package com.geoway.landteam.gas.service.oauth2;

import com.geoway.landteam.gas.dao.oauth2.Oauth2AuthorizationConsentDao;
import com.geoway.landteam.gas.dao.oauth2.Oauth2ClientAuthmethodDao;
import com.geoway.landteam.gas.dao.oauth2.Oauth2ClientDao;
import com.geoway.landteam.gas.dao.oauth2.Oauth2ClientSettingsDao;
import com.geoway.landteam.gas.dao.oauth2.Oauth2GrantTypeDao;
import com.geoway.landteam.gas.dao.oauth2.Oauth2RedirectUriDao;
import com.geoway.landteam.gas.dao.oauth2.Oauth2TokenSettingsDao;
import com.geoway.landteam.gas.dao.oauth2.Oauth2WriteoffUriDao;
import com.geoway.landteam.gas.model.oauth2.constant.Oauth2ScopeConst;
import com.geoway.landteam.gas.model.oauth2.dto.Oauth2ClientJoinDto;
import com.geoway.landteam.gas.model.oauth2.enm.Oauth2ClientAuthmethodEnum;
import com.geoway.landteam.gas.model.oauth2.enm.Oauth2ClientSettingsJwsAlgorithmEnum;
import com.geoway.landteam.gas.model.oauth2.enm.Oauth2GrantTypeEnum;
import com.geoway.landteam.gas.model.oauth2.entity.Oauth2AuthorizationConsentPo;
import com.geoway.landteam.gas.model.oauth2.entity.Oauth2ClientAuthmethodPo;
import com.geoway.landteam.gas.model.oauth2.entity.Oauth2ClientPo;
import com.geoway.landteam.gas.model.oauth2.entity.Oauth2ClientSettingsPo;
import com.geoway.landteam.gas.model.oauth2.entity.Oauth2GrantTypePo;
import com.geoway.landteam.gas.model.oauth2.entity.Oauth2RedirectUriPo;
import com.geoway.landteam.gas.model.oauth2.entity.Oauth2TokenSettingsPo;
import com.geoway.landteam.gas.model.oauth2.entity.Oauth2WriteoffUriPo;
import com.geoway.landteam.gas.servface.oauth2.Oauth2ClientService;
import com.gw.base.Gw;
import com.gw.base.data.GwValidateException;
import com.gw.base.data.common.GemStatus;
import com.gw.base.gpa.id.GwIdGenerator;
import com.gw.base.log.GiLoger;
import com.gw.base.log.GwLoger;
import com.gw.base.util.GutilStr;
import java.time.Instant;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.stream.Collectors;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.crypto.factory.PasswordEncoderFactories;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;

@Transactional(rollbackFor = {Exception.class})
@Service
/* loaded from: input_file:com/geoway/landteam/gas/service/oauth2/Oauth2ClientServiceImpl.class */
public class Oauth2ClientServiceImpl implements Oauth2ClientService {
    private static final GiLoger loger = GwLoger.getLoger(Oauth2ClientServiceImpl.class);
    private static final PasswordEncoder delegatingPasswordEncoder = PasswordEncoderFactories.createDelegatingPasswordEncoder();

    @Autowired
    private Oauth2ClientDao oauth2ClientDao;

    @Autowired
    private Oauth2AuthorizationConsentDao oauth2AuthorizationConsentDao;

    @Autowired
    private Oauth2ClientAuthmethodDao oauth2ClientAuthmethodDao;

    @Autowired
    private Oauth2ClientSettingsDao oauth2ClientSettingsDao;

    @Autowired
    private Oauth2GrantTypeDao oauth2GrantTypeDao;

    @Autowired
    private Oauth2RedirectUriDao oauth2RedirectUriDao;

    @Autowired
    private Oauth2TokenSettingsDao oauth2TokenSettingsDao;

