package com.yonyou.uap.tenant.utils;

import com.yonyou.iuap.security.esapi.IUAPESAPI;
import com.yonyou.iuap.security.rest.common.AuthConstants;
import com.yonyou.uap.tenant.web.filter.PerformanceLoggerCollector;
import com.yonyou.uap.tenant.web.filter.RequestLogsFilter;
import java.net.ConnectException;
import java.security.GeneralSecurityException;
import java.security.PublicKey;
import java.security.interfaces.RSAPublicKey;
import java.util.HashMap;
import java.util.LinkedHashMap;
import java.util.Map;
import org.apache.batik.util.SVGConstants;
import org.apache.commons.lang3.StringUtils;
import org.jasig.cas.authentication.ModifyPWFailedException;
import org.jasig.cas.authentication.PreventedException;
import org.jasig.cas.authentication.UsernamePasswordCredential;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.slf4j.MDC;
import org.springframework.jdbc.core.JdbcTemplate;
import org.springframework.webflow.execution.RequestContextHolder;
import org.springside.modules.mapper.JsonMapper;
import uap.web.cache.CacheManager;
import uap.web.core.ContextHolder;
import uap.web.utils.HttpTookit;
import uap.web.utils.RSAUtils;
import uap.web.utils.sign.SignEntity;
import uap.web.utils.sign.SignMake;

/* loaded from: input_file:WEB-INF/classes/com/yonyou/uap/tenant/utils/UserValidate.class */
public class UserValidate {
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) UserValidate.class);

    public static String validate(UsernamePasswordCredential usernamePasswordCredential, JdbcTemplate jdbcTemplate) throws PreventedException {
        PerformanceLoggerCollector.start("UserValidate");
        randomValidate(usernamePasswordCredential);
        String verify_code = usernamePasswordCredential.getVerify_code();
        String username = usernamePasswordCredential.getUsername();
        String decryptStringByJs = RSAUtils.decryptStringByJs(usernamePasswordCredential.getPassword().replace("_encrypted", ""));
        HashMap hashMap = new HashMap();
        String validateURL = getValidateURL(verify_code, jdbcTemplate);
        String encryptString = RSAUtils.encryptString(getPublicKey(), decryptStringByJs);
        hashMap.put("userName", username);
        hashMap.put("userPassword", encryptString);
        hashMap.put("systemId", usernamePasswordCredential.getSysid());
        SignEntity signEntity = SignMake.signEntity(validateURL, hashMap, "POST");
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        linkedHashMap.put(AuthConstants.PARAM_DIGEST, signEntity.getSign());
        try {
            String doPost = HttpTookit.doPost(signEntity.getSignURL(), hashMap, linkedHashMap);
            logger.info("返回信息： " + doPost);
            PerformanceLoggerCollector.stop("UserValidate");
            return doPost;
        } catch (ConnectException e) {
            System.out.println(MDC.get(RequestLogsFilter.CALL_ID) + e);
            logger.error(MDC.get(RequestLogsFilter.CALL_ID) + ":userName-" + username);
            logger.error(MDC.get(RequestLogsFilter.CALL_ID) + ":userPassword-" + encryptString);
            logger.error(MDC.get(RequestLogsFilter.CALL_ID) + ":systemId-" + usernamePasswordCredential.getSysid());
            logger.error(MDC.get(RequestLogsFilter.CALL_ID) + ":sign-" + signEntity.getSign());
            RequestContextHolder.getRequestContext().getFlowScope().put("modifyPW_msg", ConstantSSO.LOGIN_CONNECT_FAILED);
            throw new PreventedException(ConstantSSO.LOGIN_CONNECT_FAILED, e);
        }
    }

    private static void randomValidate(UsernamePasswordCredential usernamePasswordCredential) throws PreventedException {
        if (((CacheManager) ContextHolder.getContext().getBean("cacheManager")).exists(ConstantSSO.SSO_RANDOM_PREFIX + usernamePasswordCredential.getRandomvalue()).booleanValue()) {
            return;
        }
        RequestContextHolder.getRequestContext().getFlowScope().put("modifyPW_msg", "系统连接有效性过期，重新登陆");
        throw new PreventedException("", new Exception());
    }

