package y9.sso.resource.filter;

import jakarta.servlet.FilterChain;
import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import jakarta.servlet.http.HttpSession;
import java.io.IOException;
import java.net.URI;
import java.util.Base64;
import java.util.Collections;
import java.util.Map;
import lombok.Generated;
import net.risesoft.enums.platform.SexEnum;
import net.risesoft.model.user.UserInfo;
import net.risesoft.model.user.UserProfile;
import net.risesoft.y9.Y9LoginUserHolder;
import net.risesoft.y9.json.Y9JsonUtil;
import net.risesoft.y9.util.Y9EnumUtil;
import org.apache.commons.lang3.StringUtils;
import org.jose4j.json.JsonUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.core.env.Environment;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpMethod;
import org.springframework.http.HttpStatus;
import org.springframework.http.MediaType;
import org.springframework.http.RequestEntity;
import org.springframework.http.ResponseEntity;
import org.springframework.web.client.RestTemplate;
import org.springframework.web.context.WebApplicationContext;
import org.springframework.web.context.support.WebApplicationContextUtils;
import org.springframework.web.filter.OncePerRequestFilter;
import y9.sso.resource.util.DecodeUtils;

/* loaded from: input_file:y9/sso/resource/filter/Y9SsoResourceFilter.class */
public class Y9SsoResourceFilter extends OncePerRequestFilter {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(Y9SsoResourceFilter.class);
    private String decryptionKey;
    private String signKey;
    private WebApplicationContext ctx = null;
    private Environment env = null;
    private RestTemplate restTemplate = new RestTemplate();
    private String profileUri = "";
    private boolean tokenCachedInSession = false;

    protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
        if (this.env == null) {
            this.ctx = WebApplicationContextUtils.getWebApplicationContext(httpServletRequest.getServletContext());
            this.env = this.ctx.getEnvironment();
            this.profileUri = this.env.getProperty("y9.feature.oauth2.resource.opaque.profile-uri");
            this.decryptionKey = this.env.getProperty("y9.feature.jwt.resource.decryptionKey");
            this.signKey = this.env.getProperty("y9.feature.jwt.resource.signKey");
            this.tokenCachedInSession = Boolean.parseBoolean(this.env.getProperty("y9.feature.oauth2.resource.opaque.tokenCachedInSession", "false"));
        }
        try {
            try {
                HttpSession session = httpServletRequest.getSession(false);
                String str = session != null ? (String) session.getAttribute("access_token") : null;
                String accessTokenFromRequest = getAccessTokenFromRequest(httpServletRequest);
                if (accessTokenFromRequest != null) {
                    boolean z = !this.tokenCachedInSession;
                    if (!z && !accessTokenFromRequest.equals(str)) {
                        z = true;
                    }
                    if (z) {
                        try {
                            UserInfo userProfileToUserInfo = userProfileToUserInfo((UserProfile) Y9JsonUtil.readValue((String) invokeProfileEndpoint(this.restTemplate, accessTokenFromRequest).getBody(), UserProfile.class));
                            Y9LoginUserHolder.setUserInfo(userProfileToUserInfo);
                            if (session == null) {
                                session = httpServletRequest.getSession(true);
                            }
                            session.setAttribute("access_token", accessTokenFromRequest);
                            session.setAttribute("userInfo", userProfileToUserInfo);
                            session.setAttribute("loginName", userProfileToUserInfo.getLoginName());
                        } catch (Exception e) {
                            status401Unauthorized(httpServletResponse);
                            return;
                        }
                    }
                    filterChain.doFilter(httpServletRequest, httpServletResponse);
                } else {
                    String str2 = session != null ? (String) session.getAttribute("jwt") : null;
                    String jwtFromRequest = getJwtFromRequest(httpServletRequest);
                    if (jwtFromRequest != null) {
                        boolean z2 = !this.tokenCachedInSession;
                        if (!z2 && !jwtFromRequest.equals(str2)) {
                            z2 = true;
                        }
                        if (z2) {
                            try {
                                UserInfo jwtToUserInfo = jwtToUserInfo(jwtFromRequest);
                                Y9LoginUserHolder.setUserInfo(jwtToUserInfo);
                                if (session == null) {
                                    session = httpServletRequest.getSession(true);
                                }
                                session.setAttribute("jwt", jwtFromRequest);
                                session.setAttribute("userInfo", jwtToUserInfo);
                                session.setAttribute("loginName", jwtToUserInfo.getLoginName());
                            } catch (Exception e2) {
                                status401Unauthorized(httpServletResponse);
                                return;
                            }
                        }
                        filterChain.doFilter(httpServletRequest, httpServletResponse);
                    } else if (getFromBasicAuthRequest(httpServletRequest) == null) {
                        status401Unauthorized(httpServletResponse);
                    }
                }
            } catch (Exception e3) {
                throw e3;
            }
        } finally {
            Y9LoginUserHolder.clear();
        }
    }

    private String getAccessTokenFromRequest(HttpServletRequest httpServletRequest) {
        String parameter = httpServletRequest.getParameter("access_token");
        if (StringUtils.isBlank(parameter)) {
            String header = httpServletRequest.getHeader("Authorization");
            if (StringUtils.isNotBlank(header) && header.startsWith("Bearer ")) {
                parameter = header.substring("Bearer ".length());
            }
        }
        return parameter;
    }

