package com.elitescloud.cloudt.authorization.sdk.cas.provider;

import com.elitescloud.cloudt.authorization.sdk.cas.AuthorizeCacheable;
import com.elitescloud.cloudt.authorization.sdk.cas.model.AuthorizeDTO;
import com.elitescloud.cloudt.authorization.sdk.config.AuthorizationSdkProperties;
import com.elitescloud.cloudt.authorization.sdk.config.CloudtOAuth2Client;
import com.elitescloud.cloudt.authorization.sdk.model.OAuthToken;
import com.elitescloud.cloudt.authorization.sdk.model.Result;
import com.elitescloud.cloudt.authorization.sdk.resolver.UniqueRequestResolver;
import com.elitescloud.cloudt.authorization.sdk.resolver.impl.DefaultUniquestResolver;
import com.elitescloud.cloudt.authorization.sdk.util.RestTemplateFactory;
import com.github.benmanes.caffeine.cache.Cache;
import com.github.benmanes.caffeine.cache.Caffeine;
import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.time.Duration;
import java.util.Base64;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import java.util.Random;
import java.util.concurrent.CompletableFuture;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.validation.constraints.NotBlank;
import javax.validation.constraints.NotNull;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.http.HttpEntity;
import org.springframework.http.HttpMethod;
import org.springframework.http.ResponseEntity;
import org.springframework.security.oauth2.core.AuthorizationGrantType;
import org.springframework.util.Assert;
import org.springframework.util.LinkedMultiValueMap;
import org.springframework.util.StringUtils;
import org.springframework.web.client.RestTemplate;
import org.springframework.web.util.UriComponentsBuilder;

/* loaded from: input_file:com/elitescloud/cloudt/authorization/sdk/cas/provider/OAuth2ClientProvider.class */
public class OAuth2ClientProvider implements InitializingBean {
    private static final Logger a = LoggerFactory.getLogger(OAuth2ClientProvider.class);
    private static final String b = "abcdefghijklmnopqrstuvwxyz";
    private final AuthorizationSdkProperties c;
    private final AuthorizeCacheable d;
    private final MessageDigest e;
    private UniqueRequestResolver f = new DefaultUniquestResolver("X-Auth-Req-Client");
    private RestTemplate g;
    private b h;

    /* loaded from: input_file:com/elitescloud/cloudt/authorization/sdk/cas/provider/OAuth2ClientProvider$a.class */
    static class a implements AuthorizeCacheable {
        private final Cache<String, AuthorizeDTO> a = Caffeine.newBuilder().maximumSize(2000).expireAfterWrite(Duration.ofMinutes(5)).build();

        @Override // com.elitescloud.cloudt.authorization.sdk.cas.AuthorizeCacheable
        public void setCache(String str, AuthorizeDTO authorizeDTO) {
            this.a.put(str, authorizeDTO);
        }

        @Override // com.elitescloud.cloudt.authorization.sdk.cas.AuthorizeCacheable
        public AuthorizeDTO get(String str) {
            return (AuthorizeDTO) this.a.getIfPresent(str);
        }
    }

    public OAuth2ClientProvider(AuthorizationSdkProperties authorizationSdkProperties, AuthorizeCacheable authorizeCacheable) {
        this.c = authorizationSdkProperties;
        this.d = authorizeCacheable == null ? new a() : authorizeCacheable;
        try {
            this.e = MessageDigest.getInstance("SHA-256");
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException(e);
        }
    }

    public String getAuthorizeInfo(@NotNull HttpServletResponse httpServletResponse, @NotBlank String str, String str2) {
        if (this.h == null) {
            a();
        }
        String signRequest = this.f.signRequest(httpServletResponse);
        AuthorizeDTO authorizeDTO = new AuthorizeDTO();
        authorizeDTO.setAuthorizeEndpoint(this.h.a());
        authorizeDTO.setClientId(this.c.getCasClient().getOauth2Client().getClientId());
        authorizeDTO.setResponseType("code");
        authorizeDTO.setScope("openid");
        authorizeDTO.setRedirectUri(str);
        if (this.c.getCasClient().getOauth2Client().isPkceEnabled()) {
            authorizeDTO.setCodeVerifier(d());
            authorizeDTO.setCodeChallengeMethod("S256");
            authorizeDTO.setCodeChallenge(c(authorizeDTO.getCodeVerifier()));
        }
        authorizeDTO.setState(str2);
        this.d.setCache(signRequest, authorizeDTO);
        return authorizeDTO.getUrl();
    }

