package com.digiwin.dap.middleware.iam.api.authentication;

import cn.hutool.core.net.url.UrlBuilder;
import cn.hutool.jwt.JWTUtil;
import com.digiwin.dap.middleware.auth.AuthoredSys;
import com.digiwin.dap.middleware.cache.RedisUtils;
import com.digiwin.dap.middleware.exception.BusinessException;
import com.digiwin.dap.middleware.iam.constant.I18nError;
import com.digiwin.dap.middleware.iam.constant.IamConstants;
import com.digiwin.dap.middleware.iam.constant.RedisConstants;
import com.digiwin.dap.middleware.iam.constant.enums.SsoTypeEnum;
import com.digiwin.dap.middleware.iam.domain.EnvProperties;
import com.digiwin.dap.middleware.iam.domain.cache.UserTempTokenCacheVO;
import com.digiwin.dap.middleware.iam.domain.oauth.OauthAuthCode;
import com.digiwin.dap.middleware.iam.domain.usermapping.UserMappingQueryResultVO;
import com.digiwin.dap.middleware.iam.entity.AuthApp;
import com.digiwin.dap.middleware.iam.entity.SysSsoUrlConfig;
import com.digiwin.dap.middleware.iam.entity.Tenant;
import com.digiwin.dap.middleware.iam.repository.AuthAppRepository;
import com.digiwin.dap.middleware.iam.service.sso.SysSsoUrlConfigCrudService;
import com.digiwin.dap.middleware.iam.service.tenant.TenantCrudService;
import com.digiwin.dap.middleware.iam.service.tenantmetadata.TenantMetadataCrudService;
import com.digiwin.dap.middleware.iam.service.usermapping.UserMappingService;
import com.digiwin.dap.middleware.iam.support.remote.domain.huawei.OAuthLoginResponse;
import com.digiwin.dap.middleware.iam.util.SAMLUtil;
import java.io.IOException;
import java.io.PrintWriter;
import java.time.Duration;
import java.util.HashMap;
import java.util.Objects;
import java.util.Optional;
import java.util.UUID;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.text.StrSubstitutor;
import org.pac4j.oidc.client.OidcClient;
import org.pac4j.oidc.config.OidcConfiguration;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter;
import org.springframework.util.StringUtils;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestAttribute;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;
import org.springframework.web.client.RestTemplate;

@RequestMapping({"/api/iam/v2/oidc"})
@RestController
/* loaded from: input_file:WEB-INF/classes/com/digiwin/dap/middleware/iam/api/authentication/OIDCController.class */
public class OIDCController {
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) OIDCController.class);

    @Autowired
    private TenantMetadataCrudService tenantMetadataCrudService;

    @Autowired
    private TenantCrudService tenantCrudService;

    @Autowired
    private EnvProperties envProperties;

    @Autowired
    private UserMappingService userMappingService;

    @Autowired
    private SysSsoUrlConfigCrudService sysSsoUrlConfigCrudService;

    @Autowired
    private AuthAppRepository authAppRepository;

    @Autowired
    private RestTemplate restTemplate;

    public static void main(String[] strArr) {
        OidcConfiguration oidcConfiguration = new OidcConfiguration();
        oidcConfiguration.setClientId("788339d7-1c44-4732-97c9-134cb201f01f");
        oidcConfiguration.setSecret("we/31zi+JYa7zOugO4TbSw0hzn+hv2wmENO9AS3T84s=");
        oidcConfiguration.setDiscoveryURI("https://login.microsoftonline.com/38c46e5a-21f0-46e5-940d-3ca06fd1a330/.well-known/openid-configuration");
        new OidcClient(oidcConfiguration);
    }

    @GetMapping({DefaultLoginPageGeneratingFilter.DEFAULT_LOGIN_PAGE_URL})
    public void login(@RequestParam(value = "tenantId", required = false) String str, @RequestParam(value = "sysId", required = false) String str2, @RequestAttribute("digi-middleware-auth-app-data") AuthoredSys authoredSys, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        String str3 = (String) Optional.ofNullable(str2).filter(StringUtils::hasLength).orElse(authoredSys.getId());
        try {
            if (!StringUtils.hasText(str) || !StringUtils.hasText(str3)) {
                throw new BusinessException(I18nError.PARAM_ERROR);
            }
            Tenant findById = this.tenantCrudService.findById(str);
            if (findById == null || !findById.isOidcLogin()) {
                throw new BusinessException(I18nError.IAM_OIDC_SYS_NOT_EXIST);
            }
            AuthApp findByTenantSidAndSysIdAndType = this.authAppRepository.findByTenantSidAndSysIdAndType(findById.getSid(), str3, SsoTypeEnum.OIDC.getCode());
            if (findByTenantSidAndSysIdAndType == null) {
                throw new BusinessException(I18nError.IAM_OIDC_SYS_NOT_EXIST);
            }
            if (this.sysSsoUrlConfigCrudService.findBySysIdAndSsoType(str3, SsoTypeEnum.OIDC.getCode()) == null) {
                throw new BusinessException(I18nError.IAM_OIDC_SYS_NOT_EXIST);
            }
            SysSsoUrlConfig findBySysIdAndSsoType = this.sysSsoUrlConfigCrudService.findBySysIdAndSsoType(str3, SsoTypeEnum.OIDC.getCode());
            try {
                HashMap hashMap = new HashMap();
                hashMap.put(OidcConfiguration.CLIENT_ID, findByTenantSidAndSysIdAndType.getClientId());
                httpServletResponse.sendRedirect(new StrSubstitutor(hashMap).replace(findByTenantSidAndSysIdAndType.getAuthUrl()));
            } catch (BusinessException e) {
                logger.error("【oidc】 登录异常", (Throwable) e);
                redirect(httpServletResponse, SAMLUtil.getFailCallbackUrl(findBySysIdAndSsoType.getFailCallbackUrl(), e.getMessage()));
            } catch (Exception e2) {
                logger.error("【oidc】 登录异常", (Throwable) e2);
                redirect(httpServletResponse, SAMLUtil.getFailCallbackUrl(findBySysIdAndSsoType.getFailCallbackUrl(), "系统异常"));
            }
        } catch (Exception e3) {
            logger.error("【oidc】 登录异常", (Throwable) e3);
            sendResponse(httpServletResponse, e3.getMessage());
        }
    }

