package com.supwisdom.eams.security.authc.local.web;

import com.fasterxml.jackson.annotation.JsonInclude;
import com.supwisdom.eams.infras.captcha.CaptchaGenerator;
import com.supwisdom.eams.infras.captcha.RandomStringGenerator;
import com.supwisdom.eams.security.authc.local.app.command.LicenseFileUploadCmd;
import com.supwisdom.eams.security.authc.local.app.command.LoginCommand;
import com.supwisdom.eams.security.authc.local.license.LicenseVertify;
import com.supwisdom.eams.security.authc.local.license.MacUtils;
import com.supwisdom.eams.security.authc.local.realm.LocalAuthcToken;
import com.supwisdom.eams.security.helper.PrincipalHelper;
import com.supwisdom.eams.security.link.SsoLoginLink;
import com.supwisdom.eams.security.loginout.LocalLogoutUrlStrategy;
import com.supwisdom.eams.security.util.CasUtils;
import com.supwisdom.eams.security.util.LoginUser;
import com.supwisdom.eams.security.web.SecuritySupportController;
import com.supwisdom.eams.system.account.domain.model.Account;
import com.supwisdom.eams.system.security.event.UserLoginFailEvent;
import com.supwisdom.eams.system.security.event.UserLoginSuccessEvent;
import com.supwisdom.eams.system.utils.DownOrUploadFile;
import java.io.File;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import javax.annotation.Resource;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import javax.validation.Valid;
import org.apache.commons.lang3.StringUtils;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.IncorrectCredentialsException;
import org.apache.shiro.crypto.hash.Sha1Hash;
import org.apache.shiro.subject.Subject;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.actuate.endpoint.InfoEndpoint;
import org.springframework.context.ApplicationEventPublisher;
import org.springframework.context.ApplicationEventPublisherAware;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.multipart.MultipartFile;
import org.springframework.web.servlet.ModelAndView;

@Controller
/* loaded from: input_file:com/supwisdom/eams/security/authc/local/web/LoginController.class */
public class LoginController extends SecuritySupportController implements ApplicationEventPublisherAware {
    private static final String LOGIN_SOURCE = "local";
    private static final String SALT_KEY = "SALT";
    private static final String CAPTCHA_KEY = "CAPTCHA";
    private static final String NEED_CAPTCHA_KEY = "NEED_CAPTCHA";
    private static final String LOGIN_COUNT_KEY = "LOGIN_COUNT";
    private static final String ORIGIN_MAX_INACTIVE_INTERVAL = "ORIGIN_MAX_INACTIVE_INTERVAL";

    @Resource(name = "UUIDStringGenerator")
    private RandomStringGenerator randomStringGenerator;

    @Autowired(required = false)
    private InfoEndpoint infoEndpoint;

    @Autowired(required = false)
    private List<SsoLoginLink> ssoLinkList = new ArrayList();

    @Autowired
    private LocalLogoutUrlStrategy localLogoutUrlStrategy;

    @Autowired
    private MacUtils macUtils;

    @Autowired
    private DownOrUploadFile downOrUploadFile;
    private ApplicationEventPublisher applicationEventPublisher;

    @Value("${cas.enable:false}")
    private Boolean useCas;

    @JsonInclude(JsonInclude.Include.NON_NULL)
    /* loaded from: input_file:com/supwisdom/eams/security/authc/local/web/LoginController$LoginMessage.class */
    public static class LoginMessage {
        private boolean result;
        private String message;
        private boolean needCaptcha;

        private LoginMessage(boolean z, String str, boolean z2) {
            this.result = z;
            this.message = str;
            this.needCaptcha = z2;
        }

        public static LoginMessage goodResult() {
            return new LoginMessage(true, null, false);
        }

        public static LoginMessage badResult(String str, boolean z) {
            return new LoginMessage(false, str, z);
        }

        public boolean isResult() {
            return this.result;
        }

        public void setResult(boolean z) {
            this.result = z;
        }

        public String getMessage() {
            return this.message;
        }

        public void setMessage(String str) {
            this.message = str;
        }

        public boolean isNeedCaptcha() {
            return this.needCaptcha;
        }

        public void setNeedCaptcha(boolean z) {
            this.needCaptcha = z;
        }
    }

