package com.supwisdom.insititute.attest.server.guard.webapi.controller;

import com.alibaba.fastjson.JSONObject;
import com.supwisdom.insititute.attest.server.core.request.HttpRequestUtils;
import com.supwisdom.insititute.attest.server.core.request.UserAgentUtils;
import com.supwisdom.insititute.attest.server.core.utils.QrCodeGenerator;
import com.supwisdom.insititute.attest.server.guard.domain.core.GuardService;
import com.supwisdom.insititute.attest.server.guard.domain.core.GuardTokenStatus;
import com.supwisdom.insititute.attest.server.guard.domain.core.utils.dingtalk.DingTalkUtils;
import com.supwisdom.insititute.attest.server.guard.domain.core.utils.weixinmp.WeixinMPUtils;
import com.supwisdom.insititute.attest.server.guard.domain.core.utils.workweixin.WorkWeixinUtils;
import com.supwisdom.insititute.attest.server.guard.domain.qrcode.QrCodeGuardToken;
import com.supwisdom.insititute.attest.server.guard.webapi.vo.request.QrCodeGuardAgreeRequest;
import com.supwisdom.insititute.attest.server.guard.webapi.vo.request.QrCodeGuardInitRequest;
import com.supwisdom.insititute.attest.server.guard.webapi.vo.request.QrCodeGuardSendRequest;
import com.supwisdom.insititute.attest.server.guard.webapi.vo.request.QrCodeGuardStatusRequest;
import com.supwisdom.insititute.attest.server.guard.webapi.vo.request.QrCodeGuardVerifyRequest;
import com.supwisdom.insititute.attest.server.remote.domain.account.entity.Account;
import com.supwisdom.insititute.attest.server.remote.domain.account.service.AccountService;
import com.supwisdom.insititute.attest.server.remote.domain.federation.entity.Federation;
import com.supwisdom.insititute.attest.server.remote.domain.federation.service.UserSaFederationService;
import com.supwisdom.insititute.attest.server.remote.domain.token.JWTTokenValidator;
import io.jsonwebtoken.Claims;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.cache.interceptor.CacheOperationExpressionEvaluator;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.servlet.ModelAndView;
import org.springframework.web.servlet.tags.BindTag;
import org.springframework.web.servlet.view.RedirectView;
import org.springframework.web.util.WebUtils;

@RequestMapping(path = {"/api/guard/qrcode"})
@Controller
/* loaded from: input_file:BOOT-INF/lib/attest-server-guard-web-api-1.4.9-RELEASE.jar:com/supwisdom/insititute/attest/server/guard/webapi/controller/QrCodeGuardController.class */
public class QrCodeGuardController {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) QrCodeGuardController.class);

    @Value("${attest-server.prefix:http://localhost:8071/attest}")
    private String attestServerPrefix;

    @Autowired
    @Qualifier("qrCodeGuardService")
    private GuardService qrCodeGuardService;

    @Autowired
    private AccountService userSaAccountService;

    @Autowired
    private UserSaFederationService userSaFederationService;

    @Autowired
    private JWTTokenValidator jwtTokenValidator;

    @Value("${attest-server.qrcode.superapp.enabled:true}")
    private boolean qrcodeSuperappEnabled;

    @Value("${attest-server.qrcode.weixinmp.enabled:false}")
    private boolean qrcodeWeixinmpEnabled;

    @Value("${attest-server.qrcode.weixinmp.appid:}")
    private String qrcodeWeixinmpAppId;

    @Value("${attest-server.qrcode.weixinmp.appsecret:}")
    private String qrcodeWeixinmpAppSecret;

    @Value("${attest-server.qrcode.workweixinh5.enabled:false}")
    private boolean qrcodeWorkweixinH5Enabled;

    @Value("${attest-server.qrcode.workweixinh5.corpid:}")
    private String qrcodeWorkweixinH5CorpId;

    @Value("${attest-server.qrcode.workweixinh5.secret:}")
    private String qrcodeWorkweixinH5Secret;

    @Value("${attest-server.qrcode.dingtalkh5.enabled:false}")
    private boolean qrcodeDingtalkH5Enabled;

    @Value("${attest-server.qrcode.dingtalkh5.appid:}")
    private String qrcodeDingtalkH5AppId;

