package com.elitesland.cloudt.authorization.api.provider.security.handler.oauth2.server;

import cn.hutool.core.text.CharSequenceUtil;
import com.elitesland.cloudt.authorization.api.client.common.AuthorizationException;
import com.elitesland.cloudt.authorization.api.client.config.AuthorizationProperties;
import com.elitesland.cloudt.authorization.api.client.config.support.AuthenticationCache;
import com.elitesland.cloudt.authorization.api.client.model.OAuthToken;
import com.elitesland.cloudt.authorization.api.provider.security.generator.token.TokenGenerator;
import com.elitesland.cloudt.authorization.api.provider.security.handler.oauth2.server.support.OAuth2AuthorizationCodeRequestCache;
import com.elitesland.yst.common.base.ApiResult;
import com.elitesland.yst.security.entity.GeneralUserDetails;
import java.io.IOException;
import java.security.Principal;
import java.time.Duration;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.springframework.security.core.Authentication;
import org.springframework.security.oauth2.core.AuthorizationGrantType;
import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest;
import org.springframework.security.oauth2.server.authorization.OAuth2Authorization;
import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService;
import org.springframework.security.oauth2.server.authorization.authentication.OAuth2AuthorizationCodeRequestAuthenticationToken;
import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.security.web.savedrequest.DefaultSavedRequest;
import org.springframework.security.web.savedrequest.HttpSessionRequestCache;
import org.springframework.security.web.savedrequest.RequestCache;
import org.springframework.security.web.savedrequest.SavedRequest;
import org.springframework.util.CollectionUtils;
import org.springframework.util.StringUtils;

/* loaded from: input_file:com/elitesland/cloudt/authorization/api/provider/security/handler/oauth2/server/OAuth2ServerAuthenticationSuccessHandler.class */
public class OAuth2ServerAuthenticationSuccessHandler extends AbstractOAuth2ServerHandler implements AuthenticationSuccessHandler {
    private static final Logger log = LogManager.getLogger(OAuth2ServerAuthenticationSuccessHandler.class);
    private final RequestCache requestCache = new HttpSessionRequestCache();
    private final String authorizationEndpoint;
    private final AuthorizationProperties authorizationProperties;
    private final OAuth2AuthorizationCodeRequestCache authorizationCodeRequestCache;
    private final RegisteredClientRepository clientRepository;
    private final OAuth2AuthorizationService oAuth2AuthorizationService;
    private TokenGenerator tokenGenerator;
    private AuthenticationCache authenticationCache;

    public OAuth2ServerAuthenticationSuccessHandler(String str, AuthorizationProperties authorizationProperties, OAuth2AuthorizationCodeRequestCache oAuth2AuthorizationCodeRequestCache, RegisteredClientRepository registeredClientRepository, OAuth2AuthorizationService oAuth2AuthorizationService) {
        this.authorizationEndpoint = str;
        this.authorizationProperties = authorizationProperties;
        this.authorizationCodeRequestCache = oAuth2AuthorizationCodeRequestCache;
        this.clientRepository = registeredClientRepository;
        this.oAuth2AuthorizationService = oAuth2AuthorizationService;
    }

    public void onAuthenticationSuccess(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) throws IOException, ServletException {
        if (attemptToHandleOAuth2Response(httpServletRequest, httpServletResponse, authentication, this.requestCache.getRequest(httpServletRequest, httpServletResponse))) {
            return;
        }
        writeResponse(httpServletResponse, ApiResult.ok(generateToken(authentication)));
    }

    private OAuthToken generateToken(Authentication authentication) {
        if (this.tokenGenerator == null || this.authenticationCache == null || !(authentication.getPrincipal() instanceof GeneralUserDetails)) {
            return null;
        }
        OAuthToken generate = this.tokenGenerator.generate(authentication);
        this.authenticationCache.setUserDetail(generate.getAccessToken(), (GeneralUserDetails) authentication.getPrincipal(), cachePrincipalDuration());
        return generate;
    }

    private Duration cachePrincipalDuration() {
        if (this.authorizationProperties.getTokenTtl() == null || this.authorizationProperties.getTokenTtl().getSeconds() <= 0) {
            return null;
        }
        return this.authorizationProperties.getTokenTtl();
    }

    private boolean attemptToHandleOAuth2Response(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication, SavedRequest savedRequest) throws IOException {
        if (savedRequest != null) {
            if (!CharSequenceUtil.equals(obtainServletPath(savedRequest), this.authorizationEndpoint)) {
                return false;
            }
            if (supportRedirect(savedRequest)) {
                sendRedirect(httpServletRequest, httpServletResponse, savedRequest.getRedirectUrl());
                return true;
            }
        }
        String parameter = httpServletRequest.getParameter("state");
        if (!StringUtils.hasText(parameter)) {
            log.warn("缺少state参数，无法确定为OAuth2请求");
            return false;
        }
        OAuth2AuthorizationCodeRequestAuthenticationToken authenticationToken = this.authorizationCodeRequestCache.getAuthenticationToken(parameter);
        if (authenticationToken == null) {
            log.error("未找到授权码认证请求信息：{}", parameter);
            writeResponse(httpServletResponse, ApiResult.fail("认证信息已超时，请重新认证"));
            return true;
        }
        RegisteredClient findByClientId = this.clientRepository.findByClientId(authenticationToken.getClientId());
        if (findByClientId == null) {
            writeResponse(httpServletResponse, ApiResult.fail("客户端不存在或已禁用"));
            return true;
        }
        this.oAuth2AuthorizationService.save(authorizationBuilder(findByClientId, authentication, OAuth2AuthorizationRequest.authorizationCode().authorizationUri(authenticationToken.getAuthorizationUri()).clientId(authenticationToken.getClientId()).redirectUri(authenticationToken.getRedirectUri()).scopes(authenticationToken.getScopes()).state(authenticationToken.getState()).additionalParameters(authenticationToken.getAdditionalParameters()).build()).attribute("state", authenticationToken.getState()).attribute("client_id", authenticationToken.getClientId()).build());
        this.authorizationCodeRequestCache.removeAuthenticationToken(parameter);
        String str = CollectionUtils.isEmpty(findByClientId.getRedirectUris()) ? null : (String) findByClientId.getRedirectUris().stream().filter((v0) -> {
            return CharSequenceUtil.isNotBlank(v0);
        }).findFirst().orElse(null);
        if (StringUtils.hasText(str)) {
            sendRedirect(httpServletRequest, httpServletResponse, str);
            return true;
        }
        writeResponse(httpServletResponse, ApiResult.ok("认证成功"));
        return true;
    }

    private String obtainServletPath(SavedRequest savedRequest) {
        if (savedRequest instanceof DefaultSavedRequest) {
            return ((DefaultSavedRequest) savedRequest).getServletPath();
        }
        throw new AuthorizationException("暂不支持的SavedRequest类型");
    }

    private static OAuth2Authorization.Builder authorizationBuilder(RegisteredClient registeredClient, Authentication authentication, OAuth2AuthorizationRequest oAuth2AuthorizationRequest) {
        return OAuth2Authorization.withRegisteredClient(registeredClient).principalName(authentication.getName()).authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE).attribute(Principal.class.getName(), authentication).attribute(OAuth2AuthorizationRequest.class.getName(), oAuth2AuthorizationRequest);
    }

    public void setTokenGenerator(TokenGenerator tokenGenerator) {
        this.tokenGenerator = tokenGenerator;
    }

    public void setAuthenticationCache(AuthenticationCache authenticationCache) {
        this.authenticationCache = authenticationCache;
    }
}
