package com.elitesland.cloudt.authorization.api.provider.provider.oauth2.client;

import cn.hutool.core.text.CharSequenceUtil;
import com.elitesland.cloudt.authorization.api.client.config.AuthorizationProperties;
import com.elitesland.cloudt.authorization.api.client.config.support.AuthenticationCache;
import com.elitesland.cloudt.authorization.api.client.model.OAuthToken;
import com.elitesland.cloudt.authorization.api.provider.model.bo.OAuth2ClientConfigBO;
import com.elitesland.cloudt.authorization.api.provider.model.vo.resp.OAuth2SettingRespVO;
import com.elitesland.cloudt.authorization.api.provider.provider.oauth2.client.support.OAuth2ClientUserResolver;
import com.elitesland.cloudt.authorization.api.provider.security.generator.token.TokenGenerator;
import com.elitesland.cloudt.authorization.sdk.util.RestTemplateFactory;
import com.elitesland.yst.common.base.ApiResult;
import com.elitesland.yst.security.entity.GeneralUserDetails;
import java.time.Duration;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.concurrent.CompletableFuture;
import java.util.stream.Collectors;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.springframework.boot.ApplicationArguments;
import org.springframework.boot.ApplicationRunner;
import org.springframework.core.ParameterizedTypeReference;
import org.springframework.http.HttpEntity;
import org.springframework.http.HttpMethod;
import org.springframework.http.ResponseEntity;
import org.springframework.lang.NonNull;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.oauth2.core.AuthorizationGrantType;
import org.springframework.util.Assert;
import org.springframework.util.CollectionUtils;
import org.springframework.util.LinkedMultiValueMap;
import org.springframework.util.MultiValueMap;
import org.springframework.util.StringUtils;
import org.springframework.web.client.RestTemplate;

/* loaded from: input_file:com/elitesland/cloudt/authorization/api/provider/provider/oauth2/client/OAuth2ClientProvider.class */
public class OAuth2ClientProvider implements ApplicationRunner {
    private static final Logger log = LogManager.getLogger(OAuth2ClientProvider.class);
    private static final String URI_AUTHORIZATION = "/.well-known/oauth-authorization-server";
    private static final String URI_OIDC = "/.well-known/openid-configuration";
    private final AuthorizationProperties authorizationProperties;
    private TokenGenerator tokenGenerator;
    private AuthenticationCache authenticationCache;
    private OAuth2ClientUserResolver defaultUserResolver;
    private OAuth2SettingRespVO oAuth2SettingRespVO;
    private OAuth2ClientConfigBO clientConfig = null;
    private final Map<String, OAuth2ClientConfigBO> externalClientConfigMap = new HashMap();
    private final Map<String, OAuth2ClientUserResolver> userResolverMap = new HashMap();
    private final RestTemplate restTemplate = buildRestTemplate();

    public OAuth2ClientProvider(AuthorizationProperties authorizationProperties) {
        this.authorizationProperties = authorizationProperties;
    }

    public void setTokenGenerator(TokenGenerator tokenGenerator) {
        this.tokenGenerator = tokenGenerator;
    }

    public void setAuthenticationCache(AuthenticationCache authenticationCache) {
        this.authenticationCache = authenticationCache;
    }

    public void setDefaultUserResolver(OAuth2ClientUserResolver oAuth2ClientUserResolver) {
        this.defaultUserResolver = oAuth2ClientUserResolver;
    }

    public void addOAuth2ClientUserResolver(String str, OAuth2ClientUserResolver oAuth2ClientUserResolver) {
        this.userResolverMap.put(str, oAuth2ClientUserResolver);
    }

    public void run(ApplicationArguments applicationArguments) throws Exception {
        if ((this.authorizationProperties.getOauth2Client() == null || CharSequenceUtil.isBlank(this.authorizationProperties.getOauth2Client().getClientId())) && CollectionUtils.isEmpty(this.authorizationProperties.getExternalOauth2Clients())) {
            return;
        }
        CompletableFuture.runAsync(this::initConfig).whenComplete((r4, th) -> {
            if (th == null) {
                log.info("初始化OAuth2 Client配置成功！");
            } else {
                log.error("初始化OAuth2 Client配置失败：", th);
            }
        });
    }

    public OAuth2SettingRespVO getSettings() {
        if (this.oAuth2SettingRespVO == null) {
            synchronized (OAuth2ClientProvider.class) {
                if (this.oAuth2SettingRespVO == null) {
                    this.oAuth2SettingRespVO = new OAuth2SettingRespVO();
                    if (this.clientConfig != null) {
                        this.oAuth2SettingRespVO.setClientId(this.clientConfig.getClientId());
                        this.oAuth2SettingRespVO.setAuthorizeEndpoint(this.clientConfig.getAuthorizeEndpoint());
                    }
                    if (this.externalClientConfigMap.isEmpty()) {
                        this.oAuth2SettingRespVO.setExternalClients(Collections.emptyList());
                    } else {
                        this.oAuth2SettingRespVO.setExternalClients((List) this.externalClientConfigMap.values().stream().map(oAuth2ClientConfigBO -> {
                            OAuth2SettingRespVO.ExternalClient externalClient = new OAuth2SettingRespVO.ExternalClient();
                            externalClient.setClientId(oAuth2ClientConfigBO.getClientId());
                            externalClient.setClientName(oAuth2ClientConfigBO.getClientName());
                            externalClient.setClientIcon(oAuth2ClientConfigBO.getClientIcon());
                            externalClient.setAuthorizeEndpoint(oAuth2ClientConfigBO.getAuthorizeEndpoint());
                            return externalClient;
                        }).collect(Collectors.toList()));
                    }
                }
            }
        }
        return this.oAuth2SettingRespVO;
    }

