package com.supwisdom.institute.cas.site.h5.dingtalk.web.flow;

import com.alibaba.fastjson.JSONObject;
import com.supwisdom.institute.cas.core.utils.dingtalk.DingTalkUtils;
import com.supwisdom.institute.cas.site.account.Account;
import com.supwisdom.institute.cas.site.account.service.AccountService;
import com.supwisdom.institute.cas.site.common.util.RSAUtils;
import com.supwisdom.institute.cas.site.common.util.UserAgentUtils;
import com.supwisdom.institute.cas.site.config.Config;
import com.supwisdom.institute.cas.site.config.ConfigManager;
import com.supwisdom.institute.cas.site.federated.authentication.FederatedUserinfo;
import com.supwisdom.institute.cas.site.federation.Federation;
import com.supwisdom.institute.cas.site.federation.FederationManager;
import com.supwisdom.institute.cas.site.federation.FederationRepository;
import com.supwisdom.institute.cas.site.h5.dingtalk.authentication.DingtalkH5Credential;
import com.supwisdom.institute.cas.site.web.flow.actions.CasServerMultiAccountAction;
import com.supwisdom.institute.cas.site.web.flow.model.AccountModel;
import java.net.URLEncoder;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import org.apache.commons.lang3.StringUtils;
import org.apereo.cas.authentication.Credential;
import org.apereo.cas.authentication.adaptive.AdaptiveAuthenticationPolicy;
import org.apereo.cas.authentication.principal.WebApplicationService;
import org.apereo.cas.services.ServicesManager;
import org.apereo.cas.web.flow.actions.AbstractNonInteractiveCredentialsAction;
import org.apereo.cas.web.flow.resolver.CasDelegatingWebflowEventResolver;
import org.apereo.cas.web.flow.resolver.CasWebflowEventResolver;
import org.apereo.cas.web.support.WebUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.webflow.action.EventFactorySupport;
import org.springframework.webflow.execution.Event;
import org.springframework.webflow.execution.RequestContext;

/* loaded from: input_file:com/supwisdom/institute/cas/site/h5/dingtalk/web/flow/DingtalkH5AuthenticationAction.class */
public class DingtalkH5AuthenticationAction extends AbstractNonInteractiveCredentialsAction {
    private static final Logger log = LoggerFactory.getLogger(DingtalkH5AuthenticationAction.class);
    private final ServicesManager servicesManager;

    @Autowired
    private ConfigManager configManager;

    @Autowired
    private AccountService accountService;

    @Autowired
    @Qualifier("remoteFederationManager")
    private FederationManager federationManager;

    @Autowired
    @Qualifier("remoteFederationRepository")
    private FederationRepository federationRepository;

    @Value("${cas.server.prefix:http://localhost:8080/cas}")
    private String casServerPrefix;

    public DingtalkH5AuthenticationAction(CasDelegatingWebflowEventResolver casDelegatingWebflowEventResolver, CasWebflowEventResolver casWebflowEventResolver, AdaptiveAuthenticationPolicy adaptiveAuthenticationPolicy, ServicesManager servicesManager) {
        super(casDelegatingWebflowEventResolver, casWebflowEventResolver, adaptiveAuthenticationPolicy);
        this.servicesManager = servicesManager;
    }

    private String getConfigValue(String str, String str2) {
        Config config = this.configManager.getConfigs().get(str);
        return (config == null || !StringUtils.isNotBlank(config.getConfigValue())) ? str2 : config.getConfigValue();
    }

    private Boolean getConfigValue(String str, Boolean bool) {
        Config config = this.configManager.getConfigs().get(str);
        return (config == null || !StringUtils.isNotBlank(config.getConfigValue())) ? bool : Boolean.valueOf(config.getConfigValue());
    }

