package com.github.xujiaji.mk.user.front.service;

import cn.hutool.core.bean.BeanUtil;
import cn.hutool.core.util.StrUtil;
import cn.hutool.http.HttpUtil;
import cn.hutool.json.JSONUtil;
import com.baomidou.mybatisplus.core.conditions.Wrapper;
import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
import com.github.xujiaji.mk.common.base.Status;
import com.github.xujiaji.mk.common.entity.MkUser;
import com.github.xujiaji.mk.common.exception.RequestActionException;
import com.github.xujiaji.mk.common.exception.StatusException;
import com.github.xujiaji.mk.common.service.IMkSmsService;
import com.github.xujiaji.mk.common.service.IPasswordService;
import com.github.xujiaji.mk.common.service.impl.MkCommonServiceImpl;
import com.github.xujiaji.mk.common.util.RedisUtil;
import com.github.xujiaji.mk.user.dto.ThirdBindStatusDTO;
import com.github.xujiaji.mk.user.entity.MkUserIdNumber;
import com.github.xujiaji.mk.user.front.dto.AppleKeys;
import com.github.xujiaji.mk.user.front.dto.QQLoginDTO;
import com.github.xujiaji.mk.user.front.dto.WXLoginDTO;
import com.github.xujiaji.mk.user.front.dto.WXMiniLoginDTO;
import com.github.xujiaji.mk.user.front.dto.WXUserInfoDecryptDataDTO;
import com.github.xujiaji.mk.user.front.payload.BindMobileCondition;
import com.github.xujiaji.mk.user.front.payload.ChangeMobileCondition;
import com.github.xujiaji.mk.user.front.payload.ForgetPasswordCondition;
import com.github.xujiaji.mk.user.front.payload.MiniWxInfoLoginCondition;
import com.github.xujiaji.mk.user.front.payload.MiniWxLoginCondition;
import com.github.xujiaji.mk.user.front.payload.MobileLoginCondition;
import com.github.xujiaji.mk.user.front.payload.MobileSmsLoginCondition;
import com.github.xujiaji.mk.user.front.payload.ModifyPasswordCondition;
import com.github.xujiaji.mk.user.front.payload.RegisterCondition;
import com.github.xujiaji.mk.user.front.payload.SetPasswordCondition;
import com.github.xujiaji.mk.user.front.payload.ThirdLoginCondition;
import com.github.xujiaji.mk.user.front.util.WXBizDataCrypt;
import com.github.xujiaji.mk.user.service.impl.MkUserIdNumberServiceImpl;
import com.github.xujiaji.mk.user.service.impl.MkUserServiceImpl;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.ExpiredJwtException;
import io.jsonwebtoken.Jws;
import io.jsonwebtoken.JwtParser;
import io.jsonwebtoken.Jwts;
import java.math.BigInteger;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.RSAPublicKeySpec;
import java.util.HashMap;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.annotation.Nullable;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.codec.binary.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;

@Service
/* loaded from: input_file:com/github/xujiaji/mk/user/front/service/MkAuthUserService.class */
public class MkAuthUserService extends MkUserServiceImpl {
    private static final Logger log = LoggerFactory.getLogger(MkAuthUserService.class);
    private static Pattern QQ_CALLBACK_PATTERN = Pattern.compile("(?<=\\()([\\s\\S]+)(?=\\))", 2);
    private final MkUserIdNumberServiceImpl userIdNumberService;
    private final IPasswordService passwordService;
    private final MkCommonServiceImpl mkCommonService;
    private final RedisUtil redisUtil;
    private final IMkSmsService mkSmsService;
    private AppleKeys appleKeys;