    @Autowired
    private Oauth2WriteoffUriDao oauth2WriteoffUriDao;

    public Oauth2ClientJoinDto detailedOauth2ClientByClientId(String str) {
        Oauth2ClientPo searchOauth2RegisteredClientByClientId = this.oauth2ClientDao.searchOauth2RegisteredClientByClientId(str);
        if (searchOauth2RegisteredClientByClientId != null) {
            return detailedOauth2Client(searchOauth2RegisteredClientByClientId.getId());
        }
        return null;
    }

    public Oauth2ClientPo getClientById(String str) {
        if (GutilStr.hasText(str)) {
            return this.oauth2ClientDao.gwSearchByPK(str);
        }
        return null;
    }

    public Oauth2ClientJoinDto detailedOauth2Client(String str) {
        Oauth2ClientPo gwSearchByPK = this.oauth2ClientDao.gwSearchByPK(str);
        if (gwSearchByPK == null) {
            throw new GwValidateException("客户端不存在:" + str);
        }
        Oauth2ClientJoinDto oauth2ClientJoinDto = new Oauth2ClientJoinDto();
        oauth2ClientJoinDto.setId(gwSearchByPK.getId());
        oauth2ClientJoinDto.setClientId(gwSearchByPK.getClientId());
        oauth2ClientJoinDto.setClientName(gwSearchByPK.getClientName());
        oauth2ClientJoinDto.setClientSecret(gwSearchByPK.getClientSecret());
        oauth2ClientJoinDto.setAppId(gwSearchByPK.getAppId());
        List clienAuthmethodsByClientId = this.oauth2ClientAuthmethodDao.getClienAuthmethodsByClientId(gwSearchByPK.getClientId());
        if (clienAuthmethodsByClientId != null && clienAuthmethodsByClientId.size() > 0) {
            oauth2ClientJoinDto.setClientAuthmethod((List) clienAuthmethodsByClientId.stream().map((v0) -> {
                return v0.getClientAuthmethod();
            }).collect(Collectors.toList()));
        }
        List grantTypes = this.oauth2GrantTypeDao.getGrantTypes(gwSearchByPK.getClientId());
        if (grantTypes != null && grantTypes.size() > 0) {
            oauth2ClientJoinDto.setGrantType((List) grantTypes.stream().map((v0) -> {
                return v0.getGrantType();
            }).collect(Collectors.toList()));
        }
        List searchRedirctUrls = this.oauth2RedirectUriDao.searchRedirctUrls(gwSearchByPK.getClientId());
        if (searchRedirctUrls != null && searchRedirctUrls.size() > 0) {
            oauth2ClientJoinDto.setRedirectUrl((List) searchRedirctUrls.stream().map((v0) -> {
                return v0.getRedirectUri();
            }).collect(Collectors.toList()));
        }
        List searchWriteoffUris = this.oauth2WriteoffUriDao.searchWriteoffUris(gwSearchByPK.getClientId());
        if (searchWriteoffUris != null && searchWriteoffUris.size() > 0) {
            oauth2ClientJoinDto.setWriteoffUri((List) searchWriteoffUris.stream().map((v0) -> {
                return v0.getWriteoffUri();
            }).collect(Collectors.toList()));
        }
        Oauth2ClientSettingsPo searchByClientId = this.oauth2ClientSettingsDao.searchByClientId(gwSearchByPK.getClientId());
        if (searchByClientId != null) {
            oauth2ClientJoinDto.setProofKey(searchByClientId.getRequireProofKey());
            oauth2ClientJoinDto.setRequireAuthorizationConsent(searchByClientId.getRequireAuthorizationConsent());
            oauth2ClientJoinDto.setJwkSetUrl(searchByClientId.getJwkSetUrl());
            oauth2ClientJoinDto.setSigningAlgorithm(searchByClientId.getSigningAlgorithm());
        }
        Oauth2TokenSettingsPo searchByClientId2 = this.oauth2TokenSettingsDao.searchByClientId(gwSearchByPK.getClientId());
        if (searchByClientId2 != null) {
            oauth2ClientJoinDto.setAccessTokenTimeToLive(searchByClientId2.getAccessTokenTimeToLive());
            oauth2ClientJoinDto.setTokenFormat(searchByClientId2.getTokenFormat());
            oauth2ClientJoinDto.setReuseRefreshTokens(searchByClientId2.getReuseRefreshTokens());
            oauth2ClientJoinDto.setRefreshTokenTimeToLive(searchByClientId2.getRefreshTokenTimeToLive());
            oauth2ClientJoinDto.setIdTokenSignatureAlgorithm(searchByClientId2.getIdTokenSignatureAlgorithm());
        }
        return oauth2ClientJoinDto;
    }

