package com.alilitech.security.jwt.authorization;

import com.alilitech.security.ExtensibleSecurity;
import com.alilitech.security.authentication.SecurityUser;
import com.alilitech.security.jwt.BlackListManager;
import com.alilitech.security.jwt.JwtTokenUtils;
import java.io.IOException;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.context.support.MessageSourceAccessor;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.SpringSecurityMessageSource;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.web.filter.OncePerRequestFilter;

/* loaded from: input_file:com/alilitech/security/jwt/authorization/JwtTokenAuthorizationFilter.class */
public class JwtTokenAuthorizationFilter extends OncePerRequestFilter {
    private static final String TOKEN_ERROR = "Token.Error";
    private static final String TOKEN_ERROR_MSG = "Token error, please check for {0}!";
    protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();
    private ExtensibleSecurity extensibleSecurity;
    private JwtTokenUtils jwtTokenUtils;
    private BlackListManager blackListManager;

    public JwtTokenAuthorizationFilter(JwtTokenUtils jwtTokenUtils, ExtensibleSecurity extensibleSecurity, BlackListManager blackListManager) {
        this.extensibleSecurity = extensibleSecurity;
        this.jwtTokenUtils = jwtTokenUtils;
        this.blackListManager = blackListManager;
    }

    protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
        String resolveToken = resolveToken(httpServletRequest);
        if (resolveToken == null) {
            throw new AccessDeniedException(this.messages.getMessage(TOKEN_ERROR, new Object[]{httpServletRequest.getRequestURI()}, TOKEN_ERROR_MSG));
        }
        if (this.blackListManager.inBlackList(resolveToken)) {
            throw new AccessDeniedException(this.messages.getMessage(TOKEN_ERROR, new Object[]{httpServletRequest.getRequestURI()}, TOKEN_ERROR_MSG));
        }
        if (!this.jwtTokenUtils.validateToken(resolveToken)) {
            throw new AccessDeniedException(this.messages.getMessage(TOKEN_ERROR, new Object[]{httpServletRequest.getRequestURI()}, TOKEN_ERROR_MSG));
        }
        Authentication authentication = this.jwtTokenUtils.getAuthentication(resolveToken);
        this.extensibleSecurity.validTokenExtension(resolveToken, ((SecurityUser) authentication.getPrincipal()).getBizUser(), httpServletRequest, httpServletResponse);
        SecurityContextHolder.getContext().setAuthentication(authentication);
        if (this.jwtTokenUtils.compareExpireTime(resolveToken)) {
            httpServletResponse.addHeader(ExtensibleSecurity.HEADER_NAME, this.jwtTokenUtils.refreshToken(resolveToken));
        }
        filterChain.doFilter(httpServletRequest, httpServletResponse);
    }

    private String resolveToken(HttpServletRequest httpServletRequest) {
        return this.extensibleSecurity.resolveToken(httpServletRequest);
    }
}
