package com.fujieid.jap.ids.provider;

import cn.hutool.log.Log;
import cn.hutool.log.LogFactory;
import com.fujieid.jap.http.JapHttpRequest;
import com.fujieid.jap.ids.JapIds;
import com.fujieid.jap.ids.exception.IdsException;
import com.fujieid.jap.ids.model.AccessToken;
import com.fujieid.jap.ids.model.AuthCode;
import com.fujieid.jap.ids.model.ClientDetail;
import com.fujieid.jap.ids.model.IdsConsts;
import com.fujieid.jap.ids.model.IdsRequestParam;
import com.fujieid.jap.ids.model.IdsResponse;
import com.fujieid.jap.ids.model.UserInfo;
import com.fujieid.jap.ids.model.enums.ErrorResponse;
import com.fujieid.jap.ids.model.enums.GrantType;
import com.fujieid.jap.ids.service.Oauth2Service;
import com.fujieid.jap.ids.util.EndpointUtil;
import com.fujieid.jap.ids.util.OauthUtil;
import com.fujieid.jap.ids.util.TokenUtil;
import com.xkcoding.json.util.StringUtil;

/* loaded from: input_file:com/fujieid/jap/ids/provider/IdsTokenProvider.class */
public class IdsTokenProvider {
    private static final Log log = LogFactory.get();
    private final Oauth2Service oauth2Service;

    public IdsTokenProvider(Oauth2Service oauth2Service) {
        this.oauth2Service = oauth2Service;
    }

    public IdsResponse<String, Object> generateAuthorizationCodeResponse(IdsRequestParam idsRequestParam, JapHttpRequest japHttpRequest) {
        AuthCode validateAndGetAuthrizationCode = this.oauth2Service.validateAndGetAuthrizationCode(idsRequestParam.getGrantType(), idsRequestParam.getCode());
        String scope = validateAndGetAuthrizationCode.getScope();
        UserInfo user = validateAndGetAuthrizationCode.getUser();
        String nonce = validateAndGetAuthrizationCode.getNonce();
        ClientDetail byClientId = JapIds.getContext().getClientDetailService().getByClientId(idsRequestParam.getClientId());
        OauthUtil.validClientDetail(byClientId);
        OauthUtil.validateGrantType(idsRequestParam.getGrantType(), byClientId.getGrantTypes(), GrantType.AUTHORIZATION_CODE);
        OauthUtil.validateSecret(idsRequestParam, byClientId, this.oauth2Service);
        OauthUtil.validateRedirectUri(idsRequestParam.getRedirectUri(), byClientId);
        this.oauth2Service.invalidateCode(idsRequestParam.getCode());
        long accessTokenExpiresIn = OauthUtil.getAccessTokenExpiresIn(byClientId.getAccessTokenExpiresIn());
        AccessToken createAccessToken = TokenUtil.createAccessToken(user, byClientId, idsRequestParam.getGrantType(), scope, nonce, EndpointUtil.getIssuer(japHttpRequest));
        IdsResponse<String, Object> add = new IdsResponse().add(IdsConsts.ACCESS_TOKEN, createAccessToken.getAccessToken()).add(IdsConsts.REFRESH_TOKEN, createAccessToken.getRefreshToken()).add(IdsConsts.EXPIRES_IN, Long.valueOf(accessTokenExpiresIn)).add(IdsConsts.TOKEN_TYPE, IdsConsts.TOKEN_TYPE_BEARER).add(IdsConsts.SCOPE, scope);
        if (OauthUtil.isOidcProtocol(scope)) {
            add.add(IdsConsts.ID_TOKEN, TokenUtil.createIdToken(byClientId, user, nonce, EndpointUtil.getIssuer(japHttpRequest)));
        }
        return add;
    }

