package com.xdja.uas.sso.service.impl;

import com.alibaba.fastjson.JSON;
import com.xdja.agreement.config.SystemConfig;
import com.xdja.uas.bims.entity.Department;
import com.xdja.uas.bims.entity.Person;
import com.xdja.uas.bims.service.DepManageService;
import com.xdja.uas.bims.service.UserManageService;
import com.xdja.uas.common.bean.Result;
import com.xdja.uas.common.util.EncryptDeciphering;
import com.xdja.uas.common.util.HttpRequestUtil;
import com.xdja.uas.common.util.Md5PwdEncoder;
import com.xdja.uas.common.util.MessageManager;
import com.xdja.uas.common.util.Util;
import com.xdja.uas.empower.bean.SimpleAppInfo;
import com.xdja.uas.empower.service.AppPlatformService;
import com.xdja.uas.empower.service.EmpowerService;
import com.xdja.uas.login.service.LoginService;
import com.xdja.uas.rzsj.service.RzsjService;
import com.xdja.uas.scms.entity.Device;
import com.xdja.uas.scms.service.DeviceService;
import com.xdja.uas.sso.bean.Bill;
import com.xdja.uas.sso.bean.LoginParam;
import com.xdja.uas.sso.bean.LoginRst;
import com.xdja.uas.sso.bean.SignUserInfo;
import com.xdja.uas.sso.bean.TokenStrListResult;
import com.xdja.uas.sso.bean.UpdatePasswordParam;
import com.xdja.uas.sso.bean.UserAppInfo;
import com.xdja.uas.sso.bean.UserInfo;
import com.xdja.uas.sso.bean.V2Bill;
import com.xdja.uas.sso.bean.V2UserInfo;
import com.xdja.uas.sso.dao.SingleSignOnDao;
import com.xdja.uas.sso.entity.PersonTerminal;
import com.xdja.uas.sso.entity.UserBill;
import com.xdja.uas.sso.service.PersonPortraitService;
import com.xdja.uas.sso.service.SingleSignOnService;
import com.xdja.uas.sso.service.UserPhotoRecognitionService;
import com.xdja.uas.sso.util.CertUtil;
import com.xdja.uas.syms.service.SystemConfigPbService;
import java.io.File;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import org.apache.commons.lang3.StringUtils;
import org.codehaus.jackson.map.ObjectMapper;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.support.ResourceBundleMessageSource;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.util.CollectionUtils;
import sun.misc.BASE64Decoder;
import sun.misc.BASE64Encoder;

@Transactional(rollbackFor = {Exception.class})
@Service
/* loaded from: input_file:com/xdja/uas/sso/service/impl/SingleSignOnServiceImpl.class */
public class SingleSignOnServiceImpl implements SingleSignOnService {

    @Autowired
    private SystemConfigPbService systemConfigService;

    @Autowired
    private UserManageService userManagerService;

    @Autowired
    private DepManageService depManageService;

    @Autowired
    private DeviceService deviceService;

    @Autowired
    private AppPlatformService appPlatFormService;

    @Autowired
    private LoginService loginService;

    @Autowired
    private SingleSignOnDao singleSignOnDao;

    @Autowired
    private ResourceBundleMessageSource message;

    @Autowired
    private UserPhotoRecognitionService userPhotoRecognitionService;

    @Autowired
    private PersonPortraitService personPortraitService;

    @Autowired
    private RzsjService rzsjService;

    @Autowired
    private EmpowerService empowerService;
    private static Logger log = LoggerFactory.getLogger(SingleSignOnServiceImpl.class);
    private static PrivateKey privateKey = null;

    @Override // com.xdja.uas.sso.service.SingleSignOnService
    public String getLoginType() throws Exception {
        String trim = SystemConfig.getInstance().getString("sys.login.type").trim();
        if (trim == null) {
            throw new Exception(MessageManager.getProMessage(this.message, "sso.signlesignonservice.error.logintype.geterror"));
        }
        return trim;
    }

