package cc.hiver.core.config.security.jwt;

import cc.hiver.core.common.constant.SecurityConstant;
import cc.hiver.core.common.redis.RedisTemplateHelper;
import cc.hiver.core.common.utils.ResponseUtil;
import cc.hiver.core.common.utils.SecurityUtil;
import cc.hiver.core.common.vo.TokenMember;
import cc.hiver.core.common.vo.TokenUser;
import cc.hiver.core.config.properties.HiverAppTokenProperties;
import cc.hiver.core.config.properties.HiverTokenProperties;
import cn.hutool.core.util.StrUtil;
import com.google.gson.Gson;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.ExpiredJwtException;
import io.jsonwebtoken.Jwts;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import java.util.concurrent.TimeUnit;
import java.util.stream.Collectors;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;

/* loaded from: input_file:cc/hiver/core/config/security/jwt/TokenAuthenticationFilter.class */
public class TokenAuthenticationFilter extends BasicAuthenticationFilter {
    private static final Logger log = LoggerFactory.getLogger(TokenAuthenticationFilter.class);
    private HiverTokenProperties tokenProperties;
    private HiverAppTokenProperties appTokenProperties;
    private RedisTemplateHelper redisTemplate;
    private SecurityUtil securityUtil;

    public TokenAuthenticationFilter(AuthenticationManager authenticationManager, HiverTokenProperties hiverTokenProperties, HiverAppTokenProperties hiverAppTokenProperties, RedisTemplateHelper redisTemplateHelper, SecurityUtil securityUtil) {
        super(authenticationManager);
        this.tokenProperties = hiverTokenProperties;
        this.appTokenProperties = hiverAppTokenProperties;
        this.redisTemplate = redisTemplateHelper;
        this.securityUtil = securityUtil;
    }

    public TokenAuthenticationFilter(AuthenticationManager authenticationManager, AuthenticationEntryPoint authenticationEntryPoint) {
        super(authenticationManager, authenticationEntryPoint);
    }

    protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws IOException, ServletException {
        UsernamePasswordAuthenticationToken authentication;
        String header = httpServletRequest.getHeader(SecurityConstant.HEADER);
        if (StrUtil.isBlank(header)) {
            header = httpServletRequest.getParameter(SecurityConstant.HEADER);
        }
        String header2 = httpServletRequest.getHeader(SecurityConstant.APP_HEADER);
        if (StrUtil.isBlank(header2)) {
            header2 = httpServletRequest.getParameter(SecurityConstant.APP_HEADER);
        }
        if (Boolean.valueOf((StrUtil.isBlank(header) || !(this.tokenProperties.getRedis().booleanValue() || header.startsWith(SecurityConstant.TOKEN_SPLIT))) && StrUtil.isBlank(header2)).booleanValue()) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        try {
            authentication = StrUtil.isNotBlank(header) ? getAuthentication(header, httpServletResponse) : getAppAuthentication(header2, httpServletResponse);
        } catch (Exception e) {
            log.warn(e.toString());
        }
        if (authentication == null) {
            return;
        }
        SecurityContextHolder.getContext().setAuthentication(authentication);
        filterChain.doFilter(httpServletRequest, httpServletResponse);
    }

