package com.jxdinfo.hussar.support.security.plugin.oauth2.logic;

import com.jxdinfo.hussar.platform.core.base.apiresult.ApiResponse;
import com.jxdinfo.hussar.platform.core.base.apiresult.ResultCode;
import com.jxdinfo.hussar.platform.core.support.service.dto.LoginUser;
import com.jxdinfo.hussar.platform.core.support.service.dto.UserDetails;
import com.jxdinfo.hussar.platform.core.utils.HussarUtils;
import com.jxdinfo.hussar.support.security.core.context.SecurityHolder;
import com.jxdinfo.hussar.support.security.core.context.model.SecurityRequest;
import com.jxdinfo.hussar.support.security.core.context.model.SecurityResponse;
import com.jxdinfo.hussar.support.security.core.stp.SecurityTokenInfo;
import com.jxdinfo.hussar.support.security.core.stp.SecurityUtil;
import com.jxdinfo.hussar.support.security.core.util.SecurityFoxUtil;
import com.jxdinfo.hussar.support.security.plugin.oauth2.SecurityOAuth2Manager;
import com.jxdinfo.hussar.support.security.plugin.oauth2.config.SecurityOAuth2Config;
import com.jxdinfo.hussar.support.security.plugin.oauth2.exception.SecurityOAuth2Exception;
import com.jxdinfo.hussar.support.security.plugin.oauth2.listener.HussarSecurityOauthListener;
import com.jxdinfo.hussar.support.security.plugin.oauth2.logic.SecurityOAuth2Constants;
import com.jxdinfo.hussar.support.security.plugin.oauth2.logic.service.SecurityOAuth2HandleService;
import com.jxdinfo.hussar.support.security.plugin.oauth2.model.AccessTokenModel;
import com.jxdinfo.hussar.support.security.plugin.oauth2.model.RefreshTokenModel;
import com.jxdinfo.hussar.support.security.plugin.oauth2.model.RequestAuthModel;
import com.jxdinfo.hussar.support.security.plugin.oauth2.model.SecurityClientModel;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;

/* loaded from: input_file:com/jxdinfo/hussar/support/security/plugin/oauth2/logic/DefaultSecurityOAuth2HandleService.class */
public class DefaultSecurityOAuth2HandleService implements SecurityOAuth2HandleService {
    private static Logger LOGGER = LoggerFactory.getLogger(DefaultSecurityOAuth2HandleService.class);

    @Autowired
    private HussarSecurityOauthListener hussarSecurityOauthListener;

    @Override // com.jxdinfo.hussar.support.security.plugin.oauth2.logic.service.SecurityOAuth2HandleService
    public synchronized Object oauth2Request() {
        SecurityRequest request = SecurityHolder.getRequest();
        SecurityResponse response = SecurityHolder.getResponse();
        SecurityOAuth2Config config = SecurityOAuth2Manager.getConfig();
        if (request.isPath(SecurityOAuth2Constants.Api.authorize) && request.isParam(SecurityOAuth2Constants.Param.response_type, SecurityOAuth2Constants.ResponseType.code) && config.isCode.booleanValue()) {
            return authorize(request, response, config);
        }
        if (request.isPath(SecurityOAuth2Constants.Api.token) && request.isParam(SecurityOAuth2Constants.Param.grant_type, SecurityOAuth2Constants.GrantType.authorization_code)) {
            return token(request, response, config);
        }
        if (request.isPath(SecurityOAuth2Constants.Api.refresh) && request.isParam(SecurityOAuth2Constants.Param.grant_type, SecurityOAuth2Constants.GrantType.refresh_token)) {
            return refreshToken(request);
        }
        if (request.isPath(SecurityOAuth2Constants.Api.revoke)) {
            return revokeToken(request);
        }
        if (request.isPath(SecurityOAuth2Constants.Api.doLogin)) {
            return doLogin(request, response, config);
        }
        if (request.isPath(SecurityOAuth2Constants.Api.doConfirm)) {
            return doConfirm(request);
        }
        if (request.isPath(SecurityOAuth2Constants.Api.authorize) && request.isParam(SecurityOAuth2Constants.Param.response_type, SecurityOAuth2Constants.ResponseType.token) && config.isImplicit.booleanValue()) {
            return authorize(request, response, config);
        }
        if (request.isPath(SecurityOAuth2Constants.Api.token) && request.isParam(SecurityOAuth2Constants.Param.grant_type, SecurityOAuth2Constants.GrantType.password) && config.isPassword.booleanValue()) {
            return password(request, response, config);
        }
        if (request.isPath(SecurityOAuth2Constants.Api.client_token) && request.isParam(SecurityOAuth2Constants.Param.grant_type, SecurityOAuth2Constants.GrantType.client_credentials) && config.isClient.booleanValue()) {
            return clientToken(request, response, config);
        }
        SecurityOAuth2Exception.throwBy(true, "认证方法中无{\"msg\": \"not handle\"}");
        return SecurityOAuth2Constants.NOT_HANDLE;
    }

