package com.xforceplus.bi.commons.authority.encryptions.xplat.beans;

import com.xforceplus.bi.commons.http.OkHttpInstance;
import com.xforceplus.bi.commons.integration.platform.AuthSource;
import com.xforceplus.bi.commons.integration.user.beans.UserInfo;
import com.xforceplus.bi.commons.integration.user.beans.UserModelPermission;
import com.xforceplus.bi.commons.integration.user.xplat.XplatTokenBody;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.ExpiredJwtException;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import io.jsonwebtoken.impl.TextCodec;
import io.jsonwebtoken.impl.crypto.DefaultSignatureValidatorFactory;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.stream.Stream;
import javax.crypto.spec.SecretKeySpec;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.util.CollectionUtils;

/* loaded from: input_file:com/xforceplus/bi/commons/authority/encryptions/xplat/beans/XplatParseToken.class */
public class XplatParseToken {
    private static final Logger log = LoggerFactory.getLogger(XplatParseToken.class);
    public static final String OPERATION_TOKEN = "X-Operation-Token";
    public static final String innerCompanyCodeRangeName = "CompanyCodeRange";
    public static final String outterTaxNoRangeName = "OutterTaxNoRange";
    public static final String innerExt1OptionsName = "InnerExt1";
    public static final String innerExt2OptionsName = "InnerExt2";
    public static final String innerExt3OptionsName = "InnerExt3";
    public static final String ACCESS_TOKEN_URL = "%s/security/access-token?corp_id=%s&corp_secret=%s";
    public static final String DATA_PERMISSION_URL = "%s/zapi-v1/dataset/getRangeList?access_token=";
    private static final String securityKey = "XplatSecret_#0303";
    public static final String TYPE = "typ";
    public static final String DISPLAY_NAME = "din";
    private String signingKey = TextCodec.BASE64.encode(securityKey);

    @Autowired
    private XplatAccessTokenProperties xplatAccessTokenProperties;

    @Value("${xforce.permissionCode}")
    private String permissionCode;

    @Autowired
    private OkHttpInstance okHttpInstance;

    public UserInfo<XplatTokenBody> validateToken(String str) throws IOException {
        try {
            Claims claims = (Claims) Jwts.parser().setSigningKey(this.signingKey).parseClaimsJws(str).getBody();
            XplatTokenBody xplatTokenBody = new XplatTokenBody(claims.getSubject(), (String) claims.get(DISPLAY_NAME, String.class), (String) claims.get(TYPE, String.class), claims.getExpiration(), claims);
            if (xplatTokenBody == null) {
                return null;
            }
            UserInfo<XplatTokenBody> userInfo = new UserInfo<>();
            userInfo.setUsername(xplatTokenBody.getSubject());
            if (xplatTokenBody.getAdditionalProperties() != null) {
                userInfo.setTenantCode((String) xplatTokenBody.getAdditionalProperties().get("TENANT_CODE"));
                userInfo.setMobile((String) xplatTokenBody.getAdditionalProperties().get("MOBILE"));
                userInfo.setName((String) xplatTokenBody.getAdditionalProperties().get(DISPLAY_NAME));
                userInfo.setFuc((String) xplatTokenBody.getAdditionalProperties().get("fuc"));
                userInfo.setEmail((String) xplatTokenBody.getAdditionalProperties().get("email"));
            }
            userInfo.setAuthSource(AuthSource.XPLAT);
            List<DataSetVo> userDataPermission = getUserDataPermission(userInfo.getUsername(), this.permissionCode, this.xplatAccessTokenProperties);
            HashMap hashMap = new HashMap();
            hashMap.put("default", commonXplatUserParams(userDataPermission));
            userInfo.setPermissionParamS(hashMap);
            userInfo.setOrigin(xplatTokenBody);
            return userInfo;
        } catch (Exception e) {
            log.info("TOken错误");
            return null;
        } catch (ExpiredJwtException e2) {
            log.info("TOken过期");
            return null;
        }
    }

    private List<DataSetVo> getUserDataPermission(String str, String str2, XplatAccessTokenProperties xplatAccessTokenProperties) throws IOException {
        ResponseAccessToken responseAccessToken = (ResponseAccessToken) this.okHttpInstance.postBodyToClass(String.format(ACCESS_TOKEN_URL, xplatAccessTokenProperties.getHost(), xplatAccessTokenProperties.getCorpId(), xplatAccessTokenProperties.getCorpSecret()), "{}", (Map) null, ResponseAccessToken.class);
        if (responseAccessToken == null || !"1".equals(responseAccessToken.getCode())) {
            return null;
        }
        String concat = String.format(DATA_PERMISSION_URL, xplatAccessTokenProperties.getHost()).concat(responseAccessToken.getResult());
        HashMap hashMap = new HashMap();
        hashMap.put("account", str);
        hashMap.put("nodeEname", str2);
        DatasetGetRangeListResponse datasetGetRangeListResponse = (DatasetGetRangeListResponse) this.okHttpInstance.postBodyToClass(concat, hashMap, (Map) null, DatasetGetRangeListResponse.class);
        if (datasetGetRangeListResponse != null && datasetGetRangeListResponse.getCode().intValue() == 1) {
            return datasetGetRangeListResponse.getListDataset();
        }
        return null;
    }

