package cn.herodotus.engine.oauth2.server.authorization.service;

import cn.herodotus.engine.assistant.core.enums.Target;
import cn.herodotus.engine.assistant.core.exception.transaction.TransactionRollbackException;
import cn.herodotus.engine.data.core.repository.BaseRepository;
import cn.herodotus.engine.data.core.service.BaseLayeredService;
import cn.herodotus.engine.oauth2.core.properties.SecurityProperties;
import cn.herodotus.engine.oauth2.data.jpa.repository.HerodotusRegisteredClientRepository;
import cn.herodotus.engine.oauth2.data.jpa.utils.OAuth2AuthorizationUtils;
import cn.herodotus.engine.oauth2.server.authorization.entity.OAuth2Application;
import cn.herodotus.engine.oauth2.server.authorization.entity.OAuth2Scope;
import cn.herodotus.engine.oauth2.server.authorization.repository.OAuth2ApplicationRepository;
import cn.hutool.core.date.DateUtil;
import java.util.HashSet;
import java.util.Set;
import org.apache.commons.lang3.ObjectUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.oauth2.core.OAuth2TokenFormat;
import org.springframework.security.oauth2.jose.jws.SignatureAlgorithm;
import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository;
import org.springframework.security.oauth2.server.authorization.config.ClientSettings;
import org.springframework.security.oauth2.server.authorization.config.TokenSettings;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.util.StringUtils;

@Service
/* loaded from: input_file:cn/herodotus/engine/oauth2/server/authorization/service/OAuth2ApplicationService.class */
public class OAuth2ApplicationService extends BaseLayeredService<OAuth2Application, String> {
    private static final Logger log = LoggerFactory.getLogger(OAuth2ApplicationService.class);
    private final RegisteredClientRepository registeredClientRepository;
    private final HerodotusRegisteredClientRepository herodotusRegisteredClientRepository;
    private final OAuth2ApplicationRepository applicationRepository;
    private final SecurityProperties securityProperties;

    @Autowired
    public OAuth2ApplicationService(RegisteredClientRepository registeredClientRepository, HerodotusRegisteredClientRepository herodotusRegisteredClientRepository, OAuth2ApplicationRepository oAuth2ApplicationRepository, SecurityProperties securityProperties) {
        this.registeredClientRepository = registeredClientRepository;
        this.herodotusRegisteredClientRepository = herodotusRegisteredClientRepository;
        this.applicationRepository = oAuth2ApplicationRepository;
        this.securityProperties = securityProperties;
    }

    public BaseRepository<OAuth2Application, String> getRepository() {
        return this.applicationRepository;
    }

    @Transactional(rollbackFor = {TransactionRollbackException.class})
    public OAuth2Application saveOrUpdate(OAuth2Application oAuth2Application) {
        OAuth2Application oAuth2Application2 = (OAuth2Application) super.saveOrUpdate(oAuth2Application);
        if (!ObjectUtils.isNotEmpty(oAuth2Application2)) {
            log.error("[Herodotus] |- OAuth2ApplicationService saveOrUpdate error, rollback data!");
            throw new NullPointerException("save or update OAuth2Application failed");
        }
        this.registeredClientRepository.save(toRegisteredClient(oAuth2Application2));
        log.debug("[Herodotus] |- OAuth2ApplicationService saveOrUpdate.");
        return oAuth2Application2;
    }

    @Transactional(rollbackFor = {TransactionRollbackException.class})
    public void deleteById(String str) {
        super.deleteById(str);
        this.herodotusRegisteredClientRepository.deleteById(str);
        log.debug("[Herodotus] |- OAuth2ApplicationService deleteById.");
    }

    public OAuth2Application authorize(String str, String[] strArr) {
        HashSet hashSet = new HashSet();
        for (String str2 : strArr) {
            OAuth2Scope oAuth2Scope = new OAuth2Scope();
            oAuth2Scope.setScopeId(str2);
            hashSet.add(oAuth2Scope);
        }
        OAuth2Application oAuth2Application = (OAuth2Application) findById(str);
        oAuth2Application.setScopes(hashSet);
        OAuth2Application saveOrUpdate = saveOrUpdate(oAuth2Application);
        log.debug("[Herodotus] |- OAuth2ApplicationService assign.");
        return saveOrUpdate;
    }

