package com.newcapec.thirdpart.api;

import cn.hutool.core.util.StrUtil;
import cn.hutool.crypto.asymmetric.KeyType;
import cn.hutool.crypto.asymmetric.RSA;
import cn.hutool.json.JSONObject;
import com.newcapec.thirdpart.utils.PoaUtils;
import io.swagger.annotations.Api;
import java.nio.charset.StandardCharsets;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springblade.core.log.annotation.ApiLog;
import org.springblade.core.secure.TokenInfo;
import org.springblade.core.tool.api.R;
import org.springblade.core.tool.utils.Base64Util;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.cloud.context.config.annotation.RefreshScope;
import org.springframework.util.Base64Utils;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

@RequestMapping({"/v1/openApi/poa"})
@Api(value = "第三方获取x_id_token", tags = {"第三方获取x_id_token  Api"})
@RestController
@RefreshScope
/* loaded from: input_file:com/newcapec/thirdpart/api/ApiPoaController.class */
public class ApiPoaController {
    private static final Logger log = LoggerFactory.getLogger(ApiPoaController.class);

    @Value("${poa.client.id}")
    private String poaClientId;

    @Value("${poa.client.secret}")
    private String poaClientSecret;

    @Value("${poa.client.scopes}")
    private String poaClientScopes;

    @Value("${poa.server.url}")
    private String poaServerUrl;

    @Value("${rsa.privateKeyBase64}")
    private String rsaPrivateKeyBase64;

    @Value("${rsa.publicKeyBase64}")
    private String rsaPublicKeyBase64;

    @GetMapping({"/getAccount"})
    @ApiLog("用户名加密")
    public R getAccount(HttpServletRequest httpServletRequest) {
        String parameter = httpServletRequest.getParameter("account");
        if (StrUtil.isBlank(parameter)) {
            return R.fail("参数 account 不能为空");
        }
        String encryptBase64 = new RSA((String) null, this.rsaPublicKeyBase64).encryptBase64(parameter + "_" + (System.currentTimeMillis() / 1000), KeyType.PublicKey);
        String encodeToUrlSafeString = Base64Utils.encodeToUrlSafeString(encryptBase64.getBytes(StandardCharsets.UTF_8));
        log.info("str={}", encryptBase64);
        log.info("s1={}", encodeToUrlSafeString);
        return R.data(encodeToUrlSafeString);
    }

    @GetMapping({"/getToken"})
    @ApiLog("获取第三方加密的account 请求poa 获取用户信息 转换成x-id-token 返回给用户")
    public R getXIdToken(HttpServletRequest httpServletRequest) {
        String parameter = httpServletRequest.getParameter("account");
        String decodeUrlSafe = Base64Util.decodeUrlSafe(parameter);
        log.info("base64 url编码后的 account={}", parameter);
        log.info("base64 url编码前的accountBase64={}", decodeUrlSafe);
        if (StrUtil.isBlank(decodeUrlSafe)) {
            return R.fail("参数不能为空");
        }
        String decryptStr = new RSA(this.rsaPrivateKeyBase64, (String) null).decryptStr(decodeUrlSafe, KeyType.PrivateKey);
        if (StrUtil.isBlank(decryptStr)) {
            return R.fail("解析参数为空");
        }
        String[] split = decryptStr.split("_");
        if (split.length != 2) {
            return R.fail("参数格式错误，请加上_当前时间秒数");
        }
        long currentTimeMillis = System.currentTimeMillis() / 1000;
        long parseLong = Long.parseLong(split[1]);
        if ((currentTimeMillis > parseLong ? currentTimeMillis - parseLong : parseLong - currentTimeMillis) > 600) {
            return R.fail("参数失效，time超时，可以先排查服务的操作系统时间否是和标准时间一致");
        }
        String str = split[0];
        log.info("解析出 account={}", str);
        if (StrUtil.isBlank(str)) {
            return R.fail("参数错误");
        }
        JSONObject userByAccountName = PoaUtils.getUserByAccountName(str, this.poaServerUrl, this.poaClientId, this.poaClientSecret, this.poaClientScopes);
        if (userByAccountName == null) {
            return R.fail("未获取到该用户信息1，请检查poa 中是否有此用户");
        }
        if (!"0".equals(userByAccountName.getStr("code"))) {
            return R.fail("未获取到该用户信息2，请检查poa 中是否有此用户");
        }
        if (StrUtil.isBlank(userByAccountName.getJSONObject("data").getStr("accountName"))) {
            return R.fail("未获取到该用户信息3，请检查poa 中是否有此用户");
        }
        JSONObject poaIdToken = PoaUtils.getPoaIdToken(str, this.poaServerUrl, this.poaClientId, this.poaClientSecret, this.poaClientScopes);
        if (poaIdToken == null) {
            return R.fail("获取POA id token失败，请联系管理员");
        }
        String str2 = poaIdToken.getJSONObject("data").getStr("idToken");
        if (str2 == null || str2.isEmpty()) {
            return R.fail("获取POA id token失败，请联系管理员");
        }
        TokenInfo tokenInfo = new TokenInfo();
        tokenInfo.setToken(str2);
        tokenInfo.setExpire(3600);
        return R.data(tokenInfo);
    }

    private void addAttr(Map<String, Object> map) {
        map.put("ATTR_accountId", map.get("id"));
        map.put("ATTR_name", map.get("name"));
        map.put("ATTR_userUid", map.get("uid"));
        map.put("ATTR_accountId", map.get("accountId"));
        map.put("ATTR_organizationId", map.get("organizationId"));
        map.put("ATTR_organizationCode", map.get("organizationCode"));
        map.put("ATTR_organizationName", map.get("organizationName"));
        map.put("ATTR_identityTypeId", map.get("identityTypeId"));
        map.put("ATTR_identityTypeCode", map.get("identityTypeCode"));
        map.put("ATTR_identityTypeName", map.get("identityTypeName"));
    }
}
