package com.xforceplus.ultraman.maintenance.security.filter;

import com.fasterxml.jackson.databind.ObjectMapper;
import com.google.common.collect.Lists;
import com.usthe.sureness.mgt.SurenessSecurityManager;
import com.usthe.sureness.processor.exception.DisabledAccountException;
import com.usthe.sureness.processor.exception.ExcessiveAttemptsException;
import com.usthe.sureness.processor.exception.ExpiredCredentialsException;
import com.usthe.sureness.processor.exception.IncorrectCredentialsException;
import com.usthe.sureness.processor.exception.UnauthorizedException;
import com.usthe.sureness.processor.exception.UnknownAccountException;
import com.usthe.sureness.subject.SubjectSum;
import com.usthe.sureness.util.SurenessContextHolder;
import com.xforceplus.ultraman.maintenance.api.model.ResponseBody;
import com.xforceplus.ultraman.maintenance.security.exception.RefreshExpiredTokenException;
import java.io.IOException;
import java.io.PrintWriter;
import java.util.Collections;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.core.annotation.Order;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.util.AntPathMatcher;
import org.springframework.util.PathMatcher;

@WebFilter(filterName = "SurenessFilterExample", urlPatterns = {"/*"}, asyncSupported = true)
@Order(1)
/* loaded from: input_file:com/xforceplus/ultraman/maintenance/security/filter/SurenessFilter.class */
public class SurenessFilter implements Filter {
    private static final Logger logger = LoggerFactory.getLogger(SurenessFilter.class);
    private final PathMatcher pathMatcher = new AntPathMatcher();

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        try {
            try {
                try {
                    String requestURI = ((HttpServletRequest) servletRequest).getRequestURI();
                    if (Lists.newArrayList(new String[]{"/**/login", "/**/swagger-ui.html", "/**/swagger-resources/**", "/**/webjars/**", "/doc.html", "/v3/api-docs", "/v3/api-docs/**"}).stream().anyMatch(str -> {
                        return this.pathMatcher.match(str, requestURI);
                    })) {
                        filterChain.doFilter(servletRequest, servletResponse);
                        return;
                    }
                    SubjectSum checkIn = SurenessSecurityManager.getInstance().checkIn(servletRequest);
                    if (checkIn != null) {
                        SurenessContextHolder.bindSubject(checkIn);
                    }
                    try {
                        filterChain.doFilter(servletRequest, servletResponse);
                    } finally {
                        SurenessContextHolder.clear();
                    }
                } catch (IncorrectCredentialsException | UnknownAccountException | ExpiredCredentialsException e) {
                    logger.debug("this request account info is illegal, {}", e.getMessage());
                    responseWrite(ResponseEntity.status(HttpStatus.UNAUTHORIZED).body(ResponseBody.failed("Invalid token")), servletResponse);
                }
            } catch (DisabledAccountException | ExcessiveAttemptsException e2) {
                logger.debug("the account is disabled, {}", e2.getMessage());
                responseWrite(ResponseEntity.status(HttpStatus.UNAUTHORIZED).body(ResponseBody.failed("Account is disabled")), servletResponse);
            }
        } catch (UnauthorizedException e3) {
            logger.debug("this account can not access this resource, {}", e3.getMessage());
            responseWrite(ResponseEntity.status(HttpStatus.FORBIDDEN).body(ResponseBody.failed("This account has no permission to access this resource")), servletResponse);
        } catch (RefreshExpiredTokenException e4) {
            logger.debug("this account credential token is expired, return refresh value");
            responseWrite(ResponseEntity.status(HttpStatus.UNAUTHORIZED).body(ResponseBody.failed("this account credential token is expired, return refresh value", Collections.singletonMap("refresh-token", e4.getMessage()))), servletResponse);
        } catch (RuntimeException e5) {
            logger.error("other exception happen: ", e5);
            responseWrite(ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR).body(ResponseBody.failed("Internal Server Error")), servletResponse);
        }
    }

    private void responseWrite(ResponseEntity<?> responseEntity, ServletResponse servletResponse) {
        servletResponse.setCharacterEncoding("UTF-8");
        servletResponse.setContentType("application/json;charset=utf-8");
        ((HttpServletResponse) servletResponse).setStatus(responseEntity.getStatusCodeValue());
        responseEntity.getHeaders().forEach((str, list) -> {
            ((HttpServletResponse) servletResponse).addHeader(str, (String) list.get(0));
        });
        try {
            PrintWriter writer = servletResponse.getWriter();
            try {
                if (responseEntity.getBody() == null) {
                    writer.flush();
                } else if (responseEntity.getBody() instanceof String) {
                    writer.write(responseEntity.getBody().toString());
                } else {
                    writer.write(new ObjectMapper().writeValueAsString(responseEntity.getBody()));
                }
                if (writer != null) {
                    writer.close();
                }
            } finally {
            }
        } catch (IOException e) {
            logger.error("responseWrite response error: ", e);
        }
    }
}