    @Transactional(rollbackFor = {Exception.class})
    public Oauth2ClientJoinDto addClient(Oauth2ClientJoinDto oauth2ClientJoinDto) {
        Oauth2ClientPo oauth2ClientPo = new Oauth2ClientPo();
        if (GutilStr.hasText(oauth2ClientJoinDto.getId())) {
            oauth2ClientPo.setId(oauth2ClientJoinDto.getId());
        } else if (GutilStr.hasText(oauth2ClientJoinDto.getAppId())) {
            oauth2ClientPo.setId(oauth2ClientJoinDto.getAppId());
        } else {
            oauth2ClientPo.autoId();
        }
        String id = oauth2ClientPo.getId();
        String clientId = oauth2ClientJoinDto.getClientId();
        if (!GutilStr.hasText(clientId)) {
            clientId = GwIdGenerator.simpleUUID();
        }
        oauth2ClientPo.setClientId(clientId);
        oauth2ClientPo.setClientStatic(GemStatus.启用.value());
        oauth2ClientPo.setAppId(oauth2ClientJoinDto.getAppId());
        oauth2ClientPo.setClientIdIssuedAt(Instant.now());
        oauth2ClientPo.setClientName(oauth2ClientJoinDto.getClientName());
        oauth2ClientPo.setClientSecret(delegatingPasswordEncoder.encode(oauth2ClientJoinDto.getClientSecret()));
        oauth2ClientPo.setClientSecretExpiresAt(Instant.now().plusSeconds(31536000L));
        this.oauth2ClientDao.gwAccessSelective(oauth2ClientPo);
        oauth2ClientJoinDto.setClientId(clientId);
        addChientSets(oauth2ClientJoinDto);
        return detailedOauth2Client(id);
    }

