package datart.security.oauth2;

import com.aliyun.dingtalkcontact_1_0.models.GetUserHeaders;
import com.aliyun.dingtalkcontact_1_0.models.GetUserResponseBody;
import com.aliyun.dingtalkoauth2_1_0.Client;
import com.aliyun.dingtalkoauth2_1_0.models.GetUserTokenRequest;
import com.aliyun.teaopenapi.models.Config;
import com.aliyun.teautil.models.RuntimeOptions;
import datart.core.base.exception.Exceptions;
import datart.core.common.Application;
import datart.security.util.AESUtil;
import datart.security.util.SecurityUtils;
import java.util.Collections;
import java.util.HashMap;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.apache.http.client.utils.URIBuilder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.boot.autoconfigure.security.oauth2.client.OAuth2ClientProperties;
import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken;
import org.springframework.security.oauth2.client.registration.ClientRegistration;
import org.springframework.security.oauth2.core.AuthorizationGrantType;
import org.springframework.security.oauth2.core.user.DefaultOAuth2User;

/* loaded from: input_file:datart/security/oauth2/DingTalkOauth2Client.class */
public class DingTalkOauth2Client implements CustomOauth2Client {
    private static final Logger log = LoggerFactory.getLogger(DingTalkOauth2Client.class);
    public static final String REGISTRATION_ID = "dingtalk";
    private static final String authorizationUri = "https://login.dingtalk.com/oauth2/auth";
    private static final String tokenUri = "https://api.dingtalk.com/v1.0/oauth2/userAccessToken";
    private static final String userInfoUri = "https://api.dingtalk.com/v1.0/contact/users/me";
    private static final String redirectUri = "/login/oauth2/code/dingtalk";
    private final ClientRegistration clientRegistration;

    public DingTalkOauth2Client(ClientRegistration clientRegistration) {
        validateRegistration(clientRegistration);
        this.clientRegistration = clientRegistration;
    }

    @Override // datart.security.oauth2.CustomOauth2Client
    public void authorizationRequest(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        try {
            URIBuilder uRIBuilder = new URIBuilder(authorizationUri);
            uRIBuilder.addParameter("prompt", "consent");
            uRIBuilder.addParameter("scope", "openid");
            uRIBuilder.addParameter("response_type", "code");
            uRIBuilder.addParameter("client_id", this.clientRegistration.getClientId());
            uRIBuilder.addParameter("state", AESUtil.encrypt(SecurityUtils.randomPassword(8)));
            uRIBuilder.addParameter("redirect_uri", getRedirectUrl());
            httpServletResponse.sendRedirect(uRIBuilder.build().toString());
        } catch (Exception e) {
            e.printStackTrace();
        }
    }

    private String getRedirectUrl() {
        String property = Application.getProperty("spring.security.oauth2.client.registration.dingtalk.call-back-url");
        if (StringUtils.isBlank(property)) {
            property = Application.getServerPrefix();
        }
        return StringUtils.removeEnd(property, "/") + redirectUri;
    }

    private void validateRegistration(ClientRegistration clientRegistration) {
    }

    @Override // datart.security.oauth2.CustomOauth2Client
    public OAuth2AuthenticationToken getUserInfo(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        try {
            String parameter = httpServletRequest.getParameter("authCode");
            try {
                AESUtil.decrypt(httpServletRequest.getParameter("state"));
            } catch (Exception e) {
                Exceptions.msg("Failed to verify the state parameter", new String[0]);
            }
            return getUserinfo(getAccessToken(parameter));
        } catch (Exception e2) {
            e2.printStackTrace();
            return null;
        }
    }

    public static void addClientRegistration(OAuth2ClientProperties oAuth2ClientProperties) {
        if (oAuth2ClientProperties != null && oAuth2ClientProperties.getRegistration().containsKey(REGISTRATION_ID)) {
            oAuth2ClientProperties.getProvider().put(REGISTRATION_ID, creatProvider());
            OAuth2ClientProperties.Registration registration = (OAuth2ClientProperties.Registration) oAuth2ClientProperties.getRegistration().get(REGISTRATION_ID);
            registration.setAuthorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE.getValue());
            try {
                registration.setRedirectUri(redirectUri);
            } catch (Exception e) {
                e.printStackTrace();
            }
        }
    }

    private static OAuth2ClientProperties.Provider creatProvider() {
        OAuth2ClientProperties.Provider provider = new OAuth2ClientProperties.Provider();
        provider.setTokenUri(tokenUri);
        provider.setUserInfoUri(userInfoUri);
        provider.setAuthorizationUri(authorizationUri);
        return provider;
    }

    private Client authClient() throws Exception {
        Config config = new Config();
        config.protocol = "https";
        config.regionId = "central";
        return new Client(config);
    }

    private String getAccessToken(String str) throws Exception {
        return authClient().getUserToken(new GetUserTokenRequest().setClientId(this.clientRegistration.getClientId()).setClientSecret(this.clientRegistration.getClientSecret()).setCode(str).setGrantType("authorization_code")).getBody().getAccessToken();
    }

    private com.aliyun.dingtalkcontact_1_0.Client contactClient() throws Exception {
        Config config = new Config();
        config.protocol = "https";
        config.regionId = "central";
        return new com.aliyun.dingtalkcontact_1_0.Client(config);
    }

    private OAuth2AuthenticationToken getUserinfo(String str) throws Exception {
        com.aliyun.dingtalkcontact_1_0.Client contactClient = contactClient();
        GetUserHeaders getUserHeaders = new GetUserHeaders();
        getUserHeaders.xAcsDingtalkAccessToken = str;
        GetUserResponseBody body = contactClient.getUserWithOptions("me", getUserHeaders, new RuntimeOptions()).getBody();
        HashMap hashMap = new HashMap();
        hashMap.put(CustomOauth2Client.NAME, body.getNick());
        hashMap.put(CustomOauth2Client.EMAIL, body.getEmail());
        hashMap.put(CustomOauth2Client.AVATAR, body.getAvatarUrl());
        return new OAuth2AuthenticationToken(new DefaultOAuth2User(Collections.emptyList(), hashMap, CustomOauth2Client.NAME), Collections.emptyList(), REGISTRATION_ID);
    }
}
