package com.lc.ibps.cloud.oauth.server.provider;

import com.lc.ibps.api.base.constants.StateEnum;
import com.lc.ibps.auth.constants.GrantType;
import com.lc.ibps.auth.constants.Scope;
import com.lc.ibps.auth.persistence.entity.AuthClientPo;
import com.lc.ibps.auth.repository.AuthClientRepository;
import com.lc.ibps.base.core.encrypt.EncryptUtil;
import com.lc.ibps.base.core.exception.BaseException;
import com.lc.ibps.base.core.util.BeanUtils;
import com.lc.ibps.base.core.util.ExceptionUtil;
import com.lc.ibps.base.core.util.string.StringUtil;
import com.lc.ibps.base.core.util.string.StringValidator;
import com.lc.ibps.cloud.entity.APIResult;
import com.lc.ibps.cloud.oauth.entity.AuthorizeCheckVo;
import com.lc.ibps.cloud.oauth.entity.AuthorizeVo;
import com.lc.ibps.cloud.oauth.entity.LoginVo;
import com.lc.ibps.cloud.oauth.server.context.InnerContextUtil;
import com.lc.ibps.cloud.redis.utils.RedisUtil;
import com.lc.ibps.common.utils.LogUtils;
import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation;
import io.swagger.annotations.ApiParam;
import java.util.concurrent.TimeUnit;
import javax.annotation.Resource;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Lazy;
import org.springframework.stereotype.Service;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestHeader;
import org.springframework.web.bind.annotation.RequestParam;

@Api(tags = {"授权中心"}, value = "授权")
@Service
/* loaded from: input_file:com/lc/ibps/cloud/oauth/server/provider/AuthorizeProvider.class */
public class AuthorizeProvider extends BaseProvider implements IAuthorizeService {

    @Resource
    @Lazy
    private IUserService userService;

    @Resource
    @Lazy
    private AuthClientRepository authClientRepository;

    @Value("${user.client-encrypt.encrypt:false}")
    private boolean encryptEnabled;

    @ApiOperation(value = "申请授权", notes = "传入授权AppKey，申请授权")
    public APIResult<String> authorize(@ApiParam(name = "authorizeVo", value = "授权码请求对象", required = true) @RequestBody(required = true) AuthorizeVo authorizeVo) {
        String redisKey;
        if (logger.isDebugEnabled()) {
            logger.debug("request authorize");
        }
        APIResult<String> aPIResult = new APIResult<>();
        String client_id = authorizeVo.getClient_id();
        if (this.encryptEnabled) {
            client_id = EncryptUtil.decrypt(client_id);
        }
        String login_state = authorizeVo.getLogin_state();
        aPIResult.addVariable("state", authorizeVo.getState());
        try {
            validateScope(client_id, Scope.SSO.getValue());
            validateGrantType(client_id, GrantType.CODE.getValue());
            redisKey = this.appConfig.getRedisKey(new String[]{"login.state", login_state});
        } catch (Exception e) {
            if (StateEnum.SUCCESS.getCode() == aPIResult.getState()) {
                aPIResult.setState(StateEnum.ILLEGAL_CLIENT_ID_SECRET.getCode());
            }
            aPIResult.setCause(ExceptionUtil.analysisCause(e));
            logger.error("authorize failed:", e);
        }
        if (!RedisUtil.redisTemplateString.hasKey(redisKey).booleanValue()) {
            aPIResult.setState(StateEnum.ILLEGAL_LOGIN_STATE.getCode());
            throw new BaseException(StateEnum.ILLEGAL_LOGIN_STATE.getCode(), StateEnum.ILLEGAL_LOGIN_STATE.getText(), new Object[0]);
        }
        String str = (String) RedisUtil.redisTemplateString.opsForValue().get(redisKey);
        if (StringUtil.isBlank(str)) {
            aPIResult.setState(StateEnum.ILLEGAL_LOGIN_STATE.getCode());
            throw new BaseException(StateEnum.ILLEGAL_LOGIN_STATE.getCode(), StateEnum.ILLEGAL_LOGIN_STATE.getText(), new Object[0]);
        }
        String uuid = uuid();
        aPIResult.setData(uuid);
        RedisUtil.redisTemplateString.delete(redisKey);
        String redisKey2 = this.appConfig.getRedisKey(new String[]{"authorize.code", uuid});
        RedisUtil.redisTemplate.opsForHash().put(redisKey2, "client.id", client_id);
        RedisUtil.redisTemplate.opsForHash().put(redisKey2, "user.name", InnerContextUtil.getByAccount(new LoginVo(str, (String) null, (String) null, (String) null), true).getAccount());
        RedisUtil.redisTemplate.expire(redisKey2, this.tokenConfig.getAcexpires().intValue(), TimeUnit.SECONDS);
        return aPIResult;
    }

