package com.elitescloud.cloudt.system.modules.wecom.service.impl;

import cn.hutool.core.lang.Assert;
import cn.hutool.core.text.CharSequenceUtil;
import com.elitescloud.boot.SpringContextHolder;
import com.elitescloud.boot.auth.model.OAuthToken;
import com.elitescloud.boot.auth.provider.security.grant.InternalAuthenticationGranter;
import com.elitescloud.boot.exception.BusinessException;
import com.elitescloud.boot.redis.util.RedisUtils;
import com.elitescloud.boot.util.JSONUtil;
import com.elitescloud.boot.util.ObjUtil;
import com.elitescloud.cloudt.common.base.ApiResult;
import com.elitescloud.cloudt.system.config.SystemProperties;
import com.elitescloud.cloudt.system.modules.wecom.common.WecomUserConverter;
import com.elitescloud.cloudt.system.modules.wecom.model.AccessToken;
import com.elitescloud.cloudt.system.modules.wecom.model.login.Code2UserInfoResult;
import com.elitescloud.cloudt.system.modules.wecom.model.login.WecomLoginPropsVO;
import com.elitescloud.cloudt.system.modules.wecom.service.WecomAuthService;
import com.elitescloud.cloudt.system.modules.wecom.util.WeComTool;
import java.util.Optional;
import java.util.concurrent.TimeUnit;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.AuthenticationException;
import org.springframework.stereotype.Component;
import org.springframework.util.StringUtils;
import org.springframework.web.util.UriComponentsBuilder;

@Component
/* loaded from: input_file:com/elitescloud/cloudt/system/modules/wecom/service/impl/WecomAuthServiceImpl.class */
public class WecomAuthServiceImpl implements WecomAuthService {
    private static final Logger logger = LoggerFactory.getLogger(WecomAuthServiceImpl.class);

    @Autowired
    private SystemProperties systemProperties;

    @Autowired
    private WecomUserConverter wecomUserConverter;

    @Autowired
    private InternalAuthenticationGranter internalAuthenticationGranter;

    @Override // com.elitescloud.cloudt.system.modules.wecom.service.WecomAuthService
    public ApiResult<WecomLoginPropsVO> getLoginProps() {
        SystemProperties.WecomAuth wecomAuth = this.systemProperties.getWecomAuth();
        if (CharSequenceUtil.isBlank(wecomAuth.getAppId()) || CharSequenceUtil.isBlank(wecomAuth.getAgentId())) {
            return ApiResult.fail("企业微信未配置");
        }
        WecomLoginPropsVO wecomLoginPropsVO = new WecomLoginPropsVO();
        wecomLoginPropsVO.setAppId(wecomAuth.getAppId());
        wecomLoginPropsVO.setAgentId(wecomAuth.getAgentId());
        wecomLoginPropsVO.setLoginType(wecomAuth.getLoginType());
        return ApiResult.ok(wecomLoginPropsVO);
    }

    @Override // com.elitescloud.cloudt.system.modules.wecom.service.WecomAuthService
    public ApiResult<String> getAuthorizeUrl(String str, String str2) {
        Assert.notBlank(str, "重定向地址为空", new Object[0]);
        SystemProperties.WecomAuth wecomAuth = this.systemProperties.getWecomAuth();
        if (CharSequenceUtil.isBlank(wecomAuth.getAppId()) || CharSequenceUtil.isBlank(wecomAuth.getAgentId())) {
            return ApiResult.fail("企业微信未配置");
        }
        String uriString = UriComponentsBuilder.fromHttpUrl(wecomAuth.getAuthUrl()).queryParam("login_type", new Object[]{wecomAuth.getLoginType()}).queryParam("appid", new Object[]{wecomAuth.getAppId()}).queryParam("agentid", new Object[]{wecomAuth.getAgentId()}).queryParam("redirect_uri", new Object[]{str}).queryParamIfPresent("state", Optional.ofNullable(CharSequenceUtil.blankToDefault(str2, (String) null))).toUriString();
        logger.info("认证地址：{}", uriString);
        return ApiResult.ok(uriString);
    }

    @Override // com.elitescloud.cloudt.system.modules.wecom.service.WecomAuthService
    public ApiResult<OAuthToken> code2Token(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) {
        Assert.notBlank(str, "授权码为空", new Object[0]);
        logger.info("授权码换取token：{}", str);
        SystemProperties.WecomAuth wecomAuth = this.systemProperties.getWecomAuth();
        String accessTokenOfWecom = getAccessTokenOfWecom(wecomAuth.getAppId(), wecomAuth.getAgentSecret());
        Code2UserInfoResult code2UserInfo = WeComTool.code2UserInfo(accessTokenOfWecom, str);
        if (!code2UserInfo.isSuccess()) {
            logger.error("授权码换取用户信息失败：{}", JSONUtil.toJsonString(code2UserInfo));
            return ApiResult.fail("企微认证失败：" + code2UserInfo.getErrcode() + ", " + code2UserInfo.getErrmsg());
        }
        logger.info("授权码换取用户信息：{}, {}", code2UserInfo.getUserid(), code2UserInfo.getExternal_userid());
        try {
            try {
                return ApiResult.ok(this.internalAuthenticationGranter.authenticate(httpServletRequest, httpServletResponse, this.wecomUserConverter.convert(code2UserInfo.getUserid(), code2UserInfo.getUser_ticket(), accessTokenOfWecom)));
            } catch (AuthenticationException e) {
                return ApiResult.fail("认证异常，" + e.getMessage());
            }
        } catch (Exception e2) {
            throw new BusinessException("认证失败" + (e2 instanceof BusinessException ? ", " + e2.getMessage() : ""), e2);
        }
    }

    private static String getAccessTokenOfWecom(String str, String str2) {
        RedisUtils redisUtils = (RedisUtils) SpringContextHolder.getBean(RedisUtils.class);
        String str3 = "wecom:accessToken:" + str + ":" + str2;
        String str4 = (String) redisUtils.get(str3);
        if (StringUtils.hasText(str4)) {
            return str4;
        }
        AccessToken token = WeComTool.getToken(str, str2);
        if (!token.isSuccess()) {
            throw new BusinessException("企业微信授权失败," + String.valueOf(ObjUtil.defaultIfNull(token.getErrcode(), -1)) + ((String) ObjUtil.defaultIfNull(token.getErrmsg(), "")));
        }
        String access_token = token.getAccess_token();
        redisUtils.set(str3, access_token, token.getExpires_in().intValue() - 60, TimeUnit.SECONDS);
        return access_token;
    }
}
