package com.elitescloud.boot.auth.provider.sso2.support.impl;

import cn.hutool.core.collection.CollUtil;
import cn.hutool.core.lang.Assert;
import cn.hutool.core.text.CharSequenceUtil;
import com.elitescloud.boot.auth.model.OAuthToken;
import com.elitescloud.boot.auth.provider.common.AuthorizationConstant;
import com.elitescloud.boot.auth.provider.config.properties.Sso2Properties;
import com.elitescloud.boot.auth.provider.security.grant.InternalAuthenticationGranter;
import com.elitescloud.boot.auth.provider.sso2.common.SsoAuthenticationConvert;
import com.elitescloud.boot.auth.provider.sso2.common.SsoConvertProperty;
import com.elitescloud.boot.auth.provider.sso2.support.SsoUnifyClientSupportProvider;
import com.elitescloud.boot.exception.BusinessException;
import com.elitescloud.boot.util.ClassUtil;
import com.elitescloud.boot.util.JSONUtil;
import com.elitescloud.cloudt.common.base.ApiResult;
import java.util.HashSet;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.http.HttpStatus;
import org.springframework.security.core.AuthenticationException;

/* loaded from: input_file:com/elitescloud/boot/auth/provider/sso2/support/impl/SsoUnifyClientSupportProviderImpl.class */
public class SsoUnifyClientSupportProviderImpl implements SsoUnifyClientSupportProvider, InitializingBean {
    private static final Logger logger = LoggerFactory.getLogger(SsoUnifyClientSupportProviderImpl.class);
    private static final String PARAM_AUTH_TYPE = "at";
    private final Sso2Properties sso2Properties;
    private final InternalAuthenticationGranter internalAuthenticationGranter;
    private final List<SsoAuthenticationConvert> authenticationConverts;

    public SsoUnifyClientSupportProviderImpl(Sso2Properties sso2Properties, InternalAuthenticationGranter internalAuthenticationGranter, List<SsoAuthenticationConvert> list) {
        this.sso2Properties = sso2Properties;
        this.internalAuthenticationGranter = internalAuthenticationGranter;
        this.authenticationConverts = list;
    }

    public void afterPropertiesSet() throws Exception {
        if (this.sso2Properties.getUnifyClient() == null) {
            return;
        }
        if (CollUtil.isNotEmpty(this.sso2Properties.getUnifyClient().getClients())) {
            HashSet hashSet = new HashSet();
            for (Sso2Properties.UnifyClientProperty unifyClientProperty : this.sso2Properties.getUnifyClient().getClients()) {
                if (unifyClientProperty.isEnabled()) {
                    Assert.notBlank(unifyClientProperty.getAuthCode(), "授权编码为空", new Object[0]);
                    Assert.isFalse(hashSet.contains(unifyClientProperty.getAuthCode()), "授权编码存在重复：" + unifyClientProperty.getAuthCode(), new Object[0]);
                    hashSet.add(unifyClientProperty.getAuthCode());
                    Assert.notNull(unifyClientProperty.getSsoType(), "存在配置单点登录类型ssoType为空", new Object[0]);
                }
            }
        }
        if (CollUtil.isNotEmpty(this.authenticationConverts)) {
            for (SsoAuthenticationConvert ssoAuthenticationConvert : this.authenticationConverts) {
                if (ssoAuthenticationConvert.supportType() == null) {
                    throw new IllegalStateException(ClassUtil.getTargetClass(ssoAuthenticationConvert).getName() + "的supportType为空");
                }
                if (ssoAuthenticationConvert.propertyType() == null) {
                    throw new IllegalStateException(ClassUtil.getTargetClass(ssoAuthenticationConvert).getName() + "的propertyType为空");
                }
                if (!SsoConvertProperty.class.isAssignableFrom(ssoAuthenticationConvert.propertyType())) {
                    throw new IllegalStateException(ClassUtil.getTargetClass(ssoAuthenticationConvert).getName() + "的propertyType类型错误");
                }
            }
        }
    }

