package com.digiwin.dap.middleware.iam.service.oauth.impl;

import com.digiwin.dap.middle.kms.constants.KeyConstant;
import com.digiwin.dap.middleware.auth.AppAuthContextHolder;
import com.digiwin.dap.middleware.auth.AuthoredUser;
import com.digiwin.dap.middleware.cache.RedisUtils;
import com.digiwin.dap.middleware.commons.crypto.AES;
import com.digiwin.dap.middleware.exception.BusinessException;
import com.digiwin.dap.middleware.iam.constant.I18nError;
import com.digiwin.dap.middleware.iam.constant.IamConstants;
import com.digiwin.dap.middleware.iam.constant.RedisConstants;
import com.digiwin.dap.middleware.iam.domain.EnvProperties;
import com.digiwin.dap.middleware.iam.domain.oauth.OauthAccessToken;
import com.digiwin.dap.middleware.iam.domain.oauth.OauthAccessTokenRequest;
import com.digiwin.dap.middleware.iam.domain.oauth.OauthAppVO;
import com.digiwin.dap.middleware.iam.domain.oauth.OauthAuthCode;
import com.digiwin.dap.middleware.iam.domain.oauth.OauthAuthRequest;
import com.digiwin.dap.middleware.iam.domain.oauth.OauthRefreshTokenRequest;
import com.digiwin.dap.middleware.iam.entity.OauthApp;
import com.digiwin.dap.middleware.iam.entity.Tenant;
import com.digiwin.dap.middleware.iam.entity.User;
import com.digiwin.dap.middleware.iam.mapper.OauthMapper;
import com.digiwin.dap.middleware.iam.repository.OauthAppRepository;
import com.digiwin.dap.middleware.iam.repository.OauthScopeRepository;
import com.digiwin.dap.middleware.iam.repository.UserInTenantRepository;
import com.digiwin.dap.middleware.iam.service.oauth.OauthAppCrudService;
import com.digiwin.dap.middleware.iam.service.oauth.OauthService;
import com.digiwin.dap.middleware.iam.service.tenant.TenantCrudService;
import com.digiwin.dap.middleware.iam.service.user.UserCrudService;
import com.digiwin.dap.middleware.iam.support.auth.domain.IamAuthoredUser;
import com.digiwin.dap.middleware.iam.support.validate.AuthValidateService;
import com.digiwin.dap.middleware.util.EntityUtils;
import com.digiwin.dap.middleware.util.SnowFlake;
import com.digiwin.dap.middleware.util.UserUtils;
import com.digiwin.dmc.sdk.util.StringUtil;
import java.time.Duration;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.UUID;
import java.util.concurrent.TimeUnit;
import java.util.stream.Collectors;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import org.springframework.util.StringUtils;

@Service
/* loaded from: input_file:com/digiwin/dap/middleware/iam/service/oauth/impl/OauthServiceImpl.class */
public class OauthServiceImpl implements OauthService {

    @Autowired
    private OauthAppCrudService oauthAppCrudService;

    @Autowired
    private UserInTenantRepository userInTenantRepository;

    @Autowired
    private OauthAppRepository oauthAppRepository;

    @Autowired
    private OauthScopeRepository oauthScopeRepository;

    @Autowired
    private UserCrudService userCrudService;

    @Autowired
    private TenantCrudService tenantCrudService;

    @Autowired
    private EnvProperties envProperties;

    @Autowired
    private OauthMapper oauthMapper;

    @Autowired
    private AuthValidateService authValidateService;

    @Override // com.digiwin.dap.middleware.iam.service.oauth.OauthService
    public long registerApp(OauthAppVO oauthAppVO) {
        String id = oauthAppVO.getId();
        if (StringUtils.isEmpty(id)) {
            id = UUID.randomUUID().toString().replace(IamConstants.HYPHEN, IamConstants.EMPTY);
            oauthAppVO.setId(id);
        }
        if (StringUtils.isEmpty(oauthAppVO.getSecret())) {
            oauthAppVO.setSecret(AES.encryptCBC(String.format("%s_@#$_%s_%s", id, Long.valueOf(oauthAppVO.getTenantSid()), Long.valueOf(System.currentTimeMillis())), KeyConstant.OTHER));
        }
        return this.oauthAppCrudService.create(oauthAppVO.generateEntity());
    }

