package com.supwisdom.institute.cas.site.qr.code.web;

import com.alibaba.fastjson.JSONObject;
import com.supwisdom.institute.cas.core.utils.dingtalk.DingTalkUtils;
import com.supwisdom.institute.cas.core.utils.openweixin.OpenWeixinUtils;
import com.supwisdom.institute.cas.core.utils.weixinmp.WeixinMPUtils;
import com.supwisdom.institute.cas.core.utils.workweixin.WorkWeixinUtils;
import com.supwisdom.institute.cas.site.account.Account;
import com.supwisdom.institute.cas.site.account.service.AccountService;
import com.supwisdom.institute.cas.site.common.util.CertUtil;
import com.supwisdom.institute.cas.site.common.util.HttpUtil;
import com.supwisdom.institute.cas.site.common.util.RSAUtils;
import com.supwisdom.institute.cas.site.common.util.UserAgentUtils;
import com.supwisdom.institute.cas.site.config.Config;
import com.supwisdom.institute.cas.site.config.ConfigManager;
import com.supwisdom.institute.cas.site.federated.authentication.FederatedUserinfo;
import com.supwisdom.institute.cas.site.federation.Federation;
import com.supwisdom.institute.cas.site.federation.FederationManager;
import com.supwisdom.institute.cas.site.federation.FederationRepository;
import com.supwisdom.institute.cas.site.qr.code.QrCode;
import com.supwisdom.institute.cas.site.qr.code.QrCodeStore;
import com.supwisdom.institute.cas.site.web.flow.actions.CasServerIdentityCookieAction;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.Jwts;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.UnsupportedEncodingException;
import java.security.NoSuchAlgorithmException;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.InvalidKeySpecException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.commons.lang3.StringUtils;
import org.apache.http.HttpResponse;
import org.apereo.cas.util.HttpRequestUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.servlet.ModelAndView;
import org.springframework.web.servlet.view.RedirectView;

@Controller("qrCodeController")
/* loaded from: input_file:com/supwisdom/institute/cas/site/qr/code/web/QrCodeController.class */
public class QrCodeController {
    private static final Logger log = LoggerFactory.getLogger(QrCodeController.class);
    private static final String DEVICE_SUPERAPP = "SUPERAPP";
    private static final String DEVICE_WXAMP = "WXAMP";
    private static final String DEVICE_WECHAT = "OPEN_WEIXIN";
    private static final String DEVICE_WORK_WEIXIN = "WORK_WEIXIN";
    private static final String DEVICE_DINGTALK = "DINGTALK";
    public static final String QR_INIT = "/qr/init";
    public static final String QR_ENDPOINT = "/qr/qrcode";
    public static final String QR_COMET_ENDPOINT = "/qr/comet";
    public static final String QR_SCAN_CALLBACK_ENDPOINT = "/qr/scan";
    public static final String QR_AUTHORIZE_ENDPOINT = "/qr/authorize";
    public static final String QR_AUTH_ENDPOINT = "/qr/auth";
    public static final String QR_CANCEL_ENDPOINT = "/qr/cancel";
    private final String casServerPrefix;
    private final QrCodeStore redisQrCodeStore;
    private String qrCodeAuthoriseView = "casServerQrCodeAuthorize";
    private String qrCodeErrorView = "casServerQrCodeError";

    @Value("${cas-server.config.tracePathSuffix:}")
    private String tracePathSuffix;

    @Autowired
    private ConfigManager configManager;

    @Autowired
    private AccountService accountService;

    @Autowired
    @Qualifier("remoteFederationManager")
    private FederationManager federationManager;

    @Autowired
    @Qualifier("remoteFederationRepository")
    private FederationRepository federationRepository;

    @Value("${superapp.token.signing.key.url:http://localhost:8080/auth-server/jwt/publicKey}")
    private String signingKeyUrl;
    private RSAPublicKey casRSAPublicKey;

    private String getConfigValue(String str, String str2) {
        Config config = this.configManager.getConfigs().get(str);
        return (config == null || !StringUtils.isNotBlank(config.getConfigValue())) ? str2 : config.getConfigValue();
    }

    private Boolean getConfigValue(String str, Boolean bool) {
        Config config = this.configManager.getConfigs().get(str);
        return (config == null || !StringUtils.isNotBlank(config.getConfigValue())) ? bool : Boolean.valueOf(config.getConfigValue());
    }

