package team.sailboat.commons.ms.authclient;

import com.nimbusds.jose.util.Base64URL;
import jakarta.servlet.ServletException;
import jakarta.servlet.http.Cookie;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.Date;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import team.sailboat.commons.fan.excep.ExceptionAssist;
import team.sailboat.commons.fan.http.Request;
import team.sailboat.commons.fan.http.URLCoder;
import team.sailboat.commons.fan.json.JSONArray;
import team.sailboat.commons.fan.json.JSONObject;
import team.sailboat.commons.fan.text.XString;

/* loaded from: input_file:team/sailboat/commons/ms/authclient/OAuthCodeCallbackFilter.class */
public class OAuthCodeCallbackFilter extends AbstractAuthenticationProcessingFilter {
    final Logger mLogger;
    final URLCoder mURLCoder;
    OAuthClientConf mClientConf;

    public OAuthCodeCallbackFilter(OAuthClientConf oAuthClientConf) {
        super(new AntPathRequestMatcher(oAuthClientConf.getCodeCallbackPath()));
        this.mLogger = LoggerFactory.getLogger(getClass());
        this.mURLCoder = URLCoder.getDefault();
        this.mClientConf = oAuthClientConf;
    }

    public Authentication attemptAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws AuthenticationException, IOException, ServletException {
        if (httpServletRequest.getContextPath().equals(this.mClientConf.getLocalLoginPath())) {
            return null;
        }
        String parameter = httpServletRequest.getParameter("error");
        if (XString.isNotEmpty(parameter) && "access_denied".equals(parameter)) {
            httpServletResponse.sendRedirect(XString.msgFmt("{}/error_view?http-status=403&msg={}&url={}", new Object[]{httpServletRequest.getContextPath(), this.mURLCoder.encodeParam("您目前无权限访问此应用!"), httpServletRequest.getRequestURL()}));
            return null;
        }
        String parameter2 = httpServletRequest.getParameter("code");
        if (XString.isEmpty(parameter2)) {
            throw new AuthenticationServiceException("code不能为空！");
        }
        String parameter3 = httpServletRequest.getParameter("state");
        if (XString.isEmpty(parameter3)) {
            throw new AuthenticationServiceException("state不能为空！");
        }
        if (!parameter3.equals(httpServletRequest.getSession().getAttribute("oauth_state"))) {
            throw new AuthenticationServiceException("state无效！");
        }
        try {
            JSONObject jSONObject = (JSONObject) this.mClientConf.getAuthCenterClient().ask(Request.POST().path(this.mClientConf.getAuthServerTokenPath()).queryParam("client_id", this.mClientConf.getClientId()).queryParam("grant_type", "authorization_code").queryParam("code", parameter2).queryParam("redirect_uri", this.mClientConf.getCodeCallbackUrl()));
            String optString = jSONObject.optString("access_token");
            String optString2 = jSONObject.optString("refresh_token");
            JSONObject jSONObject2 = new JSONObject(new String(Base64URL.from(XString.seg_i(optString, '.', 1)).decode(), "UTF-8"));
            Date date = new Date(jSONObject2.optLong("iat") * 1000);
            Date date2 = new Date(jSONObject2.optLong("exp") * 1000);
            JSONArray optJSONArray = jSONObject2.optJSONArray("auths");
            JSONObject optJSONObject = jSONObject2.optJSONObject("detail");
            User user = new User(optJSONObject.optString("id"), jSONObject2.optString("sub"), optJSONArray != null ? optJSONArray.toStringArray() : null);
            user.setRealName(optJSONObject.optString("realName"));
            user.setSex(optJSONObject.optString("sex"));
            user.setAdditionProperties(optJSONObject);
            CoupleAuthenticationToken coupleAuthenticationToken = new CoupleAuthenticationToken(optString, optString2, user, date, date2);
            coupleAuthenticationToken.setAuthenticated(true);
            String optString3 = optJSONObject.optString("corsToken");
            if (XString.isNotEmpty(optString3)) {
                httpServletResponse.addCookie(new Cookie("cors-token", CorsTokenSignHelper.signCorsToken(optString3, httpServletRequest.getRequestURL(), this.mClientConf.getClientSecret())));
            }
            return coupleAuthenticationToken;
        } catch (Exception e) {
            this.mLogger.error(ExceptionAssist.getClearMessage(getClass(), e, "连接的目标端是：" + String.valueOf(this.mClientConf.getAuthCenterClient())));
            if (e instanceof IOException) {
                throw ((IOException) e);
            }
            throw new IOException(e);
        }
    }
}
