package com.kdgcsoft.citybg.datacenter.oauth2.sso.integration.shiro.service;

import com.kdgcsoft.citybg.datacenter.oauth2.sso.integration.shiro.constant.SecurityConstants;
import com.kdgcsoft.citybg.datacenter.oauth2.sso.integration.shiro.exception.PropertiesNotFoundException;
import com.kdgcsoft.citybg.datacenter.oauth2.sso.integration.shiro.exception.SSOConfigException;
import com.kdgcsoft.citybg.datacenter.oauth2.sso.integration.shiro.properties.SsoProperties;
import java.nio.charset.StandardCharsets;
import java.util.Arrays;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.Random;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpEntity;
import org.springframework.http.HttpHeaders;
import org.springframework.http.MediaType;
import org.springframework.util.LinkedMultiValueMap;
import org.springframework.util.StringUtils;
import org.springframework.web.client.RestTemplate;
import sun.misc.BASE64Encoder;

@EnableConfigurationProperties({SsoProperties.class})
@ConditionalOnClass({SsoProperties.class})
@Configuration
/* loaded from: input_file:com/kdgcsoft/citybg/datacenter/oauth2/sso/integration/shiro/service/AccessTokenService.class */
public class AccessTokenService {

    @Autowired
    private SsoProperties ssoProperties;
    private static final String RANDOM_STR = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopgrstuvwxyz";
    private static final String LOGOUT_URL_PATTERN = "%s/oauth/remove/token?redirect_uri=%s&access_token=%s";
    private static final String AUTHORIZED_ADDRESS_PATTEN = "%s/oauth/authorize?client_id=%s&redirect_uri=%s&response_type=%s&state=%s";
    private static final ThreadLocal<String> NONCE = new ThreadLocal<>();

    public Map<String, Object> getAccessToken(String str) {
        RestTemplate restTemplate = new RestTemplate();
        HttpHeaders httpHeaders = new HttpHeaders();
        httpHeaders.setContentType(MediaType.APPLICATION_FORM_URLENCODED);
        httpHeaders.add("Authorization", "Basic " + getBase64ClientParam());
        LinkedMultiValueMap linkedMultiValueMap = new LinkedMultiValueMap();
        linkedMultiValueMap.add("code", str);
        linkedMultiValueMap.add("grant_type", SecurityConstants.AUTHORIZATION_CODE);
        linkedMultiValueMap.add("redirect_uri", getCallbackUrl());
        linkedMultiValueMap.add("scope", "all");
        linkedMultiValueMap.add("nonce", genNonce());
        return (Map) restTemplate.postForEntity(getAccessTokenUri(), new HttpEntity(linkedMultiValueMap, httpHeaders), Map.class, new Object[0]).getBody();
    }

    public String getRedirectUrl() {
        return getAuthorizedAddress() + getState();
    }

    public String getLogoutUrl(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        String str = "";
        Optional findFirst = Arrays.stream(httpServletRequest.getCookies()).filter(cookie -> {
            return cookie.getName().equals("Admin-Token");
        }).findFirst();
        if (findFirst.isPresent()) {
            str = ((Cookie) findFirst.get()).getValue();
        } else {
            Object attribute = httpServletRequest.getSession(false).getAttribute(SecurityConstants.ACCESS_TOKEN);
            if (Objects.nonNull(attribute)) {
                str = attribute.toString();
            }
        }
        return String.format(LOGOUT_URL_PATTERN, this.ssoProperties.getSsoServer(), this.ssoProperties.getCallbackUrl(), str);
    }

    public String getMsLogoutUrl(HttpServletRequest httpServletRequest) {
        Object attribute = httpServletRequest.getSession(false).getAttribute(SecurityConstants.ACCESS_TOKEN);
        if (Objects.nonNull(attribute)) {
            return String.format(LOGOUT_URL_PATTERN, this.ssoProperties.getSsoServer(), this.ssoProperties.getCallbackUrl() + this.ssoProperties.getSsoLoginUrl(), attribute.toString());
        }
        return null;
    }

    public String getForbiddenUrl() {
        return this.ssoProperties.getForbiddenUrl();
    }

    public String getSsoLoginUrl() {
        return this.ssoProperties.getSsoLoginUrl();
    }

    private String getCallbackUrl() {
        String callbackUrl = this.ssoProperties.getCallbackUrl();
        if (StringUtils.isEmpty(callbackUrl)) {
            throw new SSOConfigException("单点登录回调地址不能为空，请配置oauth2:sso:callback-url值。");
        }
        return callbackUrl.endsWith("/") ? callbackUrl + "casLogin" : callbackUrl + "/casLogin";
    }

    public String getIndexUrl() {
        String indexUrl = this.ssoProperties.getIndexUrl();
        return !StringUtils.isEmpty(indexUrl) ? indexUrl : "/";
    }

    private String getClientId() {
        String clientId = this.ssoProperties.getClientId();
        if (StringUtils.isEmpty(clientId)) {
            throw new PropertiesNotFoundException("oauth2.sso.clientId 不能为空");
        }
        return clientId;
    }

    private String getClientSecret() {
        String clientSecret = this.ssoProperties.getClientSecret();
        if (StringUtils.isEmpty(clientSecret)) {
            throw new PropertiesNotFoundException("oauth2.sso.client-secret 不能为空");
        }
        return clientSecret;
    }

    private String getAuthorizedAddress() {
        return String.format(AUTHORIZED_ADDRESS_PATTEN, getSSoServer(false), getClientId(), getCallbackUrl(), "code%20id_token", getState());
    }

    private String getSSoServer(boolean z) {
        String ssoServer = this.ssoProperties.getSsoServer();
        if (z) {
            ssoServer = this.ssoProperties.getSsoInnerServer();
        }
        if (StringUtils.isEmpty(ssoServer)) {
            throw new PropertiesNotFoundException("oauth2.sso.sso-server 不能为空");
        }
        return ssoServer;
    }

    private String getAccessTokenUri() {
        return getSSoServer(true) + SecurityConstants.OAUTH_TOKEN_URL;
    }

    private String getBase64ClientParam() {
        return new BASE64Encoder().encode((getClientId() + SecurityConstants.USER_SPLIT + getClientSecret()).getBytes(StandardCharsets.UTF_8));
    }

    private static String genNonce() {
        String num = Integer.toString(new Random().nextInt(6));
        NONCE.set(num);
        return num;
    }

    private static String getState() {
        Random random = new Random();
        String[] split = RANDOM_STR.split("");
        StringBuilder sb = new StringBuilder();
        for (int i = 0; i < 6; i++) {
            sb.append(split[random.nextInt(51)]);
        }
        return sb.toString();
    }
}