    @GetMapping(path = {QR_INIT})
    @ResponseBody
    public JSONObject init(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        QrCode qrCode = new QrCode();
        qrCode.setTimestamp(Long.valueOf(System.currentTimeMillis()));
        qrCode.setStatus(QrCode.QR_CODE_STATUS_INIT);
        String saveQrCode = this.redisQrCodeStore.saveQrCode(qrCode, 125L);
        HttpSession session = httpServletRequest.getSession();
        session.removeAttribute("CAS_SERVER_QR_CODE:stateKey");
        session.setAttribute("CAS_SERVER_QR_CODE:stateKey", saveQrCode.toString());
        log.debug("set stateKey to session: {}", saveQrCode);
        JSONObject jSONObject = new JSONObject();
        jSONObject.put("code", 0);
        jSONObject.put("message", (Object) null);
        JSONObject jSONObject2 = new JSONObject();
        jSONObject2.put("stateKey", saveQrCode);
        jSONObject2.put("qrCode", qrCode);
        jSONObject.put("data", jSONObject2);
        return jSONObject;
    }

    /* JADX WARN: Removed duplicated region for block: B:16:0x0179 A[Catch: Exception -> 0x01a4, TryCatch #0 {Exception -> 0x01a4, blocks: (B:3:0x0025, B:5:0x0057, B:6:0x00ad, B:8:0x010f, B:9:0x0125, B:24:0x013d, B:26:0x0147, B:16:0x0179, B:20:0x0188, B:12:0x0164, B:27:0x0088), top: B:2:0x0025 }] */
    /* JADX WARN: Removed duplicated region for block: B:20:0x0188 A[Catch: Exception -> 0x01a4, TryCatch #0 {Exception -> 0x01a4, blocks: (B:3:0x0025, B:5:0x0057, B:6:0x00ad, B:8:0x010f, B:9:0x0125, B:24:0x013d, B:26:0x0147, B:16:0x0179, B:20:0x0188, B:12:0x0164, B:27:0x0088), top: B:2:0x0025 }] */
    @org.springframework.web.bind.annotation.GetMapping(path = {com.supwisdom.institute.cas.site.qr.code.web.QrCodeController.QR_ENDPOINT})
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public void qrcode(javax.servlet.http.HttpServletRequest r7, javax.servlet.http.HttpServletResponse r8) {
        /*
            Method dump skipped, instructions count: 426
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.supwisdom.institute.cas.site.qr.code.web.QrCodeController.qrcode(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse):void");
    }

    @PostMapping(path = {QR_COMET_ENDPOINT})
    @ResponseBody
    public JSONObject qrCometRest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        try {
            String valueOf = String.valueOf(httpServletRequest.getSession().getAttribute("CAS_SERVER_QR_CODE:stateKey"));
            log.debug("get stateKey from session: {}", valueOf);
            QrCode loadQrCode = this.redisQrCodeStore.loadQrCode(valueOf);
            if (loadQrCode == null) {
                JSONObject jSONObject = new JSONObject();
                jSONObject.put("code", 1);
                jSONObject.put("message", "expired");
                return jSONObject;
            }
            JSONObject jSONObject2 = new JSONObject();
            jSONObject2.put("code", 0);
            jSONObject2.put("message", (Object) null);
            JSONObject jSONObject3 = new JSONObject();
            jSONObject3.put("stateKey", valueOf);
            jSONObject3.put("qrCode", loadQrCode);
            jSONObject2.put("data", jSONObject3);
            return jSONObject2;
        } catch (Exception e) {
            e.printStackTrace();
            JSONObject jSONObject4 = new JSONObject();
            jSONObject4.put("code", -1);
            jSONObject4.put("message", "error");
            return jSONObject4;
        }
    }

