package cn.herodotus.stirrup.oauth2.management.service;

import cn.herodotus.stirrup.core.definition.domain.secure.SecretKey;
import cn.herodotus.stirrup.oauth2.core.servlet.utils.SecurityUtils;
import cn.herodotus.stirrup.web.servlet.crypto.HttpCryptoProcessor;
import org.apache.commons.lang3.ObjectUtils;
import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
import org.springframework.security.oauth2.server.authorization.client.RegisteredClientRepository;
import org.springframework.stereotype.Service;

@Service
/* loaded from: input_file:cn/herodotus/stirrup/oauth2/management/service/InterfaceSecurityService.class */
public class InterfaceSecurityService {
    private final HttpCryptoProcessor httpCryptoProcessor;
    private final RegisteredClientRepository registeredClientRepository;

    public InterfaceSecurityService(HttpCryptoProcessor httpCryptoProcessor, RegisteredClientRepository registeredClientRepository) {
        this.httpCryptoProcessor = httpCryptoProcessor;
        this.registeredClientRepository = registeredClientRepository;
    }

    private RegisteredClient validateClient(String str, String str2) {
        RegisteredClient findByClientId = this.registeredClientRepository.findByClientId(str);
        boolean z = false;
        if (ObjectUtils.isNotEmpty(findByClientId)) {
            z = SecurityUtils.matches(str2, findByClientId.getClientSecret());
        }
        if (z) {
            return findByClientId;
        }
        throw new OAuth2AuthenticationException("invalid_client");
    }

    public SecretKey createSecretKey(String str, String str2, String str3) {
        return this.httpCryptoProcessor.createSecretKey(str3, validateClient(str, str2).getTokenSettings().getAccessTokenTimeToLive());
    }

    public String exchange(String str, String str2) {
        return this.httpCryptoProcessor.exchange(str, str2);
    }
}
