package kd.bos.openapi.kcf.utils;

import java.util.Base64;
import java.util.HashMap;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import kd.bos.dataentity.resource.ResManager;
import kd.bos.kcf.message.HttpMethod;
import kd.bos.logging.Log;
import kd.bos.logging.LogFactory;
import kd.bos.mservice.circuitbreaker.CircuitbreakerFactory;
import kd.bos.mservice.spi.circuitbreaker.Circuitbreaker;
import kd.bos.openapi.common.constant.ApiErrorCode;
import kd.bos.openapi.common.constant.ResSystemType;
import kd.bos.openapi.common.exception.OpenApiException;
import kd.bos.openapi.common.util.ApiDataUtil;
import kd.bos.openapi.common.util.IOUtil;
import kd.bos.openapi.common.util.StringUtil;
import kd.bos.openapi.kcf.context.OpenApiAuthContext;
import kd.bos.openapi.kcf.result.ResultProcessUtil;
import kd.bos.openapi.kcf.spi.OpenApiServiceManager;
import kd.bos.openapi.security.model.ApiIpInfoDto;
import kd.bos.openapi.security.model.TokenUrlEnum;
import kd.bos.openapi.security.oauth.token.AccessTokenRequestDto;
import kd.bos.service.authorize.model.ApiCommonResult;

/* loaded from: input_file:kd/bos/openapi/kcf/utils/OauthTokenUtil.class */
public class OauthTokenUtil {
    private static final Log log = LogFactory.getLog(OauthTokenUtil.class);

    public static void accessTokenService(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, HttpMethod httpMethod, String str) {
        long currentTimeMillis = System.currentTimeMillis();
        String apiUrl = ApiDataUtil.getApiUrl(httpServletRequest);
        try {
            try {
                OpenApiAuthContext.getInstance(httpServletRequest, httpServletResponse);
                if (HttpMethod.Post != httpMethod) {
                    throw new OpenApiException(ApiErrorCode.HTTP_NOT_ALLOWED, ResManager.loadKDString("请求方式仅支持POST。", "OauthTokenUtil_0", ResSystemType.KCF.getType(), new Object[0]), new Object[0]);
                }
                if (TokenUrlEnum.getToken(str) == null) {
                    throw new OpenApiException(ApiErrorCode.Data_Invalid, ResManager.loadKDString("请求参数错误: 不合法的URL。", "OauthTokenUtil_4", ResSystemType.KCF.getType(), new Object[0]), new Object[0]);
                }
                String accountId = OpenApiAuthContext.getContext().getCurrentCenter().getAccountId();
                if (StringUtil.isEmpty(OpenApiAuthContext.getContext().getBody())) {
                    throw new OpenApiException(ApiErrorCode.Data_Invalid, String.format(ResManager.loadKDString("请求参数错误: %1$s为空。", "OauthTokenUtil_1", ResSystemType.KCF.getType(), new Object[0]), "body"), new Object[0]);
                }
                Object obj = OpenApiAuthContext.getContext().getContextMap().get("Request.Arg0");
                if (!(obj instanceof Map)) {
                    throw new OpenApiException(ApiErrorCode.Data_Invalid, ResManager.loadKDString("请求参数错误:参数需要以JSON格式传入。", "OauthTokenUtil_2", ResSystemType.KCF.getType(), new Object[0]), new Object[0]);
                }
                Map map = (Map) obj;
                Map<String, String> headers = OpenApiAuthContext.getContext().getHeaders();
                updateClientIdAndSecretByBasic(headers, map);
                String str2 = (String) map.get("client_id");
                OpenApiServiceManager.getTokenFacadeService().limit(str, str2, accountId);
                String str3 = (String) map.get("client_secret");
                if (StringUtil.isEmpty(str2)) {
                    throw new OpenApiException(ApiErrorCode.Data_Invalid, String.format(ResManager.loadKDString("请求参数错误: %1$s为空。", "OauthTokenUtil_1", ResSystemType.KCF.getType(), new Object[0]), "client_id"), new Object[0]);
                }
                Long thirdIdByNum = OpenApiServiceManager.getOpenApiAuthService().getThirdIdByNum(str2, accountId);
                if (thirdIdByNum == null || thirdIdByNum.longValue() == 0) {
                    throw new OpenApiException(ApiErrorCode.Data_Invalid, String.format(ResManager.loadKDString("请求参数错误: 第三方应用client_id： %1$s在系统中不存在或未启用。", "OauthTokenUtil_3", ResSystemType.KCF.getType(), new Object[0]), str2), new Object[0]);
                }
                String str4 = headers.get("OpenApiVer");
                OpenApiAuthContext.getContext().addParamExt("client_id", str2);
                OpenApiAuthContext.getContext().addParamExt("thirdAppId", thirdIdByNum);
                Circuitbreaker begin = CircuitbreakerFactory.get("WebRequest", "OpenApi").withName(ApiDataUtil.getThirdResLimitResId(accountId, thirdIdByNum.toString())).begin();
                ApiIpInfoDto apiIpInfoDto = new ApiIpInfoDto();
                apiIpInfoDto.setIp(OpenApiAuthContext.getContext().getIp());
                apiIpInfoDto.setThirdId(thirdIdByNum);
                apiIpInfoDto.setAccountId(OpenApiAuthContext.getContext().getCurrentCenter().getAccountId());
                OpenApiServiceManager.getApiGateService().checkIP(apiIpInfoDto);
                new AccessTokenRequestDto(str3).setThirdAppNumber(str2);
                ResultProcessUtil.processAuthResult(httpServletRequest, httpServletResponse, OpenApiServiceManager.getTokenFacadeService().invoke(str, str4));
                OpenApiAuthContext.getContext().addParamExt("errorCode", "0");
                if (begin != null) {
                    IOUtil.closeQuietly(begin);
                }
                int currentTimeMillis2 = (int) (System.currentTimeMillis() - currentTimeMillis);
                if (OpenApiAuthContext.getContext() != null && OpenApiAuthContext.getContext().isParamErrorCode()) {
                    ApiAuthLogUtil.writeAuthApiLog(apiUrl, currentTimeMillis2);
                }
                OpenApiAuthContext.close();
            } catch (Throwable th) {
                ApiCommonResult apiCommonResult = new ApiCommonResult();
                apiCommonResult.setMessage(th.getMessage());
                apiCommonResult.setStatus(false);
                log.error("----OauthTokenUtil OpenApi Auth Failed. error:" + th.getMessage(), th);
                OpenApiExceptionUtil.handleAuthException(th, httpServletResponse, apiCommonResult);
                ResultProcessUtil.processAuthResult(httpServletRequest, httpServletResponse, apiCommonResult);
                if (0 != 0) {
                    IOUtil.closeQuietly((AutoCloseable) null);
                }
                int currentTimeMillis3 = (int) (System.currentTimeMillis() - currentTimeMillis);
                if (OpenApiAuthContext.getContext() != null && OpenApiAuthContext.getContext().isParamErrorCode()) {
                    ApiAuthLogUtil.writeAuthApiLog(apiUrl, currentTimeMillis3);
                }
                OpenApiAuthContext.close();
            }
        } catch (Throwable th2) {
            if (0 != 0) {
                IOUtil.closeQuietly((AutoCloseable) null);
            }
            int currentTimeMillis4 = (int) (System.currentTimeMillis() - currentTimeMillis);
            if (OpenApiAuthContext.getContext() != null && OpenApiAuthContext.getContext().isParamErrorCode()) {
                ApiAuthLogUtil.writeAuthApiLog(apiUrl, currentTimeMillis4);
            }
            OpenApiAuthContext.close();
            throw th2;
        }
    }

