package com.elitescloud.cloudt.authorization.sdk.cas.provider;

import com.elitescloud.cloudt.authorization.sdk.cas.config.AuthorizeCacheable;
import com.elitescloud.cloudt.authorization.sdk.cas.model.AuthorizeDTO;
import com.elitescloud.cloudt.authorization.sdk.cas.model.OAuthToken;
import com.elitescloud.cloudt.authorization.sdk.config.AuthorizationSdkProperties;
import com.elitescloud.cloudt.authorization.sdk.config.CloudtOAuth2Client;
import com.elitescloud.cloudt.authorization.sdk.model.Result;
import com.elitescloud.cloudt.authorization.sdk.util.RestTemplateFactory;
import com.github.benmanes.caffeine.cache.Cache;
import com.github.benmanes.caffeine.cache.Caffeine;
import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.time.Duration;
import java.util.Base64;
import java.util.Collections;
import java.util.Map;
import java.util.Random;
import java.util.concurrent.CompletableFuture;
import javax.validation.constraints.NotBlank;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.http.HttpEntity;
import org.springframework.http.HttpMethod;
import org.springframework.http.ResponseEntity;
import org.springframework.security.oauth2.core.AuthorizationGrantType;
import org.springframework.util.Assert;
import org.springframework.util.LinkedMultiValueMap;
import org.springframework.util.StringUtils;
import org.springframework.web.client.RestTemplate;
import org.springframework.web.util.UriComponentsBuilder;

/* loaded from: input_file:com/elitescloud/cloudt/authorization/sdk/cas/provider/OAuth2ClientProvider.class */
public class OAuth2ClientProvider implements InitializingBean {
    private static final Logger a = LoggerFactory.getLogger(OAuth2ClientProvider.class);
    private static final String b = "/.well-known/oauth-authorization-server";
    private static final String c = "/.well-known/openid-configuration";
    private static final String d = "abcdefghijklmnopqrstuvwxyz";
    private final AuthorizationSdkProperties e;
    private final AuthorizeCacheable f;
    private final MessageDigest g;
    private RestTemplate h;
    private com.elitescloud.cloudt.authorization.sdk.cas.provider.a i;

    /* loaded from: input_file:com/elitescloud/cloudt/authorization/sdk/cas/provider/OAuth2ClientProvider$a.class */
    static class a implements AuthorizeCacheable {
        private final Cache<String, AuthorizeDTO> a = Caffeine.newBuilder().maximumSize(2000).expireAfterWrite(Duration.ofMinutes(5)).build();

        @Override // com.elitescloud.cloudt.authorization.sdk.cas.config.AuthorizeCacheable
        public void setCache(String str, AuthorizeDTO authorizeDTO) {
            this.a.put(str, authorizeDTO);
        }

        @Override // com.elitescloud.cloudt.authorization.sdk.cas.config.AuthorizeCacheable
        public AuthorizeDTO get(String str) {
            return (AuthorizeDTO) this.a.getIfPresent(str);
        }
    }

    public OAuth2ClientProvider(AuthorizationSdkProperties authorizationSdkProperties, AuthorizeCacheable authorizeCacheable) {
        this.e = authorizationSdkProperties;
        this.f = authorizeCacheable == null ? new a() : authorizeCacheable;
        try {
            this.g = MessageDigest.getInstance("SHA-256");
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException(e);
        }
    }

    public String getAuthorizeInfo(String str, String str2) {
        if (this.i == null) {
            a();
        }
        String c2 = c(str);
        AuthorizeDTO authorizeDTO = new AuthorizeDTO();
        authorizeDTO.setAuthorizeEndpoint(this.i.a());
        authorizeDTO.setClientId(this.e.getOauth2Client().getClientId());
        authorizeDTO.setResponseType("code");
        authorizeDTO.setScope("openid");
        authorizeDTO.setRedirectUri(str2);
        if (this.e.getOauth2Client().isPkceEnabled()) {
            authorizeDTO.setCodeVerifier(c());
            authorizeDTO.setCodeChallengeMethod("S256");
            authorizeDTO.setCodeChallenge(d(authorizeDTO.getCodeVerifier()));
        }
        authorizeDTO.setState(c2);
        this.f.setCache(c2, authorizeDTO);
        return authorizeDTO.getUrl();
    }