    protected Event doExecute(RequestContext requestContext) {
        JSONObject useridByUnionid;
        String string;
        JSONObject userByUserid;
        String configValue = getConfigValue("casServer.federation.dingtalkh5.appid", "");
        String configValue2 = getConfigValue("casServer.federation.dingtalkh5.appsecret", "");
        if (!getConfigValue("casServer.federation.dingtalkh5.enabled", (Boolean) false).booleanValue()) {
            return error();
        }
        if (StringUtils.isBlank(configValue) || StringUtils.isBlank(configValue2)) {
            return error();
        }
        String httpServletRequestUserAgentFromRequestContext = WebUtils.getHttpServletRequestUserAgentFromRequestContext(requestContext);
        log.debug("dingtalk h5, doExecute, Request user agent [{}]", httpServletRequestUserAgentFromRequestContext);
        if (!UserAgentUtils.isDingtalk(httpServletRequestUserAgentFromRequestContext)) {
            return error();
        }
        String str = requestContext.getRequestParameters().get("code");
        String str2 = requestContext.getRequestParameters().get("state");
        WebApplicationService service = WebUtils.getService(requestContext);
        FederatedUserinfo federatedUserinfo = null;
        if (str != null) {
            try {
                String str3 = null;
                if (StringUtils.isNotBlank(getConfigValue("casServer.federation.dingtalkh5.corpid", ""))) {
                    JSONObject userinfo = DingTalkUtils.getUserinfo(configValue, configValue2, str);
                    if (userinfo != null) {
                        log.info("user from dingtalk: {}", userinfo.toJSONString());
                        str3 = userinfo.getString("unionid");
                    }
                } else {
                    JSONObject userinfoByCode = DingTalkUtils.getUserinfoByCode(configValue, configValue2, str);
                    if (userinfoByCode != null) {
                        log.info("user from dingtalk: {}", userinfoByCode.toJSONString());
                        str3 = userinfoByCode.getString("unionid");
                    }
                }
                if (StringUtils.isNotBlank(str3) && (useridByUnionid = DingTalkUtils.getUseridByUnionid(configValue, configValue2, str3)) != null && (userByUserid = DingTalkUtils.getUserByUserid(configValue, configValue2, (string = useridByUnionid.getString("userid")))) != null) {
                    String string2 = userByUserid.getString("name");
                    String string3 = userByUserid.getString("avatar");
                    federatedBindAuto("dingtalk", string, string2, string3, userByUserid.getString("job_number"));
                    federatedUserinfo = new FederatedUserinfo("dingtalk", string);
                    federatedUserinfo.setName(string2);
                    federatedUserinfo.setLogo(string3);
                }
            } catch (Exception e) {
                e.printStackTrace();
                return error();
            }
        }
        log.debug("Retrieved federated userinfo from client as [{}]", federatedUserinfo);
        if (federatedUserinfo == null) {
            throw new IllegalArgumentException("Unable to determine federated userinfo from the context with client dingtalk");
        }
        Map<String, Object> externalInfo = federatedUserinfo.getExternalInfo();
        String federatedType = federatedUserinfo.getFederatedType();
        String federatedId = federatedUserinfo.getFederatedId();
        String str4 = null;
        if (externalInfo != null && externalInfo.containsKey("openid")) {
            str4 = String.valueOf(externalInfo.get("openid"));
        }
        Federation loadByFederatedTypeId = this.federationRepository.loadByFederatedTypeId(federatedType, federatedId);
        if (loadByFederatedTypeId == null && StringUtils.isNotBlank(str4)) {
            loadByFederatedTypeId = this.federationRepository.loadByFederatedTypeId(federatedType, str4);
        }
        if (loadByFederatedTypeId == null) {
            return error();
        }
        DingtalkH5Credential dingtalkH5Credential = new DingtalkH5Credential(str, str2, service);
        WebUtils.putCredential(requestContext, dingtalkH5Credential);
        String userNo = loadByFederatedTypeId.getUserNo();
        List<Account> loadAccountsByUserNo = StringUtils.isNotBlank(userNo) ? this.accountService.loadAccountsByUserNo(userNo) : this.accountService.loadAccountsByUserId(loadByFederatedTypeId.getUserId());
        if (loadAccountsByUserNo == null || loadAccountsByUserNo.isEmpty()) {
            return error();
        }
        String name = federatedUserinfo.getName();
        String logo = federatedUserinfo.getLogo();
        if (StringUtils.isBlank(userNo)) {
            userNo = loadAccountsByUserNo.get(0).getUserNo();
        }
        federatedBind(userNo, federatedType, federatedId, name, logo);
        if (loadAccountsByUserNo.size() == 1) {
            requestContext.getFlowScope().put("originalUsername", "");
            dingtalkH5Credential.setAccount(loadAccountsByUserNo.get(0));
            WebUtils.putCredential(requestContext, dingtalkH5Credential);
            return super.doExecute(requestContext);
        }
        if (loadAccountsByUserNo.size() <= 1) {
            return error();
        }
        ArrayList arrayList = new ArrayList();
        for (Account account : loadAccountsByUserNo) {
            AccountModel accountModel = new AccountModel();
            accountModel.setId(account.getId());
            accountModel.setUsernameOrigin(account.getUsername());
            accountModel.setUsername(encodeUsername(account.getUsername()));
            accountModel.setUsernameEncrypt(rsaEncrypt(account.getUsername()));
            accountModel.setIdentity(account.getIdentity());
            accountModel.setOrganization(account.getOrganization());
            accountModel.setIdentityTypeCode(account.getIdentityTypeCode());
            accountModel.setIdentityTypeName(account.getIdentityTypeName());
            accountModel.setNormal(account.isNormal());
            arrayList.add(accountModel);
        }
        Collections.sort(arrayList);
        requestContext.getFlowScope().put("casServerMultiAccounts", arrayList);
        return getEventFactorySupport().event(this, CasServerMultiAccountAction.EVENT_ID_SELECT_ACCOUNT);
    }