    @Override // com.digiwin.dap.middleware.iam.service.oauth.OauthService
    public long updateApp(OauthAppVO oauthAppVO) {
        if (oauthAppVO.getSid() == 0) {
            throw new BusinessException(I18nError.SYS_NOT_EXISTED);
        }
        OauthApp oauthApp = (OauthApp) this.oauthAppCrudService.findBySid(oauthAppVO.getSid());
        if (oauthApp == null) {
            throw new BusinessException(I18nError.SYS_NOT_EXISTED, new Object[]{Long.valueOf(oauthAppVO.getSid())});
        }
        if (UserUtils.getTenantSid() != oauthApp.getTenantSid() && !this.authValidateService.checkAccessPermission("Sys", AppAuthContextHolder.getContext().getRequestInfo().getMethod(), AppAuthContextHolder.getContext().getRequestInfo().getPath(), UserUtils.getSysId()).booleanValue()) {
            throw new BusinessException(I18nError.IAM_TENANT_PERMISSION_ERROR);
        }
        oauthApp.setDescription(oauthAppVO.getDescription());
        oauthApp.setName(oauthAppVO.getName());
        oauthApp.setCallbackUrl(oauthAppVO.getCallbackUrl());
        this.oauthAppCrudService.update(oauthApp);
        return oauthApp.getSid();
    }

    @Override // com.digiwin.dap.middleware.iam.service.oauth.OauthService
    public OauthAuthCode getAuthCode(OauthAuthRequest oauthAuthRequest, AuthoredUser authoredUser) {
        return getCommonAuthCode(oauthAuthRequest.getAppId(), oauthAuthRequest.getCallbackUrl(), oauthAuthRequest.getScope(), authoredUser);
    }

    @Override // com.digiwin.dap.middleware.iam.service.oauth.OauthService
    public OauthAuthCode getCommonAuthCode(String str, String str2, String str3, AuthoredUser authoredUser) {
        OauthAuthCode oauthAuthCode;
        OauthApp findById = this.oauthAppRepository.findById(str);
        if (findById == null) {
            throw new BusinessException(I18nError.SYS_NOT_EXISTED, new Object[]{str});
        }
        if (this.userInTenantRepository.findByUserSid(Long.valueOf(authoredUser.getSid())).isEmpty()) {
            throw new BusinessException(I18nError.USER_IN_TENANT_NOT_EXIST, new Object[]{Long.valueOf(authoredUser.getSid())});
        }
        if (!StringUtil.isEmpty(str2) && !str2.equals(findById.getCallbackUrl())) {
            throw new BusinessException(I18nError.REDIRECT_ERROR, new Object[]{str2, findById.getCallbackUrl()});
        }
        ArrayList arrayList = new ArrayList();
        if (StringUtil.isEmpty(str3)) {
            arrayList.add("user_read");
        } else {
            String[] split = str3.split(",");
            List<String> findAllIds = this.oauthScopeRepository.findAllIds();
            StringBuilder sb = new StringBuilder();
            for (String str4 : split) {
                if (findAllIds.contains(str4)) {
                    arrayList.add(str4);
                } else {
                    sb.append(str4).append(IamConstants.SEMICOLON);
                }
            }
            if (sb.length() > 0) {
                throw new BusinessException(I18nError.AUTHORITY_SCOPE_NOT_EXIST, new Object[]{sb.toString()});
            }
        }
        String replace = UUID.randomUUID().toString().replace(IamConstants.HYPHEN, IamConstants.EMPTY);
        String uniqueKey = uniqueKey(replace, RedisConstants.REDIS_OAUTH_AUTH_CODE);
        if (RedisUtils.hasKey(uniqueKey)) {
            oauthAuthCode = (OauthAuthCode) RedisUtils.get(uniqueKey, OauthAuthCode.class);
        } else {
            oauthAuthCode = new OauthAuthCode();
            oauthAuthCode.setCode(replace);
            oauthAuthCode.setUserSid(authoredUser.getSid());
            oauthAuthCode.setScopes(arrayList);
            oauthAuthCode.setTenantSid(Long.valueOf(authoredUser.getTenantSid()));
            oauthAuthCode.setTenantId(authoredUser.getTenantId());
            RedisUtils.set(uniqueKey, oauthAuthCode, Duration.ofMinutes(10L));
        }
        return oauthAuthCode;
    }

