package com.supwisdom.insititute.token.server.security.domain.attest.detect;

import com.alibaba.fastjson.JSONObject;
import com.supwisdom.insititute.token.server.config.domain.utils.ConfigUtils;
import com.supwisdom.insititute.token.server.security.domain.ipaddr.IPAddrRemote;
import com.supwisdom.insititute.token.server.security.domain.login.AccountLoginHistory;
import com.supwisdom.insititute.token.server.security.domain.login.service.LoginHistoryService;
import java.util.List;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;

/* loaded from: input_file:BOOT-INF/lib/token-server-security-domain-1.8.0-SNAPSHOT.jar:com/supwisdom/insititute/token/server/security/domain/attest/detect/UsernameLoginIpDetector.class */
public class UsernameLoginIpDetector implements Detector {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) UsernameLoginIpDetector.class);

    @Autowired
    private LoginHistoryService loginHistoryService;

    @Autowired
    private IPAddrRemote ipaddrRemote;

    @Override // com.supwisdom.insititute.token.server.security.domain.attest.detect.Detector
    public Boolean detect(String... strArr) {
        JSONObject find;
        String str = strArr[0];
        String str2 = strArr[1];
        String str3 = strArr[2];
        List<AccountLoginHistory> loadByUsernameRemoteIp = this.loginHistoryService.loadByUsernameRemoteIp(str);
        if (loadByUsernameRemoteIp == null || loadByUsernameRemoteIp.size() == 0) {
            boolean booleanValue = ConfigUtils.instance().getConfigValue("tokenServer.config.mfaFirstNeed", (Boolean) false).booleanValue();
            log.warn("UsernameLoginIpDetector, Username {} login for the first time. Need{} mfa.", str, booleanValue ? "" : " NOT");
            return Boolean.valueOf(booleanValue);
        }
        AccountLoginHistory accountLoginHistory = loadByUsernameRemoteIp.get(0);
        if (System.currentTimeMillis() - accountLoginHistory.getLoginTime().getTime() > 7776000000L) {
            log.warn("UsernameLoginIpDetector, Username {} never login in 90 days. Need mfa. (only warn)", str);
        }
        String str4 = null;
        String str5 = null;
        JSONObject find2 = this.ipaddrRemote.find(str2);
        if (find2 != null) {
            if ("本地局域网".equals(find2.getString("country"))) {
                log.info("UsernameLoginIpDetector, Username {} login at internal network", str);
                str4 = "本地局域网";
            } else {
                str4 = find2.getString("city");
            }
        }
        String remoteIp = accountLoginHistory.getRemoteIp();
        if (remoteIp != null && !remoteIp.isEmpty() && (find = this.ipaddrRemote.find(remoteIp)) != null) {
            str5 = "本地局域网".equals(find.getString("country")) ? "本地局域网" : find.getString("city");
        }
        if (str4 == null || str5 == null) {
            log.error("UsernameLoginIpDetector, Username {} login at unknown city, remoteIp {}, prevRemoteIp {}.", str, str2, remoteIp);
            return true;
        }
        if (str4.equals(str5)) {
            log.debug("UsernameLoginIpDetector, Username {} login at same city, remoteIp {}, prevRemoteIp {}, currCity {}, prevCity {}. Need NOT mfa.", str, str2, remoteIp, str4, str5);
            return false;
        }
        log.warn("UsernameLoginIpDetector, Username {} login at diff city, remoteIp {}, prevRemoteIp {}, currCity {}, prevCity {}. Need mfa.", str, str2, remoteIp, str4, str5);
        return true;
    }
}