    @Value("${attest-server.qrcode.dingtalkh5.appsecret:}")
    private String qrcodeDingtalkH5AppSecret;

    @PostMapping(path = {"/init"}, consumes = {"application/json;charset=UTF-8"}, produces = {"application/json;charset=UTF-8"})
    @ResponseBody
    public JSONObject init(@RequestBody QrCodeGuardInitRequest qrCodeGuardInitRequest) {
        String username;
        String state;
        List<Account> loadAccountsByUsername;
        log.debug("QrCodeGuardInitRequest is {}", qrCodeGuardInitRequest);
        int i = -1;
        Object obj = null;
        JSONObject jSONObject = new JSONObject();
        jSONObject.put("attestServerUrl", this.attestServerPrefix);
        try {
            username = qrCodeGuardInitRequest.getUsername();
            state = qrCodeGuardInitRequest.getState();
            loadAccountsByUsername = this.userSaAccountService.loadAccountsByUsername(username);
        } catch (Exception e) {
            log.error(e.getMessage());
            e.printStackTrace();
            obj = e.getMessage();
        }
        if (loadAccountsByUsername == null || loadAccountsByUsername.size() == 0) {
            throw new Exception("Account [" + username + "] is not exist");
        }
        Map<String, Federation> loadByUserId = this.userSaFederationService.loadByUserId(loadAccountsByUsername.get(0).getUserId());
        jSONObject.put("gid", this.qrCodeGuardService.init(username, state, qrCodeGuardInitRequest.getAllClaims()));
        JSONObject jSONObject2 = new JSONObject();
        jSONObject2.put("superappEnabled", (Object) Boolean.valueOf(this.qrcodeSuperappEnabled));
        jSONObject2.put("weixinmpEnabled", (Object) Boolean.valueOf(this.qrcodeWeixinmpEnabled));
        jSONObject2.put("workweixinh5Enabled", (Object) Boolean.valueOf(this.qrcodeWorkweixinH5Enabled));
        jSONObject2.put("dingtalkh5Enabled", (Object) Boolean.valueOf(this.qrcodeDingtalkH5Enabled));
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        if (this.qrcodeSuperappEnabled) {
            arrayList.add("superapp");
            arrayList2.add("superapp");
        }
        if (this.qrcodeWeixinmpEnabled) {
            arrayList.add("weixinmp");
            if (loadByUserId.containsKey("openweixin")) {
                arrayList2.add("weixinmp");
            }
        }
        if (this.qrcodeWorkweixinH5Enabled) {
            arrayList.add("workweixinh5");
            if (loadByUserId.containsKey("workweixin")) {
                arrayList2.add("workweixinh5");
            }
        }
        if (this.qrcodeDingtalkH5Enabled) {
            arrayList.add("dingtalkh5");
            if (loadByUserId.containsKey("dingtalk")) {
                arrayList2.add("dingtalkh5");
            }
        }
        jSONObject2.put("scanTypes", (Object) arrayList);
        jSONObject2.put("userScanTypes", (Object) loadByUserId.keySet());
        jSONObject.put("qrCode", (Object) jSONObject2);
        i = 0;
        JSONObject jSONObject3 = new JSONObject();
        jSONObject3.put("code", Integer.valueOf(i));
        jSONObject3.put("message", obj);
        jSONObject3.put("data", (Object) jSONObject);
        return jSONObject3;
    }

    @PostMapping(path = {"/send"}, consumes = {"application/json;charset=UTF-8"}, produces = {"application/json;charset=UTF-8"})
    @ResponseBody
    public JSONObject send(@RequestBody QrCodeGuardSendRequest qrCodeGuardSendRequest, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        int i = -1;
        String str = null;
        JSONObject jSONObject = new JSONObject();
        try {
            httpServletRequest.getRemoteAddr();
            httpServletRequest.getHeader(HttpRequestUtils.USER_AGENT_HEADER);
            httpServletRequest.getHeader("X-Attest-Device-Id");
            String gid = qrCodeGuardSendRequest.getGid();
            String send = this.qrCodeGuardService.send(gid);
            jSONObject.put(CacheOperationExpressionEvaluator.RESULT_VARIABLE, (Object) "ok");
            jSONObject.put("callbackCode", (Object) send);
            jSONObject.put("scanQrcode", (Object) (this.attestServerPrefix + String.format("/api/guard/qrcode/open/scanQrcode/%s/%s.png", gid, send)));
            i = 0;
        } catch (Exception e) {
            log.error(e.getMessage());
            e.printStackTrace();
            str = e.getMessage();
        }
        JSONObject jSONObject2 = new JSONObject();
        jSONObject2.put("code", (Object) Integer.valueOf(i));
        jSONObject2.put("message", (Object) str);
        jSONObject2.put("data", (Object) jSONObject);
        return jSONObject2;
    }