    /* JADX WARN: Multi-variable type inference failed */
    private UsernamePasswordAuthenticationToken getAuthentication(String str, HttpServletResponse httpServletResponse) {
        TokenUser tokenUser = null;
        List arrayList = new ArrayList();
        if (this.tokenProperties.getRedis().booleanValue()) {
            String str2 = this.redisTemplate.get(SecurityConstant.TOKEN_PRE + str);
            if (StrUtil.isBlank(str2)) {
                ResponseUtil.out(httpServletResponse, ResponseUtil.resultMap(false, 401, "登录已失效，请重新登录"));
                return null;
            }
            tokenUser = (TokenUser) new Gson().fromJson(str2, TokenUser.class);
            if (this.tokenProperties.getStorePerms().booleanValue()) {
                Iterator<String> it = tokenUser.getPermissions().iterator();
                while (it.hasNext()) {
                    arrayList.add(new SimpleGrantedAuthority(it.next()));
                }
            } else {
                arrayList = this.securityUtil.getCurrUserPerms(tokenUser.getUsername());
            }
            if (!tokenUser.getSaveLogin().booleanValue()) {
                this.redisTemplate.set(SecurityConstant.USER_TOKEN + tokenUser.getUsername(), str, this.tokenProperties.getTokenExpireTime().intValue(), TimeUnit.MINUTES);
                this.redisTemplate.set(SecurityConstant.TOKEN_PRE + str, str2, this.tokenProperties.getTokenExpireTime().intValue(), TimeUnit.MINUTES);
            }
        } else {
            try {
                tokenUser = (TokenUser) new Gson().fromJson(((Claims) Jwts.parser().setSigningKey(SecurityConstant.JWT_SIGN_KEY).parseClaimsJws(str.replace(SecurityConstant.TOKEN_SPLIT, "")).getBody()).getSubject(), TokenUser.class);
                arrayList = this.securityUtil.getCurrUserPerms(tokenUser.getUsername());
            } catch (ExpiredJwtException e) {
                ResponseUtil.out(httpServletResponse, ResponseUtil.resultMap(false, 401, "登录已失效，请重新登录"));
            } catch (Exception e2) {
                log.error(e2.toString());
                ResponseUtil.out(httpServletResponse, ResponseUtil.resultMap(false, 500, "解析token错误"));
            }
        }
        if (tokenUser == null || !StrUtil.isNotBlank(tokenUser.getUsername())) {
            return null;
        }
        return new UsernamePasswordAuthenticationToken(tokenUser, (Object) null, arrayList);
    }

    private UsernamePasswordAuthenticationToken getAppAuthentication(String str, HttpServletResponse httpServletResponse) {
        TokenMember tokenMember = null;
        Collection arrayList = new ArrayList();
        if (this.appTokenProperties.getRedis().booleanValue()) {
            String str2 = this.redisTemplate.get(SecurityConstant.TOKEN_MEMBER_PRE + str);
            if (StrUtil.isBlank(str2)) {
                ResponseUtil.out(httpServletResponse, ResponseUtil.resultMap(false, 401, "会员登录已失效，请重新登录"));
                return null;
            }
            tokenMember = (TokenMember) new Gson().fromJson(str2, TokenMember.class);
            if (StrUtil.isNotBlank(tokenMember.getPermissions())) {
                arrayList = (List) Arrays.stream(tokenMember.getPermissions().split(",")).map(str3 -> {
                    return new SimpleGrantedAuthority(str3);
                }).collect(Collectors.toList());
            }
            this.redisTemplate.set(SecurityConstant.MEMBER_TOKEN + tokenMember.getUsername() + ":" + tokenMember.getPlatform(), str, this.appTokenProperties.getTokenExpireTime().intValue(), TimeUnit.DAYS);
            this.redisTemplate.set(SecurityConstant.TOKEN_MEMBER_PRE + str, str2, this.appTokenProperties.getTokenExpireTime().intValue(), TimeUnit.DAYS);
        } else {
            try {
                tokenMember = (TokenMember) new Gson().fromJson(((Claims) Jwts.parser().setSigningKey(SecurityConstant.JWT_SIGN_KEY).parseClaimsJws(str.replace(SecurityConstant.TOKEN_SPLIT, "")).getBody()).getSubject(), TokenMember.class);
                if (StrUtil.isNotBlank(tokenMember.getPermissions())) {
                    arrayList = (List) Arrays.stream(tokenMember.getPermissions().split(",")).map(str4 -> {
                        return new SimpleGrantedAuthority(str4);
                    }).collect(Collectors.toList());
                }
            } catch (Exception e) {
                log.error(e.toString());
                ResponseUtil.out(httpServletResponse, ResponseUtil.resultMap(false, 500, "解析token错误"));
            } catch (ExpiredJwtException e2) {
                ResponseUtil.out(httpServletResponse, ResponseUtil.resultMap(false, 401, "登录已失效，请重新登录"));
            }
        }
        if (tokenMember == null || !StrUtil.isNotBlank(tokenMember.getUsername())) {
            return null;
        }
        return new UsernamePasswordAuthenticationToken(tokenMember, (Object) null, arrayList);
    }
}
