package com.elitescloud.boot.auth.cas.provider.impl;

import com.elitescloud.boot.auth.cas.AuthorizeCacheable;
import com.elitescloud.boot.auth.cas.model.AuthorizeDTO;
import com.elitescloud.boot.auth.cas.model.OAuth2UserInfoDTO;
import com.elitescloud.boot.auth.cas.provider.OAuth2ClientTemplate;
import com.elitescloud.boot.auth.common.AuthSdkConstant;
import com.elitescloud.boot.auth.config.AuthorizationSdkProperties;
import com.elitescloud.boot.auth.config.CloudtOAuth2ClientProperties;
import com.elitescloud.boot.auth.model.OAuthToken;
import com.elitescloud.boot.auth.resolver.UniqueRequestResolver;
import com.elitescloud.boot.auth.resolver.impl.DefaultUniquestResolver;
import com.elitescloud.boot.auth.util.AuthSdkUtil;
import com.elitescloud.boot.util.ObjectMapperFactory;
import com.elitescloud.boot.util.RestTemplateFactory;
import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.github.benmanes.caffeine.cache.Cache;
import com.github.benmanes.caffeine.cache.Caffeine;
import java.net.URI;
import java.time.Duration;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import java.util.function.Function;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.validation.constraints.NotNull;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.core.ParameterizedTypeReference;
import org.springframework.http.HttpEntity;
import org.springframework.http.HttpMethod;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.security.oauth2.core.AuthorizationGrantType;
import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
import org.springframework.util.Assert;
import org.springframework.util.LinkedMultiValueMap;
import org.springframework.util.StringUtils;
import org.springframework.web.client.RestTemplate;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;

/* loaded from: input_file:com/elitescloud/boot/auth/cas/provider/impl/DefaultOAuth2ClientTemplate.class */
public class DefaultOAuth2ClientTemplate implements OAuth2ClientTemplate {
    private static final Logger LOG = LoggerFactory.getLogger(DefaultOAuth2ClientTemplate.class);
    protected static final String PARAM_REDIRECT_URL = "redirectUrl";
    protected static final String PARAM_STATE = "state";
    private final AuthorizationSdkProperties sdkProperties;
    private final AuthorizeCacheable authorizeCacheable;
    protected ObjectMapper objectMapper = ObjectMapperFactory.instance();
    protected UniqueRequestResolver uniqueRequestResolver = new DefaultUniquestResolver("X-Auth-Cas-Client");
    protected RestTemplate restTemplate = RestTemplateFactory.dynamicInstance((Function) null, new String[]{AuthSdkConstant.serverName});
    private final Map<String, EndpointInfo> endpointInfoMap = new HashMap(4);
    private final Map<String, CloudtOAuth2ClientProperties> clientPropertiesMap = new HashMap(4);

    /* loaded from: input_file:com/elitescloud/boot/auth/cas/provider/impl/DefaultOAuth2ClientTemplate$AuthorizeCacheDefault.class */
    static class AuthorizeCacheDefault implements AuthorizeCacheable {
        private final Cache<String, AuthorizeDTO> authorizeCache = Caffeine.newBuilder().maximumSize(2000).expireAfterWrite(Duration.ofMinutes(60)).build();

        @Override // com.elitescloud.boot.auth.cas.AuthorizeCacheable
        public void setCache(String str, AuthorizeDTO authorizeDTO) {
            this.authorizeCache.put(str, authorizeDTO);
        }

        @Override // com.elitescloud.boot.auth.cas.AuthorizeCacheable
        public AuthorizeDTO get(String str) {
            return (AuthorizeDTO) this.authorizeCache.getIfPresent(str);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: input_file:com/elitescloud/boot/auth/cas/provider/impl/DefaultOAuth2ClientTemplate$EndpointInfo.class */
    public static class EndpointInfo {
        private String serverAddr;
        private String authorizeEndpoint;
        private String tokenEndpoint;
        private String userinfoEndpoint;
        private String revocationEndpoint;
        private String jwksUri;

