package cn.dev33.satoken.oauth2.processor;

import cn.dev33.satoken.context.SaHolder;
import cn.dev33.satoken.context.model.SaRequest;
import cn.dev33.satoken.context.model.SaResponse;
import cn.dev33.satoken.oauth2.SaOAuth2Manager;
import cn.dev33.satoken.oauth2.config.SaOAuth2ServerConfig;
import cn.dev33.satoken.oauth2.consts.GrantType;
import cn.dev33.satoken.oauth2.consts.SaOAuth2Consts;
import cn.dev33.satoken.oauth2.data.generate.SaOAuth2DataGenerate;
import cn.dev33.satoken.oauth2.data.model.loader.SaClientModel;
import cn.dev33.satoken.oauth2.data.model.request.ClientIdAndSecretModel;
import cn.dev33.satoken.oauth2.data.model.request.RequestAuthModel;
import cn.dev33.satoken.oauth2.error.SaOAuth2ErrorCode;
import cn.dev33.satoken.oauth2.exception.SaOAuth2Exception;
import cn.dev33.satoken.oauth2.strategy.SaOAuth2Strategy;
import cn.dev33.satoken.oauth2.template.SaOAuth2Template;
import cn.dev33.satoken.router.SaHttpMethod;
import cn.dev33.satoken.util.SaResult;
import java.util.List;

/* loaded from: input_file:cn/dev33/satoken/oauth2/processor/SaOAuth2ServerProcessor.class */
public class SaOAuth2ServerProcessor {
    public static SaOAuth2ServerProcessor instance = new SaOAuth2ServerProcessor();

    public Object dister() {
        SaRequest request = SaHolder.getRequest();
        return request.isPath(SaOAuth2Consts.Api.authorize) ? authorize() : request.isPath(SaOAuth2Consts.Api.token) ? token() : request.isPath(SaOAuth2Consts.Api.refresh) ? refresh() : request.isPath(SaOAuth2Consts.Api.revoke) ? revoke() : request.isPath(SaOAuth2Consts.Api.doLogin) ? doLogin() : request.isPath(SaOAuth2Consts.Api.doConfirm) ? doConfirm() : request.isPath(SaOAuth2Consts.Api.client_token) ? clientToken() : SaOAuth2Consts.NOT_HANDLE;
    }

    public Object authorize() {
        SaRequest request = SaHolder.getRequest();
        SaResponse response = SaHolder.getResponse();
        SaOAuth2ServerConfig serverConfig = SaOAuth2Manager.getServerConfig();
        SaOAuth2DataGenerate dataGenerate = SaOAuth2Manager.getDataGenerate();
        SaOAuth2Template template = SaOAuth2Manager.getTemplate();
        checkAuthorizeResponseType(request.getParamNotNull(SaOAuth2Consts.Param.response_type), request, serverConfig);
        if (!SaOAuth2Manager.getStpLogic().isLogin()) {
            return serverConfig.notLoginView.get();
        }
        RequestAuthModel readRequestAuthModel = SaOAuth2Manager.getDataResolver().readRequestAuthModel(request, SaOAuth2Manager.getStpLogic().getLoginId());
        template.checkRedirectUri(readRequestAuthModel.clientId, readRequestAuthModel.redirectUri);
        template.checkContractScope(readRequestAuthModel.clientId, readRequestAuthModel.scopes);
        if (template.isNeedCarefulConfirm(readRequestAuthModel.loginId, readRequestAuthModel.clientId, readRequestAuthModel.scopes)) {
            return serverConfig.confirmView.apply(readRequestAuthModel.clientId, readRequestAuthModel.scopes);
        }
        if (SaOAuth2Consts.ResponseType.code.equals(readRequestAuthModel.responseType)) {
            return response.redirect(dataGenerate.buildRedirectUri(readRequestAuthModel.redirectUri, dataGenerate.generateCode(readRequestAuthModel).code, readRequestAuthModel.state));
        }
        if (!SaOAuth2Consts.ResponseType.token.equals(readRequestAuthModel.responseType)) {
            throw new SaOAuth2Exception("无效 response_type: " + readRequestAuthModel.responseType).setCode(SaOAuth2ErrorCode.CODE_30125);
        }
        return response.redirect(dataGenerate.buildImplicitRedirectUri(readRequestAuthModel.redirectUri, dataGenerate.generateAccessToken(readRequestAuthModel, false, null).accessToken, readRequestAuthModel.state));
    }

