package com.fr.decision.webservice.v10.login;

import com.fr.base.ServerConfig;
import com.fr.base.TemplateUtils;
import com.fr.base.sms.SMSTemplateType;
import com.fr.config.Configuration;
import com.fr.config.EmailServerConfig;
import com.fr.data.NetworkHelper;
import com.fr.decision.ExtraDecisionClassManager;
import com.fr.decision.authority.AuthorityContext;
import com.fr.decision.authority.base.constant.type.operation.ManualOperationType;
import com.fr.decision.authority.data.CustomRole;
import com.fr.decision.authority.data.User;
import com.fr.decision.authority.data.extra.user.type.PasswordChangeTimeKey;
import com.fr.decision.base.util.UUIDUtil;
import com.fr.decision.config.APILimitConfig;
import com.fr.decision.config.FSConfig;
import com.fr.decision.config.LoginLockConfig;
import com.fr.decision.config.LoginVerificationConfig;
import com.fr.decision.config.SystemConfig;
import com.fr.decision.copyright.CopyrightFactory;
import com.fr.decision.fun.AccessProvider;
import com.fr.decision.mobile.terminal.TerminalHandler;
import com.fr.decision.privilege.TransmissionTool;
import com.fr.decision.privilege.encrpt.PasswordValidator;
import com.fr.decision.record.LoginMessage;
import com.fr.decision.record.LogoutMessage;
import com.fr.decision.system.SystemContext;
import com.fr.decision.system.bean.LoginDetailInfo;
import com.fr.decision.system.bean.message.MessageUrlType;
import com.fr.decision.system.entity.message.MessageEntity;
import com.fr.decision.webservice.CrossDomainResponse;
import com.fr.decision.webservice.Response;
import com.fr.decision.webservice.bean.authentication.LoginCaptchaBean;
import com.fr.decision.webservice.bean.authentication.LoginClientBean;
import com.fr.decision.webservice.bean.authentication.LoginDetailInfoBean;
import com.fr.decision.webservice.bean.authentication.LoginRequestInfoBean;
import com.fr.decision.webservice.bean.authentication.LoginResponseInfoBean;
import com.fr.decision.webservice.bean.authentication.OriginUrlResponseBean;
import com.fr.decision.webservice.bean.config.RefreshTokenBean;
import com.fr.decision.webservice.bean.user.CaptchaReceiverBean;
import com.fr.decision.webservice.bean.user.PasswordChangeBean;
import com.fr.decision.webservice.exception.captcha.CaptchaCheckLimitException;
import com.fr.decision.webservice.exception.captcha.CaptchaErrorException;
import com.fr.decision.webservice.exception.captcha.CaptchaTimeoutException;
import com.fr.decision.webservice.exception.captcha.UnverifiedCaptchaException;
import com.fr.decision.webservice.exception.config.PhoneOrEmailNotExistException;
import com.fr.decision.webservice.exception.general.ServerTimeoutException;
import com.fr.decision.webservice.exception.general.SpecialCharProhibitException;
import com.fr.decision.webservice.exception.login.LoginInfoNotAvailableException;
import com.fr.decision.webservice.exception.login.LoginRecordNotExistException;
import com.fr.decision.webservice.exception.login.LoginValidateStrictException;
import com.fr.decision.webservice.exception.login.PasswordSameException;
import com.fr.decision.webservice.exception.login.UserLoginException;
import com.fr.decision.webservice.exception.login.UserPasswordCanNotChangeException;
import com.fr.decision.webservice.exception.login.UserPasswordCanNotEmptyException;
import com.fr.decision.webservice.exception.login.UserPwdErrorException;
import com.fr.decision.webservice.exception.user.UserNotAvailableException;
import com.fr.decision.webservice.impl.captcha.CaptchaSender;
import com.fr.decision.webservice.utils.ControllerFactory;
import com.fr.decision.webservice.utils.DecisionAPICallLimiterUtils;
import com.fr.decision.webservice.utils.DecisionServiceConstants;
import com.fr.decision.webservice.utils.DecisionStatusService;
import com.fr.decision.webservice.utils.NextDayTicketIssuer;
import com.fr.decision.webservice.utils.UserSourceFactory;
import com.fr.decision.webservice.utils.WebServiceUtils;
import com.fr.decision.webservice.utils.controller.AuthenticController;
import com.fr.decision.webservice.v10.login.controller.CommonAuthenticController;
import com.fr.decision.webservice.v10.login.kickout.KickOutConfig;
import com.fr.decision.webservice.v10.login.kickout.KickOutUserEvent;
import com.fr.decision.webservice.v10.login.lock.LoginLockService;
import com.fr.decision.webservice.v10.login.slider.SliderVerificationService;
import com.fr.decision.webservice.v10.message.MessageService;
import com.fr.decision.webservice.v10.password.strategy.PasswordStrategyService;
import com.fr.decision.webservice.v10.register.RegisterService;
import com.fr.decision.webservice.v10.sms.SMSService;
import com.fr.decision.webservice.v10.system.SystemService;
import com.fr.decision.webservice.v10.user.UserService;
import com.fr.event.EventDispatcher;
import com.fr.general.ComparatorUtils;
import com.fr.locale.InterProviderFactory;
import com.fr.log.FineLoggerFactory;
import com.fr.record.analyzer.EnableMetrics;
import com.fr.record.analyzer.Metrics;
import com.fr.record.analyzer.Track;
import com.fr.security.JwtUtils;
import com.fr.security.WebSecurityConfig;
import com.fr.stable.StableUtils;
import com.fr.stable.StringUtils;
import com.fr.stable.db.data.DataRecord;
import com.fr.stable.query.QueryFactory;
import com.fr.stable.query.restriction.RestrictionFactory;
import com.fr.stable.web.Device;
import com.fr.store.Converter;
import com.fr.third.socketio.SocketIOClient;
import com.fr.transaction.Configurations;
import com.fr.transaction.Worker;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.TimeUnit;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

