package com.xforceplus.bi.commons.authority.encryptions.usercenter;

import com.alibaba.fastjson.JSON;
import com.google.common.collect.Sets;
import com.xforceplus.bi.commons.authority.encryptions.AuthEncryptionInterface;
import com.xforceplus.bi.commons.authority.usercenter.feign.client.UserExtraInfoClientService;
import com.xforceplus.bi.commons.authority.usercenter.feign.request.MsGetUserExtraInfoRequest;
import com.xforceplus.bi.commons.authority.usercenter.feign.response.ExtraInfoModel;
import com.xforceplus.bi.commons.authority.usercenter.feign.response.MsGetUserExtraInfoResponse;
import com.xforceplus.bi.commons.authority.util.DetermineAuthUtil;
import com.xforceplus.bi.commons.integration.platform.AuthSource;
import com.xforceplus.bi.commons.integration.user.beans.UserInfo;
import com.xforceplus.tenantsecurity.domain.AuthorizedUser;
import com.xforceplus.tenantsecurity.domain.Role;
import com.xforceplus.tenantsecurity.domain.UserType;
import com.xforceplus.tenantsecurity.jwt.JwtUtils;
import com.xforceplus.tenantsecurity.utils.CompressionUtils;
import com.xforceplus.tenantsecurity.utils.JsonUtils;
import java.io.IOException;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.util.Assert;
import org.springframework.util.CollectionUtils;
import org.springframework.web.servlet.HandlerMapping;
import org.springframework.web.util.WebUtils;

/* loaded from: input_file:com/xforceplus/bi/commons/authority/encryptions/usercenter/UserCenterAuthEncryption.class */
public class UserCenterAuthEncryption implements AuthEncryptionInterface {
    private static final Logger log = LoggerFactory.getLogger(UserCenterAuthEncryption.class);

    @Value("${xforce.platforms.usercenter.secret:my_sessionjw_tsecret_xdfdffdsdfdfs}")
    private String secret;

    @Value("${xforce.platforms.usercenter.appid:100}")
    private String appid;

    @Autowired
    private UserExtraInfoClientService userExtraInfoClientService;

    @Value("${xforce.platforms.usercenter.accessTokenKey:xforce-saas-token}")
    private String accessTokenKey = "";

    @Value("${xforce.platforms.usercenter.extra:true}")
    private boolean needExtraAuth = true;

    @Override // com.xforceplus.bi.commons.authority.encryptions.AuthEncryptionInterface
    public String tokenKey() {
        return this.accessTokenKey;
    }

    @Override // com.xforceplus.bi.commons.authority.encryptions.AuthEncryptionInterface
    public String token(HttpServletRequest httpServletRequest) {
        if (DetermineAuthUtil.isFromAthena(httpServletRequest) || DetermineAuthUtil.containsXAccessTokenInHeaders(httpServletRequest)) {
            if (DetermineAuthUtil.isFromAthena(httpServletRequest)) {
                log.error("Cookie中包含Token");
                return null;
            }
            log.error("Header中包含AccessToken");
            return null;
        }
        Cookie cookie = WebUtils.getCookie(httpServletRequest, UserType.USER.tokenKey());
        if (cookie != null) {
            return cookie.getValue();
        }
        String header = httpServletRequest.getHeader(this.accessTokenKey);
        return StringUtils.isNotEmpty(header) ? header : WebUtils.findParameterValue(httpServletRequest, UserType.USER.tokenKey());
    }

