package com.diboot.iam.auth.impl;

import com.baomidou.mybatisplus.core.conditions.Wrapper;
import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
import com.baomidou.mybatisplus.core.toolkit.Wrappers;
import com.baomidou.mybatisplus.core.toolkit.support.SFunction;
import com.diboot.core.config.BaseConfig;
import com.diboot.core.exception.BusinessException;
import com.diboot.core.util.Encryptor;
import com.diboot.core.util.I18n;
import com.diboot.core.util.V;
import com.diboot.core.vo.Status;
import com.diboot.iam.annotation.process.IamAsyncWorker;
import com.diboot.iam.auth.AuthService;
import com.diboot.iam.config.Cons;
import com.diboot.iam.config.IamProperties;
import com.diboot.iam.dto.AuthCredential;
import com.diboot.iam.entity.BaseLoginUser;
import com.diboot.iam.entity.IamAccount;
import com.diboot.iam.entity.IamLoginTrace;
import com.diboot.iam.mapper.IamAccountMapper;
import com.diboot.iam.service.IamAccountService;
import com.diboot.iam.service.IamLoginTraceService;
import com.diboot.iam.shiro.IamAuthToken;
import com.diboot.iam.util.HttpHelper;
import com.diboot.iam.util.IamSecurityUtils;
import com.diboot.iam.util.TokenUtils;
import jakarta.servlet.http.HttpServletRequest;
import java.lang.invoke.SerializedLambda;
import java.time.LocalDateTime;
import java.util.Iterator;
import java.util.List;
import lombok.Generated;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.subject.Subject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;

/* loaded from: input_file:com/diboot/iam/auth/impl/BaseAuthServiceImpl.class */
public abstract class BaseAuthServiceImpl implements AuthService {

    @Generated
    private static final Logger log = LoggerFactory.getLogger(BaseAuthServiceImpl.class);

    @Autowired
    private IamAccountService accountService;

    @Autowired
    private IamAsyncWorker iamAsyncWorker;

    @Autowired
    private HttpServletRequest request;

    @Autowired
    private IamLoginTraceService loginTraceService;

    @Autowired
    private IamProperties iamProperties;

    @Autowired
    private IamAccountMapper iamAccountMapper;

    @Override // com.diboot.iam.auth.AuthService
    public String getAuthType() {
        return Cons.DICTCODE_AUTH_TYPE.PWD.name();
    }

    protected abstract Wrapper buildQueryWrapper(IamAuthToken iamAuthToken);

    @Override // com.diboot.iam.auth.AuthService
    public IamAccount getAccount(IamAuthToken iamAuthToken) throws AuthenticationException {
        List<IamAccount> findLoginAccount = this.iamAccountMapper.findLoginAccount(buildQueryWrapper(iamAuthToken), BaseConfig.getActiveFlagValue());
        if (V.isEmpty(findLoginAccount)) {
            return null;
        }
        IamAccount iamAccount = findLoginAccount.get(0);
        if (Cons.DICTCODE_ACCOUNT_STATUS.I.name().equals(iamAccount.getStatus())) {
            throw new AuthenticationException(I18n.message("exception.authentication.authService.accountForbidden", new Object[]{iamAuthToken.getAuthAccount()}));
        }
        if (Cons.DICTCODE_ACCOUNT_STATUS.L.name().equals(iamAccount.getStatus())) {
            throw new AuthenticationException(I18n.message("exception.authentication.authService.accountLocked", new Object[]{iamAuthToken.getAuthAccount()}));
        }
        return iamAccount;
    }

    @Override // com.diboot.iam.auth.AuthService
    public String applyToken(AuthCredential authCredential) {
        IamAuthToken initAuthToken = initAuthToken(authCredential);
        try {
            Subject subject = SecurityUtils.getSubject();
            subject.login(initAuthToken);
            if (!subject.isAuthenticated()) {
                log.error("认证失败");
                saveLoginTrace(initAuthToken, false);
                throw new BusinessException(Status.FAIL_OPERATION, "exception.business.authService.authFailed", new Object[0]);
            }
            String str = (String) initAuthToken.getCredentials();
            TokenUtils.cacheAccessToken(str, initAuthToken.buildUserInfoStr());
            log.debug("申请token成功！{}: {}", authCredential.getAuthAccount(), initAuthToken.getCredentials());
            saveLoginTrace(initAuthToken, true);
            return str;
        } catch (Exception e) {
            log.error("登录异常", e);
            saveLoginTrace(initAuthToken, false);
            throw new BusinessException(Status.FAIL_OPERATION, e.getMessage(), new Object[0]);
        }
    }

