package com.elitescloud.cloudt.authorization.api.provider.oauth2.service.impl;

import cn.hutool.core.text.CharSequenceUtil;
import cn.hutool.core.util.ObjectUtil;
import com.elitescloud.cloudt.authorization.api.provider.oauth2.model.vo.resp.OAuth2ClientRespVO;
import com.elitescloud.cloudt.authorization.api.provider.oauth2.model.vo.save.OAuth2ClientSaveVO;
import com.elitescloud.cloudt.authorization.api.provider.oauth2.service.OAuth2ClientMngService;
import com.elitescloud.cloudt.authorization.api.provider.oauth2.service.repository.OAuth2RegisteredClientRepoProc;
import com.elitescloud.cloudt.common.base.ApiResult;
import com.elitescloud.cloudt.core.provider.IdGenerator;
import java.time.Duration;
import java.time.Instant;
import java.util.Collections;
import java.util.Objects;
import java.util.Set;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.oauth2.core.AuthorizationGrantType;
import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository;
import org.springframework.security.oauth2.server.authorization.settings.ClientSettings;
import org.springframework.security.oauth2.server.authorization.settings.TokenSettings;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.util.CollectionUtils;
import org.springframework.util.StringUtils;

/* loaded from: input_file:com/elitescloud/cloudt/authorization/api/provider/oauth2/service/impl/OAuth2ClientMngServiceImpl.class */
public class OAuth2ClientMngServiceImpl implements OAuth2ClientMngService {
    private static final Logger log = LogManager.getLogger(OAuth2ClientMngServiceImpl.class);
    private static final Set<String> AUTHENTICATION_METHODS = Set.of(ClientAuthenticationMethod.CLIENT_SECRET_BASIC.getValue(), ClientAuthenticationMethod.CLIENT_SECRET_POST.getValue(), ClientAuthenticationMethod.NONE.getValue());
    private static final PasswordEncoder PASSWORD_ENCODER = new BCryptPasswordEncoder();
    private final OAuth2RegisteredClientRepoProc oAuth2RegisteredClientRepoProc;
    private final RegisteredClientRepository registeredClientRepository;

    public OAuth2ClientMngServiceImpl(OAuth2RegisteredClientRepoProc oAuth2RegisteredClientRepoProc, RegisteredClientRepository registeredClientRepository) {
        this.oAuth2RegisteredClientRepoProc = oAuth2RegisteredClientRepoProc;
        this.registeredClientRepository = registeredClientRepository;
    }

    @Override // com.elitescloud.cloudt.authorization.api.provider.oauth2.service.OAuth2ClientMngService
    @Transactional(rollbackFor = {Exception.class})
    public ApiResult<String> upsert(OAuth2ClientSaveVO oAuth2ClientSaveVO) {
        RegisteredClient findByClientId = this.registeredClientRepository.findByClientId(oAuth2ClientSaveVO.getClientId());
        if (findByClientId == null) {
            RegisteredClient initRegisterClient = initRegisterClient(oAuth2ClientSaveVO);
            this.registeredClientRepository.save(initRegisterClient);
            return ApiResult.ok(initRegisterClient.getId());
        }
        this.registeredClientRepository.save(updateRegisterClientInfo(findByClientId, oAuth2ClientSaveVO));
        return ApiResult.ok(findByClientId.getId());
    }

    @Override // com.elitescloud.cloudt.authorization.api.provider.oauth2.service.OAuth2ClientMngService
    @Transactional(rollbackFor = {Exception.class})
    public ApiResult<String> delete(String str) {
        this.oAuth2RegisteredClientRepoProc.deleteByClientId(str);
        return ApiResult.ok(str);
    }

    @Override // com.elitescloud.cloudt.authorization.api.provider.oauth2.service.OAuth2ClientMngService
    public ApiResult<String> encodeClientSecret(String str) {
        return ApiResult.ok(wrapClientSecret(str));
    }

    @Override // com.elitescloud.cloudt.authorization.api.provider.oauth2.service.OAuth2ClientMngService
    public ApiResult<OAuth2ClientRespVO> get(String str) {
        RegisteredClient findByClientId = this.registeredClientRepository.findByClientId(str);
        if (findByClientId == null) {
            return ApiResult.fail("数据不存在");
        }
        OAuth2ClientRespVO oAuth2ClientRespVO = new OAuth2ClientRespVO();
        oAuth2ClientRespVO.setClientId(str);
        oAuth2ClientRespVO.setClientName(findByClientId.getClientName());
        oAuth2ClientRespVO.setPkceEnabled(Boolean.valueOf(findByClientId.getClientSettings().isRequireProofKey()));
        oAuth2ClientRespVO.setCallbackUris(findByClientId.getRedirectUris());
        oAuth2ClientRespVO.setAccessTokenTtl(Long.valueOf(findByClientId.getTokenSettings().getAccessTokenTimeToLive().toMinutes()));
        oAuth2ClientRespVO.setRefreshTokenTtl(Long.valueOf(findByClientId.getTokenSettings().getRefreshTokenTimeToLive().toMinutes()));
        return ApiResult.ok(oAuth2ClientRespVO);
    }

