package com.diboot.iam.auth.impl;

import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
import com.baomidou.mybatisplus.core.toolkit.support.SFunction;
import com.diboot.core.config.BaseConfig;
import com.diboot.core.exception.BusinessException;
import com.diboot.core.util.S;
import com.diboot.core.util.V;
import com.diboot.core.vo.Status;
import com.diboot.iam.auth.AuthService;
import com.diboot.iam.config.Cons;
import com.diboot.iam.dto.AuthCredential;
import com.diboot.iam.dto.SSOCredential;
import com.diboot.iam.entity.BaseLoginUser;
import com.diboot.iam.entity.IamAccount;
import com.diboot.iam.entity.IamLoginTrace;
import com.diboot.iam.jwt.BaseJwtAuthToken;
import com.diboot.iam.service.IamAccountService;
import com.diboot.iam.service.IamLoginTraceService;
import com.diboot.iam.util.HttpHelper;
import com.diboot.iam.util.IamSecurityUtils;
import java.lang.invoke.SerializedLambda;
import javax.servlet.http.HttpServletRequest;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.subject.Subject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;

@Service
/* loaded from: input_file:com/diboot/iam/auth/impl/SSOAuthServiceImpl.class */
public class SSOAuthServiceImpl implements AuthService {
    private static final Logger log = LoggerFactory.getLogger(SSOAuthServiceImpl.class);

    @Autowired
    private HttpServletRequest request;

    @Autowired
    private IamAccountService accountService;

    @Autowired
    private IamLoginTraceService iamLoginTraceService;
    private String casUrlPrefix;

    private String getCasUrlPrefix() {
        if (this.casUrlPrefix == null) {
            this.casUrlPrefix = BaseConfig.getProperty("cas.server-url-prefix");
        }
        if (V.isEmpty(this.casUrlPrefix)) {
            throw new BusinessException("未配置cas参数: cas.server-url-prefix");
        }
        if (!this.casUrlPrefix.endsWith("/")) {
            this.casUrlPrefix += "/";
        }
        return this.casUrlPrefix;
    }

    @Override // com.diboot.iam.auth.AuthService
    public String getAuthType() {
        return Cons.DICTCODE_AUTH_TYPE.SSO.name();
    }

    @Override // com.diboot.iam.auth.AuthService
    public IamAccount getAccount(BaseJwtAuthToken baseJwtAuthToken) throws AuthenticationException {
        IamAccount iamAccount = (IamAccount) this.accountService.getSingleEntity((LambdaQueryWrapper) ((LambdaQueryWrapper) ((LambdaQueryWrapper) new LambdaQueryWrapper().select(new SFunction[]{(v0) -> {
            return v0.getAuthAccount();
        }, (v0) -> {
            return v0.getUserType();
        }, (v0) -> {
            return v0.getUserId();
        }, (v0) -> {
            return v0.getStatus();
        }}).eq((v0) -> {
            return v0.getUserType();
        }, baseJwtAuthToken.getUserType())).eq((v0) -> {
            return v0.getAuthAccount();
        }, baseJwtAuthToken.getAuthAccount())).orderByDesc((v0) -> {
            return v0.getId();
        }));
        if (iamAccount == null) {
            return null;
        }
        if (Cons.DICTCODE_ACCOUNT_STATUS.I.name().equals(iamAccount.getStatus())) {
            throw new AuthenticationException("用户账号已禁用! account=" + baseJwtAuthToken.getAuthAccount());
        }
        if (Cons.DICTCODE_ACCOUNT_STATUS.L.name().equals(iamAccount.getStatus())) {
            throw new AuthenticationException("用户账号已锁定! account=" + baseJwtAuthToken.getAuthAccount());
        }
        return iamAccount;
    }

