package top.dcenter.ums.security.core.auth.session.filter;

import java.io.IOException;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.commons.collections.MapUtils;
import org.jetbrains.annotations.NotNull;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.util.AntPathMatcher;
import org.springframework.web.filter.OncePerRequestFilter;
import top.dcenter.ums.security.core.api.authentication.handler.BaseAuthenticationFailureHandler;
import top.dcenter.ums.security.core.api.config.HttpSecurityAware;
import top.dcenter.ums.security.core.api.session.SessionEnhanceCheckService;
import top.dcenter.ums.security.core.consts.SecurityConstants;
import top.dcenter.ums.security.core.enums.ErrorCodeEnum;
import top.dcenter.ums.security.core.exception.SessionEnhanceCheckException;

/* loaded from: input_file:top/dcenter/ums/security/core/auth/session/filter/SessionEnhanceCheckFilter.class */
public class SessionEnhanceCheckFilter extends OncePerRequestFilter {
    private static final Logger log = LoggerFactory.getLogger(SessionEnhanceCheckFilter.class);
    private final BaseAuthenticationFailureHandler baseAuthenticationFailureHandler;
    private SessionEnhanceCheckService sessionEnhanceCheckService;
    private Map<String, Set<String>> authorizeRequestMap;
    private final AntPathMatcher pathMatcher = new AntPathMatcher();

    public SessionEnhanceCheckFilter(BaseAuthenticationFailureHandler baseAuthenticationFailureHandler, SessionEnhanceCheckService sessionEnhanceCheckService) {
        this.baseAuthenticationFailureHandler = baseAuthenticationFailureHandler;
        this.sessionEnhanceCheckService = sessionEnhanceCheckService;
    }

    protected void doFilterInternal(HttpServletRequest httpServletRequest, @NotNull HttpServletResponse httpServletResponse, @NotNull FilterChain filterChain) throws ServletException, IOException {
        String str;
        HttpSession session = httpServletRequest.getSession(false);
        if (this.sessionEnhanceCheckService == null || session == null || isPermitUri(httpServletRequest.getRequestURI(), session) || (str = (String) session.getAttribute(SecurityConstants.SESSION_ENHANCE_CHECK_KEY)) == null || this.sessionEnhanceCheckService.sessionEnhanceCheck(str, httpServletRequest)) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
        } else {
            log.warn("session被劫持: ip={}, ua={}, sid={}, uri={}, checkValue={}", new Object[]{httpServletRequest.getRemoteAddr(), httpServletRequest.getHeader(SecurityConstants.HEADER_USER_AGENT), session.getId(), httpServletRequest.getRequestURI(), str});
            this.baseAuthenticationFailureHandler.onAuthenticationFailure(httpServletRequest, httpServletResponse, new SessionEnhanceCheckException(ErrorCodeEnum.SESSION_ENHANCE_CHECK, session.getId()));
        }
    }

    private boolean isPermitUri(String str, HttpSession httpSession) {
        if (MapUtils.isEmpty(this.authorizeRequestMap)) {
            this.authorizeRequestMap = (Map) Objects.requireNonNullElse((Map) httpSession.getServletContext().getAttribute(SecurityConstants.SERVLET_CONTEXT_AUTHORIZE_REQUESTS_MAP_KEY), new HashMap(0));
        }
        Iterator it = ((Set) Objects.requireNonNullElse(this.authorizeRequestMap.get(HttpSecurityAware.PERMIT_ALL), new HashSet())).iterator();
        while (it.hasNext()) {
            if (this.pathMatcher.match((String) it.next(), str)) {
                return true;
            }
        }
        return false;
    }
}