    @GetMapping(path = {"/open/scanQrcode/{gid}/{callbackCode}.png"})
    public void scanQrcode(@PathVariable(name = "gid") String str, @PathVariable(name = "callbackCode") String str2, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        httpServletResponse.setContentType("image/png");
        try {
            QrCodeGenerator.getQrCodeWithUrl(((QrCodeGuardToken) this.qrCodeGuardService.load(str, QrCodeGuardToken.class)).getCallbackUrl(), 256, 256, httpServletResponse);
        } catch (Exception e) {
            e.printStackTrace();
        }
    }

    @PostMapping(path = {"/status"}, consumes = {"application/json;charset=UTF-8"}, produces = {"application/json;charset=UTF-8"})
    @ResponseBody
    public JSONObject status(@RequestBody QrCodeGuardStatusRequest qrCodeGuardStatusRequest, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        int i = -1;
        String str = null;
        JSONObject jSONObject = new JSONObject();
        try {
            httpServletRequest.getRemoteAddr();
            httpServletRequest.getHeader(HttpRequestUtils.USER_AGENT_HEADER);
            httpServletRequest.getHeader("X-Attest-Device-Id");
            GuardTokenStatus status = this.qrCodeGuardService.status(qrCodeGuardStatusRequest.getGid());
            jSONObject.put(BindTag.STATUS_VARIABLE_NAME, (Object) Integer.valueOf(status.getStatus()));
            jSONObject.put("statusCode", (Object) status.name());
            i = 0;
        } catch (Exception e) {
            log.error(e.getMessage());
            e.printStackTrace();
            str = e.getMessage();
        }
        JSONObject jSONObject2 = new JSONObject();
        jSONObject2.put("code", (Object) Integer.valueOf(i));
        jSONObject2.put("message", (Object) str);
        jSONObject2.put("data", (Object) jSONObject);
        return jSONObject2;
    }

    @PostMapping(path = {"/verify"}, consumes = {"application/json;charset=UTF-8"}, produces = {"application/json;charset=UTF-8"})
    @ResponseBody
    public JSONObject verify(@RequestBody QrCodeGuardVerifyRequest qrCodeGuardVerifyRequest, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        int i = -1;
        String str = null;
        JSONObject jSONObject = new JSONObject();
        try {
            GuardTokenStatus verify = this.qrCodeGuardService.verify(qrCodeGuardVerifyRequest.getGid(), qrCodeGuardVerifyRequest.getUsername(), qrCodeGuardVerifyRequest.getState(), qrCodeGuardVerifyRequest.getAllClaims());
            jSONObject.put(BindTag.STATUS_VARIABLE_NAME, (Object) Integer.valueOf(verify.getStatus()));
            jSONObject.put("statusCode", (Object) verify.name());
            i = 0;
        } catch (Exception e) {
            log.error(e.getMessage());
            e.printStackTrace();
            str = e.getMessage();
        }
        JSONObject jSONObject2 = new JSONObject();
        jSONObject2.put("code", (Object) Integer.valueOf(i));
        jSONObject2.put("message", (Object) str);
        jSONObject2.put("data", (Object) jSONObject);
        return jSONObject2;
    }