        protected EndpointInfo() {
        }

        public String getServerAddr() {
            return this.serverAddr;
        }

        public void setServerAddr(String str) {
            this.serverAddr = str;
        }

        public String getAuthorizeEndpoint() {
            return this.authorizeEndpoint;
        }

        public void setAuthorizeEndpoint(String str) {
            this.authorizeEndpoint = str;
        }

        public String getTokenEndpoint() {
            return this.tokenEndpoint;
        }

        public void setTokenEndpoint(String str) {
            this.tokenEndpoint = str;
        }

        public String getUserinfoEndpoint() {
            return this.userinfoEndpoint;
        }

        public void setUserinfoEndpoint(String str) {
            this.userinfoEndpoint = str;
        }

        public String getRevocationEndpoint() {
            return this.revocationEndpoint;
        }

        public void setRevocationEndpoint(String str) {
            this.revocationEndpoint = str;
        }

        public String getJwksUri() {
            return this.jwksUri;
        }

        public void setJwksUri(String str) {
            this.jwksUri = str;
        }
    }

    public DefaultOAuth2ClientTemplate(AuthorizationSdkProperties authorizationSdkProperties, AuthorizeCacheable authorizeCacheable) {
        this.sdkProperties = authorizationSdkProperties;
        this.authorizeCacheable = authorizeCacheable == null ? new AuthorizeCacheDefault() : authorizeCacheable;
    }

    @Override // com.elitescloud.boot.auth.cas.provider.OAuth2ClientTemplate
    public AuthorizeDTO generateAuthorizeInfo(HttpServletRequest httpServletRequest, @NotNull HttpServletResponse httpServletResponse) {
        CloudtOAuth2ClientProperties detectOAuth2ClientProperties = detectOAuth2ClientProperties(httpServletRequest);
        Assert.notNull(detectOAuth2ClientProperties, "OAuth2客户端未配置");
        this.clientPropertiesMap.put(detectOAuth2ClientProperties.getClientId(), detectOAuth2ClientProperties);
        EndpointInfo endpointInfo = this.endpointInfoMap.get(detectOAuth2ClientProperties.getClientId());
        if (endpointInfo == null) {
            endpointInfo = buildEndpointInfo(detectOAuth2ClientProperties);
            if (endpointInfo == null) {
                throw new OAuth2AuthenticationException("OAuth2客户端初始化失败，请联系管理员检查配置");
            }
            this.endpointInfoMap.put(detectOAuth2ClientProperties.getClientId(), endpointInfo);
        }
        AuthorizeDTO authorizeDTO = new AuthorizeDTO();
        authorizeDTO.setAuthorizeEndpoint(endpointInfo.getAuthorizeEndpoint());
        authorizeDTO.setClientId(detectOAuth2ClientProperties.getClientId());
        authorizeDTO.setResponseType("code");
        authorizeDTO.setScope("openid");
        authorizeDTO.setRedirectUri(obtainRedirectUrl(httpServletRequest, detectOAuth2ClientProperties));
        if (this.sdkProperties.getCasClient().getOauth2Client().isPkceEnabled()) {
            authorizeDTO.setCodeVerifier(AuthSdkUtil.generateCodeVerifier());
            authorizeDTO.setCodeChallengeMethod("S256");
            authorizeDTO.setCodeChallenge(AuthSdkUtil.generateCodeChallenge(authorizeDTO.getCodeVerifier()));
        }
        authorizeDTO.setAuthServer(endpointInfo.getServerAddr());
        authorizeDTO.setState(httpServletRequest.getParameter(PARAM_STATE));
        authorizeDTO.setLogoutUrl(normalizeEndpoint(endpointInfo.getServerAddr(), buildLogoutUri(detectOAuth2ClientProperties, authorizeDTO.getRedirectUri())));
        this.authorizeCacheable.setCache(this.uniqueRequestResolver.signRequest(httpServletResponse), authorizeDTO);
        return authorizeDTO;
    }