    public OAuth2ClientConfigBO getClientConfig(@NonNull String str) {
        if (this.clientConfig != null && CharSequenceUtil.equals(str, this.clientConfig.getClientId())) {
            return this.clientConfig.copy();
        }
        OAuth2ClientConfigBO oAuth2ClientConfigBO = this.externalClientConfigMap.get(str);
        if (oAuth2ClientConfigBO == null) {
            return null;
        }
        return oAuth2ClientConfigBO.copy();
    }

    public ApiResult<OAuthToken> code2AccessToken(@NonNull String str, @NonNull String str2, @NonNull String str3, String str4) {
        boolean z = false;
        OAuth2ClientConfigBO oAuth2ClientConfigBO = null;
        if (this.clientConfig == null) {
            z = true;
            oAuth2ClientConfigBO = this.externalClientConfigMap.get(str);
        } else if (CharSequenceUtil.equals(str, this.clientConfig.getClientId())) {
            oAuth2ClientConfigBO = this.clientConfig;
        }
        if (oAuth2ClientConfigBO == null) {
            return ApiResult.fail("未知OAuth2客户端");
        }
        LinkedMultiValueMap linkedMultiValueMap = new LinkedMultiValueMap(8);
        linkedMultiValueMap.add("client_id", oAuth2ClientConfigBO.getClientId());
        linkedMultiValueMap.add("client_secret", oAuth2ClientConfigBO.getClientSecret());
        linkedMultiValueMap.add("grant_type", AuthorizationGrantType.AUTHORIZATION_CODE.getValue());
        linkedMultiValueMap.add("code", str2);
        linkedMultiValueMap.add("redirect_uri", str3);
        if (StringUtils.hasText(str4)) {
            linkedMultiValueMap.add("code_verifier", str4);
        }
        if (z) {
            return exchangeTokenForExternal(oAuth2ClientConfigBO, linkedMultiValueMap);
        }
        try {
            ResponseEntity exchange = this.restTemplate.exchange(oAuth2ClientConfigBO.getTokenEndpoint(), HttpMethod.POST, new HttpEntity(linkedMultiValueMap), new ParameterizedTypeReference<ApiResult<OAuthToken>>() { // from class: com.elitesland.cloudt.authorization.api.provider.provider.oauth2.client.OAuth2ClientProvider.1
            }, new Object[0]);
            if (exchange.getStatusCode().is2xxSuccessful()) {
                return (ApiResult) exchange.getBody();
            }
            log.error("授权码转token失败：{}", exchange.getStatusCode());
            return ApiResult.fail("获取认证token失败");
        } catch (Exception e) {
            log.error("获取认证token失败：", e);
            return ApiResult.fail("获取认证token失败！");
        }
    }

    private ApiResult<OAuthToken> exchangeTokenForExternal(OAuth2ClientConfigBO oAuth2ClientConfigBO, MultiValueMap<String, Object> multiValueMap) {
        OAuth2ClientUserResolver orDefault = this.userResolverMap.getOrDefault(oAuth2ClientConfigBO.getClientId(), this.defaultUserResolver);
        if (orDefault == null) {
            return ApiResult.fail("未配置OAuth2用户信息解析方式");
        }
        GeneralUserDetails resolveUsername = orDefault.resolveUsername(this.restTemplate, oAuth2ClientConfigBO, multiValueMap);
        if (resolveUsername == null) {
            return ApiResult.fail("未查询到有效的用户信息");
        }
        OAuthToken generate = this.tokenGenerator.generate(new UsernamePasswordAuthenticationToken(resolveUsername.getUsername(), resolveUsername.getPassword(), Collections.emptyList()));
        this.authenticationCache.setUserDetail(generate.getAccessToken(), resolveUsername, cachePrincipalDuration());
        return ApiResult.ok(generate);
    }

    private Duration cachePrincipalDuration() {
        if (this.authorizationProperties.getTokenTtl() == null || this.authorizationProperties.getTokenTtl().getSeconds() <= 0) {
            return null;
        }
        return this.authorizationProperties.getTokenTtl();
    }

    private void initConfig() {
        if (this.authorizationProperties.getOauth2Client() != null && CharSequenceUtil.isNotBlank(this.authorizationProperties.getOauth2Client().getClientId())) {
            this.clientConfig = buildConfigBo(this.authorizationProperties.getOauth2Client());
        }
        if (CollectionUtils.isEmpty(this.authorizationProperties.getExternalOauth2Clients())) {
            return;
        }
        for (AuthorizationProperties.OAuth2Client oAuth2Client : this.authorizationProperties.getExternalOauth2Clients()) {
            this.externalClientConfigMap.put(oAuth2Client.getClientId(), buildConfigBo(oAuth2Client));
        }
    }