    @GetMapping(path = {"/qr/scan/{stateKey}"})
    public ModelAndView qrScanCallback(@PathVariable(name = "stateKey", required = true) String str, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        ModelAndView doWorkWeixinScan;
        ModelAndView doDingtalkScan;
        ModelAndView doWechatScan;
        ModelAndView doSuperappScan;
        ModelAndView doSuperappScan2;
        String httpServletRequestUserAgent = HttpRequestUtils.getHttpServletRequestUserAgent(httpServletRequest);
        log.debug("qrScan, qrScanCallback, Request user agent [{}], stateKey [{}]", httpServletRequestUserAgent, str);
        boolean isSuperApp = UserAgentUtils.isSuperApp(httpServletRequestUserAgent);
        boolean isWxamp = UserAgentUtils.isWxamp(httpServletRequestUserAgent);
        boolean isWechatClient = UserAgentUtils.isWechatClient(httpServletRequestUserAgent);
        boolean isWorkweixin = UserAgentUtils.isWorkweixin(httpServletRequestUserAgent);
        boolean isDingtalk = UserAgentUtils.isDingtalk(httpServletRequestUserAgent);
        if (UserAgentUtils.isSuperApp(httpServletRequestUserAgent) && (doSuperappScan2 = doSuperappScan(str, DEVICE_SUPERAPP, httpServletRequest, httpServletResponse)) != null) {
            if (StringUtils.isNotBlank(httpServletRequest.getParameter("debug"))) {
                doSuperappScan2.addObject("debug", httpServletRequest.getParameter("debug"));
            }
            return doSuperappScan2;
        }
        if (UserAgentUtils.isWxamp(httpServletRequestUserAgent) && (doSuperappScan = doSuperappScan(str, DEVICE_WXAMP, httpServletRequest, httpServletResponse)) != null) {
            if (StringUtils.isNotBlank(httpServletRequest.getParameter("debug"))) {
                doSuperappScan.addObject("debug", httpServletRequest.getParameter("debug"));
            }
            return doSuperappScan;
        }
        if (UserAgentUtils.isWechatClient(httpServletRequestUserAgent) && (doWechatScan = doWechatScan(str, httpServletRequest, httpServletResponse)) != null) {
            if (StringUtils.isNotBlank(httpServletRequest.getParameter("debug"))) {
                doWechatScan.addObject("debug", httpServletRequest.getParameter("debug"));
            }
            return doWechatScan;
        }
        if ((UserAgentUtils.isWorkweixin(httpServletRequestUserAgent) || UserAgentUtils.isWechatClient(httpServletRequestUserAgent)) && (doWorkWeixinScan = doWorkWeixinScan(str, httpServletRequest, httpServletResponse)) != null) {
            if (StringUtils.isNotBlank(httpServletRequest.getParameter("debug"))) {
                doWorkWeixinScan.addObject("debug", httpServletRequest.getParameter("debug"));
            }
            return doWorkWeixinScan;
        }
        if (UserAgentUtils.isDingtalk(httpServletRequestUserAgent) && (doDingtalkScan = doDingtalkScan(str, httpServletRequest, httpServletResponse)) != null) {
            if (StringUtils.isNotBlank(httpServletRequest.getParameter("debug"))) {
                doDingtalkScan.addObject("debug", httpServletRequest.getParameter("debug"));
            }
            return doDingtalkScan;
        }
        ModelAndView modelAndView = new ModelAndView(this.qrCodeErrorView);
        modelAndView.addObject("error", "不支持当前客户端");
        modelAndView.addObject("isSuperApp", Boolean.valueOf(isSuperApp));
        modelAndView.addObject("isWxamp", Boolean.valueOf(isWxamp));
        modelAndView.addObject("isWechat", Boolean.valueOf(isWechatClient));
        modelAndView.addObject("isWorkweixin", Boolean.valueOf(isWorkweixin));
        modelAndView.addObject("isDingtalk", Boolean.valueOf(isDingtalk));
        return modelAndView;
    }

    private ModelAndView doSuperappScan(String str, String str2, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        String parameter = httpServletRequest.getParameter("JWTToken");
        log.debug("Received token from paramter: [{}]", parameter);
        if (StringUtils.isBlank(parameter)) {
            String header = httpServletRequest.getHeader("Authorization");
            log.debug("Received token from header: [{}]", header);
            if (!StringUtils.isBlank(header) && header.startsWith("JWTToken ")) {
                parameter = header.substring("JWTToken ".length());
            }
        }
        if (StringUtils.isBlank(parameter)) {
            String str3 = null;
            String parameter2 = httpServletRequest.getParameter("idToken");
            log.debug("idTokenParamterValue is [{}]", parameter2);
            if (parameter2 != null && !parameter2.isEmpty()) {
                str3 = parameter2;
            }
            if (str3 == null) {
                String header2 = httpServletRequest.getHeader("X-Id-Token");
                log.debug("idTokenHeaderValue is [{}]", header2);
                if (header2 != null && !header2.isEmpty()) {
                    str3 = header2;
                }
            }
            log.debug("idToken is [{}]", str3);
            if (str3 != null && !str3.isEmpty()) {
                parameter = str3;
            }
        }
        try {
            if (StringUtils.isBlank(parameter)) {
                throw new Exception("appToken.empty");
            }
            try {
                String subject = getClaimsFromToken(parameter).getSubject();
                if (subject == null) {
                    throw new Exception("appToken.invalid");
                }
                Account loadAccountByUsername = this.accountService.loadAccountByUsername(subject);
                ArrayList arrayList = new ArrayList();
                arrayList.add(loadAccountByUsername);
                QrCode loadQrCode = this.redisQrCodeStore.loadQrCode(str);
                if (loadQrCode == null) {
                    throw new Exception("qrCode.expired");
                }
                loadQrCode.setDevice(str2);
                loadQrCode.setApptoken(parameter);
                loadQrCode.setAccounts(arrayList);
                loadQrCode.setStatus(QrCode.QR_CODE_STATUS_SCANED);
                this.redisQrCodeStore.updateQrCode(str, loadQrCode, 125L);
                return new ModelAndView(new RedirectView(this.casServerPrefix + QR_AUTHORIZE_ENDPOINT + CasServerIdentityCookieAction.DEFAULT_COOKIE_PATH + str + "?locale=" + httpServletRequest.getLocale()));
            } catch (Exception e) {
                throw new Exception("appToken.invalid");
            }
        } catch (Exception e2) {
            e2.printStackTrace();
            ModelAndView modelAndView = new ModelAndView(this.qrCodeErrorView);
            modelAndView.addObject("error", e2.getMessage());
            return modelAndView;
        }
    }

