package noo.rest.security.processor;

import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;
import java.util.concurrent.TimeUnit;
import java.util.function.Function;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import noo.exception.AuthenticateException;
import noo.exception.BusinessException;
import noo.json.JsonObject;
import noo.rest.security.AbstractUser;
import noo.rest.security.SecueHelper;
import noo.util.ID;
import noo.util.MD5;
import noo.util.S;
import org.springframework.http.HttpMethod;

/* loaded from: input_file:noo/rest/security/processor/OAuth2Interceptor.class */
public class OAuth2Interceptor extends RequestInterceptor {
    public static final String AUTH_CODE_PRE = "noo.auth20code";
    public static String PARAM_AUTHCODE = "code";
    public static String PARAM_USERNAME = LoginInterceptor.USERNAME;
    public static String PARAM_PASSWORD = LoginInterceptor.PASSWORD;
    public static String PARAM_REDIRECT_URL = "redirect_url";
    public static String PARAM_SERVER_SIGN = "sign";
    public static String ACCESS_TOKEN = "access_token";
    private Function<String, String> loadAccessSecret = null;
    private String loginPageFile = "oauth_def_loginpage.html";
    private String loginSubmitUrl = "/oauthlogin_submit";
    private String loginPageUrl = "/oauthlogin";
    private String serverRequestUrl = "/accessToken";
    private String checkAccessTokenUrl = "/checkAccessToken";
    private String redirectPath = "/noo/redirect";
    private String loginhtml = null;
    private OAuth2ProcInf procInf = null;

    @Override // noo.rest.security.processor.RequestInterceptor
    public boolean process(String str, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Exception {
        if (this.loadAccessSecret == null) {
            throw new NullPointerException("loadAccessSecret cannot be null, must set function that can load access secret with access key.");
        }
        String method = httpServletRequest.getMethod();
        if (isGetShowLoginPageRequest(str) && HttpMethod.GET.matches(method)) {
            doShowLoginPage(httpServletRequest, httpServletResponse);
            return true;
        }
        if (isLoginRequest(str) && HttpMethod.POST.matches(method)) {
            doLogin(httpServletRequest, httpServletResponse);
            return true;
        }
        if (isRedirectPath(str)) {
            String parameter = httpServletRequest.getParameter(PARAM_REDIRECT_URL);
            String parameter2 = httpServletRequest.getParameter(SecueHelper.CLIENT);
            String parameter3 = httpServletRequest.getParameter(PARAM_AUTHCODE);
            if (S.isBlank(parameter) || S.isBlank(parameter2) || S.isBlank(parameter3)) {
                SecueHelper.writeResponse(httpServletResponse, new AuthenticateException("必须有client/redirecturl/code信息！").toString());
                return true;
            }
            httpServletResponse.sendRedirect(makeRealRedirectUrl(parameter, parameter3, parameter2));
            return true;
        }
        if (isServerRequest(str) && HttpMethod.POST.matches(method)) {
            SecueHelper.writeResponse(httpServletResponse, tradeAuthenticatKey(httpServletRequest, httpServletResponse).encode());
            return true;
        }
        if (!isCheckAccessToken(str)) {
            return false;
        }
        if (SecueHelper.retrieveUser(httpServletRequest.getParameter(ACCESS_TOKEN), this.us, SecueHelper.getClient(httpServletRequest), this.redis) == null) {
            SecueHelper.writeResponse(httpServletResponse, "false");
            return true;
        }
        SecueHelper.writeResponse(httpServletResponse, "true");
        return true;
    }

    private JsonObject tradeAuthenticatKey(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        String parameter = httpServletRequest.getParameter(PARAM_AUTHCODE);
        String parameter2 = httpServletRequest.getParameter(SecueHelper.CLIENT);
        String parameter3 = httpServletRequest.getParameter(PARAM_REDIRECT_URL);
        String parameter4 = httpServletRequest.getParameter(PARAM_SERVER_SIGN);
        if (S.isBlank(parameter2) || S.isBlank(parameter3) || S.isBlank(parameter4)) {
            throw new AuthenticateException("必须有client和redirecturl信息！");
        }
        if (!parameter4.equals(MD5.encode(parameter + "" + parameter2 + "" + getClientIdSecret(parameter2)))) {
            throw new AuthenticateException("签名错误！请用 code+clientid+secret 进行签名。");
        }
        String makeKey = makeKey(parameter2, parameter3, parameter);
        String str = (String) this.redis.opsForValue().get(makeKey);
        if (str != null) {
            this.redis.delete(makeKey);
        }
        AbstractUser retrieveUser = SecueHelper.retrieveUser(str, this.us, parameter2, this.redis);
        if (retrieveUser == null) {
            throw new AuthenticateException("AuthCode失效，用户不存在！");
        }
        JsonObject jsonObject = new JsonObject();
        jsonObject.put(ACCESS_TOKEN, str);
        jsonObject.put("expires_in", (Integer) 3600);
        jsonObject.put("principal", retrieveUser.toResponseJsonObject());
        return jsonObject;
    }

