package com.elitescloud.boot.auth.provider.sso2.support.impl;

import cn.hutool.core.text.CharSequenceUtil;
import com.elitescloud.boot.auth.model.OAuthToken;
import com.elitescloud.boot.auth.provider.config.properties.Sso2Properties;
import com.elitescloud.boot.auth.provider.security.grant.InternalAuthenticationGranter;
import com.elitescloud.boot.auth.provider.sso2.support.SsoClientSupportProvider;
import com.elitescloud.boot.auth.sso.common.SsoAccountType;
import com.elitescloud.boot.auth.util.AuthorizationUtil;
import com.elitescloud.boot.exception.BusinessException;
import com.elitescloud.boot.util.RestTemplateFactory;
import com.elitescloud.boot.util.RestTemplateHelper;
import com.elitescloud.cloudt.common.base.ApiResult;
import com.elitescloud.cloudt.system.vo.SysUserDTO;
import com.fasterxml.jackson.core.type.TypeReference;
import java.io.IOException;
import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.HttpEntity;
import org.springframework.http.HttpMethod;
import org.springframework.http.HttpRequest;
import org.springframework.http.client.ClientHttpRequestExecution;
import org.springframework.http.client.ClientHttpRequestInterceptor;
import org.springframework.http.client.ClientHttpResponse;
import org.springframework.lang.NonNull;
import org.springframework.security.core.AuthenticationException;
import org.springframework.util.Assert;

/* loaded from: input_file:com/elitescloud/boot/auth/provider/sso2/support/impl/DefaultSsoClientSupportProvider.class */
public class DefaultSsoClientSupportProvider implements SsoClientSupportProvider {
    private static final Logger log = LoggerFactory.getLogger(DefaultSsoClientSupportProvider.class);
    private static final String URI_USER_INFO = "/oauth/sso/v2/getUserByTicket";
    protected final Sso2Properties sso2Properties;
    private final InternalAuthenticationGranter internalAuthenticationGranter;
    protected final RestTemplateHelper restTemplateHelper;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: com.elitescloud.boot.auth.provider.sso2.support.impl.DefaultSsoClientSupportProvider$2, reason: invalid class name */
    /* loaded from: input_file:com/elitescloud/boot/auth/provider/sso2/support/impl/DefaultSsoClientSupportProvider$2.class */
    public static /* synthetic */ class AnonymousClass2 {
        static final /* synthetic */ int[] $SwitchMap$com$elitescloud$boot$auth$sso$common$SsoAccountType = new int[SsoAccountType.values().length];

        static {
            try {
                $SwitchMap$com$elitescloud$boot$auth$sso$common$SsoAccountType[SsoAccountType.USER_ID.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$com$elitescloud$boot$auth$sso$common$SsoAccountType[SsoAccountType.USER_NAME.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$com$elitescloud$boot$auth$sso$common$SsoAccountType[SsoAccountType.EMAIL.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$com$elitescloud$boot$auth$sso$common$SsoAccountType[SsoAccountType.MOBILE.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/elitescloud/boot/auth/provider/sso2/support/impl/DefaultSsoClientSupportProvider$AuthorizationInterceptor.class */
    public static class AuthorizationInterceptor implements ClientHttpRequestInterceptor {
        private final String token;

        public AuthorizationInterceptor(String str, String str2) {
            Assert.hasText(str, "客户端ID为空");
            Assert.hasText(str2, "客户端密码为空");
            try {
                this.token = AuthorizationUtil.encodeBasicAuth(str, str2);
            } catch (IOException e) {
                throw new IllegalStateException("初始化sso客户端异常", e);
            }
        }

