package org.hswebframework.web.oauth2.server.web;

import io.swagger.v3.oas.annotations.Operation;
import io.swagger.v3.oas.annotations.Parameter;
import io.swagger.v3.oas.annotations.media.Schema;
import io.swagger.v3.oas.annotations.tags.Tag;
import java.net.URLEncoder;
import java.util.HashMap;
import java.util.Map;
import java.util.Optional;
import java.util.stream.Collectors;
import org.apache.commons.codec.binary.Base64;
import org.hswebframework.web.authorization.Authentication;
import org.hswebframework.web.authorization.annotation.Authorize;
import org.hswebframework.web.authorization.exception.UnAuthorizedException;
import org.hswebframework.web.oauth2.ErrorType;
import org.hswebframework.web.oauth2.OAuth2Constants;
import org.hswebframework.web.oauth2.OAuth2Exception;
import org.hswebframework.web.oauth2.server.AccessToken;
import org.hswebframework.web.oauth2.server.OAuth2Client;
import org.hswebframework.web.oauth2.server.OAuth2ClientManager;
import org.hswebframework.web.oauth2.server.OAuth2GrantService;
import org.hswebframework.web.oauth2.server.code.AuthorizationCodeRequest;
import org.hswebframework.web.oauth2.server.code.AuthorizationCodeTokenRequest;
import org.hswebframework.web.oauth2.server.credential.ClientCredentialRequest;
import org.hswebframework.web.oauth2.server.refresh.RefreshTokenRequest;
import org.springframework.http.ResponseEntity;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;
import org.springframework.web.server.ServerWebExchange;
import reactor.core.publisher.Mono;
import reactor.util.function.Tuple2;
import reactor.util.function.Tuples;

@RequestMapping({"/oauth2"})
@RestController
@Tag(name = "OAuth2认证")
/* loaded from: input_file:org/hswebframework/web/oauth2/server/web/OAuth2AuthorizeController.class */
public class OAuth2AuthorizeController {
    private final OAuth2GrantService oAuth2GrantService;
    private final OAuth2ClientManager clientManager;

    /* loaded from: input_file:org/hswebframework/web/oauth2/server/web/OAuth2AuthorizeController$GrantType.class */
    public enum GrantType {
        authorization_code { // from class: org.hswebframework.web.oauth2.server.web.OAuth2AuthorizeController.GrantType.1
            @Override // org.hswebframework.web.oauth2.server.web.OAuth2AuthorizeController.GrantType
            Mono<AccessToken> requestToken(OAuth2GrantService oAuth2GrantService, OAuth2Client oAuth2Client, Map<String, String> map) {
                return oAuth2GrantService.authorizationCode().requestToken(new AuthorizationCodeTokenRequest(oAuth2Client, map));
            }
        },
        client_credentials { // from class: org.hswebframework.web.oauth2.server.web.OAuth2AuthorizeController.GrantType.2
            @Override // org.hswebframework.web.oauth2.server.web.OAuth2AuthorizeController.GrantType
            Mono<AccessToken> requestToken(OAuth2GrantService oAuth2GrantService, OAuth2Client oAuth2Client, Map<String, String> map) {
                return oAuth2GrantService.clientCredential().requestToken(new ClientCredentialRequest(oAuth2Client, map));
            }
        },
        refresh_token { // from class: org.hswebframework.web.oauth2.server.web.OAuth2AuthorizeController.GrantType.3
            @Override // org.hswebframework.web.oauth2.server.web.OAuth2AuthorizeController.GrantType
            Mono<AccessToken> requestToken(OAuth2GrantService oAuth2GrantService, OAuth2Client oAuth2Client, Map<String, String> map) {
                return oAuth2GrantService.refreshToken().requestToken(new RefreshTokenRequest(oAuth2Client, map));
            }
        };

        abstract Mono<AccessToken> requestToken(OAuth2GrantService oAuth2GrantService, OAuth2Client oAuth2Client, Map<String, String> map);

        static GrantType of(String str) {
            try {
                return valueOf(str);
            } catch (Throwable th) {
                throw new OAuth2Exception(ErrorType.UNSUPPORTED_GRANT_TYPE);
            }
        }
    }

    @GetMapping(value = {"/authorize"}, params = {"response_type=code"})
    @Operation(summary = "申请授权码,并获取重定向地址", parameters = {@Parameter(name = OAuth2Constants.client_id, required = true), @Parameter(name = OAuth2Constants.redirect_uri, required = true), @Parameter(name = OAuth2Constants.state), @Parameter(name = OAuth2Constants.response_type, description = "固定值为code")})
    public Mono<String> authorizeByCode(ServerWebExchange serverWebExchange) {
        HashMap hashMap = new HashMap(serverWebExchange.getRequest().getQueryParams().toSingleValueMap());
        return Authentication.currentReactive().switchIfEmpty(Mono.error(UnAuthorizedException::new)).flatMap(authentication -> {
            return getOAuth2Client((String) hashMap.get(OAuth2Constants.client_id)).flatMap(oAuth2Client -> {
                String str = (String) hashMap.getOrDefault(OAuth2Constants.redirect_uri, oAuth2Client.getRedirectUrl());
                oAuth2Client.validateRedirectUri(str);
                return this.oAuth2GrantService.authorizationCode().requestCode(new AuthorizationCodeRequest(oAuth2Client, authentication, hashMap)).doOnNext(authorizationCodeResponse -> {
                    Optional.ofNullable(hashMap.get(OAuth2Constants.state)).ifPresent(str2 -> {
                        authorizationCodeResponse.with(OAuth2Constants.state, str2);
                    });
                }).map(authorizationCodeResponse2 -> {
                    return buildRedirect(str, authorizationCodeResponse2.getParameters());
                });
            });
        });
    }