    @Override // com.xdja.uas.sso.service.SingleSignOnService
    @Transactional
    public LoginRst login(LoginParam loginParam) {
        long time = new Date().getTime();
        if (loginParam == null) {
            return new LoginRst("5", MessageManager.getProMessage(this.message, "sso.signlesignonservice.error.login.paramerror"));
        }
        String loginType = loginParam.getLoginType();
        String userName = loginParam.getUserName();
        String passWord = loginParam.getPassWord();
        String nullStr = Util.nullStr(loginParam.getCardNo());
        String nullStr2 = Util.nullStr(loginParam.getImsi());
        String nullStr3 = Util.nullStr(loginParam.getImei());
        String userPhoto = loginParam.getUserPhoto();
        String str = null;
        String trim = SystemConfig.getInstance().getString("sys.login.type").trim();
        if (loginType == null || !trim.contains(loginType)) {
            LoginRst loginRst = new LoginRst("5", MessageManager.getProMessage(this.message, "sso.signlesignonservice.error.logintype.logintypeerror"));
            loginRst.setLoginType(trim);
            return loginRst;
        }
        Device device = null;
        Person person = null;
        if ("1".equals(loginType)) {
            person = this.userManagerService.getUserByCodeOrIdentifer(userName);
            try {
                if (this.loginService.judgeIslock(person)) {
                    this.rzsjService.add(person, nullStr3, "0", "0", "12", "登录", (String) null, nullStr3, nullStr2, nullStr);
                    return new LoginRst("12", MessageManager.getProMessage(this.message, "sso.signlesignonservice.error.login.passwordlock"));
                }
            } catch (Exception e) {
                this.rzsjService.add(person, nullStr3, "0", "0", "", "登录", (String) null, nullStr3, nullStr2, nullStr);
                log.error("验证用户密码输入错误次数异常：" + e.getMessage(), e);
            }
            if (person == null || StringUtils.isBlank(passWord) || !Md5PwdEncoder.getInstance().encodePassword(passWord).equals(person.getPassword())) {
                if (person != null) {
                    person.setLoginErrorTimes(person.getLoginErrorTimes() + 1);
                    this.userManagerService.updateUserNotUpdateLastupdatetime(person);
                    this.rzsjService.add(person, nullStr3, "0", "0", "2", "登录", (String) null, nullStr3, nullStr2, nullStr);
                }
                return new LoginRst("2", MessageManager.getProMessage(this.message, "sso.signlesignonservice.error.login.userorpwerror"));
            }
            if (this.loginService.judgeIslock2(person)) {
                this.rzsjService.add(person, nullStr3, "0", "0", "7", "登录", (String) null, nullStr3, nullStr2, nullStr);
                return new LoginRst("7", MessageManager.getProMessage(this.message, "sso.signlesignonservice.error.login.userlock"));
            }
            person.setLoginErrorTimes(0);
            this.userManagerService.updateUserNotUpdateLastupdatetime(person);
            str = person.getId();
        } else if ("0".equals(loginType)) {
            try {
                if (StringUtils.isNotBlank(nullStr)) {
                    device = this.deviceService.getByCardNO(nullStr);
                }
            } catch (Exception e2) {
                log.error("未查询到安全卡信息", e2);
            }
            if (device != null) {
                person = this.userManagerService.queryPersonById(device.getPersonId());
                if (this.loginService.judgeIslock2(person)) {
                    this.rzsjService.add(person, nullStr3, "0", "0", "7", "登录", (String) null, nullStr3, nullStr2, nullStr);
                    return new LoginRst("7", MessageManager.getProMessage(this.message, "sso.signlesignonservice.error.login.userlock"));
                }
                str = person.getId();
            }
        } else {
            if (!"2".equals(loginType)) {
                return new LoginRst("5", MessageManager.getProMessage(this.message, "sso.signlesignonservice.error.logintype.logintypeerror"));
            }
            person = this.userManagerService.getUserByCodeOrIdentifer(userName);
            if (person == null || StringUtils.isBlank(userPhoto)) {
                return new LoginRst("13", MessageManager.getProMessage(this.message, "sso.signlesignonservice.error.login.userorphotoerror"));
            }
            try {
                if (this.loginService.judgeIslock(person)) {
                    this.rzsjService.add(person, nullStr3, "0", "0", "12", "登录", (String) null, nullStr3, nullStr2, nullStr);
                    return new LoginRst("12", MessageManager.getProMessage(this.message, "sso.signlesignonservice.error.login.passwordlock"));
                }
            } catch (Exception e3) {
                log.error("验证用户密码输入错误次数异常：" + e3.getMessage(), e3);
            }
            if (this.loginService.judgeIslock2(person)) {
                this.rzsjService.add(person, nullStr3, "0", "0", "7", "登录", (String) null, nullStr3, nullStr2, nullStr);
                return new LoginRst("7", MessageManager.getProMessage(this.message, "sso.signlesignonservice.error.login.userlock"));
            }
            try {
                String queryOfficialUserPhoto = this.userPhotoRecognitionService.queryOfficialUserPhoto(person);
                if (StringUtils.isBlank(queryOfficialUserPhoto)) {
                    log.debug("官方人像不存在");
                    this.rzsjService.add(person, nullStr3, "0", "0", "17", "登录", (String) null, nullStr3, nullStr2, nullStr);
                    return new LoginRst("17", MessageManager.getProMessage(this.message, "sso.signlesignonservice.error.login.photorecogerror") + ":官方人像不存在");
                }
                try {
                    if (!this.userPhotoRecognitionService.validUserPhoto(queryOfficialUserPhoto, userPhoto)) {
                        log.debug("人像不匹配");
                        this.rzsjService.add(person, nullStr3, "0", "0", "15", "登录", (String) null, nullStr3, nullStr2, nullStr);
                        return new LoginRst("15", MessageManager.getProMessage(this.message, "sso.signlesignonservice.error.login.photounmatch"));
                    }
                    person.setLoginErrorTimes(0);
                    this.userManagerService.updateUserNotUpdateLastupdatetime(person);
                    str = person.getId();
                } catch (Exception e4) {
                    log.debug("人像比对失败:" + e4.getMessage());
                    this.rzsjService.add(person, nullStr3, "0", "0", "16", "登录", (String) null, nullStr3, nullStr2, nullStr);
                    return new LoginRst("16", MessageManager.getProMessage(this.message, "sso.signlesignonservice.error.login.photorecogerror") + ":" + e4.getMessage());
                }
            } catch (Exception e5) {
                log.debug("获取官方人像失败:" + e5.getMessage());
                return new LoginRst("18", MessageManager.getProMessage(this.message, "sso.signlesignonservice.error.login.photorecogerror") + ":" + e5.getMessage());
            }
        }
        boolean parseBoolean = Boolean.parseBoolean(this.systemConfigService.getValueByCode("ifCheckDeivce"));
        if ((parseBoolean || "0".equals(loginType)) && StringUtils.isBlank(nullStr)) {
            this.rzsjService.add(person, nullStr3, "0", "0", "19", "登录", (String) null, nullStr3, nullStr2, nullStr);
            return new LoginRst("19", MessageManager.getProMessage(this.message, "sso.signlesignonservice.error.login.hardnoempty"), str);
        }
        if (device == null && StringUtils.isNotBlank(nullStr)) {
            device = this.deviceService.getByCardNO(nullStr);
        }
        Device updateDevice = updateDevice(parseBoolean, device, nullStr, nullStr2, nullStr3, str, "1");
        if ((parseBoolean || "0".equals(loginType)) && updateDevice == null) {
            this.rzsjService.add(person, nullStr3, "0", "0", "3", "登录", (String) null, nullStr3, nullStr2, nullStr);
            return new LoginRst("3", MessageManager.getProMessage(this.message, "sso.signlesignonservice.error.login.unfindecarderror"), str);
        }
        if (!"1".equals(loginType) && !"2".equals(loginType)) {
            str = updateDevice.getPersonId();
        }
        if (updateDevice != null) {
            String bindingState = updateDevice.getBindingState();
            if (!parseBoolean || (bindingState != null && parseBoolean && bindingState.indexOf("3") < 0)) {
                updateDevice.setImei(nullStr3);
                this.deviceService.update(updateDevice);
            }
        }
        if (parseBoolean) {
            try {
                if (!checkBindingState(str, updateDevice, nullStr3, nullStr2)) {
                    this.rzsjService.add(person, nullStr3, "0", "0", "4", "登录", (String) null, nullStr3, nullStr2, nullStr);
                    return new LoginRst("4", MessageManager.getProMessage(this.message, "sso.signlesignonservice.error.login.bindcheckfail"), str);
                }
            } catch (Exception e6) {
                log.error("验证安全卡绑定信息异常", e6);
                this.rzsjService.add(person, nullStr3, "0", "0", "4", "登录", (String) null, nullStr3, nullStr2, nullStr);
                return new LoginRst("4", MessageManager.getProMessage(this.message, "sso.signlesignonservice.error.login.bindcheckerror") + ":" + e6.getMessage(), str);
            }
        }
        if (SystemConfig.getInstance().getString("isSaveBind").trim().equalsIgnoreCase("true")) {
            saveOrUpdateBind(str, nullStr3);
        }
        log.info("service登录验证耗时：" + (new Date().getTime() - time));
        LoginRst createBill = createBill(str, person, true);
        log.info("service创建票据耗时：" + (new Date().getTime() - time));
        if (StringUtils.isBlank(createBill.getResult().getId())) {
            createBill.getResult().setId(str);
        }
        Result result = createBill.getResult();
        if (result == null || !"0".equals(result.getFlag())) {
            this.rzsjService.add(person, nullStr3, "0", "0", result == null ? "" : result.getFlag(), "登录", (String) null, nullStr3, nullStr2, nullStr);
        } else {
            this.rzsjService.add(person, nullStr3, "0", "1", "", "登录", (String) null, nullStr3, nullStr2, nullStr);
        }
        return createBill;
    }