    public Result<OAuthToken> code2AccessToken(@NotBlank String str, @NotBlank String str2, String str3) {
        AuthorizeDTO authorizeDTO = this.f.get(str);
        Assert.notNull(authorizeDTO, "认证超时，请重试");
        LinkedMultiValueMap linkedMultiValueMap = new LinkedMultiValueMap(8);
        linkedMultiValueMap.add("client_id", authorizeDTO.getClientId());
        linkedMultiValueMap.add("client_secret", this.e.getOauth2Client().getClientSecret());
        linkedMultiValueMap.add("grant_type", AuthorizationGrantType.AUTHORIZATION_CODE.getValue());
        linkedMultiValueMap.add("code", str2);
        if (!StringUtils.hasText(str3)) {
            str3 = authorizeDTO.getRedirectUri();
        }
        if (StringUtils.hasText(str3)) {
            linkedMultiValueMap.add("redirect_uri", str3);
        }
        if (StringUtils.hasText(authorizeDTO.getCodeVerifier())) {
            linkedMultiValueMap.add("code_verifier", authorizeDTO.getCodeVerifier());
            linkedMultiValueMap.remove("client_secret");
        }
        try {
            ResponseEntity exchange = this.h.exchange(this.i.b(), HttpMethod.POST, new HttpEntity(linkedMultiValueMap), new b(this), new Object[0]);
            if (exchange.getStatusCode().is2xxSuccessful()) {
                return (Result) exchange.getBody();
            }
            a.error("授权码转token失败：{}", exchange.getStatusCode());
            return Result.fail("获取认证token失败");
        } catch (Exception e) {
            a.error("获取认证token失败：", e);
            return Result.fail("获取认证token失败！");
        }
    }

    public void afterPropertiesSet() throws Exception {
        if (!this.e.getOauth2Client().isPkceEnabled()) {
            Assert.hasText(this.e.getOauth2Client().getClientSecret(), "OAuth2 Client的clientSecret为空");
        }
        CompletableFuture.runAsync(this::a).whenComplete((r4, th) -> {
            if (th != null) {
                a.error("初始化OAuth2客户端异常：", th);
            }
        });
    }

    private void a() {
        if (this.h == null) {
            this.h = RestTemplateFactory.instance();
        }
        this.i = a(b());
    }

    private String b() {
        String authServer = this.e.getOauth2Client().getAuthServer();
        if (StringUtils.hasText(authServer)) {
            return authServer;
        }
        String authServer2 = this.e.getAuthServer();
        if (StringUtils.hasText(authServer2)) {
            return authServer2;
        }
        return null;
    }

    private com.elitescloud.cloudt.authorization.sdk.cas.provider.a a(String str) {
        com.elitescloud.cloudt.authorization.sdk.cas.provider.a aVar = new com.elitescloud.cloudt.authorization.sdk.cas.provider.a();
        CloudtOAuth2Client oauth2Client = this.e.getOauth2Client();
        aVar.a(a(str, oauth2Client.getAuthorizeEndpoint()));
        if (StringUtils.hasText(aVar.a())) {
            aVar.b(a(str, oauth2Client.getTokenEndpoint()));
            aVar.c(a(str, oauth2Client.getUserinfoEndpoint()));
            return aVar;
        }
        Assert.hasText(str, "未知认证服务器地址");
        Map<String, Object> b2 = b(a(str, c));
        aVar.a((String) b2.get("authorization_endpoint"));
        Assert.hasText(aVar.a(), "OAuth2客户端初始化失败");
        aVar.b((String) b2.get("token_endpoint"));
        aVar.c((String) b2.get("userinfo_endpoint"));
        return aVar;
    }

    private Map<String, Object> b(String str) {
        ResponseEntity exchange;
        try {
            exchange = this.h.exchange(str, HttpMethod.GET, (HttpEntity) null, new c(this), new Object[0]);
        } catch (Exception e) {
            a.error("查询OAuth2服务端配置异常", e);
        }
        if (exchange.getStatusCode().is2xxSuccessful()) {
            a.info("查询OAuth2服务端配置成功：{}", exchange.getBody());
            return (Map) exchange.getBody();
        }
        a.warn("查询OAuth2服务端配置失败：{}", exchange.getStatusCode());
        return Collections.emptyMap();
    }

    private String c(String str) {
        if (StringUtils.hasText(str)) {
            return str;
        }
        String str2 = System.nanoTime();
        Random random = new Random();
        StringBuilder sb = new StringBuilder(str2);
        for (int i = 0; i < 8; i++) {
            sb.append(random.nextInt(10));
        }
        return sb.toString();
    }

    private String c() {
        int length = d.length();
        Random random = new Random();
        StringBuilder sb = new StringBuilder();
        for (int i = 0; i < 10; i++) {
            sb.append(d.charAt(random.nextInt(length)));
        }
        return sb.toString();
    }

    private String d(String str) {
        return Base64.getUrlEncoder().withoutPadding().encodeToString(this.g.digest(str.getBytes(StandardCharsets.US_ASCII)));
    }

    private String a(String str, String str2) {
        if (!StringUtils.hasText(str2)) {
            return null;
        }
        if (!str2.toLowerCase().startsWith("http") && !str2.toLowerCase().startsWith("https")) {
            Assert.hasText(str, "未知认证服务器地址");
        }
        return UriComponentsBuilder.fromUriString((str == null ? "" : str) + "/" + str2).toUriString();
    }
}
