package com.supwisdom.insititute.attest.server.guard.webapi.controller;

import com.alibaba.fastjson.JSONObject;
import com.supwisdom.insititute.attest.server.core.request.HttpRequestUtils;
import com.supwisdom.insititute.attest.server.guard.domain.core.GuardService;
import com.supwisdom.insititute.attest.server.guard.domain.core.GuardTokenStatus;
import com.supwisdom.insititute.attest.server.guard.domain.core.utils.dingtalk.DingTalkUtils;
import com.supwisdom.insititute.attest.server.guard.domain.core.utils.openweixin.OpenWeixinUtils;
import com.supwisdom.insititute.attest.server.guard.domain.core.utils.workweixin.WorkWeixinUtils;
import com.supwisdom.insititute.attest.server.guard.domain.fedauth.FedAuthGuardToken;
import com.supwisdom.insititute.attest.server.guard.webapi.vo.request.FedAuthGuardInitRequest;
import com.supwisdom.insititute.attest.server.guard.webapi.vo.request.FedAuthGuardSendRequest;
import com.supwisdom.insititute.attest.server.guard.webapi.vo.request.FedAuthGuardValidRequest;
import com.supwisdom.insititute.attest.server.guard.webapi.vo.request.FedAuthGuardVerifyRequest;
import com.supwisdom.insititute.attest.server.remote.domain.account.entity.Account;
import com.supwisdom.insititute.attest.server.remote.domain.account.service.AccountService;
import com.supwisdom.insititute.attest.server.remote.domain.federation.entity.Federation;
import com.supwisdom.insititute.attest.server.remote.domain.federation.service.UserSaFederationService;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.cache.interceptor.CacheOperationExpressionEvaluator;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.servlet.tags.BindTag;

@RequestMapping(path = {"/api/guard/fedauth"})
@Controller
/* loaded from: input_file:BOOT-INF/lib/attest-server-guard-web-api-1.6.8-RELEASE.1.jar:com/supwisdom/insititute/attest/server/guard/webapi/controller/FedAuthGuardController.class */
public class FedAuthGuardController {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) FedAuthGuardController.class);

    @Value("${attest-server.prefix:http://localhost:8071/attest}")
    private String attestServerPrefix;

    @Autowired
    @Qualifier("fedAuthGuardService")
    private GuardService fedAuthGuardService;

    @Autowired
    private AccountService userSaAccountService;

    @Autowired
    private UserSaFederationService userSaFederationService;

    @Value("${attest-server.fedauth.openweixin.enabled:true}")
    private boolean fedauthOpenweixinEnabled;

    @Value("${attest-server.fedauth.openweixin.appid:}")
    private String fedauthOpenweixinAppId;

    @Value("${attest-server.fedauth.openweixin.appsecret:}")
    private String fedauthOpenweixinAppSecret;

    @Value("${attest-server.fedauth.workweixin.enabled:false}")
    private boolean fedauthWorkweixinEnabled;

    @Value("${attest-server.fedauth.workweixin.corpid:}")
    private String fedauthWorkweixinCorpId;

    @Value("${attest-server.fedauth.workweixin.secret:}")
    private String fedauthWorkweixinSecret;

    @Value("${attest-server.fedauth.dingtalk.enabled:false}")
    private boolean fedauthDingtalkEnabled;

    @Value("${attest-server.fedauth.dingtalk.appid:}")
    private String fedauthDingtalkAppId;

    @Value("${attest-server.fedauth.dingtalk.appsecret:}")
    private String fedauthDingtalkAppSecret;

