package nc.ws.opm.oauth.controller;

import java.util.Arrays;
import java.util.Collection;
import java.util.HashMap;
import java.util.Set;
import javax.servlet.http.HttpServletRequest;
import nc.bcmanage.bs.IBusiCenterManageService;
import nc.bcmanage.vo.BusiCenterVO;
import nc.bs.dao.BaseDAO;
import nc.bs.framework.common.InvocationInfoProxy;
import nc.bs.framework.common.NCLocator;
import nc.bs.uap.util.sec.esapi.UAPESAPI;
import nc.itf.uap.rbac.IUserManageQuery;
import nc.vo.org.GroupVO;
import nc.vo.pub.BusinessException;
import nc.vo.sm.UserVO;
import nc.ws.opm.oauth.pojo.AccessToken;
import nc.ws.opm.oauth.pojo.NccConfigCenterConst;
import nc.ws.opm.oauth.pojo.UserLoginVO;
import nc.ws.opm.oauth.service.OAuth2Service;
import nc.ws.opm.oauth.service.UserLoginService;
import nc.ws.opm.pub.cache.OAuthCache;
import nc.ws.opm.pub.exception.BizException;
import nc.ws.opm.pub.utils.result.APIErrCodeEnum;
import nc.ws.opm.pub.utils.result.ResponseUtil;
import nc.ws.opm.pub.utils.security.SHA256Util;
import nc.ws.opm.pub.utils.security.SecurityUtil;
import nc.ws.opm.thirdapp.service.IThirdAppService;
import nc.ws.opm.thirdapp.vo.ThirdAppVO;
import nccloud.api.rest.log.OPMLogger;
import nccloud.commons.collections.CollectionUtils;
import nccloud.commons.lang.ArrayUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.oltu.oauth2.as.request.OAuthTokenRequest;
import org.apache.oltu.oauth2.common.message.types.GrantType;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;

@Controller
/* loaded from: input_file:nc/ws/opm/oauth/controller/AccessTokenController.class */
public class AccessTokenController {
    private static final String BIZ_CENTER = "biz_center";
    private static final String REFRESH_TOKEN = "refresh_token";

    @Autowired
    private OAuth2Service oAuth2Service;

    @Autowired
    private UserLoginService userLoginService;
    private BaseDAO baseDAO;