    @ApiOperation(value = "第三方申请授权", notes = "传入授权AppKey，redirect_uri申请授权")
    public APIResult<String> apply3rd(@RequestHeader(value = "Referer", required = true) @ApiParam(name = "Referer", value = "请求头地址", required = true) String str, @RequestParam(required = true) @ApiParam(name = "clientId", value = "第三方平台标识", required = true) String str2, @RequestParam(required = true) @ApiParam(name = "redirectUri", value = "回调地址", required = true) String str3) {
        if (logger.isDebugEnabled()) {
            logger.debug("third-party platform request checkCode");
        }
        APIResult<String> aPIResult = new APIResult<>();
        String str4 = str2;
        String replaceFirst = str.substring(0, str.length() - 1).replaceFirst("^(https://)?(http://)?(www\\.)?", "");
        if (this.encryptEnabled) {
            str4 = EncryptUtil.decrypt(str4);
        }
        try {
        } catch (Exception e) {
            if (StateEnum.SUCCESS.getCode() == aPIResult.getState()) {
                aPIResult.setState(StateEnum.ILLEGAL_CLIENT_ID_SECRET.getCode());
            }
            aPIResult.setCause(ExceptionUtil.analysisCause(e));
            logger.error("third-party platform checkCode failed:", e);
        }
        if (StringUtil.isBlank(str4)) {
            throw new BaseException(StateEnum.ILLEGAL_AUTH_CLIENT_ID_NULL.getCode(), StateEnum.ILLEGAL_AUTH_CLIENT_ID_NULL.getText(), new Object[0]);
        }
        AuthClientPo byClientId4Cache = this.authClientRepository.getByClientId4Cache(str4);
        if (BeanUtils.isEmpty(byClientId4Cache)) {
            throw new BaseException(StateEnum.ILLEGAL_AUTH_PLATFORM_NULL.getCode(), StateEnum.ILLEGAL_AUTH_PLATFORM_NULL.getText(), new Object[0]);
        }
        if (!replaceFirst.equals(byClientId4Cache.getClientUri()) || StringValidator.isIp(replaceFirst) || !replaceFirst.equals(str3)) {
            throw new BaseException(StateEnum.ILLEGAL_AUTH_REDIRECT_URI.getCode(), StateEnum.ILLEGAL_AUTH_REDIRECT_URI.getText(), new Object[0]);
        }
        String uuid = uuid();
        aPIResult.setData(uuid);
        String redisKey = this.appConfig.getRedisKey(new String[]{"check.code", uuid});
        RedisUtil.redisTemplate.opsForHash().put(redisKey, "client.id", str4);
        RedisUtil.redisTemplate.opsForHash().put(redisKey, "redirect_uri", str3);
        RedisUtil.redisTemplate.expire(redisKey, this.tokenConfig.getAcexpires().intValue(), TimeUnit.SECONDS);
        return aPIResult;
    }

