package com.elitescloud.boot.auth.provider.sso2.support.impl;

import cn.hutool.core.text.CharSequenceUtil;
import cn.hutool.crypto.digest.MD5;
import com.elitescloud.boot.auth.cas.provider.ClientTransferHelper;
import com.elitescloud.boot.auth.config.AuthorizationSdkProperties;
import com.elitescloud.boot.auth.config.CloudtOAuth2ClientProperties;
import com.elitescloud.boot.auth.model.Result;
import com.elitescloud.boot.auth.provider.config.properties.Sso2Properties;
import com.elitescloud.boot.auth.provider.sso2.support.SsoServerSupportProvider;
import com.elitescloud.boot.auth.util.SecurityContextUtil;
import com.elitescloud.boot.auth.util.SecurityUtil;
import com.elitescloud.boot.redis.util.RedisUtils;
import com.elitescloud.boot.util.DatetimeUtil;
import com.elitescloud.cloudt.common.base.ApiCode;
import com.elitescloud.cloudt.common.base.ApiResult;
import com.elitescloud.cloudt.security.entity.GeneralUserDetails;
import com.elitescloud.cloudt.system.vo.SysUserDTO;
import java.time.Duration;
import java.util.Iterator;
import java.util.List;
import java.util.concurrent.TimeUnit;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.oauth2.server.authorization.authentication.OAuth2ClientAuthenticationToken;
import org.springframework.security.oauth2.server.authorization.web.authentication.ClientSecretBasicAuthenticationConverter;
import org.springframework.security.oauth2.server.authorization.web.authentication.ClientSecretPostAuthenticationConverter;
import org.springframework.security.web.authentication.AuthenticationConverter;
import org.springframework.util.StringUtils;

/* loaded from: input_file:com/elitescloud/boot/auth/provider/sso2/support/impl/DefaultSsoServerSupportProvider.class */
public class DefaultSsoServerSupportProvider implements SsoServerSupportProvider {
    private static final Logger log = LoggerFactory.getLogger(DefaultSsoServerSupportProvider.class);
    protected final Sso2Properties sso2Properties;
    private final RedisUtils redisUtils;
    private final AuthorizationSdkProperties sdkProperties;
    private final ClientTransferHelper clientTransferHelper;
    private final MD5 md5 = MD5.create();
    private final List<AuthenticationConverter> authenticationConverters = List.of(new ClientSecretBasicAuthenticationConverter(), new ClientSecretPostAuthenticationConverter());

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: input_file:com/elitescloud/boot/auth/provider/sso2/support/impl/DefaultSsoServerSupportProvider$ClientInfo.class */
    public static class ClientInfo {
        private final String clientId;
        private final String clientSecret;

        public ClientInfo(String str, String str2) {
            this.clientId = str;
            this.clientSecret = str2;
        }

        public String getClientId() {
            return this.clientId;
        }

        public String getClientSecret() {
            return this.clientSecret;
        }
    }

    public DefaultSsoServerSupportProvider(Sso2Properties sso2Properties, RedisUtils redisUtils, AuthorizationSdkProperties authorizationSdkProperties) {
        this.sso2Properties = sso2Properties;
        this.redisUtils = redisUtils;
        this.sdkProperties = authorizationSdkProperties;
        this.clientTransferHelper = ClientTransferHelper.getInstance(authorizationSdkProperties.getAuthServer());
    }

    @Override // com.elitescloud.boot.auth.provider.sso2.support.SsoServerSupportProvider
    public ApiResult<String> generateTicket(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        String currentToken = SecurityContextUtil.currentToken();
        if (currentToken == null) {
            SecurityUtil.throwUnauthorizedException();
            return ApiResult.fail(ApiCode.UNAUTHORIZED);
        }
        String produceTicket = produceTicket(httpServletRequest, httpServletResponse, currentToken);
        storageTicket(produceTicket, currentToken);
        return ApiResult.ok(produceTicket);
    }

