package org.openea.eap.module.system.controller.admin.oauth2;

import cn.hutool.core.lang.Assert;
import cn.hutool.core.util.ArrayUtil;
import cn.hutool.core.util.ObjectUtil;
import cn.hutool.core.util.StrUtil;
import io.swagger.v3.oas.annotations.Operation;
import io.swagger.v3.oas.annotations.Parameter;
import io.swagger.v3.oas.annotations.Parameters;
import io.swagger.v3.oas.annotations.tags.Tag;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import javax.annotation.Resource;
import javax.annotation.security.PermitAll;
import javax.servlet.http.HttpServletRequest;
import org.openea.eap.framework.common.enums.UserTypeEnum;
import org.openea.eap.framework.common.exception.enums.GlobalErrorCodeConstants;
import org.openea.eap.framework.common.exception.util.ServiceExceptionUtil;
import org.openea.eap.framework.common.pojo.CommonResult;
import org.openea.eap.framework.common.util.collection.CollectionUtils;
import org.openea.eap.framework.common.util.http.HttpUtils;
import org.openea.eap.framework.common.util.json.JsonUtils;
import org.openea.eap.framework.operatelog.core.annotations.OperateLog;
import org.openea.eap.framework.security.core.util.SecurityFrameworkUtils;
import org.openea.eap.module.system.controller.admin.oauth2.vo.open.OAuth2OpenAccessTokenRespVO;
import org.openea.eap.module.system.controller.admin.oauth2.vo.open.OAuth2OpenAuthorizeInfoRespVO;
import org.openea.eap.module.system.controller.admin.oauth2.vo.open.OAuth2OpenCheckTokenRespVO;
import org.openea.eap.module.system.convert.oauth2.OAuth2OpenConvert;
import org.openea.eap.module.system.dal.dataobject.oauth2.OAuth2AccessTokenDO;
import org.openea.eap.module.system.dal.dataobject.oauth2.OAuth2ClientDO;
import org.openea.eap.module.system.enums.oauth2.OAuth2GrantTypeEnum;
import org.openea.eap.module.system.service.oauth2.OAuth2ApproveService;
import org.openea.eap.module.system.service.oauth2.OAuth2ClientService;
import org.openea.eap.module.system.service.oauth2.OAuth2GrantService;
import org.openea.eap.module.system.service.oauth2.OAuth2TokenService;
import org.openea.eap.module.system.util.oauth2.OAuth2Utils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.validation.annotation.Validated;
import org.springframework.web.bind.annotation.DeleteMapping;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;

@RequestMapping({"/system/oauth2"})
@RestController
@Tag(name = "管理后台 - OAuth2.0 授权")
@Validated
/* loaded from: input_file:org/openea/eap/module/system/controller/admin/oauth2/OAuth2OpenController.class */
public class OAuth2OpenController {
    private static final Logger log = LoggerFactory.getLogger(OAuth2OpenController.class);

    @Resource
    private OAuth2GrantService oauth2GrantService;

    @Resource
    private OAuth2ClientService oauth2ClientService;

    @Resource
    private OAuth2ApproveService oauth2ApproveService;

    @Resource
    private OAuth2TokenService oauth2TokenService;

    /* renamed from: org.openea.eap.module.system.controller.admin.oauth2.OAuth2OpenController$1, reason: invalid class name */
    /* loaded from: input_file:org/openea/eap/module/system/controller/admin/oauth2/OAuth2OpenController$1.class */
    static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$openea$eap$module$system$enums$oauth2$OAuth2GrantTypeEnum = new int[OAuth2GrantTypeEnum.values().length];

        static {
            try {
                $SwitchMap$org$openea$eap$module$system$enums$oauth2$OAuth2GrantTypeEnum[OAuth2GrantTypeEnum.AUTHORIZATION_CODE.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$openea$eap$module$system$enums$oauth2$OAuth2GrantTypeEnum[OAuth2GrantTypeEnum.PASSWORD.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$openea$eap$module$system$enums$oauth2$OAuth2GrantTypeEnum[OAuth2GrantTypeEnum.CLIENT_CREDENTIALS.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$org$openea$eap$module$system$enums$oauth2$OAuth2GrantTypeEnum[OAuth2GrantTypeEnum.REFRESH_TOKEN.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
        }
    }

