package com.artfess.base.controller;

import com.artfess.base.annotation.ApiGroup;
import com.artfess.base.cache.annotation.CacheEvict;
import com.artfess.base.conf.JwtConfig;
import com.artfess.base.conf.SaaSConfig;
import com.artfess.base.conf.SsoConfig;
import com.artfess.base.constants.ApiGroupConsts;
import com.artfess.base.constants.CacheKeyConst;
import com.artfess.base.constants.SystemConstants;
import com.artfess.base.constants.TenantConstant;
import com.artfess.base.constants.WebsocketConst;
import com.artfess.base.exception.CertificateException;
import com.artfess.base.exception.ServerRejectException;
import com.artfess.base.feign.ApplicationFeignService;
import com.artfess.base.feign.UCFeignService;
import com.artfess.base.jwt.JwtAuthenticationRequest;
import com.artfess.base.jwt.JwtAuthenticationResponse;
import com.artfess.base.jwt.JwtTokenHandler;
import com.artfess.base.model.CommonResult;
import com.artfess.base.service.LoginLogService;
import com.artfess.base.service.LoginUserService;
import com.artfess.base.service.PwdStrategyService;
import com.artfess.base.service.SecurityMachinePersonService;
import com.artfess.base.util.AppUtil;
import com.artfess.base.util.Base64;
import com.artfess.base.util.BeanUtils;
import com.artfess.base.util.CommonUtil;
import com.artfess.base.util.FluentUtil;
import com.artfess.base.util.HttpUtil;
import com.artfess.base.util.IPUtils;
import com.artfess.base.util.JsonUtil;
import com.artfess.base.util.MapUtil;
import com.artfess.base.util.StringUtil;
import com.artfess.base.util.XmlUtil;
import com.artfess.base.util.string.StringPool;
import com.artfess.uc.api.model.IUser;
import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.node.ObjectNode;
import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation;
import java.io.IOException;
import java.time.LocalDateTime;
import java.time.ZoneOffset;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import javax.annotation.Resource;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.http.client.ClientProtocolException;
import org.apache.http.entity.ContentType;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.http.ResponseEntity;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.LockedException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.util.Assert;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;

@Api(tags = {"认证接口"})
@ApiGroup(group = {ApiGroupConsts.GROUP_BPM, ApiGroupConsts.GROUP_FORM, ApiGroupConsts.GROUP_SYSTEM, ApiGroupConsts.GROUP_UC})
@RestController
/* loaded from: input_file:com/artfess/base/controller/AuthenticationRestController.class */
public class AuthenticationRestController {
    private static final Logger logger = LoggerFactory.getLogger(AuthenticationRestController.class);

    @Resource
    AuthenticationManager authenticationManager;

    @Resource
    JwtTokenHandler jwtTokenHandler;

    @Resource
    UserDetailsService userDetailsService;

    @Resource
    SsoConfig ssoConfig;

    @Value("${system.mode.demo:false}")
    protected boolean demoMode;

    @Resource
    UCFeignService uCFeignService;

    @Resource
    ApplicationFeignService applicationFeignService;

    @Resource
    LoginLogService loginLogService;

    @Resource
    LoginUserService loginUserService;

    @Resource
    SaaSConfig saasConfig;

    @Resource
    JwtConfig jwtConfig;

    private void deleteUserDetailsCache(String str) {
        AuthenticationRestController authenticationRestController = (AuthenticationRestController) AppUtil.getBean(getClass());
        authenticationRestController.delUserDetailsCache(str);
        authenticationRestController.delUsernamesCache(str);
    }

    @CacheEvict(value = {CacheKeyConst.EIP_UC_USER_ACCOUNT}, key = "#userAccount")
    protected void delUserDetailsCache(String str) {
    }

    @CacheEvict(value = {CacheKeyConst.EIP_UC_USER_NAME}, key = "#userAccount")
    protected void delUsernamesCache(String str) {
    }