@EnableMetrics
/* loaded from: input_file:com/fr/decision/webservice/v10/login/LoginService.class */
public class LoginService {
    private static final int UNREMEMBERED_PASSWORD = -1;
    private static final int REMEMBER_PASSWORD = -2;
    private static volatile LoginService instance;

    public static LoginService getInstance() {
        if (instance == null) {
            synchronized (LoginService.class) {
                if (instance == null) {
                    instance = new LoginService();
                }
            }
        }
        return instance;
    }

    public boolean isLogged(HttpServletRequest httpServletRequest) {
        boolean z = true;
        try {
            loginStatusValid(TokenResource.COOKIE.getToken(httpServletRequest), TerminalHandler.getTerminal(httpServletRequest, NetworkHelper.getDevice(httpServletRequest)));
        } catch (Exception e) {
            z = false;
        }
        return z;
    }

    @Metrics
    public LoginResponseInfoBean login(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, LoginRequestInfoBean loginRequestInfoBean) throws Exception {
        String decrypt = TransmissionTool.decrypt(loginRequestInfoBean.isEncrypted(), loginRequestInfoBean.isSupportCustomEncrypt(), loginRequestInfoBean.getPassword());
        String username = loginRequestInfoBean.getUsername();
        if (WebServiceUtils.containSQLChars(username)) {
            throw new SpecialCharProhibitException();
        }
        Device device = NetworkHelper.getDevice(httpServletRequest);
        String ipInfoFromRequest = WebServiceUtils.getIpInfoFromRequest(httpServletRequest);
        SliderVerificationService.getInstance().dealWithSliderVerification(device, ipInfoFromRequest, loginRequestInfoBean.getSliderToken());
        User userByUserName = UserService.getInstance().getUserByUserName(username);
        if (userByUserName == null) {
            SliderVerificationService.getInstance().addErrorCount(ipInfoFromRequest);
            throw new UserLoginException();
        }
        TerminalHandler terminal = TerminalHandler.getTerminal(httpServletRequest, device);
        AuthenticController authenticController = ControllerFactory.getInstance().getAuthenticController(userByUserName.getId());
        doUserAuthentication(authenticController, userByUserName, decrypt, device, ipInfoFromRequest, terminal);
        long tokenTimeOutByValidity = getTokenTimeOutByValidity(loginRequestInfoBean.getValidity());
        String createDefaultJWT = JwtUtils.createDefaultJWT(userByUserName.getUserName(), userByUserName.getDisplayName(), tokenTimeOutByValidity);
        authenticController.verifySingleLoginStatus(userByUserName.getUserName(), terminal, createDefaultJWT);
        if (authenticController.passwordChangeable(userByUserName)) {
            PasswordStrategyService.getInstance().checkPasswordNeedUpdate(userByUserName, createDefaultJWT);
            PasswordStrategyService.getInstance().checkPasswordStrength(decrypt, username, createDefaultJWT);
        }
        if (needLoginVerification(device)) {
            throw new UnverifiedCaptchaException(createDefaultJWT);
        }
        RegisterService.getInstance().checkLicExpireSoon(userByUserName);
        OriginUrlResponseBean originUrlResponse = getOriginUrlResponse(loginRequestInfoBean.getOrigin());
        LoginClientBean loginClientBean = new LoginClientBean(httpServletRequest, device, terminal);
        loginClientBean.setUsername(userByUserName.getUserName());
        loginClientBean.setToken(createDefaultJWT);
        loginClientBean.setValidity(loginRequestInfoBean.getValidity());
        loginClientBean.setUserId(userByUserName.getId());
        loginClientBean.setMacAddress(loginRequestInfoBean.getMacAddress());
        authenticController.logoutSingleLoginInvalidUser(userByUserName.getUserName(), terminal);
        addLoginStatus(createDefaultJWT, loginClientBean, tokenTimeOutByValidity);
        checkServerInitStatus();
        createLoginMessage(ipInfoFromRequest, userByUserName.getUserName(), userByUserName.getId());
        if (ServerConfig.getInstance().isTokenFromCookie()) {
            writeToken2Cookie(httpServletResponse, createDefaultJWT, loginRequestInfoBean.getValidity());
        }
        return new LoginResponseInfoBean(createDefaultJWT, originUrlResponse, userByUserName.getUserName(), loginRequestInfoBean.getValidity());
    }

