package com.xdja.pki.service.login;

import com.xdja.pki.annotation.LogPersistence;
import com.xdja.pki.api.admin.AdminService;
import com.xdja.pki.api.common.CommonService;
import com.xdja.pki.api.login.LoginService;
import com.xdja.pki.common.bean.Operator;
import com.xdja.pki.common.bean.Result;
import com.xdja.pki.common.bean.ResultWithLogContent;
import com.xdja.pki.common.config.Cache;
import com.xdja.pki.common.config.ConfigJson;
import com.xdja.pki.common.enums.AdminTypeEnum;
import com.xdja.pki.common.enums.AlgTypeEnum;
import com.xdja.pki.common.enums.CertStatusEnum;
import com.xdja.pki.common.enums.ErrorEnum;
import com.xdja.pki.common.enums.IsOrNotEnum;
import com.xdja.pki.common.enums.PwdEnum;
import com.xdja.pki.common.enums.SwitchEnum;
import com.xdja.pki.common.pkcs7.SignedDataInfo;
import com.xdja.pki.common.pkcs7.SignedDataUtil;
import com.xdja.pki.common.util.CertUtil;
import com.xdja.pki.common.util.DateTimeUtil;
import com.xdja.pki.common.util.FileUtil;
import com.xdja.pki.common.util.IpUtils;
import com.xdja.pki.dao.admin.AdminDao;
import com.xdja.pki.dao.admin.FunctionDao;
import com.xdja.pki.dao.admin.ManagerCertDao;
import com.xdja.pki.dao.security.ManagerUserDao;
import com.xdja.pki.dto.admin.AdminWithRole;
import com.xdja.pki.gmssl.crypto.utils.GMSSLRSASignUtils;
import com.xdja.pki.gmssl.crypto.utils.GMSSLSM2SignUtils;
import com.xdja.pki.models.FunctionDO;
import com.xdja.pki.models.ManagerCertDO;
import com.xdja.pki.models.ManagerUserDO;
import com.xdja.pki.security.util.OperatorUtil;
import com.xdja.pki.vo.log.OperateLogTypeEnum;
import com.xdja.pki.vo.log.content.LogContentBuilder;
import com.xdja.pki.vo.login.LoginVO;
import com.xdja.pki.vo.login.MenuVO;
import com.xdja.pki.vo.login.UserVO;
import com.xdja.pki.vo.security.ManagerUserToken;
import java.net.URL;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Date;
import java.util.Deque;
import java.util.HashMap;
import java.util.LinkedHashMap;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.UUID;
import javax.servlet.http.HttpServletRequest;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.subject.Subject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.BeanUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Service;
import org.springframework.util.ResourceUtils;

@Service
/* loaded from: input_file:com/xdja/pki/service/login/LoginServiceImpl.class */
public class LoginServiceImpl implements LoginService {
    private Logger logger = LoggerFactory.getLogger(getClass());

    @Autowired
    private ManagerUserDao managersha256WithRSAUserDao;

    @Autowired
    private ManagerCertDao managerCertDao;

    @Autowired
    private ManagerUserDao managerUserDao;

    @Autowired
    private AdminDao adminDao;

    @Autowired
    private FunctionDao functionDao;

    @Autowired
    private CommonService commonService;

    @Autowired
    private AdminService adminService;

    @Value("${session.timeout}")
    private int sessionTimeout;

    @Value("${challenge.expires}")
    private long challengeExpires;
    private static final String SESSION_CHALLENGE_KEY = "challenge";
    private static final String KEY_CHALLENGE = "challenge";
    private static final String KEY_EXPIRES = "expires";
    private static final String KEY_FAILURE_TIME = "failureTime";