    public Object token() {
        return SaOAuth2Manager.getDataResolver().buildAccessTokenReturnValue(SaOAuth2Strategy.instance.grantTypeAuth.apply(SaHolder.getRequest()));
    }

    public Object refresh() {
        SaRequest request = SaHolder.getRequest();
        String paramNotNull = request.getParamNotNull(SaOAuth2Consts.Param.grant_type);
        SaOAuth2Exception.throwBy(!paramNotNull.equals(GrantType.refresh_token), "无效 grant_type：" + paramNotNull, SaOAuth2ErrorCode.CODE_30126);
        return SaOAuth2Manager.getDataResolver().buildRefreshTokenReturnValue(SaOAuth2Strategy.instance.grantTypeAuth.apply(request));
    }

    public Object revoke() {
        SaOAuth2Template template = SaOAuth2Manager.getTemplate();
        SaRequest request = SaHolder.getRequest();
        ClientIdAndSecretModel readClientIdAndSecret = SaOAuth2Manager.getDataResolver().readClientIdAndSecret(request);
        String str = readClientIdAndSecret.clientId;
        String str2 = readClientIdAndSecret.clientSecret;
        String paramNotNull = request.getParamNotNull(SaOAuth2Consts.Param.access_token);
        if (template.getAccessToken(paramNotNull) == null) {
            return SaResult.ok("access_token不存在：" + paramNotNull);
        }
        template.checkAccessTokenParam(str, str2, paramNotNull);
        template.revokeAccessToken(paramNotNull);
        return SaOAuth2Manager.getDataResolver().buildRevokeTokenReturnValue();
    }

    public Object doLogin() {
        SaRequest request = SaHolder.getRequest();
        return SaOAuth2Manager.getServerConfig().doLoginHandle.apply(request.getParam(SaOAuth2Consts.Param.name), request.getParam(SaOAuth2Consts.Param.pwd));
    }

    public Object doConfirm() {
        SaRequest request = SaHolder.getRequest();
        String paramNotNull = request.getParamNotNull(SaOAuth2Consts.Param.client_id);
        Object loginId = SaOAuth2Manager.getStpLogic().getLoginId();
        List<String> convertScopeStringToList = SaOAuth2Manager.getDataConverter().convertScopeStringToList(request.getParamNotNull(SaOAuth2Consts.Param.scope));
        SaOAuth2DataGenerate dataGenerate = SaOAuth2Manager.getDataGenerate();
        SaOAuth2Template template = SaOAuth2Manager.getTemplate();
        if (!request.isMethod(SaHttpMethod.POST)) {
            throw new SaOAuth2Exception("无效请求方式：" + request.getMethod()).setCode(SaOAuth2ErrorCode.CODE_30151);
        }
        template.saveGrantScope(paramNotNull, loginId, convertScopeStringToList);
        if (!request.isParam(SaOAuth2Consts.Param.build_redirect_uri, "true")) {
            template.saveGrantScope(paramNotNull, loginId, convertScopeStringToList);
            return SaResult.ok();
        }
        RequestAuthModel readRequestAuthModel = SaOAuth2Manager.getDataResolver().readRequestAuthModel(request, loginId);
        if (SaOAuth2Consts.ResponseType.code.equals(readRequestAuthModel.responseType)) {
            return SaResult.ok().set(SaOAuth2Consts.Param.redirect_uri, dataGenerate.buildRedirectUri(readRequestAuthModel.redirectUri, dataGenerate.generateCode(readRequestAuthModel).code, readRequestAuthModel.state));
        }
        if (!SaOAuth2Consts.ResponseType.token.equals(readRequestAuthModel.responseType)) {
            throw new SaOAuth2Exception("无效response_type: " + readRequestAuthModel.responseType).setCode(SaOAuth2ErrorCode.CODE_30125);
        }
        return SaResult.ok().set(SaOAuth2Consts.Param.redirect_uri, dataGenerate.buildImplicitRedirectUri(readRequestAuthModel.redirectUri, dataGenerate.generateAccessToken(readRequestAuthModel, false, null).accessToken, readRequestAuthModel.state));
    }