    @Transactional(rollbackFor = {Exception.class})
    public MkUser createUser(@Nullable String str, @Nullable String str2, @Nullable String str3, @Nullable String str4, @Nullable String str5, @Nullable String str6) {
        MkUserIdNumber newNormalIdNumber = this.userIdNumberService.newNormalIdNumber();
        MkUser mkUser = new MkUser();
        mkUser.setNo(newNormalIdNumber.getId().toString());
        mkUser.setUsername("mk" + mkUser.getNo());
        mkUser.setNickname(mkUser.getUsername());
        mkUser.setPhone(str5);
        mkUser.setPassword(str6 == null ? null : this.passwordService.encode(str6));
        mkUser.setQqId(str);
        mkUser.setWxId(str2);
        mkUser.setWxMiniOpenId(str3);
        mkUser.setIosId(str4);
        add(mkUser);
        newNormalIdNumber.setState(1);
        this.userIdNumberService.editById(newNormalIdNumber);
        return mkUser;
    }

    public MkUser authQQ(ThirdLoginCondition thirdLoginCondition, @Nullable MkUser mkUser) {
        String str = HttpUtil.get("https://graph.qq.com/oauth2.0/me?unionid=1&access_token=" + thirdLoginCondition.getTokenId());
        Matcher matcher = QQ_CALLBACK_PATTERN.matcher(str);
        log.info("QQ: {}", str);
        if (!matcher.find()) {
            throw new RuntimeException("没有得到QQ登录验证信息");
        }
        QQLoginDTO qQLoginDTO = (QQLoginDTO) JSONUtil.toBean(matcher.group(), QQLoginDTO.class);
        if (StrUtil.isBlank(qQLoginDTO.getUnionid())) {
            throw new RequestActionException("没有获取到openid");
        }
        MkUser mkUser2 = (MkUser) this.baseMapper.selectOne((Wrapper) new QueryWrapper().eq("qq_id", qQLoginDTO.getUnionid()));
        if (mkUser == null) {
            return mkUser2 != null ? mkUser2 : createUser(qQLoginDTO.getUnionid(), null, null, null, null, null);
        }
        if (mkUser2 != null) {
            throw new RequestActionException("当前QQ已绑定其它账号");
        }
        mkUser.setQqId(qQLoginDTO.getUnionid());
        return mkUser;
    }

    public MkUser authWeiXin(ThirdLoginCondition thirdLoginCondition, MkUser mkUser) {
        HashMap hashMap = new HashMap();
        hashMap.put("openid", this.mkCommonService.valueByKey("wxAppId"));
        hashMap.put("access_token", thirdLoginCondition.getTokenId());
        String str = HttpUtil.get("https://api.weixin.qq.com/sns/userinfo", hashMap);
        log.info("微信: {}", str);
        WXLoginDTO wXLoginDTO = (WXLoginDTO) JSONUtil.toBean(str, WXLoginDTO.class);
        MkUser mkUser2 = (MkUser) this.baseMapper.selectOne((Wrapper) new QueryWrapper().eq("wx_id", wXLoginDTO.getUnionid()));
        if (mkUser == null) {
            return mkUser2 != null ? mkUser2 : createUser(null, wXLoginDTO.getUnionid(), null, null, null, null);
        }
        if (mkUser2 != null) {
            throw new RequestActionException("当前微信已绑定其它账号");
        }
        mkUser.setWxId(wXLoginDTO.getUnionid());
        return mkUser;
    }

    public MkUser authMiniWeiXin(MiniWxLoginCondition miniWxLoginCondition) {
        HashMap hashMap = new HashMap();
        hashMap.put("appid", this.mkCommonService.valueByKey("wxMiniAppId"));
        hashMap.put("secret", this.mkCommonService.valueByKey("wxMiniSecret"));
        hashMap.put("js_code", miniWxLoginCondition.getJsCode());
        hashMap.put("grant_type", "authorization_code");
        String str = HttpUtil.get("https://api.weixin.qq.com/sns/jscode2session", hashMap);
        log.info("微信小程序: {}", str);
        WXMiniLoginDTO wXMiniLoginDTO = (WXMiniLoginDTO) JSONUtil.toBean(str, WXMiniLoginDTO.class);
        if (wXMiniLoginDTO.getErrcode() != null) {
            throw new RequestActionException("错误码：" + wXMiniLoginDTO.getErrcode() + "，信息：" + wXMiniLoginDTO.getErrmsg());
        }
        if (!StrUtil.isBlank(wXMiniLoginDTO.getUnionid())) {
            return getUserDOByWxUnionId(wXMiniLoginDTO.getOpenid(), wXMiniLoginDTO.getUnionid());
        }
        this.redisUtil.putWxMiniSessionKey(miniWxLoginCondition.getJsCode(), wXMiniLoginDTO.getSessionKey());
        return null;
    }

