package cn.trythis.ams.bootconfig;

import cn.trythis.ams.pojo.enumvalue.UserStatusCode;
import cn.trythis.ams.pojo.enumvalue.ValidStatus;
import cn.trythis.ams.pojo.sso.UserInfo;
import cn.trythis.ams.repository.dao.AuthRRoleResoDAO;
import cn.trythis.ams.repository.dao.AuthRUserRoleDAO;
import cn.trythis.ams.repository.dao.CommOrgInfoDAO;
import cn.trythis.ams.repository.dao.CommRoleInfoDAO;
import cn.trythis.ams.repository.dao.CommUserInfoDAO;
import cn.trythis.ams.repository.dao.ResourceInfoDAO;
import cn.trythis.ams.repository.entity.AuthRRoleReso;
import cn.trythis.ams.repository.entity.AuthRUserRole;
import cn.trythis.ams.repository.entity.CommOrgInfo;
import cn.trythis.ams.repository.entity.CommRoleInfo;
import cn.trythis.ams.repository.entity.CommRoleInfoExample;
import cn.trythis.ams.repository.entity.CommUserInfo;
import cn.trythis.ams.repository.entity.ResourceInfo;
import cn.trythis.ams.service.DataDicService;
import cn.trythis.ams.service.ParamManageService;
import cn.trythis.ams.service.SsoClientService;
import cn.trythis.ams.support.annotation.AmsConfigDefault;
import cn.trythis.ams.support.exception.ExceptionUtil;
import cn.trythis.ams.support.security.bo.LoginModel;
import cn.trythis.ams.support.security.bo.SecurityUser;
import cn.trythis.ams.support.security.bo.SessionModel;
import cn.trythis.ams.support.security.bo.UrlPermissionMode;
import cn.trythis.ams.support.security.config.AmsSecurityConfiguration;
import cn.trythis.ams.util.AmsAssert;
import cn.trythis.ams.util.AmsHttpUtils;
import cn.trythis.ams.util.AmsUtils;
import cn.trythis.ams.util.SysInfoUtils;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.stream.Collectors;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.access.SecurityConfig;
import org.springframework.security.authentication.AccountExpiredException;
import org.springframework.security.core.userdetails.UsernameNotFoundException;

@AmsConfigDefault
/* loaded from: input_file:cn/trythis/ams/bootconfig/WebSecurityConfiguration.class */
public class WebSecurityConfiguration implements AmsSecurityConfiguration {
    private static final Logger logger = LoggerFactory.getLogger(WebSecurityConfiguration.class);

    @Autowired
    protected CommUserInfoDAO commUserInfoDAO;

    @Autowired
    protected CommRoleInfoDAO commRoleInfoDAO;

    @Autowired
    protected CommOrgInfoDAO commOrgInfoDAO;

    @Autowired
    protected AuthRUserRoleDAO authRUserRoleDAO;

    @Autowired
    protected AuthRRoleResoDAO authRRoleResoDAO;

    @Autowired
    protected ResourceInfoDAO resourceInfoDAO;

    @Autowired
    protected SsoClientService ssoClientService;

    @Autowired
    protected DataDicService dataDicService;

    @Autowired
    protected ParamManageService paramManageService;

    public SecurityUser loadUserByUsername(String str, LoginModel loginModel, Map<String, Object> map, Boolean bool) {
        SecurityUser userInfo;
        if (!LoginModel.UACSSO.equals(loginModel)) {
            return getUserInfo(str);
        }
        UserInfo userId = this.ssoClientService.getUserId(str, Optional.ofNullable(map.get("redirect_uri")).orElse("").toString());
        try {
            userInfo = getUserInfo(userId.getSub());
        } catch (UsernameNotFoundException e) {
            String valueByTypeAndName = this.paramManageService.getValueByTypeAndName("USER", "ams.web.user-auto-insert");
            if (!AmsUtils.isNull(valueByTypeAndName) && !Boolean.parseBoolean(valueByTypeAndName)) {
                throw new UsernameNotFoundException(e.getMessage());
            }
            logger.error("认证中心的用户[" + userId.getSub() + "]在本系统不存在,自动新增用户并赋予游客角色");
            CommUserInfo commUserInfo = new CommUserInfo();
            commUserInfo.setLoginName(userId.getSub());
            commUserInfo.setUserName(userId.getName());
            if (AmsUtils.isNull(userId.getOrgNo())) {
                ExceptionUtil.throwAppException("认证中心用户[" + userId.getSub() + "]的机构号为空，无法在本系统自动新增用户");
            } else {
                CommOrgInfo selectByOrgNo = this.commOrgInfoDAO.selectByOrgNo(userId.getOrgNo());
                if (AmsUtils.isNull(selectByOrgNo)) {
                    ExceptionUtil.throwAppException("认证中心用户[" + userId.getSub() + "]的机构号[" + userId.getOrgNo() + "]在本系统不存在，无法自动新增用户");
                } else {
                    commUserInfo.setOrgId(selectByOrgNo.getId());
                }
            }
            commUserInfo.setStatus(UserStatusCode.NORMAL.getCode());
            commUserInfo.setEmpNo(userId.getSub());
            this.commUserInfoDAO.insert(commUserInfo);
            AuthRUserRole authRUserRole = new AuthRUserRole();
            authRUserRole.setUserId(commUserInfo.getId());
            authRUserRole.setRoleId(2);
            this.authRUserRoleDAO.insert(authRUserRole);
            userInfo = getUserInfo(userId.getSub());
            this.dataDicService.reloadDataDicByType("USER");
        }
        userInfo.setLoginModel(loginModel);
        userInfo.setAccessToken(userId.getAccessToken());
        return userInfo;
    }

