package com.xforceplus.ant.coop.security.user.intercepter;

import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson.JSONObject;
import com.amazonaws.regions.ServiceAbbreviations;
import com.auth0.jwt.exceptions.TokenExpiredException;
import com.xforceplus.ant.coop.security.user.domain.MsAuthInfo;
import com.xforceplus.ant.coop.security.user.domain.MsAuthInfoHolder;
import com.xforceplus.ant.coop.security.user.domain.UserAuthInfoHolder;
import com.xforceplus.ant.coop.security.utils.JsonUtils;
import com.xforceplus.tenantsecurity.annotation.WithoutAuth;
import com.xforceplus.tenantsecurity.domain.AuthorizedUser;
import com.xforceplus.tenantsecurity.domain.TokenKeys;
import com.xforceplus.tenantsecurity.domain.UserType;
import com.xforceplus.tenantsecurity.jwt.JwtUtils;
import com.xforceplus.tenantsecurity.utils.CompressionUtils;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.util.LinkedHashMap;
import java.util.Map;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.hibernate.validator.internal.metadata.core.ConstraintHelper;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.resource.ResourceHttpRequestHandler;
import org.springframework.web.util.WebUtils;

/* loaded from: input_file:BOOT-INF/lib/ant-coop-security-1.0.0-SNAPSHOT.jar:com/xforceplus/ant/coop/security/user/intercepter/NewBssTokenParserInterceptor.class */
public class NewBssTokenParserInterceptor implements HandlerInterceptor {
    private Logger logger = LoggerFactory.getLogger((Class<?>) NewBssTokenParserInterceptor.class);

    @Value("${coop.security.uCenter.jwt.secret:my_sessionjw_tsecret_xdfdffdsdfdfs}")
    private String secret;

    @Value("${coop.security.uCenter.appid:90}")
    private String appid;

    @Value("${coop.security.uCenter.login-url:https://paas.xforceplus.com/login/}")
    private String loginUrl;

    /* loaded from: input_file:BOOT-INF/lib/ant-coop-security-1.0.0-SNAPSHOT.jar:com/xforceplus/ant/coop/security/user/intercepter/NewBssTokenParserInterceptor$JwtConstants.class */
    public interface JwtConstants {
        public static final String TYPE_KEY = "type";
        public static final String USERINFO_KEY = "userinfo";
        public static final String TOKEN_EXPIRE_KEY = "expireTime";
    }

    @Override // org.springframework.web.servlet.HandlerInterceptor
    public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj) throws IOException {
        if (obj instanceof ResourceHttpRequestHandler) {
            return true;
        }
        HandlerMethod handlerMethod = (HandlerMethod) obj;
        if (handlerMethod.hasMethodAnnotation(WithoutAuth.class)) {
            return true;
        }
        String str = null;
        Cookie cookie = WebUtils.getCookie(httpServletRequest, "xforce-saas-token");
        if (cookie != null) {
            str = cookie.getValue();
        }
        if (StringUtils.isEmpty(str)) {
            str = httpServletRequest.getHeader("xforce-saas-token");
        }
        if (StringUtils.isEmpty(str)) {
            str = httpServletRequest.getHeader("x-access-token");
        }
        if (StringUtils.isEmpty(str)) {
            str = httpServletRequest.getHeader("X-Access-Token");
        }
        if (StringUtils.isEmpty(str) && StringUtils.isEmpty(str)) {
            str = WebUtils.findParameterValue(httpServletRequest, "x-access-token");
        }
        if (StringUtils.isEmpty(str)) {
            this.logger.warn("TokenParser: 1、Cookie中无xforce-saas-token;2、Header中无xforce-saas-token;3、Header中无x-access-token;4、 Header中无X-Access-Token;5、url参数中无x-access-token");
            str = httpServletRequest.getHeader(TokenKeys.APP_TOKEN_KEY);
        }
        if (StringUtils.isBlank(str)) {
            this.logger.warn("TokenParser: token is Blank, 访问失败，没有登录");
            responseUnauthorized("访问失败，没有登录", httpServletRequest, httpServletResponse);
            return false;
        }
        Map<String, String> map = null;
        if (StringUtils.isNotBlank(str)) {
            try {
                map = JwtUtils.verifyAndDecodeToken(this.secret, str);
            } catch (TokenExpiredException e) {
                this.logger.error("token过期异常TokenExpiredException,token=={}", str);
                responseUnauthorized("token过期，请重新登录", httpServletRequest, httpServletResponse);
                return false;
            } catch (Exception e2) {
                this.logger.error("token解析失败。,secret = " + this.secret + ", token=" + str, (Throwable) e2);
                responseUnauthorized("token解析失败。", httpServletRequest, httpServletResponse);
                return false;
            }
        }
        if (map == null) {
            this.logger.warn("TokenParser: claims == null, Token解析返回为空");
            responseUnauthorized("Token解析返回为空", httpServletRequest, httpServletResponse);
            return false;
        }
        this.logger.info("##### token 过期时间：{}", map.get("expireTime"));
        String str2 = map.get("type");
        if ("3".equals(str2)) {
            this.logger.info("##### x-app-token 认证");
            if (microServiceAuth(map, httpServletRequest)) {
                return true;
            }
            responseUnauthorized("微服务认证 token 解析失败", httpServletRequest, httpServletResponse);
            return false;
        }
        if (!"1".equals(str2)) {
            this.logger.warn("TokenParser: claims == null, token非法，请重新登录");
            responseUnauthorized("token非法，请重新登录", httpServletRequest, httpServletResponse);
            return false;
        }
        String str3 = map.get("userinfo");
        if (StringUtils.isBlank(str3)) {
            this.logger.warn("TokenParser: userinfo is Blank, 访问失败，无效令牌");
            responseUnauthorized("访问失败，无效令牌", httpServletRequest, httpServletResponse);
            return false;
        }
        String decode = CompressionUtils.decode(str3);
        if (StringUtils.isBlank(decode)) {
            this.logger.warn("TokenParser: userinfo == null, 访问失败，无效令牌");
            responseUnauthorized("访问失败，无效令牌", httpServletRequest, httpServletResponse);
            return false;
        }
        try {
            return setUserAuthInfoHolder(decode, str, null, handlerMethod);
        } catch (Exception e3) {
            this.logger.error("TokenParser: {}，{}", "解析用户上下文发生异常 ", e3);
            responseUnauthorized("解析用户上下文发生异常 ", httpServletRequest, httpServletResponse);
            return false;
        }
    }