    @RequestMapping(value = {"/auth"}, method = {RequestMethod.POST}, produces = {"application/json; charset=utf-8"})
    @ApiOperation(value = "登录系统", httpMethod = HttpUtil.METHOD_POST, notes = "登录系统")
    public ResponseEntity<?> createAuthenticationToken(@RequestBody JwtAuthenticationRequest jwtAuthenticationRequest) throws AuthenticationException, CertificateException {
        SecurityMachinePersonService securityMachinePersonService;
        List<String> queryPersonLimitByAccount;
        PwdStrategyService pwdStrategyService;
        String username = jwtAuthenticationRequest.getUsername();
        String str = StringPool.EMPTY;
        deleteUserDetailsCache(username);
        String str2 = StringPool.EMPTY;
        try {
            str = Base64.getFromBase64(jwtAuthenticationRequest.getPassword());
            authenticate(username, str);
        } catch (Exception e) {
            logger.error(String.format("Login failed account[%s].", username), e);
            str2 = "账号或密码错误";
            if (BeanUtils.isNotEmpty(e.getCause()) && (e.getCause() instanceof CertificateException)) {
                str2 = ((CertificateException) e.getCause()).getMessage();
            }
            if (e instanceof LockedException) {
                str2 = "账号被禁用或离职";
            }
        }
        HttpServletRequest request = HttpUtil.getRequest();
        HttpSession session = request.getSession();
        String ipAddr = IPUtils.getIpAddr(request);
        if (StringUtil.isNotEmpty(str2)) {
            if (str2.equals("账号或密码错误") && !isAdmin(username) && (pwdStrategyService = (PwdStrategyService) AppUtil.getBean(PwdStrategyService.class)) != null) {
                JsonNode jsonDefault = pwdStrategyService.getJsonDefault();
                if (BeanUtils.isNotEmpty(jsonDefault)) {
                    int asInt = jsonDefault.get("lockStatus").asInt();
                    int asInt2 = jsonDefault.get("lockTimes").asInt();
                    if (jsonDefault.get("enable").asInt() == 1 && asInt == 1) {
                        Integer num = (Integer) session.getAttribute("_loginTime_");
                        if (num == null) {
                            num = new Integer(0);
                        }
                        Integer valueOf = Integer.valueOf(num.intValue() + 1);
                        session.setAttribute("_loginTime_", valueOf);
                        if (valueOf.intValue() >= asInt2) {
                            this.loginUserService.lockedUser(username, 2);
                        }
                    }
                }
            }
            throw new RuntimeException(str2);
        }
        if (!isAdmin(username) && (securityMachinePersonService = (SecurityMachinePersonService) AppUtil.getBean(SecurityMachinePersonService.class)) != null && (queryPersonLimitByAccount = securityMachinePersonService.queryPersonLimitByAccount(username)) != null && queryPersonLimitByAccount.size() > 0) {
            boolean z = false;
            List<String> queryMachineIps = securityMachinePersonService.queryMachineIps(queryPersonLimitByAccount);
            if (queryMachineIps != null && queryMachineIps.size() > 0) {
                Iterator<String> it = queryMachineIps.iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    if (it.next().equals(ipAddr)) {
                        z = true;
                        break;
                    }
                }
            }
            if (!z) {
                throw new RuntimeException("用户【" + username + "】已绑定涉密机器，不能在当前机器上登录!");
            }
        }
        boolean isMobile = HttpUtil.isMobile(request);
        UserDetails loadUserByUsername = this.userDetailsService.loadUserByUsername(jwtAuthenticationRequest.getUsername());
        String generateToken = this.jwtTokenHandler.generateToken(loadUserByUsername);
        String username2 = loadUserByUsername.getUsername();
        String str3 = StringPool.EMPTY;
        String str4 = StringPool.EMPTY;
        boolean z2 = true;
        HashMap hashMap = new HashMap();
        if (loadUserByUsername instanceof IUser) {
            IUser iUser = (IUser) loadUserByUsername;
            username2 = iUser.getFullname();
            str3 = iUser.getAccount();
            str4 = iUser.getUserId();
            request.setAttribute("loginUser", String.format("%s[%s]", username2, str3));
            z2 = checkUser(iUser, str);
            hashMap.put("tenantId", iUser.getTenantId());
        }
        handleSingleLogin(isMobile, MapUtil.getString(hashMap, "tenantId"), str3, generateToken);
        session.removeAttribute("_loginTime_");
        this.loginUserService.updateLastLoginTime(str3);
        return ResponseEntity.ok(new JwtAuthenticationResponse(generateToken, username2, str3, str4, Long.valueOf(this.jwtConfig.getExpirationLong()), z2, hashMap));
    }

