package team.sailboat.commons.web.ac;

import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.io.IOException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.context.ApplicationEventPublisherAware;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse;
import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
import org.springframework.security.web.util.matcher.RequestHeaderRequestMatcher;
import team.sailboat.commons.fan.excep.ExceptionAssist;
import team.sailboat.commons.fan.http.URLCoder;
import team.sailboat.commons.fan.text.XString;

/* loaded from: input_file:team/sailboat/commons/web/ac/CorsTokenLoginFilter.class */
public class CorsTokenLoginFilter extends AbstractAuthenticationProcessingFilter implements ApplicationEventPublisherAware {
    final Logger mLogger;
    final URLCoder mURLCoder;
    OAuthClientConf mClientConf;

    public CorsTokenLoginFilter(OAuthClientConf oAuthClientConf) {
        super(new RequestHeaderRequestMatcher("cors-token-auth"));
        this.mLogger = LoggerFactory.getLogger(getClass());
        this.mURLCoder = URLCoder.getDefault();
        this.mClientConf = oAuthClientConf;
    }

    protected boolean requiresAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        if (!super.requiresAuthentication(httpServletRequest, httpServletResponse)) {
            return false;
        }
        CoupleAuthenticationToken authentication = SecurityContextHolder.getContext().getAuthentication();
        if (authentication == null || !(authentication instanceof CoupleAuthenticationToken)) {
            return true;
        }
        CoupleAuthenticationToken coupleAuthenticationToken = authentication;
        return !coupleAuthenticationToken.isAuthenticated() || coupleAuthenticationToken.isExpired();
    }

    public Authentication attemptAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws AuthenticationException, IOException, ServletException {
        if (httpServletRequest.getContextPath().equals(this.mClientConf.getLocalLoginPath())) {
            return null;
        }
        String parameter = httpServletRequest.getParameter("error");
        if (XString.isNotEmpty(parameter) && "access_denied".equals(parameter)) {
            httpServletResponse.sendRedirect(XString.msgFmt("{}/error_view?http-status=403&msg={}&url={}", new Object[]{httpServletRequest.getContextPath(), this.mURLCoder.encodeParam("您目前无权限访问此应用!"), httpServletRequest.getRequestURL()}));
            return null;
        }
        String header = httpServletRequest.getHeader("cors-token-auth");
        if (XString.isEmpty(header)) {
            throw new AuthenticationServiceException("cors-token-auth不能为空！");
        }
        try {
            OAuth2AccessTokenResponse tokenResponse = this.mClientConf.getAccessTokenResponseClient().getTokenResponse(new CorsTokenGrantRequest(this.mClientConf.getClientRegistration(), header, httpServletRequest.getHeader("referer")));
            CoupleAuthenticationToken coupleAuthenticationToken = new CoupleAuthenticationToken(AuthUser_AC.loadFromAC(tokenResponse.getAccessToken().getTokenValue(), this.mClientConf.getAuthCenterClient()), this.mClientConf.getClientRegistration().getRegistrationId(), tokenResponse.getAccessToken().getIssuedAt(), tokenResponse.getAccessToken().getExpiresAt());
            coupleAuthenticationToken.setAuthenticated(true);
            return coupleAuthenticationToken;
        } catch (Exception e) {
            this.mLogger.error(ExceptionAssist.getClearMessage(getClass(), e, "连接的目标端是：" + String.valueOf(this.mClientConf.getAuthCenterClient())));
            if (e instanceof IOException) {
                throw ((IOException) e);
            }
            throw new IOException(e);
        }
    }
}