    private boolean setUserAuthInfoHolder(String str, String str2, Long l, HandlerMethod handlerMethod) {
        JSONObject parseObject = JSON.parseObject(str);
        if (parseObject == null) {
            this.logger.warn("TokenParser: userinfo = " + str);
            return false;
        }
        AuthorizedUser authorizedUser = new AuthorizedUser();
        authorizedUser.setTenantName(parseObject.get("tenantName") + "");
        authorizedUser.setUsername(parseObject.get("username") + "");
        authorizedUser.setAccountId(Long.parseLong(parseObject.get("accountId") + ""));
        authorizedUser.setEmail(parseObject.get(ServiceAbbreviations.Email) + "");
        authorizedUser.setTenantCode(parseObject.get("tenantCode") + "");
        authorizedUser.setTenantId(Long.parseLong(parseObject.get("tenantId") + ""));
        authorizedUser.setMobile(parseObject.get("mobile") + "");
        authorizedUser.setId(Long.parseLong(parseObject.get("id") + ""));
        authorizedUser.setToken(str2);
        UserAuthInfoHolder.put(authorizedUser);
        this.logger.info("TokenParser: setUserInfoHolder: userId：{}， username：{}", Long.valueOf(authorizedUser.getId()), authorizedUser.getUsername());
        return true;
    }

    private void responseUnauthorized(String str, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        httpServletResponse.setCharacterEncoding(StandardCharsets.UTF_8.name());
        httpServletResponse.setContentType("application/json;charset=UTF-8");
        httpServletResponse.setStatus(401);
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        linkedHashMap.put("code", "0");
        linkedHashMap.put(ConstraintHelper.MESSAGE, str);
        linkedHashMap.put("loginUrl", this.loginUrl);
        httpServletResponse.getWriter().write(JSON.toJSONString(linkedHashMap));
    }

    private boolean microServiceAuth(Map<String, String> map, HttpServletRequest httpServletRequest) {
        try {
            String str = map.get("userinfo");
            map.remove("userinfo");
            MsAuthInfo msAuthInfo = (MsAuthInfo) JsonUtils.writeFastJsonToObject(JsonUtils.writeObjectToJson(map), MsAuthInfo.class);
            if (null != str) {
                msAuthInfo.setUserinfo((MsAuthInfo.Userinfo) JsonUtils.writeFastJsonToObject(str, MsAuthInfo.Userinfo.class));
                Object obj = JsonUtils.writeJsonToMap(str).get("fieldlimit");
                if (null != obj) {
                    msAuthInfo.setExtension((MsAuthInfo.Extension) JsonUtils.writeFastJsonToObject(obj.toString(), MsAuthInfo.Extension.class));
                }
            }
            MsAuthInfoHolder.put(msAuthInfo);
            this.logger.info("##### 微服务 认证token 解析结果：{}", msAuthInfo);
            try {
                String header = httpServletRequest.getHeader(UserType.USER.userinfoKey());
                if (StringUtils.isNotEmpty(header)) {
                    UserAuthInfoHolder.put((AuthorizedUser) JsonUtils.writeJsonToObject(CompressionUtils.decode(header), AuthorizedUser.class));
                }
                return true;
            } catch (Exception e) {
                this.logger.error("##### 微任务认证 携带用户信息解析异常：{}", (Throwable) e);
                return true;
            }
        } catch (Exception e2) {
            this.logger.error("##### 处理 微服务 认证token 异常：{}", e2.getMessage());
            return false;
        }
    }

    @Override // org.springframework.web.servlet.HandlerInterceptor
    public void afterCompletion(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj, Exception exc) {
        UserAuthInfoHolder.clearContext();
        MsAuthInfoHolder.clearContext();
    }
}