    private boolean isAdmin(String str) {
        for (String str2 : SystemConstants.SYSTEM_ACCOUNT.split(",")) {
            if (str2.equals(str)) {
                return true;
            }
        }
        return false;
    }

    private String getUserNameWithCas(String str, String str2) throws IOException {
        String str3 = null;
        try {
            JsonNode jsonNode = JsonUtil.toJsonNode(XmlUtil.toJson(FluentUtil.get(String.format("%s/p3/serviceValidate?ticket=%s&service=%s", this.ssoConfig.getCasUrl(), str, str2), StringPool.EMPTY)));
            if (jsonNode.has("authenticationSuccess")) {
                str3 = jsonNode.get("authenticationSuccess").get(WebsocketConst.CMD_USER).asText();
            } else if (jsonNode.has("authenticationFailure")) {
                throw new RuntimeException(jsonNode.get("authenticationFailure").get("code").asText());
            }
            return str3;
        } catch (Exception e) {
            e.printStackTrace();
            logger.info("获取cas认证信息失败：" + StringPool.EMPTY);
            throw new RuntimeException("获取cas认证信息失败： " + e.getMessage());
        }
    }

    private String getUserNameWithOauth(String str, String str2) {
        JsonNode jsonNode;
        String str3 = null;
        try {
            JsonNode jsonNode2 = JsonUtil.toJsonNode(FluentUtil.post(this.ssoConfig.getOauthTokenUrl() + String.format("&code=%s&redirect_uri=%s", str, str2), this.ssoConfig.getOauthBasicHeader(), null, ContentType.APPLICATION_FORM_URLENCODED));
            if (jsonNode2 != null && jsonNode2.isObject() && (jsonNode = JsonUtil.toJsonNode(FluentUtil.post(this.ssoConfig.getOauthCheckUrl() + jsonNode2.get(this.ssoConfig.getOauthAccesstokenKey()).asText(), null, null, ContentType.APPLICATION_FORM_URLENCODED))) != null && jsonNode.isObject()) {
                str3 = jsonNode.get(this.ssoConfig.getOauthUsernameKey()).asText();
            }
            return str3;
        } catch (Exception e) {
            e.printStackTrace();
            throw new RuntimeException("获取oauth认证信息失败", e);
        }
    }