    @RequestMapping(value = {"/opm/accesstoken"}, method = {RequestMethod.POST})
    public Object getToken(HttpServletRequest httpServletRequest) {
        ThirdAppVO thirdAppInfoByAppId;
        AccessToken accessToken = null;
        try {
            OAuthTokenRequest oAuthTokenRequest = new OAuthTokenRequest(httpServletRequest);
            String sqlEncode = UAPESAPI.sqlEncode(oAuthTokenRequest.getGrantType());
            String sqlEncode2 = UAPESAPI.sqlEncode(oAuthTokenRequest.getCode());
            String sqlEncode3 = UAPESAPI.sqlEncode(oAuthTokenRequest.getRedirectURI());
            String sqlEncode4 = UAPESAPI.sqlEncode(oAuthTokenRequest.getClientId());
            String sqlEncode5 = UAPESAPI.sqlEncode(oAuthTokenRequest.getClientSecret());
            String sqlEncode6 = UAPESAPI.sqlEncode(httpServletRequest.getParameter("signature"));
            String sqlEncode7 = UAPESAPI.sqlEncode(httpServletRequest.getParameter(BIZ_CENTER));
            String sqlEncode8 = UAPESAPI.sqlEncode(httpServletRequest.getParameter("dsname"));
            String sqlEncode9 = UAPESAPI.sqlEncode(httpServletRequest.getParameter("usercode"));
            String sqlEncode10 = UAPESAPI.sqlEncode(httpServletRequest.getParameter("groupcode"));
            OPMLogger.info("bizCenterCode :: " + sqlEncode7);
            OPMLogger.info("dsName :: " + sqlEncode8);
            OPMLogger.info("userCode :: " + sqlEncode9);
            OPMLogger.info("groupcode :: " + sqlEncode10);
            if (NccConfigCenterConst.NCC_CONFIG_CENTER.getClientId().equals(sqlEncode4)) {
                thirdAppInfoByAppId = new ThirdAppVO();
                thirdAppInfoByAppId.setApp_id(NccConfigCenterConst.NCC_CONFIG_CENTER.getClientId());
                thirdAppInfoByAppId.setApp_secret(NccConfigCenterConst.NCC_CONFIG_CENTER.getClientSecret());
                thirdAppInfoByAppId.setPublic_key(NccConfigCenterConst.NCC_CONFIG_CENTER.getPublicKey());
                thirdAppInfoByAppId.setPrivate_key(NccConfigCenterConst.NCC_CONFIG_CENTER.getPrivateKey());
                thirdAppInfoByAppId.setSecurity_level(NccConfigCenterConst.NCC_CONFIG_CENTER.getSecurityLevel());
            } else {
                if (StringUtils.isBlank(sqlEncode8)) {
                    BusiCenterVO busiCenterByCode = ((IBusiCenterManageService) NCLocator.getInstance().lookup(IBusiCenterManageService.class)).getBusiCenterByCode(sqlEncode7);
                    if (busiCenterByCode == null) {
                        throw new BizException("", "Invalid NCCloud busiCenter");
                    }
                    sqlEncode8 = busiCenterByCode.getDataSourceName();
                }
                OAuthCache.put_logininfo("dataSource", sqlEncode8);
                InvocationInfoProxy.getInstance().setUserDataSource(sqlEncode8);
                thirdAppInfoByAppId = getThridAppService().getThirdAppInfoByAppId(sqlEncode4);
            }
            if (thirdAppInfoByAppId == null) {
                throw new BizException("", "Third-party applications are not registered");
            }
            if (thirdAppInfoByAppId.getEnablestate().intValue() != 2) {
                throw new BizException("", "ThirdApp【" + thirdAppInfoByAppId.getCode() + "】has disabled，this request is blocked!");
            }
            if (StringUtils.isBlank(sqlEncode8)) {
                sqlEncode8 = thirdAppInfoByAppId.getDataSourceName();
            }
            if (StringUtils.isBlank(sqlEncode9)) {
                sqlEncode9 = thirdAppInfoByAppId.getUser_code();
            }
            String priDecrypt = SecurityUtil.priDecrypt(thirdAppInfoByAppId.getPrivate_key(), sqlEncode5);
            if (!priDecrypt.equals(thirdAppInfoByAppId.getApp_secret())) {
                throw new BizException("", "Third-party applications are not authorized");
            }
            if (GrantType.AUTHORIZATION_CODE.toString().equals(sqlEncode)) {
                checkSgin(sqlEncode2 + sqlEncode3 + sqlEncode4 + priDecrypt, thirdAppInfoByAppId.getPublic_key(), sqlEncode6);
                accessToken = this.oAuth2Service.createTokenByCode(sqlEncode2, sqlEncode3, sqlEncode4);
            } else if (GrantType.CLIENT_CREDENTIALS.toString().equals(sqlEncode)) {
                OPMLogger.info(">>>>>>>>>>>>>>>客户端模式获取token<<<<<<<<<<<<<<");
                checkSgin(sqlEncode4 + priDecrypt, thirdAppInfoByAppId.getPublic_key(), sqlEncode6);
                UserLoginVO userLoginVO = new UserLoginVO();
                userLoginVO.setUsername(sqlEncode9);
                userLoginVO.setDatasource(sqlEncode8);
                userLoginVO.setBizCenterCode(sqlEncode7);
                if (StringUtils.isNotBlank(sqlEncode8)) {
                    this.userLoginService.getNCToken(userLoginVO);
                    if (userLoginVO.getLogin_token() == null) {
                        throw new BizException("", "Invalid NCCloud user");
                    }
                }
                if (StringUtils.isNotEmpty(sqlEncode10)) {
                    checkUserInCurrentGroup(sqlEncode8, sqlEncode9, sqlEncode10, userLoginVO);
                }
                accessToken = this.oAuth2Service.createTokenByClient(userLoginVO, sqlEncode4);
            } else if (GrantType.PASSWORD.toString().equals(sqlEncode)) {
                OPMLogger.info(">>>>>>>>>>>>>>>密码模式获取token<<<<<<<<<<<<<<");
                String priDecrypt2 = SecurityUtil.priDecrypt(thirdAppInfoByAppId.getPrivate_key(), oAuthTokenRequest.getPassword());
                checkSgin(sqlEncode4 + priDecrypt + oAuthTokenRequest.getUsername() + priDecrypt2, thirdAppInfoByAppId.getPublic_key(), sqlEncode6);
                UserLoginVO userLoginVO2 = new UserLoginVO();
                userLoginVO2.setBizCenterCode(sqlEncode7);
                userLoginVO2.setUsername(oAuthTokenRequest.getUsername());
                userLoginVO2.setPassword(priDecrypt2);
                userLoginVO2.setDatasource(sqlEncode8);
                this.userLoginService.login(userLoginVO2);
                if (userLoginVO2.getLogin_token() == null) {
                    throw new BizException("", "Invalid NCCloud user or password");
                }
                if (StringUtils.isNotEmpty(sqlEncode10)) {
                    checkUserInCurrentGroup(sqlEncode8, sqlEncode9, sqlEncode10, userLoginVO2);
                }
                accessToken = this.oAuth2Service.createTokenByPassword(userLoginVO2, sqlEncode4);
            } else if (GrantType.REFRESH_TOKEN.toString().equals(sqlEncode)) {
                String parameter = httpServletRequest.getParameter(REFRESH_TOKEN);
                checkSgin(sqlEncode4 + priDecrypt + parameter, thirdAppInfoByAppId.getPublic_key(), sqlEncode6);
                accessToken = this.oAuth2Service.refreshToken(parameter);
            }
            return ResponseUtil.buildResponse(accessToken);
        } catch (Exception e) {
            OPMLogger.error(e.getMessage(), e);
            return ResponseUtil.buildResponse(new BizException("", e.getMessage()));
        } catch (BizException e2) {
            OPMLogger.error(e2.getMessage(), e2);
            return ResponseUtil.buildResponse(e2);
        }
    }