    @LogPersistence(logType = OperateLogTypeEnum.ADMIN_LOGIN)
    public Result login(UserVO userVO, HttpServletRequest httpServletRequest) throws Exception {
        Subject subject = SecurityUtils.getSubject();
        ManagerCertDO queryManagerCertBySn = this.managerCertDao.queryManagerCertBySn(userVO.getSignSn());
        if (null == queryManagerCertBySn) {
            return Result.failure(ErrorEnum.CERT_IS_NOT_EXISTED);
        }
        if (queryManagerCertBySn.getStatus().equals(CertStatusEnum.FROZEN)) {
            return Result.failure(ErrorEnum.CERT_STATUS_IS_FREEZE);
        }
        if (queryManagerCertBySn.getStatus().equals(CertStatusEnum.REVOKE)) {
            return Result.failure(ErrorEnum.CERT_STATUS_IS_REVOKED);
        }
        if (queryManagerCertBySn.getStatus().equals(CertStatusEnum.EXPIRE)) {
            return Result.failure(ErrorEnum.CERT_STATUS_IS_EXPIRED);
        }
        ManagerUserDO queryByCertId = this.managerUserDao.queryByCertId(queryManagerCertBySn.getId());
        if (null == queryByCertId) {
            return Result.failure(ErrorEnum.MANAGER_USER_IS_NOT_EXIST);
        }
        userVO.setName(queryByCertId.getName());
        userVO.setId(queryByCertId.getId());
        Result loginCheck = loginCheck(queryByCertId, userVO.getPassword(), httpServletRequest);
        if (!loginCheck.isSuccess()) {
            return loginCheck;
        }
        subject.login(new ManagerUserToken(userVO));
        subject.getSession().setTimeout(this.sessionTimeout * 60 * 1000);
        if (setOperator(queryByCertId)) {
            return Result.failure(ErrorEnum.MANAGER_USER_IS_NOT_EXIST);
        }
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        linkedHashMap.put("systemVersion", FileUtil.readStringFromFile(ResourceUtils.getURL("classpath:version").getPath()));
        linkedHashMap.put("userName", queryByCertId.getName());
        linkedHashMap.put("menus", buildMenu(queryByCertId.getId()));
        linkedHashMap.put("history", loginCheck.getInfo());
        return new ResultWithLogContent(Result.success(linkedHashMap), LogContentBuilder.buildLoginLog());
    }

    private Collection<MenuVO> buildMenu(Long l) {
        HashMap hashMap = new HashMap();
        ArrayList arrayList = new ArrayList();
        for (FunctionDO functionDO : this.functionDao.queryAllFunctionsByManagerUserId(l)) {
            MenuVO menuVO = new MenuVO();
            BeanUtils.copyProperties(functionDO, menuVO);
            MenuVO menuVO2 = (MenuVO) hashMap.get(functionDO.getParentId());
            if (null == menuVO2) {
                arrayList.add(menuVO);
            } else {
                menuVO2.getChildren().add(menuVO);
            }
            hashMap.put(functionDO.getId(), menuVO);
        }
        return arrayList;
    }

    @LogPersistence(logType = OperateLogTypeEnum.ADMIN_LOGIN)
    public Result logout() {
        Subject subject = SecurityUtils.getSubject();
        Operator operator = OperatorUtil.getOperator();
        if (null != operator) {
            clearSessionId(operator.getUserName());
        }
        subject.logout();
        return new ResultWithLogContent(Result.success(), LogContentBuilder.buildLogoutLog(), operator);
    }

