package cn.omisheep.authz.core.helper;

import cn.omisheep.authz.core.AuthzProperties;
import cn.omisheep.authz.core.auth.deviced.Device;
import cn.omisheep.authz.core.auth.deviced.UserDevicesDict;
import cn.omisheep.authz.core.callback.AuthorizationCallback;
import cn.omisheep.authz.core.config.AuthzAppVersion;
import cn.omisheep.authz.core.config.Constants;
import cn.omisheep.authz.core.oauth.AuthorizationException;
import cn.omisheep.authz.core.oauth.AuthorizationInfo;
import cn.omisheep.authz.core.oauth.AuthorizedDeviceDetails;
import cn.omisheep.authz.core.oauth.ClientDetails;
import cn.omisheep.authz.core.tk.GrantType;
import cn.omisheep.authz.core.tk.IssueToken;
import cn.omisheep.authz.core.tk.TokenHelper;
import cn.omisheep.authz.core.tk.TokenPair;
import cn.omisheep.commons.encryption.Digest;
import cn.omisheep.commons.util.TimeUtils;
import cn.omisheep.commons.util.UUIDBits;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import java.util.stream.Collectors;
import org.apache.commons.lang.StringUtils;

/* loaded from: input_file:cn/omisheep/authz/core/helper/OpenAuthHelper.class */
public class OpenAuthHelper extends BaseHelper {
    private static final AuthzProperties.OpenAuthConfig oauthConfig = properties.getOauth();
    private static AuthorizationCallback authorizationCallback;

    private OpenAuthHelper() {
        throw new UnsupportedOperationException();
    }

    public static IssueToken authorizeByCode(String str, String str2, String str3) throws AuthorizationException {
        checkClient(str, str2);
        String str4 = Constants.AUTHORIZE_CODE_PREFIX.get() + str3;
        AuthorizationInfo authorizationInfo = (AuthorizationInfo) cache.get(str4, AuthorizationInfo.class);
        cache.del(str4);
        if (authorizationInfo == null || authorizationInfo.getExpiresAt().longValue() < TimeUtils.nowTime()) {
            throw AuthorizationException.authorizationCodeExpiredOrNotExist();
        }
        return authorize(authorizationInfo);
    }

    public static IssueToken authorizeByPassword(String str, String str2, String str3, Object obj) throws AuthorizationException {
        ClientDetails checkClient = checkClient(str, str2);
        if (obj == null) {
            throw AuthorizationException.privilegeGrantFailed();
        }
        return authorize(new AuthorizationInfo(str, checkClient.getClientName(), str3, GrantType.PASSWORD, null, null, null, obj));
    }

    public static IssueToken authorizeByClient(String str, String str2, String str3) throws AuthorizationException {
        return authorize(new AuthorizationInfo(str, checkClient(str, str2).getClientName(), str3, GrantType.CLIENT_CREDENTIALS, null, null, null, null));
    }

    private static ClientDetails checkClient(String str, String str2) throws AuthorizationException {
        ClientDetails clientById = openAuthLibrary.getClientById(str);
        if (clientById == null || !StringUtils.equals(clientById.getClientSecret(), str2)) {
            throw AuthorizationException.clientSecretError();
        }
        return clientById;
    }

    private static IssueToken authorize(AuthorizationInfo authorizationInfo) {
        TokenPair createTokenPair = TokenHelper.createTokenPair(authorizationInfo);
        AuthzGranterHelper.grant(createTokenPair, false);
        if (authorizationCallback != null) {
            authorizationCallback.authorize(new AuthorizedDeviceDetails(authorizationInfo, createTokenPair.getRefreshToken().getId()));
        }
        return TokenHelper.createIssueToken(createTokenPair);
    }

