package kd.bos.mc.init;

import com.alibaba.fastjson.JSONObject;
import java.util.Arrays;
import java.util.Base64;
import javax.servlet.http.HttpServletRequest;
import kd.bos.dataentity.resource.ResManager;
import kd.bos.encrypt.Encrypters;
import kd.bos.logging.Log;
import kd.bos.logging.LogFactory;
import kd.bos.mc.init.exception.MCInitException;
import kd.bos.mc.init.helper.MCInitDBHelper;
import kd.bos.mc.init.utils.ZKHelper;
import kd.bos.util.StringUtils;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:kd/bos/mc/init/MCServerAuth.class */
public class MCServerAuth {
    private static final String CODE_INVALID = "400";
    private static final int TIME_TO_AUTH = 5;
    private static final Log LOGGER = LogFactory.getLog(MCServerAuth.class);

    MCServerAuth() {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String doAuth(HttpServletRequest httpServletRequest) {
        JSONObject jSONObject = MCInitDBHelper.get(httpServletRequest);
        if (jSONObject.isEmpty()) {
            return ResManager.loadKDString("未初始化MC，无需认证。", "MCServerAuth_0", "bos-mc-init", new Object[0]);
        }
        String tokenKey = getTokenKey(jSONObject);
        if (getAuthTimes(tokenKey) >= TIME_TO_AUTH) {
            throw new MCInitException(ResManager.loadKDString("身份认证已锁定，请联系管理员。", "MCServerAuth_1", "bos-mc-init", new Object[0]));
        }
        String parameter = httpServletRequest.getParameter(MCInitDBHelper.PWD);
        if (StringUtils.isEmpty(parameter)) {
            parameter = MCServerApi.getRequestData(httpServletRequest).getString(MCInitDBHelper.PWD);
        }
        if (StringUtils.isEmpty(parameter)) {
            throw new MCInitException(ResManager.loadKDString("请输入数据库密码。", "MCServerAuth_2", "bos-mc-init", new Object[0]));
        }
        byte[] decode = Base64.getDecoder().decode(parameter);
        if (Arrays.equals(decode, Encrypters.decode(jSONObject.getString(MCInitDBHelper.PWD)).getBytes())) {
            ZKHelper.setMCInitToken(tokenKey, Encrypters.encode(new String(decode)));
            LOGGER.info("Operation for MC initializing is authenticated.");
            Arrays.fill(decode, (byte) 0);
            ZKHelper.removeCache();
            return ResManager.loadKDString("认证成功。", "MCServerAuth_4", "bos-mc-init", new Object[0]);
        }
        int authTimes = getAuthTimes(tokenKey) + 1;
        ZKHelper.setMCInitToken(tokenKey, String.valueOf(authTimes));
        if (authTimes >= TIME_TO_AUTH) {
            throw new MCInitException(ResManager.loadKDString("身份认证已锁定，请联系管理员。", "MCServerAuth_1", "bos-mc-init", new Object[0]));
        }
        throw new MCInitException(String.format(ResManager.loadKDString("数据库密码错误，请重试(仍可尝试 %s 次)。", "MCServerAuth_3", "bos-mc-init", new Object[0]), Integer.valueOf(TIME_TO_AUTH - authTimes)));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void checkAuthenticated(HttpServletRequest httpServletRequest) {
        JSONObject jSONObject = MCInitDBHelper.get(httpServletRequest);
        if (jSONObject.isEmpty()) {
            return;
        }
        String mCInitToken = ZKHelper.getMCInitToken(getTokenKey(jSONObject));
        if (StringUtils.isEmpty(mCInitToken)) {
            throw new MCInitException(CODE_INVALID, ResManager.loadKDString("当前操作需要认证", "MCServerAuth_5", "bos-mc-init", new Object[0]));
        }
        if (!Encrypters.decode(jSONObject.getString(MCInitDBHelper.PWD)).equals(Encrypters.decode(mCInitToken))) {
            throw new MCInitException(CODE_INVALID, ResManager.loadKDString("当前操作需要认证", "MCServerAuth_5", "bos-mc-init", new Object[0]));
        }
    }

    private static int getAuthTimes(String str) {
        String mCInitToken = ZKHelper.getMCInitToken(str);
        if (StringUtils.isEmpty(mCInitToken) || !StringUtils.isNumeric(mCInitToken)) {
            return 0;
        }
        return Integer.parseInt(mCInitToken);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void invalidAuthentication(JSONObject jSONObject) {
        if (jSONObject.isEmpty()) {
            return;
        }
        ZKHelper.removeMCInitToken(getTokenKey(jSONObject));
    }

    private static String getTokenKey(JSONObject jSONObject) {
        String replaceAll = Base64.getEncoder().encodeToString(jSONObject.toJSONString().getBytes()).replaceAll("[\\\\/=]+", StringUtils.getEmpty());
        return replaceAll.substring(replaceAll.length() - 16);
    }
}