    @PostMapping({"/token"})
    @PermitAll
    @OperateLog(enable = false)
    @Operation(summary = "获得访问令牌", description = "适合 code 授权码模式，或者 implicit 简化模式；在 sso.vue 单点登录界面被【获取】调用")
    @Parameters({@Parameter(name = "grant_type", required = true, description = "授权类型", example = "code"), @Parameter(name = "code", description = "授权范围", example = "userinfo.read"), @Parameter(name = "redirect_uri", description = "重定向 URI", example = "https://www.iocoder.cn"), @Parameter(name = "state", description = "状态", example = "1"), @Parameter(name = "username", example = "tudou"), @Parameter(name = "password", example = "cai"), @Parameter(name = "scope", example = "user_info"), @Parameter(name = "refresh_token", example = "123424233")})
    public CommonResult<OAuth2OpenAccessTokenRespVO> postAccessToken(HttpServletRequest httpServletRequest, @RequestParam("grant_type") String str, @RequestParam(value = "code", required = false) String str2, @RequestParam(value = "redirect_uri", required = false) String str3, @RequestParam(value = "state", required = false) String str4, @RequestParam(value = "username", required = false) String str5, @RequestParam(value = "password", required = false) String str6, @RequestParam(value = "scope", required = false) String str7, @RequestParam(value = "refresh_token", required = false) String str8) {
        OAuth2AccessTokenDO grantRefreshToken;
        List<String> buildScopes = OAuth2Utils.buildScopes(str7);
        OAuth2GrantTypeEnum byGranType = OAuth2GrantTypeEnum.getByGranType(str);
        if (byGranType == null) {
            throw ServiceExceptionUtil.exception0(GlobalErrorCodeConstants.BAD_REQUEST.getCode(), StrUtil.format("未知授权类型({})", new Object[]{str}), new Object[0]);
        }
        if (byGranType == OAuth2GrantTypeEnum.IMPLICIT) {
            throw ServiceExceptionUtil.exception0(GlobalErrorCodeConstants.BAD_REQUEST.getCode(), "Token 接口不支持 implicit 授权模式", new Object[0]);
        }
        String[] obtainBasicAuthorization = obtainBasicAuthorization(httpServletRequest);
        OAuth2ClientDO validOAuthClientFromCache = this.oauth2ClientService.validOAuthClientFromCache(obtainBasicAuthorization[0], obtainBasicAuthorization[1], str, buildScopes, str3);
        switch (AnonymousClass1.$SwitchMap$org$openea$eap$module$system$enums$oauth2$OAuth2GrantTypeEnum[byGranType.ordinal()]) {
            case 1:
                grantRefreshToken = this.oauth2GrantService.grantAuthorizationCodeForAccessToken(validOAuthClientFromCache.getClientId(), str2, str3, str4);
                break;
            case 2:
                grantRefreshToken = this.oauth2GrantService.grantPassword(str5, str6, validOAuthClientFromCache.getClientId(), buildScopes);
                break;
            case 3:
                grantRefreshToken = this.oauth2GrantService.grantClientCredentials(validOAuthClientFromCache.getClientId(), buildScopes);
                break;
            case 4:
                grantRefreshToken = this.oauth2GrantService.grantRefreshToken(str8, validOAuthClientFromCache.getClientId());
                break;
            default:
                throw new IllegalArgumentException("未知授权类型：" + str);
        }
        Assert.notNull(grantRefreshToken, "访问令牌不能为空", new Object[0]);
        return CommonResult.success(OAuth2OpenConvert.INSTANCE.convert(grantRefreshToken));
    }

    @PermitAll
    @OperateLog(enable = false)
    @Operation(summary = "删除访问令牌")
    @DeleteMapping({"/token"})
    @Parameter(name = "token", required = true, description = "访问令牌", example = "biu")
    public CommonResult<Boolean> revokeToken(HttpServletRequest httpServletRequest, @RequestParam("token") String str) {
        String[] obtainBasicAuthorization = obtainBasicAuthorization(httpServletRequest);
        return CommonResult.success(Boolean.valueOf(this.oauth2GrantService.revokeToken(this.oauth2ClientService.validOAuthClientFromCache(obtainBasicAuthorization[0], obtainBasicAuthorization[1], null, null, null).getClientId(), str)));
    }

    @PostMapping({"/check-token"})
    @PermitAll
    @OperateLog(enable = false)
    @Operation(summary = "校验访问令牌")
    @Parameter(name = "token", required = true, description = "访问令牌", example = "biu")
    public CommonResult<OAuth2OpenCheckTokenRespVO> checkToken(HttpServletRequest httpServletRequest, @RequestParam("token") String str) {
        String[] obtainBasicAuthorization = obtainBasicAuthorization(httpServletRequest);
        this.oauth2ClientService.validOAuthClientFromCache(obtainBasicAuthorization[0], obtainBasicAuthorization[1], null, null, null);
        OAuth2AccessTokenDO checkAccessToken = this.oauth2TokenService.checkAccessToken(str);
        Assert.notNull(checkAccessToken, "访问令牌不能为空", new Object[0]);
        return CommonResult.success(OAuth2OpenConvert.INSTANCE.convert2(checkAccessToken));
    }

    @Parameter(name = "clientId", required = true, description = "客户端编号", example = "tudou")
    @GetMapping({"/authorize"})
    @Operation(summary = "获得授权信息", description = "适合 code 授权码模式，或者 implicit 简化模式；在 sso.vue 单点登录界面被【获取】调用")
    public CommonResult<OAuth2OpenAuthorizeInfoRespVO> authorize(@RequestParam("clientId") String str) {
        return CommonResult.success(OAuth2OpenConvert.INSTANCE.convert(this.oauth2ClientService.validOAuthClientFromCache(str), this.oauth2ApproveService.getApproveList(SecurityFrameworkUtils.getLoginUserId(), getUserType(), str)));
    }

