package org.openea.eap.module.system.service.oauth2;

import cn.hutool.core.collection.CollUtil;
import cn.hutool.core.util.IdUtil;
import cn.hutool.core.util.ObjectUtil;
import java.time.LocalDateTime;
import java.util.List;
import javax.annotation.Resource;
import org.openea.eap.framework.common.exception.enums.GlobalErrorCodeConstants;
import org.openea.eap.framework.common.exception.util.ServiceExceptionUtil;
import org.openea.eap.framework.common.pojo.PageResult;
import org.openea.eap.framework.common.util.collection.CollectionUtils;
import org.openea.eap.framework.common.util.date.DateUtils;
import org.openea.eap.framework.tenant.core.context.TenantContextHolder;
import org.openea.eap.module.system.controller.admin.oauth2.vo.token.OAuth2AccessTokenPageReqVO;
import org.openea.eap.module.system.dal.dataobject.oauth2.OAuth2AccessTokenDO;
import org.openea.eap.module.system.dal.dataobject.oauth2.OAuth2ClientDO;
import org.openea.eap.module.system.dal.dataobject.oauth2.OAuth2RefreshTokenDO;
import org.openea.eap.module.system.dal.mysql.oauth2.OAuth2AccessTokenMapper;
import org.openea.eap.module.system.dal.mysql.oauth2.OAuth2RefreshTokenMapper;
import org.openea.eap.module.system.dal.redis.oauth2.OAuth2AccessTokenRedisDAO;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;

@Service
/* loaded from: input_file:org/openea/eap/module/system/service/oauth2/OAuth2TokenServiceImpl.class */
public class OAuth2TokenServiceImpl implements OAuth2TokenService {

    @Resource
    private OAuth2AccessTokenMapper oauth2AccessTokenMapper;

    @Resource
    private OAuth2RefreshTokenMapper oauth2RefreshTokenMapper;

    @Resource
    private OAuth2AccessTokenRedisDAO oauth2AccessTokenRedisDAO;

    @Resource
    private OAuth2ClientService oauth2ClientService;

    @Override // org.openea.eap.module.system.service.oauth2.OAuth2TokenService
    @Transactional
    public OAuth2AccessTokenDO createAccessToken(Long l, String str, Integer num, String str2, List<String> list) {
        OAuth2ClientDO validOAuthClientFromCache = this.oauth2ClientService.validOAuthClientFromCache(str2);
        return createOAuth2AccessToken(createOAuth2RefreshToken(l, str, num, validOAuthClientFromCache, list), validOAuthClientFromCache);
    }

    @Override // org.openea.eap.module.system.service.oauth2.OAuth2TokenService
    public OAuth2AccessTokenDO refreshAccessToken(String str, String str2) {
        OAuth2RefreshTokenDO selectByRefreshToken = this.oauth2RefreshTokenMapper.selectByRefreshToken(str);
        if (selectByRefreshToken == null) {
            throw ServiceExceptionUtil.exception0(GlobalErrorCodeConstants.BAD_REQUEST.getCode(), "无效的刷新令牌", new Object[0]);
        }
        OAuth2ClientDO validOAuthClientFromCache = this.oauth2ClientService.validOAuthClientFromCache(str2);
        if (ObjectUtil.notEqual(str2, selectByRefreshToken.getClientId())) {
            throw ServiceExceptionUtil.exception0(GlobalErrorCodeConstants.BAD_REQUEST.getCode(), "刷新令牌的客户端编号不正确", new Object[0]);
        }
        List<OAuth2AccessTokenDO> selectListByRefreshToken = this.oauth2AccessTokenMapper.selectListByRefreshToken(str);
        if (CollUtil.isNotEmpty(selectListByRefreshToken)) {
            this.oauth2AccessTokenMapper.deleteBatchIds(CollectionUtils.convertSet(selectListByRefreshToken, (v0) -> {
                return v0.getId();
            }));
            this.oauth2AccessTokenRedisDAO.deleteList(CollectionUtils.convertSet(selectListByRefreshToken, (v0) -> {
                return v0.getAccessToken();
            }));
        }
        if (!DateUtils.isExpired(selectByRefreshToken.getExpiresTime())) {
            return createOAuth2AccessToken(selectByRefreshToken, validOAuthClientFromCache);
        }
        this.oauth2RefreshTokenMapper.deleteById(selectByRefreshToken.getId());
        throw ServiceExceptionUtil.exception0(GlobalErrorCodeConstants.UNAUTHORIZED.getCode(), "刷新令牌已过期", new Object[0]);
    }

