package com.dtyunxi.yundt.cube.center.user.biz.service.impl;

import com.dtyunxi.cube.commons.exceptions.BizException;
import com.dtyunxi.huieryun.cache.api.ICacheService;
import com.dtyunxi.huieryun.log.LoggerFactory;
import com.dtyunxi.yundt.cube.center.user.api.dto.ext.user.Verification4ResetPasswordDto;
import com.dtyunxi.yundt.cube.center.user.api.exception.UserExceptionCode;
import com.dtyunxi.yundt.cube.center.user.biz.service.IPasswordService;
import com.dtyunxi.yundt.cube.center.user.biz.service.ISecurityService;
import com.dtyunxi.yundt.cube.center.user.biz.service.IUserService;
import com.dtyunxi.yundt.cube.center.user.biz.util.AssertUtil;
import com.dtyunxi.yundt.cube.center.user.dao.das.AppInstanceDas;
import com.dtyunxi.yundt.cube.center.user.dao.das.TenantDas;
import com.dtyunxi.yundt.cube.center.user.dao.das.UserDas;
import com.dtyunxi.yundt.cube.center.user.dao.eo.AppInstanceEo;
import com.dtyunxi.yundt.cube.center.user.dao.eo.TenantEo;
import com.dtyunxi.yundt.cube.center.user.dao.eo.UserEo;
import com.dtyunxi.yundt.cube.center.user.ext.user.IVerifyBeforeResetPasswordExt;
import com.dtyunxi.yundt.module.context.api.IContext;
import com.google.common.collect.Sets;
import java.util.Arrays;
import java.util.Date;
import java.util.HashSet;
import java.util.UUID;
import javax.annotation.Resource;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;

@Service
/* loaded from: input_file:com/dtyunxi/yundt/cube/center/user/biz/service/impl/SecurityServiceImpl.class */
public class SecurityServiceImpl implements ISecurityService {
    private static final Logger logger = LoggerFactory.getLogger(SecurityServiceImpl.class);

    @Resource
    private IUserService userService;

    @Resource
    private UserDas userDas;

    @Resource
    private AppInstanceDas appInstanceDas;

    @Resource
    private IPasswordService passwordService;

    @Resource
    private ICacheService cacheService;

    @Resource
    private TenantDas tenantDas;

    @Resource
    private IContext context;

    @Value("${user.empty.salt.generate.enabled:true}")
    private boolean emptySaltGenerate;

    @Autowired
    IVerifyBeforeResetPasswordExt<Boolean, Verification4ResetPasswordDto> verifyBeforeResetPasswordExt;

    @Override // com.dtyunxi.yundt.cube.center.user.biz.service.ISecurityService
    public void modifyPassword(String str, String str2, String str3) {
        UserEo findByUserName = this.userDas.findByUserName(str);
        if (findByUserName == null) {
            logger.info("通过用户名查询不到用户信息，用户名为" + str);
            throw new BizException(UserExceptionCode.USERNAME_CHECK_FAIL.getCode(), UserExceptionCode.USERNAME_CHECK_FAIL.getMsg());
        }
        if (!this.passwordService.verifyPassword(str2, findByUserName.getPassword(), findByUserName.getSalt(), findByUserName.getTenantId(), findByUserName.getInstanceId())) {
            logger.info("密码不正确");
            throw new BizException(UserExceptionCode.MODIFYPW_CHECK_FAIL.getCode(), UserExceptionCode.MODIFYPW_CHECK_FAIL.getMsg());
        }
        if (this.emptySaltGenerate) {
            findByUserName.setSalt(UUID.randomUUID().toString());
        }
        findByUserName.setPassword(this.passwordService.encryptPassword(str3, findByUserName.getSalt(), findByUserName.getTenantId(), findByUserName.getInstanceId()));
        findByUserName.setModifyPasswordTime(new Date());
        this.userDas.update(findByUserName);
    }

    @Override // com.dtyunxi.yundt.cube.center.user.biz.service.ISecurityService
    public void resetPassword(String str, String str2, String str3) {
        this.verifyBeforeResetPasswordExt.execute(Verification4ResetPasswordDto.init(str, str2));
        UserEo findByLoginStr = this.userDas.findByLoginStr(str2);
        userExist(findByLoginStr);
        if (this.emptySaltGenerate) {
            findByLoginStr.setSalt(UUID.randomUUID().toString());
        }
        findByLoginStr.setPassword(this.passwordService.encryptPassword(str3, findByLoginStr.getSalt(), findByLoginStr.getTenantId(), findByLoginStr.getInstanceId()));
        findByLoginStr.setModifyPasswordTime(new Date());
        this.userDas.update(findByLoginStr);
    }

