package net.risesoft.filters;

import com.fasterxml.jackson.annotation.JsonProperty;
import java.io.IOException;
import java.net.URI;
import java.nio.charset.StandardCharsets;
import java.util.Collections;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import lombok.Generated;
import net.risesoft.exception.GlobalErrorCodeEnum;
import net.risesoft.pojo.Y9Result;
import net.risesoft.y9.configuration.feature.apiacl.Y9ApiAccessControlProperties;
import net.risesoft.y9.exception.Y9UnauthorizedException;
import net.risesoft.y9.json.Y9JsonUtil;
import org.apache.commons.lang3.StringUtils;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpMethod;
import org.springframework.http.HttpStatus;
import org.springframework.http.MediaType;
import org.springframework.http.RequestEntity;
import org.springframework.web.client.RestTemplate;

/* loaded from: input_file:net/risesoft/filters/ApiTokenFilter.class */
public class ApiTokenFilter implements Filter {
    private final Y9ApiAccessControlProperties.TokenProperties tokenProperties;
    private RestTemplate restTemplate = new RestTemplate();

    /* loaded from: input_file:net/risesoft/filters/ApiTokenFilter$Oauth2Introspection.class */
    public static class Oauth2Introspection {
        private boolean active;
        private String attr;
        private String sub;
        private String scope;
        private long iat;
        private long exp;
        private String realmName;
        private String uniqueSecurityName;
        private String tokenType;
        private String aud;
        private String iss;

        @JsonProperty("client_id")
        private String clientId;

        @JsonProperty("grant_type")
        private String grantType;

        @Generated
        public Oauth2Introspection() {
        }

        @Generated
        public boolean isActive() {
            return this.active;
        }

        @Generated
        public String getAttr() {
            return this.attr;
        }

        @Generated
        public String getSub() {
            return this.sub;
        }

        @Generated
        public String getScope() {
            return this.scope;
        }

        @Generated
        public long getIat() {
            return this.iat;
        }

        @Generated
        public long getExp() {
            return this.exp;
        }

        @Generated
        public String getRealmName() {
            return this.realmName;
        }

        @Generated
        public String getUniqueSecurityName() {
            return this.uniqueSecurityName;
        }

        @Generated
        public String getTokenType() {
            return this.tokenType;
        }

        @Generated
        public String getAud() {
            return this.aud;
        }

        @Generated
        public String getIss() {
            return this.iss;
        }

        @Generated
        public String getClientId() {
            return this.clientId;
        }

        @Generated
        public String getGrantType() {
            return this.grantType;
        }

        @Generated
        public void setActive(boolean z) {
            this.active = z;
        }

        @Generated
        public void setAttr(String str) {
            this.attr = str;
        }

        @Generated
        public void setSub(String str) {
            this.sub = str;
        }

        @Generated
        public void setScope(String str) {
            this.scope = str;
        }

        @Generated
        public void setIat(long j) {
            this.iat = j;
        }

        @Generated
        public void setExp(long j) {
            this.exp = j;
        }

        @Generated
        public void setRealmName(String str) {
            this.realmName = str;
        }

        @Generated
        public void setUniqueSecurityName(String str) {
            this.uniqueSecurityName = str;
        }

        @Generated
        public void setTokenType(String str) {
            this.tokenType = str;
        }

        @Generated
        public void setAud(String str) {
            this.aud = str;
        }

        @Generated
        public void setIss(String str) {
            this.iss = str;
        }

        @JsonProperty("client_id")
        @Generated
        public void setClientId(String str) {
            this.clientId = str;
        }

        @JsonProperty("grant_type")
        @Generated
        public void setGrantType(String str) {
            this.grantType = str;
        }