    @Override // com.xdja.uas.sso.service.SingleSignOnService
    public Device updateDevice(boolean z, Device device, String str, String str2, String str3, String str4, String str5) {
        log.debug("------>开始走updateDevice方法......");
        if (str == null) {
            return device;
        }
        boolean parseBoolean = Boolean.parseBoolean(this.systemConfigService.getValueByCode("THIRD_CARD"));
        log.info("====> 开启支持第三方用户卡:" + parseBoolean);
        if (z) {
            log.info("===> 开启三码绑定校验");
            if (device != null) {
                log.info("=====> device不是空");
                return device;
            }
            if (!parseBoolean) {
                return null;
            }
            if (terminalTypeIsCheckDevice(str5)) {
                List<Device> byIMEI = this.deviceService.getByIMEI(str3);
                if (!CollectionUtils.isEmpty(byIMEI)) {
                    for (Device device2 : byIMEI) {
                        if (str4.equals(device2.getPersonId())) {
                            device = device2;
                        }
                    }
                    if (device == null) {
                        throw new RuntimeException(MessageManager.getProMessage(this.message, "sso.signlesignonservice.error.login.imeibeloneerror"));
                    }
                }
            }
            if (!Util.varCheckEmp(str)) {
                if (device == null) {
                    log.info("==>device 是空, 新增一条数据");
                    device = new Device();
                    device.setHardNo(str);
                    device.setIccid(str);
                    device.setImei(str3);
                    device.setImsi(str2);
                    device.setTimestamp(Long.valueOf(System.currentTimeMillis()));
                    device.setPersonId(str4);
                    this.deviceService.save(device);
                } else {
                    boolean z2 = false;
                    device.setIccid(str);
                    if (StringUtils.isNotBlank(str3) && !str3.equals(device.getImei())) {
                        z2 = true;
                        device.setImei(str3);
                    }
                    if (StringUtils.isNotBlank(str2) && !str2.equals(device.getImsi())) {
                        z2 = true;
                        device.setImsi(str2);
                    }
                    if (z2) {
                        device.setTimestamp(Long.valueOf(System.currentTimeMillis()));
                        this.deviceService.update(device);
                    }
                }
            }
        } else {
            log.info("===> 不开启三码绑定校验");
            if (device != null) {
                log.info("=====> device不是空, 更新三码信息");
                device.setHardNo(str);
                device.setIccid(str);
                device.setImei(str3);
                device.setImsi(str2);
                device.setTimestamp(Long.valueOf(System.currentTimeMillis()));
                this.deviceService.update(device);
                return device;
            }
            if (!parseBoolean) {
                return device;
            }
            if (terminalTypeIsCheckDevice(str5)) {
                List<Device> byIMEI2 = this.deviceService.getByIMEI(str3);
                if (!CollectionUtils.isEmpty(byIMEI2)) {
                    for (Device device3 : byIMEI2) {
                        if (str4.equals(device3.getPersonId())) {
                            device = device3;
                        }
                    }
                    if (device == null) {
                        throw new RuntimeException(MessageManager.getProMessage(this.message, "sso.signlesignonservice.error.login.imeibeloneerror"));
                    }
                }
            }
            if (!Util.varCheckEmp(str)) {
                log.info("==>device 是空, 新增一条数据");
                if (device == null) {
                    device = new Device();
                    device.setHardNo(str);
                    device.setIccid(str);
                    device.setImei(str3);
                    device.setImsi(str2);
                    device.setTimestamp(Long.valueOf(System.currentTimeMillis()));
                    device.setPersonId(str4);
                    this.deviceService.save(device);
                } else {
                    device.setHardNo(str);
                    device.setIccid(str);
                    device.setImei(str3);
                    device.setImsi(str2);
                    device.setTimestamp(Long.valueOf(System.currentTimeMillis()));
                    device.setPersonId(str4);
                    this.deviceService.update(device);
                }
            }
        }
        return device;
    }