    @PostMapping({"/authorize"})
    @OperateLog(enable = false)
    @Operation(summary = "申请授权", description = "适合 code 授权码模式，或者 implicit 简化模式；在 sso.vue 单点登录界面被【提交】调用")
    @Parameters({@Parameter(name = "response_type", required = true, description = "响应类型", example = "code"), @Parameter(name = "client_id", required = true, description = "客户端编号", example = "tudou"), @Parameter(name = "scope", description = "授权范围", example = "userinfo.read"), @Parameter(name = "redirect_uri", required = true, description = "重定向 URI", example = "https://www.iocoder.cn"), @Parameter(name = "auto_approve", required = true, description = "用户是否接受", example = "true"), @Parameter(name = "state", example = "1")})
    public CommonResult<String> approveOrDeny(@RequestParam("response_type") String str, @RequestParam("client_id") String str2, @RequestParam(value = "scope", required = false) String str3, @RequestParam("redirect_uri") String str4, @RequestParam("auto_approve") Boolean bool, @RequestParam(value = "state", required = false) String str5) {
        Map<String, Boolean> map = (Map) ObjectUtil.defaultIfNull((Map) JsonUtils.parseObject(str3, Map.class), Collections.emptyMap());
        OAuth2GrantTypeEnum grantTypeEnum = getGrantTypeEnum(str);
        OAuth2ClientDO validOAuthClientFromCache = this.oauth2ClientService.validOAuthClientFromCache(str2, null, grantTypeEnum.getGrantType(), map.keySet(), str4);
        if (Boolean.TRUE.equals(bool)) {
            if (!this.oauth2ApproveService.checkForPreApproval(SecurityFrameworkUtils.getLoginUserId(), getUserType(), str2, map.keySet())) {
                return CommonResult.success((Object) null);
            }
        } else if (!this.oauth2ApproveService.updateAfterApproval(SecurityFrameworkUtils.getLoginUserId(), getUserType(), str2, map)) {
            return CommonResult.success(OAuth2Utils.buildUnsuccessfulRedirect(str4, str, str5, "access_denied", "User denied access"));
        }
        List<String> convertList = CollectionUtils.convertList(map.entrySet(), (v0) -> {
            return v0.getKey();
        }, (v0) -> {
            return v0.getValue();
        });
        return grantTypeEnum == OAuth2GrantTypeEnum.AUTHORIZATION_CODE ? CommonResult.success(getAuthorizationCodeRedirect(SecurityFrameworkUtils.getLoginUserId(), validOAuthClientFromCache, convertList, str4, str5)) : CommonResult.success(getImplicitGrantRedirect(SecurityFrameworkUtils.getLoginUserId(), validOAuthClientFromCache, convertList, str4, str5));
    }

    private static OAuth2GrantTypeEnum getGrantTypeEnum(String str) {
        if (StrUtil.equals(str, "code")) {
            return OAuth2GrantTypeEnum.AUTHORIZATION_CODE;
        }
        if (StrUtil.equalsAny(str, new CharSequence[]{"token"})) {
            return OAuth2GrantTypeEnum.IMPLICIT;
        }
        throw ServiceExceptionUtil.exception0(GlobalErrorCodeConstants.BAD_REQUEST.getCode(), "response_type 参数值只允许 code 和 token", new Object[0]);
    }

    private String getImplicitGrantRedirect(Long l, OAuth2ClientDO oAuth2ClientDO, List<String> list, String str, String str2) {
        OAuth2AccessTokenDO grantImplicit = this.oauth2GrantService.grantImplicit(l, SecurityFrameworkUtils.getLoginUser().getUserKey(), getUserType(), oAuth2ClientDO.getClientId(), list);
        Assert.notNull(grantImplicit, "访问令牌不能为空", new Object[0]);
        return OAuth2Utils.buildImplicitRedirectUri(str, grantImplicit.getAccessToken(), str2, grantImplicit.getExpiresTime(), list, (Map) JsonUtils.parseObject(oAuth2ClientDO.getAdditionalInformation(), Map.class));
    }

    private String getAuthorizationCodeRedirect(Long l, OAuth2ClientDO oAuth2ClientDO, List<String> list, String str, String str2) {
        return OAuth2Utils.buildAuthorizationCodeRedirectUri(str, this.oauth2GrantService.grantAuthorizationCodeForCode(l, getUserType(), oAuth2ClientDO.getClientId(), list, str, str2), str2);
    }

    private Integer getUserType() {
        return UserTypeEnum.ADMIN.getValue();
    }

    private String[] obtainBasicAuthorization(HttpServletRequest httpServletRequest) {
        String[] obtainBasicAuthorization = HttpUtils.obtainBasicAuthorization(httpServletRequest);
        if (ArrayUtil.isEmpty(obtainBasicAuthorization) || obtainBasicAuthorization.length != 2) {
            throw ServiceExceptionUtil.exception0(GlobalErrorCodeConstants.BAD_REQUEST.getCode(), "client_id 或 client_secret 未正确传递", new Object[0]);
        }
        return obtainBasicAuthorization;
    }
}