    @Override // org.openea.eap.module.system.service.oauth2.OAuth2TokenService
    public OAuth2AccessTokenDO getAccessToken(String str) {
        OAuth2AccessTokenDO oAuth2AccessTokenDO = this.oauth2AccessTokenRedisDAO.get(str);
        if (oAuth2AccessTokenDO != null) {
            return oAuth2AccessTokenDO;
        }
        OAuth2AccessTokenDO selectByAccessToken = this.oauth2AccessTokenMapper.selectByAccessToken(str);
        if (selectByAccessToken != null && !DateUtils.isExpired(selectByAccessToken.getExpiresTime())) {
            this.oauth2AccessTokenRedisDAO.set(selectByAccessToken);
        }
        return selectByAccessToken;
    }

    @Override // org.openea.eap.module.system.service.oauth2.OAuth2TokenService
    public OAuth2AccessTokenDO checkAccessToken(String str) {
        OAuth2AccessTokenDO accessToken = getAccessToken(str);
        if (accessToken == null) {
            throw ServiceExceptionUtil.exception0(GlobalErrorCodeConstants.UNAUTHORIZED.getCode(), "访问令牌不存在", new Object[0]);
        }
        if (DateUtils.isExpired(accessToken.getExpiresTime())) {
            throw ServiceExceptionUtil.exception0(GlobalErrorCodeConstants.UNAUTHORIZED.getCode(), "访问令牌已过期", new Object[0]);
        }
        return accessToken;
    }

    @Override // org.openea.eap.module.system.service.oauth2.OAuth2TokenService
    public OAuth2AccessTokenDO removeAccessToken(String str) {
        OAuth2AccessTokenDO selectByAccessToken = this.oauth2AccessTokenMapper.selectByAccessToken(str);
        if (selectByAccessToken == null) {
            return null;
        }
        this.oauth2AccessTokenMapper.deleteById(selectByAccessToken.getId());
        this.oauth2AccessTokenRedisDAO.delete(str);
        this.oauth2RefreshTokenMapper.deleteByRefreshToken(selectByAccessToken.getRefreshToken());
        return selectByAccessToken;
    }

    @Override // org.openea.eap.module.system.service.oauth2.OAuth2TokenService
    public PageResult<OAuth2AccessTokenDO> getAccessTokenPage(OAuth2AccessTokenPageReqVO oAuth2AccessTokenPageReqVO) {
        return this.oauth2AccessTokenMapper.selectPage(oAuth2AccessTokenPageReqVO);
    }

    private OAuth2AccessTokenDO createOAuth2AccessToken(OAuth2RefreshTokenDO oAuth2RefreshTokenDO, OAuth2ClientDO oAuth2ClientDO) {
        OAuth2AccessTokenDO expiresTime = new OAuth2AccessTokenDO().setAccessToken(generateAccessToken()).setUserId(oAuth2RefreshTokenDO.getUserId()).setUserKey(oAuth2RefreshTokenDO.getUserKey()).setUserType(oAuth2RefreshTokenDO.getUserType()).setClientId(oAuth2ClientDO.getClientId()).setScopes(oAuth2RefreshTokenDO.getScopes()).setRefreshToken(oAuth2RefreshTokenDO.getRefreshToken()).setExpiresTime(LocalDateTime.now().plusSeconds(oAuth2ClientDO.getAccessTokenValiditySeconds().intValue()));
        expiresTime.setTenantId(TenantContextHolder.getTenantId());
        this.oauth2AccessTokenMapper.insert(expiresTime);
        this.oauth2AccessTokenRedisDAO.set(expiresTime);
        return expiresTime;
    }

    private OAuth2RefreshTokenDO createOAuth2RefreshToken(Long l, String str, Integer num, OAuth2ClientDO oAuth2ClientDO, List<String> list) {
        OAuth2RefreshTokenDO expiresTime = new OAuth2RefreshTokenDO().setRefreshToken(generateRefreshToken()).setUserId(l).setUserKey(str).setUserType(num).setClientId(oAuth2ClientDO.getClientId()).setScopes(list).setExpiresTime(LocalDateTime.now().plusSeconds(oAuth2ClientDO.getRefreshTokenValiditySeconds().intValue()));
        this.oauth2RefreshTokenMapper.insert(expiresTime);
        return expiresTime;
    }

    private static String generateAccessToken() {
        return IdUtil.fastSimpleUUID();
    }

    private static String generateRefreshToken() {
        return IdUtil.fastSimpleUUID();
    }
}