    @Override // com.elitescloud.boot.auth.cas.provider.OAuth2ClientTemplate
    public OAuthToken code2Token(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) {
        String analyze = this.uniqueRequestResolver.analyze(httpServletRequest);
        AuthorizeDTO authorizeDTO = null;
        if (StringUtils.hasText(analyze)) {
            authorizeDTO = this.authorizeCacheable.get(analyze);
        }
        CloudtOAuth2ClientProperties cloudtOAuth2ClientProperties = null;
        if (authorizeDTO != null) {
            cloudtOAuth2ClientProperties = this.clientPropertiesMap.get(authorizeDTO.getClientId());
        }
        if (cloudtOAuth2ClientProperties == null) {
            LOG.info("未获取到已认证信息，尝试获取默认配置信息...");
            cloudtOAuth2ClientProperties = detectOAuth2ClientProperties(httpServletRequest);
        }
        if (cloudtOAuth2ClientProperties == null) {
            LOG.info("获取认证信息失败：{}，或已超时", analyze);
            throw new OAuth2AuthenticationException("系统繁忙，请稍后再试");
        }
        EndpointInfo endpointInfo = this.endpointInfoMap.get(cloudtOAuth2ClientProperties.getClientId());
        if (endpointInfo == null) {
            endpointInfo = buildEndpointInfo(cloudtOAuth2ClientProperties);
        }
        LinkedMultiValueMap linkedMultiValueMap = new LinkedMultiValueMap(8);
        linkedMultiValueMap.add("client_id", cloudtOAuth2ClientProperties.getClientId());
        linkedMultiValueMap.add("client_secret", cloudtOAuth2ClientProperties.getClientSecret());
        linkedMultiValueMap.add("grant_type", AuthorizationGrantType.AUTHORIZATION_CODE.getValue());
        linkedMultiValueMap.add("code", str);
        String redirectUrl = authorizeDTO == null ? cloudtOAuth2ClientProperties.getRedirectUrl() : authorizeDTO.getRedirectUri();
        if (StringUtils.hasText(redirectUrl)) {
            linkedMultiValueMap.add("redirect_uri", redirectUrl);
        }
        if (authorizeDTO != null && StringUtils.hasText(authorizeDTO.getCodeVerifier())) {
            LOG.info("codeVerifier：{}", authorizeDTO.getCodeVerifier());
            linkedMultiValueMap.add("code_verifier", authorizeDTO.getCodeVerifier());
        }
        try {
            ResponseEntity exchange = this.restTemplate.exchange(endpointInfo.getTokenEndpoint(), HttpMethod.POST, new HttpEntity(linkedMultiValueMap), new ParameterizedTypeReference<HashMap<String, Object>>() { // from class: com.elitescloud.boot.auth.cas.provider.impl.DefaultOAuth2ClientTemplate.1
            }, new Object[0]);
            if (exchange.getStatusCode().is2xxSuccessful()) {
                this.uniqueRequestResolver.clear(httpServletResponse, analyze);
                return convertAuthToken((Map) exchange.getBody());
            }
            LOG.error("授权码转token失败，参数：{}, 响应：{}", this.objectMapper.writeValueAsString(linkedMultiValueMap), exchange);
            if (exchange.getStatusCode() == HttpStatus.UNAUTHORIZED) {
                throw new OAuth2AuthenticationException("认证失败，请稍后重试！");
            }
            return null;
        } catch (Exception e) {
            if (e instanceof OAuth2AuthenticationException) {
                throw e;
            }
            try {
                LOG.error("获取认证token异常，参数：" + this.objectMapper.writeValueAsString(linkedMultiValueMap) + ", ：", e);
                return null;
            } catch (JsonProcessingException e2) {
                LOG.error("获取认证token异常，打印入参异常，", e);
                return null;
            }
        }
    }