    @RequestMapping(value = {"/login"}, method = {RequestMethod.GET})
    public ModelAndView page(ModelAndView modelAndView, HttpServletRequest httpServletRequest, HttpSession httpSession) throws Exception {
        if (SecurityUtils.getSubject().isAuthenticated()) {
            modelAndView.setViewName("redirect:/home");
            return modelAndView;
        }
        modelAndView.addObject("ssoLinkList", this.ssoLinkList);
        populateBuildInfo(modelAndView);
        modelAndView.setViewName("security/authc-local/login");
        return modelAndView;
    }

    @RequestMapping(value = {"/${sso.login.uri:sso/login}"}, method = {RequestMethod.GET})
    public void ssoLogin(HttpSession httpSession, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Exception {
        Subject subject = SecurityUtils.getSubject();
        if (!this.useCas.booleanValue()) {
            httpServletResponse.sendRedirect("/login");
            return;
        }
        String targetUrl = CasUtils.getTargetUrl(httpServletRequest);
        if (subject.isAuthenticated()) {
            httpServletResponse.sendRedirect(targetUrl);
            return;
        }
        if (CasUtils.isLogin(httpSession)) {
            httpServletResponse.sendRedirect(targetUrl);
            return;
        }
        if (!CasUtils.hasTicket(httpServletRequest)) {
            httpServletResponse.sendRedirect(CasUtils.getLoginUrl(httpServletRequest));
            return;
        }
        LoginUser loginUser = CasUtils.getLoginUser(httpServletRequest);
        if (!loginUser.isLogin() || !doLogin(loginUser, httpServletRequest, httpSession, subject)) {
            httpServletResponse.sendRedirect(CasUtils.getLogoutUrl(httpServletRequest));
        } else {
            CasUtils.login(loginUser, httpSession);
            httpServletResponse.sendRedirect(targetUrl);
        }
    }

    @RequestMapping(value = {"/install-license"}, method = {RequestMethod.POST})
    @ResponseBody
    public Map<String, Object> installLicense(LicenseFileUploadCmd licenseFileUploadCmd) {
        HashMap hashMap = new HashMap(16);
        try {
            MultipartFile multipartFile = licenseFileUploadCmd.getMultipartFile();
            String str = System.getProperty("user.dir") + File.separator + "license" + File.separator + multipartFile.getOriginalFilename();
            File file = new File(str);
            File parentFile = file.getParentFile();
            if (!parentFile.exists()) {
                parentFile.mkdirs();
                file.createNewFile();
            }
            this.downOrUploadFile.saveFileFromInputStream(multipartFile, str);
            LicenseVertify licenseVertify = new LicenseVertify(this.macUtils.getServerMac());
            if (licenseVertify.install(str) == 1) {
                hashMap.put("success", false);
                hashMap.put("message", "证书无效!");
            } else {
                int vertify = licenseVertify.vertify();
                if (vertify == 0) {
                    hashMap.put("success", true);
                    hashMap.put("message", "验证证书成功!");
                } else if (vertify == 1) {
                    hashMap.put("success", false);
                    hashMap.put("message", "证书已经过期!");
                } else {
                    hashMap.put("success", false);
                    hashMap.put("message", "验证证书失败!MAC地址未匹配!");
                }
            }
        } catch (Exception e) {
            e.printStackTrace();
        }
        return hashMap;
    }

    @RequestMapping(value = {"/sign-up"}, method = {RequestMethod.GET})
    public ModelAndView accountActivatePage(ModelAndView modelAndView) {
        modelAndView.setViewName("account-activate/std/checkerForm");
        return modelAndView;
    }

    private void populateBuildInfo(ModelAndView modelAndView) {
        if (this.infoEndpoint == null) {
            modelAndView.addObject("buildInfo", Collections.emptyMap());
            return;
        }
        Map map = (Map) this.infoEndpoint.invoke().get("build");
        if (map != null) {
            modelAndView.addObject("buildInfo", map);
        } else {
            modelAndView.addObject("buildInfo", Collections.emptyMap());
        }
    }

