package com.geoway.landteam.gas.as.service.oauth2;

import com.geoway.landteam.gas.model.oauth2.dto.Oauth2RegisteredClientDto;
import com.geoway.landteam.gas.model.oauth2.entity.Oauth2ClientSettingsPo;
import com.geoway.landteam.gas.model.oauth2.entity.Oauth2TokenSettingsPo;
import com.geoway.landteam.gas.servface.oauth2.Oauth2RegisteredClientService;
import com.gw.base.util.GutilAssert;
import com.gw.base.util.GutilStr;
import java.time.Duration;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.Optional;
import java.util.Set;
import java.util.stream.Collectors;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.oauth2.core.AuthorizationGrantType;
import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
import org.springframework.security.oauth2.core.OAuth2TokenFormat;
import org.springframework.security.oauth2.jose.jws.JwsAlgorithm;
import org.springframework.security.oauth2.jose.jws.MacAlgorithm;
import org.springframework.security.oauth2.jose.jws.SignatureAlgorithm;
import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository;
import org.springframework.security.oauth2.server.authorization.config.ClientSettings;
import org.springframework.security.oauth2.server.authorization.config.TokenSettings;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;

@Service
/* loaded from: input_file:com/geoway/landteam/gas/as/service/oauth2/DaoRegisteredClientServiceImpl.class */
public class DaoRegisteredClientServiceImpl implements RegisteredClientRepository {

    @Autowired
    private Oauth2RegisteredClientService oauth2RegisteredClientService;

    @Transactional(rollbackFor = {Exception.class})
    public void save(RegisteredClient registeredClient) {
        GutilAssert.notNull(registeredClient, "registeredClient 不能为空");
        this.oauth2RegisteredClientService.saveOrUpdateOauth2RegisteredClientDto(fromRegisteredClient(registeredClient));
    }

    public RegisteredClient findById(String str) {
        GutilAssert.hasText(str, "id cannot be empty");
        Oauth2RegisteredClientDto searchOauth2RegisteredClientDtoById = this.oauth2RegisteredClientService.searchOauth2RegisteredClientDtoById(str);
        if (searchOauth2RegisteredClientDtoById != null) {
            return toRegisteredClient(searchOauth2RegisteredClientDtoById);
        }
        return null;
    }

    public RegisteredClient findByClientId(String str) {
        GutilAssert.hasText(str, "clientId cannot be empty");
        Oauth2RegisteredClientDto searchOauth2RegisteredClientDtoByClientId = this.oauth2RegisteredClientService.searchOauth2RegisteredClientDtoByClientId(str);
        if (searchOauth2RegisteredClientDtoByClientId != null) {
            return toRegisteredClient(searchOauth2RegisteredClientDtoByClientId);
        }
        return null;
    }

    public static RegisteredClient toRegisteredClient(Oauth2RegisteredClientDto oauth2RegisteredClientDto) {
        Set clientAuthenticationMethods = oauth2RegisteredClientDto.getClientAuthenticationMethods();
        Set authorizationGrantTypes = oauth2RegisteredClientDto.getAuthorizationGrantTypes();
        Set redirectUris = oauth2RegisteredClientDto.getRedirectUris();
        Set emptySet = clientAuthenticationMethods == null ? Collections.emptySet() : clientAuthenticationMethods;
        Set emptySet2 = authorizationGrantTypes == null ? Collections.emptySet() : authorizationGrantTypes;
        Set emptySet3 = redirectUris == null ? Collections.emptySet() : redirectUris;
        Set scopes = oauth2RegisteredClientDto.getScopes();
        HashSet hashSet = new HashSet();
        if (scopes != null && scopes.size() > 0) {
            hashSet.addAll(scopes);
        }
        return RegisteredClient.withId(oauth2RegisteredClientDto.getId()).clientId(oauth2RegisteredClientDto.getClientId()).clientSecret(oauth2RegisteredClientDto.getClientSecret()).clientIdIssuedAt(oauth2RegisteredClientDto.getClientIdIssuedAt()).clientSecretExpiresAt(oauth2RegisteredClientDto.getClientSecretExpiresAt()).clientName(oauth2RegisteredClientDto.getClientName()).clientAuthenticationMethods(set -> {
            set.addAll((Collection) emptySet.stream().map(DaoRegisteredClientServiceImpl::toAuthenticationMethod).collect(Collectors.toSet()));
        }).authorizationGrantTypes(set2 -> {
            set2.addAll((Collection) emptySet2.stream().map(DaoRegisteredClientServiceImpl::toGrantType).collect(Collectors.toSet()));
        }).redirectUris(set3 -> {
            set3.addAll(emptySet3);
        }).scopes(set4 -> {
            set4.addAll(hashSet);
        }).scope("openid").clientSettings(toClientSettings(oauth2RegisteredClientDto.getClientSettings())).tokenSettings(toTokenSettings(oauth2RegisteredClientDto.getTokenSettings())).build();
    }

