package cn.herodotus.engine.oauth2.server.authentication.service;

import cn.herodotus.engine.assistant.core.domain.SecretKey;
import cn.herodotus.engine.oauth2.core.utils.SecurityUtils;
import cn.herodotus.engine.protect.web.crypto.processor.HttpCryptoProcessor;
import org.apache.commons.lang3.ObjectUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository;
import org.springframework.stereotype.Service;

@Service
/* loaded from: input_file:cn/herodotus/engine/oauth2/server/authentication/service/InterfaceSecurityService.class */
public class InterfaceSecurityService {
    private static final Logger log = LoggerFactory.getLogger(InterfaceSecurityService.class);
    private static final String PKCS1_BEGIN = "-----BEGIN RSA PUBLIC KEY-----";
    private static final String PKCS1_END = "-----END RSA PUBLIC KEY-----";
    private static final String PKCS8_BEGIN = "-----BEGIN PUBLIC KEY-----";
    private static final String PKCS8_END = "-----END PUBLIC KEY-----";
    private final HttpCryptoProcessor httpCryptoProcessor;
    private final RegisteredClientRepository registeredClientRepository;

    @Autowired
    public InterfaceSecurityService(HttpCryptoProcessor httpCryptoProcessor, RegisteredClientRepository registeredClientRepository) {
        this.httpCryptoProcessor = httpCryptoProcessor;
        this.registeredClientRepository = registeredClientRepository;
    }

    private RegisteredClient validateClient(String str, String str2) {
        RegisteredClient findByClientId = this.registeredClientRepository.findByClientId(str);
        boolean z = false;
        if (ObjectUtils.isNotEmpty(findByClientId)) {
            z = SecurityUtils.matches(str2, findByClientId.getClientSecret());
        }
        if (z) {
            return findByClientId;
        }
        throw new OAuth2AuthenticationException("invalid_client");
    }

    public SecretKey createSecretKey(String str, String str2, String str3) {
        return this.httpCryptoProcessor.createSecretKey(str3, validateClient(str, str2).getTokenSettings().getAccessTokenTimeToLive());
    }

    public String exchange(String str, String str2) {
        return this.httpCryptoProcessor.exchange(str, str2);
    }
}