    public LoginResponseInfoBean login(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, LoginCaptchaBean loginCaptchaBean) throws Exception {
        Device device = NetworkHelper.getDevice(httpServletRequest);
        ArrayList arrayList = new ArrayList(DecisionStatusService.captchaStatusService().aliasesOfKey(loginCaptchaBean.getToken()));
        if (!WebServiceUtils.captchaCheck(DecisionStatusService.captchaStatusService(), loginCaptchaBean.getToken())) {
            throw new CaptchaErrorException();
        }
        DecisionStatusService.captchaStatusService().delete(loginCaptchaBean.getToken());
        String subject = arrayList.isEmpty() ? JwtUtils.parseJWT(loginCaptchaBean.getToken()).getSubject() : (String) arrayList.get(0);
        User userByUserName = UserService.getInstance().getUserByUserName(subject);
        if (userByUserName == null) {
            throw new UserLoginException();
        }
        String id = userByUserName.getId();
        TerminalHandler terminal = TerminalHandler.getTerminal(httpServletRequest, device);
        AuthenticController authenticController = ControllerFactory.getInstance().getAuthenticController(id);
        authenticController.checkMobileFunctionPoint(terminal);
        authenticController.checkUserTypeAvailable(userByUserName, device);
        authenticController.logoutSingleLoginInvalidUser(subject, terminal);
        long tokenTimeOutByValidity = getTokenTimeOutByValidity(loginCaptchaBean.getValidity());
        String createDefaultJWT = JwtUtils.createDefaultJWT(subject, userByUserName.getDisplayName(), tokenTimeOutByValidity);
        OriginUrlResponseBean originUrlResponse = getOriginUrlResponse(loginCaptchaBean.getOrigin());
        LoginClientBean loginClientBean = new LoginClientBean(httpServletRequest, device);
        loginClientBean.setUsername(subject);
        loginClientBean.setToken(createDefaultJWT);
        loginClientBean.setValidity(loginCaptchaBean.getValidity());
        loginClientBean.setUserId(id);
        addLoginStatus(createDefaultJWT, loginClientBean, tokenTimeOutByValidity);
        RegisterService.getInstance().checkLicExpireSoon(userByUserName);
        checkServerInitStatus();
        createLoginMessage(WebServiceUtils.getIpInfoFromRequest(httpServletRequest), subject, id);
        if (ServerConfig.getInstance().isTokenFromCookie()) {
            writeToken2Cookie(httpServletResponse, createDefaultJWT, loginCaptchaBean.getValidity());
        }
        return new LoginResponseInfoBean(createDefaultJWT, originUrlResponse, subject, loginCaptchaBean.getValidity());
    }

    public void logout(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Exception {
        logoutUser(httpServletRequest, TokenResource.HEADER);
    }

    public CrossDomainResponse crossDomainLogin(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, String str2, int i, String str3) {
        try {
            if (WebSecurityConfig.getInstance().isLoginValidateStrict()) {
                throw new LoginValidateStrictException();
            }
            Device device = NetworkHelper.getDevice(httpServletRequest);
            TerminalHandler terminal = TerminalHandler.getTerminal(httpServletRequest, device);
            User doUserAuthentication = doUserAuthentication(str, str2, device, WebServiceUtils.getIpInfoFromRequest(httpServletRequest), terminal);
            long tokenTimeOutByValidity = getTokenTimeOutByValidity(i);
            String createDefaultJWT = JwtUtils.createDefaultJWT(str, doUserAuthentication.getDisplayName(), tokenTimeOutByValidity);
            String id = doUserAuthentication.getId();
            String generateDefaultHomePageUrl = generateDefaultHomePageUrl(httpServletRequest);
            LoginClientBean loginClientBean = new LoginClientBean(httpServletRequest, device, terminal);
            loginClientBean.setUsername(str);
            loginClientBean.setToken(createDefaultJWT);
            loginClientBean.setValidity(i);
            loginClientBean.setUserId(id);
            addLoginStatus(createDefaultJWT, loginClientBean, tokenTimeOutByValidity);
            writeToken2Cookie(httpServletResponse, createDefaultJWT, i);
            checkServerInitStatus();
            RegisterService.getInstance().checkLicExpireSoon(doUserAuthentication);
            createLoginMessage(WebServiceUtils.getIpInfoFromRequest(httpServletRequest), str, id);
            return CrossDomainResponse.create().callbackFuncName(str3).parameter("accessToken", createDefaultJWT).parameter(MessageEntity.COLUMN_URL, generateDefaultHomePageUrl).parameter("status", DecisionServiceConstants.OPERATION_SUCCESS);
        } catch (Exception e) {
            FineLoggerFactory.getLogger().error(e.getMessage(), e);
            return CrossDomainResponse.error(e, str3);
        }
    }

    public String login(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, String str2, String str3) throws Exception {
        Set<AccessProvider> array = ExtraDecisionClassManager.getInstance().getArray(AccessProvider.MARK_STRING);
        if (!array.isEmpty()) {
            for (AccessProvider accessProvider : array) {
                String auth = accessProvider.auth(str, str2, str3);
                User userByUserName = UserService.getInstance().getUserByUserName(StringUtils.isNotEmpty(auth) ? auth : accessProvider.access(str, str2, str3) ? str : null);
                if (userByUserName != null) {
                    RegisterService.getInstance().checkLicExpireSoon(userByUserName);
                    createLoginMessage(WebServiceUtils.getIpInfoFromRequest(httpServletRequest), str, userByUserName.getId());
                    return generateEffectiveToken(httpServletRequest, httpServletResponse, userByUserName);
                }
            }
        }
        throw new UserLoginException();
    }

    public String login(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) throws Exception {
        if (WebSecurityConfig.getInstance().isLoginValidateStrict()) {
            throw new LoginValidateStrictException();
        }
        User userByUserName = UserService.getInstance().getUserByUserName(str);
        if (userByUserName == null) {
            throw new UserLoginException();
        }
        if (!userByUserName.isEnable()) {
            throw new UserNotAvailableException();
        }
        createLoginMessage(WebServiceUtils.getIpInfoFromRequest(httpServletRequest), str, userByUserName.getId());
        return generateEffectiveToken(httpServletRequest, httpServletResponse, userByUserName);
    }

    public CrossDomainResponse crossDomainLogout(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) {
        CrossDomainResponse create = CrossDomainResponse.create();
        try {
            logoutUser(httpServletRequest, TokenResource.COOKIE);
            removeTokenFromCookie(httpServletResponse);
            return create.callbackFuncName(str).parameter("status", DecisionServiceConstants.OPERATION_SUCCESS);
        } catch (Exception e) {
            FineLoggerFactory.getLogger().error(e.getMessage(), e);
            return CrossDomainResponse.error(e, str);
        }
    }

