package team.sailboat.commons.ms.authclient;

import com.nimbusds.jose.util.Base64URL;
import jakarta.servlet.Filter;
import jakarta.servlet.FilterChain;
import jakarta.servlet.ServletException;
import jakarta.servlet.ServletRequest;
import jakarta.servlet.ServletResponse;
import jakarta.servlet.http.Cookie;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import jakarta.servlet.http.HttpSession;
import java.io.IOException;
import java.util.Collections;
import java.util.Date;
import java.util.Set;
import java.util.UUID;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.HttpStatus;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.security.web.util.matcher.RequestMatcher;
import team.sailboat.commons.fan.app.AppContext;
import team.sailboat.commons.fan.collection.XC;
import team.sailboat.commons.fan.excep.ExceptionAssist;
import team.sailboat.commons.fan.excep.HttpException;
import team.sailboat.commons.fan.http.HttpClient;
import team.sailboat.commons.fan.http.Request;
import team.sailboat.commons.fan.json.JSONArray;
import team.sailboat.commons.fan.json.JSONObject;
import team.sailboat.commons.fan.serial.StreamAssist;
import team.sailboat.commons.fan.text.XString;
import team.sailboat.commons.fan.time.XTime;
import team.sailboat.commons.ms.xca.AppKeySecret;
import team.sailboat.commons.ms.xca.IAppSignChecker;
import team.sailboat.commons.ms.xca.XAppSignChecker;

/* loaded from: input_file:team/sailboat/commons/ms/authclient/LoginFilter.class */
public class LoginFilter implements Filter {
    OAuthClientConf mClientConf;
    RequestMatcher mLoginMatcher;
    RequestMatcher mRefreshAuthsMatcher;
    HttpClient mAuthClient;
    IAppSignChecker mAppSignChecker;
    AppKeySecret mOAuthClientApp;
    final Logger mLogger = LoggerFactory.getLogger(getClass());
    final Object mMutex = new Object();
    final Set<String> mNeedRefreshUserIds = Collections.synchronizedSet(XC.hashSet());