    @Override // com.xdja.uas.sso.service.SingleSignOnService
    public boolean checkBindingState(String str, Device device, String str2, String str3) throws Exception {
        log.debug("------>开始走checkBindingState方法");
        log.info("========================================================");
        log.info("========================================================");
        log.info("\ndevice_state: " + device.getState() + "\ndevice_flag: " + device.getFlag() + "\ndevice_lockstate: " + device.getLockState() + "\npersonId: " + str + "\nimei: " + str2 + "\nimsi: " + str3);
        log.info("========================================================");
        log.info("========================================================");
        if (!"3".equals(device.getState()) || !"1".equals(device.getFlag()) || !"0".equals(device.getLockState())) {
            throw new Exception(MessageManager.getProMessage(this.message, "sso.signlesignonservice.error.card.stateerror"));
        }
        String bindingState = device.getBindingState();
        if (StringUtils.isBlank(bindingState)) {
            bindingState = this.systemConfigService.getValueByCode("terminalbindtype");
            if (StringUtils.isBlank(bindingState)) {
                return true;
            }
            device.setBindingState(bindingState);
        }
        if ("0".equals(bindingState)) {
            return true;
        }
        if (bindingState.indexOf("1") >= 0 && !str.equals(device.getPersonId())) {
            throw new Exception(MessageManager.getProMessage(this.message, "sso.signlesignonservice.error.card.binderror"));
        }
        if (bindingState.indexOf("3") >= 0) {
            if (StringUtils.isBlank(str2)) {
                throw new Exception(MessageManager.getProMessage(this.message, "webservice.rp.error.imei.isBlank"));
            }
            if (str2.length() > 32) {
                throw new Exception(MessageManager.getProMessage(this.message, "webservice.rp.error.imei.tooLong"));
            }
            if (StringUtils.isBlank(device.getImei())) {
                log.info("首次使用，写入信息:" + str2);
                device.setImei(str2);
                log.debug("------>开始更新设备信息");
                this.deviceService.update(device);
                log.debug("------>更新设备信息成功");
                log.info("imei信息写入成功");
            } else if (!str2.equals(device.getImei())) {
                throw new Exception(MessageManager.getProMessage(this.message, "webservice.rp.error.imei.notMatch"));
            }
        }
        if (bindingState.indexOf("2") >= 0) {
            if (StringUtils.isBlank(str3)) {
                throw new Exception(MessageManager.getProMessage(this.message, "webservice.rp.error.imsi.isBlank"));
            }
            if ("000000000000000".equals(str3)) {
                throw new Exception(MessageManager.getProMessage(this.message, "webservice.rp.error.imsi.test15Zero"));
            }
            if (str3.length() > 32) {
                throw new Exception(MessageManager.getProMessage(this.message, "webservice.rp.error.imsi.tooLong"));
            }
            if (StringUtils.isBlank(device.getImsi())) {
                log.info("首次使用，写入信息:" + str3);
                device.setImsi(str3);
                log.debug("------>开始更新设备信息");
                this.deviceService.update(device);
                log.debug("------>更新设备信息成功");
                log.info("imsi信息写入成功");
            } else if (!str3.equals(device.getImsi())) {
                throw new Exception(MessageManager.getProMessage(this.message, "webservice.rp.error.imsi.notMatch"));
            }
        }
        log.debug("------>checkBindingState方法执行成功");
        return true;
    }

    @Override // com.xdja.uas.sso.service.SingleSignOnService
    public LoginRst delayBill(String str) {
        Result checkBill = checkBill(str);
        if (!"0".equals(checkBill.getFlag())) {
            return new LoginRst("1", checkBill.getMessage(), checkBill.getId());
        }
        Bill bill = (Bill) Util.readValue(EncryptDeciphering.getInstance().decrypt(str.split("\\|")[0]), Bill.class);
        LoginRst createBill = (bill.getUserInfo().getLimits() == null && StringUtils.isNotBlank(SystemConfig.getInstance().getString("application.roam.area.code"))) ? createBill(bill.getUserInfo().getId(), null, false) : createBill(bill.getUserInfo().getId(), null, true);
        if (createBill != null && "0".equals(createBill.getResult().getFlag())) {
            createBill.getResult().setId(checkBill.getId());
        }
        return createBill;
    }