    public OAuth2Application findByClientId(String str) {
        OAuth2Application findByClientId = this.applicationRepository.findByClientId(str);
        log.debug("[Herodotus] |- OAuth2ApplicationService findByClientId.");
        return findByClientId;
    }

    private RegisteredClient toRegisteredClient(OAuth2Application oAuth2Application) {
        Set commaDelimitedListToSet = StringUtils.commaDelimitedListToSet(oAuth2Application.getClientAuthenticationMethods());
        Set commaDelimitedListToSet2 = StringUtils.commaDelimitedListToSet(oAuth2Application.getAuthorizationGrantTypes());
        Set commaDelimitedListToSet3 = StringUtils.commaDelimitedListToSet(oAuth2Application.getRedirectUris());
        Set<OAuth2Scope> scopes = oAuth2Application.getScopes();
        return RegisteredClient.withId(oAuth2Application.getApplicationId()).clientId(oAuth2Application.getClientId()).clientSecret(oAuth2Application.getClientSecret()).clientSecretExpiresAt(DateUtil.toInstant(oAuth2Application.getClientSecretExpiresAt())).clientAuthenticationMethods(set -> {
            commaDelimitedListToSet.forEach(str -> {
                set.add(OAuth2AuthorizationUtils.resolveClientAuthenticationMethod(str));
            });
        }).authorizationGrantTypes(set2 -> {
            commaDelimitedListToSet2.forEach(str -> {
                set2.add(OAuth2AuthorizationUtils.resolveAuthorizationGrantType(str));
            });
        }).redirectUris(set3 -> {
            set3.addAll(commaDelimitedListToSet3);
        }).scopes(set4 -> {
            scopes.forEach(oAuth2Scope -> {
                set4.add(oAuth2Scope.getScopeCode());
            });
        }).clientSettings(createClientSettings(oAuth2Application)).tokenSettings(createTokenSettings(oAuth2Application)).build();
    }

    private ClientSettings createClientSettings(OAuth2Application oAuth2Application) {
        ClientSettings.Builder builder = ClientSettings.builder();
        builder.requireAuthorizationConsent(oAuth2Application.getRequireAuthorizationConsent().booleanValue());
        builder.requireProofKey(oAuth2Application.getRequireProofKey().booleanValue());
        if (StringUtils.hasText(oAuth2Application.getJwkSetUrl())) {
            builder.jwkSetUrl(oAuth2Application.getJwkSetUrl());
        }
        if (ObjectUtils.isNotEmpty(oAuth2Application.getAuthenticationSigningAlgorithm())) {
            SignatureAlgorithm from = SignatureAlgorithm.from(oAuth2Application.getAuthenticationSigningAlgorithm().name());
            if (ObjectUtils.isNotEmpty(from)) {
                builder.tokenEndpointAuthenticationSigningAlgorithm(from);
            }
        }
        return builder.build();
    }

    private TokenSettings createTokenSettings(OAuth2Application oAuth2Application) {
        TokenSettings.Builder builder = TokenSettings.builder();
        builder.accessTokenTimeToLive(oAuth2Application.getAccessTokenValidity());
        builder.refreshTokenTimeToLive(oAuth2Application.getRefreshTokenValidity());
        builder.reuseRefreshTokens(oAuth2Application.getReuseRefreshTokens().booleanValue());
        builder.accessTokenFormat(getTokenFormat());
        if (ObjectUtils.isNotEmpty(oAuth2Application.getIdTokenSignatureAlgorithm())) {
            SignatureAlgorithm from = SignatureAlgorithm.from(oAuth2Application.getIdTokenSignatureAlgorithm().name());
            if (ObjectUtils.isNotEmpty(from)) {
                builder.idTokenSignatureAlgorithm(from);
            }
        }
        return builder.build();
    }

    private OAuth2TokenFormat getTokenFormat() {
        return this.securityProperties.getValidate() == Target.REMOTE ? new OAuth2TokenFormat("reference") : new OAuth2TokenFormat("self-contained");
    }
}
