package com.supwisdom.insititute.attest.server.guard.webapi.controller;

import com.alibaba.fastjson.JSONObject;
import com.rabbitmq.client.ConnectionFactoryConfigurator;
import com.supwisdom.insititute.attest.server.core.request.HttpRequestUtils;
import com.supwisdom.insititute.attest.server.core.utils.QrCodeGenerator;
import com.supwisdom.insititute.attest.server.guard.domain.core.GuardService;
import com.supwisdom.insititute.attest.server.guard.domain.core.GuardToken;
import com.supwisdom.insititute.attest.server.guard.domain.core.GuardTokenStatus;
import com.supwisdom.insititute.attest.server.guard.domain.core.utils.RSAUtils;
import com.supwisdom.insititute.attest.server.guard.domain.faceverify.FaceVerifyGuardToken;
import com.supwisdom.insititute.attest.server.guard.webapi.vo.request.FaceVerifyGuardInitRequest;
import com.supwisdom.insititute.attest.server.guard.webapi.vo.request.FaceVerifyGuardSendRequest;
import com.supwisdom.insititute.attest.server.guard.webapi.vo.request.FaceVerifyGuardStatusRequest;
import com.supwisdom.insititute.attest.server.guard.webapi.vo.request.FaceVerifyGuardSubmitRequest;
import com.supwisdom.insititute.attest.server.guard.webapi.vo.request.FaceVerifyGuardVerifyRequest;
import com.supwisdom.insititute.attest.server.remote.domain.account.entity.Account;
import com.supwisdom.insititute.attest.server.remote.domain.account.service.AccountService;
import com.supwisdom.insititute.attest.server.remote.domain.securitykey.service.SecurityKeyService;
import com.supwisdom.insititute.attest.server.remote.domain.token.JWTTokenValidator;
import io.jsonwebtoken.Claims;
import java.util.Iterator;
import java.util.List;
import java.util.TreeSet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.aspectj.weaver.model.AsmRelationshipUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.BeanFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.cache.interceptor.CacheOperationExpressionEvaluator;
import org.springframework.messaging.MessageHeaders;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestHeader;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.servlet.tags.BindTag;

@RequestMapping(path = {"/api/guard/faceverify"})
@Controller
/* loaded from: input_file:BOOT-INF/lib/attest-server-guard-web-api-1.8.0-RELEASE.jar:com/supwisdom/insititute/attest/server/guard/webapi/controller/FaceVerifyGuardController.class */
public class FaceVerifyGuardController {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) FaceVerifyGuardController.class);

    @Value("${attest-server.prefix:http://localhost:8071/attest}")
    private String attestServerPrefix;

    @Value("${attest-server.faceverify.superapp.urlScheme:superapp}")
    private String superappUrlScheme;

    @Autowired
    @Qualifier("faceVerifyGuardService")
    private GuardService faceVerifyGuardService;

    @Autowired
    private AccountService userSaAccountService;

    @Autowired
    private SecurityKeyService securityKeyService;

    @Autowired
    private JWTTokenValidator jwtTokenValidator;

    @PostMapping(path = {"/init"}, consumes = {"application/json;charset=UTF-8"}, produces = {"application/json;charset=UTF-8"})
    @ResponseBody
    public JSONObject initFaceVerifyGuard(@RequestBody FaceVerifyGuardInitRequest faceVerifyGuardInitRequest) {
        log.debug("FaceVerifyGuardInitRequest is {}", faceVerifyGuardInitRequest);
        int i = -1;
        String str = null;
        JSONObject jSONObject = new JSONObject();
        jSONObject.put("attestServerUrl", (Object) this.attestServerPrefix);
        try {
            jSONObject.put("gid", (Object) this.faceVerifyGuardService.init(faceVerifyGuardInitRequest.getUsername(), faceVerifyGuardInitRequest.getState(), faceVerifyGuardInitRequest.getAllClaims()));
            i = 0;
        } catch (Exception e) {
            log.error(e.getMessage());
            e.printStackTrace();
            str = e.getMessage();
        }
        JSONObject jSONObject2 = new JSONObject();
        jSONObject2.put("code", (Object) Integer.valueOf(i));
        jSONObject2.put("message", (Object) str);
        jSONObject2.put("data", (Object) jSONObject);
        return jSONObject2;
    }