    private static void updateClientIdAndSecretByBasic(Map<String, String> map, Map<String, Object> map2) {
        String str = map.get("Authorization");
        if (StringUtil.isNotEmpty(str)) {
            String trim = str.trim();
            if (trim.startsWith("Basic")) {
                String[] split = trim.split("\\s+");
                if (split.length == 2 && split[0].equalsIgnoreCase("Basic") && StringUtil.isNotEmpty(split[1])) {
                    String str2 = new String(Base64.getUrlDecoder().decode(split[1]));
                    String[] split2 = StringUtil.isNotEmpty(str2) ? str2.split(":") : new String[0];
                    if (split2.length == 2) {
                        map2.put("client_id", split2[0]);
                        map2.put("client_secret", split2[1]);
                    }
                }
            }
        }
    }

    public static Map<String, String> getTokenInfo(Map<String, String> map) {
        HashMap hashMap = new HashMap();
        Object obj = "";
        Object obj2 = "0";
        String str = map.get("jwt");
        String str2 = "";
        if (StringUtil.isNotEmpty(str)) {
            obj = "3";
            if (str.startsWith("OPENAPIAUTH_")) {
                obj2 = "1";
            }
        } else {
            str2 = map.get("access_token");
            if (StringUtil.isEmpty(str2)) {
                str2 = map.get("accesstoken");
            }
            if (StringUtil.isNotEmpty(str2)) {
                obj = "1";
                if (str2.startsWith("OPENAPIAUTH_")) {
                    obj2 = "1";
                }
            }
        }
        hashMap.put("authType", obj);
        hashMap.put("access_token", str2);
        hashMap.put("jwt", str);
        hashMap.put("isNewTokenAuth", obj2);
        return hashMap;
    }
}