    private UserInfo getFromBasicAuthRequest(HttpServletRequest httpServletRequest) {
        String parameter = httpServletRequest.getParameter("tenantName");
        String header = httpServletRequest.getHeader("Authorization");
        if (header == null) {
            return null;
        }
        String trim = header.trim();
        if (!StringUtils.startsWithIgnoreCase(trim, "Basic") || "Basic".equalsIgnoreCase(trim)) {
            return null;
        }
        try {
            String str = new String(Base64.getDecoder().decode(trim.substring(6).getBytes("UTF-8")), "UTF-8");
            int indexOf = str.indexOf(":");
            if (indexOf == -1) {
                return null;
            }
            String substring = str.substring(0, indexOf);
            String substring2 = str.substring(indexOf + 1);
            UserInfo userInfo = new UserInfo();
            userInfo.setTenantName(parameter);
            userInfo.setLoginName(substring);
            userInfo.setPassword(substring2);
            return userInfo;
        } catch (Exception e) {
            return null;
        }
    }

    private String getJwtFromRequest(HttpServletRequest httpServletRequest) {
        String parameter = httpServletRequest.getParameter("jwt");
        if (StringUtils.isBlank(parameter)) {
            String header = httpServletRequest.getHeader("Authorization");
            if (StringUtils.isNotBlank(header) && header.startsWith("Bearer ")) {
                parameter = header.substring("Bearer ".length());
            }
        }
        return parameter;
    }

    protected void initFilterBean() throws ServletException {
        super.initFilterBean();
    }

    private ResponseEntity<String> invokeProfileEndpoint(RestTemplate restTemplate, String str) {
        HttpHeaders httpHeaders = new HttpHeaders();
        httpHeaders.setAccept(Collections.singletonList(MediaType.APPLICATION_JSON));
        httpHeaders.set("Authorization", "Bearer " + str);
        return restTemplate.exchange(new RequestEntity(httpHeaders, HttpMethod.GET, URI.create(this.profileUri + "?access_token=" + str)), String.class);
    }

    private UserInfo jwtToUserInfo(String str) {
        try {
            Map parseJson = JsonUtil.parseJson(DecodeUtils.decode(str, this.decryptionKey, this.signKey));
            UserInfo userInfo = new UserInfo();
            userInfo.setSex(Y9EnumUtil.valueOf(SexEnum.class, Integer.valueOf(Integer.parseInt(String.valueOf(parseJson.get("sex"))))));
            userInfo.setOriginal(Boolean.parseBoolean(String.valueOf(parseJson.get("original"))));
            userInfo.setLoginName((String) parseJson.get("loginName"));
            userInfo.setTenantId((String) parseJson.get("tenantId"));
            userInfo.setTenantShortName((String) parseJson.get("tenantShortName"));
            userInfo.setTenantName((String) parseJson.get("tenantName"));
            userInfo.setPersonId((String) parseJson.get("personId"));
            userInfo.setCaid((String) parseJson.get("caid"));
            userInfo.setEmail((String) parseJson.get("email"));
            userInfo.setMobile((String) parseJson.get("mobile"));
            userInfo.setGuidPath((String) parseJson.get("guidPath"));
            userInfo.setLoginType((String) parseJson.get("loginType"));
            userInfo.setParentId((String) parseJson.get("parentId"));
            userInfo.setOriginalId((String) parseJson.get("originalId"));
            userInfo.setPositionId((String) parseJson.get("positionId"));
            userInfo.setPositions((String) parseJson.get("positions"));
            userInfo.setY9Roles((String) parseJson.get("y9Roles"));
            return userInfo;
        } catch (Exception e) {
            LOGGER.warn(e.getMessage(), e);
            return null;
        }
    }

    private void status401Unauthorized(HttpServletResponse httpServletResponse) {
        httpServletResponse.addHeader("WWW-Authenticate", "Bearer realm=\"risesoft\"");
        httpServletResponse.setStatus(HttpStatus.UNAUTHORIZED.value());
    }

    private UserInfo userProfileToUserInfo(UserProfile userProfile) {
        UserInfo userInfo = new UserInfo();
        userInfo.setCaid((String) userProfile.getAttributes().get("caid"));
        userInfo.setEmail((String) userProfile.getAttributes().get("email"));
        userInfo.setGuidPath((String) userProfile.getAttributes().get("guidPath"));
        userInfo.setLoginName((String) userProfile.getAttributes().get("loginName"));
        userInfo.setLoginType((String) userProfile.getAttributes().get("loginType"));
        userInfo.setMobile((String) userProfile.getAttributes().get("mobile"));
        userInfo.setOriginal(Boolean.parseBoolean(String.valueOf(userProfile.getAttributes().get("original"))));
        userInfo.setOriginalId((String) userProfile.getAttributes().get("originalId"));
        userInfo.setParentId((String) userProfile.getAttributes().get("parentId"));
        userInfo.setPersonId((String) userProfile.getAttributes().get("personId"));
        userInfo.setSex(Y9EnumUtil.valueOf(SexEnum.class, Integer.valueOf(String.valueOf(userProfile.getAttributes().get("sex")))));
        userInfo.setTenantId((String) userProfile.getAttributes().get("tenantId"));
        userInfo.setTenantShortName((String) userProfile.getAttributes().get("tenantShortName"));
        userInfo.setTenantName((String) userProfile.getAttributes().get("tenantName"));
        userInfo.setY9Roles((String) userProfile.getAttributes().get("y9Roles"));
        userInfo.setPositions((String) userProfile.getAttributes().get("positions"));
        userInfo.setPositionId((String) userProfile.getAttributes().get("positionId"));
        return userInfo;
    }
}
