package com.diboot.iam.sso.impl;

import com.baomidou.mybatisplus.core.conditions.Wrapper;
import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
import com.baomidou.mybatisplus.core.toolkit.Wrappers;
import com.diboot.core.exception.BusinessException;
import com.diboot.core.util.JSON;
import com.diboot.core.util.S;
import com.diboot.core.util.V;
import com.diboot.iam.auth.AuthServiceFactory;
import com.diboot.iam.config.Cons;
import com.diboot.iam.dto.SsoAuthorizeInfo;
import com.diboot.iam.entity.IamAccount;
import com.diboot.iam.entity.IamUser;
import com.diboot.iam.service.IamAccountService;
import com.diboot.iam.service.IamUserService;
import com.diboot.iam.sso.SSOManager;
import com.diboot.iam.sso.credential.OAuth2Credential;
import java.lang.invoke.SerializedLambda;
import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;
import java.util.Map;
import java.util.Random;
import lombok.Generated;
import org.apache.commons.codec.binary.Base64;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.http.HttpEntity;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpMethod;
import org.springframework.http.MediaType;
import org.springframework.http.ResponseEntity;
import org.springframework.http.converter.FormHttpMessageConverter;
import org.springframework.stereotype.Service;
import org.springframework.util.LinkedMultiValueMap;
import org.springframework.util.MultiValueMap;
import org.springframework.web.client.RestTemplate;

@ConditionalOnProperty(prefix = "diboot.iam.oauth2", name = {"client-id", "client-secret", "auth-center-url", "access-token-uri", "user-info-uri", "callback"})
@Service
/* loaded from: input_file:com/diboot/iam/sso/impl/OAuthSSOManager.class */
public class OAuthSSOManager implements SSOManager {

    @Generated
    private static final Logger log = LoggerFactory.getLogger(OAuthSSOManager.class);
    private static final String CODE_KEY = "code";
    private static final String STATE_CHARS = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
    private static final String ACCESS_TOKEN = "access_token";
    private static final String TOKEN_TYPE = "token_type";

    @Autowired
    private RestTemplate restTemplate;

    @Autowired
    private IamUserService iamUserService;

    @Autowired
    private IamAccountService iamAccountService;

    @Value("${diboot.iam.oauth2.client-id}")
    private String clientId;

    @Value("${diboot.iam.oauth2.client-secret}")
    private String clientSecret;

    @Value("${diboot.iam.oauth2.auth-center-url}")
    private String authCenterUrl;

    @Value("${diboot.iam.oauth2.access-token-uri}")
    private String accessTokenUri;

    @Value("${diboot.iam.oauth2.user-info-uri}")
    private String userInfoUri;

    @Value("${diboot.iam.oauth2.callback}")
    private String callback;

    @Override // com.diboot.iam.sso.SSOManager
    public String getAuthType() {
        return Cons.DICTCODE_AUTH_TYPE.OAuth2.name();
    }

    @Override // com.diboot.iam.sso.SSOManager
    public SsoAuthorizeInfo getAuthorizeInfo(String str) {
        if (V.isEmpty(str)) {
            str = this.callback;
        }
        if (V.isEmpty(str)) {
            throw new BusinessException("exception.business.SSOManager.nullCallback", new Object[0]);
        }
        try {
            str = URLEncoder.encode(str, "UTF-8");
        } catch (Exception e) {
            log.error("URL编码出错", e);
        }
        String state = getState();
        return new SsoAuthorizeInfo(this.authCenterUrl + "/oauth2/authorize?client_id=" + this.clientId + "&redirect_uri=" + str + "&response_type=code&state=" + state, state);
    }

    @Override // com.diboot.iam.sso.SSOManager
    public String getToken(Map<String, Object> map) {
        if (V.isEmpty(map) || map.get(CODE_KEY) == null) {
            return null;
        }
        String valueOf = String.valueOf(map.get(CODE_KEY));
        LinkedMultiValueMap linkedMultiValueMap = new LinkedMultiValueMap();
        linkedMultiValueMap.add("grant_type", "authorization_code");
        linkedMultiValueMap.add(CODE_KEY, valueOf);
        linkedMultiValueMap.add("redirect_uri", this.callback);
        IamUser syncUserInfo = syncUserInfo(getUserInfo(getAccessToken(linkedMultiValueMap, this.clientId)));
        OAuth2Credential oAuth2Credential = new OAuth2Credential();
        oAuth2Credential.setAuthAccount(syncUserInfo.getUserNum()).setUserType(IamUser.class.getSimpleName()).setAuthType(Cons.DICTCODE_AUTH_TYPE.OAuth2.name());
        return AuthServiceFactory.getAuthService(Cons.DICTCODE_AUTH_TYPE.OAuth2.name()).applyToken(oAuth2Credential);
    }

