package kd.bos.openapi.base.security.oauth.token.impl;

import java.util.Base64;
import java.util.Date;
import kd.bos.dataentity.resource.ResManager;
import kd.bos.login.utils.DateUtils;
import kd.bos.login.utils.LoginUtils;
import kd.bos.openapi.base.util.DistributeCacheUtil;
import kd.bos.openapi.base.util.ShaSignUtils;
import kd.bos.openapi.base.util.ThirdAppSecurityUtil;
import kd.bos.openapi.common.constant.ApiErrorCode;
import kd.bos.openapi.common.constant.ResSystemType;
import kd.bos.openapi.common.exception.OpenApiException;
import kd.bos.openapi.common.util.DateUtil;
import kd.bos.openapi.common.util.StringUtil;
import kd.bos.openapi.form.plugin.thirdapp.entity.StrategyTypeCodeEnum;
import kd.bos.openapi.security.model.Open3rdappsDto;
import kd.bos.openapi.security.oauth.token.ApiTokenService;
import kd.bos.util.PasswordEncryptUtil;
import kd.bos.util.StringUtils;

/* loaded from: input_file:kd/bos/openapi/base/security/oauth/token/impl/AbstractApiTokenService.class */
public abstract class AbstractApiTokenService implements ApiTokenService {
    public String getVersion() {
        return "v1";
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void checkLock(String str, String str2, String str3) {
        String str4 = "AD_FAIL_LOCK_" + str;
        String cacheByKey = DistributeCacheUtil.getCacheByKey("CACHE_TYPE_CLIENT_ID_LOCK", str4, str3);
        if (StringUtil.isNotEmpty(cacheByKey) && "ad_lock_key".equals(cacheByKey)) {
            throw new OpenApiException(ApiErrorCode.HTTP_UNAUTHORIZED, String.format(ResManager.loadKDString("不正确的第三方应用编码client_id或client_secret的访问错误已连续5次，该帐号登录已锁定，请在%1$s秒后再试。", "ApiTokenServiceImpl_9", ResSystemType.BASE.getType(), new Object[0]), 180), new Object[0]);
        }
        if (StringUtil.isNotEmpty(cacheByKey) && StrategyTypeCodeEnum.SIGN_AUTH_CODE.equals(cacheByKey)) {
            DistributeCacheUtil.setCacheByKey("CACHE_TYPE_CLIENT_ID_LOCK", str4, "ad_lock_key", str3, 180);
            throw new OpenApiException(ApiErrorCode.HTTP_UNAUTHORIZED, String.format(ResManager.loadKDString("不正确的第三方应用编码client_id或client_secret的访问错误已连续5次，该帐号登录已锁定，请在%1$s秒后再试。", "ApiTokenServiceImpl_9", ResSystemType.BASE.getType(), new Object[0]), 180), new Object[0]);
        }
        Open3rdappsDto thirdByAccountAndAppId = ThirdAppSecurityUtil.getThirdByAccountAndAppId(str3, str);
        if (PasswordEncryptUtil.checkPasswordWithSalt(LoginUtils.getCorrectUserIDSalt(String.valueOf(thirdByAccountAndAppId.getFid())), str2, thirdByAccountAndAppId.getAccessToken())) {
            DistributeCacheUtil.removeCacheByKey("CACHE_TYPE_CLIENT_ID_LOCK", str4, str3);
        } else {
            String str5 = StringUtil.isEmpty(cacheByKey) ? StrategyTypeCodeEnum.ACCESS_TOKEN_CODE : (Integer.parseInt(cacheByKey) + 1) + "";
            DistributeCacheUtil.setCacheByKey("CACHE_TYPE_CLIENT_ID_LOCK", str4, str5, str3, 180);
            throw new OpenApiException(ApiErrorCode.HTTP_UNAUTHORIZED, String.format(ResManager.loadKDString("第三方应用（client_id）或AccessToken密钥（client_secret） 不正确, 第 %1$s 次密钥验证失败。", "ApiTokenServiceImpl_10", ResSystemType.BASE.getType(), new Object[0]), str5), new Object[0]);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String getRealToken(String str) {
        if (StringUtil.isEmpty(str)) {
            return str;
        }
        if (str.indexOf("OPENAPIAUTH_") != 0) {
            throw new OpenApiException(ApiErrorCode.Data_Invalid, ResManager.loadKDString("无效Token，请检查。", "ApiTokenServiceImpl_18", ResSystemType.BASE.getType(), new Object[0]), new Object[0]);
        }
        return new String(Base64.getUrlDecoder().decode(str.substring("OPENAPIAUTH_".length())));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String getNewToken(String str) {
        return "OPENAPIAUTH_" + Base64.getUrlEncoder().encodeToString(str.getBytes());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void checkDateTimeAndSignture(String str, String str2, String str3) {
        if (StringUtil.isEmpty(str)) {
            throw new OpenApiException(ApiErrorCode.Data_Invalid, ResManager.loadKDString("参数错误:缺少nonce参数。", "SignAuthCheckServiceImpl_13", "bos-open-base", new Object[0]), new Object[0]);
        }
        if (StringUtil.isEmpty(str2)) {
            throw new OpenApiException(ApiErrorCode.Data_Invalid, ResManager.loadKDString("参数错误:缺少timestamp参数。", "SignAuthCheckServiceImpl_8", "bos-open-base", new Object[0]), new Object[0]);
        }
        Date time = StringUtils.isNumericString(str2) ? DateUtil.getTime(str2) : DateUtils.parseDateTime(str2, "yyyy-MM-dd HH:mm:ss");
        if (time == null) {
            throw new OpenApiException(ApiErrorCode.Data_Invalid, ResManager.loadKDString("参数错误:timestamp参数不是正确的日期格式，正确的格式是：{0}", "SignAuthCheckServiceImpl_9", "bos-open-base", new Object[]{"yyyy-MM-dd HH:mm:ss"}), new Object[0]);
        }
        int signRangeMinutes = ShaSignUtils.getSignRangeMinutes(str3);
        if (Math.abs(new Date().getTime() - time.getTime()) / 60000 > signRangeMinutes) {
            throw new OpenApiException(ApiErrorCode.Data_Invalid, ResManager.loadKDString("参数错误:timestamp参数不在正确的时间范围。", "SignAuthCheckServiceImpl_10", "bos-open-base", new Object[0]), new Object[0]);
        }
        String cacheByKey = DistributeCacheUtil.getCacheByKey("TokenAuthCheck", str, str3);
        if (StringUtil.isNotEmpty(cacheByKey)) {
            throw new OpenApiException(ApiErrorCode.Data_Invalid, ResManager.loadKDString("本次参数nonce:{0}已经调用过了，不需要重复调用。", "SignAuthCheckServiceImpl_14", "bos-open-base", new Object[]{cacheByKey}), new Object[0]);
        }
        DistributeCacheUtil.setCacheByKey("TokenAuthCheck", str, StrategyTypeCodeEnum.ACCESS_TOKEN_CODE, str3, signRangeMinutes * 60);
    }
}
