package com.goldgov.kduck.module.assignaccount.service.impl;

import com.goldgov.kduck.dao.ParamMap;
import com.goldgov.kduck.dao.definition.BeanEntityDef;
import com.goldgov.kduck.dao.sqlbuilder.ConditionBuilder;
import com.goldgov.kduck.dao.sqlbuilder.DeleteBuilder;
import com.goldgov.kduck.dao.sqlbuilder.SelectBuilder;
import com.goldgov.kduck.module.assignaccount.service.AccountAssignRule;
import com.goldgov.kduck.module.assignaccount.service.AccountAssignService;
import com.goldgov.kduck.module.assignaccount.service.AccountCustomService;
import com.goldgov.kduck.module.message.constant.MessageConstants;
import com.goldgov.kduck.module.message.exception.NotSupportSenderException;
import com.goldgov.kduck.module.message.sender.MessageSender;
import com.goldgov.kduck.module.user.service.User;
import com.goldgov.kduck.module.user.service.UserService;
import com.goldgov.kduck.service.DefaultService;
import com.goldgov.kduck.service.ValueBean;
import com.goldgov.kduck.utils.BeanDefUtils;
import com.kcloud.ms.authentication.baseaccount.service.Account;
import com.kcloud.ms.authentication.baseaccount.service.AccountConfigService;
import com.kcloud.ms.authentication.baseaccount.service.AccountCredential;
import com.kcloud.ms.authentication.baseaccount.service.AccountCredentialService;
import com.kcloud.ms.authentication.baseaccount.service.AccountService;
import com.kcloud.ms.authentication.baseaccount.service.config.AccountAllocateConfig;
import com.kcloud.ms.authentication.baseaccount.service.config.AccountSecurityConfig;
import com.kcloud.ms.authentication.baseaccount.service.credential.CredentialGenerator;
import java.io.Serializable;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.Properties;
import java.util.stream.Collectors;
import org.apache.commons.codec.digest.DigestUtils;
import org.apache.commons.lang3.ArrayUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.beans.BeanUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.util.PropertyPlaceholderHelper;
import org.springframework.util.StringUtils;

@Service
/* loaded from: input_file:com/goldgov/kduck/module/assignaccount/service/impl/AccountAssignServiceImpl.class */
public class AccountAssignServiceImpl extends DefaultService implements AccountAssignService {

    @Value("${kduck.admin-account:admin}")
    private String adminAccount;

    @Value("${kcloud.authentication.encodeType:md5}")
    private String encodeType;

    @Autowired
    private AccountConfigService accountConfigService;

    @Autowired
    private PasswordEncoder passwordEncoder;

    @Autowired
    private List<AccountAssignRule> accountAssignRules;

    @Autowired
    private AccountCredentialService accountCredentialService;

    @Autowired
    private AccountService accountService;

    @Autowired
    private UserService userService;

    @Autowired
    private List<CredentialGenerator> credentialGeneratorList;

    @Autowired(required = false)
    private AccountCustomService accountCustomService;

    @Autowired
    private List<MessageSender> messageSenderList;

    @Value("${message.sms.password}")
    private String smsTemplateCode;

    @Value("${message.email.password}")
    private String emailTemplateCode;
    private final Log logger = LogFactory.getLog(getClass());
    private PropertyPlaceholderHelper propertyPlaceholderHelper = new PropertyPlaceholderHelper("{", "}");

    @Override // com.goldgov.kduck.module.assignaccount.service.AccountAssignService
    @Transactional
    public void assignAccountByRule(String str) throws Exception {
        if (AccountAllocateConfig.STATUS_YES.equals(((AccountAllocateConfig) this.accountConfigService.loadConfig("ACCOUNT_ALLOCATE_CONFIG", AccountAllocateConfig.class)).getLoginNameAllocate().getAutoAllocate()) && StringUtils.hasText(str)) {
            User user = this.userService.getUser(str);
            user.put("accountId", this.accountService.getAccountByUserId(user.getUserId()));
            List<String> assignAccountByRule = assignAccountByRule(new User[]{user}, null);
            if (!assignAccountByRule.isEmpty()) {
                throw new RuntimeException(assignAccountByRule.get(0));
            }
        }
    }

