package com.elitescloud.boot.auth.provider.cas.support;

import cn.hutool.core.text.CharSequenceUtil;
import cn.hutool.core.util.ObjectUtil;
import com.elitescloud.boot.auth.cas.model.AuthorizeDTO;
import com.elitescloud.boot.auth.cas.provider.OAuth2ClientProvider;
import com.elitescloud.boot.auth.cas.provider.UserTransferHelper;
import com.elitescloud.boot.auth.client.common.AuthorizationException;
import com.elitescloud.boot.auth.client.config.security.resolver.BearerTokenResolver;
import com.elitescloud.boot.auth.client.config.security.resolver.impl.DefaultBearerTokenResolver;
import com.elitescloud.boot.auth.config.AuthorizationSdkProperties;
import com.elitescloud.boot.auth.model.OAuthToken;
import com.elitescloud.boot.auth.model.Result;
import com.elitescloud.boot.auth.provider.cas.CasUserResolver;
import com.elitescloud.boot.auth.provider.cas.OidcUserResolver;
import com.elitescloud.boot.auth.provider.cas.model.AuthorizeSettingVO;
import com.elitescloud.boot.auth.provider.cas.model.OidcUser;
import com.elitescloud.boot.auth.provider.security.grant.InternalAuthenticationGranter;
import com.elitescloud.boot.exception.BusinessException;
import com.elitescloud.cloudt.authorization.sdk.cas.model.AuthUserDTO;
import com.elitescloud.cloudt.common.base.ApiResult;
import com.fasterxml.jackson.databind.ObjectMapper;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.validation.constraints.NotBlank;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.oauth2.jwt.JwtDecoder;
import org.springframework.util.Assert;
import org.springframework.util.StringUtils;

/* loaded from: input_file:com/elitescloud/boot/auth/provider/cas/support/CasLoginSupportProvider.class */
public class CasLoginSupportProvider {
    private static final Logger log = LogManager.getLogger(CasLoginSupportProvider.class);
    private final AuthorizationSdkProperties sdkProperties;
    private final OAuth2ClientProvider oAuth2ClientProvider;
    private final InternalAuthenticationGranter internalAuthenticationGranter;
    private final UserTransferHelper userTransferHelper;
    private ObjectMapper objectMapper;
    private JwtDecoder jwtDecoder;
    private OidcUserResolver oidcUserResolver;
    private CasUserResolver casUserResolver;
    private final BearerTokenResolver tokenResolver = new DefaultBearerTokenResolver();

    public CasLoginSupportProvider(AuthorizationSdkProperties authorizationSdkProperties, OAuth2ClientProvider oAuth2ClientProvider, InternalAuthenticationGranter internalAuthenticationGranter) {
        this.sdkProperties = authorizationSdkProperties;
        this.oAuth2ClientProvider = oAuth2ClientProvider;
        this.internalAuthenticationGranter = internalAuthenticationGranter;
        this.userTransferHelper = UserTransferHelper.getInstance(authorizationSdkProperties.getAuthServer());
    }

    public ApiResult<AuthorizeSettingVO> getSetting(HttpServletResponse httpServletResponse, @NotBlank String str, String str2) {
        boolean booleanValue = ((Boolean) ObjectUtil.defaultIfNull(this.sdkProperties.getCasClient().getEnabled(), false)).booleanValue();
        AuthorizeSettingVO authorizeSettingVO = new AuthorizeSettingVO();
        authorizeSettingVO.setEnabled(Boolean.valueOf(booleanValue));
        if (booleanValue) {
            authorizeSettingVO.setAuthorizeUrl(this.oAuth2ClientProvider.getAuthorizeInfo(httpServletResponse, str, str2));
            authorizeSettingVO.setAuthServer(this.sdkProperties.getAuthServer());
        }
        return ApiResult.ok(authorizeSettingVO);
    }

    public ApiResult<AuthorizeDTO> getAuthorizeInfo(HttpServletRequest httpServletRequest) {
        return ApiResult.ok(this.oAuth2ClientProvider.getAuthorize(httpServletRequest));
    }