    @PostMapping(path = {"/init"}, consumes = {"application/json;charset=UTF-8"}, produces = {"application/json;charset=UTF-8"})
    @ResponseBody
    public JSONObject init(@RequestBody FedAuthGuardInitRequest fedAuthGuardInitRequest) {
        String username;
        String state;
        List<Account> loadAccountsByUsername;
        log.debug("FedAuthGuardInitRequest is {}", fedAuthGuardInitRequest);
        int i = -1;
        Object obj = null;
        JSONObject jSONObject = new JSONObject();
        jSONObject.put("attestServerUrl", this.attestServerPrefix);
        try {
            username = fedAuthGuardInitRequest.getUsername();
            state = fedAuthGuardInitRequest.getState();
            loadAccountsByUsername = this.userSaAccountService.loadAccountsByUsername(username);
        } catch (Exception e) {
            log.error(e.getMessage());
            e.printStackTrace();
            obj = e.getMessage();
        }
        if (loadAccountsByUsername == null || loadAccountsByUsername.size() == 0) {
            throw new Exception("Account [" + username + "] is not exist");
        }
        Map<String, Federation> loadByUserId = this.userSaFederationService.loadByUserId(loadAccountsByUsername.get(0).getUserId());
        jSONObject.put("gid", this.fedAuthGuardService.init(username, state, fedAuthGuardInitRequest.getAllClaims()));
        JSONObject jSONObject2 = new JSONObject();
        jSONObject2.put("openweixinEnabled", (Object) Boolean.valueOf(this.fedauthOpenweixinEnabled));
        jSONObject2.put("workweixinEnabled", (Object) Boolean.valueOf(this.fedauthWorkweixinEnabled));
        jSONObject2.put("dingtalkEnabled", (Object) Boolean.valueOf(this.fedauthDingtalkEnabled));
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        if (this.fedauthOpenweixinEnabled) {
            arrayList.add("openweixin");
            if (loadByUserId.containsKey("openweixin")) {
                arrayList2.add("openweixin");
            }
        }
        if (this.fedauthWorkweixinEnabled) {
            arrayList.add("workweixin");
            if (loadByUserId.containsKey("workweixin")) {
                arrayList2.add("workweixin");
            }
        }
        if (this.fedauthDingtalkEnabled) {
            arrayList.add("dingtalk");
            if (loadByUserId.containsKey("dingtalk")) {
                arrayList2.add("dingtalk");
            }
        }
        jSONObject2.put("federatedTypes", (Object) arrayList);
        jSONObject2.put("userFederatedTypes", (Object) arrayList2);
        jSONObject.put("fedAuth", (Object) jSONObject2);
        i = 0;
        JSONObject jSONObject3 = new JSONObject();
        jSONObject3.put("code", Integer.valueOf(i));
        jSONObject3.put("message", obj);
        jSONObject3.put("data", (Object) jSONObject);
        return jSONObject3;
    }

    @PostMapping(path = {"/send"}, consumes = {"application/json;charset=UTF-8"}, produces = {"application/json;charset=UTF-8"})
    @ResponseBody
    public JSONObject send(@RequestBody FedAuthGuardSendRequest fedAuthGuardSendRequest, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        int i = -1;
        String str = null;
        JSONObject jSONObject = new JSONObject();
        try {
            httpServletRequest.getRemoteAddr();
            httpServletRequest.getHeader(HttpRequestUtils.USER_AGENT_HEADER);
            httpServletRequest.getHeader("X-Attest-Device-Id");
            String gid = fedAuthGuardSendRequest.getGid();
            FedAuthGuardToken fedAuthGuardToken = (FedAuthGuardToken) this.fedAuthGuardService.load(gid, FedAuthGuardToken.class);
            if (fedAuthGuardToken != null) {
                fedAuthGuardToken.setFederatedType(fedAuthGuardSendRequest.getFederatedType());
                this.fedAuthGuardService.store(fedAuthGuardToken);
            }
            if (GuardTokenStatus.EXPIRED.equals(this.fedAuthGuardService.status(gid))) {
                jSONObject.put(CacheOperationExpressionEvaluator.RESULT_VARIABLE, (Object) "expired");
            } else {
                String send = this.fedAuthGuardService.send(gid);
                jSONObject.put(CacheOperationExpressionEvaluator.RESULT_VARIABLE, (Object) "ok");
                jSONObject.put("callbackCode", (Object) send);
            }
            i = 0;
        } catch (Exception e) {
            log.error(e.getMessage());
            e.printStackTrace();
            str = e.getMessage();
        }
        JSONObject jSONObject2 = new JSONObject();
        jSONObject2.put("code", (Object) Integer.valueOf(i));
        jSONObject2.put("message", (Object) str);
        jSONObject2.put("data", (Object) jSONObject);
        return jSONObject2;
    }