    @Override // com.diboot.iam.auth.AuthService
    public String applyToken(AuthCredential authCredential) {
        BaseJwtAuthToken initBaseJwtAuthToken = initBaseJwtAuthToken(authCredential);
        try {
            Subject subject = SecurityUtils.getSubject();
            subject.login(initBaseJwtAuthToken);
            if (subject.isAuthenticated()) {
                log.debug("申请token成功！authtoken={}", initBaseJwtAuthToken.getCredentials());
                saveLoginTrace(initBaseJwtAuthToken, true);
                return (String) initBaseJwtAuthToken.getCredentials();
            }
            log.error("认证失败");
            saveLoginTrace(initBaseJwtAuthToken, false);
            throw new BusinessException(Status.FAIL_OPERATION, "认证失败");
        } catch (Exception e) {
            log.error("登录异常", e);
            saveLoginTrace(initBaseJwtAuthToken, false);
            throw new BusinessException(Status.FAIL_OPERATION, e.getMessage());
        }
    }

    private BaseJwtAuthToken initBaseJwtAuthToken(AuthCredential authCredential) {
        SSOCredential sSOCredential = (SSOCredential) authCredential;
        BaseJwtAuthToken baseJwtAuthToken = new BaseJwtAuthToken(getAuthType(), sSOCredential.getUserTypeClass());
        sSOCredential.setAuthAccount(parseCasTicket(sSOCredential));
        baseJwtAuthToken.setAuthAccount(sSOCredential.getAuthAccount()).setRememberMe(sSOCredential.isRememberMe());
        return baseJwtAuthToken.generateAuthtoken(getExpiresInMinutes());
    }

    protected void saveLoginTrace(BaseJwtAuthToken baseJwtAuthToken, boolean z) {
        IamLoginTrace iamLoginTrace = new IamLoginTrace();
        iamLoginTrace.setAuthType(getAuthType()).setAuthAccount(baseJwtAuthToken.getAuthAccount()).setUserType(baseJwtAuthToken.getUserType()).setSuccess(z);
        BaseLoginUser baseLoginUser = (BaseLoginUser) IamSecurityUtils.getCurrentUser();
        if (baseLoginUser != null) {
            iamLoginTrace.setUserId(baseLoginUser.getId());
        }
        String header = this.request.getHeader("user-agent");
        iamLoginTrace.setUserAgent(header).setIpAddress(IamSecurityUtils.getRequestIp(this.request));
        try {
            this.iamLoginTraceService.createEntity(iamLoginTrace);
        } catch (Exception e) {
            log.warn("保存登录日志异常", e);
        }
    }

    protected String parseCasTicket(SSOCredential sSOCredential) {
        String callGet = HttpHelper.callGet(getCasUrlPrefix() + "p3/serviceValidate?service=" + sSOCredential.getServiceUrl() + "&ticket=" + sSOCredential.getTicket(), null);
        String substringBetween = S.substringBetween(callGet, "<cas:authenticationFailure", "</cas:authenticationFailure>");
        if (V.notEmpty(substringBetween)) {
            throw new BusinessException("CAS登录失败:" + S.substringAfter(substringBetween, ">"));
        }
        String substringBetween2 = S.substringBetween(callGet, "<cas:user>", "</cas:user>");
        log.debug("CAS ticket {}, user = {}", sSOCredential.getTicket(), substringBetween2);
        return substringBetween2;
    }

