package pams.function.oauth.controller;

import com.xdja.pams.bims.entity.Person;
import com.xdja.pams.bims.service.UserManageService;
import com.xdja.pams.common.util.Md5PwdEncoder;
import com.xdja.pams.common.util.Util;
import com.xdja.pams.login.service.LoginService;
import com.xdja.pams.scms.util.Strings;
import java.util.HashMap;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.ui.ModelMap;
import org.springframework.web.bind.annotation.RequestMapping;
import pams.function.oauth.bean.OAuthBean;
import pams.function.oauth.bean.OAuthException;
import pams.function.oauth.bean.PersonInfoBean;
import pams.function.oauth.bean.Result;
import pams.function.oauth.bean.ThirdClientBean;
import pams.function.oauth.bean.TokenBean;
import pams.function.oauth.entity.OAuthCode;
import pams.function.oauth.entity.RefreshToken;
import pams.function.oauth.entity.UserToken;
import pams.function.oauth.service.OAuthCodeService;
import pams.function.oauth.service.OAuthService;
import pams.function.oauth.service.OAuthTokenService;
import pams.function.oauth.service.ThirdClientService;
import pams.function.oauth.utils.OAssert;

@RequestMapping({"/oauth2"})
@Controller
/* loaded from: input_file:pams/function/oauth/controller/OAuthController.class */
public class OAuthController {

    @Autowired
    private OAuthService oAuthService;

    @Autowired
    private UserManageService userManageService;

    @Autowired
    private LoginService loginService;

    @Autowired
    private ThirdClientService thirdClientService;

    @Autowired
    private OAuthCodeService oAuthCodeService;

    @Autowired
    private OAuthTokenService oAuthTokenService;
    private static final String SYS_ERR = "0";
    private static final String ACCOUNT_NULL = "1";
    private static final String PASSWORD_NULL = "2";
    private static final String SCOPES_NULL = "3";
    private static final String ACCOUNT_UNEXISTS = "4";
    private static final String PASSWORD_WRONG = "5";
    private static final String ACCOUNT_LOCKED = "6";
    private static final String CLIENT_SCOPE_UNVALID = "7";
    private static final String CODE_CREATE_ERR = "8";
    private static final Logger LOGGER = LoggerFactory.getLogger(OAuthController.class);
    private static Map<String, String> loginErr = new HashMap();

    @RequestMapping({"/authorize.do"})
    public String toAuthorizationPage(OAuthBean oAuthBean, HttpServletRequest httpServletRequest, ModelMap modelMap) {
        try {
            modelMap.addAttribute("data", this.oAuthService.toAuthorizePage(oAuthBean));
            String msg = oAuthBean.getMsg();
            if (Strings.isNotEmpty(msg)) {
                modelMap.addAttribute("msg", loginErr.get(msg));
            }
            modelMap.addAttribute("flag", true);
            return "oauth/authorize/index";
        } catch (Exception e) {
            modelMap.addAttribute("flag", false);
            if (e instanceof OAuthException) {
                modelMap.addAttribute("msg", e.getMessage());
                return "oauth/authorize/index";
            }
            modelMap.addAttribute("msg", "系统异常");
            return "oauth/authorize/index";
        }
    }

