package com.geoway.design.rest.controller;

import com.geoway.design.biz.service.ISsoAppService;
import com.geoway.design.biz.service.ISsoUserService;
import com.geoway.sso.client.enums.GrantTypeEnum;
import com.geoway.sso.client.rpc.Result;
import com.geoway.sso.client.rpc.RpcAccessToken;
import com.geoway.sso.client.rpc.SsoUser;
import com.geoway.sso.client.util.CookieUtils;
import com.geoway.sso.server.common.AccessTokenContent;
import com.geoway.sso.server.common.CodeContent;
import com.geoway.sso.server.common.RefreshTokenContent;
import com.geoway.sso.server.constant.AppConstant;
import com.geoway.sso.server.session.AccessTokenManager;
import com.geoway.sso.server.session.CodeManager;
import com.geoway.sso.server.session.RefreshTokenManager;
import com.geoway.sso.server.session.TicketGrantingTicketManager;
import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation;
import javax.annotation.Resource;
import javax.servlet.http.HttpServletResponse;
import org.springframework.util.StringUtils;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;

@Api(tags = {"Oauth2.0标准用户登录"})
@RequestMapping({"/oauth2"})
@RestController
/* loaded from: input_file:BOOT-INF/classes/com/geoway/design/rest/controller/SsoOauth2Controller.class */
public class SsoOauth2Controller {

    @Resource
    private ISsoAppService ssoAppService;

    @Resource
    private ISsoUserService userService;

    @Resource
    private CodeManager codeManager;

    @Resource
    private AccessTokenManager accessTokenManager;

    @Resource
    private RefreshTokenManager refreshTokenManager;

    @Resource
    private TicketGrantingTicketManager ticketGrantingTicketManager;

    @RequestMapping(value = {"/access_token"}, method = {RequestMethod.POST, RequestMethod.GET})
    @ApiOperation("获取accessToken")
    public Result getAccessToken(@RequestParam(value = "grantType", required = true) String str, @RequestParam(value = "appId", required = true) String str2, @RequestParam(value = "appSecret", required = true) String str3, @RequestParam(value = "code", required = false) String str4, @RequestParam(value = "username", required = false) String str5, @RequestParam(value = "password", required = false) String str6) {
        Result<Void> validateParam = validateParam(str, str4, str5, str6);
        if (!validateParam.isSuccess()) {
            return validateParam;
        }
        Result<Void> validate = this.ssoAppService.validate(str2, str3);
        if (!validate.isSuccess()) {
            return validate;
        }
        Result<AccessTokenContent> validateAuth = validateAuth(str, str4, str5, str6, str2);
        return !validateAuth.isSuccess() ? validateAuth : Result.createSuccess(genereateRpcAccessToken(validateAuth.getData(), null));
    }

    @RequestMapping(value = {"/refresh_token"}, method = {RequestMethod.POST, RequestMethod.GET})
    @ApiOperation("刷新accessToken")
    public Result refreshToken(@RequestParam(value = "appId", required = true) String str, @RequestParam(value = "refreshToken", required = true) String str2) {
        if (!this.ssoAppService.exists(str)) {
            return Result.createError("非法应用");
        }
        RefreshTokenContent validate = this.refreshTokenManager.validate(str2);
        if (validate == null) {
            return Result.createError("refreshToken有误或已过期");
        }
        AccessTokenContent accessTokenContent = validate.getAccessTokenContent();
        return !str.equals(accessTokenContent.getAppId()) ? Result.createError("非法应用") : this.ticketGrantingTicketManager.getAndRefresh(accessTokenContent.getCodeContent().getTgt()) == null ? Result.createError("服务端session已过期") : Result.createSuccess(genereateRpcAccessToken(accessTokenContent, validate.getAccessToken()));
    }

    @RequestMapping(value = {"/query_access_token"}, method = {RequestMethod.POST, RequestMethod.GET})
    @ApiOperation("验证accessToken有效性")
    public Result queryAccessToken(@RequestParam(value = "access_token", required = true) String str) {
        AccessTokenContent accessTokenContent = this.accessTokenManager.get(str);
        return accessTokenContent != null ? Result.createSuccess(new RpcAccessToken(str, this.accessTokenManager.getExpiresIn(), str, accessTokenContent.getUser())) : Result.createError("token有误或已过期");
    }

    @RequestMapping(value = {"/revoke_access_token"}, method = {RequestMethod.POST, RequestMethod.GET})
    @ApiOperation("销毁accessToken")
    public Result revokeAccessToken(@RequestParam(value = "access_token", required = true) String str, HttpServletResponse httpServletResponse) {
        AccessTokenContent accessTokenContent = this.accessTokenManager.get(str);
        if (accessTokenContent == null) {
            return Result.createError("token有误或已过期");
        }
        String tgt = accessTokenContent.getCodeContent().getTgt();
        this.ticketGrantingTicketManager.remove(tgt);
        CookieUtils.removeCookie(AppConstant.TGC, "/", httpServletResponse);
        this.accessTokenManager.remove(tgt);
        return Result.createSuccess();
    }

    private Result<Void> validateParam(String str, String str2, String str3, String str4) {
        if (GrantTypeEnum.AUTHORIZATION_CODE.getValue().equals(str)) {
            if (StringUtils.isEmpty(str2)) {
                return Result.createError("code不能为空");
            }
        } else {
            if (!GrantTypeEnum.PASSWORD.getValue().equals(str)) {
                return Result.createError("授权方式不支持");
            }
            if (StringUtils.isEmpty(str3) || StringUtils.isEmpty(str4)) {
                return Result.createError("username和password不能为空");
            }
        }
        return Result.success();
    }

    private Result<AccessTokenContent> validateAuth(String str, String str2, String str3, String str4, String str5) {
        AccessTokenContent accessTokenContent = null;
        if (GrantTypeEnum.AUTHORIZATION_CODE.getValue().equals(str)) {
            CodeContent andRemove = this.codeManager.getAndRemove(str2);
            if (andRemove == null) {
                return Result.createError("code有误或已过期");
            }
            SsoUser andRefresh = this.ticketGrantingTicketManager.getAndRefresh(andRemove.getTgt());
            if (andRefresh == null) {
                return Result.createError("服务端session已过期");
            }
            accessTokenContent = new AccessTokenContent(andRemove, andRefresh, str5);
        } else if (GrantTypeEnum.PASSWORD.getValue().equals(str)) {
            Result<SsoUser> login = this.userService.login(str3, str4);
            if (!login.isSuccess()) {
                return Result.createError(login.getMessage());
            }
            accessTokenContent = new AccessTokenContent(new CodeContent(this.ticketGrantingTicketManager.generate(login.getData()), false, null), login.getData(), str5);
        }
        return Result.createSuccess(accessTokenContent);
    }

    private RpcAccessToken genereateRpcAccessToken(AccessTokenContent accessTokenContent, String str) {
        String str2 = str;
        if (str2 == null || !this.accessTokenManager.refresh(str2)) {
            str2 = this.accessTokenManager.generate(accessTokenContent);
        }
        return new RpcAccessToken(str2, this.accessTokenManager.getExpiresIn(), this.refreshTokenManager.generate(accessTokenContent, str2), accessTokenContent.getUser());
    }
}