    public void addChientSets(Oauth2ClientJoinDto oauth2ClientJoinDto) {
        String clientId = oauth2ClientJoinDto.getClientId();
        HashSet hashSet = new HashSet();
        hashSet.addAll(Oauth2ScopeConst.DEFAULTS);
        if (oauth2ClientJoinDto.getScope() != null) {
            Iterator it = oauth2ClientJoinDto.getScope().iterator();
            while (it.hasNext()) {
                hashSet.add((String) it.next());
            }
        }
        if (oauth2ClientJoinDto.getGrantType() != null) {
            Iterator it2 = oauth2ClientJoinDto.getGrantType().iterator();
            while (it2.hasNext()) {
                this.oauth2GrantTypeDao.gwAccess(new Oauth2GrantTypePo(Oauth2GrantTypePo.Oauth2GrantTypePoId.of(clientId, Oauth2GrantTypeEnum.from((String) it2.next(), (Oauth2GrantTypeEnum) null))));
            }
        }
        Oauth2TokenSettingsPo oauth2TokenSettingsPo = new Oauth2TokenSettingsPo();
        oauth2TokenSettingsPo.setClientId(clientId);
        oauth2TokenSettingsPo.setAccessTokenTimeToLive(oauth2ClientJoinDto.getAccessTokenTimeToLive());
        oauth2TokenSettingsPo.setTokenFormat(oauth2ClientJoinDto.getTokenFormat());
        oauth2TokenSettingsPo.setReuseRefreshTokens(oauth2ClientJoinDto.getReuseRefreshTokens());
        oauth2TokenSettingsPo.setRefreshTokenTimeToLive(Long.valueOf(oauth2ClientJoinDto.getRefreshTokenTimeToLive().longValue()));
        oauth2TokenSettingsPo.setIdTokenSignatureAlgorithm(oauth2ClientJoinDto.getIdTokenSignatureAlgorithm());
        this.oauth2TokenSettingsDao.gwAccessSelective(oauth2TokenSettingsPo);
        if (oauth2ClientJoinDto.getRedirectUrl() != null) {
            for (String str : oauth2ClientJoinDto.getRedirectUrl()) {
                if (str.indexOf("://localhost") != -1) {
                    throw new GwValidateException("回调地址不能为localhost域名，如本地开发可使用127.0.0.1或者其它");
                }
                Oauth2RedirectUriPo oauth2RedirectUriPo = new Oauth2RedirectUriPo();
                oauth2RedirectUriPo.setClientId(clientId);
                oauth2RedirectUriPo.setRedirectUri(str);
                this.oauth2RedirectUriDao.gwAccess(oauth2RedirectUriPo);
            }
        }
        if (oauth2ClientJoinDto.getWriteoffUri() != null) {
            for (String str2 : oauth2ClientJoinDto.getWriteoffUri()) {
                Oauth2WriteoffUriPo oauth2WriteoffUriPo = new Oauth2WriteoffUriPo();
                oauth2WriteoffUriPo.setClientId(clientId);
                oauth2WriteoffUriPo.setWriteoffUri(str2);
                this.oauth2WriteoffUriDao.gwAccess(oauth2WriteoffUriPo);
            }
        }
        boolean z = false;
        if (oauth2ClientJoinDto.getClientAuthmethod() != null) {
            Iterator it3 = oauth2ClientJoinDto.getClientAuthmethod().iterator();
            while (it3.hasNext()) {
                Oauth2ClientAuthmethodEnum from = Oauth2ClientAuthmethodEnum.from((String) it3.next(), (Oauth2ClientAuthmethodEnum) null);
                if (from == Oauth2ClientAuthmethodEnum.CLIENT_SECRET_JWT || from == Oauth2ClientAuthmethodEnum.PRIVATE_KEY_JWT) {
                    z = true;
                }
                this.oauth2ClientAuthmethodDao.gwAccess(new Oauth2ClientAuthmethodPo(Oauth2ClientAuthmethodPo.Oauth2ClientAuthmethodPoId.of(from, clientId)));
            }
        }
        Oauth2ClientSettingsPo oauth2ClientSettingsPo = new Oauth2ClientSettingsPo();
        oauth2ClientSettingsPo.setClientId(clientId);
        oauth2ClientSettingsPo.setRequireProofKey(oauth2ClientJoinDto.getProofKey() == null ? Boolean.FALSE : oauth2ClientJoinDto.getProofKey());
        oauth2ClientSettingsPo.setRequireAuthorizationConsent(oauth2ClientJoinDto.getRequireAuthorizationConsent() == null ? Boolean.FALSE : oauth2ClientJoinDto.getRequireAuthorizationConsent());
        if (z) {
            if (GutilStr.hasText(oauth2ClientJoinDto.getJwkSetUrl())) {
                oauth2ClientSettingsPo.setJwkSetUrl(oauth2ClientJoinDto.getJwkSetUrl());
            } else {
                oauth2ClientSettingsPo.setJwkSetUrl(Gw.property.getProperty("gac.issuer", "") + "/oauth2/jwks");
            }
            if (GutilStr.hasText(oauth2ClientJoinDto.getSigningAlgorithm())) {
                oauth2ClientSettingsPo.setSigningAlgorithm(oauth2ClientJoinDto.getSigningAlgorithm());
            } else {
                oauth2ClientSettingsPo.setSigningAlgorithm(Oauth2ClientSettingsJwsAlgorithmEnum.RS256.value());
            }
        }
        this.oauth2ClientSettingsDao.gwAccessSelective(oauth2ClientSettingsPo);
    }

    public void updateSecret(String str, String str2) {
        String encode = delegatingPasswordEncoder.encode(str2);
        Oauth2ClientPo oauth2ClientPo = new Oauth2ClientPo(str);
        oauth2ClientPo.setClientSecret(encode);
        oauth2ClientPo.setClientSecretExpiresAt(Instant.now().plusSeconds(31536000L));
        this.oauth2ClientDao.gwUpdateByPKSelective(oauth2ClientPo);
    }

    @Transactional(rollbackFor = {Exception.class})
    public void updateSecretByClientId(String str, String str2) {
        Oauth2ClientPo searchOauth2RegisteredClientByClientId = this.oauth2ClientDao.searchOauth2RegisteredClientByClientId(str);
        if (searchOauth2RegisteredClientByClientId == null) {
            throw new GwValidateException("客户端不存在clientId:" + str);
        }
        updateSecret(searchOauth2RegisteredClientByClientId.getId(), str2);
    }

