package team.sailboat.commons.web.ac;

import jakarta.servlet.Filter;
import jakarta.servlet.FilterChain;
import jakarta.servlet.ServletException;
import jakarta.servlet.ServletRequest;
import jakarta.servlet.ServletResponse;
import jakarta.servlet.http.Cookie;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import jakarta.servlet.http.HttpSession;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.util.Collections;
import java.util.Set;
import java.util.function.BiPredicate;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.oauth2.client.OAuth2AuthorizedClient;
import org.springframework.security.oauth2.client.endpoint.DefaultRefreshTokenTokenResponseClient;
import org.springframework.security.oauth2.client.endpoint.OAuth2RefreshTokenGrantRequest;
import org.springframework.security.oauth2.core.OAuth2AccessToken;
import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.security.web.util.matcher.RequestMatcher;
import team.sailboat.commons.fan.collection.XC;
import team.sailboat.commons.fan.excep.ExceptionAssist;
import team.sailboat.commons.fan.excep.HttpException;
import team.sailboat.commons.fan.json.JSONArray;
import team.sailboat.commons.fan.serial.StreamAssist;
import team.sailboat.commons.fan.text.XString;
import team.sailboat.commons.fan.time.XTime;
import team.sailboat.commons.ms.xca.AppKeySecret;
import team.sailboat.commons.ms.xca.IAppSignChecker;
import team.sailboat.commons.ms.xca.XAppSignChecker;

/* loaded from: input_file:team/sailboat/commons/web/ac/RefreshUserStateFilter.class */
public class RefreshUserStateFilter implements Filter {
    OAuthClientConf mClientConf;
    RequestMatcher mRefreshAuthsMatcher;
    IAppSignChecker mAppSignChecker;
    AppKeySecret mOAuthClientApp;
    final Logger mLogger = LoggerFactory.getLogger(getClass());
    final Object mMutex = new Object();
    final Set<String> mNeedRefreshUserIds = Collections.synchronizedSet(XC.hashSet());
    DefaultRefreshTokenTokenResponseClient mRefreshClient = new DefaultRefreshTokenTokenResponseClient();

