package com.geoway.design.biz.service.oauth2.impl;

import cn.hutool.core.util.StrUtil;
import com.geoway.design.biz.service.dev.IUnityLoginService;
import com.geoway.design.biz.service.login.ISsoAppService;
import com.geoway.design.biz.service.oauth2.IOauth2Service;
import com.geoway.design.biz.service.sys.SysUserLimitService;
import com.geoway.sso.client.enums.GrantTypeEnum;
import com.geoway.sso.client.rpc.Result;
import com.geoway.sso.client.rpc.RpcAccessToken;
import com.geoway.sso.client.rpc.SsoUser;
import com.geoway.sso.client.util.CookieUtils;
import com.geoway.sso.server.common.AccessTokenContent;
import com.geoway.sso.server.common.CodeContent;
import com.geoway.sso.server.common.RefreshTokenContent;
import com.geoway.sso.server.session.AccessTokenManager;
import com.geoway.sso.server.session.CodeManager;
import com.geoway.sso.server.session.RefreshTokenManager;
import com.geoway.sso.server.session.TicketGrantingTicketManager;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import org.springframework.util.StringUtils;
import org.springframework.web.context.request.RequestContextHolder;

@Service
/* loaded from: input_file:com/geoway/design/biz/service/oauth2/impl/Oauth2ServiceImpl.class */
public class Oauth2ServiceImpl implements IOauth2Service {

    @Autowired
    private ISsoAppService ssoAppService;

    @Autowired
    private IUnityLoginService userService;

    @Autowired
    private CodeManager codeManager;

    @Autowired
    private AccessTokenManager accessTokenManager;

    @Autowired
    private RefreshTokenManager refreshTokenManager;

    @Autowired
    private TicketGrantingTicketManager ticketGrantingTicketManager;

    @Autowired
    private SysUserLimitService sysUserLimitService;

    @Override // com.geoway.design.biz.service.oauth2.IOauth2Service
    public RpcAccessToken getAccessToken(String str, String str2, String str3, String str4, String str5, String str6, String str7, String str8, String str9) {
        Result<Void> validateParam = validateParam(str, str4, str5, str6, str8, str9);
        if (!validateParam.isSuccess()) {
            throw new RuntimeException(validateParam.getMessage());
        }
        Result<Void> validate = this.ssoAppService.validate(str2, str3);
        if (!validate.isSuccess()) {
            throw new RuntimeException(validate.getMessage());
        }
        Result<AccessTokenContent> validateAuth = validateAuth(str, str4, str5, str6, str7, str2, str8, str9);
        if (!validateAuth.isSuccess()) {
            throw new RuntimeException(validateAuth.getMessage());
        }
        if (this.sysUserLimitService.isValid(str2, ((AccessTokenContent) validateAuth.getData()).getUser().getId())) {
            return genereateRpcAccessToken((AccessTokenContent) validateAuth.getData(), null);
        }
        throw new RuntimeException("该用户被限制访问，请联系管理员");
    }

    @Override // com.geoway.design.biz.service.oauth2.IOauth2Service
    public RpcAccessToken refreshToken(String str, String str2) {
        if (!this.ssoAppService.exists(str)) {
            throw new RuntimeException("非法应用");
        }
        RefreshTokenContent validate = this.refreshTokenManager.validate(str2);
        if (validate == null) {
            throw new RuntimeException("refreshToken有误或已过期");
        }
        AccessTokenContent accessTokenContent = validate.getAccessTokenContent();
        if (!str.equals(accessTokenContent.getAppId())) {
            throw new RuntimeException("非法应用");
        }
        if (this.ticketGrantingTicketManager.getAndRefresh(accessTokenContent.getCodeContent().getTgt()) == null) {
            throw new RuntimeException("服务端session已过期");
        }
        return genereateRpcAccessToken(accessTokenContent, validate.getAccessToken());
    }

    @Override // com.geoway.design.biz.service.oauth2.IOauth2Service
    public RpcAccessToken queryAccessToken(String str) {
        AccessTokenContent accessTokenContent = this.accessTokenManager.get(str);
        if (accessTokenContent != null) {
            return new RpcAccessToken(str, this.accessTokenManager.getExpiresIn(), accessTokenContent.getRefreshToken(), accessTokenContent.getUser());
        }
        throw new RuntimeException("token有误或已过期");
    }

    @Override // com.geoway.design.biz.service.oauth2.IOauth2Service
    public void revokeAccessToken(String str) {
        HttpServletResponse response = RequestContextHolder.currentRequestAttributes().getResponse();
        AccessTokenContent accessTokenContent = this.accessTokenManager.get(str);
        if (accessTokenContent == null) {
            throw new RuntimeException("token有误或已过期");
        }
        String tgt = accessTokenContent.getCodeContent().getTgt();
        this.ticketGrantingTicketManager.remove(tgt);
        CookieUtils.removeCookie("TGC", "/", response);
        this.accessTokenManager.remove(tgt);
    }

    @Override // com.geoway.design.biz.service.oauth2.IOauth2Service
    public String queryCurrentUserId(HttpServletRequest httpServletRequest) {
        SsoUser queryCurrentSsoUser = queryCurrentSsoUser(httpServletRequest);
        if (queryCurrentSsoUser != null) {
            return queryCurrentSsoUser.getId();
        }
        return null;
    }