    private ModelAndView doWechatScan(String str, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        List<Account> loadAccountsByUserId;
        if (!getConfigValue("casServer.federation.weixinmp.enabled", (Boolean) false).booleanValue()) {
            return null;
        }
        String configValue = getConfigValue("casServer.federation.weixinmp.appid", "");
        String configValue2 = getConfigValue("casServer.federation.weixinmp.appsecret", "");
        if (StringUtils.isBlank(configValue) || StringUtils.isBlank(configValue2)) {
            return null;
        }
        String parameter = httpServletRequest.getParameter("code");
        if (StringUtils.isBlank(parameter)) {
            String str2 = this.casServerPrefix + QR_SCAN_CALLBACK_ENDPOINT + CasServerIdentityCookieAction.DEFAULT_COOKIE_PATH + str;
            if (StringUtils.isNotBlank(httpServletRequest.getParameter("debug"))) {
                str2 = str2 + "?debug=debug";
            }
            log.debug("scan by weixin, doWechatScan, redirectUrl is {}", str2);
            String authorizeUrl = WeixinMPUtils.getAuthorizeUrl(configValue, str2, str);
            log.info("scan by weixin, doWechatScan, redirect to url [{}]", authorizeUrl);
            return new ModelAndView(new RedirectView(authorizeUrl));
        }
        FederatedUserinfo federatedUserinfo = null;
        try {
            if (StringUtils.isNotBlank(parameter)) {
                String userinfo = OpenWeixinUtils.getUserinfo(configValue, configValue2, parameter);
                if (StringUtils.isNotBlank(userinfo)) {
                    log.info("user from weixin mp: {}", userinfo);
                    JSONObject parseObject = JSONObject.parseObject(userinfo);
                    String string = parseObject.getString("openid");
                    String string2 = parseObject.getString("unionid");
                    String str3 = string;
                    if (StringUtils.isNotBlank(string2)) {
                        str3 = string2;
                    }
                    federatedUserinfo = new FederatedUserinfo("openweixin", str3);
                    federatedUserinfo.setName(parseObject.getString("nickname"));
                    federatedUserinfo.setLogo(parseObject.getString("headimgurl"));
                    HashMap hashMap = new HashMap();
                    hashMap.put("wxType", "MP");
                    hashMap.put("openid", string);
                    federatedUserinfo.setExternalInfo(hashMap);
                }
            }
            log.debug("Retrieved federated userinfo from client as [{}]", federatedUserinfo);
            if (federatedUserinfo == null) {
                throw new IllegalArgumentException("Unable to determine federated userinfo from the context with client openweixin");
            }
            Map<String, Object> externalInfo = federatedUserinfo.getExternalInfo();
            String federatedType = federatedUserinfo.getFederatedType();
            String federatedId = federatedUserinfo.getFederatedId();
            federatedUserinfo.getName();
            federatedUserinfo.getLogo();
            if (externalInfo != null && !externalInfo.isEmpty()) {
                if (externalInfo.containsKey("wxType")) {
                    String.valueOf(externalInfo.get("wxType"));
                }
                if (externalInfo.containsKey("openid")) {
                    String.valueOf(externalInfo.get("openid"));
                }
            }
            Federation loadByFederatedTypeId = this.federationRepository.loadByFederatedTypeId(federatedType, federatedId);
            if (loadByFederatedTypeId == null || StringUtils.isBlank(loadByFederatedTypeId.getFederatedId())) {
                ModelAndView modelAndView = new ModelAndView(this.qrCodeErrorView);
                modelAndView.addObject("error", "当前的微信号尚未绑定认证账号，请先在电脑端登录页面进行绑定");
                return modelAndView;
            }
            String userNo = loadByFederatedTypeId.getUserNo();
            if (StringUtils.isNotBlank(userNo)) {
                loadAccountsByUserId = this.accountService.loadAccountsByUserNo(userNo);
            } else {
                loadAccountsByUserId = this.accountService.loadAccountsByUserId(loadByFederatedTypeId.getUserId());
            }
            try {
                QrCode loadQrCode = this.redisQrCodeStore.loadQrCode(str);
                if (loadQrCode == null) {
                    throw new Exception("qrCode.expired");
                }
                loadQrCode.setDevice(DEVICE_WECHAT);
                loadQrCode.setAccounts(loadAccountsByUserId);
                loadQrCode.setStatus(QrCode.QR_CODE_STATUS_SCANED);
                this.redisQrCodeStore.updateQrCode(str, loadQrCode, 125L);
                return new ModelAndView(new RedirectView(this.casServerPrefix + QR_AUTHORIZE_ENDPOINT + CasServerIdentityCookieAction.DEFAULT_COOKIE_PATH + str));
            } catch (Exception e) {
                e.printStackTrace();
                ModelAndView modelAndView2 = new ModelAndView(this.qrCodeErrorView);
                modelAndView2.addObject("error", e.getMessage());
                return modelAndView2;
            }
        } catch (Exception e2) {
            e2.printStackTrace();
            ModelAndView modelAndView3 = new ModelAndView(this.qrCodeErrorView);
            modelAndView3.addObject("error", "微信登录异常");
            return modelAndView3;
        }
    }