    protected IamAuthToken initAuthToken(AuthCredential authCredential) {
        IamAuthToken iamAuthToken = new IamAuthToken(getAuthType(), authCredential.getUserTypeClass());
        iamAuthToken.setAuthAccount(authCredential.getAuthAccount());
        iamAuthToken.setAuthSecret(authCredential.getAuthSecret());
        iamAuthToken.setRememberMe(authCredential.isRememberMe());
        iamAuthToken.setTenantId(authCredential.getTenantId());
        iamAuthToken.setExtObj(authCredential.getExtObj());
        iamAuthToken.setExpiresInMinutes(getExpiresInMinutes());
        return iamAuthToken.generateAuthtoken();
    }

    protected void saveLoginTrace(IamAuthToken iamAuthToken, boolean z) {
        IamLoginTrace iamLoginTrace = new IamLoginTrace();
        iamLoginTrace.setAuthType(getAuthType()).setAuthAccount(iamAuthToken.getAuthAccount()).setUserType(iamAuthToken.getUserType()).setIsSuccess(Boolean.valueOf(z));
        BaseLoginUser baseLoginUser = (BaseLoginUser) IamSecurityUtils.getCurrentUser();
        iamLoginTrace.setUserId(baseLoginUser == null ? "0" : (String) baseLoginUser.getId());
        iamLoginTrace.setUserAgent(HttpHelper.getUserAgent(this.request)).setIpAddress(HttpHelper.getRequestIp(this.request));
        iamLoginTrace.setSignature(Encryptor.encrypt(iamAuthToken.getAuthtoken(), new String[0])).setSignType(IamLoginTrace.SIGN_TYPE.LOGIN.name());
        this.iamAsyncWorker.saveLoginTraceLog(iamLoginTrace);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void lockAccountIfRequired(IamAccount iamAccount) {
        Wrapper wrapper = (LambdaQueryWrapper) ((LambdaQueryWrapper) ((LambdaQueryWrapper) ((LambdaQueryWrapper) ((LambdaQueryWrapper) Wrappers.lambdaQuery().select(new SFunction[]{(v0) -> {
            return v0.getIsSuccess();
        }}).eq((v0) -> {
            return v0.getUserType();
        }, iamAccount.getUserType())).eq((v0) -> {
            return v0.getAuthType();
        }, iamAccount.getAuthType())).eq((v0) -> {
            return v0.getAuthAccount();
        }, iamAccount.getAuthAccount())).gt((v0) -> {
            return v0.getCreateTime();
        }, LocalDateTime.now().minusDays(1L))).eq(V.notEmpty(iamAccount.getTenantId()), (v0) -> {
            return v0.getTenantId();
        }, iamAccount.getTenantId());
        int maxLoginAttempts = this.iamProperties.getMaxLoginAttempts();
        List entityListLimit = this.loginTraceService.getEntityListLimit(wrapper, maxLoginAttempts);
        if (!V.notEmpty(entityListLimit) || entityListLimit.size() < maxLoginAttempts) {
            return;
        }
        int i = 0;
        Iterator it = entityListLimit.iterator();
        while (it.hasNext() && !((IamLoginTrace) it.next()).getIsSuccess().booleanValue()) {
            i++;
        }
        if (i >= maxLoginAttempts) {
            iamAccount.setStatus(Cons.DICTCODE_ACCOUNT_STATUS.L.name());
            log.warn("用户登录失败次数超过最大限值，账号 {} 已被锁定！", iamAccount.getAuthAccount());
            this.accountService.updateAccountStatus((String) iamAccount.getId(), Cons.DICTCODE_ACCOUNT_STATUS.L.name());
        }
    }