    @RequestMapping({"/login.do"})
    public void doAuthorize(OAuthBean oAuthBean, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        String str = null;
        try {
            this.oAuthService.toAuthorizePage(oAuthBean);
        } catch (Exception e) {
            str = e instanceof OAuthException ? "7" : "0";
        }
        if (Strings.isEmpty(str)) {
            LOGGER.info("开始登录参数", oAuthBean);
            try {
                String username = oAuthBean.getUsername();
                String password = oAuthBean.getPassword();
                String scopes = oAuthBean.getScopes();
                OAssert.state(Strings.isNotEmpty(username), "1");
                OAssert.state(Strings.isNotEmpty(password), "2");
                OAssert.state(Strings.isNotEmpty(scopes), "3");
                Person userByCode = this.userManageService.getUserByCode(username);
                if (userByCode == null) {
                    userByCode = this.userManageService.getUserByIdentifer(username);
                }
                if (userByCode == null) {
                    userByCode = this.userManageService.getUserByMobile(username);
                }
                OAssert.state(userByCode != null, "4");
                OAssert.state(!this.loginService.judgeIslock(userByCode), "6");
                OAssert.state(!this.loginService.judgeIslock2(userByCode), "6");
                OAssert.state(Md5PwdEncoder.getInstance().encodePassword(oAuthBean.getPassword()).equals(userByCode.getPassword()), "5");
                String createCode = this.oAuthService.createCode(oAuthBean.getClient_id(), userByCode.getId(), oAuthBean.getScopes());
                OAssert.state(Strings.isNotEmpty(createCode), "8");
                StringBuilder sb = new StringBuilder(oAuthBean.getRedirect_uri());
                sb.append("?code=").append(createCode);
                if (Strings.isNotEmpty(oAuthBean.getState())) {
                    sb.append("&state=").append(oAuthBean.getState());
                }
                httpServletResponse.sendRedirect(sb.toString());
                return;
            } catch (Exception e2) {
                LOGGER.error("认证失败:{}", e2.getMessage(), e2);
                str = e2 instanceof OAuthException ? e2.getMessage() : "0";
            }
        }
        if (Strings.isNotEmpty(str)) {
            StringBuilder sb2 = new StringBuilder(httpServletRequest.getContextPath());
            sb2.append("/oauth2/authorize.do?").append(oAuthBean.spellQueryParam());
            sb2.append("&msg=").append(str);
            try {
                httpServletResponse.sendRedirect(sb2.toString());
            } catch (Exception e3) {
                LOGGER.error("跳转失败:{}", e3.getMessage(), e3);
            }
        }
    }

    @RequestMapping({"/access_token.do"})
    public void getToken(OAuthBean oAuthBean, HttpServletResponse httpServletResponse) {
        String fail;
        try {
        } catch (Exception e) {
            LOGGER.error(e.getMessage(), e);
            fail = Result.fail("服务器繁忙");
        }
        if (StringUtils.isBlank(oAuthBean.getClient_id()) || StringUtils.isBlank(oAuthBean.getClient_secret()) || StringUtils.isBlank(oAuthBean.getCode()) || StringUtils.isBlank(oAuthBean.getGrant_type()) || !"authorization_code".equals(oAuthBean.getGrant_type())) {
            Util.writeUtf8JSON(httpServletResponse, Result.fail("5", "参数无效"));
            return;
        }
        if (this.thirdClientService.queryByIdAndSecret(oAuthBean.getClient_id(), oAuthBean.getClient_secret()) == null) {
            Util.writeUtf8JSON(httpServletResponse, Result.fail("2", "未认证通过，您的客户端ID和秘钥不存在或已被禁用"));
            return;
        }
        OAuthCode queryByCodeAndClientId = this.oAuthCodeService.queryByCodeAndClientId(oAuthBean.getCode(), oAuthBean.getClient_id());
        long currentTimeMillis = System.currentTimeMillis();
        if (queryByCodeAndClientId == null || queryByCodeAndClientId.getExpire() < currentTimeMillis) {
            Util.writeUtf8JSON(httpServletResponse, Result.fail("3", "无效的code"));
            return;
        }
        if ("1".equals(queryByCodeAndClientId.getIsUsed())) {
            Util.writeUtf8JSON(httpServletResponse, Result.fail("6", "code已被使用"));
            return;
        }
        TokenBean createToken = this.oAuthTokenService.createToken(queryByCodeAndClientId);
        this.oAuthCodeService.revokeCode(queryByCodeAndClientId);
        fail = Result.success(createToken);
        Util.writeUtf8JSON(httpServletResponse, fail);
    }

