package com.geoway.landteam.gas.as.service.oauth2;

import com.fasterxml.jackson.core.type.TypeReference;
import com.fasterxml.jackson.databind.Module;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.geoway.landteam.gas.authentication.server.GacJackson2Module;
import com.geoway.landteam.gas.dao.oauth2.Oauth2AuthorizationDao;
import com.geoway.landteam.gas.model.oauth2.entity.Oauth2AuthorizationPo;
import com.gw.base.data.GwValidateException;
import com.gw.base.gpa.id.GwIdGenerator;
import com.gw.base.util.GutilStr;
import com.gw.web.util.GwHttpServletHelper;
import java.time.Instant;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.function.Consumer;
import javax.servlet.http.HttpSession;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.jackson2.SecurityJackson2Modules;
import org.springframework.security.oauth2.core.AuthorizationGrantType;
import org.springframework.security.oauth2.core.OAuth2AccessToken;
import org.springframework.security.oauth2.core.OAuth2AuthorizationCode;
import org.springframework.security.oauth2.core.OAuth2RefreshToken;
import org.springframework.security.oauth2.core.OAuth2Token;
import org.springframework.security.oauth2.core.OAuth2TokenType;
import org.springframework.security.oauth2.core.oidc.OidcIdToken;
import org.springframework.security.oauth2.server.authorization.OAuth2Authorization;
import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService;
import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository;
import org.springframework.security.oauth2.server.authorization.jackson2.OAuth2AuthorizationServerJackson2Module;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.util.Assert;
import org.springframework.util.StringUtils;

@Service
/* loaded from: input_file:com/geoway/landteam/gas/as/service/oauth2/DaoOAuth2AuthorizationServiceImpl.class */
public class DaoOAuth2AuthorizationServiceImpl implements OAuth2AuthorizationService {

    @Autowired
    private final Oauth2AuthorizationDao authorizationDao;

    @Autowired
    private final RegisteredClientRepository registeredClientRepository;
    private ObjectMapper objectMapper = new ObjectMapper();

    public DaoOAuth2AuthorizationServiceImpl(Oauth2AuthorizationDao oauth2AuthorizationDao, RegisteredClientRepository registeredClientRepository) {
        Assert.notNull(oauth2AuthorizationDao, "authorizationDao cannot be null");
        Assert.notNull(registeredClientRepository, "registeredClientRepository cannot be null");
        this.authorizationDao = oauth2AuthorizationDao;
        this.registeredClientRepository = registeredClientRepository;
        this.objectMapper.registerModules(SecurityJackson2Modules.getModules(DaoOAuth2AuthorizationServiceImpl.class.getClassLoader()));
        this.objectMapper.registerModules(new Module[]{new OAuth2AuthorizationServerJackson2Module()});
        this.objectMapper.registerModules(new Module[]{new GacJackson2Module()});
    }

    public List<OAuth2Authorization> findBySsoId(String str) {
        ArrayList arrayList = new ArrayList();
        Iterator it = this.authorizationDao.findBySsoId(str).iterator();
        while (it.hasNext()) {
            arrayList.add(toObject((Oauth2AuthorizationPo) it.next()));
        }
        return arrayList;
    }

    public String findAccessTokenSsoId(String str) {
        Oauth2AuthorizationPo findByAccessTokenValue = this.authorizationDao.findByAccessTokenValue(str);
        if (findByAccessTokenValue != null) {
            return findByAccessTokenValue.getSsoId();
        }
        return null;
    }