    @RequestMapping(value = {"/sso/auth"}, method = {RequestMethod.GET}, produces = {"application/json; charset=utf-8"})
    @ApiOperation(value = "登录系统-单点登录", httpMethod = HttpUtil.METHOD_GET, notes = "登录系统-单点登录")
    public ResponseEntity<?> ssoAuth(@RequestParam Optional<String> optional, @RequestParam Optional<String> optional2, @RequestParam Optional<String> optional3, @RequestParam String str) throws AuthenticationException, ClientProtocolException, IOException {
        String usernameFromToken;
        Assert.isTrue(this.ssoConfig.isEnable(), "当前服务未开启单点登录");
        String mode = this.ssoConfig.getMode();
        if (optional3.isPresent()) {
            mode = optional3.get();
        }
        if (optional.isPresent() && SsoConfig.MODE_CAS.equals(mode)) {
            usernameFromToken = getUserNameWithCas(optional.get(), str);
        } else if (optional2.isPresent() && SsoConfig.MODE_OAUTH.equals(mode)) {
            usernameFromToken = getUserNameWithOauth(optional2.get(), str);
        } else {
            if (!optional2.isPresent() || !SsoConfig.MODE_JWT.equals(mode)) {
                throw new ServerRejectException("单点登录模式匹配异常");
            }
            usernameFromToken = this.jwtTokenHandler.getUsernameFromToken(optional.get());
        }
        deleteUserDetailsCache(usernameFromToken);
        HttpServletRequest request = HttpUtil.getRequest();
        boolean isMobile = HttpUtil.isMobile(request);
        IUser loadUserByUsername = this.userDetailsService.loadUserByUsername(usernameFromToken);
        String generateToken = this.jwtTokenHandler.generateToken((UserDetails) loadUserByUsername);
        String username = loadUserByUsername.getUsername();
        String str2 = StringPool.EMPTY;
        String str3 = StringPool.EMPTY;
        HashMap hashMap = new HashMap();
        if (loadUserByUsername instanceof IUser) {
            IUser iUser = loadUserByUsername;
            username = iUser.getFullname();
            str2 = iUser.getAccount();
            str3 = iUser.getUserId();
            request.setAttribute("loginUser", String.format("%s[%s]", username, str2));
            hashMap.put("tenantId", iUser.getTenantId());
        }
        logger.debug("通过单点认证登录成功。");
        if (!optional2.isPresent() || !SsoConfig.MODE_JWT.equals(mode)) {
            handleSingleLogin(isMobile, MapUtil.getString(hashMap, "tenantId"), str2, generateToken);
        }
        return ResponseEntity.ok(new JwtAuthenticationResponse(generateToken, username, str2, str3, Long.valueOf(this.jwtConfig.getExpirationLong()), hashMap));
    }

    @RequestMapping(value = {"/sso/weixin"}, method = {RequestMethod.GET}, produces = {"application/json; charset=utf-8"})
    @ApiOperation(value = "企业微信应用进入手机端-单点登录", httpMethod = HttpUtil.METHOD_GET, notes = "企业微信应用进入手机端-单点登录")
    public ResponseEntity<?> ssoWeixin(@RequestParam Optional<String> optional) throws AuthenticationException, ClientProtocolException, IOException {
        String sendHttpsRequest = HttpUtil.sendHttpsRequest(this.applicationFeignService.getUserInfoUrl("weChatWork", optional.get()), StringPool.EMPTY, HttpUtil.METHOD_POST);
        logger.error("企业微信登录返回结果：" + sendHttpsRequest);
        ObjectNode objectNode = null;
        try {
            objectNode = (ObjectNode) JsonUtil.toJsonNode(sendHttpsRequest);
        } catch (Exception e) {
            logger.error(e.getMessage());
        }
        if (!StringPool.ZERO.equals(objectNode.get("errcode").asText())) {
            throw new RuntimeException("企业微信登录失败 ： " + objectNode.get("errmsg").asText());
        }
        String asText = objectNode.get("UserId").asText();
        JsonNode userByWxWorkId = this.uCFeignService.getUserByWxWorkId(asText);
        if (BeanUtils.isEmpty(userByWxWorkId) || userByWxWorkId.isNull()) {
            throw new RuntimeException("查无与您企微账号[userid:" + asText + "]绑定的eip账号");
        }
        String asText2 = userByWxWorkId.get("account").asText();
        try {
            deleteUserDetailsCache(asText2);
            HttpServletRequest request = HttpUtil.getRequest();
            boolean isMobile = HttpUtil.isMobile(request);
            IUser loadUserByUsername = this.userDetailsService.loadUserByUsername(asText2);
            String generateToken = this.jwtTokenHandler.generateToken((UserDetails) loadUserByUsername);
            String username = loadUserByUsername.getUsername();
            String str = StringPool.EMPTY;
            String str2 = StringPool.EMPTY;
            if (loadUserByUsername instanceof IUser) {
                IUser iUser = loadUserByUsername;
                username = iUser.getFullname();
                str = iUser.getUserId();
                str2 = iUser.getTenantId();
                request.setAttribute("loginUser", String.format("%s[%s]", username, asText2));
            }
            logger.debug("通过单点认证登录成功。");
            handleSingleLogin(isMobile, str2, asText2, generateToken);
            return ResponseEntity.ok(new JwtAuthenticationResponse(generateToken, username, asText2, str));
        } catch (Exception e2) {
            throw new RuntimeException("企业微信登录失败 ,eip用户账号:" + asText2);
        }
    }

