package cn.gtmap.gtc.starter.gscas.config.handler;

import cn.gtmap.gtc.starter.gscas.token.TokenDataRepo;
import com.alibaba.fastjson.JSON;
import feign.RequestInterceptor;
import feign.RequestTemplate;
import java.util.Arrays;
import java.util.Map;
import java.util.concurrent.TimeUnit;
import okhttp3.ConnectionPool;
import okhttp3.FormBody;
import okhttp3.OkHttpClient;
import okhttp3.Request;
import okhttp3.Response;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.security.authentication.AnonymousAuthenticationToken;
import org.springframework.security.authentication.InsufficientAuthenticationException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.oauth2.client.OAuth2ClientContext;
import org.springframework.security.oauth2.client.OAuth2RestTemplate;
import org.springframework.security.oauth2.client.http.AccessTokenRequiredException;
import org.springframework.security.oauth2.client.resource.OAuth2ProtectedResourceDetails;
import org.springframework.security.oauth2.client.resource.UserRedirectRequiredException;
import org.springframework.security.oauth2.client.token.AccessTokenProvider;
import org.springframework.security.oauth2.client.token.AccessTokenProviderChain;
import org.springframework.security.oauth2.client.token.AccessTokenRequest;
import org.springframework.security.oauth2.client.token.grant.client.ClientCredentialsAccessTokenProvider;
import org.springframework.security.oauth2.client.token.grant.code.AuthorizationCodeAccessTokenProvider;
import org.springframework.security.oauth2.client.token.grant.implicit.ImplicitAccessTokenProvider;
import org.springframework.security.oauth2.client.token.grant.password.ResourceOwnerPasswordAccessTokenProvider;
import org.springframework.security.oauth2.common.OAuth2AccessToken;
import org.springframework.security.oauth2.common.OAuth2RefreshToken;
import org.springframework.util.Assert;
import org.springframework.util.CollectionUtils;
import org.springframework.util.StringUtils;

/* loaded from: input_file:BOOT-INF/lib/gtmap-security-cloud-app-starter-1.2.21.jar:cn/gtmap/gtc/starter/gscas/config/handler/GtOAuth2FeignRequestInterceptor.class */
public class GtOAuth2FeignRequestInterceptor implements RequestInterceptor {
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) GtOAuth2FeignRequestInterceptor.class);
    private static final String AUTHORIZATION_HEADER = "Authorization";
    private static final String BEARER_TOKEN_TYPE = "bearer";
    private OAuth2RestTemplate oAuth2RestTemplate;
    private final OAuth2ProtectedResourceDetails details;
    private OkHttpClient okHttpClient;
    private AccessTokenProvider accessTokenProvider = new AccessTokenProviderChain(Arrays.asList(new AuthorizationCodeAccessTokenProvider(), new ImplicitAccessTokenProvider(), new ResourceOwnerPasswordAccessTokenProvider(), new ClientCredentialsAccessTokenProvider()));

    @Value("${app.security.feign.initToken:true}")
    private String initToken;

    protected OAuth2AccessToken acquireAccessToken(OAuth2ClientContext oAuth2ClientContext, OAuth2ProtectedResourceDetails oAuth2ProtectedResourceDetails) throws UserRedirectRequiredException {
        AccessTokenRequest accessTokenRequest = oAuth2ClientContext.getAccessTokenRequest();
        if (accessTokenRequest == null) {
            throw new AccessTokenRequiredException("No OAuth 2 security context has been established. Unable to access resource '" + oAuth2ProtectedResourceDetails.getId() + "'.", oAuth2ProtectedResourceDetails);
        }
        String stateKey = accessTokenRequest.getStateKey();
        if (stateKey != null) {
            accessTokenRequest.setPreservedState(oAuth2ClientContext.removePreservedState(stateKey));
        }
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if ((authentication instanceof AnonymousAuthenticationToken) && !oAuth2ProtectedResourceDetails.isClientOnly()) {
            throw new InsufficientAuthenticationException("Authentication is required to obtain an access token (anonymous not allowed)");
        }
        OAuth2AccessToken oAuth2AccessToken = null;
        OAuth2AccessToken accessToken = oAuth2ClientContext.getAccessToken();
        if (authentication != null && authentication.isAuthenticated()) {
            if (accessToken != null) {
                accessTokenRequest.setExistingToken(accessToken);
            }
            OAuth2RefreshToken refreshToken = accessToken.getRefreshToken();
            oAuth2AccessToken = (refreshToken == null || oAuth2ProtectedResourceDetails.isClientOnly()) ? accessToken : this.accessTokenProvider.refreshAccessToken(oAuth2ProtectedResourceDetails, refreshToken, accessTokenRequest);
        }
        if (oAuth2AccessToken == null || oAuth2AccessToken.getValue() == null) {
            oAuth2AccessToken = accessToken;
        }
        oAuth2ClientContext.setAccessToken(oAuth2AccessToken);
        return oAuth2AccessToken;
    }

