package com.fujieid.jap.oauth2;

import cn.hutool.core.util.ArrayUtil;
import cn.hutool.core.util.ObjectUtil;
import cn.hutool.core.util.RandomUtil;
import cn.hutool.core.util.StrUtil;
import cn.hutool.core.util.URLUtil;
import com.fujieid.jap.core.JapUser;
import com.fujieid.jap.core.JapUserService;
import com.fujieid.jap.core.cache.JapCache;
import com.fujieid.jap.core.config.AuthenticateConfig;
import com.fujieid.jap.core.config.JapConfig;
import com.fujieid.jap.core.context.JapAuthentication;
import com.fujieid.jap.core.exception.JapException;
import com.fujieid.jap.core.exception.JapOauth2Exception;
import com.fujieid.jap.core.result.JapErrorCode;
import com.fujieid.jap.core.result.JapResponse;
import com.fujieid.jap.core.strategy.AbstractJapStrategy;
import com.fujieid.jap.http.JapHttpRequest;
import com.fujieid.jap.http.JapHttpResponse;
import com.fujieid.jap.oauth2.pkce.PkceHelper;
import com.fujieid.jap.oauth2.token.AccessToken;
import com.fujieid.jap.oauth2.token.AccessTokenHelper;
import com.xkcoding.json.util.Kv;
import com.xkcoding.json.util.StringUtil;
import java.nio.charset.StandardCharsets;
import java.util.HashMap;

/* loaded from: input_file:com/fujieid/jap/oauth2/Oauth2Strategy.class */
public class Oauth2Strategy extends AbstractJapStrategy {
    public Oauth2Strategy(JapUserService japUserService, JapConfig japConfig) {
        super(japUserService, japConfig);
    }

    public Oauth2Strategy(JapUserService japUserService, JapConfig japConfig, JapCache japCache) {
        super(japUserService, japConfig, japCache);
    }

    public JapResponse authenticate(AuthenticateConfig authenticateConfig, JapHttpRequest japHttpRequest, JapHttpResponse japHttpResponse) {
        try {
            Oauth2Util.checkOauthCallbackRequest(japHttpRequest.getParameter("error"), japHttpRequest.getParameter("error_description"), "Oauth2strategy request failed.");
            JapUser checkSession = checkSession(japHttpRequest, japHttpResponse);
            if (null != checkSession) {
                return JapResponse.success(checkSession);
            }
            try {
                checkAuthenticateConfig(authenticateConfig, OAuthConfig.class);
                OAuthConfig oAuthConfig = (OAuthConfig) authenticateConfig;
                try {
                    Oauth2Util.checkOauthConfig(oAuthConfig);
                    boolean z = oAuthConfig.getGrantType() == Oauth2GrantType.PASSWORD || oAuthConfig.getGrantType() == Oauth2GrantType.CLIENT_CREDENTIALS;
                    if (!Oauth2Util.isCallback(japHttpRequest, oAuthConfig) && !z) {
                        return JapResponse.success(getAuthorizationUrl(oAuthConfig));
                    }
                    try {
                        try {
                            JapUser userInfo = getUserInfo(oAuthConfig, AccessTokenHelper.getToken(japHttpRequest, oAuthConfig, new Object[0]));
                            return null == userInfo ? JapResponse.error(JapErrorCode.UNABLE_SAVE_USERINFO) : loginSuccess(userInfo, japHttpRequest, japHttpResponse);
                        } catch (JapOauth2Exception e) {
                            return JapResponse.error(e.getErrorCode(), e.getErrorMessage());
                        }
                    } catch (JapOauth2Exception e2) {
                        return JapResponse.error(e2.getErrorCode(), e2.getErrorMessage());
                    }
                } catch (JapOauth2Exception e3) {
                    return JapResponse.error(e3.getErrorCode(), e3.getErrorMessage());
                }
            } catch (JapException e4) {
                return JapResponse.error(e4.getErrorCode(), e4.getErrorMessage());
            }
        } catch (JapOauth2Exception e5) {
            return JapResponse.error(e5.getErrorCode(), e5.getErrorMessage());
        }
    }

    public JapResponse refreshToken(AuthenticateConfig authenticateConfig, String str) {
        try {
            checkAuthenticateConfig(authenticateConfig, OAuthConfig.class);
            OAuthConfig oAuthConfig = (OAuthConfig) authenticateConfig;
            if (oAuthConfig.getGrantType() != Oauth2GrantType.REFRESH_TOKEN) {
                return JapResponse.error(JapErrorCode.INVALID_GRANT_TYPE);
            }
            try {
                return JapResponse.success(AccessTokenHelper.getToken(null, oAuthConfig, str));
            } catch (JapOauth2Exception e) {
                return JapResponse.error(e.getErrorCode(), e.getErrorMessage());
            }
        } catch (JapException e2) {
            return JapResponse.error(e2.getErrorCode(), e2.getErrorMessage());
        }
    }

