package cn.dev33.satoken.oauth2.template;

import cn.dev33.satoken.oauth2.SaOAuth2Manager;
import cn.dev33.satoken.oauth2.dao.SaOAuth2Dao;
import cn.dev33.satoken.oauth2.data.model.AccessTokenModel;
import cn.dev33.satoken.oauth2.data.model.ClientTokenModel;
import cn.dev33.satoken.oauth2.data.model.CodeModel;
import cn.dev33.satoken.oauth2.data.model.RefreshTokenModel;
import cn.dev33.satoken.oauth2.data.model.loader.SaClientModel;
import cn.dev33.satoken.oauth2.error.SaOAuth2ErrorCode;
import cn.dev33.satoken.oauth2.exception.SaOAuth2AccessTokenException;
import cn.dev33.satoken.oauth2.exception.SaOAuth2AccessTokenScopeException;
import cn.dev33.satoken.oauth2.exception.SaOAuth2AuthorizationCodeException;
import cn.dev33.satoken.oauth2.exception.SaOAuth2ClientModelException;
import cn.dev33.satoken.oauth2.exception.SaOAuth2ClientModelScopeException;
import cn.dev33.satoken.oauth2.exception.SaOAuth2ClientTokenException;
import cn.dev33.satoken.oauth2.exception.SaOAuth2ClientTokenScopeException;
import cn.dev33.satoken.oauth2.exception.SaOAuth2Exception;
import cn.dev33.satoken.oauth2.exception.SaOAuth2RefreshTokenException;
import cn.dev33.satoken.strategy.SaStrategy;
import cn.dev33.satoken.util.SaFoxUtil;
import java.util.List;

/* loaded from: input_file:cn/dev33/satoken/oauth2/template/SaOAuth2Template.class */
public class SaOAuth2Template {
    public SaClientModel getClientModel(String str) {
        return SaOAuth2Manager.getDataLoader().getClientModel(str);
    }

    public SaClientModel checkClientModel(String str) {
        SaClientModel clientModel = getClientModel(str);
        if (clientModel == null) {
            throw new SaOAuth2ClientModelException("无效 client_id: " + str).setClientId(str).setCode(SaOAuth2ErrorCode.CODE_30105);
        }
        return clientModel;
    }

    public SaClientModel checkClientSecret(String str, String str2) {
        SaClientModel checkClientModel = checkClientModel(str);
        if (checkClientModel.clientSecret == null || !checkClientModel.clientSecret.equals(str2)) {
            throw new SaOAuth2ClientModelException("无效 client_secret: " + str2).setClientId(str).setCode(SaOAuth2ErrorCode.CODE_30115);
        }
        return checkClientModel;
    }

    public SaClientModel checkClientSecretAndScope(String str, String str2, List<String> list) {
        SaClientModel checkClientSecret = checkClientSecret(str, str2);
        checkContractScope(checkClientSecret, list);
        return checkClientSecret;
    }

    public boolean isContractScope(String str, List<String> list) {
        try {
            checkContractScope(str, list);
            return true;
        } catch (SaOAuth2ClientModelException e) {
            return false;
        }
    }

    public SaClientModel checkContractScope(String str, List<String> list) {
        return checkContractScope(checkClientModel(str), list);
    }

    public SaClientModel checkContractScope(SaClientModel saClientModel, List<String> list) {
        if (SaFoxUtil.isEmptyList(list)) {
            return saClientModel;
        }
        for (String str : list) {
            if (!saClientModel.contractScopes.contains(str)) {
                throw new SaOAuth2ClientModelScopeException("该 client 暂未签约 scope: " + str).setClientId(saClientModel.clientId).setScope(str).setCode(SaOAuth2ErrorCode.CODE_30112);
            }
        }
        return saClientModel;
    }

