package com.kdgcsoft.citybg.datacenter.oauth2.sso.integration.shiro.controller;

import com.fasterxml.jackson.databind.JsonNode;
import com.kdgcsoft.citybg.datacenter.oauth2.sso.integration.shiro.constant.CommonConstant;
import com.kdgcsoft.citybg.datacenter.oauth2.sso.integration.shiro.constant.SecurityConstants;
import com.kdgcsoft.citybg.datacenter.oauth2.sso.integration.shiro.exception.TokenAccessException;
import com.kdgcsoft.citybg.datacenter.oauth2.sso.integration.shiro.exception.UserNotFoundException;
import com.kdgcsoft.citybg.datacenter.oauth2.sso.integration.shiro.service.AccessTokenService;
import com.kdgcsoft.citybg.datacenter.oauth2.sso.integration.shiro.service.SsoLoginSuccessHandler;
import com.kdgcsoft.citybg.datacenter.oauth2.sso.integration.shiro.util.JwtUtils;
import java.io.IOException;
import java.util.HashMap;
import java.util.Map;
import java.util.Objects;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.web.util.SavedRequest;
import org.apache.shiro.web.util.WebUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.ui.ModelMap;
import org.springframework.util.StringUtils;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;

@Controller
/* loaded from: input_file:com/kdgcsoft/citybg/datacenter/oauth2/sso/integration/shiro/controller/Oauth2LoginController.class */
public class Oauth2LoginController {

    @Autowired
    private AccessTokenService accessTokenService;

    @Autowired
    private SsoLoginSuccessHandler ssoLoginSuccessHandler;

    @RequestMapping({"/casLogin"})
    public void casLogin(@RequestParam("code") String str, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, ModelMap modelMap) throws IOException {
        Map<String, Object> accessTokens = getAccessTokens(str);
        Object obj = accessTokens.get(SecurityConstants.ID_TOKEN);
        if (Objects.nonNull(obj)) {
            JsonNode decodeAndVerify = JwtUtils.decodeAndVerify(obj.toString());
            if (!this.ssoLoginSuccessHandler.match(decodeAndVerify)) {
                if (StringUtils.isEmpty(this.accessTokenService.getForbiddenUrl())) {
                    httpServletResponse.sendRedirect(httpServletRequest.getContextPath() + "/login");
                    return;
                } else {
                    httpServletResponse.sendRedirect(this.accessTokenService.getForbiddenUrl());
                    return;
                }
            }
            this.ssoLoginSuccessHandler.handle(decodeAndVerify);
        }
        Subject subject = SecurityUtils.getSubject();
        setAccessToken(httpServletRequest, accessTokens);
        if (Objects.isNull(subject) || Objects.isNull(subject.getPrincipal())) {
            throw new UserNotFoundException("当前用户信息不存在，请确认在 SsoLoginSuccessHandler 接口中已经加载用户。");
        }
        httpServletRequest.getSession(false).setAttribute(CommonConstant.OAUTH2_SESSION_NAME, "isLogin");
        redirectToSavedRequest(httpServletRequest, httpServletResponse, this.accessTokenService.getIndexUrl());
    }

    public void redirectToSavedRequest(ServletRequest servletRequest, ServletResponse servletResponse, String str) throws IOException {
        String str2 = null;
        boolean z = true;
        SavedRequest andClearSavedRequest = WebUtils.getAndClearSavedRequest(servletRequest);
        if (andClearSavedRequest != null && andClearSavedRequest.getMethod().equalsIgnoreCase("GET")) {
            str2 = andClearSavedRequest.getRequestUrl();
            z = false;
        }
        if (str2 == null) {
            str2 = str;
        }
        if (str2 == null) {
            throw new IllegalStateException("Success URL not available via saved request or via the successUrlFallback method parameter. One of these must be non-null for issueSuccessRedirect() to work.");
        }
        if (str2.startsWith("/login")) {
            str2 = "/";
        }
        WebUtils.issueRedirect(servletRequest, servletResponse, str2, (Map) null, z);
    }

    private Map<String, Object> getAccessTokens(String str) {
        new HashMap();
        try {
            return this.accessTokenService.getAccessToken(str);
        } catch (Exception e) {
            e.printStackTrace();
            throw new TokenAccessException("获取token信息异常，异常信息为：" + e.getLocalizedMessage());
        }
    }

    private void setAccessToken(HttpServletRequest httpServletRequest, Map<String, Object> map) {
        Object obj = map.get(SecurityConstants.ACCESS_TOKEN);
        HttpSession session = httpServletRequest.getSession(false);
        if (session != null) {
            session.setAttribute(SecurityConstants.ACCESS_TOKEN, obj.toString());
        }
    }
}