    @Override // com.jxdinfo.hussar.support.security.plugin.oauth2.logic.service.SecurityOAuth2HandleService
    public Object authorize(SecurityRequest securityRequest, SecurityResponse securityResponse, SecurityOAuth2Config securityOAuth2Config) {
        if (!SecurityUtil.isLogin()) {
            return securityOAuth2Config.notLoginView.get();
        }
        RequestAuthModel generateRequestAuth = SecurityOAuth2Util.generateRequestAuth(securityRequest, SecurityUtil.getLoginId());
        SecurityOAuth2Util.checkRightUrl(generateRequestAuth.clientId, generateRequestAuth.redirectUri);
        SecurityOAuth2Util.checkContract(generateRequestAuth.clientId, generateRequestAuth.scope);
        if (!SecurityOAuth2Util.isGrant(generateRequestAuth.loginId, generateRequestAuth.clientId, generateRequestAuth.scope)) {
            return securityOAuth2Config.confirmView.apply(generateRequestAuth.clientId, generateRequestAuth.scope);
        }
        if (SecurityOAuth2Constants.ResponseType.code.equals(generateRequestAuth.responseType)) {
            return securityResponse.redirect(SecurityOAuth2Util.buildRedirectUri(generateRequestAuth.redirectUri, SecurityOAuth2Util.generateCode(generateRequestAuth).code, generateRequestAuth.state));
        }
        if (!SecurityOAuth2Constants.ResponseType.token.equals(generateRequestAuth.responseType)) {
            throw new SecurityOAuth2Exception("无效response_type: " + generateRequestAuth.responseType);
        }
        SecurityTokenInfo tokenInfo = SecurityUtil.getTokenInfo();
        return securityResponse.redirect(SecurityOAuth2Util.buildImplicitRedirectUri(generateRequestAuth.redirectUri, SecurityOAuth2Util.generateAccessToken(generateRequestAuth, false, tokenInfo.getTokenValue(), tokenInfo.getLoginType()).accessToken, generateRequestAuth.state));
    }

    @Override // com.jxdinfo.hussar.support.security.plugin.oauth2.logic.service.SecurityOAuth2HandleService
    public Object token(SecurityRequest securityRequest, SecurityResponse securityResponse, SecurityOAuth2Config securityOAuth2Config) {
        String paramNotNull = securityRequest.getParamNotNull(SecurityOAuth2Constants.Param.code);
        SecurityOAuth2Util.checkGainTokenParam(paramNotNull, securityRequest.getHeaderNotNull(SecurityOAuth2Constants.Param.client_id), securityRequest.getHeaderNotNull(SecurityOAuth2Constants.Param.client_secret), securityRequest.getParam(SecurityOAuth2Constants.Param.redirect_uri));
        return ApiResponse.success(SecurityOAuth2Util.generateAccessToken(paramNotNull).toLineMap());
    }

    @Override // com.jxdinfo.hussar.support.security.plugin.oauth2.logic.service.SecurityOAuth2HandleService
    public Object doLogin(SecurityRequest securityRequest, SecurityResponse securityResponse, SecurityOAuth2Config securityOAuth2Config) {
        String paramNotNull = securityRequest.getParamNotNull(SecurityOAuth2Constants.Param.name);
        String paramNotNull2 = securityRequest.getParamNotNull(SecurityOAuth2Constants.Param.pwd);
        String param = securityRequest.getParam(SecurityOAuth2Constants.Param.tenant_code);
        String headerNotNull = securityRequest.getHeaderNotNull(SecurityOAuth2Constants.Param.client_id);
        LoginUser loginUser = new LoginUser();
        loginUser.setUserName(paramNotNull);
        loginUser.setPassword(paramNotNull2);
        loginUser.setTenantCode(param);
        loginUser.setClientId(headerNotNull);
        return securityOAuth2Config.doLoginHandle.apply(loginUser);
    }

