package cn.kduck.security.oauth2.web;

import cn.kduck.secrity.baseapp.application.BaseAppApplicationService;
import cn.kduck.secrity.baseapp.domain.entity.BaseApp;
import cn.kduck.security.filter.AuthenticationFailureStrategyFilter;
import com.goldgov.kduck.utils.MessageUtils;
import com.goldgov.kduck.web.json.JsonObject;
import io.swagger.annotations.ApiImplicitParam;
import io.swagger.annotations.ApiImplicitParams;
import io.swagger.annotations.ApiOperation;
import java.util.Collections;
import java.util.HashMap;
import java.util.LinkedHashMap;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.beans.BeansException;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.ApplicationContext;
import org.springframework.context.ApplicationContextAware;
import org.springframework.http.HttpStatus;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.authentication.event.AuthenticationFailureBadCredentialsEvent;
import org.springframework.security.authentication.event.InteractiveAuthenticationSuccessEvent;
import org.springframework.security.oauth2.common.OAuth2AccessToken;
import org.springframework.security.oauth2.common.OAuth2RefreshToken;
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerEndpointsConfiguration;
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.util.Assert;
import org.springframework.util.ObjectUtils;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.bind.annotation.RestController;
import springfox.documentation.annotations.ApiIgnore;

@RequestMapping({"/sso"})
@RestController
/* loaded from: input_file:cn/kduck/security/oauth2/web/Oauth2LoginController.class */
public class Oauth2LoginController implements ApplicationContextAware {

    @Autowired
    AuthorizationServerEndpointsConfiguration endpoints;

    @Autowired
    BaseAppApplicationService baseAppApplicationService;
    private ApplicationContext applicationContext;

    @Autowired
    private TokenStore tokenStore;

    public void setApplicationContext(ApplicationContext applicationContext) throws BeansException {
        this.applicationContext = applicationContext;
    }

    @PostMapping({"/logout"})
    @ApiImplicitParams({@ApiImplicitParam(name = "refreshToken", required = true, value = "刷新令牌", paramType = "form")})
    @ApiOperation(value = "退出并移除令牌", tags = {"登录登出"}, notes = "退出并移除令牌,令牌将失效")
    @ResponseBody
    public JsonObject removeToken(@RequestParam String str) {
        JsonObject jsonObject = new JsonObject();
        jsonObject.setCode(0);
        try {
            OAuth2RefreshToken readRefreshToken = this.tokenStore.readRefreshToken(str);
            OAuth2AccessToken accessToken = this.tokenStore.getAccessToken(this.tokenStore.readAuthenticationForRefreshToken(readRefreshToken));
            this.tokenStore.removeRefreshToken(readRefreshToken);
            this.tokenStore.removeAccessToken(accessToken);
        } catch (Exception e) {
            jsonObject.setCode(1);
            jsonObject.setMessage(e.getMessage());
        }
        return jsonObject;
    }