    @Override // com.digiwin.dap.middleware.iam.service.oauth.OauthService
    public OauthAccessToken getAccessToken(OauthAccessTokenRequest oauthAccessTokenRequest) {
        OauthApp findById = this.oauthAppRepository.findById(oauthAccessTokenRequest.getAppId());
        if (findById == null) {
            throw new BusinessException(I18nError.SYS_NOT_EXISTED, new Object[]{oauthAccessTokenRequest.getAppId()});
        }
        if (!oauthAccessTokenRequest.getSecret().equals(findById.getSecret())) {
            throw new BusinessException(I18nError.SYS_SECRET_ERROR, new Object[]{oauthAccessTokenRequest.getSecret()});
        }
        if (!IamConstants.OAUTH_AUTHORIZATION_CODE_TYPE.equals(oauthAccessTokenRequest.getGrantType())) {
            throw new BusinessException(I18nError.GRANT_TYPE_ERROR);
        }
        String uniqueKey = uniqueKey(oauthAccessTokenRequest.getCode(), RedisConstants.REDIS_OAUTH_AUTH_CODE);
        if (!RedisUtils.hasKey(uniqueKey)) {
            throw new BusinessException(I18nError.AUTHORITY_CODE_ERROR, new Object[]{oauthAccessTokenRequest.getCode()});
        }
        OauthAuthCode oauthAuthCode = (OauthAuthCode) RedisUtils.get(uniqueKey, OauthAuthCode.class);
        if (!StringUtils.isEmpty(oauthAuthCode.getState()) && !oauthAuthCode.getState().equals(oauthAccessTokenRequest.getState())) {
            throw new BusinessException(I18nError.REQUEST_AUTHORITY_PARAM_ERROR);
        }
        if (!StringUtils.isEmpty(oauthAccessTokenRequest.getScope())) {
            for (String str : oauthAccessTokenRequest.getScope().split(",")) {
                if (!oauthAuthCode.getScopes().contains(str)) {
                    throw new BusinessException(I18nError.REQUEST_AUTHORITY_SCOPE_ERROR);
                }
            }
        } else if (!oauthAuthCode.getScopes().isEmpty() && (oauthAuthCode.getScopes().size() > 1 || !oauthAuthCode.getScopes().contains("user_read"))) {
            throw new BusinessException(I18nError.REQUEST_AUTHORITY_SCOPE_ERROR);
        }
        User findBySid = this.userCrudService.findBySid(oauthAuthCode.getUserSid());
        if (findBySid == null) {
            throw new BusinessException(I18nError.REQUEST_AUTHORITY_USER_ERROR, new Object[]{Long.valueOf(oauthAuthCode.getUserSid())});
        }
        if (this.userInTenantRepository.findByUserSid(Long.valueOf(oauthAuthCode.getUserSid())).isEmpty()) {
            throw new BusinessException(I18nError.USER_IN_TENANT_NOT_EXIST, new Object[]{Long.valueOf(oauthAuthCode.getUserSid())});
        }
        Tenant findBySid2 = this.tenantCrudService.findBySid(oauthAuthCode.getTenantSid().longValue());
        if (findBySid2 == null) {
            throw new BusinessException(I18nError.TENANT_NOT_EXISTED, new Object[]{Long.valueOf(findById.getTenantSid())});
        }
        String uuid = UUID.randomUUID().toString();
        String uniqueKey2 = uniqueKey(uuid, RedisConstants.REDIS_OAUTH_ACCESS_TOKEN);
        String uuid2 = UUID.randomUUID().toString();
        String uniqueKey3 = uniqueKey(uuid2, RedisConstants.REDIS_OAUTH_REFRESH_TOKEN);
        IamAuthoredUser createAuthoredUser = IamAuthoredUser.createAuthoredUser(findBySid, findBySid2);
        createAuthoredUser.setAppId(findById.getId());
        createAuthoredUser.setToken(uuid);
        if (!oauthAuthCode.getScopes().isEmpty()) {
            createAuthoredUser.setAuthoredApis(this.oauthMapper.getApisByScope(oauthAuthCode.getScopes()));
        }
        RedisUtils.set(uniqueKey2, createAuthoredUser, Duration.ofMillis(this.envProperties.getOauthTokenExpire() * 60 * 1000));
        RedisUtils.delete(uniqueKey);
        OauthAccessToken oauthAccessToken = new OauthAccessToken();
        oauthAccessToken.setAccessToken(uuid);
        oauthAccessToken.setExpireIn(String.valueOf(this.envProperties.getOauthTokenExpire() * 60));
        oauthAccessToken.setUserSid(oauthAuthCode.getUserSid());
        oauthAccessToken.setRefreshToken(uuid2);
        RedisUtils.set(uniqueKey3, createAuthoredUser, Duration.ofMinutes(this.envProperties.getTokenExpire()));
        return oauthAccessToken;
    }