    private ModelAndView doWorkWeixinScan(String str, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        List<Account> loadAccountsByUserId;
        String configValue = getConfigValue("casServer.federation.workweixinh5.corpid", "");
        String configValue2 = getConfigValue("casServer.federation.workweixinh5.secret", "");
        if (!getConfigValue("casServer.federation.workweixinh5.enabled", (Boolean) false).booleanValue() || StringUtils.isBlank(configValue) || StringUtils.isBlank(configValue2)) {
            return null;
        }
        String parameter = httpServletRequest.getParameter("code");
        if (StringUtils.isBlank(parameter)) {
            String str2 = this.casServerPrefix + QR_SCAN_CALLBACK_ENDPOINT + CasServerIdentityCookieAction.DEFAULT_COOKIE_PATH + str;
            if (StringUtils.isNotBlank(httpServletRequest.getParameter("debug"))) {
                str2 = str2 + "?debug=debug";
            }
            log.debug("scan by work weixin, doWorkWeixinScan, redirectUrl is {}", str2);
            String oAuth2AuthorizeUrl = WorkWeixinUtils.getOAuth2AuthorizeUrl(configValue, str2, str);
            log.info("scan by work weixin, doWorkWeixinScan, redirect to url [{}]", oAuth2AuthorizeUrl);
            return new ModelAndView(new RedirectView(oAuth2AuthorizeUrl));
        }
        FederatedUserinfo federatedUserinfo = null;
        try {
            String userId = WorkWeixinUtils.getUserId(configValue, configValue2, parameter);
            if (StringUtils.isNotBlank(userId)) {
                String user = WorkWeixinUtils.getUser(configValue, configValue2, userId);
                if (StringUtils.isNotBlank(user)) {
                    log.info("user from work weixin: {}", user);
                    JSONObject parseObject = JSONObject.parseObject(user);
                    String string = parseObject.getString("name");
                    String string2 = parseObject.getString("avatar");
                    federatedBindAutoWorkWeixin("workweixin", userId, string, string2, userId);
                    federatedUserinfo = new FederatedUserinfo("workweixin", userId);
                    federatedUserinfo.setName(string);
                    federatedUserinfo.setLogo(string2);
                }
            }
            log.debug("Retrieved federated userinfo from client as [{}]", federatedUserinfo);
            if (federatedUserinfo == null) {
                throw new IllegalArgumentException("Unable to determine federated userinfo from the context with client workweixin");
            }
            Map<String, Object> externalInfo = federatedUserinfo.getExternalInfo();
            String federatedType = federatedUserinfo.getFederatedType();
            String federatedId = federatedUserinfo.getFederatedId();
            federatedUserinfo.getName();
            federatedUserinfo.getLogo();
            if (externalInfo != null && !externalInfo.isEmpty()) {
                if (externalInfo.containsKey("wxType")) {
                    String.valueOf(externalInfo.get("wxType"));
                }
                if (externalInfo.containsKey("openid")) {
                    String.valueOf(externalInfo.get("openid"));
                }
            }
            Federation loadByFederatedTypeId = this.federationRepository.loadByFederatedTypeId(federatedType, federatedId);
            if (loadByFederatedTypeId == null || StringUtils.isBlank(loadByFederatedTypeId.getFederatedId())) {
                ModelAndView modelAndView = new ModelAndView(this.qrCodeErrorView);
                modelAndView.addObject("error", "当前的企业微信号尚未绑定认证账号，请先在电脑端登录页面进行绑定");
                return modelAndView;
            }
            String userNo = loadByFederatedTypeId.getUserNo();
            if (StringUtils.isNotBlank(userNo)) {
                loadAccountsByUserId = this.accountService.loadAccountsByUserNo(userNo);
            } else {
                loadAccountsByUserId = this.accountService.loadAccountsByUserId(loadByFederatedTypeId.getUserId());
            }
            try {
                QrCode loadQrCode = this.redisQrCodeStore.loadQrCode(str);
                if (loadQrCode == null) {
                    throw new Exception("qrCode.expired");
                }
                loadQrCode.setDevice(DEVICE_WORK_WEIXIN);
                loadQrCode.setAccounts(loadAccountsByUserId);
                loadQrCode.setStatus(QrCode.QR_CODE_STATUS_SCANED);
                this.redisQrCodeStore.updateQrCode(str, loadQrCode, 125L);
                return new ModelAndView(new RedirectView(this.casServerPrefix + QR_AUTHORIZE_ENDPOINT + CasServerIdentityCookieAction.DEFAULT_COOKIE_PATH + str));
            } catch (Exception e) {
                e.printStackTrace();
                ModelAndView modelAndView2 = new ModelAndView(this.qrCodeErrorView);
                modelAndView2.addObject("error", e.getMessage());
                return modelAndView2;
            }
        } catch (Exception e2) {
            e2.printStackTrace();
            ModelAndView modelAndView3 = new ModelAndView(this.qrCodeErrorView);
            modelAndView3.addObject("error", "微信登录异常");
            return modelAndView3;
        }
    }