    public JapResponse revokeToken(AuthenticateConfig authenticateConfig, String str) {
        try {
            checkAuthenticateConfig(authenticateConfig, OAuthConfig.class);
            OAuthConfig oAuthConfig = (OAuthConfig) authenticateConfig;
            HashMap hashMap = new HashMap(6);
            hashMap.put("access_token", str);
            Oauth2Util.checkOauthResponse(Oauth2Util.request(oAuthConfig.getRevokeTokenEndpointMethodType(), oAuthConfig.getRevokeTokenUrl(), hashMap), "Oauth2Strategy failed to revoke access_token. " + str);
            return JapResponse.success();
        } catch (JapException e) {
            return JapResponse.error(e.getErrorCode(), e.getErrorMessage());
        }
    }

    public JapResponse getUserInfo(AuthenticateConfig authenticateConfig, AccessToken accessToken) {
        try {
            checkAuthenticateConfig(authenticateConfig, OAuthConfig.class);
            try {
                return JapResponse.success(getUserInfo((OAuthConfig) authenticateConfig, accessToken));
            } catch (JapOauth2Exception e) {
                return JapResponse.error(e.getErrorCode(), e.getErrorMessage());
            }
        } catch (JapException e2) {
            return JapResponse.error(e2.getErrorCode(), e2.getErrorMessage());
        }
    }

    private JapUser getUserInfo(OAuthConfig oAuthConfig, AccessToken accessToken) throws JapOauth2Exception {
        if (null == accessToken || StringUtil.isEmpty(accessToken.getAccessToken())) {
            throw new JapOauth2Exception("Oauth2Strategy failed to get userInfo with accessToken. AccessToken is empty.");
        }
        HashMap hashMap = new HashMap(3);
        hashMap.put("access_token", accessToken.getAccessToken());
        Kv request = Oauth2Util.request(oAuthConfig.getUserInfoEndpointMethodType(), oAuthConfig.getUserinfoUrl(), hashMap);
        Oauth2Util.checkOauthResponse(request, "Oauth2Strategy failed to get userInfo with accessToken.");
        JapUser createAndGetOauth2User = this.japUserService.createAndGetOauth2User(oAuthConfig.getPlatform(), request, accessToken);
        if (ObjectUtil.isNull(createAndGetOauth2User)) {
            return null;
        }
        return createAndGetOauth2User;
    }

    private String getAuthorizationUrl(OAuthConfig oAuthConfig) {
        String str = null;
        if (oAuthConfig.getResponseType() == Oauth2ResponseType.CODE || oAuthConfig.getResponseType() == Oauth2ResponseType.TOKEN) {
            str = generateAuthorizationCodeGrantUrl(oAuthConfig);
        }
        return str;
    }

    private String generateAuthorizationCodeGrantUrl(OAuthConfig oAuthConfig) {
        HashMap hashMap = new HashMap(6);
        hashMap.put("response_type", oAuthConfig.getResponseType());
        hashMap.put("client_id", oAuthConfig.getClientId());
        if (StrUtil.isNotBlank(oAuthConfig.getCallbackUrl())) {
            hashMap.put("redirect_uri", oAuthConfig.getCallbackUrl());
        }
        if (ArrayUtil.isNotEmpty(oAuthConfig.getScopes())) {
            hashMap.put("scope", String.join(Oauth2Const.SCOPE_SEPARATOR, oAuthConfig.getScopes()));
        }
        String state = oAuthConfig.getState();
        if (StrUtil.isBlank(state)) {
            state = RandomUtil.randomString(6);
        }
        hashMap.put("state", oAuthConfig.getState());
        JapAuthentication.getContext().getCache().set(Oauth2Const.STATE_CACHE_KEY.concat(oAuthConfig.getClientId()), state);
        if (Oauth2ResponseType.CODE == oAuthConfig.getResponseType() && oAuthConfig.isEnablePkce()) {
            hashMap.putAll(PkceHelper.generatePkceParameters(oAuthConfig));
        }
        return oAuthConfig.getAuthorizationUrl().concat("?").concat(URLUtil.buildQuery(hashMap, StandardCharsets.UTF_8));
    }
}
