package com.supwisdom.institute.personal.security.center.bff.controller;

import com.supwisdom.infras.communication.CommunicateUtil;
import com.supwisdom.institute.license.LicenseControlSwitch;
import com.supwisdom.institute.personal.security.center.bff.authx.log.callback.AuthxLogCallback;
import com.supwisdom.institute.personal.security.center.bff.authx.log.enums.DataType;
import com.supwisdom.institute.personal.security.center.bff.authx.log.enums.Level;
import com.supwisdom.institute.personal.security.center.bff.authx.log.enums.OperateType;
import com.supwisdom.institute.personal.security.center.bff.base.exception.DefaultErrorException;
import com.supwisdom.institute.personal.security.center.bff.base.vo.response.DefaultApiResponse;
import com.supwisdom.institute.personal.security.center.bff.constants.CheckTypeConstants;
import com.supwisdom.institute.personal.security.center.bff.entity.Safety;
import com.supwisdom.institute.personal.security.center.bff.entity.User;
import com.supwisdom.institute.personal.security.center.bff.modal.SecurityAccountModel;
import com.supwisdom.institute.personal.security.center.bff.modal.SecurityFlowConfig;
import com.supwisdom.institute.personal.security.center.bff.nonce.NonceUtil;
import com.supwisdom.institute.personal.security.center.bff.otp.TOTPUtils;
import com.supwisdom.institute.personal.security.center.bff.service.AccountService;
import com.supwisdom.institute.personal.security.center.bff.service.SafetyService;
import com.supwisdom.institute.personal.security.center.bff.service.SecurityAccountService;
import com.supwisdom.institute.personal.security.center.bff.service.SecurityFlowConfigService;
import com.supwisdom.institute.personal.security.center.bff.service.UserService;
import com.supwisdom.institute.personal.security.center.bff.utils.CodeUtil;
import com.supwisdom.institute.personal.security.center.bff.utils.CurrentUserUtil;
import com.supwisdom.institute.personal.security.center.bff.utils.EncodeUtils;
import com.supwisdom.institute.personal.security.center.bff.utils.TemplateUtil;
import com.supwisdom.institute.personal.security.center.bff.vo.request.usersecurity.UserSecurityOtpSecretCheckCodeBindOtpSecretRequest;
import com.supwisdom.institute.personal.security.center.bff.vo.request.usersecurity.UserSecurityOtpSecretCheckQuestionRequest;
import com.supwisdom.institute.personal.security.center.bff.vo.request.usersecurity.UserSecurityOtpSecretGenerateOtpSecretRequest;
import com.supwisdom.institute.personal.security.center.bff.vo.request.usersecurity.UserSecuritySafetyCheckCodeRequest;
import com.supwisdom.institute.personal.security.center.bff.vo.request.usersecurity.UserSecuritySafetyCheckOtpCodeRequest;
import com.supwisdom.institute.personal.security.center.bff.vo.request.usersecurity.UserSecuritySafetyCheckPasswordRequest;
import com.supwisdom.institute.personal.security.center.bff.vo.request.usersecurity.UserSecuritySafetySendCodeRequest;
import com.supwisdom.institute.personal.security.center.bff.vo.response.usersecurity.data.UserSecurityOtpSecretCheckCodeBindOtpSecretResponseData;
import com.supwisdom.institute.personal.security.center.bff.vo.response.usersecurity.data.UserSecurityOtpSecretGenerateOtpSecretResponseData;
import com.supwisdom.institute.personal.security.center.bff.vo.response.usersecurity.data.UserSecurityOtpSecretInitOtpSecretResponseData;
import com.supwisdom.institute.personal.security.center.bff.vo.response.usersecurity.data.UserSecuritySafetyCheckCodeResponseData;
import com.supwisdom.institute.personal.security.center.bff.vo.response.usersecurity.data.UserSecuritySafetyCheckOtpCodeResponseData;
import com.supwisdom.institute.personal.security.center.bff.vo.response.usersecurity.data.UserSecuritySafetyCheckPasswordResponseData;
import com.supwisdom.institute.personal.security.center.bff.vo.response.usersecurity.data.UserSecuritySafetyCheckQuestionResponseData;
import com.supwisdom.institute.personal.security.center.bff.vo.response.usersecurity.data.UserSecuritySafetySendCodeResponseData;
import com.supwisdom.institute.personal.security.center.license.LicenseFuncConstants;
import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation;
import java.util.HashMap;
import org.apache.commons.lang3.StringUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RestController;

@Api(value = "v2-user-security-otp-secret", tags = {"v2-user-security-otp-secret"}, description = "保护接口 - 用户的安全信息 - OTP令牌")
@RequestMapping({"/api/v2/user/security/otpSecret"})
@LicenseControlSwitch(funcs = {LicenseFuncConstants.FUNC_ID_D_02_02})
@RestController
/* loaded from: input_file:com/supwisdom/institute/personal/security/center/bff/controller/V2UserSecurityOtpSecretController.class */
public class V2UserSecurityOtpSecretController {

    @Autowired
    private UserService userService;

    @Autowired
    private AccountService accountService;

    @Autowired
    private SafetyService safetyService;

    @Autowired
    private SecurityFlowConfigService securityFlowConfigService;

    @Autowired
    private SecurityAccountService securityAccountService;

    @Value("${email.template.userSecurityOtpSecretSendCode:{name}：您正在修改OTP令牌，须验证身份，验证码{code}，有效期5分钟，请尽快完成验证。}")
    private String emailTemplateUserSecurityOtpSecretSendCode;