    public void checkRedirectUri(String str, String str2) {
        if (!SaFoxUtil.isUrl(str2)) {
            throw new SaOAuth2ClientModelException("无效 redirect_url：" + str2).setClientId(str).setCode(SaOAuth2ErrorCode.CODE_30113);
        }
        int indexOf = str2.indexOf("?");
        if (indexOf != -1) {
            str2 = str2.substring(0, indexOf);
        }
        if (str2.contains("@")) {
            throw new SaOAuth2ClientModelException("无效 redirect_url（不允许出现@字符）：" + str2).setClientId(str).setCode(SaOAuth2ErrorCode.CODE_30113);
        }
        SaClientModel checkClientModel = checkClientModel(str);
        checkRedirectUriListNormal(checkClientModel.allowRedirectUris);
        if (!((Boolean) SaStrategy.instance.hasElement.apply(checkClientModel.allowRedirectUris, str2)).booleanValue()) {
            throw new SaOAuth2ClientModelException("非法 redirect_url: " + str2).setClientId(str).setCode(SaOAuth2ErrorCode.CODE_30114);
        }
    }

    public void checkRedirectUriListNormal(List<String> list) {
        checkRedirectUriListNormalStaticMethod(list);
    }

    public static void checkRedirectUriListNormalStaticMethod(List<String> list) {
        for (String str : list) {
            int indexOf = str.indexOf("*");
            if (indexOf != -1 && indexOf != str.length() - 1) {
                throw new SaOAuth2Exception("无效的 allow-url 配置（*通配符只允许出现在最后一位）：" + str).setCode(SaOAuth2ErrorCode.CODE_30114);
            }
        }
    }

    public boolean isGrantScope(Object obj, String str, List<String> list) {
        return SaFoxUtil.list1ContainList2AllElement(SaOAuth2Manager.getDao().getGrantScope(str, obj), list);
    }

    public boolean isNeedCarefulConfirm(Object obj, String str, List<String> list) {
        if (list == null || list.isEmpty()) {
            return false;
        }
        if (SaFoxUtil.list1ContainList2AnyElement(list, getHigherScopeList())) {
            return true;
        }
        List<String> list1RemoveByList2 = SaFoxUtil.list1RemoveByList2(list, getLowerScopeList());
        return (list1RemoveByList2.isEmpty() || isGrantScope(obj, str, list1RemoveByList2)) ? false : true;
    }

    public CodeModel checkGainTokenParam(String str, String str2, String str3, String str4) {
        CodeModel code = SaOAuth2Manager.getDao().getCode(str);
        SaOAuth2AuthorizationCodeException.throwBy(code == null, "无效 code: " + str, str, SaOAuth2ErrorCode.CODE_30110);
        SaOAuth2ClientModelException.throwBy(!code.clientId.equals(str2), "无效 client_id: " + str2, str2, SaOAuth2ErrorCode.CODE_30105);
        String str5 = checkClientModel(str2).clientSecret;
        SaOAuth2ClientModelException.throwBy(str5 == null || !str5.equals(str3), "无效 client_secret: " + str3, str2, SaOAuth2ErrorCode.CODE_30115);
        if (!SaFoxUtil.isEmpty(str4)) {
            SaOAuth2ClientModelException.throwBy(!str4.equals(code.redirectUri), "无效 redirect_uri: " + str4, str2, SaOAuth2ErrorCode.CODE_30120);
        }
        return code;
    }

    public RefreshTokenModel checkRefreshTokenParam(String str, String str2, String str3) {
        RefreshTokenModel refreshToken = SaOAuth2Manager.getDao().getRefreshToken(str3);
        SaOAuth2RefreshTokenException.throwBy(refreshToken == null, "无效 refresh_token: " + str3, str3, SaOAuth2ErrorCode.CODE_30111);
        SaOAuth2ClientModelException.throwBy(!refreshToken.clientId.equals(str), "无效 client_id: " + str, str, SaOAuth2ErrorCode.CODE_30122);
        String str4 = checkClientModel(str).clientSecret;
        SaOAuth2ClientModelException.throwBy(str4 == null || !str4.equals(str2), "无效 client_secret: " + str2, str, SaOAuth2ErrorCode.CODE_30115);
        return refreshToken;
    }