    @Override // com.goldgov.kduck.module.assignaccount.service.AccountAssignService
    @Transactional
    public List<String> assignAccountByRule(User[] userArr, List<String> list) {
        AccountAllocateConfig.ExtendRule extendRule;
        Integer accountAllocatedNotifyUser;
        ArrayList arrayList = new ArrayList();
        if (userArr != null && userArr.length > 0) {
            AccountAllocateConfig accountAllocateConfig = (AccountAllocateConfig) this.accountConfigService.loadConfig("ACCOUNT_ALLOCATE_CONFIG", AccountAllocateConfig.class);
            Integer[] autoAllocateUserType = accountAllocateConfig.getLoginNameAllocate().getAutoAllocateUserType();
            if (autoAllocateUserType == null || autoAllocateUserType.length == 0) {
                throw new RuntimeException("可自动分配登录名的用户类型 为空 不可分配账号");
            }
            ArrayList arrayList2 = new ArrayList();
            HashMap hashMap = new HashMap();
            for (User user : userArr) {
                if (ArrayUtils.contains(accountAllocateConfig.getLoginNameAllocate().getAutoAllocateUserType(), user.getUserType())) {
                    try {
                        String accountName = getAccountName(user, accountAllocateConfig, list);
                        Account account = new Account();
                        account.setAccountId(user.getValueAsString("accountId"));
                        account.setCreateTime(new Date());
                        account.setDisplayName(user.getUserName());
                        account.setEmail(user.getEmail());
                        account.setPhone(user.getPhone());
                        account.setAccountState(Account.ACCOUNT_STATE_ENABLED);
                        account.setUserId(user.getUserId());
                        account.setAccountName(accountName);
                        if (this.accountCustomService != null) {
                            this.accountCustomService.customSetting(account, user);
                        }
                        String generateCredential = generateCredential(accountAllocateConfig, account);
                        if (!"md5".equals(this.encodeType)) {
                            if (!"sha1".equals(this.encodeType)) {
                                throw new RuntimeException("不支持的密码编码类型：" + this.encodeType);
                                break;
                            }
                            account.setPassword(this.passwordEncoder.encode(DigestUtils.sha1Hex(generateCredential.getBytes())));
                        } else {
                            account.setPassword(this.passwordEncoder.encode(org.springframework.util.DigestUtils.md5DigestAsHex(generateCredential.getBytes())));
                        }
                        arrayList2.add(account);
                        hashMap.put(user, generateCredential);
                    } catch (Exception e) {
                        this.logger.error(e);
                        arrayList.add(user.getUserName() + " : " + e.getMessage());
                    }
                }
            }
            if (!arrayList2.isEmpty()) {
                addAccount(arrayList2);
            }
            if (arrayList.isEmpty() && (accountAllocatedNotifyUser = (extendRule = accountAllocateConfig.getExtendRule()).getAccountAllocatedNotifyUser()) != null && accountAllocatedNotifyUser.intValue() == AccountAllocateConfig.STATUS_YES.intValue()) {
                Integer accountAllocatedNotifyUserMode = extendRule.getAccountAllocatedNotifyUserMode();
                for (User user2 : hashMap.keySet()) {
                    String str = (String) hashMap.get(user2);
                    HashMap hashMap2 = new HashMap();
                    hashMap2.put("code", str);
                    ArrayList arrayList3 = new ArrayList();
                    User user3 = new User();
                    user3.setPhone(user2.getPhone());
                    user3.setEmail(user2.getEmail());
                    arrayList3.add(user3);
                    if (accountAllocatedNotifyUserMode.intValue() == AccountAllocateConfig.ALLOCATE_NOTIFY_USER_MODE_SMS.intValue() && StringUtils.hasText(user2.getPhone())) {
                        getSender(MessageConstants.SEND_WAY_OUTER_SMS).send(null, this.smsTemplateCode, hashMap2, arrayList3, (z, str2, user4, str3, str4) -> {
                            if (z) {
                                return;
                            }
                            this.logger.error("短信密码发送失败。用户ID=" + user2.getUserId() + "，用户名=" + user4.getUserName() + "，原因：" + str4);
                        });
                    } else {
                        if (accountAllocatedNotifyUserMode.intValue() != AccountAllocateConfig.ALLOCATE_NOTIFY_USER_MODE_EMAIL.intValue() || !StringUtils.hasText(user2.getEmail())) {
                            throw new RuntimeException("不支持的密码通知方式：" + accountAllocatedNotifyUserMode.intValue());
                        }
                        MessageSender sender = getSender(MessageConstants.SEND_WAY_OUTER_EMAIL);
                        Properties properties = new Properties();
                        properties.setProperty("password", str);
                        sender.send(null, this.propertyPlaceholderHelper.replacePlaceholders(this.emailTemplateCode, properties), hashMap2, arrayList3, (z2, str5, user5, str6, str7) -> {
                            if (z2) {
                                return;
                            }
                            this.logger.error("邮箱密码发送失败。邮箱地址 : " + user2.getEmail() + str7);
                        });
                    }
                }
            }
        }
        return arrayList;
    }

    private MessageSender getSender(String str) {
        Optional<MessageSender> findFirst = this.messageSenderList.stream().filter(messageSender -> {
            return messageSender.support(str);
        }).findFirst();
        if (findFirst.isPresent()) {
            return findFirst.get();
        }
        throw new NotSupportSenderException(String.format("没有对应[%s]的发送方式", str));
    }