    public static String createAuthorizationCode(String str, String str2, String str3, Object obj) throws AuthorizationException {
        ClientDetails findClient = findClient(str);
        if (findClient == null || !StringUtils.equals(findClient.getRedirectUrl(), str3)) {
            throw AuthorizationException.clientNotExist();
        }
        String hash = Digest.hash(oauthConfig.getAlgorithm().getValue(), str + str2 + System.currentTimeMillis() + UUIDBits.getUUIDBits(16));
        if (hash == null) {
            throw AuthorizationException.privilegeGrantFailed();
        }
        Date now = TimeUtils.now();
        AuthorizationInfo authorizationInfo = new AuthorizationInfo(str, findClient.getClientName(), str2, GrantType.AUTHORIZATION_CODE, AuthzAppVersion.AUTHORIZATION_CODE_TIME.get(), Long.valueOf(TimeUtils.datePlus(now, AuthzAppVersion.AUTHORIZATION_CODE_TIME.get().longValue()).getTime()), Long.valueOf(now.getTime()), obj);
        if (authorizationCallback != null) {
            authorizationCallback.createAuthorizationCodeCallback(hash, authorizationInfo);
        }
        cache.set(Constants.AUTHORIZE_CODE_PREFIX.get() + hash, (String) authorizationInfo, AuthzAppVersion.AUTHORIZATION_CODE_TIME.get().longValue());
        return hash;
    }

    public static String createBasicScopeAuthorizationCode(String str, String str2, Object obj) throws AuthorizationException {
        return createAuthorizationCode(str, oauthConfig.getDefaultBasicScope(), str2, obj);
    }

    public static ClientDetails clientRegister(String str, String str2) {
        String uUIDBits = UUIDBits.getUUIDBits(oauthConfig.getClientIdLength(), str3 -> {
            return Boolean.valueOf(openAuthLibrary.getClientById(str3) == null);
        }, 20);
        if (uUIDBits == null) {
            return null;
        }
        return clientRegister(uUIDBits, UUIDBits.getUUIDBits(oauthConfig.getClientSecretLength()), str, str2);
    }

    public static ClientDetails clientRegister(String str, String str2, String str3) {
        if (str == null) {
            return null;
        }
        return clientRegister(str, UUIDBits.getUUIDBits(oauthConfig.getClientSecretLength()), str2, str3);
    }

    public static ClientDetails clientRegister(String str, String str2, String str3, String str4) {
        if (str == null || str2 == null) {
            return null;
        }
        ClientDetails redirectUrl = new ClientDetails().setClientId(str).setClientSecret(str2).setClientName(str3).setRedirectUrl(str4);
        openAuthLibrary.registerClient(redirectUrl);
        return redirectUrl;
    }

    public static ClientDetails findClient(String str) {
        if (str == null) {
            return null;
        }
        return openAuthLibrary.getClientById(str);
    }

    public static void deleteClient(String str) {
        if (str == null) {
            return;
        }
        openAuthLibrary.deleteClientById(str);
    }

    public static List<AuthorizedDeviceDetails> getAuthorizedDeviceDetailsAt(Object obj) {
        Set<String> keys = cache.keys(UserDevicesDict.oauthKey(obj, "*"));
        Map map = cache.get(keys, Device.class);
        Iterator it = keys.stream().map(str -> {
            return str.split(":")[6];
        }).iterator();
        return (List) map.values().stream().map(device -> {
            if (device == null) {
                return null;
            }
            return new AuthorizedDeviceDetails(device, obj, (String) it.next());
        }).filter((v0) -> {
            return Objects.nonNull(v0);
        }).collect(Collectors.toList());
    }

    public static void removeAuthorizedDevice(Object obj, String str) {
        if (str.contains("*")) {
            return;
        }
        cache.del(UserDevicesDict.oauthKey(obj, str));
    }

    public static void removeAllAuthorizedDevice(Object obj) {
        Set<String> keys = cache.keys(UserDevicesDict.oauthKey(obj, "*"));
        cache.del(keys);
        if (authorizationCallback != null) {
            Iterator<String> it = keys.iterator();
            while (it.hasNext()) {
                authorizationCallback.removeAuthorization(it.next().split(":")[6]);
            }
        }
    }

    public static void setAuthorizationCallback(AuthorizationCallback authorizationCallback2) {
        authorizationCallback = authorizationCallback2;
    }
}