    @Override // com.jxdinfo.hussar.support.security.plugin.oauth2.logic.service.SecurityOAuth2HandleService
    public Object doConfirm(SecurityRequest securityRequest) {
        SecurityOAuth2Util.saveGrantScope(securityRequest.getHeaderNotNull(SecurityOAuth2Constants.Param.client_id), SecurityUtil.getLoginId(), securityRequest.getParamNotNull(SecurityOAuth2Constants.Param.scope));
        return ApiResponse.success("操作成功");
    }

    @Override // com.jxdinfo.hussar.support.security.plugin.oauth2.logic.service.SecurityOAuth2HandleService
    public Object password(SecurityRequest securityRequest, SecurityResponse securityResponse, SecurityOAuth2Config securityOAuth2Config) {
        String paramNotNull = securityRequest.getParamNotNull(SecurityOAuth2Constants.Param.username);
        String paramNotNull2 = securityRequest.getParamNotNull(SecurityOAuth2Constants.Param.password);
        String headerNotNull = securityRequest.getHeaderNotNull(SecurityOAuth2Constants.Param.client_id);
        String param = securityRequest.getParam(SecurityOAuth2Constants.Param.tenant_code);
        SecurityClientModel checkClientModel = SecurityOAuth2Util.checkClientModel(headerNotNull);
        SecurityOAuth2Exception.throwBy(!SecurityOAuth2Util.checkClientGrantype(SecurityOAuth2Constants.GrantType.password, checkClientModel), "认证失败，此clientId=" + headerNotNull + ",不支持密码模式登陆");
        SecurityHolder.getStorage().set(SecurityUtil.securityLogic.splicingKeyJustCreatedSave(), "no-token");
        LoginUser loginUser = new LoginUser();
        loginUser.setPassword(paramNotNull2).setUserName(paramNotNull).setTenantCode(param).setClientId(headerNotNull);
        loginUser.setExtendMap(SecurityFoxUtil.getParamsMapExcludeParam(SecurityFoxUtil.toList(new String[]{SecurityOAuth2Constants.Param.username, SecurityOAuth2Constants.Param.password, SecurityOAuth2Constants.Param.client_id, SecurityOAuth2Constants.Param.tenant_code}), securityRequest.getParamsMap()));
        ApiResponse apiResponse = (ApiResponse) securityOAuth2Config.doLoginHandle.apply(loginUser);
        if (HussarUtils.isEmpty(apiResponse) || (apiResponse.getCode() != ResultCode.SUCCESS.getCode() && HussarUtils.isEmpty(apiResponse.getData()))) {
            SecurityOAuth2Exception.throwBy(true, "认证失败！");
        }
        UserDetails userDetails = (UserDetails) apiResponse.getData();
        if (!SecurityUtil.isLogin()) {
            return apiResponse;
        }
        RequestAuthModel requestAuthModel = new RequestAuthModel();
        requestAuthModel.clientId = headerNotNull;
        requestAuthModel.loginId = userDetails.getLoginId();
        requestAuthModel.scope = securityRequest.getParam(SecurityOAuth2Constants.Param.scope, "");
        requestAuthModel.expiresTime = checkClientModel.getAccessTokenValidTime();
        requestAuthModel.refreshExpiresTime = checkClientModel.getRefreshTokenValidTime();
        AccessTokenModel generateAccessToken = SecurityOAuth2Util.generateAccessToken(requestAuthModel, true, userDetails.getTokenValue(), userDetails.getLoginType());
        UserDetails userDetails2 = SecurityUtil.getTokenSession().getUserDetails();
        userDetails2.setAccessToken(generateAccessToken.accessToken);
        SecurityUtil.getTokenSession().addUserDetailToTokenSession(userDetails2, userDetails.getTokenValue());
        this.hussarSecurityOauthListener.loginSuccess(userDetails2);
        return ApiResponse.success(generateAccessToken.toLineMap());
    }