    @RequestMapping(path = {"/open/callback.html"})
    public ModelAndView callback(@RequestParam(name = "gid", required = true) String str, @RequestParam(name = "callbackCode", required = true) String str2, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        ModelAndView modelAndView = new ModelAndView("qrcode/open/callback/callback");
        ModelAndView modelAndView2 = new ModelAndView("qrcode/open/callback/error");
        try {
            String httpServletRequestUserAgent = HttpRequestUtils.getHttpServletRequestUserAgent(httpServletRequest);
            log.debug("qrcode guard, callback, Request user agent [{}], gid [{}]", httpServletRequestUserAgent, str);
            boolean isSuperApp = UserAgentUtils.isSuperApp(httpServletRequestUserAgent);
            boolean isWechatClient = UserAgentUtils.isWechatClient(httpServletRequestUserAgent);
            boolean isWorkweixin = UserAgentUtils.isWorkweixin(httpServletRequestUserAgent);
            boolean isDingtalk = UserAgentUtils.isDingtalk(httpServletRequestUserAgent);
            modelAndView.addObject("isSuperApp", Boolean.valueOf(isSuperApp));
            modelAndView.addObject("isWechat", Boolean.valueOf(isWechatClient));
            modelAndView.addObject("isWorkweixin", Boolean.valueOf(isWorkweixin));
            modelAndView.addObject("isDingtalk", Boolean.valueOf(isDingtalk));
            modelAndView2.addObject("isSuperApp", Boolean.valueOf(isSuperApp));
            modelAndView2.addObject("isWechat", Boolean.valueOf(isWechatClient));
            modelAndView2.addObject("isWorkweixin", Boolean.valueOf(isWorkweixin));
            modelAndView2.addObject("isDingtalk", Boolean.valueOf(isDingtalk));
            GuardTokenStatus status = this.qrCodeGuardService.status(str);
            if (!GuardTokenStatus.SENT.equals(status)) {
                log.error("GuardToken status error. status is {}", Integer.valueOf(status.getStatus()));
                modelAndView2.addObject("error", "GuardToken 状态无效");
                return modelAndView2;
            }
            GuardTokenStatus status2 = this.qrCodeGuardService.status(str);
            if (GuardTokenStatus.SENT.equals(status2) && this.qrcodeSuperappEnabled && UserAgentUtils.isSuperApp(httpServletRequestUserAgent)) {
                ModelAndView doSuperappScan = doSuperappScan(str, str2, httpServletRequest, httpServletResponse);
                if (doSuperappScan != null) {
                    doSuperappScan.addObject("isSuperApp", Boolean.valueOf(isSuperApp));
                    doSuperappScan.addObject("isWechat", Boolean.valueOf(isWechatClient));
                    doSuperappScan.addObject("isWorkweixin", Boolean.valueOf(isWorkweixin));
                    doSuperappScan.addObject("isDingtalk", Boolean.valueOf(isDingtalk));
                    return doSuperappScan;
                }
                status2 = this.qrCodeGuardService.status(str);
            }
            if (GuardTokenStatus.SENT.equals(status2) && this.qrcodeWeixinmpEnabled && UserAgentUtils.isWechatClient(httpServletRequestUserAgent)) {
                ModelAndView doWechatScan = doWechatScan(str, str2, httpServletRequest, httpServletResponse);
                if (doWechatScan != null) {
                    doWechatScan.addObject("isSuperApp", Boolean.valueOf(isSuperApp));
                    doWechatScan.addObject("isWechat", Boolean.valueOf(isWechatClient));
                    doWechatScan.addObject("isWorkweixin", Boolean.valueOf(isWorkweixin));
                    doWechatScan.addObject("isDingtalk", Boolean.valueOf(isDingtalk));
                    return doWechatScan;
                }
                status2 = this.qrCodeGuardService.status(str);
            }
            if (GuardTokenStatus.SENT.equals(status2) && this.qrcodeWorkweixinH5Enabled && (UserAgentUtils.isWorkweixin(httpServletRequestUserAgent) || UserAgentUtils.isWechatClient(httpServletRequestUserAgent))) {
                ModelAndView doWorkWeixinScan = doWorkWeixinScan(str, str2, httpServletRequest, httpServletResponse);
                if (doWorkWeixinScan != null) {
                    doWorkWeixinScan.addObject("isSuperApp", Boolean.valueOf(isSuperApp));
                    doWorkWeixinScan.addObject("isWechat", Boolean.valueOf(isWechatClient));
                    doWorkWeixinScan.addObject("isWorkweixin", Boolean.valueOf(isWorkweixin));
                    doWorkWeixinScan.addObject("isDingtalk", Boolean.valueOf(isDingtalk));
                    return doWorkWeixinScan;
                }
                status2 = this.qrCodeGuardService.status(str);
            }
            if (GuardTokenStatus.SENT.equals(status2) && this.qrcodeDingtalkH5Enabled && UserAgentUtils.isDingtalk(httpServletRequestUserAgent)) {
                ModelAndView doDingtalkScan = doDingtalkScan(str, str2, httpServletRequest, httpServletResponse);
                if (doDingtalkScan != null) {
                    doDingtalkScan.addObject("isSuperApp", Boolean.valueOf(isSuperApp));
                    doDingtalkScan.addObject("isWechat", Boolean.valueOf(isWechatClient));
                    doDingtalkScan.addObject("isWorkweixin", Boolean.valueOf(isWorkweixin));
                    doDingtalkScan.addObject("isDingtalk", Boolean.valueOf(isDingtalk));
                    return doDingtalkScan;
                }
                status2 = this.qrCodeGuardService.status(str);
            }
            if (!GuardTokenStatus.SCANED.equals(status2)) {
                log.error("scan error");
                modelAndView2.addObject("error", "扫码错误，不支持在当前客户端内扫码");
                return modelAndView2;
            }
            modelAndView.addObject(BindTag.STATUS_VARIABLE_NAME, Integer.valueOf(status2.getStatus()));
            modelAndView.addObject("gid", str);
            modelAndView.addObject("code", str2);
            log.debug("show callback view");
            return modelAndView;
        } catch (Exception e) {
            log.error(e.getMessage());
            e.printStackTrace();
            modelAndView2.addObject("error", e.getMessage());
            return modelAndView2;
        }
    }

