package com.lc.ibps.auth.controller;

import com.lc.ibps.api.auth.server.IAuthClientQueryService;
import com.lc.ibps.auth.service.OAuthService;
import com.lc.ibps.base.web.model.UrlOption;
import com.lc.ibps.web.provider.LoginProvider;
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import javax.annotation.Resource;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.oltu.oauth2.as.issuer.MD5Generator;
import org.apache.oltu.oauth2.as.issuer.OAuthIssuerImpl;
import org.apache.oltu.oauth2.as.request.OAuthAuthzRequest;
import org.apache.oltu.oauth2.as.response.OAuthASResponse;
import org.apache.oltu.oauth2.common.exception.OAuthProblemException;
import org.apache.oltu.oauth2.common.exception.OAuthSystemException;
import org.apache.oltu.oauth2.common.message.OAuthResponse;
import org.apache.oltu.oauth2.common.message.types.GrantType;
import org.apache.oltu.oauth2.common.message.types.ResponseType;
import org.apache.oltu.oauth2.common.utils.OAuthUtils;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.subject.Subject;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;

@RequestMapping({"/"})
@Controller
/* loaded from: input_file:com/lc/ibps/auth/controller/AuthorizeWebController.class */
public class AuthorizeWebController {

    @Resource
    private OAuthService oAuthService;

    @Resource
    private IAuthClientQueryService clientQueryService;

    @Resource
    private LoginProvider loginProvider;

    @Resource
    private UrlOption urlOption;

    @RequestMapping({"authorize"})
    public Object authorize(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws URISyntaxException, OAuthSystemException, IOException {
        try {
            OAuthAuthzRequest oAuthAuthzRequest = new OAuthAuthzRequest(httpServletRequest);
            if (!this.oAuthService.checkClientId(oAuthAuthzRequest.getClientId())) {
                OAuthResponse buildJSONMessage = OAuthASResponse.errorResponse(400).setError("invalid_client").setErrorDescription("客户端验证失败，如错误的client_id/client_secret。").buildJSONMessage();
                return new ResponseEntity(buildJSONMessage.getBody(), HttpStatus.valueOf(buildJSONMessage.getResponseStatus()));
            }
            Subject subject = SecurityUtils.getSubject();
            if (!subject.isAuthenticated() && !this.loginProvider.login(httpServletRequest).isSuccess()) {
                StringBuilder sb = new StringBuilder("?");
                sb.append("client_id").append(oAuthAuthzRequest.getClientId()).append("&");
                sb.append("response_type").append(oAuthAuthzRequest.getResponseType()).append("&");
                sb.append("redirect_uri").append(oAuthAuthzRequest.getRedirectURI());
                httpServletResponse.sendRedirect(this.urlOption.getLoginUrl());
                return null;
            }
            String str = (String) subject.getPrincipal();
            if (!oAuthAuthzRequest.getParam("response_type").equals(ResponseType.CODE.toString())) {
                OAuthResponse buildJSONMessage2 = OAuthASResponse.errorResponse(400).setError("invalid_request").setErrorDescription("不支持的授权类型").buildJSONMessage();
                return new ResponseEntity(buildJSONMessage2.getBody(), HttpStatus.valueOf(buildJSONMessage2.getResponseStatus()));
            }
            String authorizationCode = new OAuthIssuerImpl(new MD5Generator()).authorizationCode();
            this.oAuthService.addAuthCode(authorizationCode, str);
            OAuthASResponse.OAuthAuthorizationResponseBuilder authorizationResponse = OAuthASResponse.authorizationResponse(httpServletRequest, 302);
            authorizationResponse.setParam(GrantType.AUTHORIZATION_CODE.toString(), authorizationCode);
            OAuthResponse buildQueryMessage = authorizationResponse.location(oAuthAuthzRequest.getParam("redirect_uri")).buildQueryMessage();
            HttpHeaders httpHeaders = new HttpHeaders();
            httpHeaders.setLocation(new URI(buildQueryMessage.getLocationUri()));
            return new ResponseEntity(httpHeaders, HttpStatus.valueOf(buildQueryMessage.getResponseStatus()));
        } catch (OAuthProblemException e) {
            String redirectUri = e.getRedirectUri();
            if (OAuthUtils.isEmpty(redirectUri)) {
                return new ResponseEntity("OAuth callback url needs to be provided by client!!!", HttpStatus.NOT_FOUND);
            }
            OAuthResponse buildQueryMessage2 = OAuthASResponse.errorResponse(302).error(e).location(redirectUri).buildQueryMessage();
            HttpHeaders httpHeaders2 = new HttpHeaders();
            httpHeaders2.setLocation(new URI(buildQueryMessage2.getLocationUri()));
            return new ResponseEntity(httpHeaders2, HttpStatus.valueOf(buildQueryMessage2.getResponseStatus()));
        }
    }
}
