package nc.ws.opm.oauth.service.impl;

import java.io.UnsupportedEncodingException;
import java.security.SecureRandom;
import java.util.HashMap;
import java.util.Map;
import nc.bs.dao.BaseDAO;
import nc.bs.dao.DAOException;
import nc.bs.framework.common.InvocationInfoProxy;
import nc.bs.framework.common.NCLocator;
import nc.bs.framework.server.ISecurityTokenCallback;
import nc.pub.tool.SecureRandomProxy;
import nc.vo.pub.BusinessException;
import nc.vo.sm.UserRefreshTokenVO;
import nc.vo.sm.UserVO;
import nc.ws.opm.oauth.pojo.AccessToken;
import nc.ws.opm.oauth.pojo.UserLoginVO;
import nc.ws.opm.oauth.service.YonyouCloudAuthService;
import nc.ws.opm.pub.cache.OAuthCache;
import nc.ws.opm.pub.exception.BizException;
import nc.ws.opm.pub.utils.TenantidUtil;
import nc.ws.opm.pub.utils.security.SHA256Util;
import nccloud.api.rest.log.OPMLogger;
import nccloud.pubitf.baseapp.oauth.IUserRefreshTokenService;
import org.apache.commons.lang3.StringUtils;

/* loaded from: input_file:nc/ws/opm/oauth/service/impl/YonyouCloudAuthServiceImpl.class */
public class YonyouCloudAuthServiceImpl implements YonyouCloudAuthService {
    private static SecureRandom rand = SecureRandomProxy.getRandomInstance();

    @Override // nc.ws.opm.oauth.service.YonyouCloudAuthService
    public UserLoginVO checkToken(String str, String str2, String str3, String str4) throws BizException {
        UserLoginVO userLoginVO = null;
        try {
            String str5 = (String) OAuthCache.get_logininfo(str3 + str);
            if (StringUtils.isBlank(str5)) {
                str5 = TenantidUtil.queryBusiCenterVOByTenantid(str3).getDataSourceName();
                if (StringUtils.isBlank(str5)) {
                    throw new BizException("", "非法请求");
                }
                OAuthCache.put_logininfo(str3 + str, str5);
            }
            InvocationInfoProxy.getInstance().setUserDataSource(str5);
            UserRefreshTokenVO userRefreshTokenByThirdUserid = ((IUserRefreshTokenService) NCLocator.getInstance().lookup(IUserRefreshTokenService.class)).getUserRefreshTokenByThirdUserid(str);
            if (userRefreshTokenByThirdUserid == null) {
                throw new BizException("", "用户未绑定");
            }
            String refresh_token = userRefreshTokenByThirdUserid.getRefresh_token();
            checkSign(str4, str3, str, str2, refresh_token);
            Map map = OAuthCache.get_refreshtoken(str3 + str);
            if (map != null && !map.isEmpty()) {
                long currentTimeMillis = System.currentTimeMillis();
                AccessToken accessToken = (AccessToken) map.get("token");
                if (currentTimeMillis - accessToken.getTs() <= accessToken.getExpires_in()) {
                    userLoginVO = (UserLoginVO) map.get("uservo");
                }
            }
            if (userLoginVO == null) {
                userLoginVO = nccLogin(str5, userRefreshTokenByThirdUserid.getPk_user());
                putAccTokenMap(new HashMap(), userLoginVO, refresh_token, str2, str3 + str);
            }
            return userLoginVO;
        } catch (BusinessException e) {
            throw new BizException(e.getErrorCodeString(), e.getMessage());
        }
    }

    private void checkSign(String str, String str2, String str3, String str4, String str5) throws BizException {
        String sha256 = SHA256Util.getSHA256((str2 + str3 + str4) + SHA256Util.getSHA256(str5));
        if (StringUtils.isBlank(sha256) || !sha256.equals(str)) {
            throw new BizException("", "请求不安全");
        }
    }

    private UserLoginVO nccLogin(String str, String str2) throws BizException {
        try {
            UserVO userVO = (UserVO) new BaseDAO().retrieveByPK(UserVO.class, str2);
            if (userVO == null) {
                throw new BizException("用户为绑定");
            }
            byte[] bArr = null;
            try {
                byte sysid = InvocationInfoProxy.getInstance().getSysid();
                InvocationInfoProxy.getInstance().setUserCode(userVO.getUser_code());
                ISecurityTokenCallback iSecurityTokenCallback = (ISecurityTokenCallback) NCLocator.getInstance().lookup(ISecurityTokenCallback.class);
                byte[] bArr2 = new byte[64];
                rand.nextBytes(bArr2);
                bArr = iSecurityTokenCallback.token((((int) sysid) + ":" + userVO.getPrimaryKey()).getBytes("UTF-8"), bArr2);
            } catch (UnsupportedEncodingException e) {
                OPMLogger.error(e.getMessage(), e);
            }
            UserLoginVO userVoToUserLoginVO = userVoToUserLoginVO(str, userVO);
            userVoToUserLoginVO.setLogin_token(bArr);
            return userVoToUserLoginVO;
        } catch (DAOException e2) {
            throw new BizException("数据异常");
        }
    }

    private UserLoginVO userVoToUserLoginVO(String str, UserVO userVO) {
        UserLoginVO userLoginVO = new UserLoginVO();
        userLoginVO.setDatasource(str);
        userLoginVO.setUsername(userVO.getUser_code());
        userLoginVO.setGroupCode(userVO.getPk_group());
        return userLoginVO;
    }

    private void putAccTokenMap(Map<String, Object> map, UserLoginVO userLoginVO, String str, String str2, String str3) {
        AccessToken accessToken = new AccessToken();
        accessToken.setExpires_in(100000L);
        accessToken.setRefresh_token(str);
        accessToken.setTs(System.currentTimeMillis());
        map.put("uservo", userLoginVO);
        map.put("client_id", str2);
        map.put("token", accessToken);
        OAuthCache.put_refreshtoken(str3, map);
    }
}
