package com.thinkit.security.config;

import cn.hutool.core.collection.CollUtil;
import com.google.common.collect.Sets;
import com.thinkit.core.base.BaseContextKit;
import com.thinkit.core.handler.CustomException;
import com.thinkit.nosql.base.BaseRedisService;
import com.thinkit.utils.enums.UserFrom;
import com.thinkit.utils.utils.Checker;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.core.Authentication;
import org.springframework.security.oauth2.provider.token.store.JwtTokenStore;

/* loaded from: input_file:com/thinkit/security/config/AbsCustomJwtHandler.class */
public abstract class AbsCustomJwtHandler {

    @Autowired
    BaseRedisService<String, Object> baseRedisService;

    public abstract void handlerJwtToken(Authentication authentication, JwtTokenStore jwtTokenStore, HttpServletRequest httpServletRequest) throws CustomException;

    /* JADX INFO: Access modifiers changed from: protected */
    public void handAppUserSession(Map<String, Object> map, UserFrom userFrom) {
        handPlatUserSession(map, userFrom);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void handPlatUserSession(Map<String, Object> map, UserFrom userFrom) {
        String obj = Checker.BeNull(map.get("Default-Site")) ? null : map.get("Default-Site").toString();
        String obj2 = Checker.BeNull(map.get("userId")) ? null : map.get("userId").toString();
        String obj3 = Checker.BeNull(map.get("userAccount")) ? null : map.get("userAccount").toString();
        String obj4 = Checker.BeNull(map.get("orgId")) ? null : map.get("orgId").toString();
        HashSet newHashSet = Checker.BeNotNull(map.get("userRoleSign")) ? CollUtil.newHashSet((List) map.get("userRoleSign")) : Sets.newHashSet();
        ckparameters(obj2, obj3);
        checkUserLock("LOCK_ACCOUNT:LOCKED." + userFrom.getClientId() + "." + obj2);
        BaseContextKit.setUserId(obj2);
        BaseContextKit.setAccount(obj3);
        BaseContextKit.setUserClient(userFrom.getClientId());
        BaseContextKit.setRoleSign(newHashSet);
        BaseContextKit.setSiteId(obj);
        BaseContextKit.setOrgId(obj4);
    }

    private void ckparameters(String... strArr) {
        if (strArr.length > 0) {
            for (String str : strArr) {
                if (Checker.BeBlank(str).booleanValue()) {
                    throw new AccessDeniedException("Invalid jwt token!");
                }
            }
        }
    }

    private void checkUserLock(String str) {
        if (this.baseRedisService.hasKey(str).booleanValue()) {
            throw new AccessDeniedException("账号已被锁定,请联系管理员!");
        }
    }

    private void checkAllowMulitLogin(String str, String str2) {
        if (Checker.BeNotBlank(str).booleanValue() && Checker.BeNotBlank(str2).booleanValue()) {
            Object obj = this.baseRedisService.get("allow_multi_login_key:" + str);
            if (Checker.BeNotNull(obj) && !str2.equals(obj.toString())) {
                throw new AccessDeniedException("您的账号已经在别处登录,您被迫下线! ");
            }
        }
    }
}