    @PostMapping(path = {"/send"}, consumes = {"application/json;charset=UTF-8"}, produces = {"application/json;charset=UTF-8"})
    @ResponseBody
    public JSONObject send(@RequestBody FaceVerifyGuardSendRequest faceVerifyGuardSendRequest, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        int i = -1;
        String str = null;
        JSONObject jSONObject = new JSONObject();
        try {
            httpServletRequest.getRemoteAddr();
            httpServletRequest.getHeader(HttpRequestUtils.USER_AGENT_HEADER);
            httpServletRequest.getHeader("X-Attest-Device-Id");
            String gid = faceVerifyGuardSendRequest.getGid();
            String send = this.faceVerifyGuardService.send(gid);
            jSONObject.put(CacheOperationExpressionEvaluator.RESULT_VARIABLE, (Object) "ok");
            jSONObject.put("callbackCode", (Object) send);
            FaceVerifyGuardToken faceVerifyGuardToken = (FaceVerifyGuardToken) this.faceVerifyGuardService.load(gid, FaceVerifyGuardToken.class);
            if (faceVerifyGuardToken.isBrowser()) {
                jSONObject.put("scanFaceverify", (Object) (this.attestServerPrefix + String.format("/api/guard/faceverify/open/scanFaceverify/%s/%s.png", gid, send)));
            }
            if (faceVerifyGuardToken.isAppDevice()) {
                jSONObject.put("faceverifyUrl", (Object) (((faceVerifyGuardToken.getFaceverifyUrl() + "&action=send") + "&attestServerUrl=" + this.attestServerPrefix) + "&attestFaceVerifySubmitUrl=/api/guard/faceverify/submit"));
            }
            i = 0;
        } catch (Exception e) {
            log.error(e.getMessage());
            e.printStackTrace();
            str = e.getMessage();
        }
        JSONObject jSONObject2 = new JSONObject();
        jSONObject2.put("code", (Object) Integer.valueOf(i));
        jSONObject2.put("message", (Object) str);
        jSONObject2.put("data", (Object) jSONObject);
        return jSONObject2;
    }

    @GetMapping(path = {"/open/scanFaceverify/{gid}/{callbackCode}.png"})
    public void scanFaceverify(@PathVariable(name = "gid") String str, @PathVariable(name = "callbackCode") String str2, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        httpServletResponse.setContentType("image/png");
        try {
            FaceVerifyGuardToken faceVerifyGuardToken = (FaceVerifyGuardToken) this.faceVerifyGuardService.load(str, FaceVerifyGuardToken.class);
            if (faceVerifyGuardToken.isBrowser()) {
                QrCodeGenerator.getQrCodeWithUrl(((faceVerifyGuardToken.getFaceverifyUrl() + "&action=scan") + "&attestServerUrl=" + this.attestServerPrefix) + "&attestFaceVerifySubmitUrl=/api/guard/faceverify/submit", 256, 256, httpServletResponse);
            }
        } catch (Exception e) {
            e.printStackTrace();
        }
    }

    @PostMapping(path = {"/status"}, consumes = {"application/json;charset=UTF-8"}, produces = {"application/json;charset=UTF-8"})
    @ResponseBody
    public JSONObject status(@RequestBody FaceVerifyGuardStatusRequest faceVerifyGuardStatusRequest, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        int i = -1;
        String str = null;
        JSONObject jSONObject = new JSONObject();
        try {
            httpServletRequest.getRemoteAddr();
            httpServletRequest.getHeader(HttpRequestUtils.USER_AGENT_HEADER);
            httpServletRequest.getHeader("X-Attest-Device-Id");
            GuardTokenStatus status = this.faceVerifyGuardService.status(faceVerifyGuardStatusRequest.getGid());
            jSONObject.put(BindTag.STATUS_VARIABLE_NAME, (Object) Integer.valueOf(status.getStatus()));
            jSONObject.put("statusCode", (Object) status.name());
            i = 0;
        } catch (Exception e) {
            log.error(e.getMessage());
            e.printStackTrace();
            str = e.getMessage();
        }
        JSONObject jSONObject2 = new JSONObject();
        jSONObject2.put("code", (Object) Integer.valueOf(i));
        jSONObject2.put("message", (Object) str);
        jSONObject2.put("data", (Object) jSONObject);
        return jSONObject2;
    }

