package cn.dinodev.spring.core.sys.token;

import cn.dinodev.spring.commons.sys.Tenant;
import cn.dinodev.spring.commons.sys.User;
import cn.dinodev.spring.core.modules.login.config.LoginModuleProperties;
import cn.dinodev.spring.core.security.config.SecurityProperties;
import cn.dinodev.spring.core.service.impl.ServiceBase;
import cn.dinodev.spring.data.dao.CrudRepositoryBase;
import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.ObjectMapper;
import java.io.Serializable;
import java.nio.charset.StandardCharsets;
import java.util.Base64;
import java.util.Date;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.stream.Collectors;
import lombok.Generated;
import org.apache.commons.codec.digest.HmacAlgorithms;
import org.apache.commons.codec.digest.HmacUtils;
import org.apache.commons.collections4.CollectionUtils;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.data.jdbc.core.JdbcAggregateTemplate;
import org.springframework.stereotype.Service;

@Service
/* loaded from: input_file:cn/dinodev/spring/core/sys/token/TokenService.class */
public class TokenService extends ServiceBase<TokenEntity, String> {

    @Generated
    private static final Logger log = LoggerFactory.getLogger(TokenService.class);

    @Autowired
    private ObjectMapper objectMapper;

    @Autowired
    private LoginModuleProperties loginModuleProperties;

    @Autowired
    private SecurityProperties securityProperties;

    @Autowired
    private TokenRepository tokenRepository;
    private final JdbcAggregateTemplate jdbcAggregateTemplate;

    @Override // cn.dinodev.spring.core.service.ServiceBase
    public CrudRepositoryBase<TokenEntity, String> repository() {
        return this.tokenRepository;
    }

    public TokenService(JdbcAggregateTemplate jdbcAggregateTemplate) {
        this.jdbcAggregateTemplate = jdbcAggregateTemplate;
    }

    public Token genLoginToken(TokenPrincaple tokenPrincaple, String str) {
        Optional findById = repository().findById(generateTokenId(tokenPrincaple));
        TokenEntity tokenEntity = new TokenEntity();
        long currentTimeMillis = System.currentTimeMillis();
        tokenEntity.setToken(generateToken(tokenPrincaple, str, currentTimeMillis));
        tokenEntity.setRefreshToken(generateRefreshToken(tokenPrincaple, str, currentTimeMillis));
        tokenEntity.setExpiresIn(Long.valueOf(this.loginModuleProperties.getToken().getLoginTokenExpiresIn().toSeconds()));
        tokenEntity.setRefreshExpiresIn(Long.valueOf(this.loginModuleProperties.getToken().getRefreshTokenExpiresIn().toSeconds()));
        tokenEntity.setTenantId(tokenPrincaple.getTenantId());
        tokenEntity.setId(generateTokenId(tokenPrincaple));
        tokenEntity.setUserId(tokenPrincaple.getUserId());
        tokenEntity.setUserType(tokenPrincaple.getUserType());
        tokenEntity.setUpdateAt(new Date(currentTimeMillis));
        if (findById.isEmpty()) {
            beforeSaveEntity(tokenEntity);
            this.jdbcAggregateTemplate.insert(tokenEntity);
        } else {
            save(tokenEntity);
        }
        Token token = (Token) projection(Token.class, (Class) tokenEntity);
        try {
            token.setPrinc(Base64.getUrlEncoder().encodeToString(this.objectMapper.writeValueAsBytes(tokenPrincaple)));
            token.setAuthHeaderName(this.securityProperties.getAuthHeaderName());
        } catch (JsonProcessingException e) {
            log.error("Impossible!", e);
        }
        return token;
    }

    public void clearLoginToken(TokenPrincaple tokenPrincaple) {
        removeById(generateTokenId(tokenPrincaple));
    }

    public boolean checkLoginToken(TokenPrincaple tokenPrincaple, String str) {
        Optional findById = this.tokenRepository.findById(generateTokenId(tokenPrincaple));
        if (findById.isEmpty()) {
            return false;
        }
        TokenEntity tokenEntity = (TokenEntity) findById.get();
        return tokenEntity.getUpdateAt().getTime() + (tokenEntity.getExpiresIn().longValue() * 1000) < System.currentTimeMillis() ? Boolean.FALSE.booleanValue() : tokenEntity.getToken().equalsIgnoreCase(str);
    }

