClient.get(str))) {
                this.cacheClient.expire(str, this.refreshOffset);
                log.info("用户：{} 历史token：{}  {}s后失效...", new Object[]{refreshTokenReqBo.getUserName(), selectByAllOne.getAccessToken(), Integer.valueOf(this.refreshOffset)});
            }
            this.cacheClient.set("Mall-OAuth-" + refreshTokenReqBo.getHsn().toUpperCase() + "-" + createToken, refreshTokenReqBo.getClientId(), Integer.parseInt(selectByAllOne.getAccessTokenValidity()));
            RefreshTokenRspBo refreshTokenRspBo3 = new RefreshTokenRspBo();
            refreshTokenRspBo3.setSuccess(Boolean.TRUE.booleanValue());
            refreshTokenRspBo3.setResultCode("0000");
            refreshTokenRspBo3.setResultMessage("刷新成功");
            RefreshTokenRspBo.TokenRspBO tokenRspBO = new RefreshTokenRspBo.TokenRspBO();
            tokenRspBO.setAccess_token(createToken);
            tokenRspBO.setRefresh_token(createToken);
            tokenRspBO.setTime(CnncUccOauth2DateUtil.getCurrentDateTime());
            tokenRspBO.setExpires_in(Long.valueOf(Long.parseLong(selectByAllOne.getAccessTokenValidity())));
            refreshTokenRspBo3.setResult(tokenRspBO);
            return refreshTokenRspBo3;
        } catch (Exception e) {
            log.error(e.getMessage(), e);
            RefreshTokenRspBo refreshTokenRspBo4 = new RefreshTokenRspBo();
            refreshTokenRspBo4.setSuccess(Boolean.FALSE.booleanValue());
            refreshTokenRspBo4.setResultCode("9999");
            refreshTokenRspBo4.setResultMessage("验签失败!");
            return refreshTokenRspBo4;
        } catch (ZTBusinessException e2) {
            log.error(e2.getMessage(), e2);
            RefreshTokenRspBo refreshTokenRspBo5 = new RefreshTokenRspBo();
            refreshTokenRspBo5.setSuccess(Boolean.FALSE.booleanValue());
            refreshTokenRspBo5.setResultCode("9999");
            refreshTokenRspBo5.setResultMessage(e2.getMessage());
            return refreshTokenRspBo5;
        }
    }

    @Override // com.tydic.commodity.estore.busi.api.Oauth2PluginUserService
    public Oauth2ModifyUserRspBo modifyUserPassword(Oauth2ModifyUserReqBo oauth2ModifyUserReqBo) {
        AbilityProvideOauthPo checkAuthId = checkAuthId(oauth2ModifyUserReqBo.getOauthId());
        SymmetricCrypto sm4 = SmUtil.sm4(StringUtils.leftPad(StringUtils.left(checkAuthId.getClientSecret() + checkAuthId.getClusterId() + checkAuthId.getUsername(), 16), 16, "@").getBytes(CharsetUtil.CHARSET_UTF_8));
        if (!Objects.equals(sm4.encryptHex(oauth2ModifyUserReqBo.getOldPassword()), checkAuthId.getPassword())) {
            throw new ZTBusinessException("历史密码不一致！");
        }
        String encryptHex = sm4.encryptHex(oauth2ModifyUserReqBo.getNewPassword());
        AbilityProvideOauthPo abilityProvideOauthPo = new AbilityProvideOauthPo();
        abilityProvideOauthPo.setOauthId(oauth2ModifyUserReqBo.getOauthId());
        abilityProvideOauthPo.setPassword(encryptHex);
        this.abilityProvideOauthMapper.updateByPrimaryKeySelective(abilityProvideOauthPo);
        Oauth2ModifyUserRspBo oauth2ModifyUserRspBo = new Oauth2ModifyUserRspBo();
        oauth2ModifyUserRspBo.setSuccess(Boolean.TRUE.booleanValue());
        oauth2ModifyUserRspBo.setResultCode("0000");
        oauth2ModifyUserRspBo.setResultMessage("密码修改成功");
        return oauth2ModifyUserRspBo;
    }

    private String createToken(String str, String str2, List<String> list, long j) {
        Claims subject = Jwts.claims().setSubject(str);
        subject.put("roles", list);
        Date date = new Date();
        return Jwts.builder().setClaims(subject).setIssuedAt(date).setExpiration(new Date(date.getTime() + j)).signWith(SignatureAlgorithm.HS256, str2).compact();
    }

    private Boolean checkTime(RefreshTokenReqBo refreshTokenReqBo) {
        DateTime parse = DateUtil.parse(refreshTokenReqBo.getTimestamp());
        Date date = new Date();
        return DateUtil.between(parse, date, DateUnit.MINUTE) - ((DateUtil.between(parse, date, DateUnit.DAY) * 24) * 60) > ((long) this.reqRefreshStandTime) ? Boolean.FALSE : Boolean.TRUE;
    }

    private AbilityProvideOauthPo checkAuthId(String str) {
        AbilityProvideOauthPo abilityProvideOauthPo = new AbilityProvideOauthPo();
        abilityProvideOauthPo.setOauthId(str);
        AbilityProvideOauthPo selectByAllOne = this.abilityProvideOauthMapper.selectByAllOne(abilityProvideOauthPo);
        if (ObjectUtils.isEmpty(selectByAllOne)) {
            throw new ZTBusinessException("账号查询异常！");
        }
        return selectByAllOne;
    }
}