    protected Event doPreExecute(RequestContext requestContext) throws Exception {
        String id = requestContext.getCurrentEvent().getId();
        log.debug("dingtalk h5, doPreExecute, currentEventId is [{}]", id);
        String configValue = getConfigValue("casServer.federation.dingtalkh5.appid", "");
        if (!getConfigValue("casServer.federation.dingtalkh5.enabled", (Boolean) false).booleanValue() || StringUtils.isBlank(configValue)) {
            return null;
        }
        String httpServletRequestUserAgentFromRequestContext = WebUtils.getHttpServletRequestUserAgentFromRequestContext(requestContext);
        log.debug("dingtalk h5, doPreExecute, Request user agent [{}]", httpServletRequestUserAgentFromRequestContext);
        if (!UserAgentUtils.isDingtalk(httpServletRequestUserAgentFromRequestContext)) {
            return null;
        }
        WebApplicationService service = WebUtils.getService(requestContext);
        if (service == null) {
            log.debug("dingtalk h5, doPreExecute, service not exist, skip");
            return error();
        }
        String str = requestContext.getRequestParameters().get("code");
        log.debug("dingtalk h5, doPreExecute, code is [{}]", str);
        if (!StringUtils.isBlank(str) || "dingtalkH5RequestAuthCode".equals(id)) {
            return null;
        }
        String configValue2 = getConfigValue("casServer.federation.dingtalkh5.corpid", "");
        if (StringUtils.isNotBlank(configValue2)) {
            log.debug("dingtalk h5, doPreExecute, dingtalkH5RequestAuthCode");
            requestContext.getFlashScope().put("corpId", configValue2);
            return new EventFactorySupport().event(this, "dingtalkH5RequestAuthCode");
        }
        String str2 = this.casServerPrefix + "/login";
        if (service != null) {
            str2 = str2 + "?service=" + URLEncoder.encode(service.getId(), RSAUtils.CHARSET);
        }
        log.debug("dingtalk h5, doPreExecute, redirectUrl2 is {}", str2);
        String snsAuthorizeUrl = DingTalkUtils.getSnsAuthorizeUrl(configValue, str2, service != null ? URLEncoder.encode(service.getId(), RSAUtils.CHARSET) : "STATE");
        log.info("dingtalk h5, doPreExecute, redirect to url [{}]", snsAuthorizeUrl);
        WebUtils.putServiceRedirectUrl(requestContext, snsAuthorizeUrl);
        return new EventFactorySupport().event(this, "redirect");
    }

    protected Credential constructCredentialsFromRequest(RequestContext requestContext) {
        return null;
    }

    private String rsaEncrypt(String str) {
        return "__RSA__" + RSAUtils.publicEncrypt(str, RSAUtils.instance().getPublicKey());
    }

    private String encodeUsername(String str) {
        if (StringUtils.isNotBlank(str)) {
            return str.length() > 5 ? str.replaceAll("(.{2}).*(.{2})", "$1****$2") : str.replaceAll("(.{1}).*(.{1})", "$1****$2");
        }
        return null;
    }

    private void federatedBind(String str, String str2, String str3, String str4, String str5) {
        try {
            Federation federation = new Federation();
            federation.setUserNo(str);
            federation.setFederatedType(str2);
            federation.setFederatedId(str3);
            federation.setFederatedInfo(str4);
            federation.setFederatedLogo(str5);
            this.federationManager.bind(federation, null, null);
        } catch (Exception e) {
            e.printStackTrace();
        }
    }

    private void federatedBindAuto(String str, String str2, String str3, String str4, String str5) {
        String userNo;
        try {
            Account loadAccountByUsername = this.accountService.loadAccountByUsername(str5);
            if (loadAccountByUsername == null) {
                loadAccountByUsername = this.accountService.loadAccountByUsername(str2);
            }
            if (loadAccountByUsername == null || (userNo = loadAccountByUsername.getUserNo()) == null) {
                return;
            }
            Federation federation = new Federation();
            federation.setUserNo(userNo);
            federation.setFederatedType(str);
            federation.setFederatedId(str2);
            federation.setFederatedInfo(str3);
            federation.setFederatedLogo(str4);
            this.federationManager.bind(federation, null, null);
        } catch (Exception e) {
            e.printStackTrace();
        }
    }
}
