package com.xforceplus.delivery.cloud.security.component;

import cn.hutool.json.JSONUtil;
import com.xforceplus.delivery.cloud.common.exception.ErrorCodeException;
import com.xforceplus.delivery.cloud.common.util.StringUtils;
import com.xforceplus.delivery.cloud.secure.component.SecurityAuthorizeAntMatcher;
import com.xforceplus.delivery.cloud.secure.jjwt.JwtParser;
import com.xforceplus.delivery.cloud.secure.oauth.OAuth2Jwt;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.util.Collection;
import java.util.Collections;
import java.util.Optional;
import java.util.Set;
import java.util.concurrent.atomic.AtomicReference;
import java.util.stream.Collectors;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.core.annotation.Order;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
import org.springframework.web.filter.OncePerRequestFilter;
import org.springframework.web.util.WebUtils;

@Order(2147483547)
/* loaded from: input_file:com/xforceplus/delivery/cloud/security/component/JwtAuthenticationTokenFilter.class */
public class JwtAuthenticationTokenFilter extends OncePerRequestFilter {
    private static final Logger log = LoggerFactory.getLogger(JwtAuthenticationTokenFilter.class);
    private OAuth2Jwt oAuth2Jwt;
    private JwtParser jwtParser;
    private final SecurityAuthorizeAntMatcher securityAuthorizeAntMatcher;

    public JwtAuthenticationTokenFilter(SecurityAuthorizeAntMatcher securityAuthorizeAntMatcher, OAuth2Jwt oAuth2Jwt, JwtParser jwtParser) {
        this.oAuth2Jwt = oAuth2Jwt;
        this.jwtParser = jwtParser;
        this.securityAuthorizeAntMatcher = securityAuthorizeAntMatcher;
    }

    protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
        try {
            if (!this.securityAuthorizeAntMatcher.match(httpServletRequest.getRequestURI())) {
                verifyAccessToken(httpServletRequest, httpServletResponse);
            }
            filterChain.doFilter(httpServletRequest, httpServletResponse);
        } catch (ErrorCodeException e) {
            httpServletResponse.setCharacterEncoding(StandardCharsets.UTF_8.name());
            httpServletResponse.setContentType("application/json");
            httpServletResponse.getWriter().write(JSONUtil.toJsonStr(e.toViewResult()));
            httpServletResponse.getWriter().flush();
        }
    }

    private void verifyAccessToken(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        boolean z = false;
        String header = httpServletRequest.getHeader("Authorization");
        log.trace("from http head authorization get jwt - {}", header);
        if (StringUtils.isBlank(header)) {
            header = httpServletRequest.getParameter("bearerAccessToken");
            log.trace("from request parameter bearerAccessToken get jwt - {}", header);
            if (StringUtils.isBlank(header)) {
                Cookie cookie = WebUtils.getCookie(httpServletRequest, "bearerAccessToken");
                header = cookie == null ? null : cookie.getValue();
                log.trace("from request cookie bearerAccessToken get jwt - {}", header);
            } else {
                z = true;
            }
        }
        Optional flatMap = this.jwtParser.getAccessToken(header).flatMap(str -> {
            return getAuthentication(httpServletRequest, str);
        });
        SecurityContext context = SecurityContextHolder.getContext();
        context.getClass();
        flatMap.ifPresent(context::setAuthentication);
        if (z) {
            Cookie cookie2 = new Cookie("bearerAccessToken", header);
            cookie2.setPath("/");
            httpServletResponse.addCookie(cookie2);
            log.trace("Set cookie from request parameter bearerAccessToken get jwt - {}", header);
        }
    }

    private Optional<Authentication> getAuthentication(HttpServletRequest httpServletRequest, String str) {
        AtomicReference atomicReference = new AtomicReference();
        this.oAuth2Jwt.getPrincipal(str).ifPresent(oAuth2Principal -> {
            atomicReference.set(new UsernamePasswordAuthenticationToken(oAuth2Principal, (Object) null, (Set) ((Collection) Optional.ofNullable(oAuth2Principal.getPerms()).orElse(Collections.emptyList())).stream().map(SimpleGrantedAuthority::new).collect(Collectors.toSet())));
            ((UsernamePasswordAuthenticationToken) atomicReference.get()).setDetails(new WebAuthenticationDetailsSource().buildDetails(httpServletRequest));
        });
        return Optional.ofNullable(atomicReference.get());
    }
}
