package com.artfess.base.filter;

import com.artfess.base.conf.JwtConfig;
import com.artfess.base.constants.SystemConstants;
import com.artfess.base.constants.TenantConstant;
import com.artfess.base.jwt.JwtTokenHandler;
import com.artfess.base.model.CommonResult;
import com.artfess.base.util.AppUtil;
import com.artfess.base.util.AuthenticationUtil;
import com.artfess.base.util.Base64;
import com.artfess.base.util.EncryptUtil;
import com.artfess.base.util.HttpUtil;
import com.artfess.base.util.JsonUtil;
import com.artfess.base.util.SecurityUtil;
import com.artfess.base.util.StringUtil;
import com.artfess.base.util.ThreadLocalCleanUtil;
import com.artfess.base.util.string.StringPool;
import java.io.IOException;
import java.io.PrintWriter;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.HttpStatus;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
import org.springframework.web.filter.OncePerRequestFilter;

/* loaded from: input_file:com/artfess/base/filter/JwtAuthorizationTokenFilter.class */
public class JwtAuthorizationTokenFilter extends OncePerRequestFilter {
    private final Logger logger = LoggerFactory.getLogger(getClass());
    private String encryKey;
    private UserDetailsService userDetailsService;
    private JwtTokenHandler jwtTokenHandler;
    private String tokenHeader;

    public void setEncryKey(String str) {
        this.encryKey = str;
    }

    public JwtAuthorizationTokenFilter(UserDetailsService userDetailsService, JwtTokenHandler jwtTokenHandler, String str) {
        this.userDetailsService = userDetailsService;
        this.jwtTokenHandler = jwtTokenHandler;
        this.tokenHeader = str;
    }

    protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
        ThreadLocalCleanUtil.cleanAll();
        String header = httpServletRequest.getHeader(this.tokenHeader);
        if (StringUtil.isEmpty(header)) {
            header = httpServletRequest.getHeader("Proxy-Authorization");
        }
        String str = null;
        String str2 = null;
        if (header != null && header.startsWith("Bearer ")) {
            str2 = header.substring(7);
            try {
                str = this.jwtTokenHandler.getUsernameFromToken(str2);
            } catch (Exception e) {
                this.logger.warn("the token valid exception", e);
                send401Error(httpServletResponse, e.getMessage());
                return;
            }
        } else if (header == null || !header.startsWith("Basic ")) {
            this.logger.warn("couldn't find bearer string, will ignore the header");
        } else {
            String[] split = Base64.getFromBase64(header.substring(6)).split(StringPool.COLON);
            if (split.length == 2) {
                String str3 = StringPool.EMPTY;
                try {
                    try {
                        str3 = EncryptUtil.decrypt(split[1]);
                    } catch (Exception e2) {
                        this.logger.error("用户认证错误", e2);
                        send401Error(httpServletResponse, e2.getMessage());
                        return;
                    }
                } catch (Exception e3) {
                }
                if (SystemConstants.SYSTEM_ACCOUNT.equals(split[0]) && str3.equals(this.encryKey)) {
                    SecurityUtil.login(httpServletRequest, split[0], StringPool.EMPTY, true);
                } else {
                    SecurityUtil.login(httpServletRequest, split[0], split[1], false);
                }
            }
        }
        this.logger.debug("checking authentication for user '{}'", str);
        if (str != null && SecurityContextHolder.getContext().getAuthentication() == null) {
            this.logger.debug("security context was null, so authorizating user");
            UserDetails loadUserByUsername = this.userDetailsService.loadUserByUsername(str);
            if (this.jwtTokenHandler.validateToken(str2, loadUserByUsername).booleanValue()) {
                try {
                    handleSingleLogin(httpServletRequest, str, str2, loadUserByUsername);
                    UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken(loadUserByUsername, (Object) null, loadUserByUsername.getAuthorities());
                    usernamePasswordAuthenticationToken.setDetails(new WebAuthenticationDetailsSource().buildDetails(httpServletRequest));
                    SecurityContextHolder.getContext().setAuthentication(usernamePasswordAuthenticationToken);
                    AuthenticationUtil.setAuthentication(usernamePasswordAuthenticationToken);
                } catch (Exception e4) {
                    this.logger.warn("the token valid exception", e4);
                    send401Error(httpServletResponse, e4.getMessage());
                    return;
                }
            }
        }
        filterChain.doFilter(httpServletRequest, httpServletResponse);
    }

    private void send401Error(HttpServletResponse httpServletResponse, String str) throws IOException {
        httpServletResponse.setCharacterEncoding("utf-8");
        httpServletResponse.setContentType("text/html; charset=utf-8");
        CommonResult commonResult = new CommonResult(false, str);
        httpServletResponse.setStatus(HttpStatus.UNAUTHORIZED.value());
        PrintWriter writer = httpServletResponse.getWriter();
        writer.print(JsonUtil.toJson(commonResult));
        writer.flush();
    }

    private void handleSingleLogin(HttpServletRequest httpServletRequest, String str, String str2, UserDetails userDetails) throws Exception {
        JwtConfig jwtConfig = (JwtConfig) AppUtil.getBean(JwtConfig.class);
        String header = httpServletRequest.getHeader("Proxy-Authorization");
        if (jwtConfig.isSingle() && StringUtil.isEmpty(header)) {
            String str3 = HttpUtil.isMobile(httpServletRequest) ? "mobile" : "pc";
            String tenantId = HttpUtil.getTenantId();
            String tokenFromCache = this.jwtTokenHandler.getTokenFromCache(str3, StringUtil.isNotEmpty(tenantId) ? tenantId : TenantConstant.PLATFORM_TENANT_ID, str, jwtConfig.getExpiration());
            if (jwtConfig.isStricty()) {
                if (StringUtil.isEmpty(str2) || !str2.equals(tokenFromCache)) {
                    throw new Exception("当前登录状态已过期！");
                }
            } else if (StringUtil.isNotEmpty(tokenFromCache) && this.jwtTokenHandler.validateToken(tokenFromCache, userDetails).booleanValue() && !tokenFromCache.equals(str2)) {
                throw new Exception("当前账号已在另一地方登录，若不是本人操作，请注意账号安全！");
            }
        }
    }
}