    @Override // com.digiwin.dap.middleware.iam.service.oauth.OauthService
    public Map<String, Object> getCommonAccessToken(OauthAccessTokenRequest oauthAccessTokenRequest) {
        OauthAccessToken accessTokenCore = getAccessTokenCore(oauthAccessTokenRequest.getClient_id(), oauthAccessTokenRequest.getClient_secret(), oauthAccessTokenRequest.getGrant_type(), oauthAccessTokenRequest.getCode());
        HashMap hashMap = new HashMap();
        hashMap.put("access_token", accessTokenCore.getAccessToken());
        hashMap.put("expires_in", accessTokenCore.getExpireIn());
        hashMap.put("token_type", "Bearer");
        hashMap.put(IamConstants.OAUTH_AUTHORIZATION_REFRESH_TYPE, accessTokenCore.getRefreshToken());
        hashMap.put("user_sid", Long.valueOf(accessTokenCore.getUserSid()));
        return hashMap;
    }

    private OauthAccessToken getAccessTokenCore(String str, String str2, String str3, String str4) {
        OauthApp findById = this.oauthAppRepository.findById(str);
        if (findById == null) {
            throw new BusinessException(I18nError.SYS_NOT_EXISTED, new Object[]{str});
        }
        if (!StringUtils.isEmpty(str2) && !str2.equals(findById.getSecret())) {
            throw new BusinessException(I18nError.SYS_SECRET_ERROR, new Object[]{str2});
        }
        if (!IamConstants.OAUTH_AUTHORIZATION_CODE_TYPE.equals(str3)) {
            throw new BusinessException(I18nError.GRANT_TYPE_ERROR);
        }
        String uniqueKey = uniqueKey(str4, RedisConstants.REDIS_OAUTH_AUTH_CODE);
        if (!RedisUtils.hasKey(uniqueKey)) {
            throw new BusinessException(I18nError.AUTHORITY_CODE_ERROR, new Object[]{str4});
        }
        OauthAuthCode oauthAuthCode = (OauthAuthCode) RedisUtils.get(uniqueKey, OauthAuthCode.class);
        User findBySid = this.userCrudService.findBySid(oauthAuthCode.getUserSid());
        if (findBySid == null) {
            throw new BusinessException(I18nError.REQUEST_AUTHORITY_USER_ERROR, new Object[]{Long.valueOf(oauthAuthCode.getUserSid())});
        }
        if (this.userInTenantRepository.findByUserSid(Long.valueOf(oauthAuthCode.getUserSid())).isEmpty()) {
            throw new BusinessException(I18nError.USER_IN_TENANT_NOT_EXIST, new Object[]{Long.valueOf(oauthAuthCode.getUserSid())});
        }
        Tenant findBySid2 = this.tenantCrudService.findBySid(oauthAuthCode.getTenantSid().longValue());
        if (findBySid2 == null) {
            throw new BusinessException(I18nError.TENANT_NOT_EXISTED, new Object[]{oauthAuthCode.getTenantSid()});
        }
        String uuid = UUID.randomUUID().toString();
        String uniqueKey2 = uniqueKey(uuid, RedisConstants.REDIS_OAUTH_ACCESS_TOKEN);
        String uuid2 = UUID.randomUUID().toString();
        String uniqueKey3 = uniqueKey(uuid2, RedisConstants.REDIS_OAUTH_REFRESH_TOKEN);
        IamAuthoredUser createAuthoredUser = IamAuthoredUser.createAuthoredUser(findBySid, findBySid2);
        createAuthoredUser.setAppId(findById.getId());
        createAuthoredUser.setToken(uuid);
        if (!oauthAuthCode.getScopes().isEmpty()) {
            createAuthoredUser.setAuthoredApis(this.oauthMapper.getApisByScope(oauthAuthCode.getScopes()));
        }
        RedisUtils.set(uniqueKey2, createAuthoredUser, Duration.ofMillis(this.envProperties.getOauthTokenExpire() * 60 * 1000));
        RedisUtils.delete(uniqueKey);
        OauthAccessToken oauthAccessToken = new OauthAccessToken();
        oauthAccessToken.setAccessToken(uuid);
        oauthAccessToken.setExpireIn(String.valueOf(this.envProperties.getOauthTokenExpire() * 60));
        oauthAccessToken.setUserSid(oauthAuthCode.getUserSid());
        oauthAccessToken.setRefreshToken(uuid2);
        RedisUtils.set(uniqueKey3, createAuthoredUser, Duration.ofMinutes(this.envProperties.getTokenExpire()));
        return oauthAccessToken;
    }