        @NonNull
        public ClientHttpResponse intercept(HttpRequest httpRequest, @NonNull byte[] bArr, @NonNull ClientHttpRequestExecution clientHttpRequestExecution) throws IOException {
            httpRequest.getHeaders().add("Authorization", this.token);
            return clientHttpRequestExecution.execute(httpRequest, bArr);
        }
    }

    public DefaultSsoClientSupportProvider(Sso2Properties sso2Properties, InternalAuthenticationGranter internalAuthenticationGranter) {
        this.sso2Properties = sso2Properties;
        this.internalAuthenticationGranter = internalAuthenticationGranter;
        this.restTemplateHelper = buildRestTemplateHelper(sso2Properties.getClient());
    }

    @Override // com.elitescloud.boot.auth.provider.sso2.support.SsoClientSupportProvider
    public ApiResult<OAuthToken> ticket2Token(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) {
        if (CharSequenceUtil.isBlank(str)) {
            return ApiResult.fail("票据ticket为空，请重新登录");
        }
        SysUserDTO userByTicket = getUserByTicket(str);
        if (userByTicket == null) {
            return ApiResult.fail("认证失败，请重新登录");
        }
        InternalAuthenticationGranter.InternalAuthenticationToken convertAuthenticationToken = convertAuthenticationToken(userByTicket);
        if (convertAuthenticationToken == null) {
            return ApiResult.fail("转换认证令牌失败");
        }
        try {
            return ApiResult.ok(this.internalAuthenticationGranter.authenticate(httpServletRequest, httpServletResponse, convertAuthenticationToken));
        } catch (AuthenticationException e) {
            return ApiResult.fail("认证异常，" + e.getMessage());
        }
    }

    protected InternalAuthenticationGranter.InternalAuthenticationToken convertAuthenticationToken(SysUserDTO sysUserDTO) {
        SsoAccountType accountType = this.sso2Properties.getClient().getAccountType();
        switch (AnonymousClass2.$SwitchMap$com$elitescloud$boot$auth$sso$common$SsoAccountType[accountType.ordinal()]) {
            case 1:
                return new InternalAuthenticationGranter.InternalAuthenticationToken(InternalAuthenticationGranter.IdType.USER_ID, sysUserDTO.getId().toString());
            case 2:
                return new InternalAuthenticationGranter.InternalAuthenticationToken(InternalAuthenticationGranter.IdType.USERNAME, sysUserDTO.getUsername());
            case 3:
                return new InternalAuthenticationGranter.InternalAuthenticationToken(InternalAuthenticationGranter.IdType.EMAIL, sysUserDTO.getEmail());
            case 4:
                return new InternalAuthenticationGranter.InternalAuthenticationToken(InternalAuthenticationGranter.IdType.MOBILE, sysUserDTO.getMobile());
            default:
                throw new BusinessException("暂不支持的认证类型：" + accountType);
        }
    }

    protected SysUserDTO getUserByTicket(String str) {
        ApiResult apiResult = (ApiResult) this.restTemplateHelper.exchangeSafely(buildUriOfGetUser(str), HttpMethod.GET, (HttpEntity) null, new TypeReference<ApiResult<SysUserDTO>>() { // from class: com.elitescloud.boot.auth.provider.sso2.support.impl.DefaultSsoClientSupportProvider.1
        }, new Object[0]);
        if (apiResult != null && apiResult.getData() != null) {
            return (SysUserDTO) apiResult.getData();
        }
        log.info("根据ticket获取用户失败：{}，{}", str, apiResult);
        return null;
    }

    protected String buildUriOfGetUser(String str) {
        return "/oauth/sso/v2/getUserByTicket?ticket=" + URLEncoder.encode(str, StandardCharsets.UTF_8);
    }

    protected RestTemplateHelper buildRestTemplateHelper(Sso2Properties.Client client) {
        Assert.hasText(client.getServerAddr(), "SSO服务端地址为空");
        return RestTemplateHelper.instance(RestTemplateFactory.instance(restTemplateBuilder -> {
            return restTemplateBuilder.rootUri(client.getServerAddr()).additionalInterceptors(new ClientHttpRequestInterceptor[]{new AuthorizationInterceptor(client.getClientId(), client.getClientSecret())});
        }));
    }
}
