package com.geoway.landteam.gas.as.tools;

import com.geoway.landteam.gas.authentication.server.GasSsoRevocationService;
import com.gw.base.Gw;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.session.SessionRegistry;
import org.springframework.security.oauth2.core.AuthorizationGrantType;
import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
import org.springframework.security.oauth2.core.OAuth2TokenType;
import org.springframework.security.oauth2.server.authorization.OAuth2Authorization;
import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService;
import org.springframework.security.oauth2.server.authorization.authentication.OAuth2ClientAuthenticationToken;
import org.springframework.security.oauth2.server.authorization.authentication.OAuth2TokenRevocationAuthenticationToken;
import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;

/* loaded from: input_file:com/geoway/landteam/gas/as/tools/GasOAuth2TokenRevocationAuthenticationProvider.class */
public final class GasOAuth2TokenRevocationAuthenticationProvider implements AuthenticationProvider {
    public static GasOAuth2TokenRevocationAuthenticationProvider self = null;
    private SessionRegistry sessionRegistry;

    public GasOAuth2TokenRevocationAuthenticationProvider(SessionRegistry sessionRegistry) {
        this.sessionRegistry = sessionRegistry;
        self = this;
    }

    public GasOAuth2TokenRevocationAuthenticationProvider() {
        self = this;
    }

    private OAuth2AuthorizationService getAuthorizationService() {
        return (OAuth2AuthorizationService) Gw.beans.getBean(OAuth2AuthorizationService.class);
    }

    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        OAuth2TokenRevocationAuthenticationToken oAuth2TokenRevocationAuthenticationToken = (OAuth2TokenRevocationAuthenticationToken) authentication;
        OAuth2ClientAuthenticationToken authenticatedClientElseThrowInvalidClient = GasOAuth2AuthenticationProviderUtils.getAuthenticatedClientElseThrowInvalidClient(oAuth2TokenRevocationAuthenticationToken);
        RegisteredClient registeredClient = authenticatedClientElseThrowInvalidClient.getRegisteredClient();
        String token = oAuth2TokenRevocationAuthenticationToken.getToken();
        OAuth2Authorization findByToken = getAuthorizationService().findByToken(token, (OAuth2TokenType) null);
        if (findByToken == null) {
            Gw.log.info("未找到需要注销的token:{}", new Object[]{token});
            return oAuth2TokenRevocationAuthenticationToken;
        }
        if (!registeredClient.getId().equals(findByToken.getRegisteredClientId())) {
            throw new OAuth2AuthenticationException("invalid_client");
        }
        OAuth2Authorization.Token token2 = findByToken.getToken(token);
        if (findByToken.getAuthorizationGrantType() == AuthorizationGrantType.AUTHORIZATION_CODE) {
            ((GasSsoRevocationService) Gw.beans.getBean(GasSsoRevocationService.class)).revocationByAccessToken(token);
        } else {
            getAuthorizationService().save(GasOAuth2AuthenticationProviderUtils.invalidate(findByToken, token2.getToken()));
        }
        return new OAuth2TokenRevocationAuthenticationToken(token2.getToken(), authenticatedClientElseThrowInvalidClient);
    }

    public boolean supports(Class<?> cls) {
        return OAuth2TokenRevocationAuthenticationToken.class.isAssignableFrom(cls);
    }
}