    @LogPersistence(logType = OperateLogTypeEnum.ADMIN_LOGIN)
    public Result loginWithNoCert(UserVO userVO, HttpServletRequest httpServletRequest) throws Exception {
        Subject subject = SecurityUtils.getSubject();
        ManagerUserDO queryByName = this.managerUserDao.queryByName(userVO.getName());
        if (null == queryByName) {
            return Result.failure(ErrorEnum.MANAGER_USER_IS_NOT_EXIST);
        }
        Long queryRoleId = this.adminDao.queryRoleId(queryByName.getId());
        if (ConfigJson.readSwitchAuthority().intValue() == SwitchEnum.ON.value && queryRoleId.longValue() == AdminTypeEnum.SUPER_ADMIN.type) {
            return Result.failure(ErrorEnum.SEPARATION_OF_POWERS_NOT_LOGIN_AUTHORITY);
        }
        if (ConfigJson.readIsKey().intValue() == IsOrNotEnum.IS.value) {
            ManagerCertDO managerCert = this.adminDao.getManagerCert(userVO.getName());
            if (null == managerCert) {
                return Result.failure(ErrorEnum.ADMIN_HAS_NOT_BIND_KEY);
            }
            if (!userVO.getDeviceNo().equals(managerCert.getDeviceNo())) {
                return Result.failure(ErrorEnum.ADMIN_ACCOUNT_NOT_MATCH_U_KEY);
            }
            if (null == userVO.getSignSn() || !userVO.getSignSn().equals(managerCert.getSn())) {
                return Result.failure(ErrorEnum.ADMIN_CERT_NOT_MATCH);
            }
        }
        userVO.setName(queryByName.getName());
        userVO.setId(queryByName.getId());
        Result loginCheck = loginCheck(queryByName, userVO.getPassword(), httpServletRequest);
        if (!loginCheck.isSuccess()) {
            return loginCheck;
        }
        setSessionId(userVO.getName());
        subject.login(new ManagerUserToken(userVO));
        subject.getSession().setTimeout(this.sessionTimeout * 60 * 1000);
        if (setOperator(queryByName)) {
            return Result.failure(ErrorEnum.MANAGER_USER_IS_NOT_EXIST);
        }
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        URL url = ResourceUtils.getURL("classpath:version");
        try {
            List readLines = FileUtil.readLines("/etc/xdja-release");
            String[] split = ((String) readLines.get(0)).split("=");
            linkedHashMap.put(split[0], split[1]);
            String[] split2 = ((String) readLines.get(1)).split("=");
            linkedHashMap.put(split2[0], split2[1]);
        } catch (Exception e) {
            this.logger.error("没有找到网关系统版本---非融合版网关可忽略");
        }
        linkedHashMap.put("systemVersion", FileUtil.readStringFromFile(url.getPath()));
        linkedHashMap.put("userName", queryByName.getName());
        linkedHashMap.put("roleId", queryRoleId);
        linkedHashMap.put("menus", buildMenu(queryByName.getId()));
        linkedHashMap.put("history", loginCheck.getInfo());
        return new ResultWithLogContent(Result.success(linkedHashMap), LogContentBuilder.buildLoginLog());
    }

    private void setSessionId(String str) {
        Deque deque = (Deque) Cache.sessionId.get(str);
        if (null == deque) {
            deque = new LinkedList();
            Cache.sessionId.put(str, deque);
        }
        OperatorUtil.kickOutUser(str);
        deque.add(SecurityUtils.getSubject().getSession().getId());
    }

    private void clearSessionId(String str) {
        if (null == ((Deque) Cache.sessionId.get(str))) {
            return;
        }
        Cache.sessionId.remove(str);
    }

    private boolean setOperator(ManagerUserDO managerUserDO) {
        Result adminDetailByUserName = this.adminService.getAdminDetailByUserName(managerUserDO.getName());
        if (!adminDetailByUserName.isSuccess() || adminDetailByUserName.getInfo() == null) {
            return true;
        }
        AdminWithRole adminWithRole = (AdminWithRole) adminDetailByUserName.getInfo();
        Operator operator = new Operator();
        operator.setDn(managerUserDO.getName());
        operator.setId(adminWithRole.getAdminId());
        operator.setUserName(adminWithRole.getAdminName());
        operator.setRoleId(String.valueOf(adminWithRole.getRoleId()));
        operator.setRoleName(adminWithRole.getRoleName());
        OperatorUtil.setOperator(operator);
        return false;
    }