    @PostMapping(path = {"/valid"}, consumes = {"application/json;charset=UTF-8"}, produces = {"application/json;charset=UTF-8"})
    @ResponseBody
    public JSONObject valid(@RequestBody FedAuthGuardValidRequest fedAuthGuardValidRequest, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        int i;
        GuardTokenStatus validBatch;
        String str = null;
        JSONObject jSONObject = new JSONObject();
        try {
            httpServletRequest.getRemoteAddr();
            httpServletRequest.getHeader(HttpRequestUtils.USER_AGENT_HEADER);
            httpServletRequest.getHeader("X-Attest-Device-Id");
            String gid = fedAuthGuardValidRequest.getGid();
            String callbackCode = fedAuthGuardValidRequest.getCallbackCode();
            FedAuthGuardToken fedAuthGuardToken = (FedAuthGuardToken) this.fedAuthGuardService.load(gid, FedAuthGuardToken.class);
            if (fedAuthGuardToken == null) {
                log.error("FedAuthGuardToken 为空.");
                i = -1;
                str = "FedAuthGuardToken 为空";
            } else {
                fedAuthGuardToken.getStatus();
                String username = fedAuthGuardToken.getUsername();
                List<Account> loadAccountsByUsername = this.userSaAccountService.loadAccountsByUsername(username);
                if (loadAccountsByUsername == null || loadAccountsByUsername.size() == 0) {
                    throw new Exception("Account [" + username + "] is not exist");
                }
                if (this.userSaFederationService.loadByUserId(loadAccountsByUsername.get(0).getUserId()).containsKey(fedAuthGuardToken.getFederatedType())) {
                    List<String> arrayList = new ArrayList();
                    String federatedType = fedAuthGuardToken.getFederatedType();
                    String fedAuthCode = fedAuthGuardValidRequest.getFedAuthCode();
                    if ("openweixin".equals(federatedType)) {
                        arrayList = doWechatAuth(gid, callbackCode, federatedType, fedAuthCode, httpServletRequest, httpServletResponse);
                    } else if ("workweixin".equals(federatedType)) {
                        arrayList = doWorkweixinAuth(gid, callbackCode, federatedType, fedAuthCode, httpServletRequest, httpServletResponse);
                    } else if ("dingtalk".equals(federatedType)) {
                        arrayList = doDingtalkAuth(gid, callbackCode, federatedType, fedAuthCode, httpServletRequest, httpServletResponse);
                    }
                    validBatch = this.fedAuthGuardService.validBatch(gid, callbackCode, arrayList, null);
                } else {
                    fedAuthGuardToken.setStatus(GuardTokenStatus.FEDERATION_NON_BIND);
                    this.fedAuthGuardService.store(fedAuthGuardToken);
                    validBatch = fedAuthGuardToken.getStatus();
                }
                jSONObject.put(BindTag.STATUS_VARIABLE_NAME, (Object) Integer.valueOf(validBatch.getStatus()));
                jSONObject.put(CacheOperationExpressionEvaluator.RESULT_VARIABLE, (Object) "ok");
                i = 0;
            }
        } catch (Exception e) {
            log.error(e.getMessage());
            e.printStackTrace();
            i = -1;
            str = e.getMessage();
        }
        JSONObject jSONObject2 = new JSONObject();
        jSONObject2.put("code", (Object) Integer.valueOf(i));
        jSONObject2.put("message", (Object) str);
        jSONObject2.put("data", (Object) jSONObject);
        return jSONObject2;
    }

    private List<String> doWechatAuth(String str, String str2, String str3, String str4, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        if (!this.fedauthOpenweixinEnabled) {
            return null;
        }
        String str5 = this.fedauthOpenweixinAppId;
        String str6 = this.fedauthOpenweixinAppSecret;
        if (StringUtils.isBlank(str5) || StringUtils.isBlank(str6)) {
            return null;
        }
        if (((FedAuthGuardToken) this.fedAuthGuardService.load(str, FedAuthGuardToken.class)) == null) {
            log.error("doWechatAuth, FedAuthGuardToken 为空.");
            return null;
        }
        String str7 = null;
        try {
            if (StringUtils.isNotBlank(str4)) {
                String userinfo = OpenWeixinUtils.getUserinfo(str5, str6, str4);
                if (StringUtils.isNotBlank(userinfo)) {
                    log.debug("user from open weixin: {}", userinfo);
                    JSONObject parseObject = JSONObject.parseObject(userinfo);
                    String string = parseObject.getString("openid");
                    String string2 = parseObject.getString("unionid");
                    str7 = string;
                    if (StringUtils.isNotBlank(string2)) {
                        str7 = string2;
                    }
                }
            }
            if (str7 == null) {
                throw new IllegalArgumentException("Unable to determine federated userinfo from the context with client " + str3);
            }
            Federation loadByFederatedTypeId = this.userSaFederationService.loadByFederatedTypeId(str3, str7);
            if (loadByFederatedTypeId == null) {
                log.error("当前的微信号尚未绑定认证账号，请先在电脑端登录页面进行绑定");
                return null;
            }
            List<Account> loadAccountsByUserId = this.userSaAccountService.loadAccountsByUserId(loadByFederatedTypeId.getUserId());
            ArrayList arrayList = new ArrayList();
            if (loadAccountsByUserId != null && loadAccountsByUserId.size() > 0) {
                Iterator<Account> it = loadAccountsByUserId.iterator();
                while (it.hasNext()) {
                    arrayList.add(it.next().getUsername());
                }
            }
            return arrayList;
        } catch (Exception e) {
            e.printStackTrace();
            log.error("微信登录异常");
            return null;
        }
    }