    @RequestMapping({"/get_user_info.do"})
    public void getUserInfo(String str, HttpServletResponse httpServletResponse) {
        String fail;
        try {
        } catch (Exception e) {
            LOGGER.error(e.getMessage(), e);
            fail = Result.fail("服务器繁忙");
        }
        if (StringUtils.isBlank(str)) {
            Util.writeUtf8JSON(httpServletResponse, Result.fail("5", "参数无效"));
            return;
        }
        UserToken queryByToken = this.oAuthTokenService.queryByToken(str);
        if (queryByToken == null) {
            Util.writeUtf8JSON(httpServletResponse, Result.fail("4", "无效的票据"));
            return;
        }
        if (queryByToken.getExpire() < System.currentTimeMillis()) {
            Util.writeUtf8JSON(httpServletResponse, Result.fail("7", "票据已过期"));
            return;
        }
        if (StringUtils.isBlank(queryByToken.getScopeId())) {
            Util.writeUtf8JSON(httpServletResponse, Result.success(new PersonInfoBean()));
            return;
        }
        ThirdClientBean byId = this.thirdClientService.getById(queryByToken.getClientId());
        if (byId == null || !"1".equals(byId.getState())) {
            Util.writeUtf8JSON(httpServletResponse, Result.fail("2", "未认证通过，第三方客户端不存在或者已被停用"));
            return;
        }
        Person queryPersonById = this.userManageService.queryPersonById(queryByToken.getPersonId());
        if (queryPersonById == null) {
            Util.writeUtf8JSON(httpServletResponse, Result.fail("8", "人员信息不存在"));
        } else {
            fail = Result.success(this.oAuthTokenService.queryUserInfo(queryByToken.getScopeId(), queryPersonById));
            Util.writeUtf8JSON(httpServletResponse, fail);
        }
    }

    @RequestMapping({"/refresh_token.do"})
    public void refreshToken(OAuthBean oAuthBean, HttpServletResponse httpServletResponse) {
        String fail;
        try {
        } catch (Exception e) {
            LOGGER.error(e.getMessage(), e);
            fail = Result.fail("服务器繁忙");
        }
        if (StringUtils.isBlank(oAuthBean.getClient_id()) || StringUtils.isBlank(oAuthBean.getClient_secret()) || StringUtils.isBlank(oAuthBean.getRefresh_token())) {
            Util.writeUtf8JSON(httpServletResponse, Result.fail("5", "参数无效"));
            return;
        }
        if (this.thirdClientService.queryByIdAndSecret(oAuthBean.getClient_id(), oAuthBean.getClient_secret()) == null) {
            Util.writeUtf8JSON(httpServletResponse, Result.fail("2", "未认证通过，您的客户端ID和秘钥不存在或已被禁用"));
            return;
        }
        RefreshToken queryRefreshToken = this.oAuthTokenService.queryRefreshToken(oAuthBean.getRefresh_token());
        if (queryRefreshToken == null) {
            Util.writeUtf8JSON(httpServletResponse, Result.fail(Result.INVALID_REFRESH_TOKEN, "无效的refreshToken"));
        } else if (queryRefreshToken.getExpire() < System.currentTimeMillis()) {
            Util.writeUtf8JSON(httpServletResponse, Result.fail(Result.REFRESH_TOKEN_EXPIRED, "refreshToken已过期"));
        } else {
            fail = Result.success(this.oAuthTokenService.delayToken(queryRefreshToken));
            Util.writeUtf8JSON(httpServletResponse, fail);
        }
    }

    @RequestMapping({"/get_token_info.do"})
    public void queryTokenInfo(String str, HttpServletResponse httpServletResponse) {
        String fail;
        try {
        } catch (Exception e) {
            LOGGER.error(e.getMessage(), e);
            fail = Result.fail("服务器繁忙");
        }
        if (StringUtils.isBlank(str)) {
            Util.writeUtf8JSON(httpServletResponse, Result.fail("5", "参数无效"));
            return;
        }
        UserToken queryByToken = this.oAuthTokenService.queryByToken(str);
        if (queryByToken == null) {
            Util.writeUtf8JSON(httpServletResponse, Result.fail("4", "无效的票据"));
        } else {
            fail = Result.success(queryByToken);
            Util.writeUtf8JSON(httpServletResponse, fail);
        }
    }

    @RequestMapping({"/api_doc.do"})
    public String toApiDoc() {
        return "oauth/authorize/pams-oauth-api-doc";
    }

    static {
        loginErr.put("0", "系统异常");
        loginErr.put("1", "账号参数为空");
        loginErr.put("2", "密码参数为空");
        loginErr.put("3", "用户未授权");
        loginErr.put("4", "账户不存在");
        loginErr.put("5", "密码错误");
        loginErr.put("6", "账户被锁定");
        loginErr.put("7", "第三方和权限校验失败");
        loginErr.put("8", "创建code失败");
    }
}
