package cn.dev33.satoken.oauth2.logic;

import cn.dev33.satoken.context.SaHolder;
import cn.dev33.satoken.context.model.SaRequest;
import cn.dev33.satoken.context.model.SaResponse;
import cn.dev33.satoken.oauth2.SaOAuth2Manager;
import cn.dev33.satoken.oauth2.config.SaOAuth2Config;
import cn.dev33.satoken.oauth2.error.SaOAuth2ErrorCode;
import cn.dev33.satoken.oauth2.exception.SaOAuth2Exception;
import cn.dev33.satoken.oauth2.logic.SaOAuth2Consts;
import cn.dev33.satoken.oauth2.model.RequestAuthModel;
import cn.dev33.satoken.oauth2.model.SaClientModel;
import cn.dev33.satoken.stp.StpUtil;
import cn.dev33.satoken.util.SaResult;

/* loaded from: input_file:cn/dev33/satoken/oauth2/logic/SaOAuth2Handle.class */
public class SaOAuth2Handle {
    public static Object serverRequest() {
        SaRequest request = SaHolder.getRequest();
        SaResponse response = SaHolder.getResponse();
        SaOAuth2Config config = SaOAuth2Manager.getConfig();
        if (request.isPath(SaOAuth2Consts.Api.authorize) && request.isParam(SaOAuth2Consts.Param.response_type, SaOAuth2Consts.ResponseType.code)) {
            SaClientModel currClientModel = currClientModel();
            if (config.getIsCode().booleanValue() && (currClientModel.isCode.booleanValue() || currClientModel.isAutoMode.booleanValue())) {
                return authorize(request, response, config);
            }
            throw new SaOAuth2Exception("暂未开放的授权模式").setCode(SaOAuth2ErrorCode.CODE_30131);
        }
        if (request.isPath(SaOAuth2Consts.Api.token) && request.isParam(SaOAuth2Consts.Param.grant_type, SaOAuth2Consts.GrantType.authorization_code)) {
            return token(request, response, config);
        }
        if (request.isPath(SaOAuth2Consts.Api.refresh) && request.isParam(SaOAuth2Consts.Param.grant_type, SaOAuth2Consts.GrantType.refresh_token)) {
            return refreshToken(request);
        }
        if (request.isPath(SaOAuth2Consts.Api.revoke)) {
            return revokeToken(request);
        }
        if (request.isPath(SaOAuth2Consts.Api.doLogin)) {
            return doLogin(request, response, config);
        }
        if (request.isPath(SaOAuth2Consts.Api.doConfirm)) {
            return doConfirm(request);
        }
        if (request.isPath(SaOAuth2Consts.Api.authorize) && request.isParam(SaOAuth2Consts.Param.response_type, SaOAuth2Consts.ResponseType.token)) {
            SaClientModel currClientModel2 = currClientModel();
            if (config.getIsImplicit().booleanValue() && (currClientModel2.isImplicit.booleanValue() || currClientModel2.isAutoMode.booleanValue())) {
                return authorize(request, response, config);
            }
            throw new SaOAuth2Exception("暂未开放的授权模式").setCode(SaOAuth2ErrorCode.CODE_30132);
        }
        if (request.isPath(SaOAuth2Consts.Api.token) && request.isParam(SaOAuth2Consts.Param.grant_type, SaOAuth2Consts.GrantType.password)) {
            SaClientModel currClientModel3 = currClientModel();
            if (config.getIsPassword().booleanValue() && (currClientModel3.isPassword.booleanValue() || currClientModel3.isAutoMode.booleanValue())) {
                return password(request, response, config);
            }
            throw new SaOAuth2Exception("暂未开放的授权模式").setCode(SaOAuth2ErrorCode.CODE_30133);
        }
        if (!request.isPath(SaOAuth2Consts.Api.client_token) || !request.isParam(SaOAuth2Consts.Param.grant_type, SaOAuth2Consts.GrantType.client_credentials)) {
            return SaOAuth2Consts.NOT_HANDLE;
        }
        SaClientModel currClientModel4 = currClientModel();
        if (config.getIsClient().booleanValue() && (currClientModel4.isClient.booleanValue() || currClientModel4.isAutoMode.booleanValue())) {
            return clientToken(request, response, config);
        }
        throw new SaOAuth2Exception("暂未开放的授权模式").setCode(SaOAuth2ErrorCode.CODE_30134);
    }

    public static Object authorize(SaRequest saRequest, SaResponse saResponse, SaOAuth2Config saOAuth2Config) {
        if (!StpUtil.isLogin()) {
            return saOAuth2Config.getNotLoginView().get();
        }
        RequestAuthModel generateRequestAuth = SaOAuth2Util.generateRequestAuth(saRequest, StpUtil.getLoginId());
        SaOAuth2Util.checkRightUrl(generateRequestAuth.clientId, generateRequestAuth.redirectUri);
        SaOAuth2Util.checkContract(generateRequestAuth.clientId, generateRequestAuth.scope);
        if (!SaOAuth2Util.isGrant(generateRequestAuth.loginId, generateRequestAuth.clientId, generateRequestAuth.scope)) {
            return saOAuth2Config.getConfirmView().apply(generateRequestAuth.clientId, generateRequestAuth.scope);
        }
        if (SaOAuth2Consts.ResponseType.code.equals(generateRequestAuth.responseType)) {
            return saResponse.redirect(SaOAuth2Util.buildRedirectUri(generateRequestAuth.redirectUri, SaOAuth2Util.generateCode(generateRequestAuth).code, generateRequestAuth.state));
        }
        if (!SaOAuth2Consts.ResponseType.token.equals(generateRequestAuth.responseType)) {
            throw new SaOAuth2Exception("无效response_type: " + generateRequestAuth.responseType).setCode(SaOAuth2ErrorCode.CODE_30125);
        }
        return saResponse.redirect(SaOAuth2Util.buildImplicitRedirectUri(generateRequestAuth.redirectUri, SaOAuth2Util.generateAccessToken(generateRequestAuth, false).accessToken, generateRequestAuth.state));
    }

