package com.central.oauth.controller;

import com.central.common.constant.SecurityConstants;
import com.central.common.context.TenantContextHolder;
import com.central.common.enums.ActionEnum;
import com.central.common.enums.ActionResultEnum;
import com.central.common.model.LoginAppUser;
import com.central.common.utils.ResponseUtil;
import com.central.oauth.dto.UserDTO;
import com.central.oauth.utils.RSAUtils;
import com.central.oauth2.common.token.MobileAuthenticationToken;
import com.central.oauth2.common.token.OpenIdAuthenticationToken;
import com.central.oauth2.common.util.AuthUtils;
import com.central.user.service.IUserActionLogService;
import com.fasterxml.jackson.databind.ObjectMapper;
import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation;
import io.swagger.annotations.ApiParam;
import java.io.IOException;
import java.util.concurrent.TimeUnit;
import javax.annotation.Resource;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.collections.MapUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.data.redis.core.StringRedisTemplate;
import org.springframework.http.HttpStatus;
import org.springframework.security.authentication.AbstractAuthenticationToken;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.InternalAuthenticationServiceException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.oauth2.common.OAuth2AccessToken;
import org.springframework.security.oauth2.common.exceptions.UnapprovedClientAuthenticationException;
import org.springframework.security.oauth2.provider.ClientDetails;
import org.springframework.security.oauth2.provider.ClientDetailsService;
import org.springframework.security.oauth2.provider.OAuth2Authentication;
import org.springframework.security.oauth2.provider.OAuth2Request;
import org.springframework.security.oauth2.provider.TokenRequest;
import org.springframework.security.oauth2.provider.token.AuthorizationServerTokenServices;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;

@Api(tags = {"OAuth2相关操作"})
@RestController
/* loaded from: input_file:BOOT-INF/classes/com/central/oauth/controller/OAuth2Controller.class */
public class OAuth2Controller {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) OAuth2Controller.class);

    @Resource
    private ObjectMapper objectMapper;

    @Autowired
    private PasswordEncoder passwordEncoder;

    @Resource
    private AuthorizationServerTokenServices authorizationServerTokenServices;

    @Autowired
    private AuthenticationManager authenticationManager;

    @Autowired
    private ClientDetailsService clientDetailsService;

    @Autowired
    private IUserActionLogService userActionLogService;

    @Autowired
    private StringRedisTemplate redisTemplate;

    @GetMapping({SecurityConstants.PASSWORD_PUBLIC_KEY})
    @ApiOperation("PASSWORD模式登录加密公钥")
    public String getPublicKey() {
        return RSAUtils.getPublicKey();
    }

    @PostMapping({SecurityConstants.PASSWORD_LOGIN_PRO_URL})
    @ApiOperation("用户名密码获取token")
    public void getUserTokenInfo(@RequestBody UserDTO userDTO, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        try {
            userDTO.setPassword(RSAUtils.decrypt(userDTO.getPassword()));
        } catch (Exception e) {
            log.error("getUserTokenInfo-", (Throwable) e);
            exceptionHandler(httpServletResponse, "密码解密失败");
        }
        if (!RSAUtils.checkPwdFormat(userDTO.getPassword())) {
            exceptionHandler(httpServletResponse, RSAUtils.REGEX_MSG);
        }
        writerToken(httpServletRequest, httpServletResponse, new UsernamePasswordAuthenticationToken(userDTO.getUser(), userDTO.getPassword()), "用户名或密码错误");
    }

    @PostMapping({SecurityConstants.OPENID_TOKEN_URL})
    @ApiOperation("openId获取token")
    public void getTokenByOpenId(@RequestParam(required = true, name = "openId", value = "openId") String str, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        writerToken(httpServletRequest, httpServletResponse, new OpenIdAuthenticationToken(str), "openId错误");
    }

    @PostMapping({SecurityConstants.MOBILE_TOKEN_URL})
    @ApiOperation("mobile获取token")
    public void getTokenByMobile(@ApiParam(required = true, name = "mobile", value = "mobile") String str, @ApiParam(required = true, name = "password", value = "密码") String str2, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        writerToken(httpServletRequest, httpServletResponse, new MobileAuthenticationToken(str, str2), "手机号或密码错误");
    }

    private void writerToken(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AbstractAuthenticationToken abstractAuthenticationToken, String str) throws IOException {
        String str2 = this.redisTemplate.opsForValue().get(RSAUtils.REDIS_LOGIN_KEY + abstractAuthenticationToken.getName());
        if (str2 != null && Integer.parseInt(str2) >= 5) {
            exceptionHandler(httpServletResponse, "登录过于频繁，请一个小时后再试");
            return;
        }
        try {
            String[] extractClient = AuthUtils.extractClient(httpServletRequest);
            String str3 = extractClient[0];
            ClientDetails client = getClient(str3, extractClient[1]);
            TenantContextHolder.setTenant(str3);
            OAuth2Request createOAuth2Request = new TokenRequest(MapUtils.EMPTY_MAP, str3, client.getScope(), "customer").createOAuth2Request(client);
            Authentication authenticate = this.authenticationManager.authenticate(abstractAuthenticationToken);
            SecurityContextHolder.getContext().setAuthentication(authenticate);
            OAuth2Authentication oAuth2Authentication = new OAuth2Authentication(createOAuth2Request, authenticate);
            OAuth2AccessToken createAccessToken = this.authorizationServerTokenServices.createAccessToken(oAuth2Authentication);
            oAuth2Authentication.setAuthenticated(true);
            TenantContextHolder.clear();
            ResponseUtil.responseSucceed(this.objectMapper, httpServletResponse, createAccessToken);
            this.userActionLogService.saveUserActionLog((LoginAppUser) authenticate.getPrincipal(), ActionEnum.LOGIN, "账号登录成功", ActionResultEnum.SUCCESS);
        } catch (BadCredentialsException | InternalAuthenticationServiceException e) {
            this.redisTemplate.opsForValue().increment(RSAUtils.REDIS_LOGIN_KEY + abstractAuthenticationToken.getName());
            this.redisTemplate.expire(RSAUtils.REDIS_LOGIN_KEY + abstractAuthenticationToken.getName(), 1L, TimeUnit.HOURS);
            exceptionHandler(httpServletResponse, str);
        } catch (Exception e2) {
            exceptionHandler(httpServletResponse, e2);
        }
    }

    private void exceptionHandler(HttpServletResponse httpServletResponse, Exception exc) throws IOException {
        log.error("exceptionHandler-error:", (Throwable) exc);
        exceptionHandler(httpServletResponse, exc.getMessage());
    }

    private void exceptionHandler(HttpServletResponse httpServletResponse, String str) throws IOException {
        httpServletResponse.setStatus(HttpStatus.UNAUTHORIZED.value());
        ResponseUtil.responseFailed(this.objectMapper, httpServletResponse, str);
    }

    private ClientDetails getClient(String str, String str2) {
        ClientDetails loadClientByClientId = this.clientDetailsService.loadClientByClientId(str);
        if (loadClientByClientId == null) {
            throw new UnapprovedClientAuthenticationException("clientId对应的信息不存在");
        }
        if (this.passwordEncoder.matches(str2, loadClientByClientId.getClientSecret())) {
            return loadClientByClientId;
        }
        throw new UnapprovedClientAuthenticationException("clientSecret不匹配");
    }
}