    public Object clientToken() {
        SaRequest request = SaHolder.getRequest();
        SaOAuth2ServerConfig serverConfig = SaOAuth2Manager.getServerConfig();
        SaOAuth2Template template = SaOAuth2Manager.getTemplate();
        String paramNotNull = request.getParamNotNull(SaOAuth2Consts.Param.grant_type);
        if (!paramNotNull.equals(GrantType.client_credentials)) {
            throw new SaOAuth2Exception("无效 grant_type：" + paramNotNull).setCode(SaOAuth2ErrorCode.CODE_30126);
        }
        if (!serverConfig.enableClientCredentials.booleanValue()) {
            throwErrorSystemNotEnableModel();
        }
        if (!currClientModel().getAllowGrantTypes().contains(GrantType.client_credentials)) {
            throwErrorClientNotEnableModel();
        }
        ClientIdAndSecretModel readClientIdAndSecret = SaOAuth2Manager.getDataResolver().readClientIdAndSecret(request);
        String str = readClientIdAndSecret.clientId;
        String str2 = readClientIdAndSecret.clientSecret;
        List<String> convertScopeStringToList = SaOAuth2Manager.getDataConverter().convertScopeStringToList(request.getParam(SaOAuth2Consts.Param.scope));
        template.checkContractScope(str, convertScopeStringToList);
        template.checkClientSecret(str, str2);
        return SaOAuth2Manager.getDataResolver().buildClientTokenReturnValue(SaOAuth2Manager.getDataGenerate().generateClientToken(str, convertScopeStringToList));
    }

    public SaClientModel currClientModel() {
        return SaOAuth2Manager.getTemplate().checkClientModel(SaOAuth2Manager.getDataResolver().readClientIdAndSecret(SaHolder.getRequest()).clientId);
    }

    public SaClientModel checkCurrClientSecret() {
        SaOAuth2Template template = SaOAuth2Manager.getTemplate();
        ClientIdAndSecretModel readClientIdAndSecret = SaOAuth2Manager.getDataResolver().readClientIdAndSecret(SaHolder.getRequest());
        return template.checkClientSecret(readClientIdAndSecret.clientId, readClientIdAndSecret.clientSecret);
    }

    public void checkAuthorizeResponseType(String str, SaRequest saRequest, SaOAuth2ServerConfig saOAuth2ServerConfig) {
        if (str.equals(SaOAuth2Consts.ResponseType.code)) {
            if (!saOAuth2ServerConfig.enableAuthorizationCode.booleanValue()) {
                throwErrorSystemNotEnableModel();
            }
            if (currClientModel().getAllowGrantTypes().contains(GrantType.authorization_code)) {
                return;
            }
            throwErrorClientNotEnableModel();
            return;
        }
        if (!str.equals(SaOAuth2Consts.ResponseType.token)) {
            throw new SaOAuth2Exception("无效 response_type: " + str).setCode(SaOAuth2ErrorCode.CODE_30125);
        }
        if (!saOAuth2ServerConfig.enableImplicit.booleanValue()) {
            throwErrorSystemNotEnableModel();
        }
        if (currClientModel().getAllowGrantTypes().contains(GrantType.implicit)) {
            return;
        }
        throwErrorClientNotEnableModel();
    }

    public void throwErrorSystemNotEnableModel() {
        throw new SaOAuth2Exception("系统暂未开放此授权模式").setCode(SaOAuth2ErrorCode.CODE_30141);
    }

    public void throwErrorClientNotEnableModel() {
        throw new SaOAuth2Exception("应用暂未开放此授权模式").setCode(SaOAuth2ErrorCode.CODE_30142);
    }
}