    @Override // com.elitescloud.boot.auth.cas.provider.OAuth2ClientTemplate
    public OAuth2UserInfoDTO getUserInfo(HttpServletRequest httpServletRequest, String str, String str2) {
        Assert.hasText(str, "token类型为空");
        Assert.hasText(str2, "token为空");
        CloudtOAuth2ClientProperties detectOAuth2ClientProperties = detectOAuth2ClientProperties(httpServletRequest);
        Assert.notNull(detectOAuth2ClientProperties, "未获取到有效的客户端配置");
        EndpointInfo endpointInfo = this.endpointInfoMap.get(detectOAuth2ClientProperties.getClientId());
        if (endpointInfo == null) {
            endpointInfo = buildEndpointInfo(detectOAuth2ClientProperties);
        }
        LinkedMultiValueMap linkedMultiValueMap = new LinkedMultiValueMap(4);
        linkedMultiValueMap.add("Authorization", str + " " + str2);
        try {
            ResponseEntity exchange = this.restTemplate.exchange(endpointInfo.getUserinfoEndpoint(), HttpMethod.GET, new HttpEntity((Object) null, linkedMultiValueMap), new ParameterizedTypeReference<OAuth2UserInfoDTO>() { // from class: com.elitescloud.boot.auth.cas.provider.impl.DefaultOAuth2ClientTemplate.2
            }, new Object[0]);
            if (exchange.getStatusCode().is2xxSuccessful()) {
                return (OAuth2UserInfoDTO) exchange.getBody();
            }
            LOG.error("获取用户信息失败，token：{}，响应：{}", str + " " + str2, exchange);
            return null;
        } catch (Exception e) {
            LOG.error("获取用户信息异常，token:{}，异常：", str + " " + str2, e);
            return null;
        }
    }

    @Override // com.elitescloud.boot.auth.cas.provider.OAuth2ClientTemplate
    public OAuthToken clientToken() {
        CloudtOAuth2ClientProperties detectOAuth2ClientProperties = detectOAuth2ClientProperties(null);
        Assert.notNull(detectOAuth2ClientProperties, "未获取到有效的客户端配置");
        EndpointInfo endpointInfo = this.endpointInfoMap.get(detectOAuth2ClientProperties.getClientId());
        if (endpointInfo == null) {
            endpointInfo = buildEndpointInfo(detectOAuth2ClientProperties);
        }
        LinkedMultiValueMap linkedMultiValueMap = new LinkedMultiValueMap(8);
        linkedMultiValueMap.add("grant_type", AuthorizationGrantType.CLIENT_CREDENTIALS.getValue());
        linkedMultiValueMap.add("client_id", detectOAuth2ClientProperties.getClientId());
        linkedMultiValueMap.add("client_secret", detectOAuth2ClientProperties.getClientSecret());
        try {
            ResponseEntity exchange = this.restTemplate.exchange(endpointInfo.getTokenEndpoint(), HttpMethod.POST, new HttpEntity(linkedMultiValueMap), new ParameterizedTypeReference<OAuthToken>() { // from class: com.elitescloud.boot.auth.cas.provider.impl.DefaultOAuth2ClientTemplate.3
            }, new Object[0]);
            if (exchange.getStatusCode().is2xxSuccessful()) {
                return (OAuthToken) exchange.getBody();
            }
            LOG.error("生成token失败：{}", exchange.getStatusCode());
            return null;
        } catch (Exception e) {
            LOG.error("获取认证token失败：", e);
            return null;
        }
    }

    @Override // com.elitescloud.boot.auth.cas.provider.OAuth2ClientTemplate
    public Boolean revokeToken(String str) {
        ResponseEntity exchange;
        Assert.hasText(str, "token为空");
        CloudtOAuth2ClientProperties detectOAuth2ClientProperties = detectOAuth2ClientProperties(null);
        Assert.notNull(detectOAuth2ClientProperties, "未获取到有效的客户端配置");
        EndpointInfo endpointInfo = this.endpointInfoMap.get(detectOAuth2ClientProperties.getClientId());
        if (endpointInfo == null) {
            endpointInfo = buildEndpointInfo(detectOAuth2ClientProperties);
        }
        LinkedMultiValueMap linkedMultiValueMap = new LinkedMultiValueMap(8);
        linkedMultiValueMap.add("client_id", this.sdkProperties.getCasClient().getOauth2Client().getClientId());
        linkedMultiValueMap.add("client_secret", this.sdkProperties.getCasClient().getOauth2Client().getClientSecret());
        linkedMultiValueMap.add("token", str);
        try {
            exchange = this.restTemplate.exchange(endpointInfo.getRevocationEndpoint(), HttpMethod.POST, new HttpEntity(linkedMultiValueMap), new ParameterizedTypeReference<String>() { // from class: com.elitescloud.boot.auth.cas.provider.impl.DefaultOAuth2ClientTemplate.4
            }, new Object[0]);
        } catch (Exception e) {
            LOG.error("注销token失败：", e);
        }
        if (exchange.getStatusCode().is2xxSuccessful()) {
            return true;
        }
        LOG.error("注销token失败：{}", exchange.getStatusCode());
        return false;
    }