    protected String getState() {
        StringBuilder sb = new StringBuilder();
        Random random = new Random();
        for (int i = 0; i < 6; i++) {
            sb.append(STATE_CHARS.charAt(random.nextInt(52)));
        }
        return sb.toString();
    }

    protected Map getAccessToken(MultiValueMap<String, String> multiValueMap, String str) {
        HttpHeaders httpHeaders = new HttpHeaders();
        httpHeaders.setContentType(MediaType.APPLICATION_FORM_URLENCODED);
        if (S.isBlank(this.clientSecret)) {
            throw new BusinessException("exception.business.oauthSSOManager.nonConfigClientSecret", new Object[]{str});
        }
        httpHeaders.add("Authorization", "Basic " + Base64.encodeBase64String((str + ":" + this.clientSecret).getBytes(StandardCharsets.UTF_8)));
        HttpEntity httpEntity = new HttpEntity(multiValueMap, httpHeaders);
        this.restTemplate.getMessageConverters().add(new FormHttpMessageConverter());
        return (Map) this.restTemplate.postForEntity(this.accessTokenUri, httpEntity, Map.class, new Object[0]).getBody();
    }

    protected Map getUserInfo(Map map) {
        String valueOf = String.valueOf(map.get(ACCESS_TOKEN));
        String valueOf2 = String.valueOf(map.get(TOKEN_TYPE));
        HttpHeaders httpHeaders = new HttpHeaders();
        if (S.isBlank(valueOf)) {
            throw new BusinessException("exception.business.oauthSSOManager.nullAccessToken", new Object[0]);
        }
        httpHeaders.add("Authorization", valueOf2 + " " + valueOf);
        ResponseEntity exchange = this.restTemplate.exchange(this.userInfoUri, HttpMethod.GET, new HttpEntity(httpHeaders), Map.class, new Object[0]);
        Map map2 = (Map) exchange.getBody();
        if (map2.get(CODE_KEY) == null) {
            return (Map) exchange.getBody();
        }
        if (!V.equals(String.valueOf(map2.get(CODE_KEY)), "0") || map2.get("data") == null) {
            throw new BusinessException("exception.business.oauthSSOManager.ssoLoginFailed", new Object[0]);
        }
        return JSON.toMap(JSON.stringify(map2.get("data")));
    }

    protected IamUser syncUserInfo(Map map) {
        if (V.isEmpty(map)) {
            throw new BusinessException("exception.business.oauthSSOManager.fetchUserInfoFailed", new Object[0]);
        }
        IamUser iamUser = (IamUser) JSON.parseObject(JSON.toJSONString(map), IamUser.class);
        IamUser iamUser2 = (IamUser) this.iamUserService.getSingleEntity((Wrapper) Wrappers.lambdaQuery().eq((v0) -> {
            return v0.getUserNum();
        }, iamUser.getUserNum()));
        if (iamUser2 == null) {
            this.iamUserService.createEntity(iamUser);
        } else {
            iamUser.setId((String) iamUser2.getId());
            this.iamUserService.updateEntity(iamUser);
        }
        if (((IamAccount) this.iamAccountService.getSingleEntity((Wrapper) ((LambdaQueryWrapper) ((LambdaQueryWrapper) ((LambdaQueryWrapper) ((LambdaQueryWrapper) Wrappers.lambdaQuery().eq((v0) -> {
            return v0.getTenantId();
        }, iamUser.getTenantId())).eq((v0) -> {
            return v0.getUserType();
        }, IamUser.class.getSimpleName())).eq((v0) -> {
            return v0.getUserId();
        }, iamUser.getId())).eq((v0) -> {
            return v0.getAuthType();
        }, getAuthType())).eq((v0) -> {
            return v0.getAuthAccount();
        }, iamUser.getUserNum()))) == null) {
            IamAccount iamAccount = new IamAccount();
            iamAccount.setUserType(IamUser.class.getSimpleName()).setTenantId(iamUser.getTenantId()).setUserId((String) iamUser.getId()).setAuthType(getAuthType()).setAuthAccount(iamUser.getUserNum());
            this.iamAccountService.createEntity(iamAccount);
        }
        return iamUser;
    }