    @Value("${sms.template.userSecurityOtpSecretSendCode:{prefix}{name}：您正在修改OTP令牌，须验证身份，验证码{code}，有效期5分钟，请尽快完成验证。}")
    private String smsTemplateUserSecurityOtpSecretSendCode;
    private String emailTemplateCodeUserSecurityOtpSecretSendCode = "email.template.userSecurityOtpSecretSendCode";
    private String smsTemplateCodeUserSecurityOtpSecretSendCode = "sms.template.userSecurityOtpSecretSendCode";

    @Value("${sms.template.prefix:}")
    private String smsPrefix = "";

    @Value("${identityAuth.checkPassword.enabled:false}")
    private Boolean identityAuthCheckPasswordEnabled = false;

    @Autowired
    private AuthxLogCallback authxLogCallback;

    @Value("${otp.secret.domain:supwisdom.com}")
    private String otpSecretDomain;

    @RequestMapping(method = {RequestMethod.GET}, path = {"/initOtpSecret"})
    @ApiOperation(value = "修改OTP令牌 - 0 初始化", notes = "修改OTP令牌 - 0 初始化", nickname = "personal-security-center-user-security-otpSecret-initOtpSecret")
    public DefaultApiResponse<UserSecurityOtpSecretInitOtpSecretResponseData> initOtpSecret() {
        String currentUserId = CurrentUserUtil.currentUserId();
        HashMap hashMap = new HashMap();
        hashMap.put("userId", currentUserId);
        hashMap.put("step", 1);
        hashMap.put("initOtpSecret", true);
        String generate = NonceUtil.generate(hashMap);
        SecurityFlowConfig load = this.securityFlowConfigService.load();
        UserSecurityOtpSecretInitOtpSecretResponseData userSecurityOtpSecretInitOtpSecretResponseData = new UserSecurityOtpSecretInitOtpSecretResponseData();
        userSecurityOtpSecretInitOtpSecretResponseData.setNonce(generate);
        userSecurityOtpSecretInitOtpSecretResponseData.setStep(1);
        userSecurityOtpSecretInitOtpSecretResponseData.setMessage("初始化成功");
        userSecurityOtpSecretInitOtpSecretResponseData.setIdentityAuthCheckPasswordEnabled(this.identityAuthCheckPasswordEnabled);
        userSecurityOtpSecretInitOtpSecretResponseData.setSecurityFlowConfig(load);
        return new DefaultApiResponse<>(0, "初始化成功", userSecurityOtpSecretInitOtpSecretResponseData);
    }

    @RequestMapping(method = {RequestMethod.POST}, path = {"/checkPassword"}, consumes = {"application/json;charset=UTF-8"}, produces = {"application/json;charset=UTF-8"})
    @ApiOperation(value = "修改OTP令牌 - 1 验证用户密码", notes = "修改OTP令牌 - 1 验证用户密码", nickname = "personal-security-center-user-security-otpSecret-checkPassword")
    public DefaultApiResponse<UserSecuritySafetyCheckPasswordResponseData> checkPassword(@RequestBody UserSecuritySafetyCheckPasswordRequest userSecuritySafetyCheckPasswordRequest) {
        String nonce = userSecuritySafetyCheckPasswordRequest.getNonce();
        if (nonce == null || nonce.isEmpty()) {
            throw new DefaultErrorException(500, "exception.user.security.otpSecret.parameter.error");
        }
        String password = userSecuritySafetyCheckPasswordRequest.getPassword();
        if (password == null || password.isEmpty()) {
            throw new DefaultErrorException(500, "exception.user.security.otpSecret.parameter.error");
        }
        HashMap hashMap = new HashMap();
        if (!NonceUtil.verify(nonce, hashMap)) {
            throw new DefaultErrorException(500, "exception.user.security.otpSecret.nonce.error");
        }
        if (!hashMap.containsKey("initOtpSecret") || !Boolean.valueOf(String.valueOf(hashMap.get("initOtpSecret"))).booleanValue()) {
            throw new DefaultErrorException(500, "exception.user.security.otpSecret.step.error");
        }
        int intValue = hashMap.containsKey("errorTimes") ? Integer.valueOf(String.valueOf(hashMap.get("errorTimes"))).intValue() : 0;
        if (intValue >= 3) {
            throw new DefaultErrorException(500, "exception.user.security.otpSecret.check.error");
        }
        int i = 2;
        String currentUserId = CurrentUserUtil.currentUserId();
        if (!currentUserId.equals(String.valueOf(hashMap.get("userId")))) {
            throw new DefaultErrorException(500, "exception.user.security.otpSecret.userId.error");
        }
        SecurityAccountModel loadAccountInfoByAccountName = this.securityAccountService.loadAccountInfoByAccountName(CurrentUserUtil.currentUsername());
        if (loadAccountInfoByAccountName == null) {
            throw new DefaultErrorException(500, "exception.user.not.exist");
        }
        if (!this.securityAccountService.checkPassword(password, loadAccountInfoByAccountName.getPassword(), loadAccountInfoByAccountName)) {
            hashMap.put("userId", currentUserId);
            hashMap.put("step", 1);
            hashMap.put("checkPassword", false);
            hashMap.put("errorTimes", Integer.valueOf(intValue + 1));
            String generate = NonceUtil.generate(hashMap);
            UserSecuritySafetyCheckPasswordResponseData userSecuritySafetyCheckPasswordResponseData = new UserSecuritySafetyCheckPasswordResponseData();
            userSecuritySafetyCheckPasswordResponseData.setNonce(generate);
            userSecuritySafetyCheckPasswordResponseData.setStep(1);
            userSecuritySafetyCheckPasswordResponseData.setMessage("验证失败，密码错误");
            return new DefaultApiResponse<>(1, "验证失败，密码错误", userSecuritySafetyCheckPasswordResponseData);
        }
        SecurityFlowConfig load = this.securityFlowConfigService.load();
        if (!this.identityAuthCheckPasswordEnabled.booleanValue()) {
            boolean isVerificationEnabled = load.isVerificationEnabled();
            if (!isVerificationEnabled) {
                i = 3;
            }
            if (isVerificationEnabled) {
                Safety userSafety = this.safetyService.getUserSafety(currentUserId);
                boolean isNotBlank = StringUtils.isNotBlank(userSafety.getSecurePhone());
                boolean isNotBlank2 = StringUtils.isNotBlank(userSafety.getSecureEmail());
                boolean z = StringUtils.isNotBlank(userSafety.getSecureQuestion1()) && StringUtils.isNotBlank(userSafety.getSecureQuestion2());
                if (!isNotBlank && !isNotBlank2 && !z) {
                    i = 3;
                }
            }
        }
        hashMap.put("userId", currentUserId);
        hashMap.put("step", Integer.valueOf(i));
        hashMap.put("checkPassword", true);
        if (i == 3) {
            hashMap.put("checkCode", true);
        }
        hashMap.put("errorTimes", 0);
        String generate2 = NonceUtil.generate(hashMap);
        UserSecuritySafetyCheckPasswordResponseData userSecuritySafetyCheckPasswordResponseData2 = new UserSecuritySafetyCheckPasswordResponseData();
        userSecuritySafetyCheckPasswordResponseData2.setNonce(generate2);
        userSecuritySafetyCheckPasswordResponseData2.setStep(i);
        userSecuritySafetyCheckPasswordResponseData2.setMessage("验证成功");
        userSecuritySafetyCheckPasswordResponseData2.setSecurityFlowConfig(load);
        return new DefaultApiResponse<>(0, "验证成功", userSecuritySafetyCheckPasswordResponseData2);
    }

