package cn.trythis.ams.service;

import cn.trythis.ams.factory.comm.DataBus;
import cn.trythis.ams.factory.domain.AppContext;
import cn.trythis.ams.pojo.dto.standard.EntityResponse;
import cn.trythis.ams.pojo.sso.AccessToken;
import cn.trythis.ams.pojo.sso.UserInfo;
import cn.trythis.ams.support.config.AmsConfigUtil;
import cn.trythis.ams.support.security.bo.LoginModel;
import cn.trythis.ams.support.security.bo.SecurityUser;
import cn.trythis.ams.support.security.config.AmsSecurityConfiguration;
import cn.trythis.ams.support.security.service.LoginSuccessAuthenticationHandler;
import cn.trythis.ams.util.AmsAssert;
import cn.trythis.ams.util.AmsCollectionUtils;
import cn.trythis.ams.util.AmsCryptUtils;
import cn.trythis.ams.util.AmsHttpUtils;
import cn.trythis.ams.util.AmsJsonUtils;
import cn.trythis.ams.util.AmsUtils;
import com.google.common.collect.Maps;
import java.io.IOException;
import java.util.HashMap;
import javax.servlet.ServletOutputStream;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpEntity;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpMethod;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Component;
import org.springframework.web.client.RestTemplate;

@Component
/* loaded from: input_file:cn/trythis/ams/service/SsoClientService.class */
public class SsoClientService {
    private static final Logger logger = LoggerFactory.getLogger(SsoClientService.class);

    @Autowired
    private RestTemplate restTemplate;

    @Autowired
    private ParamManageService paramManageService;

    public UserInfo getUserId(String str, String str2) {
        AccessToken accessToken = getAccessToken(str, str2);
        UserInfo userInfo = getUserInfo(accessToken.getAccessToken());
        userInfo.setAccessToken(accessToken);
        return userInfo;
    }

    public AccessToken refreshToken(String str) {
        AccessToken accessToken;
        if (AmsUtils.isNull(str) && null != (accessToken = (AccessToken) DataBus.getAttribute(AccessToken.class.getName(), DataBus.SCOPE.CLUSTER))) {
            str = accessToken.getRefreshToken();
        }
        AmsAssert.notNull(str, "code不能为空");
        String valueByTypeAndName = this.paramManageService.getValueByTypeAndName("SSO", "ams.security.sso.refresh-token-url");
        HttpEntity httpEntity = new HttpEntity(Maps.newHashMap(), new HttpHeaders());
        String str2 = valueByTypeAndName + "?refresh_token=" + str;
        logger.debug("\ntoken刷新令牌URL:" + str2);
        ResponseEntity exchange = this.restTemplate.exchange(str2, HttpMethod.POST, httpEntity, AccessToken.class, new Object[0]);
        logger.debug("\ntoken刷新令牌:" + exchange.getBody());
        if (HttpStatus.OK != exchange.getStatusCode()) {
            AmsAssert.fail(((AccessToken) exchange.getBody()).getMessage());
            return null;
        }
        AccessToken accessToken2 = (AccessToken) exchange.getBody();
        DataBus.addAttribute(AccessToken.class.getName(), accessToken2, DataBus.SCOPE.CLUSTER);
        return accessToken2;
    }

    public AccessToken getAccessToken(String str, String str2) {
        AmsAssert.notNull(str, "code不能为空");
        String valueByTypeAndName = this.paramManageService.getValueByTypeAndName("SSO", "ams.security.sso.access-token-url");
        String valueByTypeAndName2 = this.paramManageService.getValueByTypeAndName("SSO", "ams.security.sso.client-id");
        String valueByTypeAndName3 = this.paramManageService.getValueByTypeAndName("SSO", "ams.security.sso.client-secret");
        HttpHeaders httpHeaders = new HttpHeaders();
        httpHeaders.add("Authorization", "Basic " + AmsCryptUtils.encoderForBase64(valueByTypeAndName2 + ":" + valueByTypeAndName3));
        HttpEntity httpEntity = new HttpEntity(Maps.newHashMap(), httpHeaders);
        String str3 = valueByTypeAndName + "?code=" + str + "&redirect_uri=" + str2;
        logger.debug("\ntoken授权码换令牌URL:" + str3);
        ResponseEntity exchange = this.restTemplate.exchange(str3, HttpMethod.POST, httpEntity, AccessToken.class, new Object[0]);
        logger.debug("\ntoken授权码换令牌:" + exchange.getBody());
        if (HttpStatus.OK != exchange.getStatusCode()) {
            AmsAssert.fail(((AccessToken) exchange.getBody()).getMessage());
            return null;
        }
        AccessToken accessToken = (AccessToken) exchange.getBody();
        DataBus.addAttribute(AccessToken.class.getName(), accessToken, DataBus.SCOPE.CLUSTER);
        return accessToken;
    }