    @PostMapping(path = {"/verify"}, consumes = {"application/json;charset=UTF-8"}, produces = {"application/json;charset=UTF-8"})
    @ResponseBody
    public JSONObject verify(@RequestBody FaceVerifyGuardVerifyRequest faceVerifyGuardVerifyRequest, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        int i = -1;
        String str = null;
        JSONObject jSONObject = new JSONObject();
        try {
            jSONObject.put(BindTag.STATUS_VARIABLE_NAME, (Object) Integer.valueOf(this.faceVerifyGuardService.verify(faceVerifyGuardVerifyRequest.getGid(), faceVerifyGuardVerifyRequest.getUsername(), faceVerifyGuardVerifyRequest.getState(), faceVerifyGuardVerifyRequest.getAllClaims()).getStatus()));
            i = 0;
        } catch (Exception e) {
            log.error(e.getMessage());
            e.printStackTrace();
            str = e.getMessage();
        }
        JSONObject jSONObject2 = new JSONObject();
        jSONObject2.put("code", (Object) Integer.valueOf(i));
        jSONObject2.put("message", (Object) str);
        jSONObject2.put("data", (Object) jSONObject);
        return jSONObject2;
    }

    @PostMapping(path = {"/submit"}, consumes = {"application/json;charset=UTF-8"}, produces = {"application/json;charset=UTF-8"})
    @ResponseBody
    public JSONObject submit(@RequestHeader(name = "X-Id-Token", required = false) String str, @RequestParam(name = "idToken", required = false) String str2, @RequestBody FaceVerifyGuardSubmitRequest faceVerifyGuardSubmitRequest, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        int i;
        String gid;
        String code;
        String photoFileBase64;
        FaceVerifyGuardToken faceVerifyGuardToken;
        JSONObject jSONObject = new JSONObject();
        String str3 = null;
        JSONObject jSONObject2 = new JSONObject();
        try {
            httpServletRequest.getRemoteAddr();
            httpServletRequest.getHeader(HttpRequestUtils.USER_AGENT_HEADER);
            httpServletRequest.getHeader("X-Attest-Device-Id");
            gid = faceVerifyGuardSubmitRequest.getGid();
            code = faceVerifyGuardSubmitRequest.getCode();
            photoFileBase64 = faceVerifyGuardSubmitRequest.getPhotoFileBase64();
            faceVerifyGuardToken = (FaceVerifyGuardToken) this.faceVerifyGuardService.load(gid, FaceVerifyGuardToken.class);
        } catch (Exception e) {
            log.error(e.getMessage());
            e.printStackTrace();
            i = -1;
            str3 = e.getMessage();
        }
        if (faceVerifyGuardToken == null) {
            log.error("FaceVerifyGuardToken 为空.");
            return errorResult(-1, "FaceVerifyGuardToken 为空.");
        }
        String username = faceVerifyGuardToken.getUsername();
        List<Account> loadAccountsByUsername = this.userSaAccountService.loadAccountsByUsername(username);
        if (loadAccountsByUsername == null || loadAccountsByUsername.size() == 0) {
            throw new Exception("Account [" + username + "] is not exist");
        }
        Account account = loadAccountsByUsername.get(0);
        boolean z = false;
        Iterator<Account> it = loadAccountsByUsername.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            if (it.next().getUsername().equals(faceVerifyGuardSubmitRequest.getUsername())) {
                z = true;
                break;
            }
        }
        if (!z) {
            log.error("用户信息不一致.");
            return errorResult(9999, "用户信息不一致.");
        }
        if (faceVerifyGuardToken.isBrowser()) {
            String str4 = null;
            if (0 == 0 && StringUtils.isNotBlank(str)) {
                str4 = str;
            }
            if (str4 == null && StringUtils.isNotBlank(str2)) {
                str4 = str2;
            }
            if (StringUtils.isBlank(str4)) {
                log.error("Id-Token 为空.");
                return errorResult(10000, "Id-Token 为空.");