    @RequestMapping(method = {RequestMethod.POST}, path = {"/sendCode"}, consumes = {"application/json;charset=UTF-8"}, produces = {"application/json;charset=UTF-8"})
    @ApiOperation(value = "修改OTP令牌 - 2.1.1 发送验证码", notes = "修改OTP令牌 - 2.1.1 发送验证码", nickname = "personal-security-center-user-security-otpSecret-sendCode")
    public DefaultApiResponse<UserSecuritySafetySendCodeResponseData> sendCode(@RequestBody UserSecuritySafetySendCodeRequest userSecuritySafetySendCodeRequest) {
        String nonce = userSecuritySafetySendCodeRequest.getNonce();
        if (nonce == null || nonce.isEmpty()) {
            throw new DefaultErrorException(500, "exception.user.security.otpSecret.parameter.error");
        }
        String checkType = userSecuritySafetySendCodeRequest.getCheckType();
        if (checkType == null || checkType.isEmpty()) {
            throw new DefaultErrorException(500, "exception.user.security.otpSecret.parameter.error");
        }
        HashMap hashMap = new HashMap();
        if (!NonceUtil.verify(nonce, hashMap)) {
            throw new DefaultErrorException(500, "exception.user.security.otpSecret.nonce.error");
        }
        if (this.identityAuthCheckPasswordEnabled.booleanValue()) {
            if (!hashMap.containsKey("initOtpSecret") || !Boolean.valueOf(String.valueOf(hashMap.get("initOtpSecret"))).booleanValue()) {
                throw new DefaultErrorException(500, "exception.user.security.otpSecret.step.error");
            }
        } else if (!hashMap.containsKey("checkPassword") || !Boolean.valueOf(String.valueOf(hashMap.get("checkPassword"))).booleanValue()) {
            throw new DefaultErrorException(500, "exception.user.security.otpSecret.step.error");
        }
        if ((hashMap.containsKey("errorTimes") ? Integer.valueOf(String.valueOf(hashMap.get("errorTimes"))).intValue() : 0) >= 3) {
            throw new DefaultErrorException(500, "exception.user.security.otpSecret.code.error");
        }
        String currentUserId = CurrentUserUtil.currentUserId();
        if (!currentUserId.equals(String.valueOf(hashMap.get("userId")))) {
            throw new DefaultErrorException(500, "exception.user.security.otpSecret.userId.error");
        }
        User user = this.userService.getUser(currentUserId);
        if (user == null) {
            throw new DefaultErrorException(500, "exception.user.not.exist");
        }
        Safety userSafety = this.safetyService.getUserSafety(currentUserId);
        if (userSafety == null) {
            throw new DefaultErrorException(500, "exception.user.safety.not.exist");
        }
        hashMap.put("userId", currentUserId);
        hashMap.put("step", 2);
        long currentTimeMillis = System.currentTimeMillis();
        long j = -1;
        if (hashMap.containsKey("codeCreatedAt")) {
            j = Long.valueOf(String.valueOf(hashMap.get("codeCreatedAt"))).longValue();
        }
        if (j > 0 && Math.abs(currentTimeMillis - j) < 60000) {
            String generate = NonceUtil.generate(hashMap);
            UserSecuritySafetySendCodeResponseData userSecuritySafetySendCodeResponseData = new UserSecuritySafetySendCodeResponseData();
            userSecuritySafetySendCodeResponseData.setNonce(generate);
            userSecuritySafetySendCodeResponseData.setStep(2);
            userSecuritySafetySendCodeResponseData.setMessage("发送失败，发送太频繁了");
            return new DefaultApiResponse<>(1, "发送失败，发送太频繁了", userSecuritySafetySendCodeResponseData);
        }
        String generate2 = CodeUtil.generate(4);
        boolean z = -1;
        switch (checkType.hashCode()) {
            case -1070931784:
                if (checkType.equals(CheckTypeConstants.EMAIL_ADDRESS)) {
                    z = true;
                    break;
                }
                break;
            case -1068855134:
                if (checkType.equals(CheckTypeConstants.MOBILE)) {
                    z = false;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                String securePhone = userSafety.getSecurePhone();
                if (!StringUtils.isEmpty(securePhone)) {
                    HashMap hashMap2 = new HashMap();
                    hashMap2.put("prefix", this.smsPrefix);
                    hashMap2.put("name", user.getName());
                    hashMap2.put("operation", "修改OTP令牌");
                    hashMap2.put("code", generate2);
                    CommunicateUtil.sendContentByMobile("验证身份", TemplateUtil.replaceParams(TemplateUtil.TEMPLATE_CATEGORY_SMS, this.smsTemplateCodeUserSecurityOtpSecretSendCode, this.smsTemplateUserSecurityOtpSecretSendCode, hashMap2), securePhone);
                    break;
                } else {
                    hashMap.put("sendCode", false);
                    String generate3 = NonceUtil.generate(hashMap);
                    UserSecuritySafetySendCodeResponseData userSecuritySafetySendCodeResponseData2 = new UserSecuritySafetySendCodeResponseData();
                    userSecuritySafetySendCodeResponseData2.setNonce(generate3);
                    userSecuritySafetySendCodeResponseData2.setStep(2);
                    userSecuritySafetySendCodeResponseData2.setMessage("发送失败，未绑定安全手机");
                    return new DefaultApiResponse<>(1, "发送失败，未绑定安全手机", userSecuritySafetySendCodeResponseData2);
                }
            case true:
                String secureEmail = userSafety.getSecureEmail();
                if (!StringUtils.isEmpty(secureEmail)) {
                    HashMap hashMap3 = new HashMap();
                    hashMap3.put("name", user.getName());
                    hashMap3.put("operation", "修改OTP令牌");
                    hashMap3.put("code", generate2);
                    CommunicateUtil.sendContentByEmailAddress("验证身份", TemplateUtil.replaceParams(TemplateUtil.TEMPLATE_CATEGORY_EMAIL, this.emailTemplateCodeUserSecurityOtpSecretSendCode, this.emailTemplateUserSecurityOtpSecretSendCode, hashMap3), secureEmail);
                    break;
                } else {
                    hashMap.put("sendCode", false);
                    String generate4 = NonceUtil.generate(hashMap);
                    UserSecuritySafetySendCodeResponseData userSecuritySafetySendCodeResponseData3 = new UserSecuritySafetySendCodeResponseData();
                    userSecuritySafetySendCodeResponseData3.setNonce(generate4);
                    userSecuritySafetySendCodeResponseData3.setStep(2);
                    userSecuritySafetySendCodeResponseData3.setMessage("发送失败，未绑定安全邮箱");
                    return new DefaultApiResponse<>(1, "发送失败，未绑定安全邮箱", userSecuritySafetySendCodeResponseData3);
                }
            default:
                throw new DefaultErrorException(500, "exception.user.security.otpSecret.checkType.not.support");
        }
        hashMap.put("sendCode", true);
        hashMap.put("code", generate2);
        hashMap.put("codeCreatedAt", Long.valueOf(System.currentTimeMillis()));
        String generate5 = NonceUtil.generate(hashMap);
        UserSecuritySafetySendCodeResponseData userSecuritySafetySendCodeResponseData4 = new UserSecuritySafetySendCodeResponseData();
        userSecuritySafetySendCodeResponseData4.setNonce(generate5);
        userSecuritySafetySendCodeResponseData4.setStep(2);
        userSecuritySafetySendCodeResponseData4.setMessage("发送成功");
        return new DefaultApiResponse<>(0, "发送成功", userSecuritySafetySendCodeResponseData4);
    }