    private MkUser getUserDOByWxUnionId(String str, String str2) {
        MkUser mkUser = (MkUser) this.baseMapper.selectOne((Wrapper) new QueryWrapper().eq("wx_id", str2));
        if (mkUser == null) {
            return createUser(null, str2, str, null, null, null);
        }
        if (StrUtil.isEmpty(mkUser.getWxMiniOpenId())) {
            mkUser.setWxMiniOpenId(str);
            editById(mkUser);
        }
        return mkUser;
    }

    public MkUser authMiniWeiXinByInfo(MiniWxInfoLoginCondition miniWxInfoLoginCondition) {
        String wxMiniSessionKey = this.redisUtil.getWxMiniSessionKey(miniWxInfoLoginCondition.getJsCode());
        if (StrUtil.isBlank(wxMiniSessionKey)) {
            throw new RequestActionException("请先调用登录");
        }
        WXUserInfoDecryptDataDTO decrypt = new WXBizDataCrypt(this.mkCommonService.valueByKey("wxMiniAppId"), wxMiniSessionKey).decrypt(miniWxInfoLoginCondition.getEncryptedData(), miniWxInfoLoginCondition.getIv());
        return getUserDOByWxUnionId(decrypt.getOpenId(), decrypt.getUnionId());
    }

    public MkUser authIOS(ThirdLoginCondition thirdLoginCondition, MkUser mkUser) {
        String valueByKey = this.mkCommonService.valueByKey("iOSBundleId");
        if (StrUtil.isEmpty(thirdLoginCondition.getJwt()) || StrUtil.isEmpty(valueByKey) || StrUtil.isEmpty(thirdLoginCondition.getSub())) {
            throw new RequestActionException("参数错误");
        }
        if (this.appleKeys == null) {
            this.appleKeys = (AppleKeys) JSONUtil.toBean(HttpUtil.get("https://appleid.apple.com/auth/keys"), AppleKeys.class);
        }
        String str = "";
        String str2 = "";
        String kid = getKid(thirdLoginCondition.getJwt());
        for (AppleKeys.Keys keys : this.appleKeys.getKeys()) {
            if (StringUtils.equals(keys.getKid(), kid)) {
                str = keys.getN();
                str2 = keys.getE();
                log.info("[苹果登录日志]jwt:{},aud:{},sub:{}", new Object[]{thirdLoginCondition.getJwt(), valueByKey, thirdLoginCondition.getSub()});
                break;
            }
        }
        try {
            log.info("success claimsJws = {}", verify(createPublicKey(str, str2), thirdLoginCondition.getJwt(), valueByKey, thirdLoginCondition.getSub()));
            MkUser mkUser2 = (MkUser) this.baseMapper.selectOne((Wrapper) new QueryWrapper().eq("ios_id", thirdLoginCondition.getSub()));
            if (mkUser == null) {
                return mkUser2 != null ? mkUser2 : createUser(null, null, null, thirdLoginCondition.getSub(), null, null);
            }
            if (mkUser2 != null) {
                throw new RequestActionException("当前微信已绑定其它账号");
            }
            mkUser.setIosId(thirdLoginCondition.getSub());
            return mkUser;
        } catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
            throw new RequestActionException(e.getMessage());
        }
    }

    public String getKid(String str) {
        return JSONUtil.parseObj(new String(Base64.decodeBase64(str.split("\\.")[0]))).getStr("kid");
    }

    public Jws<Claims> verify(PublicKey publicKey, String str, String str2, String str3) {
        JwtParser signingKey = Jwts.parser().setSigningKey(publicKey);
        signingKey.requireIssuer("https://appleid.apple.com");
        signingKey.requireAudience(str2);
        signingKey.requireSubject(str3);
        try {
            Jws<Claims> parseClaimsJws = signingKey.parseClaimsJws(str);
            if (parseClaimsJws == null || !((Claims) parseClaimsJws.getBody()).containsKey("auth_time")) {
                throw new RequestActionException("解析失败");
            }
            log.info("[Apple登录解密结果]header:{},body:{},signature:{}", new Object[]{parseClaimsJws.getHeader(), parseClaimsJws.getBody(), parseClaimsJws.getSignature()});
            return parseClaimsJws;
        } catch (Exception e) {
            log.error("apple identityToken illegal");
            throw new RequestActionException("apple identityToken illegal");
        } catch (ExpiredJwtException e2) {
            log.error("apple identityToken expired");
            throw new RequestActionException("apple identityToken expired");
        }
    }

