package kd.bos.openapi.base.security.auth.impl;

import java.util.Base64;
import kd.bos.dataentity.resource.ResManager;
import kd.bos.logging.Log;
import kd.bos.logging.LogFactory;
import kd.bos.openapi.base.security.api.impl.ApiSecurityFactory;
import kd.bos.openapi.base.security.auth.AuthCheckService;
import kd.bos.openapi.base.util.DistributeCacheUtil;
import kd.bos.openapi.common.constant.ApiErrorCode;
import kd.bos.openapi.common.constant.ResSystemType;
import kd.bos.openapi.common.exception.OpenApiException;
import kd.bos.openapi.common.util.JacksonUtil;
import kd.bos.openapi.common.util.StringUtil;
import kd.bos.service.authorize.model.AccessTokenInfo;
import kd.bos.service.authorize.model.ApiCommonResult;
import kd.bos.service.authorize.model.AuthInfo;
import kd.bos.service.authorize.model.AuthResult;
import kd.bos.service.authorize.model.OAuth2Authentication;

/* loaded from: input_file:kd/bos/openapi/base/security/auth/impl/AccessTokenAuthCheckServiceImpl.class */
public class AccessTokenAuthCheckServiceImpl implements AuthCheckService {
    private static final Log log = LogFactory.getLog(AccessTokenAuthCheckServiceImpl.class);

    @Override // kd.bos.openapi.base.security.auth.AuthCheckService
    public AuthResult doAuthCheck(AuthInfo authInfo) {
        if (authInfo == null || StringUtil.isEmpty(authInfo.getAccessToken())) {
            return AuthResult.fail(ResManager.loadKDString("认证不通过，参数为空", "BasicAuthCheckServiceImpl_0", ResSystemType.BASE.getType(), new Object[0]));
        }
        String accessToken = authInfo.getAccessToken();
        String cacheByKey = DistributeCacheUtil.getCacheByKey("AUTH_ACCESS_TOKEN_CACHE", "ACCESS_TOKEN_KEY_" + accessToken, "CACHE_OPENAPI_AUTH");
        if (StringUtil.isEmpty(cacheByKey)) {
            return AuthResult.fail(ResManager.loadKDString("AccessToken认证不通过，token已过期", "BasicAuthCheckServiceImpl_0", ResSystemType.BASE.getType(), new Object[0]));
        }
        OAuth2Authentication oAuth2Authentication = (OAuth2Authentication) JacksonUtil.readValue(cacheByKey, OAuth2Authentication.class);
        if (oAuth2Authentication == null) {
            return AuthResult.fail(ResManager.loadKDString("AccessToken认证不通过，token已过期", "BasicAuthCheckServiceImpl_0", ResSystemType.BASE.getType(), new Object[0]));
        }
        try {
            String str = new String(Base64.getUrlDecoder().decode(accessToken.substring("OPENAPIAUTH_".length())));
            OAuth2Authentication oAuth2Authentication2 = new OAuth2Authentication();
            AccessTokenInfo accessTokenInfo = new AccessTokenInfo();
            accessTokenInfo.setToken(str);
            oAuth2Authentication2.setToken(accessTokenInfo);
            oAuth2Authentication2.setAccountId(authInfo.getAccountId());
            ApiCommonResult verifyAccessToken = ApiSecurityFactory.getAccessTokenService().verifyAccessToken(oAuth2Authentication2);
            if (!verifyAccessToken.getStatus().booleanValue()) {
                return AuthResult.fail(ResManager.loadKDString("AccessToken认证不通过", "BasicAuthCheckServiceImpl_0", ResSystemType.BASE.getType(), new Object[0]));
            }
            AuthResult authResult = new AuthResult();
            authResult.setThirdId(oAuth2Authentication.getThirdId());
            authResult.setThirdAppNumber(oAuth2Authentication.getThirdAppNumber());
            authResult.setAgentUserId(oAuth2Authentication.getAgentUserId());
            authResult.setStatus(verifyAccessToken.getStatus().booleanValue());
            authResult.setAccessToken(str);
            authResult.setAccountId(oAuth2Authentication.getAccountId());
            return authResult;
        } catch (Exception e) {
            throw new OpenApiException(ApiErrorCode.HTTP_UNAUTHORIZED, ResManager.loadKDString("AccessToken认证未通过。", "OAuth2Filter_2", ResSystemType.KCF.getType(), new Object[0]), new Object[0]);
        }
    }
}