    @RequestMapping(method = {RequestMethod.POST}, path = {"/checkCode"}, consumes = {"application/json;charset=UTF-8"}, produces = {"application/json;charset=UTF-8"})
    @ApiOperation(value = "修改OTP令牌 - 2.1.2 验证验证码", notes = "修改OTP令牌 - 2.1.2 验证验证码", nickname = "personal-security-center-user-security-otpSecret-checkCode")
    public DefaultApiResponse<UserSecuritySafetyCheckCodeResponseData> checkCode(@RequestBody UserSecuritySafetyCheckCodeRequest userSecuritySafetyCheckCodeRequest) {
        int i;
        String str;
        String nonce = userSecuritySafetyCheckCodeRequest.getNonce();
        if (nonce == null || nonce.isEmpty()) {
            throw new DefaultErrorException(500, "exception.user.security.otpSecret.parameter.error");
        }
        String code = userSecuritySafetyCheckCodeRequest.getCode();
        if (code == null || code.isEmpty()) {
            throw new DefaultErrorException(500, "exception.user.security.otpSecret.parameter.error");
        }
        HashMap hashMap = new HashMap();
        if (!NonceUtil.verify(nonce, hashMap)) {
            throw new DefaultErrorException(500, "exception.user.security.otpSecret.nonce.error");
        }
        if (this.identityAuthCheckPasswordEnabled.booleanValue()) {
            if (!hashMap.containsKey("initOtpSecret") || !Boolean.valueOf(String.valueOf(hashMap.get("initOtpSecret"))).booleanValue()) {
                throw new DefaultErrorException(500, "exception.user.security.otpSecret.step.error");
            }
        } else if (!hashMap.containsKey("checkPassword") || !Boolean.valueOf(String.valueOf(hashMap.get("checkPassword"))).booleanValue()) {
            throw new DefaultErrorException(500, "exception.user.security.otpSecret.step.error");
        }
        int intValue = hashMap.containsKey("errorTimes") ? Integer.valueOf(String.valueOf(hashMap.get("errorTimes"))).intValue() : 0;
        if (intValue >= 3) {
            throw new DefaultErrorException(500, "exception.user.security.otpSecret.code.error");
        }
        String currentUserId = CurrentUserUtil.currentUserId();
        if (!currentUserId.equals(String.valueOf(hashMap.get("userId")))) {
            throw new DefaultErrorException(500, "exception.user.security.otpSecret.userId.error");
        }
        if (this.userService.getUser(currentUserId) == null) {
            throw new DefaultErrorException(500, "exception.user.not.exist");
        }
        UserSecuritySafetyCheckCodeResponseData userSecuritySafetyCheckCodeResponseData = new UserSecuritySafetyCheckCodeResponseData();
        if (code.equalsIgnoreCase(String.valueOf(hashMap.get("code")))) {
            if (System.currentTimeMillis() - Long.valueOf(String.valueOf(hashMap.get("codeCreatedAt"))).longValue() > 300000) {
                hashMap.put("userId", currentUserId);
                hashMap.put("step", 2);
                hashMap.put("checkCode", false);
                int i2 = intValue + 1;
                hashMap.put("errorTimes", Integer.valueOf(i2));
                userSecuritySafetyCheckCodeResponseData.setNonce(NonceUtil.generate(hashMap));
                userSecuritySafetyCheckCodeResponseData.setStep(2);
                userSecuritySafetyCheckCodeResponseData.setMessage(i2 == 3 ? "验证失败次数过多，请重新验证" : "验证失败，验证码过期！剩余 " + (3 - i2) + " 次机会");
                i = 1;
                str = i2 == 3 ? "验证失败次数过多，请重新验证" : "验证失败，验证码过期！剩余 " + (3 - i2) + " 次机会";
            } else {
                hashMap.put("userId", currentUserId);
                hashMap.put("step", 3);
                hashMap.put("checkCode", true);
                hashMap.put("errorTimes", 0);
                userSecuritySafetyCheckCodeResponseData.setNonce(NonceUtil.generate(hashMap));
                userSecuritySafetyCheckCodeResponseData.setStep(3);
                userSecuritySafetyCheckCodeResponseData.setMessage("验证成功");
                i = 0;
                str = "验证成功";
            }
        } else {
            hashMap.put("userId", currentUserId);
            hashMap.put("step", 2);
            hashMap.put("checkCode", false);
            int i3 = intValue + 1;
            hashMap.put("errorTimes", Integer.valueOf(i3));
            userSecuritySafetyCheckCodeResponseData.setNonce(NonceUtil.generate(hashMap));
            userSecuritySafetyCheckCodeResponseData.setStep(2);
            userSecuritySafetyCheckCodeResponseData.setMessage(i3 == 3 ? "验证失败次数过多，请重新验证" : "验证失败，验证码错误！剩余 " + (3 - i3) + " 次机会");
            i = 1;
            str = i3 == 3 ? "验证失败次数过多，请重新验证" : "验证失败，验证码错误！剩余 " + (3 - i3) + " 次机会";
        }
        return new DefaultApiResponse<>(i, str, userSecuritySafetyCheckCodeResponseData);
    }