    public void setUniqueRequestResolver(UniqueRequestResolver uniqueRequestResolver) {
        this.uniqueRequestResolver = uniqueRequestResolver;
    }

    public void setObjectMapper(ObjectMapper objectMapper) {
        this.objectMapper = objectMapper;
    }

    protected CloudtOAuth2ClientProperties detectOAuth2ClientProperties(HttpServletRequest httpServletRequest) {
        return this.sdkProperties.getCasClient().getOauth2Client();
    }

    protected OAuthToken convertAuthToken(Map<String, Object> map) {
        try {
            return (OAuthToken) this.objectMapper.convertValue(map, OAuthToken.class);
        } catch (Exception e) {
            String str = null;
            try {
                str = this.objectMapper.writeValueAsString(map);
            } catch (JsonProcessingException e2) {
                LOG.info("json转字符串异常：", e2);
            }
            LOG.error("转换token失败：{}", str, e);
            return null;
        }
    }

    protected String redirectUrlNameOfLogout() {
        return PARAM_REDIRECT_URL;
    }

    private EndpointInfo buildEndpointInfo(CloudtOAuth2ClientProperties cloudtOAuth2ClientProperties) {
        String detectServerAddr = detectServerAddr(cloudtOAuth2ClientProperties);
        EndpointInfo endpointInfo = new EndpointInfo();
        endpointInfo.setServerAddr(detectServerAddr);
        if (!cloudtOAuth2ClientProperties.isDetectEndpoint()) {
            endpointInfo.setAuthorizeEndpoint(normalizeEndpoint(detectServerAddr, cloudtOAuth2ClientProperties.getAuthorizeEndpoint()));
            endpointInfo.setTokenEndpoint(normalizeEndpoint(detectServerAddr, cloudtOAuth2ClientProperties.getTokenEndpoint()));
            endpointInfo.setUserinfoEndpoint(normalizeEndpoint(detectServerAddr, cloudtOAuth2ClientProperties.getUserinfoEndpoint()));
            endpointInfo.setRevocationEndpoint(normalizeEndpoint(detectServerAddr, cloudtOAuth2ClientProperties.getRevocationEndpoint()));
            endpointInfo.setJwksUri(normalizeEndpoint(detectServerAddr, cloudtOAuth2ClientProperties.getJwksUri()));
            return endpointInfo;
        }
        Map<String, Object> restExchangeByGet = restExchangeByGet(normalizeEndpoint(detectServerAddr, cloudtOAuth2ClientProperties.getMetadataEndpoint()));
        if (restExchangeByGet == null) {
            return null;
        }
        endpointInfo.setServerAddr((String) restExchangeByGet.get("issuer"));
        endpointInfo.setAuthorizeEndpoint((String) restExchangeByGet.get("authorization_endpoint"));
        endpointInfo.setTokenEndpoint((String) restExchangeByGet.get("token_endpoint"));
        endpointInfo.setUserinfoEndpoint((String) restExchangeByGet.get("userinfo_endpoint"));
        endpointInfo.setRevocationEndpoint((String) restExchangeByGet.get("revocation_endpoint"));
        endpointInfo.setJwksUri((String) restExchangeByGet.get("jwks_uri"));
        return endpointInfo;
    }