    @RequestMapping(value = {"/sso/weixinPublic"}, method = {RequestMethod.GET}, produces = {"application/json; charset=utf-8"})
    @ApiOperation(value = "微信公众号进入手机端", httpMethod = HttpUtil.METHOD_GET, notes = "微信公众号进入手机端")
    public ResponseEntity<?> weixinPublic(@RequestParam Optional<String> optional) throws AuthenticationException, ClientProtocolException, IOException {
        ObjectNode objectNode = null;
        try {
            objectNode = (ObjectNode) JsonUtil.toJsonNode(HttpUtil.sendHttpsRequest(this.applicationFeignService.getUserInfoUrl("weChatOffAcc", optional.get()), StringPool.EMPTY, HttpUtil.METHOD_POST));
        } catch (Exception e) {
            logger.error(e.getMessage());
        }
        if (objectNode.has("openid")) {
            String asText = objectNode.get("openid").asText();
            CommonResult<JsonNode> userByOpenId = this.uCFeignService.getUserByOpenId(asText);
            if (userByOpenId.getState().booleanValue()) {
                JsonNode value = userByOpenId.getValue();
                if (StringUtil.isNotEmpty(asText) && BeanUtils.isEmpty(value)) {
                    return ResponseEntity.ok(new JwtAuthenticationResponse(asText));
                }
                String asText2 = value.get("account").asText();
                deleteUserDetailsCache(asText2);
                HttpServletRequest request = HttpUtil.getRequest();
                boolean isMobile = HttpUtil.isMobile(request);
                IUser loadUserByUsername = this.userDetailsService.loadUserByUsername(asText2);
                String generateToken = this.jwtTokenHandler.generateToken((UserDetails) loadUserByUsername);
                String username = loadUserByUsername.getUsername();
                String str = StringPool.EMPTY;
                String str2 = StringPool.EMPTY;
                if (loadUserByUsername instanceof IUser) {
                    IUser iUser = loadUserByUsername;
                    username = iUser.getFullname();
                    str = iUser.getUserId();
                    str2 = iUser.getTenantId();
                    request.setAttribute("loginUser", String.format("%s[%s]", username, asText2));
                }
                handleSingleLogin(isMobile, str2, asText2, generateToken);
                return ResponseEntity.ok(new JwtAuthenticationResponse(generateToken, username, asText2, str));
            }
            if (StringUtil.isNotEmpty(asText)) {
                return ResponseEntity.ok(new JwtAuthenticationResponse(asText));
            }
        }
        throw new RuntimeException("微信登录失败 ： " + objectNode.get("errmsg").asText());
    }

    @RequestMapping(value = {"/sso/dingTalk"}, method = {RequestMethod.GET}, produces = {"application/json; charset=utf-8"})
    @ApiOperation(value = "钉钉进入手机端", httpMethod = HttpUtil.METHOD_GET, notes = "微信公众号进入手机端")
    public ResponseEntity<?> dingTalk(@RequestParam Optional<String> optional) throws AuthenticationException, ClientProtocolException, IOException {
        ObjectNode objectNode = null;
        try {
            objectNode = (ObjectNode) JsonUtil.toJsonNode(HttpUtil.sendHttpsRequest(this.applicationFeignService.getUserInfoUrl("dingtalk", optional.get()), StringPool.EMPTY, HttpUtil.METHOD_GET));
        } catch (Exception e) {
            logger.error(e.getMessage());
        }
        if (!objectNode.has("userid")) {
            throw new RuntimeException("钉钉登录失败 ： " + objectNode.get("errmsg").asText());
        }
        String asText = objectNode.get("userid").asText();
        JsonNode userByDingtalkId = this.uCFeignService.getUserByDingtalkId(asText);
        if (BeanUtils.isEmpty(userByDingtalkId) || userByDingtalkId.isNull()) {
            throw new RuntimeException("查无与您钉钉账号[userid:" + asText + "]绑定的eip账号");
        }
        String asText2 = userByDingtalkId.get("account").asText();
        IUser loadUserByUsername = this.userDetailsService.loadUserByUsername(asText2);
        if (!BeanUtils.isNotEmpty(loadUserByUsername)) {
            throw new RuntimeException("钉钉登录失败！eip账号:" + asText2 + "不存在");
        }
        deleteUserDetailsCache(asText2);
        HttpServletRequest request = HttpUtil.getRequest();
        boolean isMobile = HttpUtil.isMobile(request);
        String generateToken = this.jwtTokenHandler.generateToken((UserDetails) loadUserByUsername);
        String username = loadUserByUsername.getUsername();
        String str = StringPool.EMPTY;
        String str2 = StringPool.EMPTY;
        if (loadUserByUsername instanceof IUser) {
            IUser iUser = loadUserByUsername;
            username = iUser.getFullname();
            str = iUser.getUserId();
            str2 = iUser.getTenantId();
            request.setAttribute("loginUser", String.format("%s[%s]", username, asText2));
        }
        handleSingleLogin(isMobile, str2, asText2, generateToken);
        return ResponseEntity.ok(new JwtAuthenticationResponse(generateToken, username, asText2, str));
    }

