package com.yonyou.bpm.webserver.scrt;

import com.yonyou.bpm.core.category.Category;
import com.yonyou.bpm.core.category.CategoryService;
import com.yonyou.bpm.scrt.BpmUserAgents;
import com.yonyou.bpm.scrt.CryptingException;
import com.yonyou.bpm.scrt.GrantedApplicationAuthority;
import com.yonyou.bpm.scrt.IPWhiteList;
import com.yonyou.bpm.scrt.server.ApplicationRequestVerifier;
import com.yonyou.bpm.scrt.server.ApplicationRequestVerifierForNet;
import com.yonyou.bpm.scrt.server.ApplicationVerifier;
import com.yonyou.bpm.server.BpmServiceUtils;
import com.yonyou.bpm.webserver.servlet.WebConfigurer;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import javax.annotation.PostConstruct;
import javax.annotation.PreDestroy;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:com/yonyou/bpm/webserver/scrt/ApplicationAuthenticationManager.class */
public class ApplicationAuthenticationManager implements ApplicationAuthenticationService {
    private static final int DEFAULT_REFRESH_INTERVAL = 30000;

    @Autowired
    private CategoryService categoryService;
    private Logger logger = LoggerFactory.getLogger(WebConfigurer.class);
    private final Object mutex = new Object();
    private volatile Map<String, AppEntry> apps = new ConcurrentHashMap();
    private volatile boolean monitoring = false;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/yonyou/bpm/webserver/scrt/ApplicationAuthenticationManager$AppEntry.class */
    public static class AppEntry {
        private String id;
        private String code;
        private String categoryId;
        private String serverToken;
        private IPWhiteList ipWhiteList;
        private ApplicationVerifier verifier;
        private ApplicationVerifier verifierForNet;

        public AppEntry(String str, String str2, String str3, String str4, String str5) throws CryptingException {
            this.id = str;
            this.code = str2;
            this.categoryId = str3;
            this.serverToken = str4;
            this.ipWhiteList = IPWhiteList.createFromString(str5);
            this.verifier = new ApplicationRequestVerifier(str2, str4);
            this.verifierForNet = new ApplicationRequestVerifierForNet(str2);
        }

        public String getId() {
            return this.id;
        }

        public String getCode() {
            return this.code;
        }

        public IPWhiteList getIpWhiteList() {
            return this.ipWhiteList;
        }

        public String getCategoryId() {
            return this.categoryId;
        }

        public ApplicationVerifier getVerifier() {
            return this.verifier;
        }

        public ApplicationVerifier getVerifierForNet() {
            return this.verifierForNet;
        }
    }

    @PostConstruct
    private void init() {
    }

    private void startBackgroundRefreshWorker() {
        Thread thread = new Thread(new Runnable() { // from class: com.yonyou.bpm.webserver.scrt.ApplicationAuthenticationManager.1
            @Override // java.lang.Runnable
            public void run() {
                long currentTimeMillis = System.currentTimeMillis();
                while (ApplicationAuthenticationManager.this.monitoring) {
                    try {
                        if (System.currentTimeMillis() - currentTimeMillis < 30000) {
                            ApplicationAuthenticationManager.this.waiting();
                        } else {
                            currentTimeMillis = System.currentTimeMillis();
                            ApplicationAuthenticationManager.this.refresh();
                        }
                    } catch (Exception e) {
                    }
                }
            }
        }, "CATEGORY-BG-MONITOR-WORKER");
        thread.setDaemon(true);
        thread.start();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void waiting() {
        synchronized (this.mutex) {
            try {
                this.mutex.wait(30000L);
            } catch (InterruptedException e) {
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void refresh() {
        try {
            this.logger.debug("Start refreshing application category list ......");
            ConcurrentHashMap concurrentHashMap = new ConcurrentHashMap();
            for (Category category : this.categoryService.findAllCategoryWithApplication()) {
                try {
                    try {
                    } catch (Exception e) {
                        this.logger.error("加载应用[name=" + category.getName() + ";code=" + category.getApplication_code() + "]的认证信息时发生错误！--错误信息：" + e.getMessage(), e);
                    }
                } catch (CryptingException e2) {
                    this.logger.error("无法创建应用[name=" + category.getName() + ";code=" + category.getApplication_code() + "]的签名校验器！--错误信息：" + e2.getMessage(), e2);
                }
                if (category.getApplication() != null && category.getApplicationCredential() != null) {
                    AppEntry appEntry = new AppEntry(category.getApplication(), category.getApplication_code(), category.getId(), category.getApplicationCredential(), category.getIPWhiteList());
                    concurrentHashMap.put(appEntry.getCode(), appEntry);
                }
            }
            this.apps = concurrentHashMap;
            this.logger.debug("Succeed in refreshing application category list!--Number of Application:" + this.apps.size());
        } catch (Exception e3) {
            this.logger.error("Error occurred on refreshing Application Authentication Setting!--" + e3.getMessage(), e3);
        }
    }

    @PreDestroy
    private void destroy() {
        this.monitoring = false;
    }

    @Override // com.yonyou.bpm.webserver.scrt.ApplicationAuthenticationService
    public GrantedApplicationAuthority authenticate(String str, String str2, BpmServerWebAuthenticationDetails bpmServerWebAuthenticationDetails) {
        AppEntry appEntry = this.apps.get(str);
        if (appEntry == null) {
            return null;
        }
        if (!appEntry.getIpWhiteList().isEmpty() && !appEntry.getIpWhiteList().contains(bpmServerWebAuthenticationDetails.getRemoteAddress())) {
            return null;
        }
        try {
            if (!(bpmServerWebAuthenticationDetails.getUserAgent().startsWith(BpmUserAgents.SDK_AGENT_NET_BASE) ? appEntry.getVerifierForNet().verify(bpmServerWebAuthenticationDetails.getUserAgent(), bpmServerWebAuthenticationDetails.getRequestServicePath(), str2) : appEntry.getVerifier().verify(bpmServerWebAuthenticationDetails.getUserAgent(), bpmServerWebAuthenticationDetails.getRequestServicePath(), str2))) {
                return null;
            }
            SimpleGrantedApplicationAuthority simpleGrantedApplicationAuthority = new SimpleGrantedApplicationAuthority(appEntry.getId(), appEntry.getCode(), appEntry.getCategoryId(), bpmServerWebAuthenticationDetails.getOperator());
            BpmServiceUtils.getIdentityService().setAuthenticatedUserId(bpmServerWebAuthenticationDetails.getOperator());
            return simpleGrantedApplicationAuthority;
        } catch (CryptingException e) {
            throw new IllegalStateException(e.getMessage(), e);
        }
    }
}