    @Override // com.goldgov.kduck.module.assignaccount.service.AccountAssignService
    public String getAccountName(String str) throws Exception {
        return getAccountName(this.userService.getUser(str), (AccountAllocateConfig) this.accountConfigService.loadConfig("ACCOUNT_ALLOCATE_CONFIG", AccountAllocateConfig.class), null);
    }

    @Override // com.goldgov.kduck.module.assignaccount.service.AccountAssignService
    @Transactional
    public List<String> assignAccountForNull() {
        AccountAllocateConfig accountAllocateConfig = (AccountAllocateConfig) this.accountConfigService.loadConfig("ACCOUNT_ALLOCATE_CONFIG", AccountAllocateConfig.class);
        List<User> listUsersWithOutAccount = listUsersWithOutAccount(accountAllocateConfig.getLoginNameAllocate().getAutoAllocateUserType());
        if (listUsersWithOutAccount.isEmpty()) {
            return Collections.EMPTY_LIST;
        }
        AccountCredential accountCredential = new AccountCredential();
        accountCredential.setCredentialType(accountAllocateConfig.getLoginNameAllocate().getLoginNameAutoGenerateRule());
        return assignAccountByRule((User[]) listUsersWithOutAccount.toArray(new User[0]), (List) this.accountCredentialService.listAccountCredential(accountCredential).stream().map((v0) -> {
            return v0.getCredentialName();
        }).collect(Collectors.toList()));
    }

    @Override // com.goldgov.kduck.module.assignaccount.service.AccountAssignService
    @Transactional
    public List<String> assignAccountReplace() {
        deleteAccountCredentialWithOutAdmin(this.adminAccount.split(","));
        return assignAccountForNull();
    }

    @Override // com.goldgov.kduck.module.assignaccount.service.AccountAssignService
    public boolean validAccount(String str) {
        AccountCredential accountCredential = new AccountCredential();
        accountCredential.put("accountCredentialName", str);
        return ((List) this.accountCredentialService.listAccountCredential(accountCredential).stream().map((v0) -> {
            return v0.getCredentialName();
        }).collect(Collectors.toList())).isEmpty();
    }

    private String generateCredential(AccountAllocateConfig accountAllocateConfig, Account account) {
        AccountSecurityConfig accountSecurityConfig = (AccountSecurityConfig) this.accountConfigService.loadConfig("ACCOUNT_SECURITY_CONFIG", AccountSecurityConfig.class);
        for (CredentialGenerator credentialGenerator : this.credentialGeneratorList) {
            if (credentialGenerator.supported(accountAllocateConfig.getPasswordAllocate().getInitMode())) {
                return credentialGenerator.generate(accountAllocateConfig, accountSecurityConfig, account);
            }
        }
        throw new RuntimeException("不支持的密码生成策略：" + accountAllocateConfig.getPasswordAllocate().getInitMode());
    }

    private String getAccountName(User user, AccountAllocateConfig accountAllocateConfig, List<String> list) throws Exception {
        for (AccountAssignRule accountAssignRule : this.accountAssignRules) {
            if (accountAssignRule.supported(accountAllocateConfig.getLoginNameAllocate().getLoginNameAutoGenerateRule())) {
                try {
                    String generateAccount = accountAssignRule.generateAccount(user, accountAllocateConfig, list);
                    if (list != null) {
                        list.add(generateAccount);
                    }
                    return generateAccount;
                } catch (Exception e) {
                    throw e;
                }
            }
        }
        throw new RuntimeException("未找到相应的分配规则/未根据规则分配到账户名");
    }