    public static PublicKey createPublicKey(String str, String str2) throws NoSuchAlgorithmException, InvalidKeySpecException {
        try {
            return KeyFactory.getInstance("RSA").generatePublic(new RSAPublicKeySpec(new BigInteger(1, Base64.decodeBase64(str)), new BigInteger(1, Base64.decodeBase64(str2))));
        } catch (Exception e) {
            e.printStackTrace();
            return null;
        }
    }

    public void bindThirdLogin(Long l, ThirdLoginCondition thirdLoginCondition) {
        MkUser authIOS;
        MkUser mkUser = new MkUser();
        mkUser.setId(l);
        switch (Integer.parseInt(thirdLoginCondition.getType())) {
            case 1:
                authIOS = authQQ(thirdLoginCondition, mkUser);
                break;
            case 2:
                authIOS = authWeiXin(thirdLoginCondition, mkUser);
                break;
            case 6:
                authIOS = authIOS(thirdLoginCondition, mkUser);
                break;
            default:
                throw new RuntimeException("没有这个登录类型");
        }
        editById(authIOS);
    }

    public void unBindThirdLogin(String str, Long l) {
        MkUser mkUser = (MkUser) this.baseMapper.selectById(l);
        if ((StrUtil.isNotBlank(mkUser.getQqId()) ? 1 : 0) + (StrUtil.isNotBlank(mkUser.getWxId()) ? 1 : 0) + (StrUtil.isNotBlank(mkUser.getIosId()) ? 1 : 0) + (StrUtil.isNotBlank(mkUser.getPhone()) ? 1 : 0) == 1) {
            throw new RequestActionException("至少需要有一个绑定状态");
        }
        switch (Integer.parseInt(str)) {
            case 1:
                mkUser.setQqId("");
                break;
            case 2:
                mkUser.setWxId("");
                mkUser.setWxMiniOpenId("");
                break;
            case 6:
                mkUser.setIosId("");
                break;
            default:
                throw new RuntimeException("没有这个登录类型");
        }
        editById(mkUser);
    }

    private void checkValidSmsCode(String str, int i, int i2) {
        if (i2 == 2 && this.baseMapper.isExistMobile(str)) {
            throw new StatusException(Status.ERROR_PHONE_REGISTERED);
        }
        if (!this.mkSmsService.isValid(str, i2, i)) {
            throw new RequestActionException("验证码错误或已过期");
        }
    }

    @Transactional(rollbackFor = {Exception.class})
    public MkUser registerByPhone(RegisterCondition registerCondition) {
        checkValidSmsCode(registerCondition.getMobile(), registerCondition.getCode().intValue(), 2);
        return createUser(null, null, null, null, registerCondition.getMobile(), registerCondition.getPassword());
    }

    private MkUser getUserByMobile(String str) {
        MkUser selectByPhone = this.baseMapper.selectByPhone(str);
        if (selectByPhone == null) {
            throw new RequestActionException("该账号不存在");
        }
        return selectByPhone;
    }

    public MkUser loginByMobile(MobileLoginCondition mobileLoginCondition) {
        MkUser userByMobile = getUserByMobile(mobileLoginCondition.getMobile());
        if (StrUtil.isBlank(userByMobile.getPassword())) {
            throw new RequestActionException("该账号还未设置过密码，请使用短信登录");
        }
        if (this.passwordService.matches(mobileLoginCondition.getPassword(), userByMobile.getPassword())) {
            return userByMobile;
        }
        throw new RequestActionException("密码错误");
    }

    public MkUser loginByMobileSms(MobileSmsLoginCondition mobileSmsLoginCondition) {
        checkValidSmsCode(mobileSmsLoginCondition.getMobile(), mobileSmsLoginCondition.getCode().intValue(), 3);
        try {
            return getUserByMobile(mobileSmsLoginCondition.getMobile());
        } catch (RequestActionException e) {
            return createUser(null, null, null, null, mobileSmsLoginCondition.getMobile(), null);
        }
    }

