package com.mbap.auth.controller;

import com.alibaba.fastjson.JSONObject;
import com.mbap.auth.login.service.LoginExtenderService;
import com.mbap.core.KeyPair.KeyPairFactory;
import com.mbap.core.config.item.domain.ConfigItem;
import com.mbap.core.logger.LoggerBox;
import com.mbap.util.lang.StringUtil;
import com.mbap.util.view.R;
import com.mbap.util.view.RCode;
import com.nimbusds.jose.jwk.JWKSet;
import com.nimbusds.jose.jwk.RSAKey;
import java.security.KeyPair;
import java.security.Principal;
import java.security.interfaces.RSAPublicKey;
import java.text.SimpleDateFormat;
import java.util.Calendar;
import java.util.Date;
import java.util.Map;
import javax.annotation.Resource;
import org.apache.tomcat.util.codec.binary.Base64;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.data.redis.core.RedisTemplate;
import org.springframework.security.oauth2.common.OAuth2AccessToken;
import org.springframework.security.oauth2.provider.endpoint.TokenEndpoint;
import org.springframework.web.HttpRequestMethodNotSupportedException;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.bind.annotation.RestController;

@RequestMapping({"/oauth"})
@RestController("com.mbap.auth.controller.AuthController")
/* loaded from: input_file:com/mbap/auth/controller/AuthController.class */
public class AuthController {

    @Autowired
    private TokenEndpoint tokenEndpoint;

    @Autowired
    private KeyPair keyPair;

    @Autowired
    private ConfigItem config;

    @Autowired
    private KeyPairFactory keyPairFactory;

    @Autowired
    private LoginExtenderService loginExtenderService;

    @Resource(name = "redisTemplate")
    private RedisTemplate<String, Object> redisTemplate;

    @Resource(name = "KryoRedisTemplate")
    private RedisTemplate<Object, Object> KryoRedisTemplate;

    @RequestMapping(value = {"/token"}, method = {RequestMethod.POST})
    public R postAccessToken(Principal principal, @RequestParam Map<String, String> map) throws HttpRequestMethodNotSupportedException {
        OAuth2AccessToken oAuth2AccessToken = null;
        try {
            JSONObject jSONObject = new JSONObject();
            if (map.get("username") != null) {
                if (!StringUtil.isEmpty(this.config.getLoginErrorTimes()) && !map.get("username").equals("TpcAdminIni")) {
                    String str = this.redisTemplate.opsForValue().get("LOGINERRORCOUNT:" + map.get("username"), 0L, this.redisTemplate.opsForValue().size("LOGINERRORCOUNT:" + map.get("username")).longValue() - 1);
                    if (!StringUtil.isEmpty(str)) {
                        String[] split = str.toString().split(",");
                        if (split.length >= Integer.parseInt(this.config.getLoginErrorTimes())) {
                            jSONObject.put("loginErrorTimes", true);
                            SimpleDateFormat simpleDateFormat = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");
                            Calendar calendar = Calendar.getInstance();
                            calendar.setTime(simpleDateFormat.parse(split[0]));
                            calendar.set(5, calendar.get(5) + 1);
                            jSONObject.put("msg", "登录错误次数超过限制，请于" + simpleDateFormat.format(calendar.getTime()) + "后登录");
                            return R.SUCCESS(jSONObject);
                        }
                    }
                }
                if (StringUtil.isEmpty(this.loginExtenderService.decodePassword(map.get("password")))) {
                    this.keyPairFactory.keyPairDecode(map.get("password"));
                }
                Map map2 = (Map) this.KryoRedisTemplate.opsForHash().get("STAFF", map.get("username"));
                org.json.JSONObject jSONObject2 = new org.json.JSONObject(map2);
                if (map2 != null && !map.get("username").equals("TpcAdminIni")) {
                    oAuth2AccessToken = (OAuth2AccessToken) this.tokenEndpoint.postAccessToken(principal, map).getBody();
                    jSONObject.put("ismodifypassword", true);
                    jSONObject.put("access_token", oAuth2AccessToken.getValue());
                    if (jSONObject2.getString("ismodifypassword").equals("1")) {
                        jSONObject.put("msg", "首次登录，请先修改密码");
                        return R.SUCCESS(jSONObject);
                    }
                    if (!StringUtil.isEmpty(this.config.getTimeLimit()) && map2.get("updatepwdtime") != null) {
                        String string = jSONObject2.getString("updatepwdtime");
                        if (StringUtil.isNotEmpty(string)) {
                            SimpleDateFormat simpleDateFormat2 = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");
                            Calendar calendar2 = Calendar.getInstance();
                            calendar2.setTime(simpleDateFormat2.parse(string));
                            calendar2.set(5, calendar2.get(5) + Integer.parseInt(this.config.getTimeLimit()));
                            if (calendar2.getTime().getTime() < new Date().getTime()) {
                                jSONObject.put("msg", "密码有效期已过，请先修改密码");
                                return R.SUCCESS(jSONObject);
                            }
                        }
                    }
                }
            }
            if (oAuth2AccessToken == null) {
                oAuth2AccessToken = (OAuth2AccessToken) this.tokenEndpoint.postAccessToken(principal, map).getBody();
            } else {
                this.redisTemplate.delete("LOGINERRORCOUNT:" + map.get("username"));
            }
            return R.SUCCESS(oAuth2AccessToken);
        } catch (Exception e) {
            LoggerBox.EXCEPTION_LOGGER.record("用户认证失败", e);
            if (StringUtil.isEmpty(this.config.getLoginErrorTimes()) || map.get("username").equals("TpcAdminIni")) {
                return R.ERROR(RCode.AUTH_EXCEPTION);
            }
            String str2 = this.redisTemplate.opsForValue().get("LOGINERRORCOUNT:" + map.get("username"), 0L, this.redisTemplate.opsForValue().size("LOGINERRORCOUNT:" + map.get("username")).longValue() - 1);
            Integer valueOf = Integer.valueOf(Integer.parseInt(this.config.getLoginErrorTimes()));
            Integer num = 0;
            if (!StringUtil.isEmpty(str2)) {
                num = Integer.valueOf(str2.toString().split(",").length);
            }
            return R.ERROR(1006, "身份验证异常,剩余登录次数为" + (valueOf.intValue() - num.intValue()) + "次");
        }
    }

    @GetMapping({"getKey"})
    @ResponseBody
    public String getKey() {
        return new JWKSet(new RSAKey.Builder((RSAPublicKey) this.keyPair.getPublic()).build()).toString();
    }

    @GetMapping({"getKeystr"})
    @ResponseBody
    public R getKeystr() {
        try {
            return R.SUCCESS(new String(Base64.encodeBase64(((RSAPublicKey) this.keyPair.getPublic()).getEncoded())));
        } catch (Exception e) {
            LoggerBox.EXCEPTION_LOGGER.record(" 获取RSA公钥接口(前端加密时使用)出错", e);
            return R.ERROR();
        }
    }
}