    @PostMapping({"/token"})
    @ApiImplicitParams({@ApiImplicitParam(name = AuthenticationFailureStrategyFilter.FORM_USERNAME_KEY, required = true, value = "登录名", paramType = "form"), @ApiImplicitParam(name = "password", required = true, value = "登录密码", paramType = "form"), @ApiImplicitParam(name = "appId", required = true, value = "应用ID", paramType = "form")})
    @ApiOperation(value = "登录获取用户访问令牌", tags = {"登录登出"}, notes = "基于oauth2密码模式登录,返回access_token,用于内部平台登录使用")
    @ResponseBody
    public JsonObject getLoginToken(@RequestParam("username") String str, @RequestParam("password") String str2, @RequestParam("appId") String str3, @ApiIgnore HttpServletRequest httpServletRequest, @ApiIgnore HttpServletResponse httpServletResponse) {
        BaseApp data = this.baseAppApplicationService.getData(str3);
        JsonObject jsonObject = new JsonObject();
        if (ObjectUtils.isEmpty(data) || 1 == data.getStatus().intValue()) {
            jsonObject.setCode(JsonObject.FAIL.getCode());
            jsonObject.setMessage(MessageUtils.getMessage("baseapp.exception.disabled", new Object[]{data.getAppId()}));
        } else {
            UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken(str, str2);
            LinkedHashMap linkedHashMap = new LinkedHashMap();
            linkedHashMap.put("grant_type", "password");
            String parameter = httpServletRequest.getParameter("graphId");
            if (parameter != null) {
                linkedHashMap.put("graphId", parameter);
            }
            usernamePasswordAuthenticationToken.setDetails(linkedHashMap);
            try {
                OAuth2AccessToken token = getToken(str, str2, data);
                jsonObject.setCode(JsonObject.SUCCESS.getCode());
                jsonObject.setData(token);
                this.applicationContext.publishEvent(new InteractiveAuthenticationSuccessEvent(usernamePasswordAuthenticationToken, getClass()));
            } catch (Exception e) {
                this.applicationContext.publishEvent(new AuthenticationFailureBadCredentialsEvent(usernamePasswordAuthenticationToken, new BadCredentialsException(str + " login fail.")));
                httpServletResponse.setStatus(HttpStatus.UNAUTHORIZED.value());
                String parameter2 = httpServletRequest.getParameter("captchaCode");
                int i = -1;
                if (parameter2 != null && !"".equals(parameter2)) {
                    i = -2;
                }
                jsonObject.setCode(i);
                jsonObject.setMessage(e.getMessage());
                return jsonObject;
            }
        }
        return jsonObject;
    }

    @PostMapping({"/refreshToken"})
    @ApiImplicitParams({@ApiImplicitParam(name = "appId", required = true, value = "应用ID", paramType = "form"), @ApiImplicitParam(name = "refreshToken", required = true, value = "刷新令牌", paramType = "form")})
    @ApiOperation(value = "刷新令牌", tags = {"登录登出"}, notes = "access_token过期后使用refreshToken进行刷新。")
    @ResponseBody
    public JsonObject refreshTokenRefreshToken(@RequestParam("appId") String str, @RequestParam("refreshToken") String str2) throws Exception {
        JsonObject jsonObject = new JsonObject();
        try {
            BaseApp data = this.baseAppApplicationService.getData(str);
            HashMap hashMap = new HashMap();
            hashMap.put(AuthenticationFailureStrategyFilter.OAUTH2_USERNAME_KEY, data.getAppKey());
            hashMap.put("client_secret", data.getAppSecret());
            hashMap.put("grant_type", "refresh_token");
            hashMap.put("refresh_token", str2);
            jsonObject.setData(this.endpoints.tokenEndpoint().postAccessToken(new UsernamePasswordAuthenticationToken(hashMap.get(AuthenticationFailureStrategyFilter.OAUTH2_USERNAME_KEY), hashMap.get("client_secret"), Collections.emptyList()), hashMap).getBody());
        } catch (Exception e) {
            e.printStackTrace();
            jsonObject.setCode(JsonObject.FAIL.getCode());
            jsonObject.setMessage(e.getMessage());
        }
        return jsonObject;
    }

    public OAuth2AccessToken getToken(String str, String str2, BaseApp baseApp) throws Exception {
        HashMap hashMap = new HashMap();
        hashMap.put(AuthenticationFailureStrategyFilter.FORM_USERNAME_KEY, str);
        hashMap.put("password", str2);
        hashMap.put(AuthenticationFailureStrategyFilter.OAUTH2_USERNAME_KEY, baseApp.getAppKey());
        hashMap.put("client_secret", baseApp.getAppSecret());
        hashMap.put("grant_type", "password");
        Assert.notNull(hashMap.get(AuthenticationFailureStrategyFilter.OAUTH2_USERNAME_KEY), "client_id not null");
        Assert.notNull(hashMap.get("client_secret"), "client_secret not null");
        return (OAuth2AccessToken) this.endpoints.tokenEndpoint().postAccessToken(new UsernamePasswordAuthenticationToken(hashMap.get(AuthenticationFailureStrategyFilter.OAUTH2_USERNAME_KEY), hashMap.get("client_secret"), Collections.emptyList()), hashMap).getBody();
    }
}