    public UserInfo getUserInfo(String str) {
        String valueByTypeAndName = this.paramManageService.getValueByTypeAndName("SSO", "ams.security.sso.userinfo-url");
        AmsAssert.notNull(str, "accessToken不能为空");
        HttpEntity httpEntity = new HttpEntity(Maps.newHashMap(), new HttpHeaders());
        String str2 = valueByTypeAndName + "?token=" + str;
        logger.debug("\ntoken验证返回报文为URL:" + str2);
        ResponseEntity exchange = this.restTemplate.exchange(str2, HttpMethod.POST, httpEntity, UserInfo.class, new Object[0]);
        logger.debug("\ntoken验证返回报文为:" + exchange.getBody());
        if (HttpStatus.OK == exchange.getStatusCode()) {
            return (UserInfo) exchange.getBody();
        }
        AmsAssert.fail(((UserInfo) exchange.getBody()).getMessage());
        return null;
    }

    public Boolean isSso() {
        String valueByTypeAndName = this.paramManageService.getValueByTypeAndName("SSO", "ams.security.sso.enable");
        if (AmsUtils.isNotNull(valueByTypeAndName)) {
            return Boolean.valueOf(Boolean.parseBoolean(valueByTypeAndName));
        }
        return true;
    }

    public void ssoHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        String parameter = httpServletRequest.getParameter("code");
        String stringBuffer = httpServletRequest.getRequestURL().toString();
        if (!AmsUtils.isNotNull(parameter)) {
            ssoRedirect(httpServletRequest, httpServletResponse);
            return;
        }
        AmsSecurityConfiguration amsSecurityConfiguration = (AmsSecurityConfiguration) AmsConfigUtil.getBean(AmsSecurityConfiguration.class);
        HashMap hashMap = new HashMap();
        hashMap.put("redirect_uri", stringBuffer);
        SecurityUser loadUserByUsername = amsSecurityConfiguration.loadUserByUsername(parameter, LoginModel.UACSSO, hashMap, false);
        if (null != loadUserByUsername) {
            SecurityContextHolder.getContext().setAuthentication(new UsernamePasswordAuthenticationToken(loadUserByUsername, (Object) null, loadUserByUsername.getAuthorities()));
            ((LoginSuccessAuthenticationHandler) AppContext.getBean(LoginSuccessAuthenticationHandler.class)).securityUserHandle(httpServletRequest);
            httpServletResponse.sendRedirect(stringBuffer);
        }
    }

    public void ssoRedirect(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        String valueByTypeAndName = this.paramManageService.getValueByTypeAndName("SSO", "ams.security.sso.authorize-code-url");
        String valueByTypeAndName2 = this.paramManageService.getValueByTypeAndName("SSO", "ams.security.sso.client-id");
        String stringBuffer = httpServletRequest.getRequestURL().toString();
        if (!AmsHttpUtils.isAjaxRequest(httpServletRequest).booleanValue()) {
            urlRedirect(httpServletResponse, stringBuffer);
            return;
        }
        httpServletResponse.setCharacterEncoding("utf-8");
        httpServletResponse.setContentType("application/json;charset=utf-8");
        httpServletResponse.setStatus(302);
        ServletOutputStream outputStream = httpServletResponse.getOutputStream();
        EntityResponse buildFail = EntityResponse.buildFail(AmsCollectionUtils.newHashMap("redirectUrl", valueByTypeAndName + "?client_id=" + valueByTypeAndName2 + "&response_type=code&scope=all&state=9999"), "302", "请进入SSO认证");
        buildFail.setStatus(302);
        outputStream.write(AmsJsonUtils.objectToJson(buildFail).getBytes("UTF-8"));
        outputStream.flush();
    }

    public void urlRedirect(HttpServletResponse httpServletResponse, String str) throws IOException {
        httpServletResponse.sendRedirect(this.paramManageService.getValueByTypeAndName("SSO", "ams.security.sso.authorize-code-url") + "?client_id=" + this.paramManageService.getValueByTypeAndName("SSO", "ams.security.sso.client-id") + "&redirect_uri=" + str + "&response_type=code&scope=all&state=9999");
    }
}
