package nc.ws.opm.oauth.controller;

import com.google.gson.GsonBuilder;
import java.net.MalformedURLException;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URL;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import nc.bs.framework.common.NCLocator;
import nc.ws.opm.oauth.pojo.UserLoginVO;
import nc.ws.opm.oauth.service.OAuth2Service;
import nc.ws.opm.oauth.service.UserLoginService;
import nc.ws.opm.pub.cache.OAuthCache;
import nc.ws.opm.pub.exception.BizException;
import nc.ws.opm.pub.utils.result.ResponseUtil;
import nc.ws.opm.pub.utils.security.SHA256Util;
import nc.ws.opm.thirdapp.service.IThirdAppService;
import org.apache.commons.lang3.StringUtils;
import org.apache.oltu.oauth2.as.request.OAuthAuthzRequest;
import org.apache.oltu.oauth2.as.response.OAuthASResponse;
import org.apache.oltu.oauth2.common.message.OAuthResponse;
import org.owasp.esapi.errors.EncodingException;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;

@Controller
/* loaded from: input_file:nc/ws/opm/oauth/controller/OAuth2Controller.class */
public class OAuth2Controller {
    private static final String CODE = "code";

    @Autowired
    private UserLoginService userLoginService;

    @Autowired
    private OAuth2Service oAuth2Service;

    @RequestMapping(value = {"/authorize"}, method = {RequestMethod.GET})
    public Object authorizeGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws URISyntaxException {
        try {
            OAuthAuthzRequest oAuthAuthzRequest = new OAuthAuthzRequest(httpServletRequest);
            String clientId = oAuthAuthzRequest.getClientId();
            String responseType = oAuthAuthzRequest.getResponseType();
            String redirectURI = oAuthAuthzRequest.getRedirectURI();
            new URL(redirectURI);
            checkParameter(clientId, responseType, redirectURI);
            String id = httpServletRequest.getSession().getId();
            String substring = SHA256Util.getSHA256(id.substring(0, 32), id).substring(0, 20);
            OAuthCache.put_redirect_uri(substring, redirectURI);
            HttpHeaders httpHeaders = new HttpHeaders();
            httpHeaders.add("Content-Type", "application/json; charset=utf-8");
            httpHeaders.add("client_id", oAuthAuthzRequest.getClientId());
            httpHeaders.add("response_type", oAuthAuthzRequest.getResponseType());
            httpHeaders.add("redirect_uri", oAuthAuthzRequest.getRedirectURI());
            httpHeaders.setLocation(new URI("http://" + httpServletRequest.getLocalAddr() + ":" + httpServletRequest.getLocalPort() + "/nccloud/resources/uap/rbac/login/main/index.html?client_id=" + clientId + "&response_type=" + responseType + "&redirect_uri=" + redirectURI + "&state=" + substring));
            return new ResponseEntity(httpHeaders, HttpStatus.valueOf(302));
        } catch (MalformedURLException | EncodingException e) {
            return ResponseUtil.buildResponse(new BizException("", "redirect_uri参数不合法"));
        } catch (BizException e2) {
            return ResponseUtil.buildResponse(e2);
        } catch (Exception e3) {
            return ResponseUtil.buildResponse(new BizException("", e3.getMessage()));
        }
    }

    @RequestMapping(value = {"/authorize"}, method = {RequestMethod.POST})
    public Object authorizePost(HttpServletRequest httpServletRequest, @RequestBody String str) {
        try {
            OAuthAuthzRequest oAuthAuthzRequest = new OAuthAuthzRequest(httpServletRequest);
            String clientId = oAuthAuthzRequest.getClientId();
            String responseType = oAuthAuthzRequest.getResponseType();
            String redirectURI = oAuthAuthzRequest.getRedirectURI();
            oAuthAuthzRequest.getState();
            checkParameter(clientId, responseType, redirectURI);
            if (StringUtils.isEmpty(str)) {
                throw new BizException("", "登录失败");
            }
            UserLoginVO userLoginVO = (UserLoginVO) new GsonBuilder().create().fromJson(str, UserLoginVO.class);
            this.userLoginService.login(userLoginVO);
            if (userLoginVO.getLogin_token() == null) {
                throw new BizException("", "登录失败");
            }
            OAuthResponse buildJSONMessage = OAuthASResponse.authorizationResponse(httpServletRequest, 302).setCode(this.oAuth2Service.createCode(userLoginVO, redirectURI, clientId)).location(redirectURI).buildJSONMessage();
            return ResponseUtil.buildResponseForRedirect(buildJSONMessage.getLocationUri(), buildJSONMessage.getResponseStatus());
        } catch (BizException e) {
            return ResponseUtil.buildResponse(e);
        } catch (Exception e2) {
            return ResponseUtil.buildResponse(new BizException("", e2.getMessage()));
        }
    }

    private void checkParameter(String str, String str2, String str3) throws Exception {
        if (!"code".equals(str2)) {
            throw new BizException("", "response_type只支持code，授权码模式");
        }
        if (StringUtils.isEmpty(str3)) {
            throw new BizException("", "重定向地址不能为空");
        }
        if (getThridAppService().getThirdAppInfoByAppId(str) == null) {
            throw new BizException("", "应用未被授权");
        }
    }

    private IThirdAppService getThridAppService() {
        return (IThirdAppService) NCLocator.getInstance().lookup(IThirdAppService.class);
    }
}