    @RequestMapping(method = {RequestMethod.POST}, path = {"/checkQuestion"}, consumes = {"application/json;charset=UTF-8"}, produces = {"application/json;charset=UTF-8"})
    @ApiOperation(value = "修改OTP令牌 - 2.2.0 验证安全问题", notes = "修改OTP令牌 - 2.2.0 验证安全问题", nickname = "personal-security-center-user-security-otpSecret-checkQuestion")
    public DefaultApiResponse<UserSecuritySafetyCheckQuestionResponseData> checkQuestion(@RequestBody UserSecurityOtpSecretCheckQuestionRequest userSecurityOtpSecretCheckQuestionRequest) {
        int i;
        String str;
        String nonce = userSecurityOtpSecretCheckQuestionRequest.getNonce();
        if (StringUtils.isBlank(nonce)) {
            throw new DefaultErrorException(500, "exception.user.security.otpSecret.parameter.error");
        }
        String question = userSecurityOtpSecretCheckQuestionRequest.getQuestion();
        String answer = userSecurityOtpSecretCheckQuestionRequest.getAnswer();
        if (StringUtils.isBlank(question) || StringUtils.isBlank(answer)) {
            throw new DefaultErrorException(500, "exception.user.security.otpSecret.parameter.error");
        }
        HashMap hashMap = new HashMap();
        if (!NonceUtil.verify(nonce, hashMap)) {
            throw new DefaultErrorException(500, "exception.user.security.otpSecret.nonce.error");
        }
        if (this.identityAuthCheckPasswordEnabled.booleanValue()) {
            if (!hashMap.containsKey("initOtpSecret") || !Boolean.valueOf(String.valueOf(hashMap.get("initOtpSecret"))).booleanValue()) {
                throw new DefaultErrorException(500, "exception.user.security.otpSecret.step.error");
            }
        } else if (!hashMap.containsKey("checkPassword") || !Boolean.valueOf(String.valueOf(hashMap.get("checkPassword"))).booleanValue()) {
            throw new DefaultErrorException(500, "exception.user.security.otpSecret.step.error");
        }
        String currentUserId = CurrentUserUtil.currentUserId();
        if (!currentUserId.equals(String.valueOf(hashMap.get("userId")))) {
            throw new DefaultErrorException(500, "exception.user.security.otpSecret.userId.error");
        }
        if (this.userService.getUser(currentUserId) == null) {
            throw new DefaultErrorException(500, "exception.user.not.exist");
        }
        UserSecuritySafetyCheckQuestionResponseData userSecuritySafetyCheckQuestionResponseData = new UserSecuritySafetyCheckQuestionResponseData();
        Safety userSafety = this.safetyService.getUserSafety(currentUserId);
        if (userSafety == null) {
            throw new DefaultErrorException(500, "exception.user.safety.not.exist");
        }
        if ((userSafety.getSecureQuestion1().equals(question) && userSafety.getSecureQuestion1Answer().equals(answer)) || (userSafety.getSecureQuestion2().equals(question) && userSafety.getSecureQuestion2Answer().equals(answer))) {
            hashMap.put("userId", currentUserId);
            hashMap.put("step", 3);
            hashMap.put("checkQuestion", true);
            userSecuritySafetyCheckQuestionResponseData.setNonce(NonceUtil.generate(hashMap));
            userSecuritySafetyCheckQuestionResponseData.setStep(3);
            userSecuritySafetyCheckQuestionResponseData.setMessage("验证成功");
            userSecuritySafetyCheckQuestionResponseData.setUserId(currentUserId);
            i = 0;
            str = "验证成功";
        } else {
            hashMap.put("userId", currentUserId);
            hashMap.put("step", 2);
            hashMap.put("checkQuestion", false);
            userSecuritySafetyCheckQuestionResponseData.setNonce(NonceUtil.generate(hashMap));
            userSecuritySafetyCheckQuestionResponseData.setStep(2);
            userSecuritySafetyCheckQuestionResponseData.setMessage("验证失败，当前问题答案不正确");
            userSecuritySafetyCheckQuestionResponseData.setUserId(currentUserId);
            i = 1;
            str = "验证失败，当前问题答案不正确";
        }
        return new DefaultApiResponse<>(i, str, userSecuritySafetyCheckQuestionResponseData);
    }

