package cn.watsontech.core.web.spring.security.authentication;

import cn.watsontech.core.utils.HttpUtils;
import cn.watsontech.core.web.result.Result;
import cn.watsontech.core.web.result.ResultCode;
import cn.watsontech.core.web.spring.security.LoginUser;
import com.fasterxml.jackson.databind.ObjectMapper;
import java.io.IOException;
import java.util.Optional;
import java.util.UUID;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.slf4j.MDC;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.authentication.InternalAuthenticationServiceException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken;
import org.springframework.web.filter.GenericFilterBean;

/* loaded from: input_file:cn/watsontech/core/web/spring/security/authentication/AuthenticationFilter.class */
public class AuthenticationFilter extends GenericFilterBean {
    static final String TOKEN_SESSION_KEY = "token";
    static final String LOGIN_USERID_KEY = "loginUserId";
    static final String REQUEST_URI_KEY = "req.requestURI";
    static final String REQUEST_QUERYSTRING_KEY = "req.queryString";
    static final String REQUEST_FULL_KEY = "req.requestURIWithQueryString";
    static final String REQUEST_SEQUENCEID_KEY = "req.id";
    static final String REQUEST_REMOTEADDR_KEY = "req.remoteAddr";
    private static final Logger logger = LoggerFactory.getLogger(AuthenticationFilter.class);
    private AuthenticationManager authenticationManager;

    public AuthenticationFilter(AuthenticationManager authenticationManager) {
        this.authenticationManager = authenticationManager;
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest asHttp = asHttp(servletRequest);
        HttpServletResponse asHttp2 = asHttp(servletResponse);
        Optional<String> ofNullable = Optional.ofNullable(asHttp.getHeader("X-Auth-Token"));
        if (!ofNullable.isPresent()) {
            ofNullable = Optional.ofNullable(asHttp.getParameter(TOKEN_SESSION_KEY));
        }
        try {
            try {
                if (ofNullable.isPresent() && StringUtils.isNotEmpty(ofNullable.get())) {
                    MDC.put(TOKEN_SESSION_KEY, ofNullable.get());
                    logger.debug("Trying to authenticate user by X-Auth-Token method. Token: {}", ofNullable);
                    processTokenAuthentication(ofNullable);
                }
                logger.debug("AuthenticationFilter is passing request down the filter chain");
                addSessionContextToLogging(servletRequest);
                filterChain.doFilter(servletRequest, servletResponse);
                MDC.remove(TOKEN_SESSION_KEY);
                MDC.remove(LOGIN_USERID_KEY);
                MDC.remove(REQUEST_URI_KEY);
                MDC.remove(REQUEST_QUERYSTRING_KEY);
                MDC.remove(REQUEST_FULL_KEY);
                MDC.remove(REQUEST_SEQUENCEID_KEY);
                MDC.remove(REQUEST_REMOTEADDR_KEY);
            } catch (AuthenticationException e) {
                SecurityContextHolder.clearContext();
                handleUnAuthentication(asHttp, asHttp2, e);
                MDC.remove(TOKEN_SESSION_KEY);
                MDC.remove(LOGIN_USERID_KEY);
                MDC.remove(REQUEST_URI_KEY);
                MDC.remove(REQUEST_QUERYSTRING_KEY);
                MDC.remove(REQUEST_FULL_KEY);
                MDC.remove(REQUEST_SEQUENCEID_KEY);
                MDC.remove(REQUEST_REMOTEADDR_KEY);
            } catch (InternalAuthenticationServiceException e2) {
                SecurityContextHolder.clearContext();
                handleAuthenticationServiceException(asHttp, asHttp2, e2);
                MDC.remove(TOKEN_SESSION_KEY);
                MDC.remove(LOGIN_USERID_KEY);
                MDC.remove(REQUEST_URI_KEY);
                MDC.remove(REQUEST_QUERYSTRING_KEY);
                MDC.remove(REQUEST_FULL_KEY);
                MDC.remove(REQUEST_SEQUENCEID_KEY);
                MDC.remove(REQUEST_REMOTEADDR_KEY);
            }
        } catch (Throwable th) {
            MDC.remove(TOKEN_SESSION_KEY);
            MDC.remove(LOGIN_USERID_KEY);
            MDC.remove(REQUEST_URI_KEY);
            MDC.remove(REQUEST_QUERYSTRING_KEY);
            MDC.remove(REQUEST_FULL_KEY);
            MDC.remove(REQUEST_SEQUENCEID_KEY);
            MDC.remove(REQUEST_REMOTEADDR_KEY);
            throw th;
        }
    }