    private ModelAndView doSuperappScan(String str, String str2, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        Cookie cookie;
        ModelAndView modelAndView = new ModelAndView("qrcode/open/callback/error");
        if (!this.qrcodeSuperappEnabled) {
            return null;
        }
        QrCodeGuardToken qrCodeGuardToken = (QrCodeGuardToken) this.qrCodeGuardService.load(str, QrCodeGuardToken.class);
        if (qrCodeGuardToken == null) {
            log.error("QrCodeGuardToken 为空.");
            modelAndView.addObject("error", "QrCodeGuardToken 为空");
            return modelAndView;
        }
        String parameter = httpServletRequest.getParameter("JWTToken");
        log.debug("Received token from paramter: [{}]", parameter);
        if (StringUtils.isBlank(parameter)) {
            String header = httpServletRequest.getHeader("Authorization");
            log.debug("Received token from header: [{}]", header);
            if (!StringUtils.isBlank(header) && header.startsWith("JWTToken ")) {
                parameter = header.substring("JWTToken ".length());
            }
        }
        if (StringUtils.isBlank(parameter)) {
            String str3 = null;
            String parameter2 = httpServletRequest.getParameter("idToken");
            log.debug("idTokenParamterValue is [{}]", parameter2);
            if (parameter2 != null && !parameter2.isEmpty()) {
                str3 = parameter2;
            }
            if (str3 == null) {
                String header2 = httpServletRequest.getHeader("X-Id-Token");
                log.debug("idTokenHeaderValue is [{}]", header2);
                if (header2 != null && !header2.isEmpty()) {
                    str3 = header2;
                }
            }
            if (str3 == null && (cookie = WebUtils.getCookie(httpServletRequest, "X-Id-Token")) != null) {
                String value = cookie.getValue();
                log.debug("idTokenCookieValue is [{}]", value);
                if (value != null && !value.isEmpty()) {
                    str3 = value;
                }
            }
            log.debug("idToken is [{}]", str3);
            if (str3 != null && !str3.isEmpty()) {
                parameter = str3;
            }
        }
        if (StringUtils.isBlank(parameter)) {
            log.error("Id-Token 为空.");
            modelAndView.addObject("error", "Id-Token 为空");
            return modelAndView;
        }
        Claims claimsFromToken = this.jwtTokenValidator.getClaimsFromToken(parameter);
        if (claimsFromToken == null) {
            log.error("Id-Token 无效. {}", parameter);
            modelAndView.addObject("error", "Id-Token 无效");
            return modelAndView;
        }
        String subject = claimsFromToken.getSubject();
        ArrayList arrayList = new ArrayList();
        arrayList.add(subject);
        qrCodeGuardToken.setStatus(GuardTokenStatus.SCANED);
        qrCodeGuardToken.setUsernameRaws(arrayList);
        this.qrCodeGuardService.store(qrCodeGuardToken);
        return null;
    }

