package com.elitescloud.cloudt.authorization.api.provider.config.servlet.oauth2.handler;

import cn.hutool.core.text.CharSequenceUtil;
import com.elitescloud.cloudt.authorization.api.client.common.AuthorizationException;
import com.elitescloud.cloudt.authorization.api.client.config.AuthorizationProperties;
import com.elitescloud.cloudt.authorization.api.client.config.support.AuthenticationCallable;
import com.elitescloud.cloudt.authorization.api.provider.config.servlet.oauth2.OAuth2AuthorizationCodeRequestCache;
import com.elitescloud.cloudt.authorization.api.provider.security.generator.token.TokenGenerator;
import com.elitescloud.cloudt.authorization.sdk.model.OAuthToken;
import com.elitescloud.cloudt.authorization.sdk.resolver.UniqueRequestResolver;
import com.elitescloud.cloudt.common.base.ApiResult;
import java.io.IOException;
import java.security.Principal;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.springframework.security.core.Authentication;
import org.springframework.security.oauth2.core.AuthorizationGrantType;
import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest;
import org.springframework.security.oauth2.server.authorization.OAuth2Authorization;
import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService;
import org.springframework.security.oauth2.server.authorization.authentication.OAuth2AuthorizationCodeRequestAuthenticationToken;
import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.security.web.savedrequest.DefaultSavedRequest;
import org.springframework.security.web.savedrequest.HttpSessionRequestCache;
import org.springframework.security.web.savedrequest.RequestCache;
import org.springframework.security.web.savedrequest.SavedRequest;
import org.springframework.util.CollectionUtils;
import org.springframework.util.StringUtils;

/* loaded from: input_file:com/elitescloud/cloudt/authorization/api/provider/config/servlet/oauth2/handler/OAuth2ServerAuthenticationSuccessHandler.class */
public class OAuth2ServerAuthenticationSuccessHandler extends AbstractOAuth2ServerHandler implements AuthenticationSuccessHandler {
    private static final Logger a = LogManager.getLogger(OAuth2ServerAuthenticationSuccessHandler.class);
    private RequestCache b = new HttpSessionRequestCache();
    private final String c;
    private final AuthorizationProperties d;
    private final OAuth2AuthorizationCodeRequestCache e;
    private final RegisteredClientRepository f;
    private final OAuth2AuthorizationService g;
    private TokenGenerator h;
    private AuthenticationCallable i;
    private UniqueRequestResolver j;

    public OAuth2ServerAuthenticationSuccessHandler(String str, AuthorizationProperties authorizationProperties, OAuth2AuthorizationCodeRequestCache oAuth2AuthorizationCodeRequestCache, RegisteredClientRepository registeredClientRepository, OAuth2AuthorizationService oAuth2AuthorizationService) {
        this.c = str;
        this.d = authorizationProperties;
        this.e = oAuth2AuthorizationCodeRequestCache;
        this.f = registeredClientRepository;
        this.g = oAuth2AuthorizationService;
    }

    public void onAuthenticationSuccess(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) throws IOException, ServletException {
        if (a(httpServletRequest, httpServletResponse, authentication, this.b.getRequest(httpServletRequest, httpServletResponse))) {
            this.i.onLogin(httpServletRequest, httpServletResponse, (String) null, authentication);
            return;
        }
        OAuthToken a2 = a(authentication);
        ApiResult ok = ApiResult.ok(a2);
        writeResponse(httpServletResponse, ok);
        httpServletRequest.setAttribute("cloudtLoginResult", ok);
        this.i.onLogin(httpServletRequest, httpServletResponse, a2 == null ? null : a2.getAccessToken(), authentication);
    }

    private OAuthToken a(Authentication authentication) {
        if (this.h == null) {
            return null;
        }
        return this.h.generate(authentication);
    }

    private boolean a(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication, SavedRequest savedRequest) throws IOException {
        if (savedRequest != null) {
            if (!CharSequenceUtil.equals(a(savedRequest), this.c)) {
                return false;
            }
            if (super.supportRedirect(httpServletRequest)) {
                super.sendRedirect(this.d.getRedirectUriPrefix(), (DefaultSavedRequest) savedRequest, httpServletRequest, httpServletResponse);
                return true;
            }
            a(httpServletRequest, httpServletResponse, savedRequest);
            return true;
        }
        String analyze = this.j.analyze(httpServletRequest);
        if (!StringUtils.hasText(analyze)) {
            a.debug("缺少state参数，无法确定为OAuth2请求");
            return false;
        }
        OAuth2AuthorizationCodeRequestAuthenticationToken authenticationToken = this.e.getAuthenticationToken(analyze);
        if (authenticationToken == null) {
            a.error("未找到授权码认证请求信息：{}", analyze);
            writeResponse(httpServletResponse, ApiResult.fail("认证信息已超时，请重新认证"));
            return true;
        }
        RegisteredClient findByClientId = this.f.findByClientId(authenticationToken.getClientId());
        if (findByClientId == null) {
            writeResponse(httpServletResponse, ApiResult.fail("客户端不存在或已禁用"));
            return true;
        }
        this.g.save(a(findByClientId, authentication, OAuth2AuthorizationRequest.authorizationCode().authorizationUri(authenticationToken.getAuthorizationUri()).clientId(authenticationToken.getClientId()).redirectUri(authenticationToken.getRedirectUri()).scopes(authenticationToken.getScopes()).state(authenticationToken.getState()).additionalParameters(authenticationToken.getAdditionalParameters()).build()).attribute("state", analyze).attribute("client_id", authenticationToken.getClientId()).build());
        this.e.removeAuthenticationToken(analyze);
        String str = CollectionUtils.isEmpty(findByClientId.getRedirectUris()) ? null : (String) findByClientId.getRedirectUris().stream().filter((v0) -> {
            return CharSequenceUtil.isNotBlank(v0);
        }).findFirst().orElse(null);
        if (StringUtils.hasText(str) && supportRedirect(httpServletRequest)) {
            sendRedirect(httpServletRequest, httpServletResponse, str);
            return true;
        }
        writeResponse(httpServletResponse, ApiResult.ok("认证成功"));
        return true;
    }

    private void a(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, SavedRequest savedRequest) throws IOException {
        super.writeResponse(httpServletResponse, ApiResult.ok(super.obtainRedirectUrl(this.d.getRedirectUriPrefix(), (DefaultSavedRequest) savedRequest)));
    }

    private String a(SavedRequest savedRequest) {
        if (savedRequest instanceof DefaultSavedRequest) {
            return ((DefaultSavedRequest) savedRequest).getServletPath();
        }
        throw new AuthorizationException("暂不支持的SavedRequest类型");
    }

    private static OAuth2Authorization.Builder a(RegisteredClient registeredClient, Authentication authentication, OAuth2AuthorizationRequest oAuth2AuthorizationRequest) {
        return OAuth2Authorization.withRegisteredClient(registeredClient).principalName(authentication.getName()).authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE).attribute(Principal.class.getName(), authentication).attribute(OAuth2AuthorizationRequest.class.getName(), oAuth2AuthorizationRequest);
    }

    public void setTokenGenerator(TokenGenerator tokenGenerator) {
        this.h = tokenGenerator;
    }

    public void setAuthenticationCallable(AuthenticationCallable authenticationCallable) {
        this.i = authenticationCallable;
    }

    public void setUniqueRequestResolver(UniqueRequestResolver uniqueRequestResolver) {
        this.j = uniqueRequestResolver;
    }

    public void setRequestCache(RequestCache requestCache) {
        this.b = requestCache;
    }
}