    public AccessTokenModel checkAccessTokenParam(String str, String str2, String str3) {
        AccessTokenModel checkAccessToken = checkAccessToken(str3);
        SaOAuth2ClientModelException.throwBy(!checkAccessToken.clientId.equals(str), "无效 client_id：" + str, str, SaOAuth2ErrorCode.CODE_30122);
        checkClientSecret(str, str2);
        return checkAccessToken;
    }

    public CodeModel getCode(String str) {
        return SaOAuth2Manager.getDao().getCode(str);
    }

    public CodeModel checkCode(String str) {
        CodeModel code = SaOAuth2Manager.getDao().getCode(str);
        if (code == null) {
            throw new SaOAuth2AuthorizationCodeException("无效 code: " + str).setAuthorizationCode(str).setCode(SaOAuth2ErrorCode.CODE_30110);
        }
        return code;
    }

    public String getCodeValue(String str, Object obj) {
        return SaOAuth2Manager.getDao().getCodeValue(str, obj);
    }

    public AccessTokenModel getAccessToken(String str) {
        return SaOAuth2Manager.getDao().getAccessToken(str);
    }

    public AccessTokenModel checkAccessToken(String str) {
        AccessTokenModel accessToken = SaOAuth2Manager.getDao().getAccessToken(str);
        if (accessToken == null) {
            throw new SaOAuth2AccessTokenException("无效 access_token: " + str).setAccessToken(str).setCode(SaOAuth2ErrorCode.CODE_30106);
        }
        return accessToken;
    }

    public String getAccessTokenValue(String str, Object obj) {
        return SaOAuth2Manager.getDao().getAccessTokenValue(str, obj);
    }

    public boolean hasAccessTokenScope(String str, String... strArr) {
        try {
            checkAccessTokenScope(str, strArr);
            return true;
        } catch (SaOAuth2AccessTokenException e) {
            return false;
        }
    }

    public void checkAccessTokenScope(String str, String... strArr) {
        AccessTokenModel checkAccessToken = checkAccessToken(str);
        if (SaFoxUtil.isEmptyArray(strArr)) {
            return;
        }
        for (String str2 : strArr) {
            if (!checkAccessToken.scopes.contains(str2)) {
                throw new SaOAuth2AccessTokenScopeException("该 access_token 不具备 scope：" + str2).setAccessToken(str).setScope(str2).setCode(SaOAuth2ErrorCode.CODE_30108);
            }
        }
    }

    public Object getLoginIdByAccessToken(String str) {
        return checkAccessToken(str).loginId;
    }

    public Object getClientIdByAccessToken(String str) {
        return checkAccessToken(str).clientId;
    }

    public void revokeAccessToken(String str) {
        AccessTokenModel accessToken = getAccessToken(str);
        if (accessToken == null) {
            return;
        }
        SaOAuth2Dao dao = SaOAuth2Manager.getDao();
        dao.deleteAccessToken(str);
        dao.deleteAccessTokenIndex(accessToken.clientId, accessToken.loginId);
    }

    public void revokeAccessTokenByIndex(String str, Object obj) {
        SaOAuth2Dao dao = SaOAuth2Manager.getDao();
        String accessTokenValue = getAccessTokenValue(str, obj);
        if (accessTokenValue != null) {
            dao.deleteAccessToken(accessTokenValue);
            dao.deleteAccessTokenIndex(str, obj);
        }
    }

    public RefreshTokenModel getRefreshToken(String str) {
        return SaOAuth2Manager.getDao().getRefreshToken(str);
    }

    public RefreshTokenModel checkRefreshToken(String str) {
        RefreshTokenModel refreshToken = SaOAuth2Manager.getDao().getRefreshToken(str);
        if (refreshToken == null) {
            throw new SaOAuth2RefreshTokenException("无效 refresh_token: " + str).setRefreshToken(str).setCode(SaOAuth2ErrorCode.CODE_30111);
        }
        return refreshToken;
    }

