package cn.structured.oauth.server.controller.api;

import cn.hutool.core.codec.Base64;
import cn.hutool.core.lang.Snowflake;
import cn.hutool.core.util.StrUtil;
import cn.hutool.crypto.SecureUtil;
import cn.hutool.extra.qrcode.QrCodeUtil;
import cn.hutool.extra.qrcode.QrConfig;
import cn.structure.common.entity.ResResultVO;
import cn.structure.common.exception.CommonException;
import cn.structure.common.utils.ResultUtilSimpleImpl;
import cn.structured.oauth.api.dto.Oauth2TokenDto;
import cn.structured.oauth.api.enums.ErrAuthEnum;
import cn.structured.oauth.server.configuration.OauthProperties;
import cn.structured.oauth.server.granter.PlatformCodeAuthorizationTokenGranter;
import com.alibaba.fastjson.JSON;
import java.security.Principal;
import java.util.HashMap;
import java.util.Map;
import java.util.concurrent.TimeUnit;
import javax.annotation.Resource;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.data.redis.core.RedisTemplate;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.core.Authentication;
import org.springframework.security.oauth2.common.OAuth2AccessToken;
import org.springframework.security.oauth2.provider.AuthorizationRequest;
import org.springframework.security.oauth2.provider.ClientDetailsService;
import org.springframework.security.oauth2.provider.OAuth2Authentication;
import org.springframework.security.oauth2.provider.OAuth2Request;
import org.springframework.security.oauth2.provider.code.AuthorizationCodeServices;
import org.springframework.security.oauth2.provider.endpoint.TokenEndpoint;
import org.springframework.security.oauth2.provider.password.ResourceOwnerPasswordTokenGranter;
import org.springframework.security.oauth2.provider.request.DefaultOAuth2RequestFactory;
import org.springframework.security.oauth2.provider.token.AuthorizationServerTokenServices;
import org.springframework.web.HttpRequestMethodNotSupportedException;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;

@RequestMapping({"/oauth"})
@RestController
/* loaded from: input_file:cn/structured/oauth/server/controller/api/AuthController.class */
public class AuthController {
    private static final Logger log;

    @Resource
    private TokenEndpoint tokenEndpoint;

    @Resource
    private ClientDetailsService clientService;

    @Resource
    private AuthorizationCodeServices authorizationCodeServices;

    @Resource
    private AuthenticationManager authenticationManager;

    @Resource
    private AuthorizationServerTokenServices tokenServices;

    @Resource
    private OauthProperties oauthProperties;

    @Resource
    private Snowflake snowflake;

    @Resource
    private RedisTemplate<String, String> redisTemplate;
    static final /* synthetic */ boolean $assertionsDisabled;

    @RequestMapping(value = {"/token"}, method = {RequestMethod.POST})
    public ResResultVO<Oauth2TokenDto> postAccessToken(Principal principal, @RequestParam Map<String, String> map) throws HttpRequestMethodNotSupportedException {
        OAuth2AccessToken oAuth2AccessToken = (OAuth2AccessToken) this.tokenEndpoint.postAccessToken(principal, map).getBody();
        Oauth2TokenDto oauth2TokenDto = new Oauth2TokenDto();
        if (!$assertionsDisabled && oAuth2AccessToken == null) {
            throw new AssertionError();
        }
        oauth2TokenDto.setAccessToken(oAuth2AccessToken.getValue());
        oauth2TokenDto.setRefreshToken(oAuth2AccessToken.getRefreshToken().getValue());
        oauth2TokenDto.setTokenType(oAuth2AccessToken.getTokenType());
        oauth2TokenDto.setExpires(Integer.valueOf(oAuth2AccessToken.getExpiresIn()));
        return ResultUtilSimpleImpl.success(oauth2TokenDto);
    }

    @GetMapping({"/qrCode"})
    public void qrCode(@RequestParam Map<String, String> map, HttpServletResponse httpServletResponse) throws Exception {
        verificationClient(map.get("client_id"));
        String url = getUrl(map);
        QrConfig qrConfig = new QrConfig(300, 300);
        qrConfig.setMargin(2);
        byte[] generatePng = QrCodeUtil.generatePng(url, qrConfig);
        httpServletResponse.setContentType("image/png");
        httpServletResponse.getOutputStream().write(generatePng, 0, generatePng.length);
    }