    @RequestMapping(value = {"/sso/info"}, method = {RequestMethod.GET}, produces = {"application/json; charset=utf-8"})
    @ApiOperation(value = "单点登录配置", httpMethod = HttpUtil.METHOD_GET, notes = "单点登录配置")
    public ResponseEntity<Map<String, Object>> isUseCas(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        HashMap hashMap = new HashMap();
        hashMap.put("enable", Boolean.valueOf(this.ssoConfig.isEnable()));
        hashMap.put("ssoUrl", this.ssoConfig.getSsoUrl());
        hashMap.put("ssoLogoutUrl", this.ssoConfig.getSsoLogoutUrl());
        return ResponseEntity.ok(hashMap);
    }

    @RequestMapping(value = {"/refresh"}, method = {RequestMethod.GET})
    @ApiOperation(value = "刷新token", httpMethod = HttpUtil.METHOD_GET, notes = "刷新token")
    public ResponseEntity<?> refreshAndGetAuthenticationToken(HttpServletRequest httpServletRequest) {
        String substring = httpServletRequest.getHeader(this.jwtConfig.getHeader()).substring(7);
        String tenantIdFromToken = this.jwtTokenHandler.getTenantIdFromToken(substring);
        String usernameFromToken = this.jwtTokenHandler.getUsernameFromToken(substring);
        String refreshToken = this.jwtTokenHandler.refreshToken(substring);
        handleSingleLogin(HttpUtil.isMobile(httpServletRequest), tenantIdFromToken, usernameFromToken, refreshToken);
        return ResponseEntity.ok(new JwtAuthenticationResponse(refreshToken, StringPool.EMPTY, StringPool.EMPTY, StringPool.EMPTY));
    }

    @RequestMapping(value = {"/signout"}, method = {RequestMethod.GET})
    @ApiOperation(value = "退出登录", httpMethod = HttpUtil.METHOD_GET, notes = "使token的状态失效,必须设置jwt.single和jwt.stricky均为true")
    public CommonResult<String> signout(HttpServletRequest httpServletRequest) {
        String substring = httpServletRequest.getHeader(this.jwtConfig.getHeader()).substring(7);
        handleLogout(HttpUtil.isMobile(httpServletRequest), this.jwtTokenHandler.getTenantIdFromToken(substring), this.jwtTokenHandler.getUsernameFromToken(substring));
        return new CommonResult<>("退出成功");
    }

    private void authenticate(String str, String str2) throws AuthenticationException, CertificateException {
        Objects.requireNonNull(str);
        Objects.requireNonNull(str2);
        this.authenticationManager.authenticate(new UsernamePasswordAuthenticationToken(str, str2));
    }

