package com.aluka.nirvana.framework.security.handler;

import com.alibaba.fastjson.JSONArray;
import com.aluka.nirvana.framework.security.constant.Constants;
import com.aluka.nirvana.framework.security.principal.BaseUserDetails;
import com.aluka.nirvana.framework.security.provider.AuthenticationValidProvider;
import com.aluka.nirvana.framework.security.utils.JwtUtils;
import com.aluka.nirvana.framework.security.utils.ResponseUtils;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.ExpiredJwtException;
import io.jsonwebtoken.Jwts;
import java.io.IOException;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Map;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.HttpStatus;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
import org.springframework.util.AntPathMatcher;

/* loaded from: input_file:com/aluka/nirvana/framework/security/handler/CustomTokenAuthenticationHandler.class */
public class CustomTokenAuthenticationHandler extends BasicAuthenticationFilter {
    private static final Logger log = LoggerFactory.getLogger(CustomTokenAuthenticationHandler.class);
    private String[] openResources;
    private AuthenticationValidProvider authenticationValidProvider;

    public CustomTokenAuthenticationHandler(AuthenticationManager authenticationManager) {
        super(authenticationManager);
    }

    protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws IOException, ServletException {
        String header = httpServletRequest.getHeader("Authorization");
        if (StringUtils.isNotEmpty(header) && header.startsWith(Constants.TOKEN_PREFIX)) {
            try {
                Claims claims = (Claims) Jwts.parser().setSigningKey(Constants.SIGN_SECRET).parseClaimsJws(header.replace(Constants.TOKEN_PREFIX, "")).getBody();
                String subject = claims.getSubject();
                if (StringUtils.isNotEmpty(subject)) {
                    HashSet hashSet = new HashSet();
                    String obj = claims.get(JwtUtils.AUTHORITIES).toString();
                    if (StringUtils.isNotEmpty(obj)) {
                        JSONArray.parseArray(obj, Map.class).forEach(map -> {
                            Object obj2 = map.get("authority");
                            if (obj2 != null) {
                                hashSet.add(new SimpleGrantedAuthority(obj2.toString()));
                            }
                        });
                    }
                    BaseUserDetails baseUserDetails = new BaseUserDetails();
                    baseUserDetails.setUsername(subject);
                    baseUserDetails.setAuthorities(hashSet);
                    if (this.authenticationValidProvider != null && !this.authenticationValidProvider.valid(baseUserDetails, httpServletRequest.getRequestURI())) {
                        ResponseUtils.writeResponse(httpServletResponse, HttpStatus.UNAUTHORIZED, "暂无权限访问此功能!");
                        return;
                    } else {
                        SecurityContextHolder.getContext().setAuthentication(new UsernamePasswordAuthenticationToken(baseUserDetails, subject, hashSet));
                    }
                }
            } catch (ExpiredJwtException e) {
                ResponseUtils.writeResponse(httpServletResponse, HttpStatus.NOT_ACCEPTABLE, "Token 已过期!");
                return;
            } catch (Exception e2) {
                ResponseUtils.writeResponse(httpServletResponse, HttpStatus.UNAUTHORIZED, "Token 无效!");
                return;
            }
        } else if (pathIsNotOpen(httpServletRequest.getRequestURI())) {
            ResponseUtils.writeResponse(httpServletResponse, HttpStatus.FORBIDDEN, "Token 不存在!");
            return;
        }
        filterChain.doFilter(httpServletRequest, httpServletResponse);
    }

    private boolean pathIsNotOpen(String str) {
        AntPathMatcher antPathMatcher = new AntPathMatcher();
        for (String str2 : this.openResources) {
            if (antPathMatcher.match(str2, str)) {
                return false;
            }
        }
        return true;
    }

    public String[] getOpenResources() {
        return this.openResources;
    }

    public AuthenticationValidProvider getAuthenticationValidProvider() {
        return this.authenticationValidProvider;
    }

    public void setOpenResources(String[] strArr) {
        this.openResources = strArr;
    }

    public void setAuthenticationValidProvider(AuthenticationValidProvider authenticationValidProvider) {
        this.authenticationValidProvider = authenticationValidProvider;
    }

    public boolean equals(Object obj) {
        if (obj == this) {
            return true;
        }
        if (!(obj instanceof CustomTokenAuthenticationHandler)) {
            return false;
        }
        CustomTokenAuthenticationHandler customTokenAuthenticationHandler = (CustomTokenAuthenticationHandler) obj;
        if (!customTokenAuthenticationHandler.canEqual(this) || !Arrays.deepEquals(getOpenResources(), customTokenAuthenticationHandler.getOpenResources())) {
            return false;
        }
        AuthenticationValidProvider authenticationValidProvider = getAuthenticationValidProvider();
        AuthenticationValidProvider authenticationValidProvider2 = customTokenAuthenticationHandler.getAuthenticationValidProvider();
        return authenticationValidProvider == null ? authenticationValidProvider2 == null : authenticationValidProvider.equals(authenticationValidProvider2);
    }

    protected boolean canEqual(Object obj) {
        return obj instanceof CustomTokenAuthenticationHandler;
    }

    public int hashCode() {
        int deepHashCode = (1 * 59) + Arrays.deepHashCode(getOpenResources());
        AuthenticationValidProvider authenticationValidProvider = getAuthenticationValidProvider();
        return (deepHashCode * 59) + (authenticationValidProvider == null ? 43 : authenticationValidProvider.hashCode());
    }

    public String toString() {
        return "CustomTokenAuthenticationHandler(openResources=" + Arrays.deepToString(getOpenResources()) + ", authenticationValidProvider=" + getAuthenticationValidProvider() + ")";
    }
}