    @Override // com.geoway.design.biz.service.oauth2.IOauth2Service
    public SsoUser queryCurrentSsoUser(HttpServletRequest httpServletRequest) {
        String header = httpServletRequest.getHeader("access_token");
        if (StrUtil.isBlank(header)) {
            header = httpServletRequest.getHeader("access-token");
        }
        AccessTokenContent accessTokenContent = this.accessTokenManager.get(header);
        if (accessTokenContent != null) {
            return accessTokenContent.getUser();
        }
        return null;
    }

    @Override // com.geoway.design.biz.service.oauth2.IOauth2Service
    public RpcAccessToken getAccessToken(String str, String str2, String str3, String str4, String str5) {
        Result<Void> validate = this.ssoAppService.validate(str, str2);
        if (!validate.isSuccess()) {
            throw new RuntimeException(validate.getMessage());
        }
        Result<SsoUser> login = this.userService.login(str3, str4);
        if (!login.isSuccess()) {
            throw new RuntimeException(login.getMessage());
        }
        SsoUser ssoUser = (SsoUser) login.getData();
        ssoUser.setToken(str5);
        AccessTokenContent accessTokenContent = new AccessTokenContent(new CodeContent(this.ticketGrantingTicketManager.generate((SsoUser) login.getData()), false, (String) null), ssoUser, str, (String) null);
        if (this.sysUserLimitService.isValid(str, accessTokenContent.getUser().getId())) {
            return genereateRpcAccessToken2(accessTokenContent);
        }
        throw new RuntimeException("该用户被限制访问，请联系管理员");
    }

    private Result<Void> validateParam(String str, String str2, String str3, String str4, String str5, String str6) {
        if (GrantTypeEnum.AUTHORIZATION_CODE.getValue().equals(str)) {
            if (StringUtils.isEmpty(str2)) {
                return Result.createError("code不能为空");
            }
        } else if (GrantTypeEnum.PASSWORD.getValue().equals(str)) {
            if (StringUtils.isEmpty(str3) || StringUtils.isEmpty(str4)) {
                return Result.createError("username和password不能为空");
            }
        } else {
            if (!GrantTypeEnum.PASSWORD_CAPTCHA.getValue().equals(str)) {
                return Result.createError("授权方式不支持");
            }
            if (StringUtils.isEmpty(str3) || StringUtils.isEmpty(str4)) {
                return Result.createError("username和password不能为空");
            }
            if (StringUtils.isEmpty(str5) || StringUtils.isEmpty(str6)) {
                return Result.createError("验证码不能为空");
            }
        }
        return Result.success();
    }

    private Result<AccessTokenContent> validateAuth(String str, String str2, String str3, String str4, String str5, String str6, String str7, String str8) {
        AccessTokenContent accessTokenContent = null;
        if (GrantTypeEnum.AUTHORIZATION_CODE.getValue().equals(str)) {
            CodeContent andRemove = this.codeManager.getAndRemove(str2);
            if (andRemove == null) {
                return Result.createError("code有误或已过期");
            }
            SsoUser andRefresh = this.ticketGrantingTicketManager.getAndRefresh(andRemove.getTgt());
            if (andRefresh == null) {
                return Result.createError("服务端session已过期");
            }
            accessTokenContent = new AccessTokenContent(andRemove, andRefresh, str6, (String) null);
        } else if (GrantTypeEnum.PASSWORD.getValue().equals(str)) {
            Result<SsoUser> login = this.userService.login(str3, str4, str5, "", "", RequestContextHolder.currentRequestAttributes().getRequest());
            if (!login.isSuccess()) {
                return Result.createError(login.getMessage());
            }
            accessTokenContent = new AccessTokenContent(new CodeContent(this.ticketGrantingTicketManager.generate((SsoUser) login.getData()), false, (String) null), (SsoUser) login.getData(), str6, (String) null);
        } else if (GrantTypeEnum.PASSWORD_CAPTCHA.getValue().equals(str)) {
            Result<SsoUser> login2 = this.userService.login(str3, str4, str5, str7, str8, RequestContextHolder.currentRequestAttributes().getRequest());
            if (!login2.isSuccess()) {
                return Result.createError(login2.getMessage());
            }
            accessTokenContent = new AccessTokenContent(new CodeContent(this.ticketGrantingTicketManager.generate((SsoUser) login2.getData()), false, (String) null), (SsoUser) login2.getData(), str6, (String) null);
        }
        return Result.createSuccess(accessTokenContent);
    }

    private RpcAccessToken genereateRpcAccessToken(AccessTokenContent accessTokenContent, String str) {
        String str2 = str;
        if (str2 == null || !this.accessTokenManager.refresh(str2)) {
            str2 = this.accessTokenManager.generate(accessTokenContent);
        }
        String generate = this.refreshTokenManager.generate(accessTokenContent, str2);
        AccessTokenContent accessTokenContent2 = this.accessTokenManager.get(str2);
        accessTokenContent2.setRefreshToken(generate);
        this.accessTokenManager.create(str2, accessTokenContent2);
        return new RpcAccessToken(str2, this.accessTokenManager.getExpiresIn(), generate, accessTokenContent.getUser());
    }

    private RpcAccessToken genereateRpcAccessToken2(AccessTokenContent accessTokenContent) {
        String generate = this.accessTokenManager.generate(accessTokenContent);
        String generate2 = this.refreshTokenManager.generate(accessTokenContent, generate);
        AccessTokenContent accessTokenContent2 = this.accessTokenManager.get(generate);
        accessTokenContent2.setRefreshToken(generate2);
        this.accessTokenManager.create(generate, accessTokenContent2);
        return new RpcAccessToken(generate, this.accessTokenManager.getExpiresIn(), generate2, accessTokenContent.getUser());
    }
}