    @Override // com.xdja.uas.sso.service.SingleSignOnService
    public LoginRst createBill(String str, Person person, boolean z) {
        int i;
        UserInfo v2UserInfo;
        long time = new Date().getTime();
        LoginRst loginRst = new LoginRst();
        if (person == null) {
            person = this.userManagerService.queryPersonById(str);
        }
        if (person == null || "1".equals(person.getFlag())) {
            return new LoginRst("1", MessageManager.getProMessage(this.message, "sso.signlesignonservice.error.login.usernotexist"));
        }
        String trim = SystemConfig.getInstance().getString("sys.algorithm").trim();
        log.debug("加密算法：" + trim);
        if (privateKey == null) {
            String trim2 = SystemConfig.getInstance().getString("sys.privatekey.gettype").trim();
            log.debug("私钥生成方式：" + trim2);
            if ("0".equals(trim2)) {
                log.info("秘钥生成方式 : 从秘钥库获取文件");
                String trim3 = SystemConfig.getInstance().getString("sys.keystory.password").trim();
                log.info("获取到的秘钥库密码 : " + trim3);
                String string = SystemConfig.getInstance().getString("sys.cer.alias");
                log.info("获取到的证书别名 : " + string);
                String path = getClass().getClassLoader().getResource("keystore.jks").getPath();
                log.info("keyStoryPath: " + path);
                try {
                    privateKey = CertUtil.getPrivateKeyFromKeyKeyStory(path, trim3, string);
                } catch (Exception e) {
                    log.error("统一认证获取证书私钥异常", e);
                    return new LoginRst("8", MessageManager.getProMessage(this.message, "sso.signlesignonservice.error.privatekey.createerror") + ":" + e.getMessage());
                }
            } else {
                if (!"1".equals(trim2)) {
                    return new LoginRst("9", MessageManager.getProMessage(this.message, "sso.signlesignonservice.error.privatekey.configerror"));
                }
                log.info("秘钥生成方式 : 使用字符串生成");
                try {
                    privateKey = CertUtil.getPrivateKey(SystemConfig.getInstance().getString("sys.privatekey.str").trim(), trim);
                } catch (Exception e2) {
                    log.error("生成票据失败，获取证书私钥异常：" + e2.getMessage(), e2);
                    return new LoginRst("8", MessageManager.getProMessage(this.message, "sso.signlesignonservice.error.privatekey.createerror") + ":" + e2.getMessage());
                }
            }
        }
        String trim4 = SystemConfig.getInstance().getString("sys.bill.indate").trim();
        loginRst.setEffectivetime(trim4);
        try {
            i = Integer.parseInt(trim4);
        } catch (NumberFormatException e3) {
            log.error("票据有效时长设置有误", e3);
            i = 120;
        }
        long time2 = new Date().getTime() + (i * 60 * 1000);
        boolean z2 = false;
        String trim5 = SystemConfig.getInstance().getString("dragon.photo.query.type").trim();
        if ("2".equals(trim5)) {
            log.debug("只调用巨龙接口，认为是有肖像，不再触发本地上传操作。");
            z2 = true;
        } else if ("4".equals(trim5)) {
            boolean hasUserPhoto = this.userPhotoRecognitionService.hasUserPhoto(person);
            z2 = hasUserPhoto;
            boolean z3 = false;
            if (!z2) {
                z3 = this.personPortraitService.hasPortraitByPersonId(person.getId());
                z2 = z3;
            }
            log.debug("先巨龙后本地，巨龙" + hasUserPhoto + "，本地" + z3);
        } else if ("3".equals(trim5)) {
            boolean hasPortraitByPersonId = this.personPortraitService.hasPortraitByPersonId(person.getId());
            z2 = hasPortraitByPersonId;
            boolean z4 = false;
            if (!z2) {
                z4 = this.userPhotoRecognitionService.hasUserPhoto(person);
                z2 = z4;
            }
            log.debug("先本地后巨龙，本地" + hasPortraitByPersonId + "，巨龙" + z4);
        } else if ("1".equals(trim5)) {
            z2 = this.personPortraitService.hasPortraitByPersonId(person.getId());
            log.debug("只调用本地接口" + z2);
        }
        if (z) {
            ArrayList arrayList = new ArrayList();
            boolean equalsIgnoreCase = "true".equalsIgnoreCase(SystemConfig.getInstance().getString("support.uaas"));
            v2UserInfo = equalsIgnoreCase ? new SignUserInfo(person, z2, Long.toString(time2)) : new UserInfo(person, z2, Long.toString(time2));
            try {
                List<SimpleAppInfo> limitAppList = this.appPlatFormService.getLimitAppList(person.getId());
                if (limitAppList != null && !limitAppList.isEmpty()) {
                    ArrayList arrayList2 = new ArrayList();
                    for (SimpleAppInfo simpleAppInfo : limitAppList) {
                        UserAppInfo userAppInfo = new UserAppInfo();
                        userAppInfo.setPackageName(simpleAppInfo.getPackageName());
                        userAppInfo.setAppFlag(simpleAppInfo.getAppFlag());
                        arrayList.add(simpleAppInfo.getPackageName());
                        arrayList2.add(userAppInfo);
                    }
                    if (equalsIgnoreCase) {
                        ((SignUserInfo) v2UserInfo).setLimitApps(arrayList2);
                    }
                }
                v2UserInfo.setLimits((String[]) arrayList.toArray(new String[0]));
            } catch (Exception e4) {
                log.error("获取用户权限失败:" + e4.getMessage());
            }
            log.info("service获取用户权限耗时：" + (new Date().getTime() - time));
        } else {
            v2UserInfo = new V2UserInfo(person, z2, Long.toString(time2));
        }
        String jsonStr = Util.toJsonStr(v2UserInfo);
        long time3 = new Date().getTime();
        try {
            String signature = CertUtil.getSignature(jsonStr, privateKey, trim);
            log.info("票据签名：" + signature);
            log.info("service票据签名耗时：" + (new Date().getTime() - time3));
            long time4 = new Date().getTime();
            String jsonStr2 = Util.toJsonStr(new Bill(v2UserInfo, signature));
            UserBill userBill = new UserBill();
            userBill.setBill(jsonStr2);
            userBill.setSign(signature);
            userBill.setCode(person.getCode());
            userBill.setEffectivedate(v2UserInfo.getEffectivedate());
            try {
                this.singleSignOnDao.save(userBill);
                log.info("service保存票据耗时：" + (new Date().getTime() - time4));
                long time5 = new Date().getTime();
                String encrypt = EncryptDeciphering.getInstance().encrypt(jsonStr2);
                if (z) {
                    loginRst.setBillStr(encrypt);
                } else {
                    loginRst.setBillStr(buildBillForRoam(encrypt));
                }
                loginRst.setResult("0", MessageManager.getProMessage(this.message, "sso.signlesignonservice.checksuccess"));
                log.info("service组装票据耗时：" + (new Date().getTime() - time5));
                return loginRst;
            } catch (Exception e5) {
                log.error("保存票据失败" + e5.getMessage(), e5);
                return new LoginRst("11", MessageManager.getProMessage(this.message, "sso.signlesignonservice.error.savebillerror"));
            }
        } catch (NoSuchAlgorithmException e6) {
            log.error("生成票据签名异常：" + e6.getMessage(), e6);
            return new LoginRst("10", MessageManager.getProMessage(this.message, "sso.signlesignonservice.error.signatureerror") + ":" + e6.getMessage());
        }
    }

    private String buildBillForRoam(String str) {
        StringBuilder sb = new StringBuilder(str);
        String string = SystemConfig.getInstance().getString("application.roam.area.code");
        log.info("++地区编码:{}", string);
        if (StringUtils.isNotBlank(string)) {
            sb.append("|").append(string);
        }
        return sb.toString();
    }

    private String[] anlalysisBill(String str) {
        if (StringUtils.isBlank(str)) {
            return null;
        }
        return str.split("\\|");
    }