    @ApiOperation(value = "第三方申请授权登录状态码", notes = "传入授权码，用户登录申请授权")
    public APIResult<String> loginStateApply3rd(@ApiParam(name = "authorizeCheckVo", value = "第三方平台授权构造对象", required = true) @RequestBody(required = true) AuthorizeCheckVo authorizeCheckVo) {
        if (logger.isDebugEnabled()) {
            logger.debug("third-party platform request login_state");
        }
        APIResult<String> aPIResult = new APIResult<>();
        String username = authorizeCheckVo.getLoginVo().getUsername();
        String response_type = authorizeCheckVo.getResponse_type();
        String client_id = authorizeCheckVo.getClient_id();
        String check_code = authorizeCheckVo.getCheck_code();
        String redirect_uri = authorizeCheckVo.getRedirect_uri();
        try {
            if (this.encryptEnabled) {
                client_id = EncryptUtil.decrypt(client_id);
            }
        } catch (Exception e) {
            if (StateEnum.SUCCESS.getCode() == aPIResult.getState()) {
                aPIResult.setState(StateEnum.ILLEGAL_LOGIN.getCode());
            }
            aPIResult.setCause(ExceptionUtil.analysisCause(e));
            LogUtils.saveLog(LogUtils.create().request(getRequest()).type("loginError").op("access").createor(username).thr(e).build());
            logger.error("third-party platform request login_state failed:", e);
        }
        if (!GrantType.CODE.getValue().equals(response_type)) {
            aPIResult.setState(StateEnum.ILLEGAL_TOKEN_TYPE_NOT_SUPPORT.getCode());
            throw new BaseException(StateEnum.ILLEGAL_TOKEN_TYPE_NOT_SUPPORT.getCode(), String.format(StateEnum.ILLEGAL_TOKEN_TYPE_NOT_SUPPORT.getText(), response_type), new Object[0]);
        }
        if (StringUtil.isBlank(check_code) || StringUtil.isBlank(client_id) || StringUtil.isBlank(username)) {
            aPIResult.setState(StateEnum.ILLEGAL_AUTH_AUTHORIZATION_PARAMETER_ERROR.getCode());
            throw new BaseException(StateEnum.ILLEGAL_CLIENT_ID_SECRET_NO_MATCH.getCode(), StateEnum.ILLEGAL_CLIENT_ID_SECRET_NO_MATCH.getText(), new Object[0]);
        }
        String redisKey = this.appConfig.getRedisKey(new String[]{"check.code", check_code});
        if (!RedisUtil.redisTemplate.hasKey(redisKey).booleanValue()) {
            aPIResult.setState(StateEnum.ILLEGAL_AUTH_CHECK_CODE_ERROR.getCode());
            throw new BaseException(StateEnum.ILLEGAL_AUTH_CHECK_CODE_ERROR.getCode(), StateEnum.ILLEGAL_AUTH_CHECK_CODE_ERROR.getText(), new Object[0]);
        }
        Object obj = RedisUtil.redisTemplate.opsForHash().get(redisKey, "client.id");
        if (!RedisUtil.redisTemplate.opsForHash().get(redisKey, "redirect_uri").toString().equals(redirect_uri)) {
            aPIResult.setState(StateEnum.ILLEGAL_AUTH_CHECK_CODE_PARAMETER_ERROR.getCode());
            throw new BaseException(StateEnum.ILLEGAL_AUTH_CHECK_CODE_PARAMETER_ERROR.getCode(), StateEnum.ILLEGAL_AUTH_CHECK_CODE_PARAMETER_ERROR.getText(), new Object[0]);
        }
        if (!client_id.equalsIgnoreCase(obj.toString())) {
            aPIResult.setState(StateEnum.ILLEGAL_CLIENT_ID_SECRET_NO_MATCH.getCode());
            throw new BaseException(StateEnum.ILLEGAL_CLIENT_ID_SECRET_NO_MATCH.getCode(), StateEnum.ILLEGAL_CLIENT_ID_SECRET_NO_MATCH.getText(), new Object[0]);
        }
        authorizeCheckVo.getLoginVo().setCheck_code(check_code);
        APIResult login = this.userService.login(authorizeCheckVo.getLoginVo());
        if (login.isSuccess()) {
            aPIResult.setState(StateEnum.SUCCESS.getCode());
            aPIResult.setData(login.getData());
        } else {
            aPIResult.setState(login.getState());
            aPIResult.setCause(login.getCause());
        }
        return aPIResult;
    }
}