    @RequestMapping(method = {RequestMethod.POST}, path = {"/checkOtpCode"}, consumes = {"application/json;charset=UTF-8"}, produces = {"application/json;charset=UTF-8"})
    @ApiOperation(value = "修改OTP令牌 - 2.3.0 验证OTP令牌", notes = "修改OTP令牌 - 2.3.0 验证OTP令牌", nickname = "personal-security-center-user-security-otpSecret-checkOtpCode")
    public DefaultApiResponse<UserSecuritySafetyCheckOtpCodeResponseData> checkOtpCode(@RequestBody UserSecuritySafetyCheckOtpCodeRequest userSecuritySafetyCheckOtpCodeRequest) {
        int i;
        String str;
        String nonce = userSecuritySafetyCheckOtpCodeRequest.getNonce();
        if (StringUtils.isBlank(nonce)) {
            throw new DefaultErrorException(500, "exception.user.security.otpSecret.parameter.error");
        }
        String code = userSecuritySafetyCheckOtpCodeRequest.getCode();
        if (code == null || code.isEmpty()) {
            throw new DefaultErrorException(500, "exception.user.security.otpSecret.parameter.error");
        }
        HashMap hashMap = new HashMap();
        if (!NonceUtil.verify(nonce, hashMap)) {
            throw new DefaultErrorException(500, "exception.user.security.otpSecret.nonce.error");
        }
        if (this.identityAuthCheckPasswordEnabled.booleanValue()) {
            if (!hashMap.containsKey("initOtpSecret") || !Boolean.valueOf(String.valueOf(hashMap.get("initOtpSecret"))).booleanValue()) {
                throw new DefaultErrorException(500, "exception.user.security.otpSecret.step.error");
            }
        } else if (!hashMap.containsKey("checkPassword") || !Boolean.valueOf(String.valueOf(hashMap.get("checkPassword"))).booleanValue()) {
            throw new DefaultErrorException(500, "exception.user.security.otpSecret.step.error");
        }
        int intValue = hashMap.containsKey("errorTimesByCheckOtpCode") ? Integer.valueOf(String.valueOf(hashMap.get("errorTimesByCheckOtpCode"))).intValue() : 0;
        if (intValue >= 3) {
            throw new DefaultErrorException(500, "exception.user.security.otpSecret.code.error");
        }
        String currentUserId = CurrentUserUtil.currentUserId();
        if (!currentUserId.equals(String.valueOf(hashMap.get("userId")))) {
            throw new DefaultErrorException(500, "exception.user.security.otpSecret.userId.error");
        }
        if (this.userService.getUser(currentUserId) == null) {
            throw new DefaultErrorException(500, "exception.user.not.exist");
        }
        UserSecuritySafetyCheckOtpCodeResponseData userSecuritySafetyCheckOtpCodeResponseData = new UserSecuritySafetyCheckOtpCodeResponseData();
        Safety userSafety = this.safetyService.getUserSafety(currentUserId);
        if (userSafety == null) {
            throw new DefaultErrorException(500, "exception.user.safety.not.exist");
        }
        if (code.equalsIgnoreCase(TOTPUtils.generate(userSafety.getOtpSecret()))) {
            hashMap.put("userId", currentUserId);
            hashMap.put("step", 3);
            hashMap.put("checkOtpCode", true);
            hashMap.put("errorTimesByCheckOtpCode", 0);
            userSecuritySafetyCheckOtpCodeResponseData.setNonce(NonceUtil.generate(hashMap));
            userSecuritySafetyCheckOtpCodeResponseData.setStep(3);
            userSecuritySafetyCheckOtpCodeResponseData.setMessage("验证成功");
            i = 0;
            str = "验证成功";
        } else {
            hashMap.put("userId", currentUserId);
            hashMap.put("step", 2);
            hashMap.put("checkOtpCode", false);
            int i2 = intValue + 1;
            hashMap.put("errorTimesByCheckOtpCode", Integer.valueOf(i2));
            userSecuritySafetyCheckOtpCodeResponseData.setNonce(NonceUtil.generate(hashMap));
            userSecuritySafetyCheckOtpCodeResponseData.setStep(2);
            userSecuritySafetyCheckOtpCodeResponseData.setMessage(i2 == 3 ? "验证失败次数过多，请重新验证" : "验证失败，验证码错误！剩余 " + (3 - i2) + " 次机会");
            i = 1;
            str = i2 == 3 ? "验证失败次数过多，请重新验证" : "验证失败，验证码错误！剩余 " + (3 - i2) + " 次机会";
        }
        return new DefaultApiResponse<>(i, str, userSecuritySafetyCheckOtpCodeResponseData);
    }