    private ModelAndView doWechatScan(String str, String str2, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        ModelAndView modelAndView = new ModelAndView("qrcode/open/callback/error");
        if (!this.qrcodeWeixinmpEnabled) {
            return null;
        }
        String str3 = this.qrcodeWeixinmpAppId;
        String str4 = this.qrcodeWeixinmpAppSecret;
        if (StringUtils.isBlank(str3)) {
            throw new RuntimeException("微信扫码，配置无效（appId、appSecret)");
        }
        if (StringUtils.isBlank(str4)) {
            throw new RuntimeException("微信扫码，配置无效（appId、appSecret）");
        }
        QrCodeGuardToken qrCodeGuardToken = (QrCodeGuardToken) this.qrCodeGuardService.load(str, QrCodeGuardToken.class);
        if (qrCodeGuardToken == null) {
            log.error("QrCodeGuardToken 为空.");
            modelAndView.addObject("error", "QrCodeGuardToken 为空");
            return modelAndView;
        }
        String parameter = httpServletRequest.getParameter("code");
        if (StringUtils.isBlank(parameter)) {
            String callbackUrl = qrCodeGuardToken.getCallbackUrl();
            log.debug("scan by weixinmp, doWechatScan, redirectUrl is {}", callbackUrl);
            String authorizeUrl = WeixinMPUtils.getAuthorizeUrl(str3, callbackUrl, str);
            log.info("scan by weixin, doWechatScan, redirect to url [{}]", authorizeUrl);
            return new ModelAndView(new RedirectView(authorizeUrl));
        }
        String str5 = null;
        try {
            if (StringUtils.isNotBlank(parameter)) {
                String userinfo = WeixinMPUtils.getUserinfo(str3, str4, parameter);
                if (StringUtils.isNotBlank(userinfo)) {
                    log.info("user from weixin mp: {}", userinfo);
                    JSONObject parseObject = JSONObject.parseObject(userinfo);
                    String string = parseObject.getString("openid");
                    String string2 = parseObject.getString("unionid");
                    str5 = string;
                    if (StringUtils.isNotBlank(string2)) {
                        str5 = string2;
                    }
                }
            }
            if (str5 == null) {
                throw new IllegalArgumentException("Unable to determine federated userinfo from the context with client openweixin");
            }
            Federation loadByFederatedTypeId = this.userSaFederationService.loadByFederatedTypeId("openweixin", str5);
            if (loadByFederatedTypeId == null) {
                log.error("当前的微信号尚未绑定认证账号，请先在电脑端登录页面进行绑定");
                modelAndView.addObject("error", "当前的微信号尚未绑定认证账号，请先在电脑端登录页面进行绑定");
                return modelAndView;
            }
            List<Account> loadAccountsByUserId = this.userSaAccountService.loadAccountsByUserId(loadByFederatedTypeId.getUserId());
            ArrayList arrayList = new ArrayList();
            if (loadAccountsByUserId != null && loadAccountsByUserId.size() > 0) {
                Iterator<Account> it = loadAccountsByUserId.iterator();
                while (it.hasNext()) {
                    arrayList.add(it.next().getUsername());
                }
            }
            qrCodeGuardToken.setStatus(GuardTokenStatus.SCANED);
            qrCodeGuardToken.setUsernameRaws(arrayList);
            this.qrCodeGuardService.store(qrCodeGuardToken);
            return null;
        } catch (Exception e) {
            e.printStackTrace();
            log.error("微信登录异常");
            modelAndView.addObject("error", "微信登录异常");
            return modelAndView;
        }
    }