    public IdsResponse<String, Object> generatePasswordResponse(IdsRequestParam idsRequestParam, JapHttpRequest japHttpRequest) {
        UserInfo loginByUsernameAndPassword = JapIds.getContext().getUserService().loginByUsernameAndPassword(idsRequestParam.getUsername(), idsRequestParam.getPassword(), idsRequestParam.getClientId());
        if (null == loginByUsernameAndPassword) {
            throw new IdsException(ErrorResponse.INVALID_USER_CERTIFICATE);
        }
        JapIds.saveUserInfo(loginByUsernameAndPassword, japHttpRequest);
        ClientDetail byClientId = JapIds.getContext().getClientDetailService().getByClientId(idsRequestParam.getClientId());
        String scope = idsRequestParam.getScope();
        OauthUtil.validClientDetail(byClientId);
        OauthUtil.validateScope(scope, byClientId.getScopes());
        OauthUtil.validateGrantType(idsRequestParam.getGrantType(), byClientId.getGrantTypes(), GrantType.PASSWORD);
        OauthUtil.validateSecret(idsRequestParam, byClientId, this.oauth2Service);
        long accessTokenExpiresIn = OauthUtil.getAccessTokenExpiresIn(byClientId.getAccessTokenExpiresIn());
        AccessToken createAccessToken = TokenUtil.createAccessToken(loginByUsernameAndPassword, byClientId, idsRequestParam.getGrantType(), scope, idsRequestParam.getNonce(), EndpointUtil.getIssuer(japHttpRequest));
        IdsResponse<String, Object> add = new IdsResponse().add(IdsConsts.ACCESS_TOKEN, createAccessToken.getAccessToken()).add(IdsConsts.REFRESH_TOKEN, createAccessToken.getRefreshToken()).add(IdsConsts.EXPIRES_IN, Long.valueOf(accessTokenExpiresIn)).add(IdsConsts.TOKEN_TYPE, IdsConsts.TOKEN_TYPE_BEARER).add(IdsConsts.SCOPE, scope);
        if (OauthUtil.isOidcProtocol(scope)) {
            add.add(IdsConsts.ID_TOKEN, TokenUtil.createIdToken(byClientId, loginByUsernameAndPassword, idsRequestParam.getNonce(), EndpointUtil.getIssuer(japHttpRequest)));
        }
        return add;
    }

    public IdsResponse<String, Object> generateClientCredentialsResponse(IdsRequestParam idsRequestParam, JapHttpRequest japHttpRequest) {
        ClientDetail byClientId = JapIds.getContext().getClientDetailService().getByClientId(idsRequestParam.getClientId());
        String scope = idsRequestParam.getScope();
        OauthUtil.validClientDetail(byClientId);
        OauthUtil.validateScope(scope, byClientId.getScopes());
        OauthUtil.validateGrantType(idsRequestParam.getGrantType(), byClientId.getGrantTypes(), GrantType.CLIENT_CREDENTIALS);
        OauthUtil.validateSecret(idsRequestParam, byClientId, this.oauth2Service);
        long accessTokenExpiresIn = OauthUtil.getAccessTokenExpiresIn(byClientId.getAccessTokenExpiresIn());
        IdsResponse<String, Object> add = new IdsResponse().add(IdsConsts.ACCESS_TOKEN, TokenUtil.createClientCredentialsAccessToken(byClientId, idsRequestParam.getGrantType(), scope, idsRequestParam.getNonce(), EndpointUtil.getIssuer(japHttpRequest)).getAccessToken()).add(IdsConsts.EXPIRES_IN, Long.valueOf(accessTokenExpiresIn)).add(IdsConsts.TOKEN_TYPE, IdsConsts.TOKEN_TYPE_BEARER);
        if (!StringUtil.isEmpty(scope)) {
            add.add(IdsConsts.SCOPE, scope);
        }
        return add;
    }

    public IdsResponse<String, Object> generateRefreshTokenResponse(IdsRequestParam idsRequestParam, JapHttpRequest japHttpRequest) {
        TokenUtil.validateRefreshToken(idsRequestParam.getRefreshToken());
        AccessToken byRefreshToken = TokenUtil.getByRefreshToken(idsRequestParam.getRefreshToken());
        try {
            ClientDetail byClientId = JapIds.getContext().getClientDetailService().getByClientId(byRefreshToken.getClientId());
            String scope = idsRequestParam.getScope();
            OauthUtil.validClientDetail(byClientId);
            OauthUtil.validateScope(scope, byClientId.getScopes());
            OauthUtil.validateGrantType(idsRequestParam.getGrantType(), byClientId.getGrantTypes(), GrantType.REFRESH_TOKEN);
            OauthUtil.validateSecret(idsRequestParam, byClientId, this.oauth2Service);
            UserInfo byId = JapIds.getContext().getUserService().getById(byRefreshToken.getUserId());
            long accessTokenExpiresIn = OauthUtil.getAccessTokenExpiresIn(byClientId.getAccessTokenExpiresIn());
            AccessToken refreshAccessToken = TokenUtil.refreshAccessToken(byId, byClientId, byRefreshToken, idsRequestParam.getNonce(), EndpointUtil.getIssuer(japHttpRequest));
            return new IdsResponse().add(IdsConsts.ACCESS_TOKEN, refreshAccessToken.getAccessToken()).add(IdsConsts.REFRESH_TOKEN, refreshAccessToken.getRefreshToken()).add(IdsConsts.EXPIRES_IN, Long.valueOf(accessTokenExpiresIn)).add(IdsConsts.TOKEN_TYPE, IdsConsts.TOKEN_TYPE_BEARER).add(IdsConsts.SCOPE, scope);
        } catch (Exception e) {
            log.error(e);
            throw new IdsException(ErrorResponse.INVALID_CLIENT);
        }
    }
}
