package com.gitee.easyopen.auth.impl;

import com.gitee.easyopen.ApiConfig;
import com.gitee.easyopen.auth.Oauth2Manager;
import com.gitee.easyopen.auth.Oauth2Service;
import com.gitee.easyopen.auth.OpenUser;
import com.gitee.easyopen.exception.LoginErrorException;
import java.net.URISyntaxException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.oltu.oauth2.as.issuer.MD5Generator;
import org.apache.oltu.oauth2.as.issuer.OAuthIssuerImpl;
import org.apache.oltu.oauth2.as.request.OAuthAuthzRequest;
import org.apache.oltu.oauth2.as.request.OAuthTokenRequest;
import org.apache.oltu.oauth2.as.response.OAuthASResponse;
import org.apache.oltu.oauth2.common.exception.OAuthProblemException;
import org.apache.oltu.oauth2.common.exception.OAuthSystemException;
import org.apache.oltu.oauth2.common.message.OAuthResponse;
import org.apache.oltu.oauth2.common.message.types.GrantType;
import org.apache.oltu.oauth2.common.message.types.ResponseType;
import org.apache.oltu.oauth2.common.utils.OAuthUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/gitee/easyopen/auth/impl/Oauth2ServiceImpl.class */
public class Oauth2ServiceImpl implements Oauth2Service {
    private static final Logger logger = LoggerFactory.getLogger(Oauth2ServiceImpl.class);
    private Oauth2Manager oauth2Manager;

    public Oauth2ServiceImpl(Oauth2Manager oauth2Manager) {
        this.oauth2Manager = oauth2Manager;
    }

    @Override // com.gitee.easyopen.auth.Oauth2Service
    public OAuthResponse authorize(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, ApiConfig apiConfig) throws URISyntaxException, OAuthSystemException {
        try {
            OAuthAuthzRequest oAuthAuthzRequest = new OAuthAuthzRequest(httpServletRequest);
            if (!checkClientId(oAuthAuthzRequest.getClientId(), apiConfig)) {
                return OAuthASResponse.errorResponse(400).setError("invalid_client").setErrorDescription("invalid_client").buildJSONMessage();
            }
            try {
                OpenUser login = this.oauth2Manager.login(httpServletRequest);
                String str = null;
                if (oAuthAuthzRequest.getParam("response_type").equals(ResponseType.CODE.toString())) {
                    str = new OAuthIssuerImpl(new MD5Generator()).authorizationCode();
                    this.oauth2Manager.addAuthCode(str, login);
                }
                OAuthASResponse.OAuthAuthorizationResponseBuilder authorizationResponse = OAuthASResponse.authorizationResponse(httpServletRequest, 302);
                authorizationResponse.setCode(str);
                return authorizationResponse.location(oAuthAuthzRequest.getParam("redirect_uri")).buildQueryMessage();
            } catch (LoginErrorException e) {
                httpServletRequest.setAttribute("error", e.getMessage());
                try {
                    httpServletRequest.getRequestDispatcher(apiConfig.getOauth2LoginUri()).forward(httpServletRequest, httpServletResponse);
                    throw e;
                } catch (Exception e2) {
                    throw new RuntimeException(e2);
                }
            }
        } catch (OAuthProblemException e3) {
            String redirectUri = e3.getRedirectUri();
            return OAuthUtils.isEmpty(redirectUri) ? OAuthASResponse.errorResponse(302).error(OAuthProblemException.error("OAuth redirectUri needs to be provided by client!!!")).location(redirectUri).buildQueryMessage() : OAuthASResponse.errorResponse(302).error(e3).location(redirectUri).buildQueryMessage();
        }
    }

    @Override // com.gitee.easyopen.auth.Oauth2Service
    public OAuthResponse accessToken(HttpServletRequest httpServletRequest, ApiConfig apiConfig) throws URISyntaxException, OAuthSystemException {
        try {
            OAuthTokenRequest oAuthTokenRequest = new OAuthTokenRequest(httpServletRequest);
            if (!checkClientId(oAuthTokenRequest.getClientId(), apiConfig)) {
                return OAuthASResponse.errorResponse(400).setError("invalid_client").setErrorDescription("invalid_client").buildJSONMessage();
            }
            if (!checkClientSecret(oAuthTokenRequest.getClientId(), oAuthTokenRequest.getClientSecret(), apiConfig)) {
                return OAuthASResponse.errorResponse(401).setError("unauthorized_client").setErrorDescription("unauthorized_client").buildJSONMessage();
            }
            String param = oAuthTokenRequest.getParam("code");
            if (oAuthTokenRequest.getParam("grant_type").equals(GrantType.AUTHORIZATION_CODE.toString()) && !this.oauth2Manager.checkAuthCode(param)) {
                return OAuthASResponse.errorResponse(400).setError("invalid_grant").setErrorDescription("错误的授权码").buildJSONMessage();
            }
            OAuthIssuerImpl oAuthIssuerImpl = new OAuthIssuerImpl(new MD5Generator());
            long expireIn = this.oauth2Manager.getExpireIn(apiConfig);
            String accessToken = oAuthIssuerImpl.accessToken();
            OpenUser userByAuthCode = this.oauth2Manager.getUserByAuthCode(param);
            if (userByAuthCode == null) {
                throw OAuthProblemException.error("Can not found user by code.");
            }
            this.oauth2Manager.addAccessToken(accessToken, userByAuthCode, expireIn);
            return OAuthASResponse.tokenResponse(200).setAccessToken(accessToken).setExpiresIn(String.valueOf(expireIn)).buildJSONMessage();
        } catch (OAuthProblemException e) {
            logger.error(e.getMessage(), e);
            return OAuthASResponse.errorResponse(400).error(e).buildJSONMessage();
        }
    }

    private boolean checkClientId(String str, ApiConfig apiConfig) {
        return apiConfig.getAppSecretManager().isValidAppKey(str);
    }

    private boolean checkClientSecret(String str, String str2, ApiConfig apiConfig) {
        String secret = apiConfig.getAppSecretManager().getSecret(str);
        if (secret == null) {
            return false;
        }
        return secret.equals(str2);
    }
}
