package com.focus.locode.plugin.ca.controller;

import com.alibaba.fastjson2.JSON;
import com.alibaba.fastjson2.JSONArray;
import com.alibaba.fastjson2.JSONReader;
import com.centit.framework.common.ResponseData;
import com.centit.framework.core.controller.BaseController;
import com.centit.framework.core.controller.WrapUpResponseBody;
import com.centit.framework.model.adapter.PlatformEnvironment;
import com.centit.framework.model.security.CentitUserDetails;
import com.centit.framework.security.SecurityContextUtils;
import com.centit.support.algorithm.CollectionsOpt;
import com.centit.support.common.ObjectException;
import com.centit.support.network.HttpExecutor;
import com.centit.support.network.HttpExecutorContext;
import com.centit.support.security.AESSecurityUtils;
import com.focus.locode.plugin.ca.auth.ObtainAuthData;
import com.focus.locode.plugin.ca.po.AccessTokenUserInfo;
import com.focus.locode.plugin.ca.po.CallbackSsoAuthRequest;
import com.focus.locode.plugin.ca.po.CallbackSsoAuthResponse;
import com.focus.locode.plugin.ca.po.SsoGrantTypeEnum;
import io.swagger.annotations.ApiOperation;
import java.io.IOException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.bind.annotation.RestController;

@RequestMapping({"sso"})
@RestController
/* loaded from: input_file:com/focus/locode/plugin/ca/controller/Ptl2SsoController.class */
public class Ptl2SsoController extends BaseController {
    private static Logger logger = LoggerFactory.getLogger(Ptl2SsoController.class);
    private static final String GRANT_TYPE = "authorization_code";
    private static final String ACCESS_TOKEN_URL = "token/accessToken";
    private static final String ERROR_TYPE = "&error=";
    private static final String PTL_ERROR_TYPE = "&ptl2ErrReason";

    @Value("${focus.sso.server}")
    protected String focusSsoServer;

    @Value("${focus.sso.client.id}")
    protected String clientId;

    @Value("${focus.sso.client.secret}")
    protected String clientSecret;

    @Value("${focus.sso.key}")
    protected String ssoKey;

    @Autowired
    protected PlatformEnvironment platformEnvironment;

    @Autowired
    protected ObtainAuthData obtainAuthData;

    @GetMapping({"authorize"})
    @WrapUpResponseBody
    @ApiOperation(value = "认证回调接口", notes = "认证回调接口")
    public ResponseData ssoAuthorize(CallbackSsoAuthRequest callbackSsoAuthRequest, HttpServletRequest httpServletRequest) {
        if (!SsoGrantTypeEnum.AUTHORIZATION_CODE.getModeCode().equals(callbackSsoAuthRequest.getMode())) {
            throw new ObjectException(101, "认证模式不一致：mode-error--" + callbackSsoAuthRequest.getMode());
        }
        try {
            String formPost = HttpExecutor.formPost(HttpExecutorContext.create(), this.focusSsoServer + ACCESS_TOKEN_URL, CollectionsOpt.createHashMap(new Object[]{"client_id", this.clientId, "client_secret", this.clientSecret, "grant_type", GRANT_TYPE, "uc", callbackSsoAuthRequest.getUc(), "code", callbackSsoAuthRequest.getCode()}));
            CallbackSsoAuthResponse callbackSsoAuthResponse = (CallbackSsoAuthResponse) JSON.parseObject(formPost, CallbackSsoAuthResponse.class);
            if (callbackSsoAuthResponse == null || StringUtils.isNotBlank(callbackSsoAuthResponse.getErrorDescription())) {
                logger.warn("repose token/accessToken error,{}", formPost);
                throw new ObjectException(101, "request-token-error--" + formPost);
            }
            AccessTokenUserInfo userinfo = callbackSsoAuthResponse.getUserinfo();
            if (userinfo == null || StringUtils.isBlank(userinfo.getUsername())) {
                logger.warn("reposeUserInfo  token/accessToken error,ssoAuthResponse:{}", callbackSsoAuthResponse);
                throw new ObjectException(101, "user not found--" + formPost);
            }
            CentitUserDetails loadUserDetailsByLoginName = this.platformEnvironment.loadUserDetailsByLoginName(userinfo.getUsername());
            if (loadUserDetailsByLoginName == null) {
                throw new ObjectException(710, "user not found--" + userinfo.getUsername());
            }
            loadUserDetailsByLoginName.setUserRoles(this.obtainAuthData.getRoleByLoginUserNameAndAppSymbols(loadUserDetailsByLoginName.getUserInfo().getLoginName()));
            SecurityContextHolder.getContext().setAuthentication(loadUserDetailsByLoginName);
            SecurityContextUtils.fetchAndSetLocalParams(loadUserDetailsByLoginName, httpServletRequest, this.platformEnvironment);
            return SecurityContextUtils.makeLoginSuccessResponse(loadUserDetailsByLoginName, httpServletRequest);
        } catch (Exception e) {
            logger.error("post token/accessToken error", e);
            throw new ObjectException("token/accessToken error");
        }
    }

    @GetMapping({"/login"})
    @ApiOperation(value = "登录页面", notes = "跳转到登录页面，可能不需要这个接口")
    public void loginPage(@RequestParam("type") String str, @RequestParam("userCode") String str2, @RequestParam("returnUrl") String str3, HttpServletResponse httpServletResponse) throws IOException {
        httpServletResponse.sendRedirect("&response_type=code&scope=snsapi_login&redirect_uri=" + ("&type=" + str + "&returnUrl=" + str3 + "&userCode=" + str2));
    }

    @PostMapping({"forbidden_account"})
    @WrapUpResponseBody
    @ResponseBody
    public ResponseData forbiddenAccount(@RequestBody String str, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        String decryptBase64String = AESSecurityUtils.decryptBase64String(str, this.ssoKey);
        if (!StringUtils.isNotBlank(decryptBase64String) || JSONArray.parse(decryptBase64String, new JSONReader.Feature[0]) != null) {
        }
        return ResponseData.makeErrorMessage(100, "");
    }
}