    private Result loginCheck(ManagerUserDO managerUserDO, String str, HttpServletRequest httpServletRequest) {
        if (managerUserDO.getTryCount().intValue() >= PwdEnum.MAX_TRY.value && System.currentTimeMillis() - managerUserDO.getLastTryTime().getTime() < PwdEnum.WAIT_TIME.value * 1000) {
            return Result.failure(ErrorEnum.ACCOUNT_IS_LOCKED);
        }
        if (!this.commonService.checkPassword(managerUserDO.getName(), str, managerUserDO.getPassword())) {
            managerUserDO.setTryCount(Integer.valueOf(managerUserDO.getTryCount().intValue() + 1));
            managerUserDO.setLastTryTime(new Date(System.currentTimeMillis()));
            this.managerUserDao.update(managerUserDO);
            return (managerUserDO.getTryCount().intValue() < PwdEnum.MAX_TRY.value || System.currentTimeMillis() - managerUserDO.getLastTryTime().getTime() >= ((long) (PwdEnum.WAIT_TIME.value * 1000))) ? Result.failure(ErrorEnum.PASSWORD_IS_ERROR) : Result.failure(ErrorEnum.ACCOUNT_IS_LOCKED);
        }
        LoginVO loginVO = new LoginVO();
        if (null != managerUserDO.getLastLoginTime()) {
            loginVO.setLastLoginTime(DateTimeUtil.dateToStr(managerUserDO.getLastLoginTime()));
        }
        loginVO.setLastLoginIp(managerUserDO.getLastLoginIp());
        loginVO.setLoginIp(IpUtils.getIpAddress(httpServletRequest));
        loginVO.setPwdExpire(Boolean.valueOf(System.currentTimeMillis() - managerUserDO.getLastUpdatePwdTime().getTime() > ((long) (((PwdEnum.EXPIRE_TIME.value * 24) * 60) * 60)) * 1000));
        managerUserDO.setLastLoginTime(new Date(System.currentTimeMillis()));
        managerUserDO.setLastLoginIp(IpUtils.getIpAddress(httpServletRequest));
        managerUserDO.setTryCount(0);
        this.managerUserDao.update(managerUserDO);
        return Result.success(loginVO);
    }

    public Result test() {
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        try {
            System.out.println(FileUtil.readStringFromFile(ResourceUtils.getURL("classpath:version").getPath()));
        } catch (Exception e) {
            this.logger.error("解析版本文件失败", e);
        }
        linkedHashMap.put("userName", "superAdmin");
        linkedHashMap.put("menus", buildMenu(1L));
        return Result.success(linkedHashMap);
    }

    public Result generateRandom() {
        Map map = (Map) OperatorUtil.getAttribute("challenge");
        if (null == map) {
            map = new HashMap();
            OperatorUtil.setAttribute("challenge", map);
        }
        String uuid = UUID.randomUUID().toString();
        map.put(KEY_EXPIRES, Long.valueOf(this.challengeExpires));
        map.put("challenge", uuid);
        map.put(KEY_FAILURE_TIME, Long.valueOf(System.currentTimeMillis() + (this.challengeExpires * 1000)));
        HashMap hashMap = new HashMap();
        hashMap.put("challenge", map.get("challenge"));
        hashMap.put(KEY_EXPIRES, map.get(KEY_EXPIRES));
        return Result.success(hashMap);
    }