    @Authorize(ignore = true)
    @GetMapping({"/token"})
    @Operation(summary = "(GET)申请token", parameters = {@Parameter(name = OAuth2Constants.client_id), @Parameter(name = OAuth2Constants.client_secret), @Parameter(name = "code", description = "grantType为authorization_code时不能为空"), @Parameter(name = OAuth2Constants.grant_type, schema = @Schema(implementation = GrantType.class))})
    public Mono<ResponseEntity<AccessToken>> requestTokenByCode(@RequestParam("grant_type") GrantType grantType, ServerWebExchange serverWebExchange) {
        Map<String, String> singleValueMap = serverWebExchange.getRequest().getQueryParams().toSingleValueMap();
        Tuple2<String, String> clientIdAndClientSecret = getClientIdAndClientSecret(singleValueMap, serverWebExchange);
        return getOAuth2Client((String) clientIdAndClientSecret.getT1()).doOnNext(oAuth2Client -> {
            oAuth2Client.validateSecret((String) clientIdAndClientSecret.getT2());
        }).flatMap(oAuth2Client2 -> {
            return grantType.requestToken(this.oAuth2GrantService, oAuth2Client2, new HashMap(singleValueMap));
        }).map((v0) -> {
            return ResponseEntity.ok(v0);
        });
    }

    @PostMapping(value = {"/token"}, consumes = {"application/x-www-form-urlencoded"})
    @Authorize(ignore = true)
    @Operation(summary = "(POST)申请token", parameters = {@Parameter(name = OAuth2Constants.client_id), @Parameter(name = OAuth2Constants.client_secret), @Parameter(name = "code", description = "grantType为authorization_code时不能为空"), @Parameter(name = OAuth2Constants.grant_type, schema = @Schema(implementation = GrantType.class))})
    public Mono<ResponseEntity<AccessToken>> requestTokenByCode(ServerWebExchange serverWebExchange) {
        return serverWebExchange.getFormData().map((v0) -> {
            return v0.toSingleValueMap();
        }).flatMap(map -> {
            Tuple2<String, String> clientIdAndClientSecret = getClientIdAndClientSecret(map, serverWebExchange);
            GrantType of = GrantType.of((String) map.get(OAuth2Constants.grant_type));
            return getOAuth2Client((String) clientIdAndClientSecret.getT1()).doOnNext(oAuth2Client -> {
                oAuth2Client.validateSecret((String) clientIdAndClientSecret.getT2());
            }).flatMap(oAuth2Client2 -> {
                return of.requestToken(this.oAuth2GrantService, oAuth2Client2, new HashMap(map));
            }).map((v0) -> {
                return ResponseEntity.ok(v0);
            });
        });
    }

    private Tuple2<String, String> getClientIdAndClientSecret(Map<String, String> map, ServerWebExchange serverWebExchange) {
        String first = serverWebExchange.getRequest().getHeaders().getFirst(OAuth2Constants.authorization);
        if (first == null || !first.startsWith("Basic ")) {
            return Tuples.of(map.getOrDefault(OAuth2Constants.client_id, ""), map.getOrDefault(OAuth2Constants.client_secret, ""));
        }
        String[] split = new String(Base64.decodeBase64(first.substring(5))).split(":");
        return split.length >= 2 ? Tuples.of(split[0], split[1]) : Tuples.of(split[0], split[0]);
    }

    public static String urlEncode(String str) {
        return URLEncoder.encode(str, "utf-8");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String buildRedirect(String str, Map<String, Object> map) {
        String str2 = (String) map.entrySet().stream().map(entry -> {
            return ((String) entry.getKey()) + "=" + urlEncode(String.valueOf(entry.getValue()));
        }).collect(Collectors.joining("&"));
        return str.contains("?") ? str + "&" + str2 : str + "?" + str2;
    }

    private Mono<OAuth2Client> getOAuth2Client(String str) {
        return this.clientManager.getClient(str).switchIfEmpty(Mono.error(() -> {
            return new OAuth2Exception(ErrorType.ILLEGAL_CLIENT_ID);
        }));
    }

    public OAuth2AuthorizeController(OAuth2GrantService oAuth2GrantService, OAuth2ClientManager oAuth2ClientManager) {
        this.oAuth2GrantService = oAuth2GrantService;
        this.clientManager = oAuth2ClientManager;
    }
}
