package help.lixin.security.endpoint;

import java.nio.charset.StandardCharsets;
import java.security.KeyPair;
import java.security.interfaces.RSAPublicKey;
import java.util.Enumeration;
import javax.servlet.http.HttpServletRequest;
import org.jasypt.encryption.StringEncryptor;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.security.crypto.codec.Base64;
import org.springframework.security.oauth2.provider.ClientDetails;
import org.springframework.security.oauth2.provider.ClientDetailsService;
import org.springframework.security.oauth2.provider.endpoint.FrameworkEndpoint;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.ResponseBody;

@FrameworkEndpoint
/* loaded from: input_file:help/lixin/security/endpoint/PublicKeyEndpoint.class */
public class PublicKeyEndpoint {
    private static final String BASIC_TYPE = "Basic";

    @Autowired
    @Qualifier("authorizationKeyPair")
    private KeyPair authorizationKeyPair;

    @Autowired
    private ClientDetailsService clientDetailsService;

    @Autowired
    private StringEncryptor encryptor;

    @RequestMapping({"/oauth/publicKey"})
    @ResponseBody
    public ResponseEntity<String> publicKey(HttpServletRequest httpServletRequest) {
        String extractHeaderAuthorization = extractHeaderAuthorization(httpServletRequest);
        if (null == extractHeaderAuthorization) {
            return new ResponseEntity<>("clientId和clientSecret不允许为空", HttpStatus.UNAUTHORIZED);
        }
        String[] split = new String(Base64.decode(extractHeaderAuthorization.getBytes(StandardCharsets.UTF_8))).split(":", 2);
        String str = split[0];
        String str2 = split[1];
        ClientDetails loadClientByClientId = this.clientDetailsService.loadClientByClientId(str);
        if (null == loadClientByClientId) {
            return new ResponseEntity<>("clientId不存在", HttpStatus.UNAUTHORIZED);
        }
        return !str2.equals(this.encryptor.decrypt(loadClientByClientId.getClientSecret())) ? new ResponseEntity<>("clientSecret错误", HttpStatus.UNAUTHORIZED) : new ResponseEntity<>(getPublicKey(), HttpStatus.OK);
    }

    protected String getPublicKey() {
        return new String(Base64.encode(((RSAPublicKey) this.authorizationKeyPair.getPublic()).getEncoded()));
    }

    protected String extractHeaderAuthorization(HttpServletRequest httpServletRequest) {
        Enumeration headers = httpServletRequest.getHeaders("Authorization");
        while (headers.hasMoreElements()) {
            String str = (String) headers.nextElement();
            if (str.toLowerCase().startsWith(BASIC_TYPE.toLowerCase())) {
                return str.substring(BASIC_TYPE.length()).trim();
            }
        }
        return null;
    }
}