    public RefreshUserStateFilter(OAuthClientConf oAuthClientConf) {
        this.mClientConf = oAuthClientConf;
        String refreshUserAuthoritesCallbackPath = this.mClientConf.getRefreshUserAuthoritesCallbackPath();
        if (XString.isNotEmpty(refreshUserAuthoritesCallbackPath)) {
            this.mRefreshAuthsMatcher = new AntPathRequestMatcher(refreshUserAuthoritesCallbackPath);
        }
        this.mOAuthClientApp = new AppKeySecret((String) null, this.mClientConf.getClientId(), this.mClientConf.getClientSecret());
        this.mAppSignChecker = new XAppSignChecker((BiPredicate) null, str -> {
            if (str.equals(this.mOAuthClientApp.getAppKey())) {
                return this.mOAuthClientApp;
            }
            return null;
        });
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v25 */
    /* JADX WARN: Type inference failed for: r0v26, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r0v29 */
    /* JADX WARN: Type inference failed for: r0v67, types: [boolean] */
    /* JADX WARN: Type inference failed for: r0v7 */
    /* JADX WARN: Type inference failed for: r0v75, types: [team.sailboat.commons.ms.xca.AppCertificate] */
    /* JADX WARN: Type inference failed for: r0v8, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r0v83, types: [java.lang.Object] */
    /* JADX WARN: Type inference failed for: r0v84, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r0v88 */
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpSession session = httpServletRequest.getSession();
        Object attribute = session.getAttribute("LoginFilterMutex");
        if (attribute == null) {
            ?? r0 = this.mMutex;
            synchronized (r0) {
                attribute = session.getAttribute("LoginFilterMutex");
                if (attribute == null) {
                    attribute = new Object();
                    session.setAttribute("LoginFilterMutex", attribute);
                }
                r0 = r0;
            }
        }
        ?? r02 = attribute;
        synchronized (r02) {
            if (this.mRefreshAuthsMatcher != null && (r02 = this.mRefreshAuthsMatcher.matches(httpServletRequest)) != 0) {
                try {
                    r02 = this.mAppSignChecker.check(httpServletRequest);
                    new JSONArray(StreamAssist.readString(httpServletRequest.getInputStream(), httpServletRequest.getContentLength(), "UTF-8")).forEach(obj -> {
                        this.mNeedRefreshUserIds.add((String) obj);
                    });
                    return;
                } catch (HttpException e) {
                    this.mLogger.error(ExceptionAssist.getClearMessage(getClass(), e));
                    ((HttpServletResponse) servletResponse).sendError(e.getStatus().value(), e.getRawMessage());
                    return;
                }
            }
            CoupleAuthenticationToken authentication = SecurityContextHolder.getContext().getAuthentication();
            if (authentication != null && (authentication instanceof CoupleAuthenticationToken)) {
                CoupleAuthenticationToken coupleAuthenticationToken = authentication;
                if (this.mNeedRefreshUserIds.remove(((AuthUser_AC) coupleAuthenticationToken.getPrincipal()).getId())) {
                    coupleAuthenticationToken.setForceExpired(true);
                    SecurityContextHolder.getContext().setAuthentication((Authentication) null);
                }
                if (coupleAuthenticationToken.isExpired()) {
                    ?? r03 = coupleAuthenticationToken;
                    synchronized (r03) {
                        if (coupleAuthenticationToken.isExpired()) {
                            AuthUser_AC authUser_AC = (AuthUser_AC) coupleAuthenticationToken.getPrincipal();
                            OAuth2AuthorizedClient loadAuthorizedClient = this.mClientConf.getAuthorizedClientRepository().loadAuthorizedClient(coupleAuthenticationToken.getAuthorizedClientRegistrationId(), coupleAuthenticationToken, httpServletRequest);
                            OAuth2AccessTokenResponse tokenResponse = this.mRefreshClient.getTokenResponse(new OAuth2RefreshTokenGrantRequest(loadAuthorizedClient.getClientRegistration(), loadAuthorizedClient.getAccessToken(), loadAuthorizedClient.getRefreshToken()));
                            OAuth2AccessToken accessToken = tokenResponse.getAccessToken();
                            OAuth2AuthorizedClient oAuth2AuthorizedClient = new OAuth2AuthorizedClient(loadAuthorizedClient.getClientRegistration(), coupleAuthenticationToken.getName(), accessToken, tokenResponse.getRefreshToken());
                            AuthUser_AC.refreshAuthorities(authUser_AC, accessToken.getTokenValue());
                            this.mClientConf.getAuthorizedClientRepository().saveAuthorizedClient(oAuth2AuthorizedClient, coupleAuthenticationToken, httpServletRequest, (HttpServletResponse) servletResponse);
                            coupleAuthenticationToken.setIssueTime(accessToken.getIssuedAt());
                            coupleAuthenticationToken.setExpiredTime(accessToken.getExpiresAt());
                            String str = (String) authUser_AC.getAttribute("corsToken");
                            if (XString.isNotEmpty(str)) {
                                try {
                                    ((HttpServletResponse) servletResponse).addCookie(new Cookie("cors-token", CorsTokenSignHelper.signCorsToken(str, httpServletRequest.getRequestURL(), this.mOAuthClientApp.getAppSecret())));
                                } catch (UnsupportedEncodingException | IllegalStateException | InvalidKeyException | NoSuchAlgorithmException e2) {
                                    this.mLogger.error(ExceptionAssist.getClearMessage(getClass(), e2, "签名CorsToken出现异常！"));
                                }
                            }
                            this.mLogger.info("刷新了用户[{}]的令牌，原先的过期时间是:{}", authUser_AC.getName(), XTime.format$yyyyMMddHHmmss(coupleAuthenticationToken.getExpiredTime().getEpochSecond()));
                        }
                        r03 = r03;
                    }
                }
            }
            filterChain.doFilter(servletRequest, servletResponse);
        }
    }
}