    public void forgetPassword(ForgetPasswordCondition forgetPasswordCondition) {
        checkValidSmsCode(forgetPasswordCondition.getMobile(), forgetPasswordCondition.getCode().intValue(), 4);
        if (!forgetPasswordCondition.getNewPass().equals(forgetPasswordCondition.getConfirmPass())) {
            throw new RequestActionException("两次密码不一致");
        }
        if (!this.baseMapper.isExistMobile(forgetPasswordCondition.getMobile())) {
            throw new RequestActionException("当前手机号没有注册");
        }
        MkUser selectByPhone = this.baseMapper.selectByPhone(forgetPasswordCondition.getMobile());
        selectByPhone.setPassword(this.passwordService.encode(forgetPasswordCondition.getNewPass()));
        editById(selectByPhone);
    }

    public void setPassword(Long l, SetPasswordCondition setPasswordCondition) {
        MkUser mkUser = (MkUser) this.baseMapper.selectById(l);
        if (StrUtil.isNotBlank(mkUser.getPassword())) {
            throw new RequestActionException("您已经有了密码，不可设置");
        }
        mkUser.setPassword(this.passwordService.encode(setPasswordCondition.getPassword()));
        editById(mkUser);
    }

    public void bindMobileAndPassword(Long l, BindMobileCondition bindMobileCondition) {
        checkValidSmsCode(bindMobileCondition.getMobile(), bindMobileCondition.getCode().intValue(), 5);
        bindMobile(l, bindMobileCondition, true);
    }

    private void bindMobile(Long l, BindMobileCondition bindMobileCondition, boolean z) {
        if (this.baseMapper.isExistMobile(bindMobileCondition.getMobile())) {
            throw new RequestActionException("您所绑定的手机号已有对应账户，请更换手机号或解绑后重试！");
        }
        MkUser mkUser = (MkUser) this.baseMapper.selectById(l);
        mkUser.setPhone(bindMobileCondition.getMobile());
        if (z) {
            if (StrUtil.isBlank(bindMobileCondition.getPassword())) {
                throw new RequestActionException("请输入新的登录密码");
            }
            mkUser.setPassword(this.passwordService.encode(bindMobileCondition.getPassword()));
        }
        editById(mkUser);
    }

    public void changeMobile(Long l, ChangeMobileCondition changeMobileCondition) {
        checkValidSmsCode(changeMobileCondition.getMobile(), changeMobileCondition.getCode().intValue(), 5);
        bindMobile(l, (BindMobileCondition) BeanUtil.copyProperties(changeMobileCondition, BindMobileCondition.class), false);
    }

    public void modifyPassword(Long l, ModifyPasswordCondition modifyPasswordCondition) {
        MkUser mkUser = (MkUser) this.baseMapper.selectById(l);
        if (StrUtil.isBlank(mkUser.getPhone())) {
            throw new RequestActionException("当前账号未绑定手机号");
        }
        checkValidSmsCode(mkUser.getPhone(), modifyPasswordCondition.getCode().intValue(), 4);
        if (!modifyPasswordCondition.getNewPass().equals(modifyPasswordCondition.getConfirmPass())) {
            throw new RequestActionException("两次密码不一致哟，检查后重试");
        }
        mkUser.setPassword(this.passwordService.encode(modifyPasswordCondition.getNewPass()));
        editById(mkUser);
    }

    public ThirdBindStatusDTO bindStatus(Long l) {
        return this.baseMapper.selectBindStatus(l);
    }

    public MkAuthUserService(MkUserIdNumberServiceImpl mkUserIdNumberServiceImpl, IPasswordService iPasswordService, MkCommonServiceImpl mkCommonServiceImpl, RedisUtil redisUtil, IMkSmsService iMkSmsService) {
        this.userIdNumberService = mkUserIdNumberServiceImpl;
        this.passwordService = iPasswordService;
        this.mkCommonService = mkCommonServiceImpl;
        this.redisUtil = redisUtil;
        this.mkSmsService = iMkSmsService;
    }
}