    public ApiResult<OAuthToken> code2Token(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, @NotBlank String str) {
        InternalAuthenticationGranter.InternalAuthenticationToken resolve;
        if (this.oAuth2ClientProvider == null) {
            return ApiResult.fail("未启用统一身份认证");
        }
        Result code2AccessToken = this.oAuth2ClientProvider.code2AccessToken(httpServletRequest, httpServletResponse, str);
        if (!code2AccessToken.getSuccess().booleanValue()) {
            return ApiResult.fail(code2AccessToken.getMsg());
        }
        if (code2AccessToken.getData() == null || !StringUtils.hasText(code2AccessToken.getData().getIdToken())) {
            return ApiResult.fail("认证异常，未获取到有效token");
        }
        if (this.oidcUserResolver == null) {
            resolve = new InternalAuthenticationGranter.InternalAuthenticationToken(InternalAuthenticationGranter.IdType.USERNAME, this.jwtDecoder.decode(code2AccessToken.getData().getIdToken()).getSubject());
        } else {
            Result queryUserInfo = this.oAuth2ClientProvider.queryUserInfo(code2AccessToken.getData().getTokenType(), code2AccessToken.getData().getAccessToken());
            if (!queryUserInfo.getSuccess().booleanValue()) {
                return ApiResult.fail(queryUserInfo.getMsg());
            }
            try {
                resolve = this.oidcUserResolver.resolve((OidcUser) this.objectMapper.convertValue(queryUserInfo.getData(), OidcUser.class));
            } catch (IllegalArgumentException e) {
                log.error("用户信息转换异常：", e);
                throw new BusinessException("认证失败，请稍后再试");
            }
        }
        return grantToken(httpServletRequest, httpServletResponse, resolve);
    }

    public ApiResult<OAuthToken> token2Token(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) {
        InternalAuthenticationGranter.InternalAuthenticationToken internalAuthenticationToken;
        if (CharSequenceUtil.isBlank(str)) {
            str = this.tokenResolver.resolve(httpServletRequest);
        }
        if (CharSequenceUtil.isBlank(str)) {
            return ApiResult.fail("认证失败，未发现有效token");
        }
        String obtainUsername = obtainUsername(str);
        if (this.casUserResolver == null) {
            internalAuthenticationToken = new InternalAuthenticationGranter.InternalAuthenticationToken(InternalAuthenticationGranter.IdType.USERNAME, obtainUsername);
        } else {
            AuthUserDTO queryUserByUsername = queryUserByUsername(obtainUsername);
            if (queryUserByUsername == null) {
                return ApiResult.fail("认证失败，用户账号不存在");
            }
            Long resolve = this.casUserResolver.resolve(queryUserByUsername);
            if (resolve == null) {
                return ApiResult.fail("认证失败，请确认用户账号存在");
            }
            internalAuthenticationToken = new InternalAuthenticationGranter.InternalAuthenticationToken(InternalAuthenticationGranter.IdType.USER_ID, resolve.toString());
        }
        return grantToken(httpServletRequest, httpServletResponse, internalAuthenticationToken);
    }

    private ApiResult<OAuthToken> grantToken(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, InternalAuthenticationGranter.InternalAuthenticationToken internalAuthenticationToken) {
        try {
            return ApiResult.ok(this.internalAuthenticationGranter.authenticate(httpServletRequest, httpServletResponse, internalAuthenticationToken));
        } catch (AuthenticationException e) {
            return ApiResult.fail("认证异常，" + e.getMessage());
        }
    }

    private AuthUserDTO queryUserByUsername(@NotBlank String str) {
        Assert.hasText(str, "用户账号为空");
        return this.userTransferHelper.getUserByUsername(str).getData();
    }

    private String obtainUsername(String str) {
        try {
            return this.jwtDecoder.decode(str).getClaimAsString("yst_un");
        } catch (Exception e) {
            throw new AuthorizationException("认证异常，token不支持");
        }
    }

    @Autowired
    public void setObjectMapper(ObjectMapper objectMapper) {
        this.objectMapper = objectMapper;
    }

    @Autowired(required = false)
    public void setOidcUserResolver(OidcUserResolver oidcUserResolver) {
        this.oidcUserResolver = oidcUserResolver;
    }

    @Autowired(required = false)
    public void setCasUserResolver(CasUserResolver casUserResolver) {
        this.casUserResolver = casUserResolver;
    }

    @Autowired
    public void setJwtDecoder(JwtDecoder jwtDecoder) {
        this.jwtDecoder = jwtDecoder;
    }
}