    public LoginFilter(OAuthClientConf oAuthClientConf) {
        this.mClientConf = oAuthClientConf;
        this.mLoginMatcher = new AntPathRequestMatcher(this.mClientConf.getLocalLoginPath());
        this.mAuthClient = this.mClientConf.getAuthCenterClient();
        String refreshUserAuthoritesCallbackPath = this.mClientConf.getRefreshUserAuthoritesCallbackPath();
        if (XString.isNotEmpty(refreshUserAuthoritesCallbackPath)) {
            this.mRefreshAuthsMatcher = new AntPathRequestMatcher(refreshUserAuthoritesCallbackPath);
        }
        this.mOAuthClientApp = new AppKeySecret(null, this.mClientConf.getClientId(), this.mClientConf.getClientSecret());
        this.mAppSignChecker = new XAppSignChecker(null, str -> {
            if (str.equals(this.mOAuthClientApp.getAppKey())) {
                return this.mOAuthClientApp;
            }
            return null;
        });
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v101, types: [team.sailboat.commons.ms.xca.AppCertificate] */
    /* JADX WARN: Type inference failed for: r0v123, types: [java.lang.Object] */
    /* JADX WARN: Type inference failed for: r0v124, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r0v128 */
    /* JADX WARN: Type inference failed for: r0v33 */
    /* JADX WARN: Type inference failed for: r0v34, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r0v37 */
    /* JADX WARN: Type inference failed for: r0v7 */
    /* JADX WARN: Type inference failed for: r0v8, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r0v93, types: [boolean] */
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpSession session = httpServletRequest.getSession();
        Object attribute = session.getAttribute("LoginFilterMutex");
        if (attribute == null) {
            ?? r0 = this.mMutex;
            synchronized (r0) {
                attribute = session.getAttribute("LoginFilterMutex");
                if (attribute == null) {
                    attribute = new Object();
                    session.setAttribute("LoginFilterMutex", attribute);
                }
                r0 = r0;
            }
        }
        ?? r02 = attribute;
        synchronized (r02) {
            if (this.mLoginMatcher.matches(httpServletRequest)) {
                Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
                if (authentication == null || !authentication.isAuthenticated()) {
                    String uuid = UUID.randomUUID().toString();
                    httpServletRequest.getSession().setAttribute("oauth_state", uuid);
                    ((HttpServletResponse) servletResponse).sendRedirect(this.mClientConf.getAuthServerAuthUrl(uuid));
                } else {
                    ((HttpServletResponse) servletResponse).sendError(HttpStatus.BAD_REQUEST.value(), "单会话登陆并发过大！");
                }
                return;
            }
            if (this.mRefreshAuthsMatcher != null && (r02 = this.mRefreshAuthsMatcher.matches(httpServletRequest)) != 0) {
                try {
                    r02 = this.mAppSignChecker.check(httpServletRequest);
                    new JSONArray(StreamAssist.readString(httpServletRequest.getInputStream(), httpServletRequest.getContentLength(), "UTF-8")).forEach(obj -> {
                        this.mNeedRefreshUserIds.add((String) obj);
                    });
                    return;
                } catch (HttpException e) {
                    this.mLogger.error(ExceptionAssist.getClearMessage(getClass(), e));
                    ((HttpServletResponse) servletResponse).sendError(e.getStatus().value(), e.getRawMessage());
                    return;
                }
            }
            CoupleAuthenticationToken authentication2 = SecurityContextHolder.getContext().getAuthentication();
            if (authentication2 != null && (authentication2 instanceof CoupleAuthenticationToken)) {
                CoupleAuthenticationToken coupleAuthenticationToken = authentication2;
                if (this.mNeedRefreshUserIds.remove(coupleAuthenticationToken.m1getPrincipal().getId())) {
                    coupleAuthenticationToken.setForceExpired(true);
                    SecurityContextHolder.getContext().setAuthentication((Authentication) null);
                }
                if (coupleAuthenticationToken.isExpired()) {
                    ?? r03 = coupleAuthenticationToken;
                    synchronized (r03) {
                        if (coupleAuthenticationToken.isExpired()) {
                            try {
                                JSONObject jSONObject = (JSONObject) this.mAuthClient.ask(Request.POST().path(this.mClientConf.getAuthServerTokenPath()).queryParam("client_id", this.mClientConf.getClientId()).queryParam("grant_type", "refresh_token").queryParam("refresh_token", coupleAuthenticationToken.getRefreshToken()).queryParam("redirect_uri", this.mClientConf.getCodeCallbackUrl()));
                                String optString = jSONObject.optString("access_token");
                                String optString2 = jSONObject.optString("refresh_token");
                                JSONObject jSONObject2 = new JSONObject(new String(Base64URL.from(XString.seg_i(optString, '.', 1)).decode(), "UTF-8"));
                                Date date = new Date(jSONObject2.optLong("iat") * 1000);
                                Date date2 = new Date(jSONObject2.optLong("exp") * 1000);
                                JSONArray optJSONArray = jSONObject2.optJSONArray("auths");
                                JSONObject optJSONObject = jSONObject2.optJSONObject("detail");
                                User m1getPrincipal = coupleAuthenticationToken.m1getPrincipal();
                                m1getPrincipal.setUsername(jSONObject2.optString("sub"));
                                m1getPrincipal.setAuthorities(optJSONArray != null ? optJSONArray.toStringArray() : null);
                                m1getPrincipal.setRealName(optJSONObject.optString("realName"));
                                m1getPrincipal.setSex(optJSONObject.optString("sex"));
                                m1getPrincipal.setAdditionProperties(optJSONObject);
                                coupleAuthenticationToken.setAccessToken(optString);
                                coupleAuthenticationToken.setRefreshToken(optString2);
                                coupleAuthenticationToken.setExpiredTime(date2);
                                coupleAuthenticationToken.setIssueTime(date);
                                coupleAuthenticationToken.setAuthenticated(true);
                                coupleAuthenticationToken.setForceExpired(false);
                                String optString3 = optJSONObject.optString("corsToken");
                                if (XString.isNotEmpty(optString3)) {
                                    ((HttpServletResponse) servletResponse).addCookie(new Cookie("cors-token", CorsTokenSignHelper.signCorsToken(optString3, httpServletRequest.getRequestURL(), this.mOAuthClientApp.getAppSecret())));
                                }
                                this.mLogger.info("刷新了用户[{}]的令牌，原先的过期时间是:{}", m1getPrincipal.getUsername(), XTime.format$yyyyMMddHHmmss(coupleAuthenticationToken.getExpiredTime()));
                            } catch (Exception e2) {
                                this.mLogger.error(ExceptionAssist.getClearMessage(getClass(), e2));
                                coupleAuthenticationToken.setAuthenticated(false);
                            }
                        }
                        r03 = r03;
                    }
                }
            }
            try {
                filterChain.doFilter(servletRequest, servletResponse);
            } finally {
                AppContext.removeThreadLocal("user_subspaceid");
            }
        }
    }
}
