package org.springblade.auth.granter;

import java.util.LinkedHashMap;
import java.util.List;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springblade.auth.constant.AuthConstant;
import org.springblade.auth.service.BladeUserDetails;
import org.springblade.auth.utils.TokenUtil;
import org.springblade.core.jwt.AesUtil;
import org.springblade.core.tool.api.R;
import org.springblade.core.tool.utils.Func;
import org.springblade.core.tool.utils.StringUtil;
import org.springblade.core.tool.utils.WebUtil;
import org.springblade.system.cache.SysCache;
import org.springblade.system.entity.Role;
import org.springblade.system.user.entity.User;
import org.springblade.system.user.entity.UserInfo;
import org.springblade.system.user.feign.IUserClient;
import org.springframework.security.authentication.AbstractAuthenticationToken;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.oauth2.common.exceptions.InvalidGrantException;
import org.springframework.security.oauth2.provider.ClientDetails;
import org.springframework.security.oauth2.provider.ClientDetailsService;
import org.springframework.security.oauth2.provider.OAuth2Authentication;
import org.springframework.security.oauth2.provider.OAuth2RequestFactory;
import org.springframework.security.oauth2.provider.TokenRequest;
import org.springframework.security.oauth2.provider.token.AbstractTokenGranter;
import org.springframework.security.oauth2.provider.token.AuthorizationServerTokenServices;

/* loaded from: input_file:org/springblade/auth/granter/ThirdPartTokenGranter.class */
public class ThirdPartTokenGranter extends AbstractTokenGranter {
    private static final Logger log = LoggerFactory.getLogger(ThirdPartTokenGranter.class);
    private static final String GRANT_TYPE = "thirdpart";
    private String aesKey;
    private IUserClient userClient;

    public ThirdPartTokenGranter(AuthorizationServerTokenServices authorizationServerTokenServices, ClientDetailsService clientDetailsService, OAuth2RequestFactory oAuth2RequestFactory, String str, IUserClient iUserClient) {
        super(authorizationServerTokenServices, clientDetailsService, oAuth2RequestFactory, GRANT_TYPE);
        this.aesKey = TokenUtil.DEFAULT_AVATAR;
        this.aesKey = str;
        this.userClient = iUserClient;
    }

    protected OAuth2Authentication getOAuth2Authentication(ClientDetails clientDetails, TokenRequest tokenRequest) {
        LinkedHashMap linkedHashMap = new LinkedHashMap(tokenRequest.getRequestParameters());
        String header = WebUtil.getRequest().getHeader(TokenUtil.TENANT_HEADER_KEY);
        String str = (String) linkedHashMap.get(TokenUtil.ACCOUNT);
        log.info("------------第三方登录获取token------------");
        log.info("------------EncryptAccount:{}", str);
        String aesDecrypt = AesUtil.aesDecrypt(str, this.aesKey);
        log.info("------------DecryptAccount:{}", aesDecrypt);
        R userInfoByMultipleAccount = this.userClient.userInfoByMultipleAccount(header, aesDecrypt);
        if (!userInfoByMultipleAccount.isSuccess() || ((UserInfo) userInfoByMultipleAccount.getData()).getUser() == null || !StringUtil.isNotBlank(((UserInfo) userInfoByMultipleAccount.getData()).getUser().getAccount())) {
            throw new InvalidGrantException(TokenUtil.ACCOUNT_NOT_FOUND);
        }
        UserInfo userInfo = (UserInfo) userInfoByMultipleAccount.getData();
        User user = userInfo.getUser();
        List roles = userInfo.getRoles();
        String roleId = user.getRoleId();
        String str2 = TokenUtil.DEFAULT_AVATAR;
        List<Role> roleByIds = SysCache.getRoleByIds(user.getRoleId());
        if (roleByIds != null) {
            for (Role role : roleByIds) {
                str2 = StringUtil.isBlank(str2) ? str2 + role.getId() + "," + role.getRoleName() + "," + role.getRoleAlias() : str2 + "|" + role.getId() + "," + role.getRoleName() + "," + role.getRoleAlias();
            }
        }
        BladeUserDetails bladeUserDetails = new BladeUserDetails(user.getId(), user.getTenantId(), TokenUtil.DEFAULT_AVATAR, user.getName(), user.getRealName(), user.getDeptId(), user.getPostId(), roleId, Func.join(roles), str2, Func.toStr(user.getAvatar(), TokenUtil.DEFAULT_AVATAR), aesDecrypt, AuthConstant.ENCRYPT + user.getPassword(), userInfo.getDetail(), true, true, true, true, AuthorityUtils.commaSeparatedStringToAuthorityList(Func.join(roles)));
        linkedHashMap.put("username", aesDecrypt);
        AbstractAuthenticationToken usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken(bladeUserDetails, (Object) null, bladeUserDetails.getAuthorities());
        usernamePasswordAuthenticationToken.setDetails(linkedHashMap);
        if (usernamePasswordAuthenticationToken == null || !usernamePasswordAuthenticationToken.isAuthenticated()) {
            throw new InvalidGrantException("Could not authenticate user: " + aesDecrypt);
        }
        return new OAuth2Authentication(getRequestFactory().createOAuth2Request(clientDetails, tokenRequest), usernamePasswordAuthenticationToken);
    }
}