    @Transactional(rollbackFor = {Exception.class})
    public void editClient(Oauth2ClientJoinDto oauth2ClientJoinDto) {
        String clientId = oauth2ClientJoinDto.getClientId();
        Oauth2ClientPo searchOauth2RegisteredClientByClientId = this.oauth2ClientDao.searchOauth2RegisteredClientByClientId(clientId);
        if (searchOauth2RegisteredClientByClientId == null) {
            throw new GwValidateException("编辑的客户端不存在clientId:" + clientId);
        }
        searchOauth2RegisteredClientByClientId.setId(searchOauth2RegisteredClientByClientId.getId());
        searchOauth2RegisteredClientByClientId.setAppId(oauth2ClientJoinDto.getAppId());
        searchOauth2RegisteredClientByClientId.setClientIdIssuedAt(Instant.now());
        searchOauth2RegisteredClientByClientId.setClientName(oauth2ClientJoinDto.getClientName());
        this.oauth2ClientDao.gwUpdateByPKSelective(searchOauth2RegisteredClientByClientId);
        delClientSetsByClientId(clientId);
        addChientSets(oauth2ClientJoinDto);
    }

    @Transactional(rollbackFor = {Exception.class})
    public void delClientById(String str) {
        Oauth2ClientPo gwSearchByPK = this.oauth2ClientDao.gwSearchByPK(str);
        if (gwSearchByPK == null || !GutilStr.hasText(gwSearchByPK.getClientId())) {
            return;
        }
        delClientByClientId(gwSearchByPK.getClientId());
    }

    @Transactional(rollbackFor = {Exception.class})
    public void delClientByClientId(String str) {
        Oauth2ClientPo oauth2ClientPo = new Oauth2ClientPo();
        oauth2ClientPo.setClientId(str);
        this.oauth2ClientDao.gwDeleteBy(oauth2ClientPo);
        Oauth2AuthorizationConsentPo findByRegisteredClientId = this.oauth2AuthorizationConsentDao.findByRegisteredClientId(str);
        if (findByRegisteredClientId != null) {
            this.oauth2AuthorizationConsentDao.gwDeleteBy(findByRegisteredClientId);
        }
        delClientSetsByClientId(str);
    }

    public void delClientSetsByClientId(String str) {
        Oauth2ClientAuthmethodPo oauth2ClientAuthmethodPo = new Oauth2ClientAuthmethodPo();
        oauth2ClientAuthmethodPo.setClientId(str);
        this.oauth2ClientAuthmethodDao.gwDeleteBy(oauth2ClientAuthmethodPo);
        Oauth2GrantTypePo oauth2GrantTypePo = new Oauth2GrantTypePo();
        oauth2GrantTypePo.setClientId(str);
        this.oauth2GrantTypeDao.gwDeleteBy(oauth2GrantTypePo);
        Oauth2RedirectUriPo oauth2RedirectUriPo = new Oauth2RedirectUriPo();
        oauth2RedirectUriPo.setClientId(str);
        this.oauth2RedirectUriDao.gwDeleteBy(oauth2RedirectUriPo);
        Oauth2WriteoffUriPo oauth2WriteoffUriPo = new Oauth2WriteoffUriPo();
        oauth2WriteoffUriPo.setClientId(str);
        this.oauth2WriteoffUriDao.gwDeleteBy(oauth2WriteoffUriPo);
        Oauth2ClientSettingsPo oauth2ClientSettingsPo = new Oauth2ClientSettingsPo();
        oauth2ClientSettingsPo.setClientId(str);
        this.oauth2ClientSettingsDao.gwDeleteBy(oauth2ClientSettingsPo);
        Oauth2TokenSettingsPo oauth2TokenSettingsPo = new Oauth2TokenSettingsPo();
        oauth2TokenSettingsPo.setClientId(str);
        this.oauth2TokenSettingsDao.gwDeleteBy(oauth2TokenSettingsPo);
    }
}