    public Result<OAuthToken> code2AccessToken(@NotNull HttpServletRequest httpServletRequest, @NotBlank String str) {
        String analyze = this.f.analyze(httpServletRequest);
        Assert.hasText(analyze, "请求失败，未获取到有效的请求标识");
        AuthorizeDTO authorizeDTO = this.d.get(analyze);
        Assert.notNull(authorizeDTO, "认证超时，请重试");
        LinkedMultiValueMap linkedMultiValueMap = new LinkedMultiValueMap(8);
        linkedMultiValueMap.add("client_id", authorizeDTO.getClientId());
        linkedMultiValueMap.add("client_secret", this.c.getCasClient().getOauth2Client().getClientSecret());
        linkedMultiValueMap.add("grant_type", AuthorizationGrantType.AUTHORIZATION_CODE.getValue());
        linkedMultiValueMap.add("code", str);
        String redirectUri = authorizeDTO.getRedirectUri();
        if (StringUtils.hasText(redirectUri)) {
            linkedMultiValueMap.add("redirect_uri", redirectUri);
        }
        if (StringUtils.hasText(authorizeDTO.getCodeVerifier())) {
            linkedMultiValueMap.add("code_verifier", authorizeDTO.getCodeVerifier());
        }
        try {
            ResponseEntity exchange = this.g.exchange(this.h.b(), HttpMethod.POST, new HttpEntity(linkedMultiValueMap), new c(this), new Object[0]);
            if (exchange.getStatusCode().is2xxSuccessful()) {
                return Result.ok((OAuthToken) exchange.getBody());
            }
            a.error("授权码转token失败：{}", exchange);
            return Result.fail("获取认证token失败");
        } catch (Exception e) {
            a.error("获取认证token异常：", e);
            return Result.fail("获取认证token异常！");
        }
    }

    public Result<HashMap<String, String>> queryUserInfo(@NotBlank String str, @NotBlank String str2) {
        Assert.hasText(str, "token类型为空");
        Assert.hasText(str2, "token为空");
        LinkedMultiValueMap linkedMultiValueMap = new LinkedMultiValueMap(4);
        linkedMultiValueMap.add("Authorization", str + " " + str2);
        try {
            ResponseEntity exchange = this.g.exchange(this.h.c(), HttpMethod.GET, new HttpEntity((Object) null, linkedMultiValueMap), new d(this), new Object[0]);
            if (exchange.getStatusCode().is2xxSuccessful()) {
                return Result.ok((HashMap) exchange.getBody());
            }
            a.error("获取用户信息失败：{}", exchange);
            return Result.fail("获取用户信息失败！");
        } catch (Exception e) {
            a.error("获取用户信息异常：", e);
            return Result.fail("获取用户信息异常！");
        }
    }

    public Result<OAuthToken> refreshToken(@NotBlank String str) {
        Assert.notNull(str, "刷新token为空");
        LinkedMultiValueMap linkedMultiValueMap = new LinkedMultiValueMap(8);
        linkedMultiValueMap.add("client_id", this.c.getCasClient().getOauth2Client().getClientId());
        linkedMultiValueMap.add("client_secret", this.c.getCasClient().getOauth2Client().getClientSecret());
        linkedMultiValueMap.add("grant_type", AuthorizationGrantType.REFRESH_TOKEN.getValue());
        linkedMultiValueMap.add("refresh_token", str);
        try {
            ResponseEntity exchange = this.g.exchange(this.h.b(), HttpMethod.POST, new HttpEntity(linkedMultiValueMap), new e(this), new Object[0]);
            if (exchange.getStatusCode().is2xxSuccessful()) {
                return Result.ok((OAuthToken) exchange.getBody());
            }
            a.error("刷新token失败：{}", exchange);
            return Result.fail("刷新token失败");
        } catch (Exception e) {
            a.error("刷新token异常：", e);
            return Result.fail("刷新认证token异常！");
        }
    }

    public Result<OAuthToken> clientToken() {
        LinkedMultiValueMap linkedMultiValueMap = new LinkedMultiValueMap(8);
        linkedMultiValueMap.add("grant_type", AuthorizationGrantType.CLIENT_CREDENTIALS.getValue());
        linkedMultiValueMap.add("client_id", this.c.getCasClient().getOauth2Client().getClientId());
        linkedMultiValueMap.add("client_secret", this.c.getCasClient().getOauth2Client().getClientSecret());
        try {
            ResponseEntity exchange = this.g.exchange(this.h.b(), HttpMethod.POST, new HttpEntity(linkedMultiValueMap), new f(this), new Object[0]);
            if (exchange.getStatusCode().is2xxSuccessful()) {
                return Result.ok((OAuthToken) exchange.getBody());
            }
            a.error("生成token失败：{}", exchange.getStatusCode());
            return Result.fail("获取认证token失败");
        } catch (Exception e) {
            a.error("获取认证token失败：", e);
            return Result.fail("获取认证token失败！");
        }
    }