    @PostMapping({"/authorize"})
    public ResResultVO<String> authorize(Principal principal, @RequestParam Map<String, String> map) {
        String orDefault = map.getOrDefault("requestId", null);
        String orDefault2 = map.getOrDefault("client_id", null);
        if (null == verificationRequestId(orDefault2, orDefault)) {
            return ResultUtilSimpleImpl.fail(ErrAuthEnum.ERR_REQUEST_ID_CODE.getCode(), ErrAuthEnum.ERR_REQUEST_ID_CODE.getMessage(), (Object) null);
        }
        try {
            DefaultOAuth2RequestFactory defaultOAuth2RequestFactory = new DefaultOAuth2RequestFactory(this.clientService);
            String str = "";
            AuthorizationRequest createAuthorizationRequest = defaultOAuth2RequestFactory.createAuthorizationRequest(map);
            OAuth2Request createOAuth2Request = defaultOAuth2RequestFactory.createOAuth2Request(createAuthorizationRequest);
            if ("password".equals(map.get("grant_type"))) {
                OAuth2AccessToken grant = new ResourceOwnerPasswordTokenGranter(this.authenticationManager, this.tokenServices, this.clientService, defaultOAuth2RequestFactory).grant("password", defaultOAuth2RequestFactory.createTokenRequest(createAuthorizationRequest, "password"));
                if (null == grant) {
                    return ResultUtilSimpleImpl.fail(ErrAuthEnum.ERR_PASSWORD_CODE.getCode(), ErrAuthEnum.ERR_PASSWORD_CODE.getMessage(), (Object) null);
                }
                str = grant.getValue();
            }
            if ("platform_grant".equals(map.get("grant_type"))) {
                OAuth2AccessToken grant2 = new PlatformCodeAuthorizationTokenGranter(this.authenticationManager, this.tokenServices, this.clientService, defaultOAuth2RequestFactory).grant("platform_grant", defaultOAuth2RequestFactory.createTokenRequest(createAuthorizationRequest, "platform_grant"));
                if (null == grant2) {
                    return ResultUtilSimpleImpl.fail(ErrAuthEnum.ERR_PLATFORM_CODE.getCode(), ErrAuthEnum.ERR_PLATFORM_CODE.getMessage(), (Object) null);
                }
                str = grant2.getValue();
            }
            String str2 = str;
            if (null == str2) {
                return ResultUtilSimpleImpl.fail(ErrAuthEnum.ERR_AUTHORIZE_CODE.getCode(), ErrAuthEnum.ERR_AUTHORIZE_CODE.getMessage(), (Object) null);
            }
            if ("code".equals(map.get("response_type"))) {
                OAuth2Authentication oAuth2Authentication = new OAuth2Authentication(createOAuth2Request, (Authentication) principal);
                if (str.isEmpty()) {
                    return ResultUtilSimpleImpl.fail(ErrAuthEnum.ERR_AUTHORIZE_CODE.getCode(), ErrAuthEnum.ERR_AUTHORIZE_CODE.getMessage(), (Object) null);
                }
                str2 = this.authorizationCodeServices.createAuthorizationCode(oAuth2Authentication);
            }
            this.redisTemplate.boundValueOps(orDefault2 + ":" + orDefault).set(str2, 5L, TimeUnit.MINUTES);
            return ResultUtilSimpleImpl.success(str2);
        } catch (Exception e) {
            log.error("authorize fail -> {} ", e.getMessage());
            return ResultUtilSimpleImpl.fail(ErrAuthEnum.ERR_AUTHORIZE_CODE.getCode(), ErrAuthEnum.ERR_AUTHORIZE_CODE.getMessage(), (Object) null);
        }
    }

    @GetMapping({"/loginStr"})
    public ResResultVO<String> login(@RequestParam Map<String, String> map) throws Exception {
        return ResultUtilSimpleImpl.success(getUrl(map));
    }

    @GetMapping({"/getRequestId"})
    public ResResultVO<String> request(@RequestParam("clientId") String str) {
        verificationClient(str);
        String nextIdStr = this.snowflake.nextIdStr();
        this.redisTemplate.boundValueOps(str + ":" + nextIdStr).set(nextIdStr, 5L, TimeUnit.MINUTES);
        return ResultUtilSimpleImpl.success(this.snowflake.nextIdStr());
    }

    @GetMapping({"/verificationRequestState"})
    public ResResultVO<String> verificationRequestState(@RequestParam("clientId") String str, @RequestParam("requestId") String str2) {
        return ResultUtilSimpleImpl.success(verificationRequestId(str, str2));
    }

    private void verificationClient(String str) {
        if (null == this.clientService.loadClientByClientId(str)) {
            throw new CommonException(ErrAuthEnum.ERR_CLIENT_AUTH_CODE.getCode(), ErrAuthEnum.ERR_CLIENT_AUTH_CODE.getMessage());
        }
    }

    private String verificationRequestId(String str, String str2) {
        if (null != str2) {
            return (String) this.redisTemplate.boundValueOps(str + ":" + str2).get();
        }
        return null;
    }

    private String getUrl(Map<String, String> map) {
        long currentTimeMillis = System.currentTimeMillis();
        HashMap hashMap = new HashMap();
        hashMap.put("clientType", "mobile");
        hashMap.put("timestamp", currentTimeMillis + "");
        hashMap.put("payload", Base64.encode(JSON.toJSONString(map)));
        String jSONString = JSON.toJSONString(hashMap);
        String str = map.get("authorize_uri");
        String md5 = SecureUtil.md5(jSONString);
        StringBuilder sb = new StringBuilder();
        for (String str2 : hashMap.keySet()) {
            sb.append(str2);
            sb.append("=");
            sb.append((String) hashMap.get(str2));
            sb.append("&");
        }
        return (StrUtil.isBlank(str) ? this.oauthProperties.getHostUrl() : str) + "?" + ((Object) sb) + "sign=" + md5;
    }

    static {
        $assertionsDisabled = !AuthController.class.desiredAssertionStatus();
        log = LoggerFactory.getLogger(AuthController.class);
    }
}