    public LoginClientBean getLoginClientInfo(HttpServletRequest httpServletRequest) throws Exception {
        LoginClientBean loginClientBean = (LoginClientBean) DecisionStatusService.loginStatusService().get(TokenResource.HEADER.getToken(httpServletRequest));
        if (loginClientBean == null) {
            throw new LoginInfoNotAvailableException();
        }
        return loginClientBean;
    }

    public LoginDetailInfoBean getLastLoginDetailInfo(String str) throws Exception {
        LoginDetailInfo findLatestByUserId = SystemContext.getInstance().getLoginDetailInfoController().findLatestByUserId(UserService.getInstance().getCurrentUserId(str));
        if (findLatestByUserId == null) {
            throw new LoginRecordNotExistException();
        }
        LoginDetailInfoBean loginDetailInfoBean = new LoginDetailInfoBean();
        loginDetailInfoBean.setIp(findLatestByUserId.getIp());
        loginDetailInfoBean.setCity(findLatestByUserId.getCity());
        loginDetailInfoBean.setTime(findLatestByUserId.getTime());
        return loginDetailInfoBean;
    }

    public void saveLoginDetailInfo(HttpServletRequest httpServletRequest, LoginDetailInfoBean loginDetailInfoBean) throws Exception {
        String currentUserId = UserService.getInstance().getCurrentUserId(httpServletRequest);
        DataRecord loginDetailInfo = new LoginDetailInfo();
        loginDetailInfo.setUserId(currentUserId);
        loginDetailInfo.setId(UUIDUtil.generate());
        String ip = loginDetailInfoBean.getIp();
        if (StringUtils.isEmpty(ip)) {
            ip = WebServiceUtils.getIpInfoFromRequest(httpServletRequest);
        }
        loginDetailInfo.setIp(ip);
        loginDetailInfo.setCity(loginDetailInfoBean.getCity());
        loginDetailInfo.setTime(new Date());
        SystemContext.getInstance().getLoginDetailInfoController().add(loginDetailInfo);
    }

    public void cleanLoginDetailInfo(int i) throws Exception {
        Calendar calendar = Calendar.getInstance();
        calendar.setTime(new Date());
        calendar.add(5, -i);
        SystemContext.getInstance().getLoginDetailInfoController().remove(QueryFactory.create().addRestriction(RestrictionFactory.lt("time", calendar.getTime())));
    }

    public String sendLoginCaptcha(String str, String str2, String str3, String str4) throws Exception {
        DecisionAPICallLimiterUtils.callFreqCheck(str3 + "#CaptchaSendFreq", TimeUnit.SECONDS, APILimitConfig.getInstance().getCallInterval());
        DecisionAPICallLimiterUtils.callMaxCheck(str3 + "#CaptchaSendMax", APILimitConfig.getInstance().getMaxCallCount(), TimeUnit.DAYS, 1L, new NextDayTicketIssuer());
        CaptchaSender createCaptchaSender = CaptchaSender.createCaptchaSender(str2);
        if (createCaptchaSender.getReceiveUserNames(str3).isEmpty() && (!SMSTemplateType.MAINLAND_SMS_TEMPLATE.accept(str3) || createCaptchaSender.getReceiveUserNames("+86" + str3).isEmpty())) {
            throw new PhoneOrEmailNotExistException();
        }
        String generateCaptcha = WebServiceUtils.generateCaptcha(6);
        createCaptchaSender.sendCaptcha(str3, generateCaptcha);
        String captchaToken = getCaptchaToken(str4, str, str3, generateCaptcha);
        DecisionStatusService.captchaCheckLimitService().put(captchaToken, 3, DecisionServiceConstants.CAPTCHA_STATUS_TIMEOUT);
        return captchaToken;
    }

    private String getCaptchaToken(String str, String str2, String str3, String str4) throws Exception {
        if (StringUtils.isNotEmpty(str)) {
            DecisionStatusService.captchaStatusService().put(str, str4, str5 -> {
                return new String[0];
            }, DecisionServiceConstants.CAPTCHA_TIMEOUT);
            return str;
        }
        if (StringUtils.isNotEmpty(str2)) {
            String createDefaultJWT = JwtUtils.createDefaultJWT(str2);
            DecisionStatusService.captchaStatusService().put(createDefaultJWT, str4, str6 -> {
                return new String[]{str2};
            }, DecisionServiceConstants.CAPTCHA_TIMEOUT);
            return createDefaultJWT;
        }
        String createDefaultJWT2 = JwtUtils.createDefaultJWT(str3);
        DecisionStatusService.captchaStatusService().put(createDefaultJWT2, str4, str7 -> {
            return new String[0];
        }, DecisionServiceConstants.CAPTCHA_TIMEOUT);
        return createDefaultJWT2;
    }

    public void checkLoginCaptcha(LoginCaptchaBean loginCaptchaBean) throws Exception {
        String captcha = loginCaptchaBean.getCaptcha();
        String token = loginCaptchaBean.getToken();
        String str = (String) DecisionStatusService.captchaStatusService().get(token);
        if (StringUtils.isEmpty(str)) {
            throw new CaptchaTimeoutException();
        }
        Integer num = (Integer) DecisionStatusService.captchaCheckLimitService().get(token);
        if (num == null) {
            num = 3;
            DecisionStatusService.captchaCheckLimitService().put(token, (Object) 3, DecisionServiceConstants.CAPTCHA_STATUS_TIMEOUT);
        } else if (num.intValue() <= 0) {
            DecisionStatusService.captchaStatusService().delete(token);
            DecisionStatusService.captchaCheckLimitService().delete(token);
            throw new CaptchaCheckLimitException();
        }
        if (ComparatorUtils.equals(str, captcha)) {
            DecisionStatusService.captchaStatusService().put(token, true, DecisionServiceConstants.CAPTCHA_STATUS_TIMEOUT);
        } else {
            DecisionStatusService.captchaCheckLimitService().put(token, Integer.valueOf(num.intValue() - 1), DecisionServiceConstants.CAPTCHA_STATUS_TIMEOUT);
            throw new CaptchaErrorException();
        }
    }

