package cn.herodotus.stirrup.oauth2.management.response;

import cn.herodotus.stirrup.core.definition.domain.secure.PrincipalDetails;
import cn.herodotus.stirrup.core.foundation.json.jackson2.utils.Jackson2Utils;
import cn.herodotus.stirrup.web.servlet.crypto.HttpCryptoProcessor;
import cn.herodotus.stirrup.web.servlet.utils.SessionUtils;
import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.time.temporal.ChronoUnit;
import java.util.HashMap;
import java.util.Map;
import org.apache.commons.collections4.MapUtils;
import org.apache.commons.lang3.ObjectUtils;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.MediaType;
import org.springframework.http.converter.HttpMessageConverter;
import org.springframework.http.server.ServletServerHttpResponse;
import org.springframework.security.core.Authentication;
import org.springframework.security.oauth2.core.OAuth2AccessToken;
import org.springframework.security.oauth2.core.OAuth2RefreshToken;
import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse;
import org.springframework.security.oauth2.core.http.converter.OAuth2AccessTokenResponseHttpMessageConverter;
import org.springframework.security.oauth2.server.authorization.authentication.OAuth2AccessTokenAuthenticationToken;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;

/* loaded from: input_file:cn/herodotus/stirrup/oauth2/management/response/OAuth2AccessTokenResponseHandler.class */
public class OAuth2AccessTokenResponseHandler implements AuthenticationSuccessHandler {
    private static final Logger log = LoggerFactory.getLogger(OAuth2AccessTokenResponseHandler.class);
    private final HttpMessageConverter<OAuth2AccessTokenResponse> accessTokenHttpResponseConverter = new OAuth2AccessTokenResponseHttpMessageConverter();
    private final HttpCryptoProcessor httpCryptoProcessor;

    public OAuth2AccessTokenResponseHandler(HttpCryptoProcessor httpCryptoProcessor) {
        this.httpCryptoProcessor = httpCryptoProcessor;
    }

    public void onAuthenticationSuccess(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) throws IOException, ServletException {
        log.debug("[Herodotus] |- OAuth2 authentication success for [{}]", httpServletRequest.getRequestURI());
        OAuth2AccessTokenAuthenticationToken oAuth2AccessTokenAuthenticationToken = (OAuth2AccessTokenAuthenticationToken) authentication;
        OAuth2AccessToken accessToken = oAuth2AccessTokenAuthenticationToken.getAccessToken();
        OAuth2RefreshToken refreshToken = oAuth2AccessTokenAuthenticationToken.getRefreshToken();
        Map<String, Object> additionalParameters = oAuth2AccessTokenAuthenticationToken.getAdditionalParameters();
        OAuth2AccessTokenResponse.Builder scopes = OAuth2AccessTokenResponse.withToken(accessToken.getTokenValue()).tokenType(accessToken.getTokenType()).scopes(accessToken.getScopes());
        if (accessToken.getIssuedAt() != null && accessToken.getExpiresAt() != null) {
            scopes.expiresIn(ChronoUnit.SECONDS.between(accessToken.getIssuedAt(), accessToken.getExpiresAt()));
        }
        if (refreshToken != null) {
            scopes.refreshToken(refreshToken.getTokenValue());
        }
        if (isOidcUserInfoPattern(additionalParameters)) {
            scopes.additionalParameters(additionalParameters);
        } else {
            String analyseSessionId = SessionUtils.analyseSessionId(httpServletRequest);
            Object details = authentication.getDetails();
            if (isHerodotusUserInfoPattern(analyseSessionId, details)) {
                String encrypt = this.httpCryptoProcessor.encrypt(analyseSessionId, Jackson2Utils.toJson((PrincipalDetails) details));
                HashMap hashMap = new HashMap(additionalParameters);
                hashMap.put("openid", encrypt);
                scopes.additionalParameters(hashMap);
            } else {
                log.warn("[Herodotus] |- OAuth2 authentication can not get use info.");
            }
        }
        this.accessTokenHttpResponseConverter.write(scopes.build(), (MediaType) null, new ServletServerHttpResponse(httpServletResponse));
    }

    private boolean isHerodotusUserInfoPattern(String str, Object obj) {
        return StringUtils.isNotBlank(str) && ObjectUtils.isNotEmpty(obj) && (obj instanceof PrincipalDetails);
    }

    private boolean isOidcUserInfoPattern(Map<String, Object> map) {
        return MapUtils.isNotEmpty(map) && map.containsKey("id_token");
    }
}