    public static AuthorizationGrantType toGrantType(String str) {
        return new AuthorizationGrantType(str);
    }

    public static ClientAuthenticationMethod toAuthenticationMethod(String str) {
        return new ClientAuthenticationMethod(str);
    }

    public static Oauth2RegisteredClientDto fromRegisteredClient(RegisteredClient registeredClient) {
        Oauth2RegisteredClientDto oauth2RegisteredClientDto = new Oauth2RegisteredClientDto();
        oauth2RegisteredClientDto.setId(registeredClient.getId());
        String clientId = registeredClient.getClientId();
        oauth2RegisteredClientDto.setClientId(clientId);
        oauth2RegisteredClientDto.setClientIdIssuedAt(registeredClient.getClientIdIssuedAt());
        oauth2RegisteredClientDto.setClientSecret(registeredClient.getClientSecret());
        oauth2RegisteredClientDto.setClientName(registeredClient.getClientName());
        oauth2RegisteredClientDto.setClientAuthenticationMethods((Set) registeredClient.getClientAuthenticationMethods().stream().map(clientAuthenticationMethod -> {
            return clientAuthenticationMethod.getValue();
        }).collect(Collectors.toSet()));
        oauth2RegisteredClientDto.setAuthorizationGrantTypes((Set) registeredClient.getAuthorizationGrantTypes().stream().map(authorizationGrantType -> {
            return authorizationGrantType.getValue();
        }).collect(Collectors.toSet()));
        oauth2RegisteredClientDto.setRedirectUris(registeredClient.getRedirectUris());
        oauth2RegisteredClientDto.setScopes(registeredClient.getScopes());
        Oauth2ClientSettingsPo fromClientSettings = fromClientSettings(registeredClient.getClientSettings());
        fromClientSettings.setClientId(clientId);
        oauth2RegisteredClientDto.setClientSettings(fromClientSettings);
        Oauth2TokenSettingsPo fromTokenSettings = fromTokenSettings(registeredClient.getTokenSettings());
        fromTokenSettings.setClientId(clientId);
        oauth2RegisteredClientDto.setTokenSettings(fromTokenSettings);
        return oauth2RegisteredClientDto;
    }

    public static ClientSettings toClientSettings(Oauth2ClientSettingsPo oauth2ClientSettingsPo) {
        if (oauth2ClientSettingsPo == null) {
            return null;
        }
        ClientSettings.Builder requireAuthorizationConsent = ClientSettings.builder().requireProofKey(oauth2ClientSettingsPo.getRequireProofKey().booleanValue()).requireAuthorizationConsent(oauth2ClientSettingsPo.getRequireAuthorizationConsent().booleanValue());
        MacAlgorithm from = SignatureAlgorithm.from(oauth2ClientSettingsPo.getSigningAlgorithm());
        MacAlgorithm from2 = from == null ? MacAlgorithm.from(oauth2ClientSettingsPo.getSigningAlgorithm()) : from;
        if (from2 != null) {
            requireAuthorizationConsent.tokenEndpointAuthenticationSigningAlgorithm(from2);
        }
        if (GutilStr.hasText(oauth2ClientSettingsPo.getJwkSetUrl())) {
            requireAuthorizationConsent.jwkSetUrl(oauth2ClientSettingsPo.getJwkSetUrl());
        }
        return requireAuthorizationConsent.build();
    }

