package nc.ws.opm.oauth.service.impl;

import java.util.HashMap;
import java.util.Map;
import nc.ws.opm.oauth.pojo.AccessToken;
import nc.ws.opm.oauth.pojo.UserLoginVO;
import nc.ws.opm.oauth.service.OAuth2Service;
import nc.ws.opm.pub.cache.OAuthCache;
import nc.ws.opm.pub.exception.BizException;
import nc.ws.opm.pub.utils.OPMConfig;
import nc.ws.opm.pub.utils.security.SecurityUtil;
import nccloud.api.rest.log.OPMLogger;
import org.apache.commons.lang3.StringUtils;
import org.apache.oltu.oauth2.as.issuer.MD5Generator;
import org.apache.oltu.oauth2.as.issuer.OAuthIssuerImpl;
import org.apache.oltu.oauth2.common.exception.OAuthSystemException;
import org.apache.oltu.oauth2.common.message.types.GrantType;
import org.springframework.stereotype.Service;

@Service
/* loaded from: input_file:nc/ws/opm/oauth/service/impl/OAuth2ServiceImpl.class */
public class OAuth2ServiceImpl implements OAuth2Service {
    private long EXPIRES_IN = 1000000;

    @Override // nc.ws.opm.oauth.service.OAuth2Service
    public String createCode(UserLoginVO userLoginVO, String str, String str2) throws OAuthSystemException {
        String authorizationCode = new OAuthIssuerImpl(new MD5Generator()).authorizationCode();
        HashMap hashMap = new HashMap();
        hashMap.put("uservo", userLoginVO);
        hashMap.put("redirect_uri", str);
        hashMap.put("client_id", str2);
        OAuthCache.put_appcode(authorizationCode, hashMap);
        return authorizationCode;
    }

    @Override // nc.ws.opm.oauth.service.OAuth2Service
    public AccessToken createTokenByCode(String str, String str2, String str3) throws BizException, OAuthSystemException {
        Map map = OAuthCache.get_appcode(str);
        String str4 = (String) map.get("redirect_uri");
        String str5 = (String) map.get("client_id");
        if (map == null || map.isEmpty()) {
            throw new BizException("", "请求未被授权");
        }
        if (StringUtils.isEmpty(str2) || !str2.equals(str4)) {
            throw new BizException("", "请求已被修改，请重新授权");
        }
        if (StringUtils.isEmpty(str3) || !str3.equals(str5)) {
            throw new BizException("", "请求已被修改，请重新授权");
        }
        AccessToken token = getToken((UserLoginVO) map.get("uservo"), str3, GrantType.AUTHORIZATION_CODE);
        OAuthCache.remove_appcode(str);
        return token;
    }

    @Override // nc.ws.opm.oauth.service.OAuth2Service
    public UserLoginVO checkToken(String str) throws BizException {
        String str2 = OAuthCache.get_accesstoken(str);
        OPMLogger.info("##OAuth2ServiceImpl::checkToken::refreshToken:" + str2);
        if (StringUtils.isEmpty(str2)) {
            throw new BizException("", "token失效，请重新获取token");
        }
        Map map = OAuthCache.get_refreshtoken(str2);
        if (map == null || map.isEmpty()) {
            throw new BizException("", "请求的refresh_token已经失效，请重新获取或刷新token");
        }
        AccessToken accessToken = (AccessToken) map.get("token");
        if (System.currentTimeMillis() - accessToken.getTs() > accessToken.getExpires_in()) {
            throw new BizException("", "请求的access_token已经失效，请重新获取或刷新token");
        }
        return (UserLoginVO) map.get("uservo");
    }

    @Override // nc.ws.opm.oauth.service.OAuth2Service
    public AccessToken refreshToken(String str) throws BizException, OAuthSystemException {
        Map map = OAuthCache.get_refreshtoken(str);
        if (map == null || map.isEmpty()) {
            throw new BizException("", "refresh token已失效，请重新授权");
        }
        AccessToken accessToken = (AccessToken) map.get("token");
        String str2 = (String) map.get("client_id");
        String username = ((UserLoginVO) map.get("uservo")).getUsername();
        OAuthCache.remove_accesstoken(accessToken.getAccess_token());
        OAuthIssuerImpl oAuthIssuerImpl = new OAuthIssuerImpl(new MD5Generator());
        if (str.equals(accessToken.getAccess_token())) {
            String refreshToken = oAuthIssuerImpl.refreshToken();
            accessToken.setAccess_token(refreshToken);
            accessToken.setRefresh_token(refreshToken);
            accessToken.setTs(System.currentTimeMillis());
            OAuthCache.remove_refreshtoken(str);
            OAuthCache.put_refreshtoken(refreshToken, map);
            OAuthCache.put_accesstoken(refreshToken, refreshToken);
            OAuthCache.put_appidtoken(str2 + username, refreshToken);
        } else {
            accessToken.setAccess_token(oAuthIssuerImpl.accessToken());
            accessToken.setTs(System.currentTimeMillis());
            OAuthCache.put_accesstoken(accessToken.getAccess_token(), accessToken.getRefresh_token());
        }
        return accessToken;
    }

