package org.jsets.shiro.filter.stateless;

import com.google.common.base.Strings;
import com.google.common.collect.Lists;
import java.util.Enumeration;
import java.util.LinkedList;
import java.util.stream.Stream;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.web.filter.AccessControlFilter;
import org.apache.shiro.web.util.WebUtils;
import org.jsets.shiro.config.MessageConfig;
import org.jsets.shiro.config.ShiroProperties;
import org.jsets.shiro.token.HmacToken;
import org.jsets.shiro.token.JwtToken;
import org.jsets.shiro.util.Commons;

/* loaded from: input_file:org/jsets/shiro/filter/stateless/StatelessFilter.class */
public abstract class StatelessFilter extends AccessControlFilter {
    /* JADX INFO: Access modifiers changed from: protected */
    public boolean isHmacSubmission(ServletRequest servletRequest) {
        return (!(servletRequest instanceof HttpServletRequest) || Strings.isNullOrEmpty(servletRequest.getParameter(ShiroProperties.PARAM_HMAC_APP_ID)) || Strings.isNullOrEmpty(servletRequest.getParameter(ShiroProperties.PARAM_HMAC_TIMESTAMP)) || Strings.isNullOrEmpty(servletRequest.getParameter(ShiroProperties.PARAM_HMAC_DIGEST))) ? false : true;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public AuthenticationToken createHmacToken(ServletRequest servletRequest, ServletResponse servletResponse) {
        String parameter = servletRequest.getParameter(ShiroProperties.PARAM_HMAC_APP_ID);
        String parameter2 = servletRequest.getParameter(ShiroProperties.PARAM_HMAC_TIMESTAMP);
        String parameter3 = servletRequest.getParameter(ShiroProperties.PARAM_HMAC_DIGEST);
        LinkedList newLinkedList = Lists.newLinkedList();
        Enumeration parameterNames = servletRequest.getParameterNames();
        while (parameterNames.hasMoreElements()) {
            newLinkedList.add((String) parameterNames.nextElement());
        }
        StringBuilder sb = new StringBuilder();
        newLinkedList.stream().sorted().forEach(str -> {
            if (ShiroProperties.PARAM_HMAC_APP_ID.equals(str) || ShiroProperties.PARAM_HMAC_TIMESTAMP.equals(str) || ShiroProperties.PARAM_HMAC_DIGEST.equals(str)) {
                return;
            }
            sb.append(servletRequest.getParameter(str));
        });
        sb.append(parameter);
        sb.append(parameter2);
        return new HmacToken(servletRequest.getRemoteHost(), parameter, parameter2, sb.toString(), parameter3);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean isJwtSubmission(ServletRequest servletRequest) {
        return (servletRequest instanceof HttpServletRequest) && !Strings.isNullOrEmpty(servletRequest.getParameter("jwt"));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public AuthenticationToken createJwtToken(ServletRequest servletRequest, ServletResponse servletResponse) {
        return new JwtToken(servletRequest.getRemoteHost(), servletRequest.getParameter("jwt"));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean checkRoles(Subject subject, Object obj) {
        String[] strArr = (String[]) obj;
        if (strArr == null || strArr.length == 0) {
            return true;
        }
        return Stream.of((Object[]) strArr).anyMatch(str -> {
            return subject.hasRole(str);
        });
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean checkPerms(Subject subject, Object obj) {
        String[] strArr = (String[]) obj;
        boolean z = true;
        if (strArr != null && strArr.length > 0) {
            if (strArr.length == 1) {
                if (!subject.isPermitted(strArr[0])) {
                    z = false;
                }
            } else if (!subject.isPermittedAll(strArr)) {
                z = false;
            }
        }
        return z;
    }

    protected boolean onAccessDenied(ServletRequest servletRequest, ServletResponse servletResponse) throws Exception {
        Subject subject = getSubject(servletRequest, servletResponse);
        if (null == subject || !subject.isAuthenticated()) {
            Commons.restFailed(WebUtils.toHttp(servletResponse), MessageConfig.REST_CODE_AUTH_UNAUTHORIZED, MessageConfig.REST_MESSAGE_AUTH_UNAUTHORIZED);
            return false;
        }
        Commons.restFailed(WebUtils.toHttp(servletResponse), MessageConfig.REST_CODE_AUTH_FORBIDDEN, MessageConfig.REST_MESSAGE_AUTH_FORBIDDEN);
        return false;
    }
}