    public GtOAuth2FeignRequestInterceptor(OAuth2RestTemplate oAuth2RestTemplate, OAuth2ProtectedResourceDetails oAuth2ProtectedResourceDetails) {
        Assert.notNull(oAuth2RestTemplate, "Context can not be null");
        this.oAuth2RestTemplate = oAuth2RestTemplate;
        this.details = oAuth2ProtectedResourceDetails;
        this.okHttpClient = new OkHttpClient.Builder().retryOnConnectionFailure(false).connectionPool(new ConnectionPool(5, 1L, TimeUnit.MINUTES)).connectTimeout(10L, TimeUnit.SECONDS).readTimeout(10L, TimeUnit.SECONDS).build();
    }

    @Override // feign.RequestInterceptor
    public void apply(RequestTemplate requestTemplate) {
        if ("true".equals(this.initToken)) {
            try {
                OAuth2AccessToken accessToken = this.oAuth2RestTemplate.getAccessToken();
                if ((accessToken != null && accessToken.getExpiresIn() < 600) || (accessToken != null && accessToken.getExpiration() == null)) {
                    String value = accessToken.getValue();
                    accessToken = acquireAccessToken(this.oAuth2RestTemplate.getOAuth2ClientContext(), this.oAuth2RestTemplate.getResource());
                    logger.warn("change Token {} to {}", value, accessToken.getValue());
                }
                requestTemplate.header("Authorization", String.format("%s %s", BEARER_TOKEN_TYPE, accessToken.toString()));
            } catch (Exception e) {
                String accessToken2 = getAccessToken();
                if (!StringUtils.isEmpty(accessToken2)) {
                    requestTemplate.header("Authorization", String.format("%s %s", BEARER_TOKEN_TYPE, accessToken2));
                }
                if (logger.isDebugEnabled()) {
                    logger.debug("apply use client token:" + accessToken2, (Throwable) e);
                }
            }
        }
    }

    private String postFormParams(String str, Map<String, String> map) {
        FormBody.Builder builder = new FormBody.Builder();
        if (!CollectionUtils.isEmpty(map)) {
            for (Map.Entry<String, String> entry : map.entrySet()) {
                builder.add(entry.getKey(), entry.getValue());
            }
        }
        return execNewCall(new Request.Builder().url(str).post(builder.build()).build());
    }

    private String execNewCall(Request request) {
        Response response = null;
        try {
            try {
                response = this.okHttpClient.newCall(request).execute();
                if (!response.isSuccessful()) {
                    if (response != null) {
                        response.close();
                    }
                    return null;
                }
                String string = response.body().string();
                if (response != null) {
                    response.close();
                }
                return string;
            } catch (Exception e) {
                logger.error("okhttp3 put error >> ex = {}", (Throwable) e);
                if (response != null) {
                    response.close();
                }
                return null;
            }
        } catch (Throwable th) {
            if (response != null) {
                response.close();
            }
            throw th;
        }
    }

    public String getAccessToken() {
        return isExpire() ? getNewAccessToken() : TokenDataRepo.getInstance().getToken();
    }

    private boolean isExpire() {
        return ((int) (System.currentTimeMillis() / 1000)) >= TokenDataRepo.getInstance().getTime() - 1;
    }

    private String getNewAccessToken() {
        String accessTokenUri = this.details.getAccessTokenUri();
        if (StringUtils.isEmpty(accessTokenUri)) {
            return null;
        }
        StringBuilder sb = new StringBuilder(accessTokenUri);
        sb.append("?grant_type=client_credentials&client_id=").append(this.details.getClientId()).append("&client_secret=").append(this.details.getClientSecret());
        String postFormParams = postFormParams(sb.toString(), null);
        if (StringUtils.isEmpty(postFormParams)) {
            logger.error("getNewAccessToken: {}", postFormParams);
            return null;
        }
        Map<String, Object> innerMap = JSON.parseObject(postFormParams).getInnerMap();
        if (innerMap == null || null == innerMap.get(OAuth2AccessToken.ACCESS_TOKEN)) {
            return null;
        }
        String str = (String) innerMap.get(OAuth2AccessToken.ACCESS_TOKEN);
        int intValue = ((Integer) innerMap.get(OAuth2AccessToken.EXPIRES_IN)).intValue();
        if (intValue > 300) {
            intValue = 300;
        }
        TokenDataRepo.getInstance().updateToken(str, ((int) (System.currentTimeMillis() / 1000)) + intValue);
        logger.warn("init client Token {} expires {}", str, Integer.valueOf(intValue));
        return str;
    }
}