    private void doLogin(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        String parameter = httpServletRequest.getParameter(PARAM_USERNAME);
        String parameter2 = httpServletRequest.getParameter(PARAM_PASSWORD);
        String parameter3 = httpServletRequest.getParameter(SecueHelper.CLIENT);
        String parameter4 = httpServletRequest.getParameter(PARAM_REDIRECT_URL);
        if (S.isBlank(parameter)) {
            throw new AuthenticateException("必须有用户名！");
        }
        if (S.isBlank(parameter3) || S.isBlank(parameter4)) {
            throw new AuthenticateException("必须有client和redirecturl信息！");
        }
        if (this.procInf != null) {
            this.procInf.checkLogin(httpServletRequest);
        }
        getClientIdSecret(parameter3);
        AbstractUser loadUserByName = this.us.loadUserByName(parameter);
        if (loadUserByName == null) {
            throw new AuthenticateException("用户不存在！");
        }
        if (!this.us.checkUserPassword(loadUserByName, parameter2, httpServletRequest)) {
            httpServletResponse.setStatus(405);
            throw new AuthenticateException("用户名或密码错误！");
        }
        String uuid = ID.uuid();
        loadUserByName.setToken(uuid);
        loadUserByName.setClient(parameter3);
        SecueHelper.updateUser(loadUserByName, this.redis);
        String uuid2 = ID.uuid();
        this.redis.opsForValue().set(makeKey(parameter3, parameter4, uuid2), uuid, 3600L, TimeUnit.SECONDS);
        this.us.afterLoginSuccess(loadUserByName, httpServletRequest);
        Cookie cookie = new Cookie(SecueHelper.HEADER_KEY, uuid);
        cookie.setHttpOnly(true);
        cookie.setPath("/");
        cookie.setMaxAge(3600);
        httpServletResponse.addCookie(cookie);
        httpServletResponse.sendRedirect(httpServletRequest.getContextPath() + (this.redirectPath + "?" + PARAM_REDIRECT_URL + "=" + URLEncoder.encode(parameter4, "UTF-8") + "&" + SecueHelper.CLIENT + "=" + parameter3 + "&" + PARAM_AUTHCODE + "=" + uuid2));
        httpServletResponse.flushBuffer();
    }

    private void doShowLoginPage(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        String parameter = httpServletRequest.getParameter(SecueHelper.CLIENT);
        String parameter2 = httpServletRequest.getParameter(PARAM_REDIRECT_URL);
        if (S.isBlank(parameter) || S.isBlank(parameter2)) {
            throw new AuthenticateException("必须有client和redirecturl信息！");
        }
        getClientIdSecret(parameter);
        Cookie[] cookies = httpServletRequest.getCookies();
        String str = null;
        if (cookies != null) {
            int length = cookies.length;
            int i = 0;
            while (true) {
                if (i >= length) {
                    break;
                }
                Cookie cookie = cookies[i];
                if (SecueHelper.HEADER_KEY.equals(cookie.getName())) {
                    str = cookie.getValue();
                    break;
                }
                i++;
            }
        }
        if (SecueHelper.retrieveUser(str, this.us, parameter, this.redis) == null) {
            SecueHelper.writeResponse(httpServletResponse, getLoginHtml(httpServletRequest.getContextPath(), parameter, parameter2));
            return;
        }
        String uuid = ID.uuid();
        this.redis.opsForValue().set(makeKey(parameter, parameter2, uuid), str, 3600L, TimeUnit.SECONDS);
        httpServletResponse.sendRedirect(makeRealRedirectUrl(parameter2, uuid, parameter));
        httpServletResponse.flushBuffer();
    }

    private String makeRealRedirectUrl(String str, String str2, String str3) {
        try {
            return str + (str.indexOf("?") > 0 ? "&" : "?") + PARAM_AUTHCODE + "=" + str2 + "&" + SecueHelper.CLIENT + "=" + str3 + "&" + PARAM_REDIRECT_URL + "=" + URLEncoder.encode(str, "UTF-8");
        } catch (UnsupportedEncodingException e) {
            e.printStackTrace();
            return null;
        }
    }

    private boolean isServerRequest(String str) {
        return str.endsWith(this.serverRequestUrl);
    }

    private boolean isLoginRequest(String str) {
        return str.endsWith(this.loginSubmitUrl);
    }

    private boolean isGetShowLoginPageRequest(String str) {
        return str.endsWith(this.loginPageUrl);
    }

    private boolean isRedirectPath(String str) {
        return str.endsWith(this.redirectPath);
    }

    private boolean isCheckAccessToken(String str) {
        return str.endsWith(this.checkAccessTokenUrl);
    }

    private String getLoginHtml(String str, String str2, String str3) {
        try {
            if (this.loginhtml == null) {
                this.loginhtml = S.readAndCloseInputStream(getClass().getResourceAsStream("/" + this.loginPageFile), "UTF-8");
            }
            String replace = this.loginhtml.replace("{{submiturl}}", str + "" + this.loginSubmitUrl).replace("{{client_id}}", str2).replace("{{redirect_url}}", str3);
            if (this.procInf != null) {
                replace = this.procInf.transferHtml(replace);
            }
            return replace;
        } catch (IOException e) {
            e.printStackTrace();
            return "error in load login page!";
        }
    }

    public String makeKey(String str, String str2, String str3) {
        return "noo.auth20code:" + MD5.encode(str + "-" + str2 + "-" + str3 + "-" + getClientIdSecret(str));
    }

    private String getClientIdSecret(String str) {
        String apply = this.loadAccessSecret.apply(str);
        if (S.isBlank(apply)) {
            throw new BusinessException("400", "没有注册的clientid");
        }
        return apply;
    }

    public void setLoadAccessSecret(Function<String, String> function) {
        this.loadAccessSecret = function;
    }

    public void setLoginSubmitUrl(String str) {
        this.loginSubmitUrl = str;
    }

    public void setLoginPageUrl(String str) {
        this.loginPageUrl = str;
    }

    public void setLoginPageFile(String str) {
        this.loginPageFile = str;
    }
}