    @RequestMapping({"/{tenantId:.+}/{sysId}"})
    public void authCallback(@PathVariable("tenantId") String str, @PathVariable("sysId") String str2, OauthAuthCode oauthAuthCode, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        try {
            Tenant findById = this.tenantCrudService.findById(str);
            if (findById == null || !findById.isOidcLogin()) {
                throw new BusinessException(I18nError.IAM_OIDC_SYS_NOT_EXIST);
            }
            AuthApp findByTenantSidAndSysIdAndType = this.authAppRepository.findByTenantSidAndSysIdAndType(findById.getSid(), str2, SsoTypeEnum.OIDC.getCode());
            if (findByTenantSidAndSysIdAndType == null) {
                throw new BusinessException(I18nError.IAM_OIDC_SYS_NOT_EXIST);
            }
            if (this.sysSsoUrlConfigCrudService.findBySysIdAndSsoType(str2, SsoTypeEnum.OIDC.getCode()) == null) {
                throw new BusinessException(I18nError.IAM_OIDC_SYS_NOT_EXIST);
            }
            SysSsoUrlConfig findBySysIdAndSsoType = this.sysSsoUrlConfigCrudService.findBySysIdAndSsoType(str2, SsoTypeEnum.OIDC.getCode());
            if (Objects.isNull(findBySysIdAndSsoType)) {
                throw new BusinessException(I18nError.IAM_SAML_SYS_NOT_EXIST);
            }
            try {
                String obj = JWTUtil.parseToken(((OAuthLoginResponse) this.restTemplate.postForObject(UrlBuilder.of(findByTenantSidAndSysIdAndType.getAccessTokenUrl()).addQuery(OidcConfiguration.CLIENT_ID, findByTenantSidAndSysIdAndType.getClientId()).addQuery("code", oauthAuthCode.getCode()).addQuery("client_secret", findByTenantSidAndSysIdAndType.getClientSecret()).addQuery("grant_type", IamConstants.OAUTH_AUTHORIZATION_CODE_TYPE).addQuery(OidcConfiguration.REDIRECT_URI, this.envProperties.getIamUri() + httpServletRequest.getRequestURI()).toString(), (Object) null, OAuthLoginResponse.class, new Object[0])).getIdToken()).getPayload((String) Optional.ofNullable(findByTenantSidAndSysIdAndType.getUserIdAttr()).orElse("sub")).toString();
                if (Objects.isNull(obj)) {
                    throw new BusinessException(I18nError.IAM_USER_ID_MAPPING_ATTRIBUTE_NOT_EXIST);
                }
                UserMappingQueryResultVO userByMapping = this.userMappingService.getUserByMapping(Long.valueOf(findById.getSid()), findByTenantSidAndSysIdAndType.getType(), null, obj);
                if (Objects.isNull(userByMapping)) {
                    throw new BusinessException(I18nError.IAM_USER_MAPPING_NOT_EXIST);
                }
                UserTempTokenCacheVO userTempTokenCacheVO = new UserTempTokenCacheVO();
                userTempTokenCacheVO.setValue(String.join(":_", userByMapping.getUserId(), str, str2));
                userTempTokenCacheVO.setCreateTime(Long.valueOf(System.currentTimeMillis()));
                String lowerCase = UUID.randomUUID().toString().toLowerCase();
                RedisUtils.set(String.format(RedisConstants.REDIS_IAM_SSO_TOKEN, IamConstants.TENANT_METADATA_CATALOG_ID_OIDC, lowerCase), userTempTokenCacheVO, Duration.ofMinutes(3L));
                redirect(httpServletResponse, SAMLUtil.getSuccessCallbackUrl(findBySysIdAndSsoType.getSuccessCallbackUrl(), lowerCase, obj, null));
            } catch (BusinessException e) {
                logger.error("【oidc】 认证回调异常", (Throwable) e);
                redirect(httpServletResponse, SAMLUtil.getFailCallbackUrl(findBySysIdAndSsoType.getFailCallbackUrl(), e.getMessage()));
            } catch (Exception e2) {
                logger.error("【oidc】 认证回调异常", (Throwable) e2);
                redirect(httpServletResponse, SAMLUtil.getFailCallbackUrl(findBySysIdAndSsoType.getFailCallbackUrl(), "系统异常"));
            }
        } catch (Exception e3) {
            logger.error("【oidc】 登录异常", (Throwable) e3);
            sendResponse(httpServletResponse, e3.getMessage());
        }
    }

    private void redirect(HttpServletResponse httpServletResponse, String str) {
        try {
            httpServletResponse.sendRedirect(str);
        } catch (IOException e) {
            logger.error("【oidc】 跳转失败页面异常", (Throwable) e);
        }
    }

    private void sendResponse(HttpServletResponse httpServletResponse, String str) {
        try {
            httpServletResponse.reset();
            httpServletResponse.setCharacterEncoding("UTF-8");
            httpServletResponse.setContentType("text/plain; charset=UTF-8");
            PrintWriter writer = httpServletResponse.getWriter();
            writer.write(str);
            writer.flush();
            writer.close();
        } catch (Exception e) {
            logger.error("【oidc】 返回错误信息异常", (Throwable) e);
        }
    }
}