    @Transactional(rollbackFor = {Exception.class})
    public void save(OAuth2Authorization oAuth2Authorization) {
        HttpSession session;
        Assert.notNull(oAuth2Authorization, "authorization cannot be null");
        if (AuthorizationGrantType.PASSWORD.equals(oAuth2Authorization.getAuthorizationGrantType())) {
            oAuth2Authorization.getRegisteredClientId();
            oAuth2Authorization.getPrincipalName();
        }
        Oauth2AuthorizationPo entity = toEntity(oAuth2Authorization);
        if (this.authorizationDao.gwExistsWithPK(entity.getId())) {
            this.authorizationDao.gwUpdateByPKSelective(entity);
            return;
        }
        if (AuthorizationGrantType.AUTHORIZATION_CODE.equals(oAuth2Authorization.getAuthorizationGrantType()) && (session = GwHttpServletHelper.getRequest().getSession(true)) != null) {
            Object attribute = session.getAttribute("ssoGroupId");
            String str = "cq";
            if (attribute != null) {
                str = attribute.toString();
            } else {
                session.setAttribute("ssoGroupId", str);
            }
            String str2 = str + "-ssoId";
            Object attribute2 = session.getAttribute(str2);
            if (attribute2 == null) {
                attribute2 = GwIdGenerator.simpleUUID();
                session.setAttribute(str2, attribute2);
            }
            entity.setSsoId(attribute2.toString());
        }
        this.authorizationDao.gwAccess(entity);
    }

    @Transactional(rollbackFor = {Exception.class})
    public void remove(OAuth2Authorization oAuth2Authorization) {
        Assert.notNull(oAuth2Authorization, "authorization cannot be null");
        if (GutilStr.hasText(oAuth2Authorization.getId())) {
            this.authorizationDao.removeById(oAuth2Authorization.getId(), "Implicit or CodeRequest");
        }
    }

    public OAuth2Authorization findById(String str) {
        Assert.hasText(str, "id cannot be empty");
        Oauth2AuthorizationPo findById = this.authorizationDao.findById(str);
        if (findById != null) {
            return toObject(findById);
        }
        return null;
    }

    public OAuth2Authorization findByToken(String str, OAuth2TokenType oAuth2TokenType) {
        Assert.hasText(str, "token cannot be empty");
        Oauth2AuthorizationPo oauth2AuthorizationPo = null;
        if (oAuth2TokenType == null) {
            oauth2AuthorizationPo = this.authorizationDao.findByAccessTokenValue(str);
            if (oauth2AuthorizationPo == null) {
                oauth2AuthorizationPo = this.authorizationDao.findByStateOrAuthorizationCodeValueOrAccessTokenValueOrRefreshTokenValue(str);
            }
        } else if ("state".equals(oAuth2TokenType.getValue())) {
            oauth2AuthorizationPo = this.authorizationDao.findByState(str);
        } else if ("code".equals(oAuth2TokenType.getValue())) {
            oauth2AuthorizationPo = this.authorizationDao.findByAuthorizationCodeValue(str);
        } else if ("access_token".equals(oAuth2TokenType.getValue())) {
            oauth2AuthorizationPo = this.authorizationDao.findByAccessTokenValue(str);
        } else if ("refresh_token".equals(oAuth2TokenType.getValue())) {
            oauth2AuthorizationPo = this.authorizationDao.findByRefreshTokenValue(str);
        }
        if (oauth2AuthorizationPo != null) {
            return toObject(oauth2AuthorizationPo);
        }
        return null;
    }