    public static Oauth2ClientSettingsPo fromClientSettings(ClientSettings clientSettings) {
        Oauth2ClientSettingsPo oauth2ClientSettingsPo = new Oauth2ClientSettingsPo();
        oauth2ClientSettingsPo.setRequireProofKey(Boolean.valueOf(clientSettings.isRequireProofKey()));
        oauth2ClientSettingsPo.setRequireAuthorizationConsent(Boolean.valueOf(clientSettings.isRequireAuthorizationConsent()));
        oauth2ClientSettingsPo.setJwkSetUrl(clientSettings.getJwkSetUrl());
        JwsAlgorithm tokenEndpointAuthenticationSigningAlgorithm = clientSettings.getTokenEndpointAuthenticationSigningAlgorithm();
        if (tokenEndpointAuthenticationSigningAlgorithm != null) {
            oauth2ClientSettingsPo.setSigningAlgorithm(tokenEndpointAuthenticationSigningAlgorithm.getName());
        }
        return oauth2ClientSettingsPo;
    }

    public static TokenSettings toTokenSettings(Oauth2TokenSettingsPo oauth2TokenSettingsPo) {
        if (oauth2TokenSettingsPo == null) {
            return null;
        }
        return TokenSettings.builder().accessTokenTimeToLive(Duration.ofSeconds(((Long) Optional.ofNullable(oauth2TokenSettingsPo.getAccessTokenTimeToLive()).orElse(Long.valueOf(Duration.ofMinutes(5L).getSeconds()))).longValue())).accessTokenFormat((OAuth2TokenFormat) Optional.ofNullable(oauth2TokenSettingsPo.getTokenFormat()).map(OAuth2TokenFormat::new).orElse(OAuth2TokenFormat.SELF_CONTAINED)).reuseRefreshTokens(oauth2TokenSettingsPo.getReuseRefreshTokens().booleanValue()).refreshTokenTimeToLive(Duration.ofSeconds(((Long) Optional.ofNullable(oauth2TokenSettingsPo.getRefreshTokenTimeToLive()).orElse(Long.valueOf(Duration.ofMinutes(60L).getSeconds()))).longValue())).idTokenSignatureAlgorithm((SignatureAlgorithm) Optional.ofNullable(oauth2TokenSettingsPo.getIdTokenSignatureAlgorithm()).map(SignatureAlgorithm::from).orElse(SignatureAlgorithm.RS256)).build();
    }

    public static Oauth2TokenSettingsPo fromTokenSettings(TokenSettings tokenSettings) {
        Oauth2TokenSettingsPo oauth2TokenSettingsPo = new Oauth2TokenSettingsPo();
        oauth2TokenSettingsPo.setAccessTokenTimeToLive(Long.valueOf(tokenSettings.getAccessTokenTimeToLive().getSeconds()));
        oauth2TokenSettingsPo.setTokenFormat(tokenSettings.getAccessTokenFormat().getValue());
        oauth2TokenSettingsPo.setReuseRefreshTokens(Boolean.valueOf(tokenSettings.isReuseRefreshTokens()));
        oauth2TokenSettingsPo.setRefreshTokenTimeToLive(Long.valueOf(tokenSettings.getRefreshTokenTimeToLive().getSeconds()));
        oauth2TokenSettingsPo.setIdTokenSignatureAlgorithm(tokenSettings.getIdTokenSignatureAlgorithm().getName());
        return oauth2TokenSettingsPo;
    }
}