    @Override // com.elitescloud.boot.auth.provider.sso2.support.SsoUnifyClientSupportProvider
    public ApiResult<OAuthToken> authenticate(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        httpServletResponse.setStatus(HttpStatus.UNAUTHORIZED.value());
        Sso2Properties.UnifyClientProperty obtainProperty = obtainProperty(httpServletRequest);
        if (obtainProperty == null) {
            return ApiResult.fail("不支持的认证方式");
        }
        SsoAuthenticationConvert matchConvert = matchConvert(httpServletRequest, obtainProperty);
        if (matchConvert == null) {
            return ApiResult.fail("不支持的认证类型");
        }
        InternalAuthenticationGranter.InternalAuthenticationToken convert = matchConvert.convert(httpServletRequest, httpServletResponse, convertProperty(obtainProperty, matchConvert.propertyType()));
        if (convert == null) {
            return ApiResult.fail("转换认证令牌失败");
        }
        if (CharSequenceUtil.isNotBlank(obtainProperty.getClientId())) {
            httpServletRequest.setAttribute(AuthorizationConstant.REQUEST_ATTRIBUTE_CLIENT_ID, obtainProperty.getClientId());
        }
        try {
            OAuthToken authenticate = this.internalAuthenticationGranter.authenticate(httpServletRequest, httpServletResponse, convert);
            httpServletResponse.setStatus(HttpStatus.OK.value());
            return ApiResult.ok(authenticate);
        } catch (AuthenticationException e) {
            return ApiResult.fail("认证异常，" + e.getMessage());
        }
    }

    private SsoConvertProperty convertProperty(Sso2Properties.UnifyClientProperty unifyClientProperty, Class<?> cls) {
        try {
            SsoConvertProperty ssoConvertProperty = CollUtil.isEmpty(unifyClientProperty.getProperties()) ? (SsoConvertProperty) cls.getDeclaredConstructor(new Class[0]).newInstance(new Object[0]) : (SsoConvertProperty) JSONUtil.convertObj(unifyClientProperty.getProperties(), cls, true);
            ssoConvertProperty.setParamName(unifyClientProperty.getParamName());
            ssoConvertProperty.setParamIn(unifyClientProperty.getParamIn());
            ssoConvertProperty.setIdType(unifyClientProperty.getIdType());
            ssoConvertProperty.setClientId(unifyClientProperty.getClientId());
            ssoConvertProperty.validate();
            return ssoConvertProperty;
        } catch (Exception e) {
            throw new BusinessException("认证异常，请联系管理员", e);
        }
    }

    private Sso2Properties.UnifyClientProperty obtainProperty(HttpServletRequest httpServletRequest) {
        String parameter = httpServletRequest.getParameter(PARAM_AUTH_TYPE);
        if (CharSequenceUtil.isBlank(parameter)) {
            throw new BusinessException("缺少必要的参数：at");
        }
        if (this.sso2Properties.getUnifyClient() == null || CollUtil.isEmpty(this.sso2Properties.getUnifyClient().getClients())) {
            return null;
        }
        for (Sso2Properties.UnifyClientProperty unifyClientProperty : this.sso2Properties.getUnifyClient().getClients()) {
            if (parameter.equals(unifyClientProperty.getAuthCode())) {
                return unifyClientProperty;
            }
        }
        return null;
    }

    private SsoAuthenticationConvert matchConvert(HttpServletRequest httpServletRequest, Sso2Properties.UnifyClientProperty unifyClientProperty) {
        if (CollUtil.isEmpty(this.authenticationConverts) || unifyClientProperty == null) {
            return null;
        }
        for (SsoAuthenticationConvert ssoAuthenticationConvert : this.authenticationConverts) {
            if (ssoAuthenticationConvert.supportType() != null && ssoAuthenticationConvert.supportType() == unifyClientProperty.getSsoType()) {
                return ssoAuthenticationConvert;
            }
        }
        return null;
    }
}
