package tech.riemann.etp.odic.service;

import org.nutz.http.Header;
import org.nutz.http.Http;
import org.nutz.http.Response;
import org.nutz.json.Json;
import org.nutz.lang.Lang;
import org.nutz.lang.Strings;
import org.nutz.lang.random.R;
import org.nutz.lang.util.NutMap;
import org.nutz.log.Log;
import org.nutz.log.Logs;
import org.springframework.context.ApplicationEventPublisher;
import org.springframework.context.ApplicationEventPublisherAware;
import tech.riemann.etp.auth.service.AuthUser;
import tech.riemann.etp.odic.domain.OpenIDConnectClient;
import tech.riemann.etp.odic.domain.Token;
import tech.riemann.etp.odic.event.OpenIDConnectLoginSuccessEvent;
import tech.riemann.etp.odic.service.jwt.JwksJWTGenerator;

/* loaded from: input_file:tech/riemann/etp/odic/service/OpenIDConnectService.class */
public class OpenIDConnectService implements ApplicationEventPublisherAware {
    private final OpenIDConnectClient keepedClient;
    private final String clientId;
    private final String clientSecret;
    private final String discoveryUrl;
    private final String redirectUrl;
    private static final Log logger = Logs.get();
    private ApplicationEventPublisher applicationEventPublisher;

    public OpenIDConnectService(String str, String str2, String str3, String str4) {
        this.clientId = str2;
        this.clientSecret = str3;
        this.redirectUrl = str4;
        this.discoveryUrl = str;
        this.keepedClient = discovery(str);
    }

    public OpenIDConnectClient getClient() {
        return this.keepedClient != null ? this.keepedClient : discovery(this.discoveryUrl);
    }

    private OpenIDConnectClient discovery(String str) {
        Response response = Http.get(str);
        if (response.isOK()) {
            return (OpenIDConnectClient) Json.fromJson(OpenIDConnectClient.class, response.getContent());
        }
        logger.debugf("oidc 发现地址: %s不可用", new Object[]{str});
        return null;
    }

    public Token token(String str) {
        OpenIDConnectClient client = getClient();
        if (client == null) {
            throw ((RuntimeException) Lang.makeThrow(RuntimeException.class, "iodc客户端未正常初始化!", new Object[0]));
        }
        logger.debugf("用户使用授权码换取token,授权码信息为:%s", new Object[]{str});
        Response post2 = Http.post2(client.getTokenEndpoint(), NutMap.NEW().addv("client_id", this.clientId).addv("client_secret", this.clientSecret).addv("code", str).addv("grant_type", "authorization_code").addv("redirect_uri", this.redirectUrl), 5000);
        if (post2.isOK()) {
            return (Token) Json.fromJson(Token.class, post2.getContent());
        }
        logger.debugf("用户使用授权码换取token失败,授权码信息为:%s,请求错误码为:%d", new Object[]{str, Integer.valueOf(post2.getStatus())});
        return null;
    }

    public JwksJWTGenerator jwtGenerator() {
        return new JwksJWTGenerator(this.keepedClient.getJwksUri());
    }

    public AuthUser user(String str) {
        Response response = Http.get(this.keepedClient.getUserinfoEndpoint(), Header.create().set("Authorization", String.format("Bearer %s", str)), 5000);
        logger.debugf("使用token换取用户信息,token为:%s", new Object[]{str});
        if (!response.isOK()) {
            logger.debugf("使用token换取用户信息失败,token为:%s,请求错误码为: %d", new Object[]{str, Integer.valueOf(response.getStatus())});
            return null;
        }
        NutMap map = Lang.map(response.getContent());
        AuthUser build = AuthUser.builder().userName(map.getString("sub")).roles(map.getAsList("roles", String.class)).permissions(map.getAsList("permissions", String.class)).mobile(map.getString("phone_number")).fullName(map.getString("nickname")).email(map.getString("email")).sex((AuthUser.Sex) map.getAs("gender", AuthUser.Sex.class)).avatar(map.getString("avatar")).token(map.getString("token")).refreshToken(map.getString("refreshToken")).extInfo(map.omit(new String[]{"sub", "roles", "permissions", "phone_number", "nickname", "email", "gender", "avatar"})).build();
        logger.debugf("使用token换取用户信息成功,用户信息为:%s", new Object[]{Json.toJson(build)});
        this.applicationEventPublisher.publishEvent(new OpenIDConnectLoginSuccessEvent(build));
        return build;
    }

    public AuthUser login(String str) {
        Token token = token(str);
        if (token == null || Strings.isBlank(token.getAccessToken())) {
            throw Lang.makeThrow("无效的授权码: %s", new Object[]{str});
        }
        return user(token.getAccessToken());
    }

    public String loginUrl(String str, String str2) {
        OpenIDConnectClient client = getClient();
        if (client == null) {
            throw ((RuntimeException) Lang.makeThrow(RuntimeException.class, "iodc客户端未正常初始化!", new Object[0]));
        }
        Object[] objArr = new Object[5];
        objArr[0] = client.getAuthorizationEndpoint();
        objArr[1] = this.clientId;
        objArr[2] = Strings.isBlank(str) ? R.UU16() : str;
        objArr[3] = this.redirectUrl;
        objArr[4] = Strings.isBlank(str2) ? R.UU16() : str2;
        String format = String.format("%s?response_type=code&client_id=%s&scope=openid profile&state=%s&redirect_uri=%s&nonce=%s", objArr);
        logger.debugf("用户进行登录,获取oauth2登录地址:%s", new Object[]{format});
        return format;
    }

    public String loginUrl() {
        return loginUrl(null, null);
    }

    public String logoutUrl() {
        return String.format("%s?client_id=%s", this.keepedClient.getEndSessionEndpoint(), this.clientId);
    }

    public void setApplicationEventPublisher(ApplicationEventPublisher applicationEventPublisher) {
        this.applicationEventPublisher = applicationEventPublisher;
    }
}