    public LoginModel loginModel() {
        return LoginModel.PASSWORD;
    }

    public SessionModel sessionModel() {
        return SessionModel.SESSION;
    }

    public void permitMatchers(List<String> list) {
        list.add("/register");
        list.add("/index/register");
    }

    public void configRoleMaps(List<ConfigAttribute> list, Map<String, List<ConfigAttribute>> map) {
        this.commRoleInfoDAO.selectAll().forEach(commRoleInfo -> {
            list.addAll(SecurityConfig.createList(new String[]{commRoleInfo.getRoleCode().toUpperCase()}));
        });
        if (UrlPermissionMode.FORCE_CHECK == urlPermissionMode()) {
            AmsHttpUtils.getAllApiUrl().forEach(urlResource -> {
                if (null == this.resourceInfoDAO.findByAccessPath(urlResource.getApiUrl())) {
                    ResourceInfo resourceInfo = new ResourceInfo();
                    resourceInfo.setParentId(0);
                    resourceInfo.setResourceName(urlResource.getApiName());
                    resourceInfo.setAccessPath(urlResource.getApiUrl());
                    resourceInfo.setResourceType("URL");
                    resourceInfo.setResourceStatus(ValidStatus.VALID.getCode());
                    resourceInfo.setResourceDesc("强制检查API权限自动插入");
                    this.resourceInfoDAO.insert(resourceInfo);
                }
            });
        }
        this.resourceInfoDAO.findByResourceType("URL").forEach(resourceInfo -> {
            List<AuthRRoleReso> selectByResoId = this.authRRoleResoDAO.selectByResoId(resourceInfo.getId());
            ArrayList arrayList = new ArrayList();
            selectByResoId.forEach(authRRoleReso -> {
                arrayList.add(new SecurityConfig("ROLE_" + ((CommRoleInfo) this.commRoleInfoDAO.selectByPrimaryKey(authRRoleReso.getRoleId())).getRoleCode().toUpperCase()));
            });
            if (UrlPermissionMode.FORCE_CHECK == urlPermissionMode()) {
                arrayList.add(new SecurityConfig("ROLE_ADMIN"));
            }
            map.put(resourceInfo.getAccessPath(), arrayList);
        });
    }

    public SecurityUser getUserInfo(String str) {
        SecurityUser securityUser = new SecurityUser();
        CommUserInfo findSecurityUserByLoginName = this.commUserInfoDAO.findSecurityUserByLoginName(str);
        if (findSecurityUserByLoginName == null) {
            throw new UsernameNotFoundException("用户[" + str + "]不存在");
        }
        if ("02".equals(findSecurityUserByLoginName.getStatus())) {
            throw new AccountExpiredException("用户[" + str + "]状态无效");
        }
        List<Integer> selectRoleIdsByUserId = this.commUserInfoDAO.m18getMapper().selectRoleIdsByUserId(findSecurityUserByLoginName.getId());
        if (selectRoleIdsByUserId.size() > 0) {
            CommRoleInfoExample commRoleInfoExample = new CommRoleInfoExample();
            commRoleInfoExample.createCriteria().andIdIn(selectRoleIdsByUserId);
            findSecurityUserByLoginName.setRoleList(this.commRoleInfoDAO.selectByExample(commRoleInfoExample));
        } else {
            findSecurityUserByLoginName.setRoleList(new ArrayList());
        }
        CommOrgInfo commOrgInfo = (CommOrgInfo) this.commOrgInfoDAO.selectByPrimaryKey(findSecurityUserByLoginName.getOrgId());
        AmsAssert.notNull(commOrgInfo, "用户所属机构不存在");
        securityUser.setId(findSecurityUserByLoginName.getId());
        securityUser.setRoleCodes((List) findSecurityUserByLoginName.getRoleList().stream().map((v0) -> {
            return v0.getRoleCode();
        }).collect(Collectors.toList()));
        securityUser.setLoginName(findSecurityUserByLoginName.getLoginName());
        securityUser.setUserName(findSecurityUserByLoginName.getUserName());
        securityUser.setPassWord(findSecurityUserByLoginName.getPassWord());
        securityUser.setOrgnNo(commOrgInfo.getOrgNo());
        securityUser.setOrgnName(commOrgInfo.getOrgName());
        securityUser.setBusiDate(SysInfoUtils.getBusiDate());
        securityUser.setEmpNo(findSecurityUserByLoginName.getEmpNo());
        Integer orgId = findSecurityUserByLoginName.getOrgId();
        if (AmsUtils.isNotNull(findSecurityUserByLoginName.getAuthOrgId())) {
            ArrayList arrayList = new ArrayList(Arrays.asList(findSecurityUserByLoginName.getAuthOrgId().trim().split(",")));
            if (AmsUtils.isNotNull(arrayList)) {
                orgId = arrayList.size() == 1 ? Integer.valueOf((String) arrayList.get(0)) : (AmsUtils.isNotNull(findSecurityUserByLoginName.getLoginOrgId()) && arrayList.contains(findSecurityUserByLoginName.getLoginOrgId().toString())) ? findSecurityUserByLoginName.getLoginOrgId() : Integer.valueOf((String) arrayList.get(0));
            }
        }
        securityUser.setLoginAuthOrgNo(((CommOrgInfo) this.commOrgInfoDAO.selectByPrimaryKey(orgId)).getOrgNo());
        return securityUser;
    }
}
