package cn.kduck.security.principal.filter.extractor;

import cn.kduck.core.cache.CacheHelper;
import cn.kduck.core.utils.ValueMapUtils;
import cn.kduck.security.principal.AuthUser;
import cn.kduck.security.principal.KduckSecurityPrincipalProperties;
import cn.kduck.security.principal.filter.AuthUserExtractor;
import cn.kduck.security.principal.filter.AuthenticatedUserFilter;
import java.net.URI;
import java.net.URISyntaxException;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Map;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.client.HttpClientErrorException;
import org.springframework.web.client.HttpServerErrorException;
import org.springframework.web.client.RestTemplate;

/* loaded from: input_file:cn/kduck/security/principal/filter/extractor/OauthUserExtractorImpl.class */
public class OauthUserExtractorImpl implements AuthUserExtractor {
    public static final String AUTH_USER_SUFFIX = ".AUTH_USER_SUFFIX";

    @Autowired
    private KduckSecurityPrincipalProperties.SecurityOauth2ClientProviderProperties providerProperties;

    @Autowired
    private KduckSecurityPrincipalProperties.SecurityOauth2ClientRegistrationProperties registrationProperties;

    @Autowired
    private RestTemplate restTemplate;
    private RestTemplate refreshTokenTemplate = new RestTemplate();

    @Override // cn.kduck.security.principal.filter.AuthUserExtractor
    public AuthUser extract(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException {
        String extractToken = extractToken(httpServletRequest);
        if (extractToken == null) {
            return null;
        }
        String userInfoUri = this.providerProperties.getUserInfoUri();
        if (!userInfoUri.startsWith("http")) {
            throw new RuntimeException("OAuth2的用户信息接口未配置或配置错误（kduck.security.oauth2.client.provider.userInfoUri）：" + userInfoUri);
        }
        try {
            if (httpServletRequest.getRequestURI().equals(new URI(userInfoUri).getPath())) {
                return null;
            }
            AuthenticatedUserFilter.AuthUserProxy authUserProxy = (AuthenticatedUserFilter.AuthUserProxy) CacheHelper.get(extractToken + AUTH_USER_SUFFIX, AuthenticatedUserFilter.AuthUserProxy.class);
            if (authUserProxy == null) {
                String str = userInfoUri + "?access_token=" + extractToken;
                try {
                    authUserProxy = (AuthenticatedUserFilter.AuthUserProxy) this.restTemplate.getForEntity(str, AuthenticatedUserFilter.AuthUserProxy.class, new Object[0]).getBody();
                    CacheHelper.put(extractToken + AUTH_USER_SUFFIX, authUserProxy, 3600L);
                } catch (HttpServerErrorException e) {
                    throw new ServletException("调用用户信息接口返回服务端错误（5xx）：CODE=" + e.getRawStatusCode() + "，URL=" + str, e);
                } catch (HttpClientErrorException e2) {
                    throw new ServletException("调用用户信息接口返回客户端错误（4xx）：CODE=" + e2.getRawStatusCode() + "，URL=" + str, e2);
                }
            }
            if (refreshToken(authUserProxy, httpServletResponse, httpServletRequest) != null) {
            }
            AuthUser authUser = new AuthUser(authUserProxy.getUsername(), authUserProxy.getAuthorities());
            authUser.setAllDetailsItem(authUserProxy.getDetails());
            return authUser;
        } catch (URISyntaxException e3) {
            throw new ServletException("user_info的链接格式不合法：" + userInfoUri, e3);
        }
    }

    private String refreshToken(AuthenticatedUserFilter.AuthUserProxy authUserProxy, HttpServletResponse httpServletResponse, HttpServletRequest httpServletRequest) {
        Map details = authUserProxy.getDetails();
        Date date = new Date(Long.valueOf(details.get("expiration").toString()).longValue());
        String str = (String) details.get("refresh_token");
        String str2 = null;
        System.out.println(httpServletRequest.getRequestURI() + "，令牌过期时间：" + date + ",刷新Token：" + str);
        if (date != null && date.before(new Date(System.currentTimeMillis() + 600000)) && str != null) {
            HashMap hashMap = new HashMap();
            hashMap.put("client_id", this.registrationProperties.getClientId());
            hashMap.put("client_secret", this.registrationProperties.getClientSecret());
            hashMap.put("refresh_token", str);
            Map map = (Map) this.refreshTokenTemplate.postForObject(this.providerProperties.getTokenUri() + "?client_id={client_id}&client_secret={client_secret}&grant_type=refresh_token&refresh_token={refresh_token}", (Object) null, Map.class, hashMap);
            System.out.println(map);
            str2 = ValueMapUtils.getValueAsString(map, "access_token");
            String valueAsString = ValueMapUtils.getValueAsString(map, "refresh_token");
            int valueAsInt = ValueMapUtils.getValueAsInt(map, "expires_in");
            Date date2 = new Date(System.currentTimeMillis() + (valueAsInt * 1000));
            httpServletResponse.setHeader("New-Access-Token", str2);
            details.put("refresh_token", valueAsString);
            details.put("expiration", date2);
            CacheHelper.put(str2 + AUTH_USER_SUFFIX, authUserProxy, Integer.valueOf(valueAsInt), 3600L);
        }
        return str2;
    }

    protected String extractToken(HttpServletRequest httpServletRequest) {
        String extractHeaderToken = extractHeaderToken(httpServletRequest);
        if (extractHeaderToken == null) {
            extractHeaderToken = httpServletRequest.getParameter("access_token");
        }
        return extractHeaderToken;
    }

    protected String extractHeaderToken(HttpServletRequest httpServletRequest) {
        Enumeration headers = httpServletRequest.getHeaders("Authorization");
        while (headers.hasMoreElements()) {
            String str = (String) headers.nextElement();
            if (str.toLowerCase().startsWith("Bearer".toLowerCase())) {
                String trim = str.substring("Bearer".length()).trim();
                int indexOf = trim.indexOf(44);
                if (indexOf > 0) {
                    trim = trim.substring(0, indexOf);
                }
                return trim;
            }
        }
        return null;
    }
}
