package team.sailboat.commons.web.ac;

import com.nimbusds.jose.util.Base64URL;
import java.util.Base64;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.oauth2.client.endpoint.AbstractOAuth2AuthorizationGrantRequest;
import org.springframework.security.oauth2.client.endpoint.OAuth2AccessTokenResponseClient;
import org.springframework.security.oauth2.core.OAuth2AccessToken;
import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse;
import team.sailboat.commons.fan.app.AppContext;
import team.sailboat.commons.fan.http.Request;
import team.sailboat.commons.fan.json.JSONObject;
import team.sailboat.commons.fan.text.XString;

/* loaded from: input_file:team/sailboat/commons/web/ac/XAppAccessTokenResponseClient.class */
public class XAppAccessTokenResponseClient implements OAuth2AccessTokenResponseClient<AbstractOAuth2AuthorizationGrantRequest> {
    OAuthClientConf mClientConf;

    public XAppAccessTokenResponseClient(OAuthClientConf oAuthClientConf) {
        this.mClientConf = oAuthClientConf;
    }

    public OAuth2AccessTokenResponse getTokenResponse(AbstractOAuth2AuthorizationGrantRequest abstractOAuth2AuthorizationGrantRequest) {
        if (!(abstractOAuth2AuthorizationGrantRequest instanceof CorsTokenGrantRequest)) {
            return null;
        }
        CorsTokenGrantRequest corsTokenGrantRequest = (CorsTokenGrantRequest) abstractOAuth2AuthorizationGrantRequest;
        try {
            JSONObject jSONObject = (JSONObject) this.mClientConf.getAuthCenterClient().ask(Request.POST().path(IAuthCenterConst.sGET_token).queryParam("client_id", corsTokenGrantRequest.getClientRegistration().getClientId()).queryParam("grant_type", IAuthCenterConst.sGrantType_cork_token.getValue()).queryParam("token", corsTokenGrantRequest.getCorsToken()).queryParam("redirect_uri", corsTokenGrantRequest.getClientRegistration().getRedirectUri()));
            String optString = JSONObject.of(new String(Base64.getUrlDecoder().decode(XString.lastSeg_i(corsTokenGrantRequest.getCorsToken(), '.', 1)), AppContext.sUTF8)).optString("referer");
            if (corsTokenGrantRequest.getReferer() == null || !corsTokenGrantRequest.getReferer().startsWith(optString)) {
                throw new AuthenticationServiceException("不允许的调用源！");
            }
            String optString2 = jSONObject.optString("access_token");
            String optString3 = jSONObject.optString("refresh_token");
            JSONObject of = JSONObject.of(new String(Base64URL.from(XString.seg_i(optString2, '.', 1)).decode(), "UTF-8"));
            return OAuth2AccessTokenResponse.withToken(optString2).tokenType(OAuth2AccessToken.TokenType.BEARER).refreshToken(optString3).expiresIn((int) (of.optLong("exp") - of.optLong("iat"))).build();
        } catch (Exception e) {
            return null;
        }
    }
}