    private OAuth2Authorization toObject(Oauth2AuthorizationPo oauth2AuthorizationPo) {
        RegisteredClient findById = this.registeredClientRepository.findById(oauth2AuthorizationPo.getRegisteredClientId());
        if (findById == null) {
            throw new GwValidateException("The RegisteredClient with id '" + oauth2AuthorizationPo.getRegisteredClientId() + "' was not found in the RegisteredClientRepository.");
        }
        OAuth2Authorization.Builder attributes = OAuth2Authorization.withRegisteredClient(findById).id(oauth2AuthorizationPo.getId()).principalName(oauth2AuthorizationPo.getPrincipalName()).authorizationGrantType(resolveAuthorizationGrantType(oauth2AuthorizationPo.getAuthorizationGrantType())).attributes(map -> {
            map.putAll(parseMap(oauth2AuthorizationPo.getAttributes()));
        });
        if (oauth2AuthorizationPo.getState() != null) {
            attributes.attribute("state", oauth2AuthorizationPo.getState());
        }
        if (oauth2AuthorizationPo.getAuthorizationCodeValue() != null) {
            attributes.token(new OAuth2AuthorizationCode(oauth2AuthorizationPo.getAuthorizationCodeValue(), oauth2AuthorizationPo.getAuthorizationCodeIssuedAt(), oauth2AuthorizationPo.getAuthorizationCodeExpiresAt()), map2 -> {
                map2.putAll(parseMap(oauth2AuthorizationPo.getAuthorizationCodeMetadata()));
            });
        }
        if (oauth2AuthorizationPo.getAccessTokenValue() != null) {
            attributes.token(new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER, oauth2AuthorizationPo.getAccessTokenValue(), oauth2AuthorizationPo.getAccessTokenIssuedAt(), oauth2AuthorizationPo.getAccessTokenExpiresAt()), map3 -> {
                map3.putAll(parseMap(oauth2AuthorizationPo.getAccessTokenMetadata()));
            });
        }
        if (oauth2AuthorizationPo.getRefreshTokenValue() != null) {
            attributes.token(new OAuth2RefreshToken(oauth2AuthorizationPo.getRefreshTokenValue(), oauth2AuthorizationPo.getRefreshTokenIssuedAt(), oauth2AuthorizationPo.getRefreshTokenExpiresAt()), map4 -> {
                map4.putAll(parseMap(oauth2AuthorizationPo.getRefreshTokenMetadata()));
            });
        }
        if (oauth2AuthorizationPo.getOidcIdTokenValue() != null) {
            attributes.token(new OidcIdToken(oauth2AuthorizationPo.getOidcIdTokenValue(), oauth2AuthorizationPo.getOidcIdTokenIssuedAt(), oauth2AuthorizationPo.getOidcIdTokenExpiresAt(), parseMap(oauth2AuthorizationPo.getOidcIdTokenClaims())), map5 -> {
                map5.putAll(parseMap(oauth2AuthorizationPo.getOidcIdTokenMetadata()));
            });
        }
        return attributes.build();
    }