    @Override // com.dtyunxi.yundt.cube.center.user.biz.service.ISecurityService
    @Transactional(rollbackFor = {Exception.class})
    public void modifyPassword(String str, String str2, String str3, Long l, String str4) {
        if (StringUtils.isBlank(str2)) {
            throw new BizException("旧密码不能为空");
        }
        if (StringUtils.isBlank(str3)) {
            throw new BizException("新密码不能为空");
        }
        String RSAEncrypt = this.passwordService.RSAEncrypt(str3);
        String RSAEncrypt2 = this.passwordService.RSAEncrypt(str2);
        AppInstanceEo appInstanceEo = (AppInstanceEo) this.appInstanceDas.selectByPrimaryKey(l);
        instanceIdExist(appInstanceEo);
        if (!this.userService.isIsolationByInstance(appInstanceEo.getTenantId())) {
            l = null;
        }
        UserEo findByUserName = this.userDas.findByUserName(str, appInstanceEo.getTenantId(), l, checkAndGetDomain(str4, appInstanceEo, appInstanceEo.getTenantId()));
        if (findByUserName == null) {
            logger.info("通过用户名查询不到用户信息，用户名为" + str);
            throw new BizException(UserExceptionCode.USERNAME_CHECK_FAIL.getCode(), UserExceptionCode.USERNAME_CHECK_FAIL.getMsg());
        }
        if (!this.passwordService.verifyPassword(RSAEncrypt2, findByUserName.getPassword(), findByUserName.getSalt(), findByUserName.getTenantId(), findByUserName.getInstanceId())) {
            logger.info("密码不正确");
            throw new BizException(UserExceptionCode.MODIFYPW_CHECK_FAIL.getCode(), UserExceptionCode.MODIFYPW_CHECK_FAIL.getMsg());
        }
        if (this.emptySaltGenerate) {
            findByUserName.setSalt(UUID.randomUUID().toString());
        }
        findByUserName.setPassword(this.passwordService.encryptPassword(RSAEncrypt, findByUserName.getSalt(), findByUserName.getTenantId(), findByUserName.getInstanceId()));
        findByUserName.setModifyPasswordTime(new Date());
        this.userDas.update(findByUserName);
    }

    @Override // com.dtyunxi.yundt.cube.center.user.biz.service.ISecurityService
    @Transactional(rollbackFor = {Exception.class})
    public void resetPassword(String str, String str2, String str3, Long l, String str4) {
        this.verifyBeforeResetPasswordExt.execute(Verification4ResetPasswordDto.init(str, str2));
        AppInstanceEo appInstanceEo = (AppInstanceEo) this.appInstanceDas.selectByPrimaryKey(l);
        instanceIdExist(appInstanceEo);
        if (!this.userService.isIsolationByInstance(appInstanceEo.getTenantId())) {
            l = null;
        }
        UserEo findByLoginStr = this.userDas.findByLoginStr(str2, appInstanceEo.getTenantId(), l, checkAndGetDomain(str4, appInstanceEo, appInstanceEo.getTenantId()));
        userExist(findByLoginStr);
        if (this.emptySaltGenerate) {
            findByLoginStr.setSalt(UUID.randomUUID().toString());
        }
        findByLoginStr.setPassword(this.passwordService.encryptPassword(str3, findByLoginStr.getSalt(), findByLoginStr.getTenantId(), findByLoginStr.getInstanceId()));
        findByLoginStr.setModifyPasswordTime(new Date());
        this.userDas.update(findByLoginStr);
    }

    @Override // com.dtyunxi.yundt.cube.center.user.biz.service.ISecurityService
    public void resetPasswordByAdmin(Long l, String str) {
        UserEo userEo = (UserEo) this.userDas.selectByPrimaryKey(l);
        userExist(userEo);
        if (this.emptySaltGenerate) {
            userEo.setSalt(UUID.randomUUID().toString());
        }
        userEo.setPassword(this.passwordService.encryptPassword(str, userEo.getSalt(), userEo.getTenantId(), userEo.getInstanceId()));
        userEo.setModifyPasswordTime(new Date());
        this.userDas.update(userEo);
    }

    private void userExist(UserEo userEo) {
        if (null == userEo) {
            logger.info("用户不存在");
            throw new BizException(UserExceptionCode.USER_NOTEXIST_FAIL.getCode(), UserExceptionCode.USER_NOTEXIST_FAIL.getMsg());
        }
    }

    private void instanceIdExist(AppInstanceEo appInstanceEo) {
        if (null == appInstanceEo) {
            logger.info("实例ID不存在");
            throw new BizException(UserExceptionCode.INSTANCEID_NOTEXIST_FAIL.getCode(), UserExceptionCode.INSTANCEID_NOTEXIST_FAIL.getMsg());
        }
    }

    private String checkAndGetDomain(String str, AppInstanceEo appInstanceEo, Long l) {
        if (StringUtils.isBlank(str)) {
            Long tenantId = l == null ? appInstanceEo.getTenantId() : l;
            AssertUtil.isTrue(null != tenantId, "用户所属的租户ID不能为空");
            if (StringUtils.isNoneBlank(new CharSequence[]{appInstanceEo.getDefDomain()})) {
                return appInstanceEo.getDefDomain();
            }
            TenantEo selectByPrimaryKey = this.tenantDas.selectByPrimaryKey(tenantId);
            AssertUtil.isTrue(null != selectByPrimaryKey, "租户信息不存在");
            AssertUtil.isTrue(StringUtils.isNoneBlank(new CharSequence[]{selectByPrimaryKey.getDefDomain()}), "帐号域信息不存在");
            return selectByPrimaryKey.getDomain();
        }
        Long instanceId = this.context.instanceId();
        HashSet newHashSet = Sets.newHashSet();
        AppInstanceEo selectByPrimaryKey2 = this.appInstanceDas.selectByPrimaryKey(instanceId);
        if (selectByPrimaryKey2 == null) {
            throw new BizException(UserExceptionCode.APPINSTANCE_IDCHECKE_FAIL.getCode(), UserExceptionCode.APPINSTANCE_IDCHECKE_FAIL.getMsg());
        }
        if (StringUtils.isNotBlank(selectByPrimaryKey2.getDefDomain())) {
            newHashSet.add(selectByPrimaryKey2.getDefDomain());
        }
        if (StringUtils.isNotBlank(selectByPrimaryKey2.getTrustDomain())) {
            newHashSet.addAll(Arrays.asList(selectByPrimaryKey2.getTrustDomain().split(",")));
        }
        if (!CollectionUtils.isNotEmpty(newHashSet) || newHashSet.contains(str)) {
            return str;
        }
        throw new BizException(UserExceptionCode.INVALID_USER_DOMAIN.getCode(), UserExceptionCode.INVALID_USER_DOMAIN.getMsg());
    }
}