    private void addAccount(List<Account> list) {
        Date date = new Date();
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        ArrayList arrayList3 = new ArrayList();
        ArrayList arrayList4 = new ArrayList();
        for (Account account : list) {
            Serializable accountId = account.getAccountId();
            if (StringUtils.isEmpty(account.getAccountId())) {
                accountId = generateIdValue();
                account.setAccountId(accountId.toString());
            }
            AccountCredential accountCredential = new AccountCredential();
            accountCredential.setAccountId(accountId.toString());
            accountCredential.setCredentialName(account.getAccountName());
            accountCredential.setCredentialType(AccountCredential.CREDENTIALTYPE_LOGINNAME);
            accountCredential.setState(AccountCredential.STATE_ENABLE);
            accountCredential.setLastModifyTime(date);
            arrayList2.add(accountCredential);
            if (StringUtils.hasText(account.getPhone())) {
                AccountCredential accountCredential2 = new AccountCredential();
                BeanUtils.copyProperties(accountCredential, accountCredential2);
                accountCredential2.setCredentialName(account.getPhone());
                accountCredential2.setCredentialType(AccountCredential.CREDENTIALTYPE_PHONE);
                arrayList3.add(accountCredential2);
            }
            if (StringUtils.hasText(account.getEmail())) {
                AccountCredential accountCredential3 = new AccountCredential();
                BeanUtils.copyProperties(accountCredential, accountCredential3);
                accountCredential3.setCredentialName(account.getEmail());
                accountCredential3.setCredentialType(AccountCredential.CREDENTIALTYPE_EMAIL);
                arrayList4.add(accountCredential3);
            }
            arrayList.add(super.createValueBean("ACCOUNT", account));
        }
        if (arrayList.isEmpty()) {
            return;
        }
        super.batchAdd((ValueBean[]) arrayList.toArray(new ValueBean[0]), false);
        if (!arrayList2.isEmpty()) {
            super.batchAdd("ACCOUNT_CREDENTIAL", arrayList2);
        }
        if (!arrayList4.isEmpty()) {
            super.batchAdd("ACCOUNT_CREDENTIAL", arrayList4);
        }
        if (arrayList3.isEmpty()) {
            return;
        }
        super.batchAdd("ACCOUNT_CREDENTIAL", arrayList3);
    }

    private void deleteAccountCredentialWithOutAdmin(String[] strArr) {
        Map map = ParamMap.create("accountNames", strArr).set("userTypes", ((AccountAllocateConfig) this.accountConfigService.loadConfig("ACCOUNT_ALLOCATE_CONFIG", AccountAllocateConfig.class)).getLoginNameAllocate().getAutoAllocateUserType()).toMap();
        BeanEntityDef entityDef = super.getEntityDef("ACCOUNT_CREDENTIAL");
        BeanEntityDef entityDef2 = super.getEntityDef("ACCOUNT");
        BeanEntityDef entityDef3 = super.getEntityDef(UserService.TABLE_USER);
        SelectBuilder selectBuilder = new SelectBuilder(map);
        selectBuilder.bindFields("a", BeanDefUtils.includeField(entityDef2.getFieldList(), new String[]{"accountId"}));
        selectBuilder.from("u", entityDef3).leftJoinOn("a", entityDef2, "userId").leftJoinOn("c", entityDef, "accountId").where().and("u.user_type", ConditionBuilder.ConditionType.IN, "userTypes").and("a.account_name", ConditionBuilder.ConditionType.IN, "accountNames");
        List valueList = super.list(selectBuilder.build()).getValueList("accountId", true);
        if (valueList.isEmpty()) {
            return;
        }
        map.put("accountIds", (String[]) valueList.stream().map(obj -> {
            return obj.toString();
        }).toArray(i -> {
            return new String[i];
        }));
        DeleteBuilder deleteBuilder = new DeleteBuilder(entityDef, map);
        deleteBuilder.where().and("account_id", ConditionBuilder.ConditionType.NOT_IN, "accountIds");
        super.executeUpdate(deleteBuilder.build());
        DeleteBuilder deleteBuilder2 = new DeleteBuilder(entityDef2, map);
        deleteBuilder2.where().and("account_id", ConditionBuilder.ConditionType.NOT_IN, "accountIds");
        super.executeUpdate(deleteBuilder2.build());
    }

    private List<User> listUsersWithOutAccount(Integer[] numArr) {
        BeanEntityDef entityDef = super.getEntityDef("ACCOUNT_CREDENTIAL");
        BeanEntityDef entityDef2 = super.getEntityDef("ACCOUNT");
        BeanEntityDef entityDef3 = super.getEntityDef(UserService.TABLE_USER);
        SelectBuilder selectBuilder = new SelectBuilder(ParamMap.create("userTypes", numArr).toMap());
        selectBuilder.bindFields("u", entityDef3.getFieldList());
        selectBuilder.bindFields("a", BeanDefUtils.includeField(entityDef2.getFieldList(), new String[]{"accountId"}));
        selectBuilder.from("u", entityDef3).leftJoinOn("a", entityDef2, "userId").leftJoinOn("c", entityDef, "accountId").where().and("u.user_type", ConditionBuilder.ConditionType.IN, "userTypes").and("a.account_id", ConditionBuilder.ConditionType.IS_NULL);
        return super.listForBean(selectBuilder.build(), User::new);
    }
}