    public void resetPasswordByCaptchaToken(PasswordChangeBean passwordChangeBean) throws Exception {
        if (StringUtils.isEmpty(passwordChangeBean.getNewPassword())) {
            throw new UserPasswordCanNotEmptyException();
        }
        String decrypt = TransmissionTool.decrypt(passwordChangeBean.isEncrypted(), passwordChangeBean.isSupportCustomEncrypt(), passwordChangeBean.getNewPassword());
        User checkUserExistAndTokenMatch = checkUserExistAndTokenMatch(passwordChangeBean.getUsername(), passwordChangeBean.getCaptchaToken());
        if (!ControllerFactory.getInstance().getAuthenticController(checkUserExistAndTokenMatch.getId()).passwordChangeable(checkUserExistAndTokenMatch)) {
            throw new UserPasswordCanNotChangeException();
        }
        String userName = checkUserExistAndTokenMatch.getUserName();
        PasswordValidator passwordValidator = UserSourceFactory.getInstance().getUserSource(checkUserExistAndTokenMatch).getPasswordValidator();
        String password = checkUserExistAndTokenMatch.getPassword();
        String encode = passwordValidator.encode(userName, decrypt);
        if (ComparatorUtils.equals(encode, checkUserExistAndTokenMatch.getPassword())) {
            throw new PasswordSameException();
        }
        PasswordStrategyService.getInstance().checkPasswordStrength(decrypt, userName);
        PasswordStrategyService.getInstance().checkPasswordHistoryList(checkUserExistAndTokenMatch, encode);
        checkUserExistAndTokenMatch.setPassword(encode);
        checkUserExistAndTokenMatch.setLastOperationType(ManualOperationType.KEY);
        AuthorityContext.getInstance().getUserController().update(checkUserExistAndTokenMatch);
        PasswordStrategyService.getInstance().updateUserPasswordHistoryList(checkUserExistAndTokenMatch, password);
        AuthorityContext.getInstance().getUserController().addPasswordChangeTime(checkUserExistAndTokenMatch.getId(), PasswordChangeTimeKey.KEY, new Date());
        LoginLockService.getInstance().unlockByUserId(checkUserExistAndTokenMatch.getId());
        PasswordStrategyService.getInstance().unblockPasswordChangeByUser(checkUserExistAndTokenMatch);
        EventDispatcher.fire(KickOutUserEvent.KickOutUser, new KickOutConfig(new UserPwdErrorException(), userName));
    }

    private User checkUserExistAndTokenMatch(String str, String str2) throws Exception {
        if (!WebServiceUtils.captchaCheck(DecisionStatusService.captchaStatusService(), str2)) {
            throw new CaptchaErrorException();
        }
        if (!StringUtils.isNotEmpty(str)) {
            User userByUserName = UserService.getInstance().getUserByUserName(JwtUtils.parseJWT(str2).getSubject());
            if (userByUserName == null) {
                throw new UserPwdErrorException();
            }
            return userByUserName;
        }
        User userByUserName2 = UserService.getInstance().getUserByUserName(str);
        if (userByUserName2 == null) {
            throw new UserPwdErrorException();
        }
        String subject = JwtUtils.parseJWT(str2).getSubject();
        if (!StringUtils.equals(userByUserName2.getEmail(), subject) && !StringUtils.equals(userByUserName2.getMobile(), subject) && (!SMSTemplateType.MAINLAND_SMS_TEMPLATE.accept(subject) || !StringUtils.equals(userByUserName2.getMobile(), "+86" + subject))) {
            throw new CaptchaErrorException();
        }
        DecisionStatusService.captchaStatusService().put(str2, str, str3 -> {
            return new String[]{str};
        }, 60000L);
        DecisionStatusService.captchaStatusService().put(str2, true, DecisionServiceConstants.CAPTCHA_STATUS_TIMEOUT);
        return userByUserName2;
    }

    public List<String> getUserNamesFromReceiver(CaptchaReceiverBean captchaReceiverBean) throws Exception {
        if (!WebServiceUtils.captchaCheck(DecisionStatusService.captchaStatusService(), captchaReceiverBean.getCaptchaSendToken())) {
            throw new CaptchaErrorException();
        }
        CaptchaSender createCaptchaSender = CaptchaSender.createCaptchaSender(captchaReceiverBean.getType());
        ArrayList arrayList = new ArrayList();
        if (createCaptchaSender == null) {
            return arrayList;
        }
        String subject = JwtUtils.parseJWT(captchaReceiverBean.getCaptchaSendToken()).getSubject();
        ArrayList arrayList2 = new ArrayList();
        try {
            arrayList2.addAll(createCaptchaSender.getReceiveUsers(subject));
        } catch (PhoneOrEmailNotExistException e) {
        }
        if (SMSTemplateType.MAINLAND_SMS_TEMPLATE.accept(subject)) {
            try {
                arrayList2.addAll(createCaptchaSender.getReceiveUsers("+86" + subject));
            } catch (PhoneOrEmailNotExistException e2) {
            }
        }
        if (arrayList2.isEmpty()) {
            throw new PhoneOrEmailNotExistException();
        }
        List<String> adminUserNameList = UserService.getInstance().getAdminUserNameList();
        arrayList2.forEach(user -> {
            if (adminUserNameList.contains(user.getUserName()) || CommonAuthenticController.KEY.passwordChangeable(user)) {
                arrayList.add(user.getUserName());
            }
        });
        return arrayList;
    }