    private boolean checkUser(IUser iUser, String str) {
        PwdStrategyService pwdStrategyService;
        if (iUser.isAdmin() || (pwdStrategyService = (PwdStrategyService) AppUtil.getBean(PwdStrategyService.class)) == null) {
            return true;
        }
        JsonNode jsonDefault = pwdStrategyService.getJsonDefault();
        if (!BeanUtils.isNotEmpty(jsonDefault)) {
            return true;
        }
        String asText = jsonDefault.get("initPwd").asText();
        int asInt = jsonDefault.get("pwdRule").asInt();
        int asInt2 = jsonDefault.get("pwdLength").asInt();
        int asInt3 = jsonDefault.get("duration").asInt();
        long asLong = jsonDefault.get("autoUnlockTime").asLong();
        int asInt4 = jsonDefault.get("initUpdate").asInt();
        int asInt5 = jsonDefault.get("enable").asInt();
        if (2 == iUser.getLockedStatus().intValue()) {
            Long valueOf = Long.valueOf((LocalDateTime.now().toInstant(ZoneOffset.of("+8")).toEpochMilli() - iUser.getLockedTime().toInstant(ZoneOffset.of("+8")).toEpochMilli()) / CommonUtil.MILLIS_PER_MINUTE);
            if (valueOf.longValue() < asLong) {
                throw new RuntimeException("账号在锁定状态中,请于【" + (asLong - valueOf.longValue()) + "分钟】后登录，或联系管理员解锁！");
            }
            this.loginUserService.lockedUser(iUser.getAccount(), 1);
        }
        if (asInt5 != 1) {
            return true;
        }
        if (str.equals(asText) || str.length() < asInt2) {
            return false;
        }
        if (asInt != 1) {
            if (asInt == 2) {
                if (!str.matches("^(?![a-zA-z]+$)(?!\\d+$)(?![!@#$%^&*]+$)[a-zA-Z\\d!@#$%^&*]+$")) {
                    return false;
                }
            } else if (asInt == 3) {
                if (!str.matches("^(?=.*?[A-Za-z])(?=.*?\\d)(?=.*?[~!@#$%^&*()_+`\\-={}:\";'<>?,.\\/])[a-zA-Z\\d~!@#$%^&*()_+`\\-={}:\";'<>?,.\\/]*$")) {
                    return false;
                }
            } else if (asInt == 4 && !str.matches("^(?=.*?[a-z])(?=.*?[A-Z])(?=.*?\\d)(?=.*?[~!@#$%^&*()_+`\\-={}:\";'<>?,.\\/])[a-zA-Z\\d~!@#$%^&*()_+`\\-={}:\";'<>?,.\\/]*$")) {
                return false;
            }
        }
        if (asInt4 == 1 && null == iUser.getLastLoginTime()) {
            return false;
        }
        LocalDateTime pwdCreateTime = iUser.getPwdCreateTime();
        return !BeanUtils.isNotEmpty(pwdCreateTime) || ((int) (LocalDateTime.now().toLocalDate().toEpochDay() - pwdCreateTime.toLocalDate().toEpochDay())) <= asInt3;
    }

    private void handleSingleLogin(boolean z, String str, String str2, String str3) {
        String str4 = z ? "mobile" : "pc";
        if (this.jwtConfig.isSingle()) {
            if (StringUtil.isEmpty(str) && !this.saasConfig.isEnable()) {
                str = TenantConstant.PLATFORM_TENANT_ID;
            }
            this.jwtTokenHandler.putTokenInCache(str4, str, str2, this.jwtConfig.getExpiration(), str3);
        } else {
            this.jwtTokenHandler.putTokenInCache(str4, str, str2, IPUtils.getIpAddr(HttpUtil.getRequest()), this.jwtConfig.getExpiration(), str3);
        }
        this.loginLogService.log(str2, z ? "mobile" : "pc");
    }

    private void handleLogout(boolean z, String str, String str2) {
        if (this.jwtConfig.isSingle()) {
            String str3 = z ? "mobile" : "pc";
            if (StringUtil.isEmpty(str) && !this.saasConfig.isEnable()) {
                str = TenantConstant.PLATFORM_TENANT_ID;
            }
            this.jwtTokenHandler.removeFromCache(str3, str, str2);
        }
    }
}