    private static /* synthetic */ Object $deserializeLambda$(SerializedLambda serializedLambda) {
        String implMethodName = serializedLambda.getImplMethodName();
        boolean z = -1;
        switch (implMethodName.hashCode()) {
            case -784790920:
                if (implMethodName.equals("getAuthType")) {
                    z = false;
                    break;
                }
                break;
            case 771206363:
                if (implMethodName.equals("getTenantId")) {
                    z = 4;
                    break;
                }
                break;
            case 859984188:
                if (implMethodName.equals("getUserId")) {
                    z = 5;
                    break;
                }
                break;
            case 889711493:
                if (implMethodName.equals("getUserNum")) {
                    z = true;
                    break;
                }
                break;
            case 1771527727:
                if (implMethodName.equals("getAuthAccount")) {
                    z = 3;
                    break;
                }
                break;
            case 1811435291:
                if (implMethodName.equals("getUserType")) {
                    z = 2;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                if (serializedLambda.getImplMethodKind() == 5 && serializedLambda.getFunctionalInterfaceClass().equals("com/baomidou/mybatisplus/core/toolkit/support/SFunction") && serializedLambda.getFunctionalInterfaceMethodName().equals("apply") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("(Ljava/lang/Object;)Ljava/lang/Object;") && serializedLambda.getImplClass().equals("com/diboot/iam/entity/IamAccount") && serializedLambda.getImplMethodSignature().equals("()Ljava/lang/String;")) {
                    return (v0) -> {
                        return v0.getAuthType();
                    };
                }
                break;
            case true:
                if (serializedLambda.getImplMethodKind() == 5 && serializedLambda.getFunctionalInterfaceClass().equals("com/baomidou/mybatisplus/core/toolkit/support/SFunction") && serializedLambda.getFunctionalInterfaceMethodName().equals("apply") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("(Ljava/lang/Object;)Ljava/lang/Object;") && serializedLambda.getImplClass().equals("com/diboot/iam/entity/IamUser") && serializedLambda.getImplMethodSignature().equals("()Ljava/lang/String;")) {
                    return (v0) -> {
                        return v0.getUserNum();
                    };
                }
                break;
            case true:
                if (serializedLambda.getImplMethodKind() == 5 && serializedLambda.getFunctionalInterfaceClass().equals("com/baomidou/mybatisplus/core/toolkit/support/SFunction") && serializedLambda.getFunctionalInterfaceMethodName().equals("apply") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("(Ljava/lang/Object;)Ljava/lang/Object;") && serializedLambda.getImplClass().equals("com/diboot/iam/entity/IamAccount") && serializedLambda.getImplMethodSignature().equals("()Ljava/lang/String;")) {
                    return (v0) -> {
                        return v0.getUserType();
                    };
                }
                break;
            case true:
                if (serializedLambda.getImplMethodKind() == 5 && serializedLambda.getFunctionalInterfaceClass().equals("com/baomidou/mybatisplus/core/toolkit/support/SFunction") && serializedLambda.getFunctionalInterfaceMethodName().equals("apply") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("(Ljava/lang/Object;)Ljava/lang/Object;") && serializedLambda.getImplClass().equals("com/diboot/iam/entity/IamAccount") && serializedLambda.getImplMethodSignature().equals("()Ljava/lang/String;")) {
                    return (v0) -> {
                        return v0.getAuthAccount();
                    };
                }
                break;
            case true:
                if (serializedLambda.getImplMethodKind() == 5 && serializedLambda.getFunctionalInterfaceClass().equals("com/baomidou/mybatisplus/core/toolkit/support/SFunction") && serializedLambda.getFunctionalInterfaceMethodName().equals("apply") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("(Ljava/lang/Object;)Ljava/lang/Object;") && serializedLambda.getImplClass().equals("com/diboot/iam/entity/IamAccount") && serializedLambda.getImplMethodSignature().equals("()Ljava/lang/String;")) {
                    return (v0) -> {
                        return v0.getTenantId();
                    };
                }
                break;
            case true:
                if (serializedLambda.getImplMethodKind() == 5 && serializedLambda.getFunctionalInterfaceClass().equals("com/baomidou/mybatisplus/core/toolkit/support/SFunction") && serializedLambda.getFunctionalInterfaceMethodName().equals("apply") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("(Ljava/lang/Object;)Ljava/lang/Object;") && serializedLambda.getImplClass().equals("com/diboot/iam/entity/IamAccount") && serializedLambda.getImplMethodSignature().equals("()Ljava/lang/String;")) {
                    return (v0) -> {
                        return v0.getUserId();
                    };
                }
                break;
        }
        throw new IllegalArgumentException("Invalid lambda deserialization");
    }
}