    public boolean isReceiverExist(CaptchaReceiverBean captchaReceiverBean) throws Exception {
        CaptchaSender createCaptchaSender = CaptchaSender.createCaptchaSender(captchaReceiverBean.getType());
        return !(createCaptchaSender != null ? createCaptchaSender.getReceiveUserNames(captchaReceiverBean.getReceiver()) : new ArrayList<>()).isEmpty();
    }

    public LoginClientBean loginStatusValid(String str, TerminalHandler terminalHandler) throws Exception {
        if (StringUtils.isEmpty(str)) {
            throw new LoginInfoNotAvailableException("Token is empty!");
        }
        if (!JwtUtils.checkJWTExpired(str)) {
            throw new ServerTimeoutException();
        }
        String subject = JwtUtils.parseJWT(str).getSubject();
        LoginClientBean loginClientBean = (LoginClientBean) DecisionStatusService.loginStatusService().get(str);
        if (loginClientBean == null) {
            throw new LoginInfoNotAvailableException("Login info is null! username: " + subject);
        }
        String username = loginClientBean.getUsername();
        User userByUserName = UserService.getInstance().getUserByUserName(username);
        if (userByUserName == null || !ComparatorUtils.equals(subject, username)) {
            throw new UserPwdErrorException();
        }
        if (userByUserName.isEnable()) {
            return loginClientBean;
        }
        throw new UserNotAvailableException();
    }

    public LoginClientBean loginStatusValid(HttpServletRequest httpServletRequest, TokenResource tokenResource) throws Exception {
        return loginStatusValid(tokenResource.getToken(httpServletRequest), TerminalHandler.getTerminal(httpServletRequest, NetworkHelper.getDevice(httpServletRequest)));
    }

    public Response refreshToken(String str) throws Exception {
        return refreshToken(str, FSConfig.getInstance().getLoginConfig().getLoginTimeout(), null);
    }

    public Response tokenRefresh(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, RefreshTokenBean refreshTokenBean) throws Exception {
        Response refreshToken = (StringUtils.isEmpty(refreshTokenBean.getOldToken()) && ServerConfig.getInstance().isTokenFromCookie()) ? refreshToken(NetworkHelper.getTokenFromCookie(httpServletRequest), refreshTokenBean.getTokenTimeOut(), null) : refreshToken(refreshTokenBean.getOldToken(), refreshTokenBean.getTokenTimeOut(), null);
        LoginResponseInfoBean loginResponseInfoBean = (LoginResponseInfoBean) refreshToken.getData();
        writeToken2Cookie(httpServletResponse, loginResponseInfoBean.getAccessToken(), loginResponseInfoBean.getValidity());
        return refreshToken;
    }

    public Response refreshToken(String str, long j, SocketIOClient socketIOClient) throws Exception {
        if (!JwtUtils.checkJWTExpired(str)) {
            if (socketIOClient != null) {
                DecisionStatusService.webSocketService().delete(socketIOClient.getSessionId().toString());
            }
            DecisionStatusService.loginStatusService().delete(str);
            LoginInfoNotAvailableException loginInfoNotAvailableException = new LoginInfoNotAvailableException();
            return Response.error(loginInfoNotAvailableException.errorCode(), loginInfoNotAvailableException.getMessage());
        }
        final String subject = JwtUtils.parseJWT(str).getSubject();
        String description = JwtUtils.parseJWT(str).getDescription();
        LoginClientBean loginClientBean = (LoginClientBean) DecisionStatusService.loginStatusService().get(str);
        if (loginClientBean == null) {
            throw new LoginInfoNotAvailableException();
        }
        addLoginStatus(str, (LoginClientBean) loginClientBean.clone(), DecisionServiceConstants.LOGIN_TIMEOUT);
        int validity = loginClientBean.getValidity();
        if (!tokenTimeoutValid(validity, j)) {
            DecisionStatusService.loginStatusService().delete(str);
            LoginInfoNotAvailableException loginInfoNotAvailableException2 = new LoginInfoNotAvailableException();
            return Response.error(loginInfoNotAvailableException2.errorCode(), loginInfoNotAvailableException2.getMessage());
        }
        String createDefaultJWT = JwtUtils.createDefaultJWT(subject, description, j);
        loginClientBean.setToken(createDefaultJWT);
        addLoginStatus(createDefaultJWT, loginClientBean, j);
        if (socketIOClient != null) {
            DecisionStatusService.webSocketService().put(socketIOClient.getSessionId().toString(), createDefaultJWT, new Converter<String>() { // from class: com.fr.decision.webservice.v10.login.LoginService.1
                public String[] createAlias(String str2) {
                    return new String[]{subject};
                }
            }, DecisionServiceConstants.LOGIN_TIMEOUT);
        }
        return Response.ok(new LoginResponseInfoBean(createDefaultJWT, subject, validity));
    }

    public String getUserNameFromRequest(HttpServletRequest httpServletRequest) {
        String token = TokenResource.HEADER.getToken(httpServletRequest);
        if (StringUtils.isEmpty(token)) {
            throw new LoginInfoNotAvailableException();
        }
        return JwtUtils.parseJWT(token).getSubject();
    }

    public String getUserNameFromRequestCookie(HttpServletRequest httpServletRequest) {
        String token = TokenResource.COOKIE.getToken(httpServletRequest);
        if (StringUtils.isEmpty(token)) {
            throw new LoginInfoNotAvailableException();
        }
        return JwtUtils.parseJWT(token).getSubject();
    }

    public String getDisplayNameFromRequest(HttpServletRequest httpServletRequest) {
        try {
            String token = TokenResource.HEADER.getToken(httpServletRequest);
            return StringUtils.isNotEmpty(token) ? JwtUtils.parseJWT(token).getDescription() : "";
        } catch (Exception e) {
            FineLoggerFactory.getLogger().error(e.getMessage(), e);
            return "";
        }
    }