    private static /* synthetic */ Object $deserializeLambda$(SerializedLambda serializedLambda) {
        String implMethodName = serializedLambda.getImplMethodName();
        boolean z = -1;
        switch (implMethodName.hashCode()) {
            case -784790920:
                if (implMethodName.equals("getAuthType")) {
                    z = true;
                    break;
                }
                break;
            case 771206363:
                if (implMethodName.equals("getTenantId")) {
                    z = 5;
                    break;
                }
                break;
            case 1071464927:
                if (implMethodName.equals("getCreateTime")) {
                    z = 2;
                    break;
                }
                break;
            case 1771527727:
                if (implMethodName.equals("getAuthAccount")) {
                    z = 4;
                    break;
                }
                break;
            case 1811435291:
                if (implMethodName.equals("getUserType")) {
                    z = 3;
                    break;
                }
                break;
            case 1838414019:
                if (implMethodName.equals("getIsSuccess")) {
                    z = false;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                if (serializedLambda.getImplMethodKind() == 5 && serializedLambda.getFunctionalInterfaceClass().equals("com/baomidou/mybatisplus/core/toolkit/support/SFunction") && serializedLambda.getFunctionalInterfaceMethodName().equals("apply") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("(Ljava/lang/Object;)Ljava/lang/Object;") && serializedLambda.getImplClass().equals("com/diboot/iam/entity/IamLoginTrace") && serializedLambda.getImplMethodSignature().equals("()Ljava/lang/Boolean;")) {
                    return (v0) -> {
                        return v0.getIsSuccess();
                    };
                }
                break;
            case true:
                if (serializedLambda.getImplMethodKind() == 5 && serializedLambda.getFunctionalInterfaceClass().equals("com/baomidou/mybatisplus/core/toolkit/support/SFunction") && serializedLambda.getFunctionalInterfaceMethodName().equals("apply") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("(Ljava/lang/Object;)Ljava/lang/Object;") && serializedLambda.getImplClass().equals("com/diboot/iam/entity/IamLoginTrace") && serializedLambda.getImplMethodSignature().equals("()Ljava/lang/String;")) {
                    return (v0) -> {
                        return v0.getAuthType();
                    };
                }
                break;
            case true:
                if (serializedLambda.getImplMethodKind() == 5 && serializedLambda.getFunctionalInterfaceClass().equals("com/baomidou/mybatisplus/core/toolkit/support/SFunction") && serializedLambda.getFunctionalInterfaceMethodName().equals("apply") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("(Ljava/lang/Object;)Ljava/lang/Object;") && serializedLambda.getImplClass().equals("com/diboot/core/entity/BaseEntity") && serializedLambda.getImplMethodSignature().equals("()Ljava/time/LocalDateTime;")) {
                    return (v0) -> {
                        return v0.getCreateTime();
                    };
                }
                break;
            case true:
                if (serializedLambda.getImplMethodKind() == 5 && serializedLambda.getFunctionalInterfaceClass().equals("com/baomidou/mybatisplus/core/toolkit/support/SFunction") && serializedLambda.getFunctionalInterfaceMethodName().equals("apply") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("(Ljava/lang/Object;)Ljava/lang/Object;") && serializedLambda.getImplClass().equals("com/diboot/iam/entity/IamLoginTrace") && serializedLambda.getImplMethodSignature().equals("()Ljava/lang/String;")) {
                    return (v0) -> {
                        return v0.getUserType();
                    };
                }
                break;
            case true:
                if (serializedLambda.getImplMethodKind() == 5 && serializedLambda.getFunctionalInterfaceClass().equals("com/baomidou/mybatisplus/core/toolkit/support/SFunction") && serializedLambda.getFunctionalInterfaceMethodName().equals("apply") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("(Ljava/lang/Object;)Ljava/lang/Object;") && serializedLambda.getImplClass().equals("com/diboot/iam/entity/IamLoginTrace") && serializedLambda.getImplMethodSignature().equals("()Ljava/lang/String;")) {
                    return (v0) -> {
                        return v0.getAuthAccount();
                    };
                }
                break;
            case true:
                if (serializedLambda.getImplMethodKind() == 5 && serializedLambda.getFunctionalInterfaceClass().equals("com/baomidou/mybatisplus/core/toolkit/support/SFunction") && serializedLambda.getFunctionalInterfaceMethodName().equals("apply") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("(Ljava/lang/Object;)Ljava/lang/Object;") && serializedLambda.getImplClass().equals("com/diboot/iam/entity/IamLoginTrace") && serializedLambda.getImplMethodSignature().equals("()Ljava/lang/String;")) {
                    return (v0) -> {
                        return v0.getTenantId();
                    };
                }
                break;
        }
        throw new IllegalArgumentException("Invalid lambda deserialization");
    }
}