    private Oauth2AuthorizationPo toEntity(OAuth2Authorization oAuth2Authorization) {
        Oauth2AuthorizationPo oauth2AuthorizationPo = new Oauth2AuthorizationPo();
        oauth2AuthorizationPo.setId(oAuth2Authorization.getId());
        oauth2AuthorizationPo.setRegisteredClientId(oAuth2Authorization.getRegisteredClientId());
        oauth2AuthorizationPo.setPrincipalName(oAuth2Authorization.getPrincipalName());
        oauth2AuthorizationPo.setAuthorizationGrantType(oAuth2Authorization.getAuthorizationGrantType().getValue());
        oauth2AuthorizationPo.setAttributes(writeMap(oAuth2Authorization.getAttributes()));
        oauth2AuthorizationPo.setState((String) oAuth2Authorization.getAttribute("state"));
        OAuth2Authorization.Token<?> token = oAuth2Authorization.getToken(OAuth2AuthorizationCode.class);
        oauth2AuthorizationPo.getClass();
        Consumer<String> consumer = oauth2AuthorizationPo::setAuthorizationCodeValue;
        oauth2AuthorizationPo.getClass();
        Consumer<Instant> consumer2 = oauth2AuthorizationPo::setAuthorizationCodeIssuedAt;
        oauth2AuthorizationPo.getClass();
        Consumer<Instant> consumer3 = oauth2AuthorizationPo::setAuthorizationCodeExpiresAt;
        oauth2AuthorizationPo.getClass();
        setTokenValues(token, consumer, consumer2, consumer3, oauth2AuthorizationPo::setAuthorizationCodeMetadata);
        OAuth2Authorization.Token<?> token2 = oAuth2Authorization.getToken(OAuth2AccessToken.class);
        oauth2AuthorizationPo.getClass();
        Consumer<String> consumer4 = oauth2AuthorizationPo::setAccessTokenValue;
        oauth2AuthorizationPo.getClass();
        Consumer<Instant> consumer5 = oauth2AuthorizationPo::setAccessTokenIssuedAt;
        oauth2AuthorizationPo.getClass();
        Consumer<Instant> consumer6 = oauth2AuthorizationPo::setAccessTokenExpiresAt;
        oauth2AuthorizationPo.getClass();
        setTokenValues(token2, consumer4, consumer5, consumer6, oauth2AuthorizationPo::setAccessTokenMetadata);
        if (token2 != null && token2.getToken().getScopes() != null) {
            oauth2AuthorizationPo.setAccessTokenScopes(StringUtils.collectionToDelimitedString(token2.getToken().getScopes(), ","));
        }
        OAuth2Authorization.Token<?> token3 = oAuth2Authorization.getToken(OAuth2RefreshToken.class);
        oauth2AuthorizationPo.getClass();
        Consumer<String> consumer7 = oauth2AuthorizationPo::setRefreshTokenValue;
        oauth2AuthorizationPo.getClass();
        Consumer<Instant> consumer8 = oauth2AuthorizationPo::setRefreshTokenIssuedAt;
        oauth2AuthorizationPo.getClass();
        Consumer<Instant> consumer9 = oauth2AuthorizationPo::setRefreshTokenExpiresAt;
        oauth2AuthorizationPo.getClass();
        setTokenValues(token3, consumer7, consumer8, consumer9, oauth2AuthorizationPo::setRefreshTokenMetadata);
        OAuth2Authorization.Token<?> token4 = oAuth2Authorization.getToken(OidcIdToken.class);
        oauth2AuthorizationPo.getClass();
        Consumer<String> consumer10 = oauth2AuthorizationPo::setOidcIdTokenValue;
        oauth2AuthorizationPo.getClass();
        Consumer<Instant> consumer11 = oauth2AuthorizationPo::setOidcIdTokenIssuedAt;
        oauth2AuthorizationPo.getClass();
        Consumer<Instant> consumer12 = oauth2AuthorizationPo::setOidcIdTokenExpiresAt;
        oauth2AuthorizationPo.getClass();
        setTokenValues(token4, consumer10, consumer11, consumer12, oauth2AuthorizationPo::setOidcIdTokenMetadata);
        if (token4 != null) {
            oauth2AuthorizationPo.setOidcIdTokenClaims(writeMap(token4.getClaims()));
        }
        return oauth2AuthorizationPo;
    }

    private void setTokenValues(OAuth2Authorization.Token<?> token, Consumer<String> consumer, Consumer<Instant> consumer2, Consumer<Instant> consumer3, Consumer<String> consumer4) {
        if (token != null) {
            OAuth2Token token2 = token.getToken();
            consumer.accept(token2.getTokenValue());
            consumer2.accept(token2.getIssuedAt());
            consumer3.accept(token2.getExpiresAt());
            consumer4.accept(writeMap(token.getMetadata()));
        }
    }

    private Map<String, Object> parseMap(String str) {
        try {
            return (Map) this.objectMapper.readValue(str, new TypeReference<Map<String, Object>>() { // from class: com.geoway.landteam.gas.as.service.oauth2.DaoOAuth2AuthorizationServiceImpl.1
            });
        } catch (Exception e) {
            throw new IllegalArgumentException(e.getMessage(), e);
        }
    }

    private String writeMap(Map<String, Object> map) {
        try {
            return this.objectMapper.writeValueAsString(map);
        } catch (Exception e) {
            throw new IllegalArgumentException(e.getMessage(), e);
        }
    }

    private static AuthorizationGrantType resolveAuthorizationGrantType(String str) {
        return AuthorizationGrantType.AUTHORIZATION_CODE.getValue().equals(str) ? AuthorizationGrantType.AUTHORIZATION_CODE : AuthorizationGrantType.CLIENT_CREDENTIALS.getValue().equals(str) ? AuthorizationGrantType.CLIENT_CREDENTIALS : AuthorizationGrantType.REFRESH_TOKEN.getValue().equals(str) ? AuthorizationGrantType.REFRESH_TOKEN : AuthorizationGrantType.PASSWORD.getValue().equals(str) ? AuthorizationGrantType.PASSWORD : new AuthorizationGrantType(str);
    }
}
