package xyz.raylab.authorizationserver.auth.infrastructure.token;

import com.alibaba.fastjson2.JSON;
import com.alibaba.fastjson2.JSONObject;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.util.Optional;
import java.util.function.Consumer;
import javax.servlet.ServletException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import xyz.raylab.authorizationserver.auth.domain.model.AuthCredential;
import xyz.raylab.authorizationserver.auth.domain.model.AuthenticationToken;
import xyz.raylab.authorizationserver.auth.infrastructure.ohs.filter.context.AuthFilterContext;
import xyz.raylab.authorizationserver.auth.infrastructure.ohs.filter.context.AuthFilterContextHolder;
import xyz.raylab.authorizationserver.auth.infrastructure.token.oauth2.OAuth2Request;
import xyz.raylab.authorizationserver.auth.infrastructure.token.oauth2.OAuth2Response;
import xyz.raylab.authorizationserver.auth.interfaces.AuthenticationTokenProvider;
import xyz.raylab.authorizationserver.configuration.properties.DefaultClientProperties;
import xyz.raylab.support.auth.Client;
import xyz.raylab.support.util.Assert;

@Component
/* loaded from: input_file:xyz/raylab/authorizationserver/auth/infrastructure/token/OAuth2AuthenticationTokenProvider.class */
public class OAuth2AuthenticationTokenProvider implements AuthenticationTokenProvider {
    private final Client client;
    private static final Logger LOGGER = LoggerFactory.getLogger(OAuth2AuthenticationTokenProvider.class);
    private static final String REFRESH_TOKEN = "refresh_token";

    @Autowired
    public OAuth2AuthenticationTokenProvider(DefaultClientProperties defaultClientProperties) {
        this.client = new Client(defaultClientProperties.getClientId(), defaultClientProperties.getClientSecret());
    }

    @Override // xyz.raylab.authorizationserver.auth.interfaces.AuthenticationTokenProvider
    public AuthenticationToken generate(AuthCredential authCredential) {
        Assert.notNull(authCredential, "认证凭证不能为空");
        return toAuthenticationToken(sendRequest(oAuth2Request -> {
            oAuth2Request.setServletPath("/oauth2/token");
            oAuth2Request.addParameter("grant_type", "password");
            oAuth2Request.addParameter("username", authCredential.getUsername());
            oAuth2Request.addParameter("password", authCredential.getPassword());
        }));
    }

    @Override // xyz.raylab.authorizationserver.auth.interfaces.AuthenticationTokenProvider
    public AuthenticationToken refresh(String str) {
        Assert.hasText(str, "刷新令牌不能为空");
        return toAuthenticationToken(sendRequest(oAuth2Request -> {
            oAuth2Request.setServletPath("/oauth2/token");
            oAuth2Request.addParameter("grant_type", REFRESH_TOKEN);
            oAuth2Request.addParameter(REFRESH_TOKEN, str);
        }));
    }

    private AuthenticationToken toAuthenticationToken(OAuth2Response oAuth2Response) {
        return (AuthenticationToken) Optional.ofNullable(oAuth2Response).filter(oAuth2Response2 -> {
            return oAuth2Response2.succeeded() && oAuth2Response2.hasContent();
        }).map((v0) -> {
            return v0.getContent();
        }).map(bArr -> {
            JSONObject parseObject = JSON.parseObject(new String(bArr, StandardCharsets.UTF_8));
            String string = parseObject.getString("access_token");
            JSONObject introspect = introspect(string);
            return new AuthenticationToken(string, parseObject.getString(REFRESH_TOKEN), parseObject.getString("token_type"), parseObject.getLong("expires_in"), introspect.getLong("iat"), introspect.getLong("exp"));
        }).orElse(null);
    }

    private JSONObject introspect(String str) {
        return (JSONObject) Optional.ofNullable(sendRequest(oAuth2Request -> {
            oAuth2Request.setServletPath("/oauth2/introspect");
            oAuth2Request.addParameter("token", str);
        })).filter(oAuth2Response -> {
            return oAuth2Response.succeeded() && oAuth2Response.hasContent();
        }).map((v0) -> {
            return v0.getContent();
        }).map(bArr -> {
            return JSON.parseObject(new String(bArr, StandardCharsets.UTF_8));
        }).orElseGet(JSONObject::new);
    }

    @Override // xyz.raylab.authorizationserver.auth.interfaces.AuthenticationTokenProvider
    public boolean revoke(String str) {
        Assert.hasText(str, "令牌不能为空");
        OAuth2Response sendRequest = sendRequest(oAuth2Request -> {
            oAuth2Request.setServletPath("/oauth2/revoke");
            oAuth2Request.addParameter("token", str);
        });
        return sendRequest != null && sendRequest.succeeded();
    }

    private OAuth2Response sendRequest(Consumer<OAuth2Request> consumer) {
        AuthFilterContext context = AuthFilterContextHolder.getInstance().getContext();
        OAuth2Request oAuth2Request = new OAuth2Request(context.getRequest(), this.client);
        consumer.accept(oAuth2Request);
        OAuth2Response oAuth2Response = new OAuth2Response(context.getResponse());
        try {
            context.getChain().doFilter(oAuth2Request, oAuth2Response);
            return oAuth2Response;
        } catch (IOException | ServletException e) {
            LOGGER.error("执行oauth2请求的doFilter异常", e);
            return null;
        }
    }
}