    private static /* synthetic */ Object $deserializeLambda$(SerializedLambda serializedLambda) {
        String implMethodName = serializedLambda.getImplMethodName();
        boolean z = -1;
        switch (implMethodName.hashCode()) {
            case 98245393:
                if (implMethodName.equals("getId")) {
                    z = 2;
                    break;
                }
                break;
            case 803533544:
                if (implMethodName.equals("getStatus")) {
                    z = 3;
                    break;
                }
                break;
            case 859984188:
                if (implMethodName.equals("getUserId")) {
                    z = 4;
                    break;
                }
                break;
            case 1771527727:
                if (implMethodName.equals("getAuthAccount")) {
                    z = true;
                    break;
                }
                break;
            case 1811435291:
                if (implMethodName.equals("getUserType")) {
                    z = false;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                if (serializedLambda.getImplMethodKind() == 5 && serializedLambda.getFunctionalInterfaceClass().equals("com/baomidou/mybatisplus/core/toolkit/support/SFunction") && serializedLambda.getFunctionalInterfaceMethodName().equals("apply") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("(Ljava/lang/Object;)Ljava/lang/Object;") && serializedLambda.getImplClass().equals("com/diboot/iam/entity/IamAccount") && serializedLambda.getImplMethodSignature().equals("()Ljava/lang/String;")) {
                    return (v0) -> {
                        return v0.getUserType();
                    };
                }
                if (serializedLambda.getImplMethodKind() == 5 && serializedLambda.getFunctionalInterfaceClass().equals("com/baomidou/mybatisplus/core/toolkit/support/SFunction") && serializedLambda.getFunctionalInterfaceMethodName().equals("apply") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("(Ljava/lang/Object;)Ljava/lang/Object;") && serializedLambda.getImplClass().equals("com/diboot/iam/entity/IamAccount") && serializedLambda.getImplMethodSignature().equals("()Ljava/lang/String;")) {
                    return (v0) -> {
                        return v0.getUserType();
                    };
                }
                break;
            case true:
                if (serializedLambda.getImplMethodKind() == 5 && serializedLambda.getFunctionalInterfaceClass().equals("com/baomidou/mybatisplus/core/toolkit/support/SFunction") && serializedLambda.getFunctionalInterfaceMethodName().equals("apply") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("(Ljava/lang/Object;)Ljava/lang/Object;") && serializedLambda.getImplClass().equals("com/diboot/iam/entity/IamAccount") && serializedLambda.getImplMethodSignature().equals("()Ljava/lang/String;")) {
                    return (v0) -> {
                        return v0.getAuthAccount();
                    };
                }
                if (serializedLambda.getImplMethodKind() == 5 && serializedLambda.getFunctionalInterfaceClass().equals("com/baomidou/mybatisplus/core/toolkit/support/SFunction") && serializedLambda.getFunctionalInterfaceMethodName().equals("apply") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("(Ljava/lang/Object;)Ljava/lang/Object;") && serializedLambda.getImplClass().equals("com/diboot/iam/entity/IamAccount") && serializedLambda.getImplMethodSignature().equals("()Ljava/lang/String;")) {
                    return (v0) -> {
                        return v0.getAuthAccount();
                    };
                }
                break;
            case true:
                if (serializedLambda.getImplMethodKind() == 5 && serializedLambda.getFunctionalInterfaceClass().equals("com/baomidou/mybatisplus/core/toolkit/support/SFunction") && serializedLambda.getFunctionalInterfaceMethodName().equals("apply") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("(Ljava/lang/Object;)Ljava/lang/Object;") && serializedLambda.getImplClass().equals("com/diboot/core/entity/BaseEntity") && serializedLambda.getImplMethodSignature().equals("()Ljava/lang/Long;")) {
                    return (v0) -> {
                        return v0.getId();
                    };
                }
                break;
            case true:
                if (serializedLambda.getImplMethodKind() == 5 && serializedLambda.getFunctionalInterfaceClass().equals("com/baomidou/mybatisplus/core/toolkit/support/SFunction") && serializedLambda.getFunctionalInterfaceMethodName().equals("apply") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("(Ljava/lang/Object;)Ljava/lang/Object;") && serializedLambda.getImplClass().equals("com/diboot/iam/entity/IamAccount") && serializedLambda.getImplMethodSignature().equals("()Ljava/lang/String;")) {
                    return (v0) -> {
                        return v0.getStatus();
                    };
                }
                break;
            case true:
                if (serializedLambda.getImplMethodKind() == 5 && serializedLambda.getFunctionalInterfaceClass().equals("com/baomidou/mybatisplus/core/toolkit/support/SFunction") && serializedLambda.getFunctionalInterfaceMethodName().equals("apply") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("(Ljava/lang/Object;)Ljava/lang/Object;") && serializedLambda.getImplClass().equals("com/diboot/iam/entity/IamAccount") && serializedLambda.getImplMethodSignature().equals("()Ljava/lang/Long;")) {
                    return (v0) -> {
                        return v0.getUserId();
                    };
                }
                break;
        }
        throw new IllegalArgumentException("Invalid lambda deserialization");
    }
}
