package cn.kduck.security.oauth2.web;

import cn.kduck.core.web.json.JsonObject;
import cn.kduck.security.KduckSecurityProperties;
import cn.kduck.security.handler.OAuthTokenSuccessHandler;
import io.swagger.annotations.ApiImplicitParam;
import io.swagger.annotations.ApiImplicitParams;
import io.swagger.annotations.ApiOperation;
import java.io.IOException;
import java.util.ArrayList;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.oauth2.client.DefaultOAuth2ClientContext;
import org.springframework.security.oauth2.client.OAuth2RestTemplate;
import org.springframework.security.oauth2.client.token.DefaultAccessTokenRequest;
import org.springframework.security.oauth2.client.token.grant.client.ClientCredentialsResourceDetails;
import org.springframework.security.oauth2.client.token.grant.code.AuthorizationCodeResourceDetails;
import org.springframework.security.oauth2.client.token.grant.password.ResourceOwnerPasswordResourceDetails;
import org.springframework.security.oauth2.common.OAuth2AccessToken;
import org.springframework.util.Assert;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

@RequestMapping({"/oauth"})
@RestController
/* loaded from: input_file:cn/kduck/security/oauth2/web/AccessTokenController.class */
public class AccessTokenController {

    @Autowired
    private KduckSecurityProperties securityProperties;

    @Autowired(required = false)
    private OAuthTokenSuccessHandler successHandler;

    @RequestMapping({"/token/code"})
    public JsonObject login(String str) {
        KduckSecurityProperties.Registration registration = getRegistration();
        KduckSecurityProperties.Provider provider = getProvider();
        AuthorizationCodeResourceDetails authorizationCodeResourceDetails = new AuthorizationCodeResourceDetails();
        authorizationCodeResourceDetails.setUserAuthorizationUri(provider.getAuthorizationUri());
        authorizationCodeResourceDetails.setAccessTokenUri(provider.getTokenUri());
        authorizationCodeResourceDetails.setScope(new ArrayList(registration.getScope()));
        authorizationCodeResourceDetails.setClientId(registration.getClientId());
        authorizationCodeResourceDetails.setClientSecret(registration.getClientSecret());
        DefaultAccessTokenRequest defaultAccessTokenRequest = new DefaultAccessTokenRequest();
        defaultAccessTokenRequest.setAuthorizationCode(str);
        defaultAccessTokenRequest.setPreservedState(registration.getRedirectUri());
        OAuth2AccessToken accessToken = new OAuth2RestTemplate(authorizationCodeResourceDetails, new DefaultOAuth2ClientContext(defaultAccessTokenRequest)).getAccessToken();
        successHandler(accessToken);
        return new JsonObject(accessToken);
    }

    @PostMapping({"/token/password"})
    @ApiImplicitParams({@ApiImplicitParam(name = "userName", value = "姓名", paramType = "query"), @ApiImplicitParam(name = "password", value = "密码", paramType = "query")})
    @ApiOperation("oauth2的password认证类型方式登录")
    public JsonObject login(String str, String str2, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, ServletException {
        KduckSecurityProperties.Registration registration = getRegistration();
        KduckSecurityProperties.Provider provider = getProvider();
        ResourceOwnerPasswordResourceDetails resourceOwnerPasswordResourceDetails = new ResourceOwnerPasswordResourceDetails();
        resourceOwnerPasswordResourceDetails.setUsername(str);
        resourceOwnerPasswordResourceDetails.setPassword(str2);
        resourceOwnerPasswordResourceDetails.setClientId(registration.getClientId());
        resourceOwnerPasswordResourceDetails.setClientSecret(registration.getClientSecret());
        resourceOwnerPasswordResourceDetails.setAccessTokenUri(provider.getTokenUri());
        OAuth2AccessToken accessToken = new OAuth2RestTemplate(resourceOwnerPasswordResourceDetails).getAccessToken();
        successHandler(accessToken);
        return new JsonObject(accessToken);
    }

    @PostMapping({"/token/client"})
    @ApiOperation("oauth2的client认证类型方式登录")
    public JsonObject login() {
        KduckSecurityProperties.Registration registration = getRegistration();
        KduckSecurityProperties.Provider provider = getProvider();
        ClientCredentialsResourceDetails clientCredentialsResourceDetails = new ClientCredentialsResourceDetails();
        clientCredentialsResourceDetails.setClientId(registration.getClientId());
        clientCredentialsResourceDetails.setClientSecret(registration.getClientSecret());
        clientCredentialsResourceDetails.setAccessTokenUri(provider.getTokenUri());
        OAuth2AccessToken accessToken = new OAuth2RestTemplate(clientCredentialsResourceDetails).getAccessToken();
        successHandler(accessToken);
        return new JsonObject(accessToken);
    }

    private void successHandler(OAuth2AccessToken oAuth2AccessToken) {
        if (this.successHandler != null) {
            this.successHandler.onTokenSuccess(oAuth2AccessToken);
        }
    }

    private KduckSecurityProperties.Provider getProvider() {
        KduckSecurityProperties.Provider provider = getClient().getProvider();
        Assert.notNull(provider, "没有配置认证服务器信息，请完善配置项：kduck.security.oauth2.client.provider相关配置项");
        return provider;
    }

    private KduckSecurityProperties.Registration getRegistration() {
        KduckSecurityProperties.Registration registration = getClient().getRegistration();
        Assert.notNull(registration, "没有配置客户端注册信息，请完善配置项：kduck.security.oauth2.client.registration相关配置项");
        return registration;
    }

    private KduckSecurityProperties.Client getClient() {
        KduckSecurityProperties.OAuth2Config oauth2 = this.securityProperties.getOauth2();
        KduckSecurityProperties.Client client = null;
        if (oauth2 != null) {
            client = oauth2.getClient();
        }
        Assert.notNull(client, "没有配置OAuth客户端信息，请完善配置项：kduck.security.oauth2.client下的provider和registration相关配置项");
        return client;
    }
}
