package com.aluka.nirvana.framework.security.handler;

import cn.hutool.core.exceptions.ExceptionUtil;
import com.aluka.nirvana.framework.security.constant.Constants;
import com.aluka.nirvana.framework.security.principal.BaseUserDetails;
import com.aluka.nirvana.framework.security.provider.AuthenticationValidProvider;
import com.aluka.nirvana.framework.security.utils.ResponseUtils;
import com.google.common.base.Throwables;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.ExpiredJwtException;
import io.jsonwebtoken.Jwts;
import java.io.IOException;
import java.util.HashSet;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.HttpMethod;
import org.springframework.http.HttpStatus;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
import org.springframework.util.AntPathMatcher;

/* loaded from: input_file:com/aluka/nirvana/framework/security/handler/CustomTokenAuthenticationHandler.class */
public class CustomTokenAuthenticationHandler extends BasicAuthenticationFilter {
    private static final Logger log = LoggerFactory.getLogger(CustomTokenAuthenticationHandler.class);
    private String[] openResources;
    private AuthenticationValidProvider authenticationValidProvider;
    private boolean authenticationValidEnabled;

    public CustomTokenAuthenticationHandler(AuthenticationManager authenticationManager) {
        super(authenticationManager);
    }

    protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws IOException, ServletException {
        if (!intercept(httpServletRequest)) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        String header = httpServletRequest.getHeader("Authorization");
        if (StringUtils.isEmpty(header) || !header.startsWith(Constants.TOKEN_PREFIX)) {
            ResponseUtils.writeResponse(httpServletResponse, HttpStatus.FORBIDDEN, "Token 不存在!");
            return;
        }
        try {
            BaseUserDetails parseClaims = parseClaims((Claims) Jwts.parser().setSigningKey(Constants.SIGN_SECRET).parseClaimsJws(header.replace(Constants.TOKEN_PREFIX, "")).getBody());
            if (handlerRequest(httpServletRequest, parseClaims)) {
                SecurityContextHolder.getContext().setAuthentication(new UsernamePasswordAuthenticationToken(parseClaims, parseClaims.getUsername(), parseClaims.getAuthorities()));
                filterChain.doFilter(httpServletRequest, httpServletResponse);
            } else {
                ResponseUtils.writeResponse(httpServletResponse, HttpStatus.UNAUTHORIZED, "暂无权限访问此功能!");
            }
        } catch (ExpiredJwtException e) {
            ResponseUtils.writeResponse(httpServletResponse, HttpStatus.FORBIDDEN, "Token 已过期!");
            log.warn("Token 已过期!");
        } catch (Exception e2) {
            ResponseUtils.writeResponse(httpServletResponse, HttpStatus.FORBIDDEN, "Token 无效!");
            log.warn("Token 解析失败 >> {}", ExceptionUtil.stacktraceToString(Throwables.getRootCause(e2), 255));
        }
    }

    private boolean handlerRequest(HttpServletRequest httpServletRequest, BaseUserDetails baseUserDetails) {
        return baseUserDetails.isAdmin() || !this.authenticationValidEnabled || isOpen(httpServletRequest.getRequestURI()) || this.authenticationValidProvider == null || this.authenticationValidProvider.valid(baseUserDetails, httpServletRequest.getRequestURI());
    }

    private boolean isOpen(String str) {
        AntPathMatcher antPathMatcher = new AntPathMatcher();
        for (String str2 : this.openResources) {
            if (antPathMatcher.match(str2, str)) {
                return true;
            }
        }
        return false;
    }

    private boolean intercept(HttpServletRequest httpServletRequest) {
        return (httpServletRequest.getMethod().equalsIgnoreCase(HttpMethod.OPTIONS.name()) || isOpen(httpServletRequest.getRequestURI())) ? false : true;
    }

    private BaseUserDetails parseClaims(Claims claims) {
        String subject = claims.getSubject();
        String id = claims.getId();
        HashSet hashSet = new HashSet();
        for (String str : StringUtils.split(claims.get("authorities") == null ? "" : claims.get("authorities").toString(), ",")) {
            hashSet.add(new SimpleGrantedAuthority(str));
        }
        BaseUserDetails baseUserDetails = new BaseUserDetails();
        baseUserDetails.setUsername(subject);
        baseUserDetails.setAuthorities(hashSet);
        baseUserDetails.setUserId(id);
        baseUserDetails.setAdmin(Boolean.valueOf(claims.getAudience()).booleanValue());
        return baseUserDetails;
    }

    public void setOpenResources(String[] strArr) {
        this.openResources = strArr;
    }

    public void setAuthenticationValidProvider(AuthenticationValidProvider authenticationValidProvider) {
        this.authenticationValidProvider = authenticationValidProvider;
    }

    public void setAuthenticationValidEnabled(boolean z) {
        this.authenticationValidEnabled = z;
    }
}