    public Optional<Token> refreshLoginToken(TokenPrincaple tokenPrincaple, String str, String str2) {
        Optional findById = this.tokenRepository.findById(generateTokenId(tokenPrincaple));
        if (findById.isEmpty()) {
            return Optional.empty();
        }
        TokenEntity tokenEntity = (TokenEntity) findById.get();
        if (tokenEntity.getUpdateAt().getTime() + (tokenEntity.getRefreshExpiresIn().longValue() * 1000) >= System.currentTimeMillis() && tokenEntity.getRefreshToken().equalsIgnoreCase(str2)) {
            return Optional.ofNullable(genLoginToken(tokenPrincaple, str));
        }
        return Optional.empty();
    }

    public String generateTokenId(TokenPrincaple tokenPrincaple) {
        StringBuilder sb = new StringBuilder();
        sb.append(tokenPrincaple.getTenantId()).append('_').append(tokenPrincaple.getUserId()).append('@').append(tokenPrincaple.getUserType());
        if (this.loginModuleProperties.isAllowMutiDeviceLogin()) {
            sb.append('_').append(tokenPrincaple.getGuid()).append('@').append(tokenPrincaple.getPlt());
        } else {
            sb.append('_').append(tokenPrincaple.getPlt());
        }
        if (log.isDebugEnabled()) {
            log.debug("token ID before md5() {}", sb.toString());
        }
        return new HmacUtils(HmacAlgorithms.HMAC_MD5, "dinospring").hmacHex(sb.toString().getBytes(StandardCharsets.UTF_8));
    }

    private String generateToken(TokenPrincaple tokenPrincaple, String str, long j) {
        return calculateToken(tokenPrincaple, str, j, this.loginModuleProperties.getToken().getLoginTokenExpiresIn().toMillis());
    }

    private String generateRefreshToken(TokenPrincaple tokenPrincaple, String str, long j) {
        return calculateToken(tokenPrincaple, StringUtils.reverse(str), j, this.loginModuleProperties.getToken().getRefreshTokenExpiresIn().toMillis());
    }

    private String calculateToken(TokenPrincaple tokenPrincaple, String str, long j, long j2) {
        return new HmacUtils(HmacAlgorithms.HMAC_SHA_1, str).hmacHex((String) List.of("tenant=" + tokenPrincaple.getTenantId(), "utype=" + tokenPrincaple.getUserType(), "plt=" + tokenPrincaple.getPlt(), "expiresIn=" + j2, "authAt=" + j).stream().sorted().collect(Collectors.joining("&")));
    }

    public String siginParams(String str, Map<String, String> map) {
        String str2 = (String) map.entrySet().stream().map(entry -> {
            return ((String) entry.getKey()) + "=" + ((String) entry.getValue());
        }).sorted().collect(Collectors.joining("&"));
        String hmacHex = new HmacUtils(HmacAlgorithms.HMAC_SHA_1, str).hmacHex(str2);
        if (log.isDebugEnabled()) {
            log.debug("sign check: str={}, sha1={}", str2, hmacHex);
        }
        return hmacHex;
    }

    public boolean verifyParamSigin(Tenant tenant, String str, Map<String, String> map, long j) {
        return verifyParam(str, map, j, tenant.getSecretKey(), this.loginModuleProperties.getToken().getSignTokenExpiresIn().toSeconds());
    }

    public <K extends Serializable> boolean verifyParamSigin(User<K> user, String str, Map<String, String> map, long j) {
        return verifyParam(str, map, j, user.getSecretKey(), this.loginModuleProperties.getToken().getSignTokenExpiresIn().toSeconds());
    }

    private boolean verifyParam(String str, Map<String, String> map, long j, String str2, long j2) {
        if (Math.abs(System.currentTimeMillis() - j) <= j2 * 1000) {
            if (StringUtils.isEmpty(str)) {
                return false;
            }
            return siginParams(str2, map).equalsIgnoreCase(str);
        }
        if (!log.isDebugEnabled()) {
            return false;
        }
        log.debug("token is expired， token:{}", str);
        return false;
    }

    public void clearUserToken(String str, String str2) {
        List queryList = repository().queryList(repository().newSelect().eq("user_id", str).eq("user_type", str2));
        if (CollectionUtils.isNotEmpty(queryList)) {
            queryList.forEach(tokenEntity -> {
                removeById((String) tokenEntity.getId());
            });
        }
    }
}