    public String getRefreshTokenValue(String str, Object obj) {
        return SaOAuth2Manager.getDao().getRefreshTokenValue(str, obj);
    }

    public void revokeRefreshToken(String str) {
        RefreshTokenModel refreshToken = getRefreshToken(str);
        if (refreshToken == null) {
            return;
        }
        SaOAuth2Dao dao = SaOAuth2Manager.getDao();
        dao.deleteRefreshToken(str);
        dao.deleteRefreshTokenIndex(refreshToken.clientId, refreshToken.loginId);
    }

    public void revokeRefreshTokenByIndex(String str, Object obj) {
        SaOAuth2Dao dao = SaOAuth2Manager.getDao();
        String refreshTokenValue = getRefreshTokenValue(str, obj);
        if (refreshTokenValue != null) {
            dao.deleteRefreshToken(refreshTokenValue);
            dao.deleteRefreshTokenIndex(str, obj);
        }
    }

    public AccessTokenModel refreshAccessToken(String str) {
        return SaOAuth2Manager.getDataGenerate().refreshAccessToken(str);
    }

    public ClientTokenModel getClientToken(String str) {
        return SaOAuth2Manager.getDao().getClientToken(str);
    }

    public ClientTokenModel checkClientToken(String str) {
        ClientTokenModel clientToken = getClientToken(str);
        if (clientToken == null) {
            throw new SaOAuth2ClientTokenException("无效 client_token: " + str).setClientToken(str).setCode(SaOAuth2ErrorCode.CODE_30107);
        }
        return clientToken;
    }

    public String getClientTokenValue(String str) {
        return SaOAuth2Manager.getDao().getClientTokenValue(str);
    }

    public boolean hasClientTokenScope(String str, String... strArr) {
        try {
            checkClientTokenScope(str, strArr);
            return true;
        } catch (SaOAuth2ClientTokenException e) {
            return false;
        }
    }

    public void checkClientTokenScope(String str, String... strArr) {
        ClientTokenModel checkClientToken = checkClientToken(str);
        if (SaFoxUtil.isEmptyArray(strArr)) {
            return;
        }
        for (String str2 : strArr) {
            if (!checkClientToken.scopes.contains(str2)) {
                throw new SaOAuth2ClientTokenScopeException("该 client_token 不具备 scope：" + str2).setClientToken(str).setScope(str2).setCode(SaOAuth2ErrorCode.CODE_30109);
            }
        }
    }

    public void revokeClientToken(String str) {
        ClientTokenModel clientToken = getClientToken(str);
        if (clientToken == null) {
            return;
        }
        SaOAuth2Dao dao = SaOAuth2Manager.getDao();
        dao.deleteClientToken(str);
        dao.deleteClientTokenIndex(clientToken.clientId);
    }

    public void revokeClientTokenByIndex(String str) {
        SaOAuth2Dao dao = SaOAuth2Manager.getDao();
        String clientTokenValue = getClientTokenValue(str);
        if (clientTokenValue != null) {
            dao.deleteClientToken(clientTokenValue);
            dao.deleteClientTokenIndex(str);
        }
    }

    public void revokeLowerClientTokenByIndex(String str) {
        SaOAuth2Dao dao = SaOAuth2Manager.getDao();
        String lowerClientTokenValue = dao.getLowerClientTokenValue(str);
        if (lowerClientTokenValue != null) {
            dao.deleteLowerClientToken(lowerClientTokenValue);
            dao.deleteLowerClientTokenIndex(str);
        }
    }

    public void saveGrantScope(String str, Object obj, List<String> list) {
        SaOAuth2Manager.getDao().saveGrantScope(str, obj, list);
    }

    public List<String> getHigherScopeList() {
        return SaOAuth2Manager.getDataConverter().convertScopeStringToList(SaOAuth2Manager.getServerConfig().getHigherScope());
    }

    public List<String> getLowerScopeList() {
        return SaOAuth2Manager.getDataConverter().convertScopeStringToList(SaOAuth2Manager.getServerConfig().getLowerScope());
    }
}