            }
            Claims claimsFromToken = this.jwtTokenValidator.getClaimsFromToken(str4);
            if (!claimsFromToken.getSubject().equals(faceVerifyGuardSubmitRequest.getUsername())) {
                log.error("用户信息不一致.");
                return errorResult(9999, "用户信息不一致.");
            }
            if (!((String) claimsFromToken.get("deviceId", String.class)).equals(faceVerifyGuardSubmitRequest.getDeviceId())) {
                log.error("设备信息不一致.");
                return errorResult(9999, "设备信息不一致.");
            }
        }
        if (faceVerifyGuardToken.isAppDevice() && !String.valueOf(faceVerifyGuardToken.getClaims().get(GuardToken.CLAIM_DEVICE_ID)).equals(faceVerifyGuardSubmitRequest.getDeviceId())) {
            log.error("设备信息不一致.");
            return errorResult(9999, "设备信息不一致.");
        }
        long timestamp = faceVerifyGuardSubmitRequest.getTimestamp();
        log.debug("timestamp is {}", Long.valueOf(timestamp));
        String sign = faceVerifyGuardSubmitRequest.getSign();
        log.debug("sign is {}", sign);
        if (Math.abs(timestamp - System.currentTimeMillis()) > 300000) {
            log.error("Timestamp 已过期.");
            return errorResult(10001, "Timestamp 已过期.");
        }
        TreeSet treeSet = new TreeSet();
        treeSet.add(String.format("%s=%s", MessageHeaders.TIMESTAMP, Long.valueOf(timestamp)));
        treeSet.add(String.format("%s=%s", ConnectionFactoryConfigurator.USERNAME, faceVerifyGuardSubmitRequest.getUsername()));
        treeSet.add(String.format("%s=%s", "deviceId", faceVerifyGuardSubmitRequest.getDeviceId()));
        treeSet.add(String.format("%s=%s", "gid", faceVerifyGuardSubmitRequest.getGid()));
        treeSet.add(String.format("%s=%s", "code", faceVerifyGuardSubmitRequest.getCode()));
        treeSet.add(String.format("%s=%s", "photoFileBase64", faceVerifyGuardSubmitRequest.getPhotoFileBase64()));
        StringBuffer stringBuffer = new StringBuffer();
        Iterator it2 = treeSet.iterator();
        while (it2.hasNext()) {
            stringBuffer.append(it2.next());
            if (it2.hasNext()) {
                stringBuffer.append(BeanFactory.FACTORY_BEAN_PREFIX);
            }
        }
        String stringBuffer2 = stringBuffer.toString();
        log.debug("signData is {}", stringBuffer2);
        if (!RSAUtils.verify(sign, stringBuffer2, RSAUtils.getPublicKey(this.securityKeyService.loadClientPublicKey(faceVerifyGuardSubmitRequest.getUsername(), faceVerifyGuardSubmitRequest.getDeviceId())))) {
            log.error("签名无效.");
            return errorResult(10002, "签名无效.");
        }
        faceVerifyGuardToken.setStatus(GuardTokenStatus.FACE_SUBMIT);
        faceVerifyGuardToken.setPhotoUsername(faceVerifyGuardSubmitRequest.getUsername());
        faceVerifyGuardToken.setPhotoUserId(account.getUserId());
        faceVerifyGuardToken.setPhotoFileBase64(photoFileBase64);
        this.faceVerifyGuardService.store(faceVerifyGuardToken);
        jSONObject2.put(BindTag.STATUS_VARIABLE_NAME, (Object) Integer.valueOf(this.faceVerifyGuardService.valid(gid, code, null, null).getStatus()));
        jSONObject2.put(CacheOperationExpressionEvaluator.RESULT_VARIABLE, (Object) "ok");
        i = 0;
        jSONObject.put("code", (Object) Integer.valueOf(i));
        jSONObject.put("message", (Object) str3);
        jSONObject.put("data", (Object) jSONObject2);
        return jSONObject;
    }

    private JSONObject errorResult(int i, String str) {
        JSONObject jSONObject = new JSONObject();
        JSONObject jSONObject2 = new JSONObject();
        jSONObject2.put(AsmRelationshipUtils.DECLARE_ERROR, (Object) str);
        jSONObject.put("code", (Object) Integer.valueOf(i));
        jSONObject.put("message", (Object) null);
        jSONObject.put(AsmRelationshipUtils.DECLARE_ERROR, (Object) jSONObject2);
        return jSONObject;
    }
}