    private void federatedBindAutoWorkWeixin(String str, String str2, String str3, String str4, String str5) {
        try {
            String str6 = null;
            Account loadAccountByUsername = this.accountService.loadAccountByUsername(str5);
            if (loadAccountByUsername != null) {
                str6 = loadAccountByUsername.getUserNo();
            } else {
                List<Account> loadAccountsByUserNo = this.accountService.loadAccountsByUserNo(str5);
                if (loadAccountsByUserNo != null && loadAccountsByUserNo.size() > 0) {
                    str6 = str5;
                }
            }
            if (str6 != null) {
                Federation federation = new Federation();
                federation.setUserNo(str6);
                federation.setFederatedType(str);
                federation.setFederatedId(str2);
                federation.setFederatedInfo(str3);
                federation.setFederatedLogo(str4);
                this.federationManager.bind(federation, null, null);
            }
        } catch (Exception e) {
            e.printStackTrace();
        }
    }

    private ModelAndView doDingtalkScan(String str, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        String string;
        JSONObject userByUserid;
        String configValue = getConfigValue("casServer.federation.dingtalkh5.appid", "");
        String configValue2 = getConfigValue("casServer.federation.dingtalkh5.appsecret", "");
        if (!getConfigValue("casServer.federation.dingtalkh5.enabled", (Boolean) false).booleanValue() || StringUtils.isBlank(configValue) || StringUtils.isBlank(configValue2)) {
            return null;
        }
        String parameter = httpServletRequest.getParameter("code");
        if (StringUtils.isBlank(parameter)) {
            String str2 = this.casServerPrefix + QR_SCAN_CALLBACK_ENDPOINT + CasServerIdentityCookieAction.DEFAULT_COOKIE_PATH + str;
            if (StringUtils.isNotBlank(httpServletRequest.getParameter("debug"))) {
                str2 = str2 + "?debug=debug";
            }
            log.debug("scan by dingtalk, doDingtalkScan, redirectUrl is {}", str2);
            String snsAuthorizeUrl = DingTalkUtils.getSnsAuthorizeUrl(configValue, str2, str);
            log.info("scan by dingtalk, doDingtalkScan, redirect to url [{}]", snsAuthorizeUrl);
            return new ModelAndView(new RedirectView(snsAuthorizeUrl));
        }
        FederatedUserinfo federatedUserinfo = null;
        try {
            JSONObject userinfoByCode = DingTalkUtils.getUserinfoByCode(configValue, configValue2, parameter);
            if (userinfoByCode != null) {
                log.info("user from dingtalk: {}", userinfoByCode.toJSONString());
                JSONObject useridByUnionid = DingTalkUtils.getUseridByUnionid(configValue, configValue2, userinfoByCode.getString("unionid"));
                if (useridByUnionid != null && (userByUserid = DingTalkUtils.getUserByUserid(configValue, configValue2, (string = useridByUnionid.getString("userid")))) != null) {
                    String string2 = userByUserid.getString("name");
                    String string3 = userByUserid.getString("avatar");
                    federatedBindAutoDingtalk("dingtalk", string, string2, string3, userByUserid.getString("job_number"));
                    federatedUserinfo = new FederatedUserinfo("dingtalk", string);
                    federatedUserinfo.setName(string2);
                    federatedUserinfo.setLogo(string3);
                }
            }
            log.debug("Retrieved federated userinfo from client as [{}]", federatedUserinfo);
            if (federatedUserinfo == null) {
                throw new IllegalArgumentException("Unable to determine federated userinfo from the context with client dingtalk");
            }
            Map<String, Object> externalInfo = federatedUserinfo.getExternalInfo();
            String federatedType = federatedUserinfo.getFederatedType();
            String federatedId = federatedUserinfo.getFederatedId();
            federatedUserinfo.getName();
            federatedUserinfo.getLogo();
            if (externalInfo != null && !externalInfo.isEmpty()) {
                if (externalInfo.containsKey("wxType")) {