    @RequestMapping(method = {RequestMethod.POST}, path = {"/generateOtpSecret"}, consumes = {"application/json;charset=UTF-8"}, produces = {"application/json;charset=UTF-8"})
    @ApiOperation(value = "修改OTP令牌 - 3.1 生成令牌（新令牌）", notes = "修改OTP令牌 - 3.1 生成令牌（新令牌）", nickname = "personal-security-center-user-security-otpSecret-generateOtpSecret")
    public DefaultApiResponse<UserSecurityOtpSecretGenerateOtpSecretResponseData> generateOtpSecret(@RequestBody UserSecurityOtpSecretGenerateOtpSecretRequest userSecurityOtpSecretGenerateOtpSecretRequest) {
        String nonce = userSecurityOtpSecretGenerateOtpSecretRequest.getNonce();
        if (nonce == null || nonce.isEmpty()) {
            throw new DefaultErrorException(500, "exception.user.security.otpSecret.parameter.error");
        }
        HashMap hashMap = new HashMap();
        if (!NonceUtil.verify(nonce, hashMap)) {
            throw new DefaultErrorException(500, "exception.user.security.otpSecret.nonce.error");
        }
        if (this.identityAuthCheckPasswordEnabled.booleanValue()) {
            if ((!hashMap.containsKey("checkPassword") || !Boolean.valueOf(String.valueOf(hashMap.get("checkPassword"))).booleanValue()) && ((!hashMap.containsKey("checkCode") || !Boolean.valueOf(String.valueOf(hashMap.get("checkCode"))).booleanValue()) && ((!hashMap.containsKey("checkQuestion") || !Boolean.valueOf(String.valueOf(hashMap.get("checkQuestion"))).booleanValue()) && (!hashMap.containsKey("checkOtpCode") || !Boolean.valueOf(String.valueOf(hashMap.get("checkOtpCode"))).booleanValue())))) {
                throw new DefaultErrorException(500, "exception.user.security.otpSecret.step.error");
            }
        } else if ((!hashMap.containsKey("checkCode") || !Boolean.valueOf(String.valueOf(hashMap.get("checkCode"))).booleanValue()) && ((!hashMap.containsKey("checkQuestion") || !Boolean.valueOf(String.valueOf(hashMap.get("checkQuestion"))).booleanValue()) && (!hashMap.containsKey("checkOtpCode") || !Boolean.valueOf(String.valueOf(hashMap.get("checkOtpCode"))).booleanValue()))) {
            throw new DefaultErrorException(500, "exception.user.security.otpSecret.step.error");
        }
        if ((hashMap.containsKey("errorTimesByOtpSecret") ? Integer.valueOf(String.valueOf(hashMap.get("errorTimesByOtpSecret"))).intValue() : 0) >= 3) {
            throw new DefaultErrorException(500, "exception.user.security.otpSecret.code.error");
        }
        String currentUserId = CurrentUserUtil.currentUserId();
        if (!currentUserId.equals(String.valueOf(hashMap.get("userId")))) {
            throw new DefaultErrorException(500, "exception.user.security.otpSecret.userId.error");
        }
        User user = this.userService.getUser(currentUserId);
        if (user == null) {
            throw new DefaultErrorException(500, "exception.user.not.exist");
        }
        hashMap.put("userId", currentUserId);
        hashMap.put("step", 3);
        String randomSecretBase32 = TOTPUtils.getRandomSecretBase32(20);
        String generateTotpString = TOTPUtils.generateTotpString(user.getName(), this.otpSecretDomain, randomSecretBase32);
        hashMap.put("generateOtpSecret", true);
        hashMap.put("otpSecret", randomSecretBase32);
        String generate = NonceUtil.generate(hashMap);
        UserSecurityOtpSecretGenerateOtpSecretResponseData userSecurityOtpSecretGenerateOtpSecretResponseData = new UserSecurityOtpSecretGenerateOtpSecretResponseData();
        userSecurityOtpSecretGenerateOtpSecretResponseData.setNonce(generate);
        userSecurityOtpSecretGenerateOtpSecretResponseData.setStep(3);
        userSecurityOtpSecretGenerateOtpSecretResponseData.setMessage("生成成功");
        userSecurityOtpSecretGenerateOtpSecretResponseData.setOtpSecret(randomSecretBase32);
        userSecurityOtpSecretGenerateOtpSecretResponseData.setOtpauthUri(generateTotpString);
        return new DefaultApiResponse<>(0, "生成成功", userSecurityOtpSecretGenerateOtpSecretResponseData);
    }