    private RegisteredClient initRegisterClient(OAuth2ClientSaveVO oAuth2ClientSaveVO) {
        return RegisteredClient.withId(IdGenerator.generateLong().toString()).clientId(oAuth2ClientSaveVO.getClientId()).clientIdIssuedAt(Instant.now()).clientSecret(wrapClientSecret((String) ObjectUtil.defaultIfBlank(oAuth2ClientSaveVO.getClientSecret(), "123456"))).clientName(CharSequenceUtil.blankToDefault(oAuth2ClientSaveVO.getClientName(), oAuth2ClientSaveVO.getClientId())).clientAuthenticationMethods(set -> {
            set.addAll(convertAuthenticationMethods(null));
        }).authorizationGrantTypes(set2 -> {
            set2.addAll(convertAuthenticationGrantType(Set.of(AuthorizationGrantType.AUTHORIZATION_CODE.getValue(), AuthorizationGrantType.CLIENT_CREDENTIALS.getValue(), AuthorizationGrantType.REFRESH_TOKEN.getValue())));
        }).redirectUris(set3 -> {
            Set<String> callbackUris = oAuth2ClientSaveVO.getCallbackUris();
            if (callbackUris.isEmpty()) {
                return;
            }
            set3.addAll(callbackUris);
        }).scopes(set4 -> {
            set4.addAll(Set.of("openid"));
        }).clientSettings(ClientSettings.builder().requireAuthorizationConsent(false).requireProofKey(((Boolean) ObjectUtil.defaultIfNull(oAuth2ClientSaveVO.getPkceEnabled(), true)).booleanValue()).build()).tokenSettings(TokenSettings.builder().authorizationCodeTimeToLive(Duration.ofMinutes(((Integer) ObjectUtil.defaultIfNull(oAuth2ClientSaveVO.getAuthCodeTtl(), 1)).intValue())).accessTokenTimeToLive(Duration.ofMinutes(((Integer) ObjectUtil.defaultIfNull(oAuth2ClientSaveVO.getAccessTokenTtl(), 30)).intValue())).refreshTokenTimeToLive(Duration.ofMinutes(((Integer) ObjectUtil.defaultIfNull(oAuth2ClientSaveVO.getRefreshTokenTtl(), 120)).intValue())).reuseRefreshTokens(false).build()).build();
    }

    private RegisteredClient updateRegisterClientInfo(RegisteredClient registeredClient, OAuth2ClientSaveVO oAuth2ClientSaveVO) {
        RegisteredClient.Builder builder = RegisteredClient.from(registeredClient).clientName(CharSequenceUtil.blankToDefault(oAuth2ClientSaveVO.getClientName(), registeredClient.getClientName())).redirectUris(set -> {
            Set<String> callbackUris = oAuth2ClientSaveVO.getCallbackUris();
            if (callbackUris.isEmpty()) {
                return;
            }
            set.addAll(callbackUris);
        }).clientSettings(ClientSettings.builder().requireAuthorizationConsent(false).requireProofKey(((Boolean) ObjectUtil.defaultIfNull(oAuth2ClientSaveVO.getPkceEnabled(), true)).booleanValue()).build()).tokenSettings(TokenSettings.withSettings(registeredClient.getClientSettings().getSettings()).accessTokenTimeToLive(Duration.ofMinutes(((Integer) ObjectUtil.defaultIfNull(oAuth2ClientSaveVO.getAccessTokenTtl(), 30)).intValue())).refreshTokenTimeToLive(Duration.ofMinutes(((Integer) ObjectUtil.defaultIfNull(oAuth2ClientSaveVO.getRefreshTokenTtl(), 120)).intValue())).reuseRefreshTokens(false).build());
        if (StringUtils.hasText(oAuth2ClientSaveVO.getClientSecret())) {
            builder.clientSecret(wrapClientSecret(oAuth2ClientSaveVO.getClientSecret()));
        }
        return builder.build();
    }

    private Set<ClientAuthenticationMethod> convertAuthenticationMethods(Set<String> set) {
        Set<String> set2;
        if (CollectionUtils.isEmpty(set)) {
            set2 = AUTHENTICATION_METHODS;
        } else {
            Stream<String> stream = set.stream();
            Set<String> set3 = AUTHENTICATION_METHODS;
            Objects.requireNonNull(set3);
            set2 = (Set) stream.filter((v1) -> {
                return r1.contains(v1);
            }).collect(Collectors.toSet());
        }
        return (Set) set2.stream().map(ClientAuthenticationMethod::new).collect(Collectors.toSet());
    }

    private Set<AuthorizationGrantType> convertAuthenticationGrantType(Set<String> set) {
        return CollectionUtils.isEmpty(set) ? Collections.emptySet() : (Set) set.stream().map(AuthorizationGrantType::new).collect(Collectors.toSet());
    }

    private String wrapClientSecret(String str) {
        return "{bcrypt}" + PASSWORD_ENCODER.encode(str);
    }
}
