package com.elitescloud.boot.auth.provider.sso2.support.convert;

import cn.hutool.core.collection.CollUtil;
import cn.hutool.core.lang.Assert;
import cn.hutool.core.text.CharSequenceUtil;
import com.elitescloud.boot.auth.provider.common.LoginParameterNames;
import com.elitescloud.boot.auth.provider.security.grant.InternalAuthenticationGranter;
import com.elitescloud.boot.auth.provider.sso2.common.SsoConvertProperty;
import com.elitescloud.boot.auth.provider.sso2.common.SsoTypeEnum;
import com.elitescloud.boot.auth.provider.sso2.support.convert.properties.OidcSsoConvertProperty;
import com.elitescloud.boot.exception.BusinessException;
import com.elitescloud.boot.util.RestTemplateFactory;
import com.elitescloud.boot.util.RestTemplateHelper;
import java.util.HashMap;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.jetbrains.annotations.Nullable;
import org.springframework.core.ParameterizedTypeReference;
import org.springframework.http.HttpEntity;
import org.springframework.http.HttpMethod;
import org.springframework.security.oauth2.core.AuthorizationGrantType;
import org.springframework.util.LinkedMultiValueMap;

/* loaded from: input_file:com/elitescloud/boot/auth/provider/sso2/support/convert/OidcSsoAuthenticationConvert.class */
public class OidcSsoAuthenticationConvert extends BasePlainSsoAuthenticationConvert {
    private final RestTemplateHelper restTemplateHelper = RestTemplateHelper.instance(RestTemplateFactory.instance());

    @Override // com.elitescloud.boot.auth.provider.sso2.common.SsoAuthenticationConvert
    public SsoTypeEnum supportType() {
        return SsoTypeEnum.OIDC;
    }

    @Override // com.elitescloud.boot.auth.provider.sso2.common.SsoAuthenticationConvert
    public <T extends SsoConvertProperty> Class<T> propertyType() {
        return OidcSsoConvertProperty.class;
    }

    @Override // com.elitescloud.boot.auth.provider.sso2.common.SsoAuthenticationConvert
    @Nullable
    public <T extends SsoConvertProperty> InternalAuthenticationGranter.InternalAuthenticationToken convert(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, T t) {
        OidcSsoConvertProperty oidcSsoConvertProperty = (OidcSsoConvertProperty) t;
        String param = getParam(httpServletRequest, oidcSsoConvertProperty.getParamName(), oidcSsoConvertProperty.getParamIn());
        if (CharSequenceUtil.isBlank(param)) {
            throw new IllegalArgumentException("参数为空:" + oidcSsoConvertProperty.getParamName());
        }
        String queryAccessToken = queryAccessToken(httpServletRequest, param, oidcSsoConvertProperty);
        if (CharSequenceUtil.isBlank(queryAccessToken)) {
            throw new BusinessException("查询认证服务器的授权token为空");
        }
        String queryUsername = queryUsername(queryAccessToken, oidcSsoConvertProperty);
        if (CharSequenceUtil.isBlank(queryUsername)) {
            throw new BusinessException("授权账户为空");
        }
        return new InternalAuthenticationGranter.InternalAuthenticationToken(oidcSsoConvertProperty.getIdType(), queryUsername);
    }

    private String queryUsername(String str, OidcSsoConvertProperty oidcSsoConvertProperty) {
        Assert.notBlank(oidcSsoConvertProperty.getUserInfoEndpoint(), "userInfoEndpoint为空", new Object[0]);
        Assert.notBlank(oidcSsoConvertProperty.getUserInfoParamPath(), "userInfoParamPath为空", new Object[0]);
        LinkedMultiValueMap linkedMultiValueMap = new LinkedMultiValueMap(4);
        linkedMultiValueMap.add("Authorization", "Bearer " + str);
        Map<String, Object> map = (Map) this.restTemplateHelper.exchange(oidcSsoConvertProperty.getUserInfoEndpoint(), HttpMethod.GET, new HttpEntity((Object) null, linkedMultiValueMap), new ParameterizedTypeReference<HashMap<String, Object>>() { // from class: com.elitescloud.boot.auth.provider.sso2.support.convert.OidcSsoAuthenticationConvert.1
        }, new Object[0]);
        if (CollUtil.isEmpty(map)) {
            return null;
        }
        return getValueByPath(oidcSsoConvertProperty.getUserInfoParamPath(), map);
    }

    private String queryAccessToken(HttpServletRequest httpServletRequest, String str, OidcSsoConvertProperty oidcSsoConvertProperty) {
        Assert.notBlank(oidcSsoConvertProperty.getAuthClientId(), "authClientId为空", new Object[0]);
        Assert.notBlank(oidcSsoConvertProperty.getAuthClientSecret(), "authClientSecret为空", new Object[0]);
        Assert.notBlank(oidcSsoConvertProperty.getAccessTokenEndpoint(), "accessTokenEndpoint为空", new Object[0]);
        Assert.notBlank(oidcSsoConvertProperty.getUserInfoEndpoint(), "userInfoEndpoint为空", new Object[0]);
        LinkedMultiValueMap linkedMultiValueMap = new LinkedMultiValueMap(8);
        linkedMultiValueMap.add(LoginParameterNames.CLIENT_ID, oidcSsoConvertProperty.getAuthClientId());
        linkedMultiValueMap.add("client_secret", oidcSsoConvertProperty.getAuthClientSecret());
        linkedMultiValueMap.add("grant_type", AuthorizationGrantType.AUTHORIZATION_CODE.getValue());
        linkedMultiValueMap.add("code", str);
        String param = getParam(httpServletRequest, oidcSsoConvertProperty.getRedirectUriParam(), oidcSsoConvertProperty.getParamIn());
        if (CharSequenceUtil.isBlank(param)) {
            param = oidcSsoConvertProperty.getRedirectUri();
        }
        Assert.notBlank(param, "redirectUri为空", new Object[0]);
        Map map = (Map) this.restTemplateHelper.exchange(oidcSsoConvertProperty.getAccessTokenEndpoint(), HttpMethod.POST, new HttpEntity(linkedMultiValueMap), new ParameterizedTypeReference<HashMap<String, Object>>() { // from class: com.elitescloud.boot.auth.provider.sso2.support.convert.OidcSsoAuthenticationConvert.2
        }, new Object[0]);
        if (CollUtil.isEmpty(map)) {
            return null;
        }
        return (String) map.get("access_token");
    }
}