    public String getDisplayNameFromRequestCookie(HttpServletRequest httpServletRequest) {
        try {
            String token = TokenResource.COOKIE.getToken(httpServletRequest);
            return StringUtils.isNotEmpty(token) ? JwtUtils.parseJWT(token).getDescription() : "";
        } catch (Exception e) {
            FineLoggerFactory.getLogger().error(e.getMessage(), e);
            return "";
        }
    }

    public String getCurrentUserNameFromRequest(HttpServletRequest httpServletRequest) {
        try {
            return getUserNameFromRequest(httpServletRequest);
        } catch (Exception e) {
            FineLoggerFactory.getLogger().info("can't find username from request: {}", new Object[]{e.getMessage()});
            return "";
        }
    }

    public Map<String, String> getCopyrightInfo(HttpServletRequest httpServletRequest) {
        Locale locale = WebServiceUtils.getLocale(httpServletRequest);
        if (locale != null) {
            return CopyrightFactory.getPlatformCopyrightInfoByLocale(locale);
        }
        FineLoggerFactory.getLogger().error("Error happens when parsing the http servlet request");
        return CopyrightFactory.getDefaultCopyrightInfo();
    }

    public String getCurrentUserNameFromRequestCookie(HttpServletRequest httpServletRequest) {
        try {
            return getUserNameFromRequestCookie(httpServletRequest);
        } catch (Exception e) {
            FineLoggerFactory.getLogger().info("can't find username from request: {}", new Object[]{e.getMessage()});
            return "";
        }
    }

    private User doUserAuthentication(String str, String str2, Device device, String str3, TerminalHandler terminalHandler) throws Exception {
        if (WebServiceUtils.containSQLChars(str) || WebServiceUtils.containSQLChars(str2)) {
            throw new SpecialCharProhibitException();
        }
        User userByUserName = UserService.getInstance().getUserByUserName(str);
        if (userByUserName == null) {
            throw new UserLoginException();
        }
        AuthenticController authenticController = ControllerFactory.getInstance().getAuthenticController(userByUserName.getId());
        String lockObject = LoginLockConfig.getInstance().getLockObject();
        String displayName = ComparatorUtils.equals(lockObject, "ip") ? str3 : userByUserName.getDisplayName();
        authenticController.dealWithLoginLock(userByUserName, device, lockObject, displayName);
        if (authenticController.doAuthentication(userByUserName, str2, device) && authenticController.checkMobileFunctionPoint(terminalHandler)) {
            LoginLockService.getInstance().unlockObject(userByUserName.getId(), lockObject, displayName);
            return userByUserName;
        }
        authenticController.dealWithPasswordError(userByUserName, device, lockObject, displayName);
        throw new UserLoginException();
    }

    private void doUserAuthentication(AuthenticController authenticController, User user, String str, Device device, String str2, TerminalHandler terminalHandler) throws Exception {
        String lockObject = LoginLockConfig.getInstance().getLockObject();
        String displayName = ComparatorUtils.equals(lockObject, "ip") ? str2 : user.getDisplayName();
        authenticController.dealWithLoginLock(user, device, lockObject, displayName);
        if (authenticController.doAuthentication(user, str, device) && authenticController.checkMobileFunctionPoint(terminalHandler)) {
            LoginLockService.getInstance().unlockObject(user.getId(), lockObject, displayName);
            SliderVerificationService.getInstance().resetErrorCount(str2);
        } else {
            authenticController.dealWithPasswordError(user, device, lockObject, displayName);
            SliderVerificationService.getInstance().addErrorCount(str2);
            throw new UserLoginException();
        }
    }

    private String generateDefaultHomePageUrl(HttpServletRequest httpServletRequest) throws Exception {
        return TemplateUtils.render(NetworkHelper.getOriginalURL(httpServletRequest).replace(httpServletRequest.getRequestURI(), DecisionServiceConstants.MAIN_PAGE_URL));
    }

    public void checkServerInitStatus() {
        try {
            if (!SystemService.getInstance().checkSystemInit()) {
                synchronized (this) {
                    if (!SystemService.getInstance().checkSystemInit()) {
                        Configurations.update(new Worker() { // from class: com.fr.decision.webservice.v10.login.LoginService.2
                            public void run() {
                                SystemConfig.getInstance().setServerInitStatus(DecisionServiceConstants.OPERATION_SUCCESS);
                            }

                            public Class<? extends Configuration>[] targets() {
                                return new Class[]{SystemConfig.class};
                            }
                        });
                        if (!EmailServerConfig.getInstance().isEmailConfigValid()) {
                            MessageService.getInstance().sendMessage2SupperRole(InterProviderFactory.getProvider().getLocText("Fine-Dec_System_Email_Not_Configured"), "system/email", MessageUrlType.MODULE);
                        }
                    }
                }
            }
        } catch (Exception e) {
            FineLoggerFactory.getLogger().error(e.getMessage(), e);
        }
    }

    private String getUserRole(String str) throws Exception {
        ArrayList arrayList = new ArrayList();
        List<CustomRole> findByUser = AuthorityContext.getInstance().getCustomRoleController().findByUser(str, QueryFactory.create());
        if (findByUser != null && !findByUser.isEmpty()) {
            Iterator<CustomRole> it = findByUser.iterator();
            while (it.hasNext()) {
                arrayList.add(it.next().getName());
            }
        }
        return arrayList.isEmpty() ? "" : StableUtils.join(arrayList, ",");
    }

