package com.supwisdom.institute.admin.center.zuul.login;

import com.alibaba.fastjson.JSONObject;
import com.google.common.collect.HashMultimap;
import com.google.common.collect.Multimap;
import com.google.common.collect.Multimaps;
import com.supwisdom.infras.security.configure.idtoken.util.IdTokenUtil;
import com.supwisdom.institute.admin.center.zuul.security.authentication.BlackIpException;
import com.supwisdom.institute.admin.center.zuul.security.authentication.IdleExpireException;
import com.supwisdom.institute.admin.center.zuul.security.authentication.KickOutException;
import com.supwisdom.institute.base.redis.utils.RedisUtils;
import io.jsonwebtoken.Claims;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.data.redis.core.RedisTemplate;
import org.springframework.web.context.request.async.DeferredResult;

/* loaded from: input_file:com/supwisdom/institute/admin/center/zuul/login/OnlineUserService.class */
public class OnlineUserService implements InitializingBean {

    @Value("${application.login.security.reqExcludeList:}")
    private String reqExcludeList;

    @Value("${application.login.security.ipWhiteList:}")
    private String ipWhiteList;

    @Value("${application.login.security.online.kickOut.enabled:false}")
    private boolean kickOutEnabled;

    @Autowired
    private IdTokenUtil idTokenUtil;

    @Autowired
    private RedisTemplate<String, String> subJtiRedisTemplate;

    @Autowired
    private RedisTemplate<String, OnlineUser> jtiOnlineUserRedisTemplate;
    private static final String SUB_JTI_REDIS_KEY_PREFIX = "ONLIEN_USER:SUB_JTI:sub:";
    private static final String JTI_ONLINE_USER_REDIS_KEY_PREFIX = "ONLIEN_USER:JTI_ONLINE_USER:jti:";
    private static final Logger log = LoggerFactory.getLogger(OnlineUserService.class);
    public static volatile Multimap<String, DeferredResult<String>> watchRequests = Multimaps.synchronizedMultimap(HashMultimap.create());
    private Set<String> reqExcludeRanges = new HashSet();
    private Set<String> ipRanges = new HashSet();

    @Value("${application.login.security.online.idleTimeInSeconds:1800}")
    private long idleTimeInSeconds = 1800;
    private final Map<String, String> mapSubJtiContainer = new ConcurrentHashMap();
    private final Map<String, OnlineUser> mapJtiOnlineUserContainer = new ConcurrentHashMap();

    public void afterPropertiesSet() throws Exception {
        if (StringUtils.isNotBlank(this.ipWhiteList)) {
            this.ipRanges.addAll(Arrays.asList(this.ipWhiteList.split(",")));
        }
        if (StringUtils.isNotBlank(this.reqExcludeList)) {
            this.reqExcludeRanges.addAll(Arrays.asList(this.reqExcludeList.split(",")));
        }
    }

    public void login(String str, String str2, String str3, String str4, long j, long j2, String str5, String str6, String str7) {
        OnlineUser onlineUserFromCache;
        long currentTimeMillis = System.currentTimeMillis();
        long j3 = j2 - (currentTimeMillis / 1000);
        if (j3 < 0) {
            j3 = -1;
        }
        log.debug("expireTime is {}", Long.valueOf(j3));
        boolean z = false;
        if (this.reqExcludeRanges != null && !this.reqExcludeRanges.isEmpty()) {
            z = this.reqExcludeRanges.contains(str4);
        }
        if (z) {
            return;
        }
        boolean z2 = false;
        if (this.ipRanges == null || this.ipRanges.isEmpty()) {
            log.debug("ipWhiteList not set, allow all ips.");
            z2 = true;
        } else {
            Iterator<String> it = this.ipRanges.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                if (isInRange(str6, it.next())) {
                    log.debug("ipWhiteList is set, allow ip {}.", str6);
                    z2 = true;
                    break;
                }
            }
        }
        if (!z2) {
            log.error("ip [{}] is not in ipWhiteList [{}]", str6, this.ipWhiteList);
            throw new BlackIpException("ip black.");
        }
        OnlineUser onlineUserFromCache2 = getOnlineUserFromCache(str);
        if (onlineUserFromCache2 != null) {
            if (this.kickOutEnabled && onlineUserFromCache2.isKickOut()) {
                log.error("user [{}] token [{}] is kick_out.", str2, str);
                sendDeferredResult(onlineUserFromCache2.getToken());
                throw new KickOutException("token kick_out.");
            }
            if (this.idleTimeInSeconds > 0 && onlineUserFromCache2.isIdleExp(this.idleTimeInSeconds)) {
                setOnlineUserToCache(str, onlineUserFromCache2, j3);
                log.error("user [{}] token [{}] is idle_expire.", str2, str);
                sendDeferredResult(onlineUserFromCache2.getToken());
                throw new IdleExpireException("token idle_expire.");
            }
            onlineUserFromCache2.used();
            setOnlineUserToCache(str, onlineUserFromCache2, j3);
            log.info("user [{}] token [{}] used.", str2, str);
        }
        String jtiFromCache = getJtiFromCache(str2);
        if (str.equals(jtiFromCache)) {
            return;
        }
        if (this.kickOutEnabled && jtiFromCache != null && (onlineUserFromCache = getOnlineUserFromCache(jtiFromCache)) != null) {
            onlineUserFromCache.kickOut();
            setOnlineUserToCache(jtiFromCache, onlineUserFromCache, j3);
            log.warn("user [{}] token [{}] kicked.", str2, jtiFromCache);
            sendDeferredResult(onlineUserFromCache.getToken());
        }
        OnlineUser onlineUser = new OnlineUser(str, str2, j, j2, str5, str6, str7, currentTimeMillis / 1000, 1);
        setJtiToCache(str2, str, j3);
        setOnlineUserToCache(str, onlineUser, j3);
        log.info("user [{}] token [{}] created.", str2, str);
    }