    @Override // com.xdja.uas.sso.service.SingleSignOnService
    public Result checkBill(String str) {
        Result checkBillLocalWithoutAppPackage;
        String[] anlalysisBill = anlalysisBill(str);
        log.debug("++票据分隔结果:" + Arrays.toString(anlalysisBill));
        if (anlalysisBill == null || anlalysisBill.length == 0) {
            return new Result("4", MessageManager.getProMessage(this.message, "sso.signlesignonservice.error.receivebillerror"), (String) null);
        }
        boolean z = true;
        if (anlalysisBill.length >= 2 && !Util.varCheckEmp(anlalysisBill[1]) && !Util.varCheckEmp(SystemConfig.getInstance().getString("application.roam.area.code"))) {
            z = anlalysisBill[1].equalsIgnoreCase(SystemConfig.getInstance().getString("application.roam.area.code"));
        }
        if (z) {
            log.debug("++本地校验票据结果");
            checkBillLocalWithoutAppPackage = checkBillLocalWithoutAppPackage(anlalysisBill[0]);
            log.debug("本地校验票据结果:{}", Util.toJsonStr(checkBillLocalWithoutAppPackage));
        } else {
            log.debug("++异地校验票据");
            checkBillLocalWithoutAppPackage = checkBillRamote(str);
            log.debug("++异地校验票据结果:{}", Util.toJsonStr(checkBillLocalWithoutAppPackage));
            StringBuilder sb = new StringBuilder(str);
            if (anlalysisBill.length == 3) {
                sb.append("|").append(SystemConfig.getInstance().getString("application.roam.area.code"));
            }
            anlalysisBill = anlalysisBill(sb.toString());
        }
        if ("0".equals(checkBillLocalWithoutAppPackage.getFlag()) && anlalysisBill != null && anlalysisBill.length >= 3 && !Util.varCheckEmp(anlalysisBill[2])) {
            log.debug("++开始校验权限");
            boolean z2 = false;
            if (anlalysisBill.length != 4 || Util.varCheckEmp(anlalysisBill[3])) {
                log.debug("++开始校验本地权限");
                List limitAppList = this.appPlatFormService.getLimitAppList(checkBillLocalWithoutAppPackage.getId());
                if (limitAppList != null) {
                    Iterator it = limitAppList.iterator();
                    while (it.hasNext()) {
                        if (((SimpleAppInfo) it.next()).getPackageName().equals(anlalysisBill[2])) {
                            z2 = true;
                        }
                    }
                }
            } else {
                log.debug("++开始校验申请权限");
                String str2 = anlalysisBill[3];
            }
            log.debug("++权限校验结果:{}", Boolean.valueOf(z2));
            if (!z2) {
                checkBillLocalWithoutAppPackage = new Result("98", MessageManager.getProMessage(this.message, "sso.checkbill.error.appauth.error"), checkBillLocalWithoutAppPackage.getId());
            }
        }
        log.debug("++票据校验结果:{}", Util.toJsonStr(checkBillLocalWithoutAppPackage));
        return checkBillLocalWithoutAppPackage;
    }

    private Result checkBillRamote(String str) {
        Result result;
        StringBuilder append = new StringBuilder("strBill=").append(str);
        String[] anlalysisBill = anlalysisBill(str);
        if (anlalysisBill != null && anlalysisBill.length == 3) {
            append.append("|").append(SystemConfig.getInstance().getString("application.roam.area.code"));
        }
        try {
            result = (Result) JSON.parseObject(new HttpRequestUtil().post("", append.toString()), Result.class);
        } catch (Exception e) {
            log.error(e.getMessage(), e);
            result = new Result("4", MessageManager.getProMessage(this.message, "sso.checkBill.error.remote.fail"), (String) null);
        }
        if (result != null) {
            result.setMessage("[异地]" + result.getMessage());
        }
        return result;
    }

    private Result checkBillLocalWithoutAppPackage(String str) {
        String decrypt = EncryptDeciphering.getInstance().decrypt(str);
        if (Util.varCheckEmp(decrypt)) {
            return new Result("4", MessageManager.getProMessage(this.message, "sso.signlesignonservice.error.receivebillerror"), (String) null);
        }
        Bill bill = (Bill) Util.readValue(decrypt, Bill.class);
        String str2 = null;
        if (bill == null) {
            return new Result("4", MessageManager.getProMessage(this.message, "sso.signlesignonservice.error.receivebillerror"), (String) null);
        }
        if (bill.getUserInfo() != null) {
            str2 = bill.getUserInfo().getId();
        }
        String sign = bill.getSign();
        if (Long.parseLong(bill.getUserInfo().getEffectivedate()) < new Date().getTime()) {
            return new Result("1", MessageManager.getProMessage(this.message, "sso.signlesignonservice.error.billoutdateerror"), str2);
        }
        if (this.singleSignOnDao.getBySign(sign) == null) {
            log.error("票据验证失败：票据不属于该平台发放");
            return new Result("3", MessageManager.getProMessage(this.message, "sso.signlesignonservice.error.unbillerror"), str2);
        }
        String trim = SystemConfig.getInstance().getString("sys.algorithm").trim();
        String path = getClass().getClassLoader().getResource("cert.cer").getPath();
        log.info("certFilePath:" + path);
        try {
            try {
                byte[] publicKeyDecrypt = CertUtil.publicKeyDecrypt(new BASE64Decoder().decodeBuffer(sign), CertUtil.getCertFromStandFile(new File(path)).getPublicKey(), trim);
                String jsonNode = new ObjectMapper().readTree(decrypt).get("userInfo").toString();
                log.info("票据中用户信息的json串：" + jsonNode);
                return new BASE64Encoder().encode(publicKeyDecrypt).equals(new BASE64Encoder().encode(CertUtil.getDigest(jsonNode, "SHA"))) ? new Result("0", MessageManager.getProMessage(this.message, "sso.signlesignonservice.checksuccess"), str2) : new Result("2", MessageManager.getProMessage(this.message, "sso.signlesignonservice.checkerror"), str2);
            } catch (Exception e) {
                log.error("票据验证异常：" + e.getMessage(), e);
                return new Result("4", e.getMessage(), str2);
            }
        } catch (Exception e2) {
            log.error("生成公钥失败：" + e2.getMessage(), e2);
            return new Result("4", MessageManager.getProMessage(this.message, "sso.signlesignonservice.error.publickey.createerror"), str2);
        }
    }

