package org.hswebframework.web.oauth2.server.code;

import java.time.Duration;
import java.util.Optional;
import org.hswebframework.web.authorization.Authentication;
import org.hswebframework.web.id.IDGenerator;
import org.hswebframework.web.oauth2.ErrorType;
import org.hswebframework.web.oauth2.GrantType;
import org.hswebframework.web.oauth2.OAuth2Constants;
import org.hswebframework.web.oauth2.OAuth2Exception;
import org.hswebframework.web.oauth2.server.AccessToken;
import org.hswebframework.web.oauth2.server.AccessTokenManager;
import org.hswebframework.web.oauth2.server.OAuth2Client;
import org.hswebframework.web.oauth2.server.ScopePredicate;
import org.hswebframework.web.oauth2.server.event.OAuth2GrantedEvent;
import org.hswebframework.web.oauth2.server.utils.OAuth2ScopeUtils;
import org.springframework.context.ApplicationEventPublisher;
import org.springframework.data.redis.connection.ReactiveRedisConnectionFactory;
import org.springframework.data.redis.core.ReactiveRedisOperations;
import org.springframework.data.redis.core.ReactiveRedisTemplate;
import org.springframework.data.redis.core.ReactiveValueOperations;
import org.springframework.data.redis.serializer.RedisSerializationContext;
import org.springframework.data.redis.serializer.RedisSerializer;
import reactor.core.publisher.Mono;

/* loaded from: input_file:org/hswebframework/web/oauth2/server/code/DefaultAuthorizationCodeGranter.class */
public class DefaultAuthorizationCodeGranter implements AuthorizationCodeGranter {
    private final AccessTokenManager accessTokenManager;
    private final ApplicationEventPublisher eventPublisher;
    private final ReactiveRedisOperations<String, AuthorizationCodeCache> redis;

    public DefaultAuthorizationCodeGranter(AccessTokenManager accessTokenManager, ApplicationEventPublisher applicationEventPublisher, ReactiveRedisConnectionFactory reactiveRedisConnectionFactory) {
        this(accessTokenManager, applicationEventPublisher, (ReactiveRedisOperations<String, AuthorizationCodeCache>) new ReactiveRedisTemplate(reactiveRedisConnectionFactory, RedisSerializationContext.newSerializationContext().key(RedisSerializer.string()).value(RedisSerializer.java()).hashKey(RedisSerializer.string()).hashValue(RedisSerializer.java()).build()));
    }

    @Override // org.hswebframework.web.oauth2.server.code.AuthorizationCodeGranter
    public Mono<AuthorizationCodeResponse> requestCode(AuthorizationCodeRequest authorizationCodeRequest) {
        OAuth2Client client = authorizationCodeRequest.getClient();
        Authentication authentication = authorizationCodeRequest.getAuthentication();
        AuthorizationCodeCache authorizationCodeCache = new AuthorizationCodeCache();
        String str = (String) IDGenerator.MD5.generate();
        Optional<U> map = authorizationCodeRequest.getParameter(OAuth2Constants.scope).map((v0) -> {
            return String.valueOf(v0);
        });
        authorizationCodeCache.getClass();
        map.ifPresent(authorizationCodeCache::setScope);
        authorizationCodeCache.setCode(str);
        authorizationCodeCache.setClientId(client.getClientId());
        ScopePredicate createScopePredicate = OAuth2ScopeUtils.createScopePredicate(authorizationCodeCache.getScope());
        Authentication copy = authentication.copy((permission, str2) -> {
            return createScopePredicate.test(permission.getId(), str2);
        }, dimension -> {
            return createScopePredicate.test(dimension.getType().getId(), dimension.getId());
        });
        copy.setAttribute(OAuth2Constants.scope, authorizationCodeCache.getScope());
        authorizationCodeCache.setAuthentication(copy);
        return this.redis.opsForValue().set(getRedisKey(str), authorizationCodeCache, Duration.ofMinutes(5L)).thenReturn(new AuthorizationCodeResponse(str));
    }

    private String getRedisKey(String str) {
        return "oauth2-code:" + str;
    }

    @Override // org.hswebframework.web.oauth2.server.code.AuthorizationCodeGranter
    public Mono<AccessToken> requestToken(AuthorizationCodeTokenRequest authorizationCodeTokenRequest) {
        Mono map = Mono.justOrEmpty(authorizationCodeTokenRequest.code()).map(this::getRedisKey);
        ReactiveValueOperations opsForValue = this.redis.opsForValue();
        opsForValue.getClass();
        return map.flatMap((v1) -> {
            return r1.get(v1);
        }).switchIfEmpty(Mono.error(() -> {
            return new OAuth2Exception(ErrorType.ILLEGAL_CODE);
        })).flatMap(authorizationCodeCache -> {
            return this.redis.opsForValue().delete(getRedisKey(authorizationCodeCache.getCode())).thenReturn(authorizationCodeCache);
        }).flatMap(authorizationCodeCache2 -> {
            return !authorizationCodeTokenRequest.getClient().getClientId().equals(authorizationCodeCache2.getClientId()) ? Mono.error(new OAuth2Exception(ErrorType.ILLEGAL_CLIENT_ID)) : this.accessTokenManager.createAccessToken(authorizationCodeCache2.getClientId(), authorizationCodeCache2.getAuthentication(), false).flatMap(accessToken -> {
                return new OAuth2GrantedEvent(authorizationCodeTokenRequest.getClient(), accessToken, authorizationCodeCache2.getAuthentication(), authorizationCodeCache2.getScope(), GrantType.authorization_code, authorizationCodeTokenRequest.getParameters()).publish(this.eventPublisher).onErrorResume(th -> {
                    return this.accessTokenManager.removeToken(authorizationCodeCache2.getClientId(), accessToken.getAccessToken()).then(Mono.error(th));
                }).thenReturn(accessToken);
            });
        });
    }

    public DefaultAuthorizationCodeGranter(AccessTokenManager accessTokenManager, ApplicationEventPublisher applicationEventPublisher, ReactiveRedisOperations<String, AuthorizationCodeCache> reactiveRedisOperations) {
        this.accessTokenManager = accessTokenManager;
        this.eventPublisher = applicationEventPublisher;
        this.redis = reactiveRedisOperations;
    }
}