    private void writeToken2Cookie(HttpServletResponse httpServletResponse, String str, int i) {
        try {
            if (StringUtils.isNotEmpty(str)) {
                Cookie cookie = new Cookie("fine_auth_token", str);
                long j = i == -2 ? DecisionServiceConstants.REMEMBER_PASSWORD_LIFE : i;
                cookie.setMaxAge((int) j);
                cookie.setPath(ServerConfig.getInstance().getCookiePath());
                httpServletResponse.addCookie(cookie);
                Cookie cookie2 = new Cookie("fine_remember_login", String.valueOf(i == -2 ? -2 : -1));
                cookie2.setMaxAge((int) j);
                cookie2.setPath(ServerConfig.getInstance().getCookiePath());
                httpServletResponse.addCookie(cookie2);
            } else {
                FineLoggerFactory.getLogger().error("empty token cannot save.");
            }
        } catch (Exception e) {
            FineLoggerFactory.getLogger().error(e.getMessage(), e);
        }
    }

    private void removeTokenFromCookie(HttpServletResponse httpServletResponse) {
        Cookie cookie = new Cookie("fine_auth_token", "");
        cookie.setMaxAge(0);
        cookie.setHttpOnly(true);
        cookie.setPath(ServerConfig.getInstance().getCookiePath());
        httpServletResponse.addCookie(cookie);
        Cookie cookie2 = new Cookie("fine_remember_login", "");
        cookie2.setMaxAge(0);
        cookie.setHttpOnly(true);
        cookie2.setPath(ServerConfig.getInstance().getCookiePath());
        httpServletResponse.addCookie(cookie2);
    }

    private boolean needLoginVerification(Device device) {
        return device.isMobile() ? LoginVerificationConfig.getInstance().isSmsVerification() && SMSService.getInstance().isSMSAvailable() : (LoginVerificationConfig.getInstance().isSmsVerification() && SMSService.getInstance().isSMSAvailable()) || (LoginVerificationConfig.getInstance().isEmailVerification() && EmailServerConfig.getInstance().isEmailConfigValid());
    }

    private String generateEffectiveToken(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, User user) throws Exception {
        long loginTimeout = FSConfig.getInstance().getLoginConfig().getLoginTimeout();
        String createDefaultJWT = JwtUtils.createDefaultJWT(user.getUserName(), user.getDisplayName(), loginTimeout);
        LoginClientBean loginClientBean = new LoginClientBean(httpServletRequest, NetworkHelper.getDevice(httpServletRequest));
        loginClientBean.setUsername(user.getUserName());
        loginClientBean.setToken(createDefaultJWT);
        loginClientBean.setValidity(-1);
        loginClientBean.setUserId(user.getId());
        addLoginStatus(createDefaultJWT, loginClientBean, loginTimeout);
        writeToken2Cookie(httpServletResponse, createDefaultJWT, -1);
        return createDefaultJWT;
    }

    @Track
    private LoginMessage createLoginMessage(String str, String str2, String str3) throws Exception {
        return LoginMessage.build(str, str2, getUserRole(str3));
    }

    @Track
    private LogoutMessage createLogoutMessage(String str, String str2, String str3) throws Exception {
        return LogoutMessage.build(str, str2, getUserRole(str3));
    }

    private void addLoginStatus(String str, LoginClientBean loginClientBean, long j) throws Exception {
        DecisionStatusService.loginStatusService().put(str, loginClientBean, new Converter<LoginClientBean>() { // from class: com.fr.decision.webservice.v10.login.LoginService.3
            public String[] createAlias(LoginClientBean loginClientBean2) {
                return new String[]{loginClientBean2.getUsername()};
            }
        }, j);
    }

    private long getTokenTimeOutByValidity(int i) {
        return i == -2 ? DecisionServiceConstants.REMEMBER_PASSWORD_LIFE : FSConfig.getInstance().getLoginConfig().getLoginTimeout();
    }

    private OriginUrlResponseBean getOriginUrlResponse(String str) throws Exception {
        if (StringUtils.isNotEmpty(str)) {
            OriginUrlResponseBean originUrlResponseBean = (OriginUrlResponseBean) DecisionStatusService.originUrlStatusService().get(str);
            DecisionStatusService.originUrlStatusService().delete(str);
            if (originUrlResponseBean != null) {
                return originUrlResponseBean;
            }
        }
        return new OriginUrlResponseBean(TemplateUtils.render(DecisionServiceConstants.MAIN_PAGE_URL));
    }

    private void logoutUser(HttpServletRequest httpServletRequest, TokenResource tokenResource) throws Exception {
        String token = tokenResource.getToken(httpServletRequest);
        if (StringUtils.isEmpty(token)) {
            throw new LoginInfoNotAvailableException();
        }
        LoginClientBean loginClientBean = (LoginClientBean) DecisionStatusService.loginStatusService().get(token);
        if (loginClientBean != null) {
            String userNameFromRequestCookie = tokenResource == TokenResource.COOKIE ? getUserNameFromRequestCookie(httpServletRequest) : getUserNameFromRequest(httpServletRequest);
            String username = loginClientBean.getUsername();
            User userByUserName = UserService.getInstance().getUserByUserName(userNameFromRequestCookie);
            if (userByUserName == null || !ComparatorUtils.equals(username, userNameFromRequestCookie)) {
                throw new UserPwdErrorException();
            }
            if (FSConfig.getInstance().getLoginConfig().isSingleLogin()) {
                DecisionStatusService.webSocketService().deleteAlias(userNameFromRequestCookie);
            }
            createLogoutMessage(WebServiceUtils.getIpInfoFromRequest(httpServletRequest), userByUserName.getUserName(), userByUserName.getId());
        }
        DecisionStatusService.loginStatusService().delete(token);
    }

    private boolean tokenTimeoutValid(int i, long j) {
        return j > 0 && j <= (i == -2 ? DecisionServiceConstants.REMEMBER_PASSWORD_LIFE : FSConfig.getInstance().getLoginConfig().getLoginTimeout());
    }
}