    @Override // nc.ws.opm.oauth.service.OAuth2Service
    public AccessToken createTokenByPassword(UserLoginVO userLoginVO, String str) throws BizException, OAuthSystemException {
        return getToken(userLoginVO, str, GrantType.PASSWORD);
    }

    @Override // nc.ws.opm.oauth.service.OAuth2Service
    public AccessToken createTokenByClient(UserLoginVO userLoginVO, String str) throws BizException, OAuthSystemException {
        return getToken(userLoginVO, str, GrantType.CLIENT_CREDENTIALS);
    }

    private synchronized AccessToken getToken(UserLoginVO userLoginVO, String str, GrantType grantType) throws OAuthSystemException, BizException {
        Map map;
        AccessToken accessToken = null;
        String str2 = OAuthCache.get_appidtoken(str + (userLoginVO.getUsername() == null ? "" : userLoginVO.getUsername()) + (userLoginVO.getGroupCode() == null ? "" : userLoginVO.getGroupCode()));
        if (StringUtils.isNotEmpty(str2) && (map = OAuthCache.get_refreshtoken(str2)) != null && !map.isEmpty()) {
            AccessToken accessToken2 = (AccessToken) map.get("token");
            long expires_in = accessToken2.getExpires_in();
            long ts = accessToken2.getTs();
            if (grantType.toString().equals(accessToken2.getGrant_type())) {
                long currentTimeMillis = System.currentTimeMillis();
                if ((ts + expires_in) - currentTimeMillis > 0) {
                    OPMLogger.info("##OAuth2ServiceImpl::access_token:未超时");
                    accessToken = (AccessToken) map.get("token");
                    accessToken.setTs(currentTimeMillis);
                } else {
                    OPMLogger.info("##OAuth2ServiceImpl::access_token:超时");
                    accessToken = refreshToken(str2);
                }
            }
        }
        if (accessToken == null) {
            accessToken = ctreateToken(grantType.toString());
            if (GrantType.CLIENT_CREDENTIALS.equals(grantType)) {
                accessToken.setAccess_token(accessToken.getRefresh_token());
            }
        }
        saveTokenCache(accessToken, userLoginVO, str);
        OPMLogger.info("##OAuth2ServiceImpl::返回access_token::" + accessToken.getAccess_token());
        return accessToken;
    }

    private AccessToken ctreateToken(String str) throws OAuthSystemException, BizException {
        AccessToken accessToken = new AccessToken();
        accessToken.setGrant_type(str);
        OAuthIssuerImpl oAuthIssuerImpl = new OAuthIssuerImpl(new MD5Generator());
        String accessToken2 = oAuthIssuerImpl.accessToken();
        String refreshToken = oAuthIssuerImpl.refreshToken();
        accessToken.setAccess_token(accessToken2);
        if (null != OPMConfig.getValue("expires_in")) {
            this.EXPIRES_IN = Long.valueOf(OPMConfig.getValue("expires_in")).longValue();
        }
        accessToken.setExpires_in(this.EXPIRES_IN);
        accessToken.setRefresh_token(refreshToken);
        accessToken.setTs(System.currentTimeMillis());
        try {
            accessToken.setSecurity_key(SecurityUtil.getKey().replaceAll(System.getProperty("line.separator"), ""));
            return accessToken;
        } catch (Exception e) {
            throw new BizException("", e.getMessage());
        }
    }

    private void saveTokenCache(AccessToken accessToken, UserLoginVO userLoginVO, String str) {
        OPMLogger.info("##OAuth2ServiceImpl::saveTokenCache::refreshToken:" + accessToken.getRefresh_token());
        OPMLogger.info("##OAuth2ServiceImpl::saveTokenCache::accessToken:" + accessToken.getAccess_token());
        OAuthCache.put_accesstoken(accessToken.getAccess_token(), accessToken.getRefresh_token());
        HashMap hashMap = new HashMap();
        hashMap.put("uservo", userLoginVO);
        hashMap.put("token", accessToken);
        hashMap.put("client_id", str);
        OAuthCache.put_refreshtoken(accessToken.getRefresh_token(), hashMap);
        OAuthCache.put_appidtoken(str + (userLoginVO.getUsername() == null ? "" : userLoginVO.getUsername()) + (userLoginVO.getGroupCode() == null ? "" : userLoginVO.getGroupCode()), accessToken.getRefresh_token());
    }
}
