package com.mbap.auth.service;

import com.mbap.core.logger.LoggerBox;
import com.mbap.mybatis.ty.service.BaseService;
import com.mbap.util.date.DateUtil;
import com.mbap.util.lang.StringUtil;
import java.util.ArrayList;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.cloud.context.config.annotation.RefreshScope;
import org.springframework.data.redis.core.RedisTemplate;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.oauth2.provider.ClientDetails;
import org.springframework.security.oauth2.provider.ClientDetailsService;
import org.springframework.security.oauth2.provider.ClientRegistrationException;
import org.springframework.security.oauth2.provider.client.BaseClientDetails;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.util.CollectionUtils;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;

@RefreshScope
/* loaded from: input_file:com/mbap/auth/service/ClientDetailService.class */
public class ClientDetailService implements ClientDetailsService {

    @Autowired
    private BaseService baseDao;

    @Value("${customSecurity.validCodeSwitch:false}")
    private String validCodeSwitch;

    @Value("${customSecurity.tokenSeconds:7200}")
    private String tokenSeconds;

    @Value("${customSecurity.refreshTokenSeconds:86400}")
    private String refreshTokenSeconds;

    @Autowired
    private RedisTemplate<String, Object> redisTemplate;

    @Transactional
    public ClientDetails loadClientByClientId(String str) throws ClientRegistrationException {
        if (StringUtil.isNotEmpty(this.validCodeSwitch) && Boolean.parseBoolean(this.validCodeSwitch) && !validRequest(str)) {
            LoggerBox.EXCEPTION_LOGGER.record("验证码校验失败");
            throw new RuntimeException("验证码校验失败");
        }
        BaseClientDetails baseClientDetails = new BaseClientDetails();
        List findBySql2Map = this.baseDao.findBySql2Map("select c.id,c.scope,c.clientname,c.clientsecret from sys_oauth_client c\r\nwhere c.clientName=? and c.deleted=0", new Object[]{str});
        if (!CollectionUtils.isEmpty(findBySql2Map)) {
            Map map = (Map) findBySql2Map.get(0);
            baseClientDetails.setClientId(str);
            baseClientDetails.setClientSecret(map.get("clientsecret").toString());
            baseClientDetails.setResourceIds(this.baseDao.findBySql("select r.resourcekey from sys_oauth_client_resource rc left join sys_oauth_resource r on r.id=rc.resourceid  where rc.clientid=? ", new Object[]{map.get("id")}));
            ArrayList arrayList = new ArrayList();
            arrayList.add("client_credentials");
            arrayList.add("password");
            arrayList.add("refresh_token");
            baseClientDetails.setAuthorizedGrantTypes(arrayList);
            ArrayList arrayList2 = new ArrayList();
            arrayList2.add(new SimpleGrantedAuthority("CLIENT_" + map.get("id").toString()));
            baseClientDetails.setAuthorities(arrayList2);
            baseClientDetails.setAccessTokenValiditySeconds(Integer.valueOf(Integer.parseInt(this.tokenSeconds)));
            baseClientDetails.setRefreshTokenValiditySeconds(Integer.valueOf(Integer.parseInt(this.refreshTokenSeconds)));
        }
        return baseClientDetails;
    }

    public ClientDetails initMemoryClient(String str) {
        BaseClientDetails baseClientDetails = new BaseClientDetails();
        baseClientDetails.setClientId("test");
        baseClientDetails.setClientSecret("aabbcc");
        ArrayList arrayList = new ArrayList();
        arrayList.add("mbap-auth");
        baseClientDetails.setResourceIds(arrayList);
        ArrayList arrayList2 = new ArrayList();
        arrayList2.add("client_credentials");
        arrayList2.add("password");
        arrayList2.add("refresh_token");
        arrayList2.add("authorization_code");
        baseClientDetails.setAuthorizedGrantTypes(arrayList2);
        ArrayList arrayList3 = new ArrayList();
        arrayList3.add("view");
        arrayList3.add("read");
        baseClientDetails.setScope(arrayList3);
        return baseClientDetails;
    }

    private boolean validRequest(String str) {
        ServletRequestAttributes requestAttributes = RequestContextHolder.getRequestAttributes();
        if (requestAttributes == null) {
            return false;
        }
        String str2 = DateUtil.format("yyyyMMdd") + "csrfrecord";
        HttpServletRequest request = requestAttributes.getRequest();
        String parameter = request.getParameter("csrf");
        String parameter2 = request.getParameter("validcode");
        if (!StringUtil.isNotEmpty(parameter) || !StringUtil.isNotEmpty(parameter2)) {
            return false;
        }
        LinkedHashMap linkedHashMap = (LinkedHashMap) this.redisTemplate.opsForHash().get(str2, parameter);
        if (!((linkedHashMap != null) & str.equals(linkedHashMap.getOrDefault("client_id", "")) & parameter2.equals(linkedHashMap.getOrDefault("validCode", ""))) || !(System.currentTimeMillis() - Long.parseLong(linkedHashMap.getOrDefault("time", "0").toString()) <= 1800000)) {
            return false;
        }
        this.redisTemplate.opsForHash().delete(str2, new Object[]{parameter});
        return true;
    }
}