    @RequestMapping(method = {RequestMethod.POST}, path = {"/checkCodeBindOtpSecret"}, consumes = {"application/json;charset=UTF-8"}, produces = {"application/json;charset=UTF-8"})
    @ApiOperation(value = "修改OTP令牌 - 3.2 验证验证码并绑定OTP令牌（新手机）", notes = "修改OTP令牌 - 3.2 验证验证码并绑定OTP令牌（新手机）", nickname = "personal-security-center-user-security-otpSecret-checkCodeBindOtpSecret")
    public DefaultApiResponse<UserSecurityOtpSecretCheckCodeBindOtpSecretResponseData> checkCodeBindOtpSecret(@RequestBody UserSecurityOtpSecretCheckCodeBindOtpSecretRequest userSecurityOtpSecretCheckCodeBindOtpSecretRequest) {
        int i;
        String str;
        String nonce = userSecurityOtpSecretCheckCodeBindOtpSecretRequest.getNonce();
        if (nonce == null || nonce.isEmpty()) {
            throw new DefaultErrorException(500, "exception.user.security.otpSecret.parameter.error");
        }
        String code = userSecurityOtpSecretCheckCodeBindOtpSecretRequest.getCode();
        if (code == null || code.isEmpty()) {
            throw new DefaultErrorException(500, "exception.user.security.otpSecret.parameter.error");
        }
        HashMap hashMap = new HashMap();
        if (!NonceUtil.verify(nonce, hashMap)) {
            throw new DefaultErrorException(500, "exception.user.security.otpSecret.nonce.error");
        }
        if (this.identityAuthCheckPasswordEnabled.booleanValue()) {
            if ((!hashMap.containsKey("checkPassword") || !Boolean.valueOf(String.valueOf(hashMap.get("checkPassword"))).booleanValue()) && ((!hashMap.containsKey("checkCode") || !Boolean.valueOf(String.valueOf(hashMap.get("checkCode"))).booleanValue()) && ((!hashMap.containsKey("checkQuestion") || !Boolean.valueOf(String.valueOf(hashMap.get("checkQuestion"))).booleanValue()) && (!hashMap.containsKey("checkOtpCode") || !Boolean.valueOf(String.valueOf(hashMap.get("checkOtpCode"))).booleanValue())))) {
                throw new DefaultErrorException(500, "exception.user.security.otpSecret.step.error");
            }
        } else if ((!hashMap.containsKey("checkCode") || !Boolean.valueOf(String.valueOf(hashMap.get("checkCode"))).booleanValue()) && ((!hashMap.containsKey("checkQuestion") || !Boolean.valueOf(String.valueOf(hashMap.get("checkQuestion"))).booleanValue()) && (!hashMap.containsKey("checkOtpCode") || !Boolean.valueOf(String.valueOf(hashMap.get("checkOtpCode"))).booleanValue()))) {
            throw new DefaultErrorException(500, "exception.user.security.otpSecret.step.error");
        }
        int intValue = hashMap.containsKey("errorTimesByOtpSecret") ? Integer.valueOf(String.valueOf(hashMap.get("errorTimesByOtpSecret"))).intValue() : 0;
        if (intValue >= 3) {
            throw new DefaultErrorException(500, "exception.user.security.otpSecret.code.error");
        }
        String currentUserId = CurrentUserUtil.currentUserId();
        if (!currentUserId.equals(String.valueOf(hashMap.get("userId")))) {
            throw new DefaultErrorException(500, "exception.user.security.otpSecret.userId.error");
        }
        if (this.userService.getUser(currentUserId) == null) {
            throw new DefaultErrorException(500, "exception.user.not.exist");
        }
        Safety userSafety = this.safetyService.getUserSafety(currentUserId);
        String valueOf = String.valueOf(hashMap.get("otpSecret"));
        UserSecurityOtpSecretCheckCodeBindOtpSecretResponseData userSecurityOtpSecretCheckCodeBindOtpSecretResponseData = new UserSecurityOtpSecretCheckCodeBindOtpSecretResponseData();
        try {
            if (code.equalsIgnoreCase(TOTPUtils.generate(valueOf))) {
                this.safetyService.saveOtpSecret(currentUserId, valueOf);
                userSecurityOtpSecretCheckCodeBindOtpSecretResponseData.setStep(0);
                userSecurityOtpSecretCheckCodeBindOtpSecretResponseData.setMessage("绑定成功");
                i = 0;
                str = "绑定成功";
            } else {
                hashMap.put("userId", currentUserId);
                hashMap.put("step", 3);
                hashMap.put("checkCodeBindOtpSecret", false);
                int i2 = intValue + 1;
                hashMap.put("errorTimesByOtpSecret", Integer.valueOf(i2));
                userSecurityOtpSecretCheckCodeBindOtpSecretResponseData.setNonce(NonceUtil.generate(hashMap));
                userSecurityOtpSecretCheckCodeBindOtpSecretResponseData.setStep(3);
                userSecurityOtpSecretCheckCodeBindOtpSecretResponseData.setMessage(i2 == 3 ? "验证失败次数过多，请重新验证" : "验证失败，验证码错误！剩余 " + (3 - i2) + " 次机会");
                i = 1;
                str = i2 == 3 ? "验证失败次数过多，请重新验证" : "验证失败，验证码错误！剩余 " + (3 - i2) + " 次机会";
            }
            String str2 = "绑定OTP令牌,【" + EncodeUtils.encodeOtpSecret(valueOf) + "】";
            if (StringUtils.isNotBlank(userSafety.getOtpSecret())) {
                str2 = "修改OTP令牌,旧【" + EncodeUtils.encodeOtpSecret(userSafety.getOtpSecret()) + "】,新【" + EncodeUtils.encodeOtpSecret(valueOf) + "】";
            }
            this.authxLogCallback.sendAuthxLog(Level.GENERAL.name(), str2, OperateType.UPDATE.name(), DataType.USER.name(), Thread.currentThread().getStackTrace()[1], null, null);
            return new DefaultApiResponse<>(i, str, userSecurityOtpSecretCheckCodeBindOtpSecretResponseData);
        } catch (Throwable th) {
            String str3 = "绑定OTP令牌,【" + EncodeUtils.encodeOtpSecret(valueOf) + "】";
            if (StringUtils.isNotBlank(userSafety.getOtpSecret())) {
                str3 = "修改OTP令牌,旧【" + EncodeUtils.encodeOtpSecret(userSafety.getOtpSecret()) + "】,新【" + EncodeUtils.encodeOtpSecret(valueOf) + "】";
            }
            this.authxLogCallback.sendAuthxLog(Level.GENERAL.name(), str3, OperateType.UPDATE.name(), DataType.USER.name(), Thread.currentThread().getStackTrace()[1], null, null);
            throw th;
        }
    }
}