    @RequestMapping(value = {"/login"}, method = {RequestMethod.POST}, produces = {"application/json"})
    @ResponseBody
    public LoginMessage login(HttpServletRequest httpServletRequest, HttpSession httpSession, @Valid @RequestBody LoginCommand loginCommand) {
        Subject subject = SecurityUtils.getSubject();
        if (subject.isAuthenticated()) {
            return LoginMessage.goodResult();
        }
        incrementAndGetLoginCount(httpSession);
        if (!isNeedCaptcha(httpSession) || StringUtils.equalsIgnoreCase(getCaptcha(httpSession), loginCommand.getCaptcha())) {
            return realLogin(httpServletRequest, httpSession, loginCommand, subject);
        }
        publishLoginFailEvent(loginCommand.getUsername(), "验证码校验失败", null);
        return LoginMessage.badResult(getText("exception.authc.wrong_verify_code"), setNeedCaptcha(httpSession));
    }

    private LoginMessage realLogin(HttpServletRequest httpServletRequest, HttpSession httpSession, LoginCommand loginCommand, Subject subject) {
        LocalAuthcToken localAuthcToken = new LocalAuthcToken();
        localAuthcToken.setHost(httpServletRequest.getRemoteHost());
        localAuthcToken.setUsername(loginCommand.getUsername());
        localAuthcToken.setPassword(loginCommand.getPassword().toCharArray());
        localAuthcToken.setRememberMe(false);
        localAuthcToken.setSha1Salt(getSalt(httpSession));
        try {
            try {
                subject.login(localAuthcToken);
                restoreSessionLife(httpSession);
                this.applicationEventPublisher.publishEvent(new UserLoginSuccessEvent(this, LOGIN_SOURCE, PrincipalHelper.getLoginName(subject)));
                clearLoginCount(httpSession);
                clearNeedCaptcha(httpSession);
                clearSessionLifeBackup(httpSession);
                this.localLogoutUrlStrategy.saveStrategy(httpSession);
                LoginMessage goodResult = LoginMessage.goodResult();
                clearCaptcha(httpSession);
                clearSalt(httpSession);
                return goodResult;
            } catch (Exception e) {
                String str = (String) Optional.ofNullable(e.getMessage()).orElse("未知错误");
                publishLoginFailEvent(loginCommand.getUsername(), str, e);
                LoginMessage createFailureMessage = createFailureMessage(loginCommand, httpSession, str, str);
                clearCaptcha(httpSession);
                clearSalt(httpSession);
                return createFailureMessage;
            } catch (IncorrectCredentialsException e2) {
                publishLoginFailEvent(loginCommand.getUsername(), "密码错误", e2);
                LoginMessage createFailureMessage2 = createFailureMessage(loginCommand, httpSession, "密码错误", getText("exception.authc.wrong_username_or_password"));
                clearCaptcha(httpSession);
                clearSalt(httpSession);
                return createFailureMessage2;
            }
        } catch (Throwable th) {
            clearCaptcha(httpSession);
            clearSalt(httpSession);
            throw th;
        }
    }

    protected LoginMessage createFailureMessage(LoginCommand loginCommand, HttpSession httpSession, String str, String str2) {
        return LoginMessage.badResult(str2, setNeedCaptcha(httpSession));
    }

    @RequestMapping(value = {"/login-salt"}, method = {RequestMethod.GET}, produces = {"text/plain"})
    @ResponseBody
    public String salt(HttpSession httpSession) {
        backupSessionLifeAndMakeItShorter(httpSession);
        String nextString = this.randomStringGenerator.nextString();
        httpSession.setAttribute(SALT_KEY, nextString);
        return nextString;
    }