    private ModelAndView doWorkWeixinScan(String str, String str2, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        ModelAndView modelAndView = new ModelAndView("qrcode/open/callback/error");
        String str3 = this.qrcodeWorkweixinH5CorpId;
        String str4 = this.qrcodeWorkweixinH5Secret;
        if (!this.qrcodeWorkweixinH5Enabled) {
            return null;
        }
        if (StringUtils.isBlank(str3) || StringUtils.isBlank(str4)) {
            throw new RuntimeException("企业微信扫码，配置无效（corpId、corpSecret）");
        }
        QrCodeGuardToken qrCodeGuardToken = (QrCodeGuardToken) this.qrCodeGuardService.load(str, QrCodeGuardToken.class);
        if (qrCodeGuardToken == null) {
            log.error("QrCodeGuardToken 为空.");
            modelAndView.addObject("error", "QrCodeGuardToken 为空");
            return modelAndView;
        }
        String parameter = httpServletRequest.getParameter("code");
        if (StringUtils.isBlank(parameter)) {
            String callbackUrl = qrCodeGuardToken.getCallbackUrl();
            log.debug("scan by work weixin, doWorkWeixinScan, redirectUrl is {}", callbackUrl);
            String oAuth2AuthorizeUrl = WorkWeixinUtils.getOAuth2AuthorizeUrl(str3, callbackUrl, str);
            log.info("scan by work weixin, doWorkWeixinScan, redirect to url [{}]", oAuth2AuthorizeUrl);
            return new ModelAndView(new RedirectView(oAuth2AuthorizeUrl));
        }
        String str5 = null;
        try {
            String userId = WorkWeixinUtils.getUserId(str3, str4, parameter);
            if (StringUtils.isNotBlank(userId)) {
                str5 = userId;
            }
            if (str5 == null) {
                throw new IllegalArgumentException("Unable to determine federated userinfo from the context with client workweixin");
            }
            Federation loadByFederatedTypeId = this.userSaFederationService.loadByFederatedTypeId("workweixin", str5);
            if (loadByFederatedTypeId == null) {
                log.error("当前的企业微信帐号尚未绑定认证账号，请先在电脑端登录页面进行绑定");
                modelAndView.addObject("error", "当前的企业微信帐号尚未绑定认证账号，请先在电脑端登录页面进行绑定");
                return modelAndView;
            }
            List<Account> loadAccountsByUserId = this.userSaAccountService.loadAccountsByUserId(loadByFederatedTypeId.getUserId());
            ArrayList arrayList = new ArrayList();
            if (loadAccountsByUserId != null && loadAccountsByUserId.size() > 0) {
                Iterator<Account> it = loadAccountsByUserId.iterator();
                while (it.hasNext()) {
                    arrayList.add(it.next().getUsername());
                }
            }
            qrCodeGuardToken.setStatus(GuardTokenStatus.SCANED);
            qrCodeGuardToken.setUsernameRaws(arrayList);
            this.qrCodeGuardService.store(qrCodeGuardToken);
            return null;
        } catch (Exception e) {
            e.printStackTrace();
            log.error("企业微信登录异常");
            modelAndView.addObject("error", "企业微信登录异常");
            return modelAndView;
        }
    }