    @Override // com.jxdinfo.hussar.support.security.plugin.oauth2.logic.service.SecurityOAuth2HandleService
    public Object clientToken(SecurityRequest securityRequest, SecurityResponse securityResponse, SecurityOAuth2Config securityOAuth2Config) {
        String headerNotNull = securityRequest.getHeaderNotNull(SecurityOAuth2Constants.Param.client_id);
        String headerNotNull2 = securityRequest.getHeaderNotNull(SecurityOAuth2Constants.Param.client_secret);
        String param = securityRequest.getParam(SecurityOAuth2Constants.Param.scope);
        SecurityClientModel checkClientSecret = SecurityOAuth2Util.checkClientSecret(headerNotNull, headerNotNull2);
        SecurityOAuth2Exception.throwBy(!SecurityOAuth2Util.checkClientGrantype(SecurityOAuth2Constants.GrantType.client_credentials, checkClientSecret), "认证失败，此clientId=" + headerNotNull + ",不支持客户端模式");
        SecurityOAuth2Util.checkClientScope(param, checkClientSecret);
        return ApiResponse.success(SecurityOAuth2Util.generateClientToken(checkClientSecret, param).toLineMap());
    }

    @Override // com.jxdinfo.hussar.support.security.plugin.oauth2.logic.service.SecurityOAuth2HandleService
    public Object refreshToken(SecurityRequest securityRequest) {
        AccessTokenModel accessToken;
        String headerNotNull = securityRequest.getHeaderNotNull(SecurityOAuth2Constants.Param.client_id);
        securityRequest.getHeader(SecurityOAuth2Constants.Param.client_secret);
        String paramNotNull = securityRequest.getParamNotNull(SecurityOAuth2Constants.Param.refresh_token);
        SecurityOAuth2Exception.throwBy(HussarUtils.isEmpty(headerNotNull), "刷新token失败, clientId不能为空");
        SecurityOAuth2Exception.throwBy(HussarUtils.isEmpty(paramNotNull), "刷新token失败, refreshToken不能为空");
        RefreshTokenModel refreshToken = SecurityOAuth2Util.getRefreshToken(paramNotNull);
        if (refreshToken == null) {
            return ApiResponse.fail(4107, "refreshToken已过期，请重新登录");
        }
        SecurityOAuth2Exception.throwBy(!refreshToken.clientId.equals(headerNotNull), "无效client_id: " + headerNotNull);
        SecurityOAuth2Config config = SecurityOAuth2Manager.getConfig();
        String headerNotNull2 = securityRequest.getHeaderNotNull(config.getHeaderTokenKey());
        if (HussarUtils.isNotEmpty(headerNotNull2) && (accessToken = SecurityOAuth2Util.getAccessToken(headerNotNull2)) != null) {
            SecurityOAuth2Exception.throwBy(!accessToken.clientId.equals(headerNotNull), "无效client_id: " + headerNotNull);
            SecurityOAuth2Exception.throwBy(!accessToken.refreshToken.equals(paramNotNull), "传递refreshToken有误，无法刷新token");
            if (config.getRefreshTokenThreshold() > 0 && accessToken.getExpiresIn() > config.getRefreshTokenThreshold()) {
                return ApiResponse.success(accessToken.toLineMap());
            }
        }
        return ApiResponse.success(SecurityOAuth2Util.refreshAccessToken(paramNotNull).toLineMap());
    }

    @Override // com.jxdinfo.hussar.support.security.plugin.oauth2.logic.service.SecurityOAuth2HandleService
    public Object revokeToken(SecurityRequest securityRequest) {
        String headerNotNull = securityRequest.getHeaderNotNull(SecurityOAuth2Constants.Param.client_id);
        String headerNotNull2 = securityRequest.getHeaderNotNull(SecurityOAuth2Manager.getConfig().getHeaderTokenKey());
        AccessTokenModel accessToken = SecurityOAuth2Util.getAccessToken(headerNotNull2);
        SecurityOAuth2Exception.throwBy(HussarUtils.isEmpty(accessToken) || !HussarUtils.equals(accessToken.clientId, headerNotNull), "参数有误，操作失败");
        SecurityOAuth2Util.checkClientModel(headerNotNull);
        SecurityOAuth2Util.revokeAccessToken(headerNotNull2);
        return ApiResponse.success("操作成功");
    }
}