    @RequestMapping({"/login-captcha"})
    public void captcha(HttpServletResponse httpServletResponse, HttpSession httpSession) {
        httpSession.setAttribute(CAPTCHA_KEY, CaptchaGenerator.writeImageAndReturnText(httpServletResponse));
    }

    private void clearCaptcha(HttpSession httpSession) {
        httpSession.removeAttribute(CAPTCHA_KEY);
    }

    private String getCaptcha(HttpSession httpSession) {
        return (String) httpSession.getAttribute(CAPTCHA_KEY);
    }

    private void clearNeedCaptcha(HttpSession httpSession) {
        httpSession.removeAttribute(NEED_CAPTCHA_KEY);
    }

    protected boolean isNeedCaptcha(HttpSession httpSession) {
        Boolean bool = (Boolean) httpSession.getAttribute(NEED_CAPTCHA_KEY);
        if (bool == null) {
            bool = false;
            httpSession.setAttribute(NEED_CAPTCHA_KEY, (Object) null);
        }
        return bool.booleanValue();
    }

    protected boolean setNeedCaptcha(HttpSession httpSession) {
        httpSession.setAttribute(NEED_CAPTCHA_KEY, true);
        return true;
    }

    private void clearSalt(HttpSession httpSession) {
        httpSession.removeAttribute(SALT_KEY);
    }

    protected String getSalt(HttpSession httpSession) {
        return (String) httpSession.getAttribute(SALT_KEY);
    }

    protected int incrementAndGetLoginCount(HttpSession httpSession) {
        int loginCount = getLoginCount(httpSession) + 1;
        httpSession.setAttribute(LOGIN_COUNT_KEY, Integer.valueOf(loginCount));
        return loginCount;
    }

    protected void clearLoginCount(HttpSession httpSession) {
        httpSession.removeAttribute(LOGIN_COUNT_KEY);
    }

    protected int getLoginCount(HttpSession httpSession) {
        Integer num = (Integer) httpSession.getAttribute(LOGIN_COUNT_KEY);
        if (num == null) {
            num = 0;
            httpSession.setAttribute(LOGIN_COUNT_KEY, (Object) null);
        }
        return num.intValue();
    }

    protected int getLoginSessionMaxInactiveInterval() {
        return 300;
    }

    private void backupSessionLifeAndMakeItShorter(HttpSession httpSession) {
        httpSession.setAttribute(ORIGIN_MAX_INACTIVE_INTERVAL, Integer.valueOf(httpSession.getMaxInactiveInterval()));
        httpSession.setMaxInactiveInterval(getLoginSessionMaxInactiveInterval());
    }

    private void restoreSessionLife(HttpSession httpSession) {
        if (httpSession.getAttribute(ORIGIN_MAX_INACTIVE_INTERVAL) != null) {
            httpSession.setMaxInactiveInterval(((Integer) httpSession.getAttribute(ORIGIN_MAX_INACTIVE_INTERVAL)).intValue());
        }
    }

    private void clearSessionLifeBackup(HttpSession httpSession) {
        httpSession.removeAttribute(ORIGIN_MAX_INACTIVE_INTERVAL);
    }

    private void publishLoginFailEvent(String str, String str2, Exception exc) {
        this.applicationEventPublisher.publishEvent(new UserLoginFailEvent(this, LOGIN_SOURCE, str, str2, exc != null ? exc.getMessage() : null));
    }

    public void setApplicationEventPublisher(ApplicationEventPublisher applicationEventPublisher) {
        this.applicationEventPublisher = applicationEventPublisher;
    }

    public boolean doLogin(LoginUser loginUser, HttpServletRequest httpServletRequest, HttpSession httpSession, Subject subject) {
        httpSession.getServletContext();
        LoginCommand loginCommand = new LoginCommand();
        String account = loginUser.getAccount();
        Account byLoginName = this.accountRepository.getByLoginName(account);
        String nextString = this.randomStringGenerator.nextString();
        httpSession.setAttribute(SALT_KEY, nextString);
        loginCommand.setUsername(account);
        loginCommand.setPassword(new Sha1Hash(nextString + "-" + byLoginName.getPlainPassword()).toHex());
        realLogin(httpServletRequest, httpSession, loginCommand, subject);
        return true;
    }
}