    @Override // com.digiwin.dap.middleware.iam.service.oauth.OauthService
    public OauthAccessToken refreshAccessToken(OauthRefreshTokenRequest oauthRefreshTokenRequest) {
        String refreshToken = oauthRefreshTokenRequest.getRefreshToken();
        OauthApp findById = this.oauthAppRepository.findById(oauthRefreshTokenRequest.getAppId());
        if (findById == null) {
            throw new BusinessException(I18nError.SYS_NOT_EXISTED, new Object[]{oauthRefreshTokenRequest.getAppId()});
        }
        if (!oauthRefreshTokenRequest.getSecret().equals(findById.getSecret())) {
            throw new BusinessException(I18nError.SYS_SECRET_ERROR, new Object[]{oauthRefreshTokenRequest.getSecret()});
        }
        if (!IamConstants.OAUTH_AUTHORIZATION_REFRESH_TYPE.equals(oauthRefreshTokenRequest.getGrantType())) {
            throw new BusinessException(I18nError.GRANT_TYPE_ERROR);
        }
        String uniqueKey = uniqueKey(refreshToken, RedisConstants.REDIS_OAUTH_REFRESH_TOKEN);
        if (!RedisUtils.hasKey(uniqueKey)) {
            throw new BusinessException(I18nError.REFRESH_TOKEN_NOT_EXIST, new Object[]{refreshToken});
        }
        OauthAccessToken oauthAccessToken = new OauthAccessToken();
        IamAuthoredUser iamAuthoredUser = (IamAuthoredUser) RedisUtils.get(uniqueKey, IamAuthoredUser.class);
        if (iamAuthoredUser == null || StringUtils.isEmpty(iamAuthoredUser.getToken())) {
            throw new BusinessException(I18nError.REFRESH_TOKEN_CACHE_NOT_EXIST, new Object[]{refreshToken});
        }
        if (!oauthRefreshTokenRequest.getAppId().equalsIgnoreCase(iamAuthoredUser.getAppId())) {
            throw new BusinessException(I18nError.REFRESH_TOKEN_CACHE_ERROR, new Object[]{oauthRefreshTokenRequest.getAppId(), iamAuthoredUser.getAppId()});
        }
        String token = iamAuthoredUser.getToken();
        String uniqueKey2 = uniqueKey(token, RedisConstants.REDIS_OAUTH_ACCESS_TOKEN);
        if (RedisUtils.hasKey(uniqueKey2)) {
            RedisUtils.expire(uniqueKey2, this.envProperties.getOauthTokenExpire(), TimeUnit.MINUTES);
        } else {
            token = UUID.randomUUID().toString();
            iamAuthoredUser.setToken(token);
            uniqueKey2 = uniqueKey(token, RedisConstants.REDIS_OAUTH_ACCESS_TOKEN);
            RedisUtils.set(uniqueKey2, iamAuthoredUser, Duration.ofMillis(this.envProperties.getOauthTokenExpire() * 60 * 1000));
            RedisUtils.set(uniqueKey, iamAuthoredUser);
        }
        oauthAccessToken.setAccessToken(token);
        oauthAccessToken.setExpireIn(RedisUtils.getExpire(uniqueKey2).toString());
        oauthAccessToken.setUserSid(iamAuthoredUser.getSid());
        oauthAccessToken.setRefreshToken(refreshToken);
        return oauthAccessToken;
    }

    @Override // com.digiwin.dap.middleware.iam.service.oauth.OauthService
    public void syncOauthApp(List<OauthAppVO> list) {
        List<OauthApp> oauthApps = this.oauthMapper.getOauthApps((List) list.stream().map((v0) -> {
            return v0.getSysId();
        }).collect(Collectors.toList()), (List) list.stream().map((v0) -> {
            return v0.getPlatform();
        }).collect(Collectors.toList()));
        ArrayList arrayList = new ArrayList();
        list.forEach(oauthAppVO -> {
            OauthApp oauthApp = (OauthApp) oauthApps.stream().filter(oauthApp2 -> {
                return oauthAppVO.getPlatform().equals(oauthApp2.getPlatform()) && oauthAppVO.getSysId().equals(oauthApp2.getSysId());
            }).findFirst().orElse(null);
            if (null == oauthApp) {
                OauthApp generateEntity = oauthAppVO.generateEntity();
                generateEntity.setSid(SnowFlake.getInstance().newId());
                EntityUtils.setCreateFields(generateEntity);
                arrayList.add(generateEntity);
                return;
            }
            oauthApp.setId(oauthAppVO.getId());
            oauthApp.setSecret(oauthAppVO.getSecret());
            EntityUtils.setModifyFields(oauthApp);
            arrayList.add(oauthApp);
        });
        if (arrayList.isEmpty()) {
            return;
        }
        this.oauthAppRepository.saveAll(arrayList);
    }

    private String uniqueKey(String str, String str2) {
        return String.format(str2, str);
    }
}