    public Result<Boolean> revokeToken(@NotBlank String str) {
        Assert.hasText(str, "token为空");
        LinkedMultiValueMap linkedMultiValueMap = new LinkedMultiValueMap(8);
        linkedMultiValueMap.add("client_id", this.c.getCasClient().getOauth2Client().getClientId());
        linkedMultiValueMap.add("client_secret", this.c.getCasClient().getOauth2Client().getClientSecret());
        linkedMultiValueMap.add("token", str);
        try {
            ResponseEntity exchange = this.g.exchange(this.h.d(), HttpMethod.POST, new HttpEntity(linkedMultiValueMap), new g(this), new Object[0]);
            if (exchange.getStatusCode().is2xxSuccessful()) {
                return Result.ok(true);
            }
            a.error("注销token失败：{}", exchange.getStatusCode());
            return Result.fail("注销token失败");
        } catch (Exception e) {
            a.error("注销token失败：", e);
            return Result.fail("注销token失败！");
        }
    }

    public void afterPropertiesSet() throws Exception {
        if (!this.c.getCasClient().getOauth2Client().isPkceEnabled()) {
            Assert.hasText(this.c.getCasClient().getOauth2Client().getClientSecret(), "OAuth2 Client的clientSecret为空");
        }
        CompletableFuture.runAsync(this::a).whenComplete((r4, th) -> {
            if (th != null) {
                a.error("初始化OAuth2客户端异常：", th);
            }
        });
    }

    public void setUniqueRequestResolver(UniqueRequestResolver uniqueRequestResolver) {
        this.f = uniqueRequestResolver;
    }

    private void a() {
        if (this.g == null) {
            this.g = RestTemplateFactory.instance();
        }
        this.h = a(b());
    }

    private String b() {
        return this.c.getAuthServer();
    }

    private b a(String str) {
        b bVar = new b();
        CloudtOAuth2Client oauth2Client = this.c.getCasClient().getOauth2Client();
        bVar.a(a(str, oauth2Client.getAuthorizeEndpoint()));
        if (StringUtils.hasText(bVar.a())) {
            bVar.b(a(str, oauth2Client.getTokenEndpoint()));
            bVar.c(a(str, oauth2Client.getUserinfoEndpoint()));
            return bVar;
        }
        Assert.hasText(str, "未知认证服务器地址");
        Map<String, Object> b2 = b(a(str, com.elitescloud.cloudt.authorization.sdk.cas.provider.a.b));
        bVar.a((String) b2.get("authorization_endpoint"));
        Assert.hasText(bVar.a(), "OAuth2客户端初始化失败");
        bVar.b((String) b2.get("token_endpoint"));
        bVar.c((String) b2.get("userinfo_endpoint"));
        bVar.d((String) b2.get("revocation_endpoint"));
        return bVar;
    }

    private Map<String, Object> b(String str) {
        ResponseEntity exchange;
        try {
            exchange = this.g.exchange(str, HttpMethod.GET, (HttpEntity) null, new h(this), new Object[0]);
        } catch (Exception e) {
            a.error("查询OAuth2服务端配置异常", e);
        }
        if (exchange.getStatusCode().is2xxSuccessful()) {
            a.info("查询OAuth2服务端配置成功：{}", exchange.getBody());
            return (Map) exchange.getBody();
        }
        a.warn("查询OAuth2服务端配置失败：{}", exchange.getStatusCode());
        return Collections.emptyMap();
    }

    private String c() {
        String str = System.nanoTime();
        Random random = new Random();
        StringBuilder sb = new StringBuilder(str);
        for (int i = 0; i < 8; i++) {
            sb.append(random.nextInt(10));
        }
        return sb.toString();
    }

    private String d() {
        int length = b.length();
        Random random = new Random();
        StringBuilder sb = new StringBuilder();
        for (int i = 0; i < 10; i++) {
            sb.append(b.charAt(random.nextInt(length)));
        }
        return sb.toString();
    }

    private String c(String str) {
        return Base64.getUrlEncoder().withoutPadding().encodeToString(this.e.digest(str.getBytes(StandardCharsets.US_ASCII)));
    }

    private String a(String str, String str2) {
        if (!StringUtils.hasText(str2)) {
            return null;
        }
        if (!str2.toLowerCase().startsWith("http") && !str2.toLowerCase().startsWith("https")) {
            Assert.hasText(str, "未知认证服务器地址");
        }
        return UriComponentsBuilder.fromUriString((str == null ? "" : str) + "/" + str2).toUriString();
    }
}
