package plus.easydo.starter.oauth.client.service;

import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.http.ResponseEntity;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.oauth2.client.OAuth2RestTemplate;
import org.springframework.security.oauth2.client.resource.OAuth2ProtectedResourceDetails;
import org.springframework.security.oauth2.client.resource.UserRedirectRequiredException;
import org.springframework.security.oauth2.common.OAuth2AccessToken;
import org.springframework.security.oauth2.provider.ClientDetails;
import org.springframework.security.oauth2.provider.OAuth2Authentication;
import org.springframework.security.oauth2.provider.OAuth2Request;
import org.springframework.security.oauth2.provider.token.AuthorizationServerTokenServices;
import org.springframework.security.oauth2.provider.token.DefaultTokenServices;
import org.springframework.util.StringUtils;
import plus.easydo.starter.oauth.api.TokenApi;
import plus.easydo.starter.oauth.core.config.SecurityBeanConfig;

/* loaded from: input_file:plus/easydo/starter/oauth/client/service/CustomizeClientServer.class */
public class CustomizeClientServer {
    private boolean isOauthServer;
    private OAuth2AccessToken oAuth2AccessToken;
    private final OAuth2ProtectedResourceDetails resource;
    private final OAuth2RestTemplate oAuth2RestTemplate;

    @Autowired(required = false)
    TokenApi tokenApi;

    @Autowired(required = false)
    @Qualifier("serverBeanConfig")
    private SecurityBeanConfig securityBeanConfig;
    Logger log = LoggerFactory.getLogger(CustomizeClientServer.class);
    private String token = "";

    public CustomizeClientServer(OAuth2ProtectedResourceDetails oAuth2ProtectedResourceDetails) {
        this.log.info("初始化CustomizeClientServer");
        this.resource = oAuth2ProtectedResourceDetails;
        this.oAuth2RestTemplate = new OAuth2RestTemplate(oAuth2ProtectedResourceDetails);
    }

    public OAuth2AccessToken getAccessToken() throws UserRedirectRequiredException {
        if (StringUtils.isEmpty(this.token)) {
            return isOauthServer() ? localServerGetAccessToken() : remoteGetAccessToken();
        }
        checkToken(this.token);
        return this.oAuth2AccessToken;
    }

    private boolean isOauthServer() {
        this.isOauthServer = this.securityBeanConfig != null;
        return this.isOauthServer;
    }

    public OAuth2AccessToken localServerGetAccessToken() {
        AuthorizationServerTokenServices authorizationServerTokenServices = this.securityBeanConfig.getAuthorizationServerTokenServices();
        ClientDetails loadClientByClientId = this.securityBeanConfig.getClientDetailsService().loadClientByClientId(this.resource.getClientId());
        Collection authorities = loadClientByClientId.getAuthorities();
        Set resourceIds = loadClientByClientId.getResourceIds();
        OAuth2Authentication oAuth2Authentication = new OAuth2Authentication(new OAuth2Request((Map) null, this.resource.getClientId(), authorities, true, loadClientByClientId.getScope(), resourceIds, (String) null, (Set) null, (Map) null), (Authentication) null);
        OAuth2AccessToken accessToken = authorizationServerTokenServices.getAccessToken(oAuth2Authentication);
        if (accessToken == null) {
            accessToken = authorizationServerTokenServices.createAccessToken(oAuth2Authentication);
        }
        setToken(accessToken);
        this.log.info("localServerGetAccessToken()===> {}", this.token);
        return accessToken;
    }

    private void setToken(OAuth2AccessToken oAuth2AccessToken) {
        this.oAuth2AccessToken = oAuth2AccessToken;
        this.token = oAuth2AccessToken.getValue();
    }

    public void checkToken(String str) {
        if (this.isOauthServer) {
            DefaultTokenServices authorizationServerTokenServices = this.securityBeanConfig.getAuthorizationServerTokenServices();
            if (authorizationServerTokenServices instanceof DefaultTokenServices) {
                OAuth2AccessToken readAccessToken = authorizationServerTokenServices.readAccessToken(str);
                if (readAccessToken == null || readAccessToken.isExpired()) {
                    this.log.error("checkToken()=>校验令牌失败：{},{}", str, "调用本地服务重新获取token");
                    localServerGetAccessToken();
                    return;
                }
                return;
            }
            return;
        }
        if (Objects.nonNull(this.tokenApi)) {
            Map checkToken = this.tokenApi.checkToken(this.token);
            this.log.info("tokenApi.checkToken(): {}", checkToken);
            if (Objects.isNull(checkToken.get("client_id"))) {
                remoteGetAccessToken();
            }
        }
        if (this.oAuth2AccessToken.isExpired()) {
            this.oAuth2RestTemplate.getOAuth2ClientContext().setAccessToken((OAuth2AccessToken) null);
            remoteGetAccessToken();
        }
    }

    public OAuth2AccessToken remoteGetAccessToken() {
        if (Objects.nonNull(this.tokenApi)) {
            OAuth2AccessToken feignClientGetAccessToken = feignClientGetAccessToken();
            if (Objects.nonNull(feignClientGetAccessToken)) {
                setToken(feignClientGetAccessToken);
                return feignClientGetAccessToken;
            }
        }
        OAuth2AccessToken accessToken = this.oAuth2RestTemplate.getAccessToken();
        setToken(accessToken);
        this.log.info("remoteGetAccessToken()===> {}", this.token);
        return accessToken;
    }

    public OAuth2AccessToken feignClientGetAccessToken() {
        HashMap hashMap = new HashMap(4);
        hashMap.put("grant_type", this.resource.getGrantType());
        hashMap.put("client_id", this.resource.getClientId());
        hashMap.put("client_secret", this.resource.getClientSecret());
        ResponseEntity accessToken = this.tokenApi.getAccessToken(new UsernamePasswordAuthenticationToken(new User(this.resource.getClientId(), "", Collections.emptyList()), (Object) null), hashMap);
        this.log.info("feignClientGetAccessToken()===> {}", accessToken);
        return (OAuth2AccessToken) accessToken.getBody();
    }
}