    private List<UserModelPermission.DataPermission> commonXplatUserParams(List<DataSetVo> list) {
        ArrayList arrayList = new ArrayList();
        if (!CollectionUtils.isEmpty(list)) {
            HashSet hashSet = new HashSet();
            HashSet hashSet2 = new HashSet();
            HashSet hashSet3 = new HashSet();
            HashSet hashSet4 = new HashSet();
            HashSet hashSet5 = new HashSet();
            for (DataSetVo dataSetVo : list) {
                if (StringUtils.isNotEmpty(dataSetVo.getInnerCompanyCodeRange())) {
                    hashSet.add(dataSetVo.getInnerCompanyCodeRange());
                }
                if (StringUtils.isNotEmpty(dataSetVo.getOutterTaxNoRange())) {
                    hashSet2.add(dataSetVo.getOutterTaxNoRange());
                }
                if (StringUtils.isNotEmpty(dataSetVo.getInnerExt1Options())) {
                    hashSet3.add(dataSetVo.getInnerExt1Options());
                }
                if (StringUtils.isNotEmpty(dataSetVo.getInnerExt2Options())) {
                    hashSet4.add(dataSetVo.getInnerExt2Options());
                }
                if (StringUtils.isNotEmpty(dataSetVo.getInnerExt3Options())) {
                    hashSet5.add(dataSetVo.getInnerExt3Options());
                }
            }
            if (!hashSet.isEmpty()) {
                addPermissionBi(innerCompanyCodeRangeName, StringUtils.join(hashSet, ","), arrayList);
            }
            if (!hashSet2.isEmpty()) {
                addPermissionBi(outterTaxNoRangeName, StringUtils.join(hashSet2, ","), arrayList);
            }
            if (!hashSet3.isEmpty()) {
                addPermissionBi(innerExt1OptionsName, StringUtils.join(hashSet3, ","), arrayList);
            }
            if (!hashSet4.isEmpty()) {
                addPermissionBi(innerExt2OptionsName, StringUtils.join(hashSet4, ","), arrayList);
            }
            if (!hashSet5.isEmpty()) {
                addPermissionBi(innerExt3OptionsName, StringUtils.join(hashSet5, ","), arrayList);
            }
        }
        return arrayList;
    }

    private void addPermissionBi(String str, String str2, List<UserModelPermission.DataPermission> list) {
        UserModelPermission.DataPermission dataPermission = new UserModelPermission.DataPermission();
        dataPermission.setFieldType("string");
        dataPermission.setFieldRealName(str);
        UserModelPermission.DataPermission.DataPermissionValue dataPermissionValue = new UserModelPermission.DataPermission.DataPermissionValue();
        dataPermissionValue.setValueList(Arrays.asList(str2));
        dataPermissionValue.setSelectType("standardSelect");
        dataPermission.setDataPermissionValues(Arrays.asList(dataPermissionValue));
        list.add(dataPermission);
    }

    public boolean permissionAuth(HttpServletRequest httpServletRequest, UserInfo userInfo) {
        return (StringUtils.equalsIgnoreCase(httpServletRequest.getParameter("checkAuth"), "false") && StringUtils.equalsIgnoreCase(httpServletRequest.getParameter("initDataPermission"), "false")) || haveAccessAuthority(userInfo, getOperationToken(httpServletRequest), httpServletRequest.getParameter("path"), httpServletRequest.getParameter("dataAccessId"));
    }

    private boolean haveAccessAuthority(UserInfo userInfo, String str, String str2, String str3) {
        String fuc = userInfo.getFuc();
        if (StringUtils.isEmpty(str) || fuc == null || fuc.isEmpty()) {
            return false;
        }
        String[] split = str.split(":");
        if (split.length != 2) {
            return false;
        }
        String[] split2 = fuc.split(",");
        String str4 = split[0];
        if (Stream.of((Object[]) split2).noneMatch(str5 -> {
            return str4.equals(str5);
        })) {
            return false;
        }
        String replace = StringUtils.replace(StringUtils.substringAfterLast(str2, "/"), "cda", str3);
        return !Stream.of((Object[]) split[1].split("\\.")).noneMatch(str6 -> {
            return validateOperationToken(str4, replace, userInfo.getUsername(), str6);
        });
    }

    private String getOperationToken(HttpServletRequest httpServletRequest) {
        String header = httpServletRequest.getHeader(OPERATION_TOKEN);
        if (header == null) {
            header = httpServletRequest.getParameter("operation_token");
        }
        return header;
    }

    private boolean validateOperationToken(String str, String str2, String str3, String str4) {
        try {
            String[] split = str4.split("\\$\\$");
            String str5 = split.length == 2 ? split[0] : "";
            return validateHS256Signature(new StringBuilder().append(str).append("-").append(str2).append("$$").append(StringUtils.isEmpty(str5) ? "" : TextCodec.BASE64URL.decodeToString(str5)).toString(), new StringBuilder().append("XplatSecret_#0303.").append(str3).toString(), split.length == 2 ? split[1] : split[0]);
        } catch (RuntimeException e) {
            return false;
        }
    }

    private boolean validateHS256Signature(String str, String str2, String str3) {
        return DefaultSignatureValidatorFactory.INSTANCE.createSignatureValidator(SignatureAlgorithm.HS256, new SecretKeySpec(str2.getBytes(StandardCharsets.UTF_8), SignatureAlgorithm.HS256.getJcaName())).isValid(str.getBytes(StandardCharsets.UTF_8), TextCodec.BASE64URL.decode(str3));
    }
}