    private void checkUserInCurrentGroup(String str, String str2, String str3, UserLoginVO userLoginVO) throws BusinessException, BizException {
        if (StringUtils.isEmpty(str3)) {
            return;
        }
        UserVO findUserByCode = ((IUserManageQuery) NCLocator.getInstance().lookup(IUserManageQuery.class)).findUserByCode(str2, str);
        String cuserid = findUserByCode == null ? null : findUserByCode.getCuserid();
        GroupVO[] groupVOArr = null;
        if (StringUtils.isNotEmpty(cuserid)) {
            BaseDAO baseDAO = getBaseDAO(str);
            Collection retrieveByClause = baseDAO.retrieveByClause(GroupVO.class, " pk_group in (select pk_group from sm_user_share where sm_user_share.cuserid = '" + cuserid + "')");
            groupVOArr = CollectionUtils.isEmpty(retrieveByClause) ? null : (GroupVO[]) retrieveByClause.toArray(new GroupVO[retrieveByClause.size()]);
            if (ArrayUtils.isEmpty(groupVOArr)) {
                Collection retrieveByClause2 = baseDAO.retrieveByClause(GroupVO.class, " code = '" + str3 + "'");
                groupVOArr = CollectionUtils.isEmpty(retrieveByClause2) ? null : (GroupVO[]) retrieveByClause2.toArray(new GroupVO[retrieveByClause2.size()]);
            }
        }
        HashMap hashMap = new HashMap();
        if (ArrayUtils.isNotEmpty(groupVOArr)) {
            Arrays.stream(groupVOArr).forEach(groupVO -> {
                hashMap.put(groupVO.getCode(), groupVO.getPk_group());
            });
            Set keySet = hashMap.keySet();
            keySet.forEach(str4 -> {
                OPMLogger.info("groupcodes :: " + str4);
            });
            if (!keySet.contains(str3)) {
                throw new BizException(APIErrCodeEnum.BUSINESSEXCCODE.getCode(), "The parameter groupcode is not a group shared by the parameter usercode, please confirm the parameter!");
            }
            OPMLogger.info("grouppk :: " + ((String) hashMap.get(str3)));
            userLoginVO.setGroupCode((String) hashMap.get(str3));
        }
    }

    private void checkSgin(String str, String str2, String str3) throws BizException {
        if (!SHA256Util.getSHA256(str + str2.replaceAll("\r|\n", ""), str2.replaceAll("\r|\n", "")).equals(str3)) {
            throw new BizException("", "Failed to verify signature for get token");
        }
    }

    private IThirdAppService getThridAppService() {
        return (IThirdAppService) NCLocator.getInstance().lookup(IThirdAppService.class);
    }

    private synchronized BaseDAO getBaseDAO(String str) {
        if (this.baseDAO == null) {
            this.baseDAO = StringUtils.isNotEmpty(str) ? new BaseDAO(str) : new BaseDAO();
        }
        return this.baseDAO;
    }
}