    @LogPersistence(logType = OperateLogTypeEnum.ADMIN_LOGIN)
    public Result login(String str) {
        try {
            SignedDataInfo resolve = SignedDataUtil.resolve(str);
            String str2 = new String(resolve.getContent());
            this.logger.debug("获取签名信息，signContent=[{}]", str2);
            String[] split = str2.split(":");
            String str3 = split[0];
            String str4 = split[1];
            ManagerCertDO queryManagerCertBySn = this.managerCertDao.queryManagerCertBySn(str3);
            if (null == queryManagerCertBySn) {
                this.logger.error("管理员登陆失败,sn=[{}]", str3);
                return Result.failure(ErrorEnum.INVALID_CERT);
            }
            if (CertStatusEnum.NORMAL.value != queryManagerCertBySn.getStatus().intValue()) {
                this.logger.error("证书被撤销,sn=[{}]", str3);
                return Result.failure(ErrorEnum.CERT_STATUS_IS_REVOKED);
            }
            Long valueOf = Long.valueOf(System.currentTimeMillis());
            if (queryManagerCertBySn.getNotBeforeTime().getTime() >= valueOf.longValue() || queryManagerCertBySn.getNotAfterTime().getTime() <= valueOf.longValue()) {
                this.logger.error("证书不在有效期之内，开始时间=[{}]，结束时间=[{}]", DateTimeUtil.dateToStr(queryManagerCertBySn.getNotBeforeTime()), DateTimeUtil.dateToStr(queryManagerCertBySn.getNotAfterTime()));
                return Result.failure(ErrorEnum.CERT_STATUS_IS_EXPIRED);
            }
            Map map = (Map) OperatorUtil.getAttribute("challenge");
            if (null == map || !str4.equalsIgnoreCase(map.get("challenge").toString()) || Long.valueOf(String.valueOf(map.get(KEY_FAILURE_TIME))).longValue() < System.currentTimeMillis()) {
                this.logger.error("挑战值过期");
                return Result.failure(ErrorEnum.INVALID_CHALLENGE);
            }
            if (AlgTypeEnum.RSA.alg == queryManagerCertBySn.getPublicKeyAlg().intValue() && !GMSSLRSASignUtils.verifyByBC("SHA256WithRSA", CertUtil.getCertFromBase64Str(queryManagerCertBySn.getCertData()).getPublicKey(), resolve.getContent(), resolve.getSignData())) {
                this.logger.error("登陆信息验签失败");
                return Result.failure(ErrorEnum.VERIFY_CHALLENGE_SIGN_FAIL);
            }
            if (AlgTypeEnum.SM2.alg == queryManagerCertBySn.getPublicKeyAlg().intValue() && !GMSSLSM2SignUtils.verifyByBC(CertUtil.getCertFromBase64Str(queryManagerCertBySn.getCertData()).getPublicKey(), resolve.getContent(), resolve.getSignData())) {
                this.logger.error("登陆信息验签失败");
                return Result.failure(ErrorEnum.VERIFY_CHALLENGE_SIGN_FAIL);
            }
            Subject subject = SecurityUtils.getSubject();
            ManagerUserDO queryByCertId = this.managerUserDao.queryByCertId(queryManagerCertBySn.getId());
            if (null == queryByCertId) {
                return Result.failure(ErrorEnum.MANAGER_USER_IS_NOT_EXIST);
            }
            UserVO userVO = new UserVO();
            userVO.setName(queryByCertId.getName());
            userVO.setId(queryByCertId.getId());
            userVO.setDeviceNo(queryManagerCertBySn.getDeviceNo());
            userVO.setSignSn(queryManagerCertBySn.getSn());
            userVO.setPassword("xdja@123");
            subject.login(new ManagerUserToken(userVO));
            subject.getSession().setTimeout(this.sessionTimeout * 60 * 1000);
            if (setOperator(queryByCertId)) {
                return Result.failure(ErrorEnum.MANAGER_USER_IS_NOT_EXIST);
            }
            LinkedHashMap linkedHashMap = new LinkedHashMap();
            linkedHashMap.put("userName", queryByCertId.getName());
            linkedHashMap.put("menus", buildMenu(queryByCertId.getId()));
            return new ResultWithLogContent(Result.success(linkedHashMap), LogContentBuilder.buildLoginLog());
        } catch (Exception e) {
            e.printStackTrace();
            throw new RuntimeException("登陆异常", e);
        }
    }
}
