package y9.oauth2.client.filter;

import jakarta.servlet.Filter;
import jakarta.servlet.FilterChain;
import jakarta.servlet.FilterConfig;
import jakarta.servlet.ServletException;
import jakarta.servlet.ServletRequest;
import jakarta.servlet.ServletResponse;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import jakarta.servlet.http.HttpSession;
import java.io.IOException;
import java.net.URI;
import java.nio.charset.StandardCharsets;
import java.util.Collections;
import net.risesoft.model.user.UserInfo;
import net.risesoft.y9.Y9Context;
import net.risesoft.y9.Y9LoginUserHolder;
import net.risesoft.y9.json.Y9JsonUtil;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpMethod;
import org.springframework.http.MediaType;
import org.springframework.http.RequestEntity;
import org.springframework.http.ResponseEntity;
import org.springframework.util.ObjectUtils;
import org.springframework.web.client.RestTemplate;
import y9.oauth2.client.service.ServiceProxy;

/* loaded from: input_file:y9/oauth2/client/filter/Y9OAuthFilter.class */
public class Y9OAuthFilter implements Filter {
    private String clientId = "";
    private String clientSecret = "";
    private RestTemplate restTemplate = new RestTemplate();
    private ServiceProxy casOAuthServiceProxy;

    public void init(FilterConfig filterConfig) throws ServletException {
        this.clientId = Y9Context.getProperty("y9.feature.oauth2.client.clientId");
        this.clientSecret = Y9Context.getProperty("y9.feature.oauth2.client.clientSecret");
    }

    public void destroy() {
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        if (this.casOAuthServiceProxy == null) {
            this.casOAuthServiceProxy = (ServiceProxy) Y9Context.getBean(ServiceProxy.class);
        }
        if (!httpServletRequest.getRequestURI().contains("/public/oauth/callback")) {
            HttpSession session = httpServletRequest.getSession(false);
            if (session == null) {
                auth(httpServletRequest, httpServletResponse);
                return;
            }
            String str = (String) session.getAttribute("accessToken");
            ResponseEntity<OAuth20IntrospectionAccessTokenResponse> invokeIntrospectEndpoint = invokeIntrospectEndpoint(str);
            OAuth20IntrospectionAccessTokenResponse oAuth20IntrospectionAccessTokenResponse = (OAuth20IntrospectionAccessTokenResponse) invokeIntrospectEndpoint.getBody();
            if (!oAuth20IntrospectionAccessTokenResponse.isActive()) {
                auth(httpServletRequest, httpServletResponse);
                return;
            }
            UserInfo userInfo = null;
            if (invokeIntrospectEndpoint.getStatusCode().is2xxSuccessful()) {
                try {
                    userInfo = (UserInfo) Y9JsonUtil.readValue(oAuth20IntrospectionAccessTokenResponse.getAttr(), UserInfo.class);
                } catch (Exception e) {
                    userInfo = (UserInfo) Y9JsonUtil.readValue((String) invokeProfileEndpoint(str).getBody(), UserInfo.class);
                }
            }
            if (ObjectUtils.isEmpty(userInfo)) {
                auth(httpServletRequest, httpServletResponse);
                return;
            } else {
                Y9LoginUserHolder.setUserInfo(userInfo);
                session.setAttribute("userInfo", userInfo);
                session.setAttribute("loginName", userInfo.getLoginName());
            }
        }
        filterChain.doFilter(servletRequest, servletResponse);
    }

    public void auth(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
        String requestURI = httpServletRequest.getRequestURI();
        String contextPath = httpServletRequest.getContextPath();
        if (contextPath != null && contextPath.length() > 0) {
            requestURI = requestURI.substring(contextPath.length());
        }
        httpServletRequest.getSession().setAttribute("originalUri", requestURI + (httpServletRequest.getQueryString() != null ? "?" + httpServletRequest.getQueryString() : ""));
        httpServletResponse.sendRedirect(this.casOAuthServiceProxy.getAuthorizationUrl());
    }

    private ResponseEntity<OAuth20IntrospectionAccessTokenResponse> invokeIntrospectEndpoint(String str) {
        HttpHeaders httpHeaders = new HttpHeaders();
        httpHeaders.setAccept(Collections.singletonList(MediaType.APPLICATION_JSON));
        httpHeaders.setContentType(MediaType.APPLICATION_FORM_URLENCODED);
        httpHeaders.setBasicAuth(this.clientId, this.clientSecret, StandardCharsets.UTF_8);
        return this.restTemplate.exchange(new RequestEntity(httpHeaders, HttpMethod.POST, URI.create(Y9Context.getProperty("y9.feature.oauth2.client.introspection-uri") + "?token=" + str)), OAuth20IntrospectionAccessTokenResponse.class);
    }

    private ResponseEntity<String> invokeProfileEndpoint(String str) {
        HttpHeaders httpHeaders = new HttpHeaders();
        httpHeaders.setAccept(Collections.singletonList(MediaType.APPLICATION_JSON));
        httpHeaders.set("Authorization", "Bearer " + str);
        return this.restTemplate.exchange(new RequestEntity(httpHeaders, HttpMethod.GET, URI.create(Y9Context.getProperty("y9.feature.oauth2.client.profile-uri") + "?access_token=" + str)), String.class);
    }
}