    private OAuth2ClientConfigBO buildConfigBo(AuthorizationProperties.OAuth2Client oAuth2Client) {
        Map<String, Object> queryServerConfig;
        Assert.hasText(oAuth2Client.getClientId(), "客户端ID不为空");
        Assert.hasText(oAuth2Client.getClientSecret(), () -> {
            return oAuth2Client.getClientId() + "客户端secret为空";
        });
        Assert.hasText(oAuth2Client.getServerAddress(), () -> {
            return oAuth2Client.getClientId() + "服务端地址为空";
        });
        OAuth2ClientConfigBO oAuth2ClientConfigBO = new OAuth2ClientConfigBO();
        oAuth2ClientConfigBO.setClientId(oAuth2Client.getClientId());
        oAuth2ClientConfigBO.setClientSecret(oAuth2Client.getClientSecret());
        oAuth2ClientConfigBO.setClientName(oAuth2Client.getClientName());
        oAuth2ClientConfigBO.setClientIcon(oAuth2Client.getClientIcon());
        Map<String, Object> map = null;
        if (StringUtils.hasText(oAuth2Client.getUserinfoEndpoint())) {
            Assert.isTrue(oAuth2Client.getUserinfoEndpoint().toLowerCase().startsWith("http"), () -> {
                return oAuth2Client.getClientId() + " UserinfoEndpoint必须是全路径";
            });
            oAuth2ClientConfigBO.setUserinfoEndpoint(oAuth2Client.getUserinfoEndpoint());
            queryServerConfig = Collections.emptyMap();
        } else {
            queryServerConfig = queryServerConfig(oAuth2Client.getServerAddress() + "/.well-known/openid-configuration");
            String str = (String) queryServerConfig.get("userinfo_endpoint");
            Assert.hasText(str, "OAuth2客户端的userinfoEndpoint未配置");
            oAuth2ClientConfigBO.setUserinfoEndpoint(str);
        }
        if (StringUtils.hasText(oAuth2Client.getAuthorizeEndpoint())) {
            Assert.isTrue(oAuth2Client.getAuthorizeEndpoint().toLowerCase().startsWith("http"), () -> {
                return oAuth2Client.getClientId() + " AuthorizeEndpoint必须是全路径";
            });
            oAuth2ClientConfigBO.setAuthorizeEndpoint(oAuth2Client.getAuthorizeEndpoint());
        } else {
            String str2 = (String) queryServerConfig.get("authorization_endpoint");
            if (!StringUtils.hasText(str2)) {
                if (0 == 0) {
                    map = queryServerConfig(oAuth2Client.getServerAddress() + "/.well-known/oauth-authorization-server");
                }
                str2 = (String) map.get("authorization_endpoint");
            }
            Assert.hasText(str2, () -> {
                return oAuth2Client.getClientId() + " AuthorizeEndpoint未配置";
            });
            oAuth2ClientConfigBO.setAuthorizeEndpoint(str2);
        }
        if (StringUtils.hasText(oAuth2Client.getTokenEndpoint())) {
            Assert.isTrue(oAuth2Client.getTokenEndpoint().toLowerCase().startsWith("http"), () -> {
                return oAuth2Client.getClientId() + " TokenEndpoint必须是全路径";
            });
            oAuth2ClientConfigBO.setTokenEndpoint(oAuth2Client.getTokenEndpoint());
        } else {
            String str3 = (String) queryServerConfig.get("token_endpoint");
            if (!StringUtils.hasText(str3)) {
                if (map == null) {
                    map = queryServerConfig(oAuth2Client.getServerAddress() + "/.well-known/oauth-authorization-server");
                }
                str3 = (String) map.get("token_endpoint");
            }
            Assert.hasText(str3, "OAuth2客户端的tokenEndpoint未配置");
            oAuth2ClientConfigBO.setTokenEndpoint(str3);
        }
        return oAuth2ClientConfigBO;
    }

    private RestTemplate buildRestTemplate() {
        return RestTemplateFactory.instance();
    }

    private Map<String, Object> queryServerConfig(String str) {
        ResponseEntity exchange;
        try {
            exchange = this.restTemplate.exchange(str, HttpMethod.GET, (HttpEntity) null, new ParameterizedTypeReference<Map<String, Object>>() { // from class: com.elitesland.cloudt.authorization.api.provider.provider.oauth2.client.OAuth2ClientProvider.2
            }, new Object[0]);
        } catch (Exception e) {
            log.error("查询OAuth2服务端配置异常", e);
        }
        if (exchange.getStatusCode().is2xxSuccessful()) {
            log.info("查询OAuth2服务端配置成功：{}", exchange.getBody());
            return (Map) exchange.getBody();
        }
        log.warn("查询OAuth2服务端配置失败：{}", exchange.getStatusCode());
        return Collections.emptyMap();
    }
}