    public void sendDeferredResult(String str) {
        if (watchRequests.containsKey(str)) {
            boolean z = false;
            Claims claimsFromToken = this.idTokenUtil.getClaimsFromToken(str);
            if (claimsFromToken != null) {
                long detectUserOnline = detectUserOnline(String.valueOf(claimsFromToken.get("jti")), String.valueOf(claimsFromToken.get("sub")), str);
                z = detectUserOnline == Long.MIN_VALUE || detectUserOnline > 0;
            }
            if (z) {
                return;
            }
            JSONObject jSONObject = new JSONObject();
            JSONObject jSONObject2 = new JSONObject();
            jSONObject2.put("error", "已失效");
            jSONObject.put("code", 1);
            jSONObject.put("message", "已失效");
            jSONObject.put("error", jSONObject2);
            String jSONString = jSONObject.toJSONString();
            Iterator it = watchRequests.get(str).iterator();
            while (it.hasNext()) {
                ((DeferredResult) it.next()).setResult(jSONString);
            }
        }
    }

    public long detectUserOnline(String str, String str2, String str3) {
        OnlineUser onlineUserFromCache = getOnlineUserFromCache(str);
        if (onlineUserFromCache == null) {
            return Long.MIN_VALUE;
        }
        if (this.kickOutEnabled && onlineUserFromCache.isKickOut()) {
            log.warn("OnlineUser [{}] is kick out", onlineUserFromCache);
            return 0L;
        }
        if (this.idleTimeInSeconds > 0 && onlineUserFromCache.isIdleExp(this.idleTimeInSeconds)) {
            log.warn("OnlineUser [{}] is idle exp", onlineUserFromCache);
            return 0L;
        }
        if (this.idleTimeInSeconds < 0) {
            return Long.MIN_VALUE;
        }
        long reserveTimeInSeconds = onlineUserFromCache.reserveTimeInSeconds(this.idleTimeInSeconds);
        log.warn("OnlineUser [{}] reserve time is {}", onlineUserFromCache, Long.valueOf(reserveTimeInSeconds));
        return reserveTimeInSeconds;
    }

    private boolean isInRange(String str, String str2) {
        String[] split = str.split("\\.");
        int parseInt = (Integer.parseInt(split[0]) << 24) | (Integer.parseInt(split[1]) << 16) | (Integer.parseInt(split[2]) << 8) | Integer.parseInt(split[3]);
        int i = 32;
        if (str2.indexOf("/") > 0) {
            i = Integer.parseInt(str2.replaceAll(".*/", ""));
        }
        int i2 = (-1) << (32 - i);
        String[] split2 = str2.replaceAll("/.*", "").split("\\.");
        return (parseInt & i2) == (((((Integer.parseInt(split2[0]) << 24) | (Integer.parseInt(split2[1]) << 16)) | (Integer.parseInt(split2[2]) << 8)) | Integer.parseInt(split2[3])) & i2);
    }

    private String getRedisKey(String str, String str2) {
        return str + str2;
    }

    private String getJtiFromCache(String str) {
        if (this.subJtiRedisTemplate != null) {
            return (String) RedisUtils.redisTemplate(this.subJtiRedisTemplate).getValue(getRedisKey(SUB_JTI_REDIS_KEY_PREFIX, str));
        }
        if (this.mapSubJtiContainer.containsKey(str)) {
            return this.mapSubJtiContainer.get(str);
        }
        return null;
    }

    private void setJtiToCache(String str, String str2, long j) {
        if (this.subJtiRedisTemplate == null) {
            this.mapSubJtiContainer.put(str, str2);
        } else {
            RedisUtils.redisTemplate(this.subJtiRedisTemplate).setValue(getRedisKey(SUB_JTI_REDIS_KEY_PREFIX, str), Long.valueOf(j), str2);
        }
    }

    private OnlineUser getOnlineUserFromCache(String str) {
        if (this.jtiOnlineUserRedisTemplate != null) {
            return (OnlineUser) RedisUtils.redisTemplate(this.jtiOnlineUserRedisTemplate).getValue(getRedisKey(JTI_ONLINE_USER_REDIS_KEY_PREFIX, str));
        }
        if (this.mapJtiOnlineUserContainer.containsKey(str)) {
            return this.mapJtiOnlineUserContainer.get(str);
        }
        return null;
    }

    private void setOnlineUserToCache(String str, OnlineUser onlineUser, long j) {
        if (this.jtiOnlineUserRedisTemplate == null) {
            this.mapJtiOnlineUserContainer.put(str, onlineUser);
        } else {
            RedisUtils.redisTemplate(this.jtiOnlineUserRedisTemplate).setValue(getRedisKey(JTI_ONLINE_USER_REDIS_KEY_PREFIX, str), Long.valueOf(j), onlineUser);
        }
    }
}
