package com.tydic.dyc.common.user.impl;

import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson.JSONObject;
import com.nimbusds.jwt.PlainJWT;
import com.ohaotian.plugin.base.exception.ZTBusinessException;
import com.tydic.authority.busi.api.SelectUserByLoginNameService;
import com.tydic.authority.busi.bo.SelectUserByLoginNameReqBO;
import com.tydic.authority.busi.bo.SelectUserByLoginNameRspBO;
import com.tydic.dyc.common.user.api.ComAuthLoginService;
import com.tydic.dyc.common.user.bo.ComAuthLoginReqBO;
import com.tydic.dyc.common.util.EncodingUtils;
import com.tydic.dyc.common.util.SecurityUtil;
import com.tydic.dyc.common.util.SignUtil;
import com.tydic.umc.general.ability.api.UmcLoginAbilityService;
import com.tydic.umc.general.ability.bo.UmcLoginExpTimeAbilityReqBO;
import com.tydic.umc.security.jwt.UmcJwt;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.jose4j.keys.AesKey;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Service;

@Service
/* loaded from: input_file:com/tydic/dyc/common/user/impl/ComAuthLoginServiceImpl.class */
public class ComAuthLoginServiceImpl implements ComAuthLoginService {
    private static final Logger log = LoggerFactory.getLogger(ComAuthLoginServiceImpl.class);

    @Value("${jwt.signingKey:4Qy93T0Cea_s5J1IM8d_NZknAKVka_d7p_Inkm1WMckboJWBbte9JuxuUIaYgUg72WDwYhwGrqWKeW1ba6OVVQ}")
    private String jwtSigningKey;

    @Value("${jwt.encryptionKey:SCohMtxkDqIt8v0VR5FVK2g8CT8DlxYy7cXO43ypMJo}")
    private String jwtEncryptionKey;

    @Autowired
    private UmcLoginAbilityService umcLoginAbilityService;

    @Autowired
    private SelectUserByLoginNameService selectUserByLoginNameService;

    @Value("${zm.index:http://172.20.9.251/}")
    private String url;
    private static final String USERNAME_KEY = "sub";

    @Value("${zm.authUser.key:csb48SawbCCFFdYDG5KmjinTdREKGKEQ}")
    private String key;

    public void authLogin(String str, HttpServletResponse httpServletResponse, HttpServletRequest httpServletRequest) {
        log.error("jwt密文" + str);
        String string = JSONObject.parseObject(parseTicket(str)).getString(USERNAME_KEY);
        HashMap hashMap = new HashMap();
        Date date = new Date();
        if (StringUtils.isEmpty(string)) {
            throw new ZTBusinessException("erp员工编号为空!");
        }
        SelectUserByLoginNameReqBO selectUserByLoginNameReqBO = new SelectUserByLoginNameReqBO();
        selectUserByLoginNameReqBO.setUsername(string);
        SelectUserByLoginNameRspBO selectUserByLoginNameNoAuth = this.selectUserByLoginNameService.selectUserByLoginNameNoAuth(selectUserByLoginNameReqBO);
        if (selectUserByLoginNameNoAuth == null) {
            throw new ZTBusinessException("用户不存在!");
        }
        hashMap.put("userId", selectUserByLoginNameNoAuth.getUserId());
        hashMap.put("iat", Long.valueOf(date.getTime()));
        String createToken = UmcJwt.createToken(hashMap);
        if (StringUtils.isBlank(createToken)) {
            throw new ZTBusinessException("授权失败");
        }
        UmcLoginExpTimeAbilityReqBO umcLoginExpTimeAbilityReqBO = new UmcLoginExpTimeAbilityReqBO();
        umcLoginExpTimeAbilityReqBO.setToken(createToken);
        Cookie cookie = new Cookie("auth-token", createToken);
        cookie.setHttpOnly(true);
        cookie.setPath("/");
        httpServletResponse.addCookie(cookie);
        this.umcLoginAbilityService.updateLoginExpTime(umcLoginExpTimeAbilityReqBO);
        try {
            httpServletResponse.sendRedirect(this.url);
        } catch (IOException e) {
        }
    }

    private String parseTicket(String str) {
        String str2 = null;
        if (org.springframework.util.StringUtils.hasText(str)) {
            if (org.springframework.util.StringUtils.hasText(this.jwtSigningKey)) {
                try {
                    byte[] verifyJwsSignature = EncodingUtils.verifyJwsSignature(new AesKey(this.jwtSigningKey.getBytes(StandardCharsets.UTF_8)), str.getBytes(StandardCharsets.UTF_8));
                    if (verifyJwsSignature == null || verifyJwsSignature.length <= 0) {
                        throw new ZTBusinessException("jwt签名不通过");
                    }
                    String str3 = new String(verifyJwsSignature, StandardCharsets.UTF_8);
                    str2 = org.springframework.util.StringUtils.hasText(this.jwtEncryptionKey) ? EncodingUtils.decryptJwtValue(EncodingUtils.generateJsonWebKey(this.jwtEncryptionKey), str3) : str3;
                } catch (Exception e) {
                    log.error("jwt签名或者解密不正确", e);
                    throw new ZTBusinessException("jwt签名或者解密不正确:" + e.getMessage());
                }
            } else {
                try {
                    str2 = PlainJWT.parse(str).getJWTClaimsSet().toString();
                } catch (Exception e2) {
                    log.error("jwt解析异常", e2);
                    throw new ZTBusinessException("jwt解析异常:" + e2.getMessage());
                }
            }
        }
        return str2;
    }

    public JSONObject authUser(ComAuthLoginReqBO comAuthLoginReqBO, HttpServletRequest httpServletRequest) {
        JSONObject jSONObject = new JSONObject();
        log.error("认证中心推送用户:" + comAuthLoginReqBO);
        try {
            jSONObject.put("newSign", SignUtil.getSign(comAuthLoginReqBO.getAppId(), Long.valueOf(Long.parseLong(comAuthLoginReqBO.getTimestamp())), this.key, httpServletRequest.getRequestURL().toString(), httpServletRequest.getMethod(), (Map) JSONObject.parseObject(JSON.toJSONString(comAuthLoginReqBO), Map.class)));
            jSONObject.put("result", SecurityUtil.decryptAES(comAuthLoginReqBO.getSyncData(), this.key));
            jSONObject.put("code", 1000);
            jSONObject.put("msg", "成功");
        } catch (Exception e) {
            log.error("解密认证中心推送用户报错" + e);
            jSONObject.put("code", 1);
            jSONObject.put("msg", "解密失败:" + e.getMessage());
        }
        return jSONObject;
    }
}