    @Override // com.xdja.uas.sso.service.SingleSignOnService
    public Result updatePassword(UpdatePasswordParam updatePasswordParam) {
        String code = updatePasswordParam.getCode();
        String oldPassword = updatePasswordParam.getOldPassword();
        String newPassword = updatePasswordParam.getNewPassword();
        if (StringUtils.isBlank(code) || StringUtils.isBlank(oldPassword) || StringUtils.isBlank(newPassword)) {
            return new Result("1", MessageManager.getProMessage(this.message, "common.message.operate.fail") + ":" + MessageManager.getProMessage(this.message, "sso.updatepassword.error.paramerror"));
        }
        if (newPassword.length() < 6) {
            return new Result("1", MessageManager.getProMessage(this.message, "common.message.operate.fail") + ":" + MessageManager.getProMessage(this.message, "sso.updatepassword.error.newpwdlengtherror"));
        }
        try {
            Person userByCode = this.userManagerService.getUserByCode(code);
            if (null == userByCode) {
                return new Result("1", MessageManager.getProMessage(this.message, "common.message.operate.fail") + ":" + MessageManager.getProMessage(this.message, "sso.updatepassword.error.notfindperson"));
            }
            if (!userByCode.getPassword().equals(Md5PwdEncoder.getInstance().encodePassword(oldPassword))) {
                return new Result("1", MessageManager.getProMessage(this.message, "common.message.operate.fail") + ":" + MessageManager.getProMessage(this.message, "sso.updatepassword.error.passwordwrong"));
            }
            userByCode.setPassword(Md5PwdEncoder.getInstance().encodePassword(newPassword));
            this.userManagerService.updateUser(userByCode);
            return new Result("0", MessageManager.getProMessage(this.message, "common.message.operate.success"));
        } catch (Exception e) {
            log.error("密码修改失败", e);
            return new Result("1", MessageManager.getProMessage(this.message, "common.message.operate.fail") + ":" + e.getMessage());
        }
    }

    @Override // com.xdja.uas.sso.service.SingleSignOnService
    public UserInfo getUserInfoFromBillJson(String str) {
        String[] anlalysisBill = anlalysisBill(str);
        if (anlalysisBill == null || anlalysisBill.length == 0) {
            return null;
        }
        UserInfo userInfo = ((Bill) Util.readValue(EncryptDeciphering.getInstance().decrypt(anlalysisBill[0]), Bill.class)).getUserInfo();
        if (userInfo.getLimits() == null) {
            ArrayList arrayList = new ArrayList();
            Iterator it = this.appPlatFormService.getLimitAppList(userInfo.getId()).iterator();
            while (it.hasNext()) {
                arrayList.add(((SimpleAppInfo) it.next()).getPackageName());
            }
            userInfo.setLimits((String[]) arrayList.toArray(new String[0]));
        }
        return userInfo;
    }

    @Override // com.xdja.uas.sso.service.SingleSignOnService
    public V2UserInfo getUserInfoFromV2BillJson(String str) {
        Department departmentByCode;
        String[] anlalysisBill = anlalysisBill(str);
        if (anlalysisBill == null || anlalysisBill.length == 0) {
            return null;
        }
        V2UserInfo userInfo = ((V2Bill) Util.readValue(EncryptDeciphering.getInstance().decrypt(anlalysisBill[0]), V2Bill.class)).getUserInfo();
        if (userInfo.getLimits() == null) {
            ArrayList arrayList = new ArrayList();
            Iterator it = this.appPlatFormService.getLimitAppList(userInfo.getId()).iterator();
            while (it.hasNext()) {
                arrayList.add(((SimpleAppInfo) it.next()).getPackageName());
            }
            userInfo.setLimits((String[]) arrayList.toArray(new String[0]));
        }
        if (StringUtils.isBlank(userInfo.getDepname()) && (departmentByCode = this.depManageService.getDepartmentByCode(userInfo.getDepcode())) != null) {
            userInfo.setDepname(departmentByCode.getName());
        }
        return userInfo;
    }

    private void saveOrUpdateBind(String str, String str2) {
        log.debug("进入saveOrUpdateBind方法!");
        PersonTerminal queryPT = this.singleSignOnDao.queryPT(str, str2);
        if (queryPT == null) {
            PersonTerminal personTerminal = new PersonTerminal();
            personTerminal.setPersonId(str);
            personTerminal.setImei(str2);
            this.singleSignOnDao.save(personTerminal);
            return;
        }
        if (queryPT.getPersonId().equals(str) && queryPT.getImei().equals(str2)) {
            return;
        }
        queryPT.setPersonId(str);
        queryPT.setImei(str2);
        this.singleSignOnDao.update(queryPT);
    }

    public SystemConfigPbService getSystemConfigService() {
        return this.systemConfigService;
    }

    public void setSystemConfigService(SystemConfigPbService systemConfigPbService) {
        this.systemConfigService = systemConfigPbService;
    }

    public UserManageService getUserManagerService() {
        return this.userManagerService;
    }

    public void setUserManagerService(UserManageService userManageService) {
        this.userManagerService = userManageService;
    }

    public DeviceService getDeviceService() {
        return this.deviceService;
    }

    public void setDeviceService(DeviceService deviceService) {
        this.deviceService = deviceService;
    }

    public AppPlatformService getAppPlatFormService() {
        return this.appPlatFormService;
    }

    public void setAppPlatFormService(AppPlatformService appPlatformService) {
        this.appPlatFormService = appPlatformService;
    }

    public SingleSignOnDao getSingleSignOnDao() {
        return this.singleSignOnDao;
    }

    public void setSingleSignOnDao(SingleSignOnDao singleSignOnDao) {
        this.singleSignOnDao = singleSignOnDao;
    }

    public ResourceBundleMessageSource getMessage() {
        return this.message;
    }

    public void setMessage(ResourceBundleMessageSource resourceBundleMessageSource) {
        this.message = resourceBundleMessageSource;
    }