    private ModelAndView doDingtalkScan(String str, String str2, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        ModelAndView modelAndView = new ModelAndView("qrcode/open/callback/error");
        String str3 = this.qrcodeDingtalkH5AppId;
        String str4 = this.qrcodeDingtalkH5AppSecret;
        if (!this.qrcodeDingtalkH5Enabled) {
            return null;
        }
        if (StringUtils.isBlank(str3) || StringUtils.isBlank(str4)) {
            throw new RuntimeException("钉钉扫码，配置无效（appKey，appSecret）");
        }
        QrCodeGuardToken qrCodeGuardToken = (QrCodeGuardToken) this.qrCodeGuardService.load(str, QrCodeGuardToken.class);
        if (qrCodeGuardToken == null) {
            log.error("QrCodeGuardToken 为空.");
            modelAndView.addObject("error", "QrCodeGuardToken 为空");
            return modelAndView;
        }
        String parameter = httpServletRequest.getParameter("code");
        if (StringUtils.isBlank(parameter)) {
            String callbackUrl = qrCodeGuardToken.getCallbackUrl();
            log.debug("scan by dingtalk, doDingtalkScan, redirectUrl is {}", callbackUrl);
            String snsAuthorizeUrl = DingTalkUtils.getSnsAuthorizeUrl(str3, callbackUrl, str);
            log.info("scan by dingtalk, doDingtalkScan, redirect to url [{}]", snsAuthorizeUrl);
            return new ModelAndView(new RedirectView(snsAuthorizeUrl));
        }
        String str5 = null;
        try {
            JSONObject userinfoByCode = DingTalkUtils.getUserinfoByCode(str3, str4, parameter);
            if (userinfoByCode != null) {
                log.info("user from dingtalk: {}", userinfoByCode.toJSONString());
                JSONObject useridByUnionid = DingTalkUtils.getUseridByUnionid(str3, str4, userinfoByCode.getString("unionid"));
                if (useridByUnionid != null) {
                    str5 = useridByUnionid.getString("userid");
                }
            }
            if (str5 == null) {
                throw new IllegalArgumentException("Unable to determine federated userinfo from the context with client dingtalk");
            }
            Federation loadByFederatedTypeId = this.userSaFederationService.loadByFederatedTypeId("dingtalk", str5);
            if (loadByFederatedTypeId == null) {
                log.error("当前的钉钉号尚未绑定认证账号，请先在电脑端登录页面进行绑定");
                modelAndView.addObject("error", "当前的钉钉号尚未绑定认证账号，请先在电脑端登录页面进行绑定");
                return modelAndView;
            }
            List<Account> loadAccountsByUserId = this.userSaAccountService.loadAccountsByUserId(loadByFederatedTypeId.getUserId());
            ArrayList arrayList = new ArrayList();
            if (loadAccountsByUserId != null && loadAccountsByUserId.size() > 0) {
                Iterator<Account> it = loadAccountsByUserId.iterator();
                while (it.hasNext()) {
                    arrayList.add(it.next().getUsername());
                }
            }
            qrCodeGuardToken.setStatus(GuardTokenStatus.SCANED);
            qrCodeGuardToken.setUsernameRaws(arrayList);
            this.qrCodeGuardService.store(qrCodeGuardToken);
            return null;
        } catch (Exception e) {
            e.printStackTrace();
            log.error("钉钉登录异常");
            modelAndView.addObject("error", "钉钉登录异常");
            return modelAndView;
        }
    }

    @PostMapping(path = {"/open/callback/agree"}, consumes = {"application/json;charset=UTF-8"}, produces = {"application/json;charset=UTF-8"})
    @ResponseBody
    public JSONObject callbackAgree(@RequestBody QrCodeGuardAgreeRequest qrCodeGuardAgreeRequest, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        JSONObject jSONObject = new JSONObject();
        JSONObject jSONObject2 = new JSONObject();
        try {
            String gid = qrCodeGuardAgreeRequest.getGid();
            String code = qrCodeGuardAgreeRequest.getCode();
            List<String> usernameRaws = ((QrCodeGuardToken) this.qrCodeGuardService.load(gid, QrCodeGuardToken.class)).getUsernameRaws();
            HashMap hashMap = new HashMap();
            if (qrCodeGuardAgreeRequest.isAgree()) {
                GuardTokenStatus validBatch = this.qrCodeGuardService.validBatch(gid, code, usernameRaws, hashMap);
                jSONObject2.put(BindTag.STATUS_VARIABLE_NAME, (Object) Integer.valueOf(validBatch.getStatus()));
                log.debug("agree, status is {}", Integer.valueOf(validBatch.getStatus()));
            } else {
                GuardTokenStatus cancel = this.qrCodeGuardService.cancel(gid);
                jSONObject2.put(BindTag.STATUS_VARIABLE_NAME, (Object) Integer.valueOf(cancel.getStatus()));
                log.debug("disagree, status is {}", Integer.valueOf(cancel.getStatus()));
            }
            jSONObject2.put(CacheOperationExpressionEvaluator.RESULT_VARIABLE, (Object) "ok");
            log.debug("agree return ok");
            jSONObject.put("code", (Object) 0);
            jSONObject.put("message", (Object) null);
            jSONObject.put("data", (Object) jSONObject2);
            return jSONObject;
        } catch (Exception e) {
            log.error(e.getMessage());
            e.printStackTrace();
            JSONObject jSONObject3 = new JSONObject();
            jSONObject3.put("error", (Object) e.getMessage());
            jSONObject.put("code", (Object) 500);
            jSONObject.put("message", (Object) null);
            jSONObject.put("error", (Object) jSONObject3);
            return jSONObject;
        }
    }
}