    @Override // com.elitescloud.boot.auth.provider.sso2.support.SsoServerSupportProvider
    public ApiResult<SysUserDTO> getUserDetail(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        if (!validateClient(httpServletRequest)) {
            httpServletResponse.setStatus(401);
            return ApiResult.fail(ApiCode.UNAUTHORIZED, "客户端验证失败");
        }
        String obtainTicket = obtainTicket(httpServletRequest);
        if (CharSequenceUtil.isBlank(obtainTicket)) {
            return ApiResult.fail("票据ticket为空");
        }
        GeneralUserDetails retrieveUserDetails = retrieveUserDetails(httpServletRequest, obtainTicket);
        return retrieveUserDetails == null ? ApiResult.fail("票据ticket不存在或已过期，请重新登录") : ApiResult.ok(retrieveUserDetails.getUser());
    }

    protected boolean validateClient(HttpServletRequest httpServletRequest) {
        if (Boolean.FALSE.equals(this.sso2Properties.getServer().getValidateClient())) {
            return true;
        }
        ClientInfo obtainClient = obtainClient(httpServletRequest);
        if (obtainClient == null) {
            log.info("sso验证客户端异常，未获取到客户端信息");
            return false;
        }
        CloudtOAuth2ClientProperties oauth2Client = this.sdkProperties.getCasClient().getOauth2Client();
        if (oauth2Client == null || CharSequenceUtil.isBlank(oauth2Client.getClientId())) {
            log.warn("未配置OAuth2客户端");
            return false;
        }
        if (oauth2Client.getClientId().equals(obtainClient.getClientId())) {
            return CharSequenceUtil.isBlank(oauth2Client.getClientSecret()) ? CharSequenceUtil.isBlank(obtainClient.getClientSecret()) : oauth2Client.getClientSecret().equals(obtainClient.getClientSecret());
        }
        Result validateClient = this.clientTransferHelper.validateClient(obtainClient.getClientId(), obtainClient.getClientSecret());
        if (Boolean.TRUE.equals(validateClient.getSuccess()) && Boolean.TRUE.equals(validateClient.getData())) {
            return true;
        }
        log.info("校验客户端不通过：{}，{}，{}", new Object[]{obtainClient.getClientId(), obtainClient.getClientSecret(), validateClient});
        return false;
    }

    protected GeneralUserDetails retrieveUserDetails(HttpServletRequest httpServletRequest, String str) {
        String str2 = "cloudt:sso:" + str;
        String str3 = (String) this.redisUtils.get(str2);
        if (CharSequenceUtil.isBlank(str3)) {
            return null;
        }
        GeneralUserDetails convertToken = SecurityContextUtil.convertToken(str3);
        if (Boolean.TRUE.equals(this.sso2Properties.getServer().getExpireTicketOnUsed())) {
            this.redisUtils.del(new String[]{str2});
        }
        convertToken.getUser().setPassword((String) null);
        return convertToken;
    }

    protected String obtainTicket(HttpServletRequest httpServletRequest) {
        String parameter = httpServletRequest.getParameter("ticket");
        return StringUtils.hasText(parameter) ? parameter : httpServletRequest.getHeader("X-Auth-ticket");
    }

    protected String produceTicket(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) {
        String digestHex = this.md5.digestHex(str + "::" + DatetimeUtil.currentTimeLong());
        log.info("produce sso ticket：{}", digestHex);
        return digestHex;
    }

    protected void storageTicket(String str, String str2) {
        Duration ticketTtl = this.sso2Properties.getServer().getTicketTtl();
        this.redisUtils.set("cloudt:sso:" + str, str2, ticketTtl == null ? -1L : ticketTtl.toSeconds(), TimeUnit.SECONDS);
    }

    protected ClientInfo obtainClient(HttpServletRequest httpServletRequest) {
        Iterator<AuthenticationConverter> it = this.authenticationConverters.iterator();
        while (it.hasNext()) {
            try {
                OAuth2ClientAuthenticationToken convert = it.next().convert(httpServletRequest);
                if (convert == null) {
                    continue;
                } else {
                    if (convert instanceof OAuth2ClientAuthenticationToken) {
                        OAuth2ClientAuthenticationToken oAuth2ClientAuthenticationToken = convert;
                        return new ClientInfo((String) oAuth2ClientAuthenticationToken.getPrincipal(), (String) oAuth2ClientAuthenticationToken.getCredentials());
                    }
                    log.warn("解析认证客户端异常：{}", convert.getClass().getName());
                }
            } catch (Exception e) {
                log.warn("解析客户端异常：", e);
            }
        }
        return null;
    }
}