    private List<String> doWorkweixinAuth(String str, String str2, String str3, String str4, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        if (!this.fedauthOpenweixinEnabled) {
            return null;
        }
        String str5 = this.fedauthWorkweixinCorpId;
        String str6 = this.fedauthWorkweixinSecret;
        if (StringUtils.isBlank(str5) || StringUtils.isBlank(str6)) {
            return null;
        }
        if (((FedAuthGuardToken) this.fedAuthGuardService.load(str, FedAuthGuardToken.class)) == null) {
            log.error("doWorkweixinAuth, FedAuthGuardToken 为空.");
            return null;
        }
        String str7 = null;
        try {
            if (StringUtils.isNotBlank(str4)) {
                String userId = WorkWeixinUtils.getUserId(str5, str6, str4);
                if (StringUtils.isNotBlank(userId)) {
                    str7 = userId;
                }
            }
            if (str7 == null) {
                throw new IllegalArgumentException("Unable to determine federated userinfo from the context with client " + str3);
            }
            Federation loadByFederatedTypeId = this.userSaFederationService.loadByFederatedTypeId(str3, str7);
            if (loadByFederatedTypeId == null) {
                log.error("当前的企业微信帐号尚未绑定认证账号，请先在电脑端登录页面进行绑定");
                return null;
            }
            List<Account> loadAccountsByUserId = this.userSaAccountService.loadAccountsByUserId(loadByFederatedTypeId.getUserId());
            ArrayList arrayList = new ArrayList();
            if (loadAccountsByUserId != null && loadAccountsByUserId.size() > 0) {
                Iterator<Account> it = loadAccountsByUserId.iterator();
                while (it.hasNext()) {
                    arrayList.add(it.next().getUsername());
                }
            }
            return arrayList;
        } catch (Exception e) {
            e.printStackTrace();
            log.error("企业微信登录异常");
            return null;
        }
    }

    private List<String> doDingtalkAuth(String str, String str2, String str3, String str4, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        JSONObject userinfoByCode;
        if (!this.fedauthDingtalkEnabled) {
            return null;
        }
        String str5 = this.fedauthDingtalkAppId;
        String str6 = this.fedauthDingtalkAppSecret;
        if (StringUtils.isBlank(str5) || StringUtils.isBlank(str6)) {
            return null;
        }
        if (((FedAuthGuardToken) this.fedAuthGuardService.load(str, FedAuthGuardToken.class)) == null) {
            log.error("doDingtalkAuth, FedAuthGuardToken 为空.");
            return null;
        }
        String str7 = null;
        try {
            if (StringUtils.isNotBlank(str4) && (userinfoByCode = DingTalkUtils.getUserinfoByCode(str5, str6, str4)) != null) {
                log.info("user from dingtalk: {}", userinfoByCode.toJSONString());
                JSONObject useridByUnionid = DingTalkUtils.getUseridByUnionid(str5, str6, userinfoByCode.getString("unionid"));
                if (useridByUnionid != null) {
                    str7 = useridByUnionid.getString("userid");
                }
            }
            if (str7 == null) {
                throw new IllegalArgumentException("Unable to determine federated userinfo from the context with client " + str3);
            }
            Federation loadByFederatedTypeId = this.userSaFederationService.loadByFederatedTypeId(str3, str7);
            if (loadByFederatedTypeId == null) {
                log.error("当前的钉钉号尚未绑定认证账号，请先在电脑端登录页面进行绑定");
                return null;
            }
            List<Account> loadAccountsByUserId = this.userSaAccountService.loadAccountsByUserId(loadByFederatedTypeId.getUserId());
            ArrayList arrayList = new ArrayList();
            if (loadAccountsByUserId != null && loadAccountsByUserId.size() > 0) {
                Iterator<Account> it = loadAccountsByUserId.iterator();
                while (it.hasNext()) {
                    arrayList.add(it.next().getUsername());
                }
            }
            return arrayList;
        } catch (Exception e) {
            e.printStackTrace();
            log.error("钉钉登录异常");
            return null;
        }
    }

    @PostMapping(path = {"/verify"}, consumes = {"application/json;charset=UTF-8"}, produces = {"application/json;charset=UTF-8"})
    @ResponseBody
    public JSONObject verify(@RequestBody FedAuthGuardVerifyRequest fedAuthGuardVerifyRequest, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        int i = -1;
        String str = null;
        JSONObject jSONObject = new JSONObject();
        try {
            jSONObject.put(BindTag.STATUS_VARIABLE_NAME, (Object) Integer.valueOf(this.fedAuthGuardService.verify(fedAuthGuardVerifyRequest.getGid(), fedAuthGuardVerifyRequest.getUsername(), fedAuthGuardVerifyRequest.getState(), fedAuthGuardVerifyRequest.getAllClaims()).getStatus()));
            i = 0;
        } catch (Exception e) {
            log.error(e.getMessage());
            e.printStackTrace();
            str = e.getMessage();
        }
        JSONObject jSONObject2 = new JSONObject();
        jSONObject2.put("code", (Object) Integer.valueOf(i));
        jSONObject2.put("message", (Object) str);
        jSONObject2.put("data", (Object) jSONObject);
        return jSONObject2;
    }
}