                    String.valueOf(externalInfo.get("wxType"));
                }
                if (externalInfo.containsKey("openid")) {
                    String.valueOf(externalInfo.get("openid"));
                }
            }
            Federation loadByFederatedTypeId = this.federationRepository.loadByFederatedTypeId(federatedType, federatedId);
            if (loadByFederatedTypeId == null || StringUtils.isBlank(loadByFederatedTypeId.getFederatedId())) {
                ModelAndView modelAndView = new ModelAndView(this.qrCodeErrorView);
                modelAndView.addObject("error", "当前的钉钉号尚未绑定认证账号，请先在电脑端登录页面进行绑定");
                return modelAndView;
            }
            String userNo = loadByFederatedTypeId.getUserNo();
            List<Account> loadAccountsByUserNo = StringUtils.isNotBlank(userNo) ? this.accountService.loadAccountsByUserNo(userNo) : this.accountService.loadAccountsByUserId(loadByFederatedTypeId.getUserId());
            try {
                QrCode loadQrCode = this.redisQrCodeStore.loadQrCode(str);
                if (loadQrCode == null) {
                    throw new Exception("qrCode.expired");
                }
                loadQrCode.setDevice(DEVICE_DINGTALK);
                loadQrCode.setAccounts(loadAccountsByUserNo);
                loadQrCode.setStatus(QrCode.QR_CODE_STATUS_SCANED);
                this.redisQrCodeStore.updateQrCode(str, loadQrCode, 125L);
                return new ModelAndView(new RedirectView(this.casServerPrefix + QR_AUTHORIZE_ENDPOINT + CasServerIdentityCookieAction.DEFAULT_COOKIE_PATH + str));
            } catch (Exception e) {
                e.printStackTrace();
                ModelAndView modelAndView2 = new ModelAndView(this.qrCodeErrorView);
                modelAndView2.addObject("error", e.getMessage());
                return modelAndView2;
            }
        } catch (Exception e2) {
            e2.printStackTrace();
            ModelAndView modelAndView3 = new ModelAndView(this.qrCodeErrorView);
            modelAndView3.addObject("error", "微信登录异常");
            return modelAndView3;
        }
    }

    private void federatedBindAutoDingtalk(String str, String str2, String str3, String str4, String str5) {
        String userNo;
        try {
            Account loadAccountByUsername = this.accountService.loadAccountByUsername(str5);
            if (loadAccountByUsername == null) {
                loadAccountByUsername = this.accountService.loadAccountByUsername(str2);
            }
            if (loadAccountByUsername == null || (userNo = loadAccountByUsername.getUserNo()) == null) {
                return;
            }
            Federation federation = new Federation();
            federation.setUserNo(userNo);
            federation.setFederatedType(str);
            federation.setFederatedId(str2);
            federation.setFederatedInfo(str3);
            federation.setFederatedLogo(str4);
            this.federationManager.bind(federation, null, null);
        } catch (Exception e) {
            e.printStackTrace();
        }
    }

    @GetMapping(path = {"/qr/authorize/{stateKey}"})
    public ModelAndView qrAuthorizeView(@PathVariable(name = "stateKey", required = true) String str, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        String httpServletRequestUserAgent = HttpRequestUtils.getHttpServletRequestUserAgent(httpServletRequest);
        boolean isSuperApp = UserAgentUtils.isSuperApp(httpServletRequestUserAgent);
        boolean isWechatClient = UserAgentUtils.isWechatClient(httpServletRequestUserAgent);
        boolean isWorkweixin = UserAgentUtils.isWorkweixin(httpServletRequestUserAgent);
        boolean isDingtalk = UserAgentUtils.isDingtalk(httpServletRequestUserAgent);
        ModelAndView modelAndView = new ModelAndView(this.qrCodeAuthoriseView);
        modelAndView.addObject("isSuperApp", Boolean.valueOf(isSuperApp));
        modelAndView.addObject("isWechat", Boolean.valueOf(isWechatClient));
        modelAndView.addObject("isWorkweixin", Boolean.valueOf(isWorkweixin));
        modelAndView.addObject("isDingtalk", Boolean.valueOf(isDingtalk));
        modelAndView.addObject("stateKey", str);
        return modelAndView;
    }