    @Override // com.xdja.uas.sso.service.SingleSignOnService
    public LoginRst LoginNoPassword(LoginParam loginParam, Person person, boolean z) {
        long time = new Date().getTime();
        String cardNo = loginParam.getCardNo();
        String imsi = loginParam.getImsi();
        String imei = loginParam.getImei();
        String terminalType = loginParam.getTerminalType();
        String id = person.getId();
        Device device = null;
        try {
            log.debug("cardNo：" + cardNo);
            if (StringUtils.isNotBlank(cardNo)) {
                device = this.deviceService.getByCardNO(cardNo);
            }
            if (device == null) {
                log.info("====> device 是空");
            } else {
                log.info("====> device 不是空");
                log.info("\ndevice_state: " + device.getState() + "\ndevice_flag: " + device.getFlag() + "\ndevice_lockstate: " + device.getLockState() + "\npersonId: " + id + "\nimei: " + imei + "\nimsi: " + imsi);
            }
        } catch (Exception e) {
            log.error("未查询到安全卡信息", e);
        }
        boolean parseBoolean = Boolean.parseBoolean(this.systemConfigService.getValueByCode("ifCheckDeivce"));
        log.info("检查安全卡是否存在：" + parseBoolean);
        Device updateDevice = updateDevice(parseBoolean, device, cardNo, imsi, imei, id, terminalType);
        if (parseBoolean && updateDevice == null && terminalTypeIsCheckDevice(terminalType)) {
            log.info("安全卡信息未注册");
            this.rzsjService.add(person, imei, "0", "0", "1", "免密登录", (String) null, imei, imsi, cardNo);
            return new LoginRst("1", MessageManager.getProMessage(this.message, "sso.signlesignonservice.error.login.unfindecarderror"), id);
        }
        if (parseBoolean) {
            try {
                if (terminalTypeIsCheckDevice(terminalType) && !checkBindingState(id, updateDevice, imei, imsi)) {
                    log.info("三码绑定验证未通过");
                    this.rzsjService.add(person, imei, "0", "0", "1", "免密登录", (String) null, imei, imsi, cardNo);
                    return new LoginRst("1", MessageManager.getProMessage(this.message, "sso.signlesignonservice.error.login.bindcheckfail"), id);
                }
            } catch (Exception e2) {
                log.error("验证安全卡绑定信息异常", e2);
                this.rzsjService.add(person, imei, "0", "0", "1", "免密登录", (String) null, imei, imsi, cardNo);
                return new LoginRst("1", MessageManager.getProMessage(this.message, "sso.signlesignonservice.error.login.bindcheckerror") + ":" + e2.getMessage(), id);
            }
        }
        log.info("service登录验证耗时：" + (new Date().getTime() - time));
        long time2 = new Date().getTime();
        LoginRst createBill = createBill(id, person, z);
        log.info("service创建票据耗时：" + (new Date().getTime() - time2));
        if (StringUtils.isBlank(createBill.getResult().getId())) {
            createBill.getResult().setId(id);
        }
        Result result = createBill.getResult();
        if (result == null || !"0".equals(result.getFlag())) {
            this.rzsjService.add(person, imei, "0", "0", result == null ? "" : result.getFlag(), "免密登录", (String) null, imei, imsi, cardNo);
        } else {
            this.rzsjService.add(person, imei, "0", "1", "", "免密登录", (String) null, imei, imsi, cardNo);
        }
        return createBill;
    }

    private boolean terminalTypeIsCheckDevice(String str) {
        return "1".equals(str);
    }

    @Override // com.xdja.uas.sso.service.SingleSignOnService
    public Result destroyTokenStr(String str, String str2) {
        if (StringUtils.isNotBlank(str2)) {
            return destroyTokenStrByToken(str2);
        }
        this.singleSignOnDao.deleteByCode(str);
        return new Result("0", MessageManager.getProMessage(this.message, "common.message.operate.success"), (String) null);
    }

    private Result destroyTokenStrByToken(String str) {
        Bill bill = (Bill) Util.readValue(str, Bill.class);
        String str2 = null;
        if (bill == null) {
            return new Result("4", MessageManager.getProMessage(this.message, "sso.signlesignonservice.error.receivebillerror"), (String) null);
        }
        if (bill.getUserInfo() != null) {
            str2 = bill.getUserInfo().getId();
        }
        UserBill bySign = this.singleSignOnDao.getBySign(bill.getSign());
        if (bySign != null) {
            this.singleSignOnDao.delete(bySign);
        }
        return new Result("0", MessageManager.getProMessage(this.message, "common.message.operate.success"), str2);
    }

    @Override // com.xdja.uas.sso.service.SingleSignOnService
    public TokenStrListResult getTokenStrList(String str) {
        List<UserBill> queryByCode = this.singleSignOnDao.queryByCode(str);
        TokenStrListResult tokenStrListResult = new TokenStrListResult("0", MessageManager.getProMessage(this.message, "common.message.operate.success"));
        ArrayList arrayList = new ArrayList();
        Iterator<UserBill> it = queryByCode.iterator();
        while (it.hasNext()) {
            arrayList.add(EncryptDeciphering.getInstance().encrypt(it.next().getBill()));
        }
        tokenStrListResult.setTokenStrList(arrayList);
        return tokenStrListResult;
    }

    @Override // com.xdja.uas.sso.service.SingleSignOnService
    public String getThirdAppFlag(String str) {
        return this.empowerService.getAppFlag(str);
    }

    @Override // com.xdja.uas.sso.service.SingleSignOnService
    @Deprecated
    public Result checkBillForUaac(String str, String str2) {
        Result checkBillLocalWithoutAppPackage = checkBillLocalWithoutAppPackage(str.split("\\|")[0]);
        if (checkBillLocalWithoutAppPackage.getFlag().equals("0")) {
            boolean z = false;
            List limitAppList = this.appPlatFormService.getLimitAppList(checkBillLocalWithoutAppPackage.getId());
            if (limitAppList != null) {
                Iterator it = limitAppList.iterator();
                while (it.hasNext()) {
                    if (((SimpleAppInfo) it.next()).getPackageName().equals(str2)) {
                        z = true;
                    }
                }
            }
            if (!z) {
                getUserInfoFromBillJson(str);
            }
        }
        return checkBillLocalWithoutAppPackage;
    }
}