    public static String modifyPW(UsernamePasswordCredential usernamePasswordCredential) throws GeneralSecurityException, PreventedException {
        randomValidate(usernamePasswordCredential);
        String username = usernamePasswordCredential.getUsername();
        String password = usernamePasswordCredential.getPassword();
        String newpass = usernamePasswordCredential.getNewpass();
        String sysid = usernamePasswordCredential.getSysid();
        String decryptStringByJs = RSAUtils.decryptStringByJs(password.replace("_encrypted", ""));
        String decryptStringByJs2 = RSAUtils.decryptStringByJs(newpass.replace("_encrypted", ""));
        PublicKey publicKey = getPublicKey();
        String encryptString = RSAUtils.encryptString(publicKey, decryptStringByJs);
        String encryptString2 = RSAUtils.encryptString(publicKey, decryptStringByJs2);
        HashMap hashMap = new HashMap();
        hashMap.put("userName", username);
        hashMap.put("userPassword", encryptString);
        hashMap.put("newPassword", encryptString2);
        hashMap.put("systemId", sysid);
        String propertyByKey = CasPropertyUtil.getPropertyByKey("modifyPW.rest.url");
        if (StringUtils.isBlank(propertyByKey)) {
            throw new ModifyPWFailedException(username + " need modify password.");
        }
        SignEntity signEntity = SignMake.signEntity(propertyByKey, hashMap, "POST");
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        linkedHashMap.put(AuthConstants.PARAM_DIGEST, signEntity.getSign());
        try {
            return HttpTookit.doPost(signEntity.getSignURL(), hashMap, linkedHashMap);
        } catch (ConnectException e) {
            RequestContextHolder.getRequestContext().getFlowScope().put("modifyPW_msg", ConstantSSO.LOGIN_CONNECT_FAILED);
            throw new PreventedException(ConstantSSO.LOGIN_CONNECT_FAILED, e);
        }
    }

    private static String getValidateURL(String str, JdbcTemplate jdbcTemplate) throws PreventedException {
        CacheManager cacheManager = (CacheManager) ContextHolder.getContext().getBean("cacheManager");
        String str2 = (String) cacheManager.get("osp_sso_validate_url");
        if (StringUtils.isNoneBlank(str2)) {
            return str2;
        }
        try {
            str = IUAPESAPI.encoder().sqlEncode(str, CasPropertyUtil.getDataBaseCodec());
            String str3 = (String) jdbcTemplate.queryForObject(" select verify_url from pub_verify WHERE verify_code =? ", String.class, str);
            cacheManager.setex("osp_sso_validate_url", str3, 1800);
            return str3;
        } catch (Exception e) {
            RequestContextHolder.getRequestContext().getFlowScope().put("modifyPW_msg", "未找到系统代码" + str);
            throw new PreventedException("", e);
        }
    }

    public static PublicKey getPublicKey() throws PreventedException {
        CacheManager cacheManager = (CacheManager) ContextHolder.getContext().getBean("cacheManager");
        RSAPublicKey rSAPublicKey = (RSAPublicKey) cacheManager.get("temp_sso_publicKey");
        if (rSAPublicKey == null) {
            rSAPublicKey = getKeyFromRemote();
            cacheManager.setex("temp_sso_publicKey", rSAPublicKey, 1800);
        }
        return rSAPublicKey;
    }

    private static RSAPublicKey getKeyFromRemote() throws PreventedException {
        SignEntity signEntity = SignMake.signEntity(CasPropertyUtil.getPropertyByKey("pubkey.rest.url"), null, "GET");
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        linkedHashMap.put(AuthConstants.PARAM_DIGEST, signEntity.getSign());
        try {
            Map map = (Map) new JsonMapper().fromJson(HttpTookit.doGet(signEntity.getSignURL(), null, linkedHashMap), Map.class);
            return RSAUtils.generateRSAPublicKey(map.get("modulus").toString(), map.get(SVGConstants.SVG_EXPONENT_ATTRIBUTE).toString());
        } catch (ConnectException e) {
            RequestContextHolder.getRequestContext().getFlowScope().put("modifyPW_msg", ConstantSSO.LOGIN_CONNECT_FAILED);
            throw new PreventedException(ConstantSSO.LOGIN_CONNECT_FAILED, e);
        }
    }
}