    @PostMapping(path = {"/qr/auth/{stateKey}"})
    @ResponseBody
    public JSONObject qrAuthRest(@PathVariable(name = "stateKey", required = true) String str, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        try {
            QrCode loadQrCode = this.redisQrCodeStore.loadQrCode(str);
            if (loadQrCode != null) {
                loadQrCode.setStatus(QrCode.QR_CODE_STATUS_AUTHED);
            }
            this.redisQrCodeStore.updateQrCode(str, loadQrCode, 125L);
            JSONObject jSONObject = new JSONObject();
            jSONObject.put("code", 0);
            jSONObject.put("message", (Object) null);
            JSONObject jSONObject2 = new JSONObject();
            jSONObject2.put("success", true);
            jSONObject.put("data", jSONObject2);
            return jSONObject;
        } catch (Exception e) {
            e.printStackTrace();
            JSONObject jSONObject3 = new JSONObject();
            jSONObject3.put("code", -1);
            jSONObject3.put("message", "error");
            return jSONObject3;
        }
    }

    @PostMapping(path = {"/qr/cancel/{stateKey}"})
    @ResponseBody
    public JSONObject qrCancelRest(@PathVariable(name = "stateKey", required = true) String str, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        try {
            QrCode loadQrCode = this.redisQrCodeStore.loadQrCode(str);
            if (loadQrCode != null) {
                loadQrCode.setStatus(QrCode.QR_CODE_STATUS_CANCEL);
            }
            this.redisQrCodeStore.updateQrCode(str, loadQrCode, 125L);
            JSONObject jSONObject = new JSONObject();
            jSONObject.put("code", 0);
            jSONObject.put("message", (Object) null);
            JSONObject jSONObject2 = new JSONObject();
            jSONObject2.put("success", true);
            jSONObject.put("data", jSONObject2);
            return jSONObject;
        } catch (Exception e) {
            e.printStackTrace();
            JSONObject jSONObject3 = new JSONObject();
            jSONObject3.put("code", -1);
            jSONObject3.put("message", "error");
            return jSONObject3;
        }
    }

    private Claims getClaimsFromToken(String str) {
        if (this.casRSAPublicKey == null) {
            String str2 = null;
            HttpResponse httpResponse = null;
            try {
                try {
                    try {
                        httpResponse = HttpUtil.executeGet(this.signingKeyUrl);
                        StringBuilder sb = new StringBuilder();
                        BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(httpResponse.getEntity().getContent(), RSAUtils.CHARSET), 8192);
                        while (true) {
                            String readLine = bufferedReader.readLine();
                            if (readLine == null) {
                                break;
                            }
                            sb.append(readLine);
                        }
                        log.debug("Fetch response [{}]", sb.toString());
                        str2 = sb.toString();
                        if (httpResponse != null) {
                            HttpUtil.close(httpResponse);
                        }
                    } catch (UnsupportedOperationException e) {
                        e.printStackTrace();
                        if (httpResponse != null) {
                            HttpUtil.close(httpResponse);
                        }
                    }
                } catch (UnsupportedEncodingException e2) {
                    e2.printStackTrace();
                    if (httpResponse != null) {
                        HttpUtil.close(httpResponse);
                    }
                } catch (IOException e3) {
                    e3.printStackTrace();
                    if (httpResponse != null) {
                        HttpUtil.close(httpResponse);
                    }
                }
                if (str2 != null) {
                    try {
                        this.casRSAPublicKey = CertUtil.stringToPublicKey(str2);
                    } catch (NoSuchAlgorithmException e4) {
                        e4.printStackTrace();
                    } catch (InvalidKeySpecException e5) {
                        e5.printStackTrace();
                    }
                }
            } catch (Throwable th) {
                if (httpResponse != null) {
                    HttpUtil.close(httpResponse);
                }
                throw th;
            }
        }
        Claims claims = null;
        if (this.casRSAPublicKey != null) {
            try {
                claims = (Claims) Jwts.parser().setSigningKey(this.casRSAPublicKey).parseClaimsJws(str).getBody();
            } catch (Exception e6) {
                claims = null;
                this.casRSAPublicKey = null;
            }
        }
        if (claims != null) {
            return claims;
        }
        return null;
    }

    public QrCodeController(String str, QrCodeStore qrCodeStore) {
        this.casServerPrefix = str;
        this.redisQrCodeStore = qrCodeStore;
    }
}