    public static Object token(SaRequest saRequest, SaResponse saResponse, SaOAuth2Config saOAuth2Config) {
        String paramNotNull = saRequest.getParamNotNull(SaOAuth2Consts.Param.code);
        SaOAuth2Util.checkGainTokenParam(paramNotNull, saRequest.getParamNotNull(SaOAuth2Consts.Param.client_id), saRequest.getParamNotNull(SaOAuth2Consts.Param.client_secret), saRequest.getParam(SaOAuth2Consts.Param.redirect_uri));
        return SaResult.data(SaOAuth2Util.generateAccessToken(paramNotNull).toLineMap());
    }

    public static Object refreshToken(SaRequest saRequest) {
        String paramNotNull = saRequest.getParamNotNull(SaOAuth2Consts.Param.client_id);
        String paramNotNull2 = saRequest.getParamNotNull(SaOAuth2Consts.Param.client_secret);
        String paramNotNull3 = saRequest.getParamNotNull(SaOAuth2Consts.Param.refresh_token);
        SaOAuth2Util.checkRefreshTokenParam(paramNotNull, paramNotNull2, paramNotNull3);
        return SaResult.data(SaOAuth2Util.refreshAccessToken(paramNotNull3).toLineMap());
    }

    public static Object revokeToken(SaRequest saRequest) {
        String paramNotNull = saRequest.getParamNotNull(SaOAuth2Consts.Param.client_id);
        String paramNotNull2 = saRequest.getParamNotNull(SaOAuth2Consts.Param.client_secret);
        String paramNotNull3 = saRequest.getParamNotNull(SaOAuth2Consts.Param.access_token);
        if (SaOAuth2Util.getAccessToken(paramNotNull3) == null) {
            return SaResult.ok("access_token不存在：" + paramNotNull3);
        }
        SaOAuth2Util.checkAccessTokenParam(paramNotNull, paramNotNull2, paramNotNull3);
        SaOAuth2Util.revokeAccessToken(paramNotNull3);
        return SaResult.ok();
    }

    public static Object doLogin(SaRequest saRequest, SaResponse saResponse, SaOAuth2Config saOAuth2Config) {
        return saOAuth2Config.getDoLoginHandle().apply(saRequest.getParamNotNull(SaOAuth2Consts.Param.name), saRequest.getParamNotNull(SaOAuth2Consts.Param.pwd));
    }

    public static Object doConfirm(SaRequest saRequest) {
        SaOAuth2Util.saveGrantScope(saRequest.getParamNotNull(SaOAuth2Consts.Param.client_id), StpUtil.getLoginId(), saRequest.getParamNotNull(SaOAuth2Consts.Param.scope));
        return SaResult.ok();
    }

    public static Object password(SaRequest saRequest, SaResponse saResponse, SaOAuth2Config saOAuth2Config) {
        String paramNotNull = saRequest.getParamNotNull(SaOAuth2Consts.Param.username);
        String paramNotNull2 = saRequest.getParamNotNull(SaOAuth2Consts.Param.password);
        String paramNotNull3 = saRequest.getParamNotNull(SaOAuth2Consts.Param.client_id);
        String paramNotNull4 = saRequest.getParamNotNull(SaOAuth2Consts.Param.client_secret);
        String param = saRequest.getParam(SaOAuth2Consts.Param.scope, "");
        SaOAuth2Util.checkClientSecretAndScope(paramNotNull3, paramNotNull4, param);
        Object apply = saOAuth2Config.getDoLoginHandle().apply(paramNotNull, paramNotNull2);
        if (!StpUtil.isLogin()) {
            return apply;
        }
        RequestAuthModel requestAuthModel = new RequestAuthModel();
        requestAuthModel.clientId = paramNotNull3;
        requestAuthModel.loginId = StpUtil.getLoginId();
        requestAuthModel.scope = param;
        return SaResult.data(SaOAuth2Util.generateAccessToken(requestAuthModel, true).toLineMap());
    }

    public static Object clientToken(SaRequest saRequest, SaResponse saResponse, SaOAuth2Config saOAuth2Config) {
        String paramNotNull = saRequest.getParamNotNull(SaOAuth2Consts.Param.client_id);
        String paramNotNull2 = saRequest.getParamNotNull(SaOAuth2Consts.Param.client_secret);
        String param = saRequest.getParam(SaOAuth2Consts.Param.scope);
        SaOAuth2Util.checkContract(paramNotNull, param);
        SaOAuth2Util.checkClientSecret(paramNotNull, paramNotNull2);
        return SaResult.data(SaOAuth2Util.generateClientToken(paramNotNull, param).toLineMap());
    }

    public static SaClientModel currClientModel() {
        return SaOAuth2Util.checkClientModel(SaHolder.getRequest().getParam(SaOAuth2Consts.Param.client_id));
    }
}