    private String detectServerAddr(CloudtOAuth2ClientProperties cloudtOAuth2ClientProperties) {
        HttpServletRequest currentRequest;
        String serverAddr = StringUtils.hasText(cloudtOAuth2ClientProperties.getServerAddr()) ? cloudtOAuth2ClientProperties.getServerAddr() : this.sdkProperties.getAuthServer();
        String detectServerAddrHeader = cloudtOAuth2ClientProperties.getDetectServerAddrHeader();
        if (StringUtils.hasText(detectServerAddrHeader) && (currentRequest = currentRequest()) != null) {
            String header = currentRequest.getHeader(detectServerAddrHeader);
            if (!StringUtils.hasText(header)) {
                return serverAddr;
            }
            LOG.info("detect serverAddr from header：{}，{}", detectServerAddrHeader, header);
            try {
                return header.substring(0, header.indexOf(URI.create(header).getPath()));
            } catch (Exception e) {
                throw new IllegalArgumentException("获取认证服务地址异常，解析请求头失败：" + header);
            }
        }
        return serverAddr;
    }

    private static HttpServletRequest currentRequest() {
        ServletRequestAttributes requestAttributes = RequestContextHolder.getRequestAttributes();
        if (requestAttributes == null) {
            return null;
        }
        return requestAttributes.getRequest();
    }

    private String buildLogoutUri(CloudtOAuth2ClientProperties cloudtOAuth2ClientProperties, String str) {
        String logoutUri = cloudtOAuth2ClientProperties.getLogoutUri();
        if (!StringUtils.hasText(logoutUri)) {
            return null;
        }
        String redirectUrlNameOfLogout = redirectUrlNameOfLogout();
        if (!StringUtils.hasText(redirectUrlNameOfLogout)) {
            return logoutUri;
        }
        int indexOf = logoutUri.indexOf("?");
        return indexOf < 1 ? logoutUri + "?" + redirectUrlNameOfLogout + "=" + str : logoutUri.substring(indexOf).contains(redirectUrlNameOfLogout) ? logoutUri : logoutUri + "&" + redirectUrlNameOfLogout + "=" + str;
    }

    private String obtainRedirectUrl(HttpServletRequest httpServletRequest, CloudtOAuth2ClientProperties cloudtOAuth2ClientProperties) {
        String parameter = httpServletRequest.getParameter(PARAM_REDIRECT_URL);
        return StringUtils.hasText(parameter) ? parameter : cloudtOAuth2ClientProperties.getRedirectUrl();
    }

    private void fillClientAuthentication(CloudtOAuth2ClientProperties cloudtOAuth2ClientProperties, HttpEntity httpEntity) {
        cloudtOAuth2ClientProperties.getClientAuthenticationMethod();
    }

    private String normalizeEndpoint(String str, String str2) {
        if (!StringUtils.hasText(str2)) {
            return str;
        }
        if (str2.toLowerCase().startsWith("http")) {
            return str2;
        }
        Assert.hasText(str, "serverAddr为空");
        if (str.endsWith("/")) {
            str = str.substring(0, str.length() - 1);
        }
        if (!str2.startsWith("/")) {
            str2 = "/" + str2;
        }
        return str + str2;
    }

    private Map<String, Object> restExchangeByGet(String str) {
        ResponseEntity exchange;
        try {
            exchange = this.restTemplate.exchange(str, HttpMethod.GET, (HttpEntity) null, new ParameterizedTypeReference<Map<String, Object>>() { // from class: com.elitescloud.boot.auth.cas.provider.impl.DefaultOAuth2ClientTemplate.5
            }, new Object[0]);
        } catch (Exception e) {
            LOG.error("查询OAuth2服务端配置异常", e);
        }
        if (exchange.getStatusCode().is2xxSuccessful()) {
            LOG.info("查询OAuth2服务端配置成功：{}", exchange.getBody());
            return (Map) exchange.getBody();
        }
        LOG.warn("查询OAuth2服务端配置失败：{}", exchange.getStatusCode());
        return Collections.emptyMap();
    }
}