    @Override // com.xforceplus.bi.commons.authority.encryptions.AuthEncryptionInterface
    public UserInfo decode(HttpServletRequest httpServletRequest) throws Exception {
        String str = token(httpServletRequest);
        Map<String, String> verifyAndDecodeToken = JwtUtils.verifyAndDecodeToken(this.secret, str);
        Assert.notNull(verifyAndDecodeToken, "claims == null, 访问失败，没有登录");
        return transferToBIUser(getUserOfUserCenter(httpServletRequest, verifyAndDecodeToken, str));
    }

    private UserInfo<AuthorizedUser> transferToBIUser(AuthorizedUser authorizedUser) {
        UserInfo<AuthorizedUser> userInfo = new UserInfo<>();
        userInfo.setAuthSource(AuthSource.USER_CENTER);
        userInfo.setUsername(authorizedUser.getUsername());
        userInfo.setTenantId(String.valueOf(authorizedUser.getTenantId()));
        userInfo.setTenantCode(authorizedUser.getTenantCode());
        userInfo.setMobile(authorizedUser.getMobile());
        userInfo.setEmail(authorizedUser.getEmail());
        HashSet newHashSet = Sets.newHashSet();
        if (CollectionUtils.isEmpty(authorizedUser.getRoles())) {
            log.warn("该用户({})的角色为空", authorizedUser.getUsername());
        } else {
            Iterator it = authorizedUser.getRoles().iterator();
            while (it.hasNext()) {
                newHashSet.add(String.valueOf(((Role) it.next()).getId()));
            }
        }
        userInfo.setRoles(newHashSet);
        userInfo.setOrigin(authorizedUser);
        userInfo.setResources(authorizedUser.getResourceCodes());
        return userInfo;
    }

    private AuthorizedUser getUserOfUserCenter(HttpServletRequest httpServletRequest, Map<String, String> map, String str) throws IOException {
        String decode = CompressionUtils.decode(map.get("userinfo"));
        Assert.hasText(decode, "访问失败，无效令牌");
        AuthorizedUser authorizedUser = (AuthorizedUser) JsonUtils.fromJson(decode, AuthorizedUser.class);
        Assert.notNull(authorizedUser, "userinfo is null");
        authorizedUser.setToken(str);
        Long tenantId = getTenantId(httpServletRequest);
        if (tenantId != null) {
            authorizedUser.setTenantId(tenantId.longValue());
        }
        if (this.needExtraAuth) {
            setExtraInfo(authorizedUser);
        }
        return authorizedUser;
    }

    private void setExtraInfo(AuthorizedUser authorizedUser) throws IOException {
        MsGetUserExtraInfoRequest msGetUserExtraInfoRequest = new MsGetUserExtraInfoRequest();
        msGetUserExtraInfoRequest.setAppId(Integer.parseInt(this.appid));
        msGetUserExtraInfoRequest.setResources(true);
        MsGetUserExtraInfoResponse userExtraInfo = this.userExtraInfoClientService.userExtraInfo(authorizedUser.token(), msGetUserExtraInfoRequest);
        if (userExtraInfo.getCode().intValue() != 1) {
            log.error("获取用户信息接口内部错误:" + userExtraInfo.getMessage());
        }
        String infoJson = userExtraInfo.getInfoJson();
        if (StringUtils.isEmpty(infoJson)) {
            log.info("获取用户额外信息返回为空");
            authorizedUser.setResourceCodes(Sets.newHashSet());
            return;
        }
        Set resourceCodes = ((ExtraInfoModel) JsonUtils.fromJson(infoJson, ExtraInfoModel.class)).getResourceCodes();
        if (CollectionUtils.isEmpty(resourceCodes)) {
            log.warn("infoJson:" + JSON.toJSONString(userExtraInfo));
        }
        log.info("获取到的权限为: {}", resourceCodes);
        authorizedUser.setResourceCodes(resourceCodes);
    }

    private Long getTenantId(HttpServletRequest httpServletRequest) {
        Long l;
        String header = httpServletRequest.getHeader("tenantId");
        if (header == null) {
            Map map = (Map) httpServletRequest.getAttribute(HandlerMapping.URI_TEMPLATE_VARIABLES_ATTRIBUTE);
            if (!CollectionUtils.isEmpty(map)) {
                header = (String) map.get("tenantId");
            }
        }
        try {
            l = Long.valueOf(Long.parseLong(header));
        } catch (NumberFormatException e) {
            log.warn(e.getMessage() + ", tenantId = " + header);
            l = null;
        }
        return l;
    }
}