    private void addSessionContextToLogging(ServletRequest servletRequest) {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        String str = "EMPTY";
        if (authentication != null && !org.springframework.util.StringUtils.isEmpty(authentication.getPrincipal().toString())) {
            try {
                LoginUser loginUser = (LoginUser) authentication.getPrincipal();
                str = loginUser.mo53getId() + "@" + loginUser.getUserType();
            } catch (Exception e) {
                e.printStackTrace();
            }
        }
        MDC.put(LOGIN_USERID_KEY, str);
        if (servletRequest instanceof HttpServletRequest) {
            MDC.put(REQUEST_URI_KEY, StringUtils.defaultString(((HttpServletRequest) servletRequest).getRequestURI()));
            MDC.put(REQUEST_QUERYSTRING_KEY, StringUtils.defaultString(((HttpServletRequest) servletRequest).getQueryString()));
            MDC.put(REQUEST_FULL_KEY, "[" + ((HttpServletRequest) servletRequest).getMethod() + "(" + ((HttpServletRequest) servletRequest).getRequestedSessionId() + ")]" + ((HttpServletRequest) servletRequest).getRequestURI() + (((HttpServletRequest) servletRequest).getQueryString() == null ? "" : "?" + ((HttpServletRequest) servletRequest).getQueryString()));
        }
        MDC.put(REQUEST_SEQUENCEID_KEY, StringUtils.remove(UUID.randomUUID().toString(), "-"));
        MDC.put(REQUEST_REMOTEADDR_KEY, StringUtils.defaultString(String.valueOf(servletRequest.getAttribute("X-Real-IP")), "-"));
    }

    private HttpServletRequest asHttp(ServletRequest servletRequest) {
        return (HttpServletRequest) servletRequest;
    }

    private HttpServletResponse asHttp(ServletResponse servletResponse) {
        return (HttpServletResponse) servletResponse;
    }

    private void processTokenAuthentication(Optional<String> optional) {
        SecurityContextHolder.getContext().setAuthentication(tryToAuthenticateWithToken(optional));
    }

    private Authentication tryToAuthenticateWithToken(Optional<String> optional) {
        return tryToAuthenticate(new PreAuthenticatedAuthenticationToken(optional, (Object) null));
    }

    private Authentication tryToAuthenticate(Authentication authentication) {
        Authentication authenticate = this.authenticationManager.authenticate(authentication);
        if (authenticate == null || !authenticate.isAuthenticated()) {
            throw new InternalAuthenticationServiceException("Unable to authenticate Domain User for provided credentials");
        }
        return authenticate;
    }

    public static void handleUnAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationException authenticationException) throws IOException {
        logger.error("handleUnAuthentication", authenticationException);
        if (!HttpUtils.isAjaxRequest(httpServletRequest)) {
            httpServletResponse.sendError(ResultCode.NOT_AUTH, authenticationException.getMessage());
            return;
        }
        String writeValueAsString = new ObjectMapper().writeValueAsString(Result.errorResult(HttpResultInfoEnum.UNAUTHORIZED.getCode(), authenticationException.getMessage()));
        httpServletResponse.setStatus(ResultCode.NOT_AUTH);
        httpServletResponse.setCharacterEncoding("UTF-8");
        httpServletResponse.addHeader("Content-Type", "application/json;charset=UTF-8");
        httpServletResponse.getWriter().print(writeValueAsString);
    }

    public static void handleAuthenticationServiceException(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationServiceException authenticationServiceException) throws IOException {
        logger.error("Internal authentication service exception", authenticationServiceException);
        if (!HttpUtils.isAjaxRequest(httpServletRequest)) {
            httpServletResponse.sendError(ResultCode.INTERNAL_ERROR, authenticationServiceException.getMessage());
            return;
        }
        String writeValueAsString = new ObjectMapper().writeValueAsString(Result.errorResult(HttpResultInfoEnum.SERVER_ERROR.getCode(), HttpResultInfoEnum.SERVER_ERROR.getMessage() + "，" + authenticationServiceException.getMessage()));
        httpServletResponse.setStatus(ResultCode.INTERNAL_ERROR);
        httpServletResponse.setCharacterEncoding("UTF-8");
        httpServletResponse.addHeader("Content-Type", "application/json;charset=UTF-8");
        httpServletResponse.getWriter().print(writeValueAsString);
    }
}