        @Generated
        public boolean equals(Object obj) {
            if (obj == this) {
                return true;
            }
            if (!(obj instanceof Oauth2Introspection)) {
                return false;
            }
            Oauth2Introspection oauth2Introspection = (Oauth2Introspection) obj;
            if (!oauth2Introspection.canEqual(this) || this.active != oauth2Introspection.active || this.iat != oauth2Introspection.iat || this.exp != oauth2Introspection.exp) {
                return false;
            }
            String str = this.attr;
            String str2 = oauth2Introspection.attr;
            if (str == null) {
                if (str2 != null) {
                    return false;
                }
            } else if (!str.equals(str2)) {
                return false;
            }
            String str3 = this.sub;
            String str4 = oauth2Introspection.sub;
            if (str3 == null) {
                if (str4 != null) {
                    return false;
                }
            } else if (!str3.equals(str4)) {
                return false;
            }
            String str5 = this.scope;
            String str6 = oauth2Introspection.scope;
            if (str5 == null) {
                if (str6 != null) {
                    return false;
                }
            } else if (!str5.equals(str6)) {
                return false;
            }
            String str7 = this.realmName;
            String str8 = oauth2Introspection.realmName;
            if (str7 == null) {
                if (str8 != null) {
                    return false;
                }
            } else if (!str7.equals(str8)) {
                return false;
            }
            String str9 = this.uniqueSecurityName;
            String str10 = oauth2Introspection.uniqueSecurityName;
            if (str9 == null) {
                if (str10 != null) {
                    return false;
                }
            } else if (!str9.equals(str10)) {
                return false;
            }
            String str11 = this.tokenType;
            String str12 = oauth2Introspection.tokenType;
            if (str11 == null) {
                if (str12 != null) {
                    return false;
                }
            } else if (!str11.equals(str12)) {
                return false;
            }
            String str13 = this.aud;
            String str14 = oauth2Introspection.aud;
            if (str13 == null) {
                if (str14 != null) {
                    return false;
                }
            } else if (!str13.equals(str14)) {
                return false;
            }
            String str15 = this.iss;
            String str16 = oauth2Introspection.iss;
            if (str15 == null) {
                if (str16 != null) {
                    return false;
                }
            } else if (!str15.equals(str16)) {
                return false;
            }
            String str17 = this.clientId;
            String str18 = oauth2Introspection.clientId;
            if (str17 == null) {
                if (str18 != null) {
                    return false;
                }
            } else if (!str17.equals(str18)) {
                return false;
            }
            String str19 = this.grantType;
            String str20 = oauth2Introspection.grantType;
            return str19 == null ? str20 == null : str19.equals(str20);
        }

        @Generated
        protected boolean canEqual(Object obj) {
            return obj instanceof Oauth2Introspection;
        }

        @Generated
        public int hashCode() {
            int i = (1 * 59) + (this.active ? 79 : 97);
            long j = this.iat;
            int i2 = (i * 59) + ((int) ((j >>> 32) ^ j));
            long j2 = this.exp;
            int i3 = (i2 * 59) + ((int) ((j2 >>> 32) ^ j2));
            String str = this.attr;
            int hashCode = (i3 * 59) + (str == null ? 43 : str.hashCode());
            String str2 = this.sub;
            int hashCode2 = (hashCode * 59) + (str2 == null ? 43 : str2.hashCode());
            String str3 = this.scope;
            int hashCode3 = (hashCode2 * 59) + (str3 == null ? 43 : str3.hashCode());
            String str4 = this.realmName;
            int hashCode4 = (hashCode3 * 59) + (str4 == null ? 43 : str4.hashCode());
            String str5 = this.uniqueSecurityName;
            int hashCode5 = (hashCode4 * 59) + (str5 == null ? 43 : str5.hashCode());
            String str6 = this.tokenType;
            int hashCode6 = (hashCode5 * 59) + (str6 == null ? 43 : str6.hashCode());
            String str7 = this.aud;
            int hashCode7 = (hashCode6 * 59) + (str7 == null ? 43 : str7.hashCode());
            String str8 = this.iss;
            int hashCode8 = (hashCode7 * 59) + (str8 == null ? 43 : str8.hashCode());
            String str9 = this.clientId;
            int hashCode9 = (hashCode8 * 59) + (str9 == null ? 43 : str9.hashCode());
            String str10 = this.grantType;
            return (hashCode9 * 59) + (str10 == null ? 43 : str10.hashCode());
        }

        @Generated
        public String toString() {
            boolean z = this.active;
            String str = this.attr;
            String str2 = this.sub;
            String str3 = this.scope;
            long j = this.iat;
            long j2 = this.exp;
            String str4 = this.realmName;
            String str5 = this.uniqueSecurityName;
            String str6 = this.tokenType;
            String str7 = this.aud;
            String str8 = this.iss;
            String str9 = this.clientId;
            String str10 = this.grantType;
            return "ApiTokenFilter.Oauth2Introspection(active=" + z + ", attr=" + str + ", sub=" + str2 + ", scope=" + str3 + ", iat=" + j + ", exp=" + z + ", realmName=" + j2 + ", uniqueSecurityName=" + z + ", tokenType=" + str4 + ", aud=" + str5 + ", iss=" + str6 + ", clientId=" + str7 + ", grantType=" + str8 + ")";
        }
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        try {
            checkAccessToken(getAccessTokenFromRequest((HttpServletRequest) servletRequest));
            filterChain.doFilter(servletRequest, servletResponse);
        } catch (Y9UnauthorizedException e) {
            httpServletResponse.setStatus(HttpStatus.UNAUTHORIZED.value());
            httpServletResponse.setContentType("application/json");
            httpServletResponse.getWriter().write(Y9JsonUtil.writeValueAsString(Y9Result.failure(e.getCode(), e.getMessage())));
        }
    }

    private boolean checkAccessToken(String str) {
        String clientId = this.tokenProperties.getClientId();
        String clientSecret = this.tokenProperties.getClientSecret();
        String tokenIntrospectionUri = this.tokenProperties.getTokenIntrospectionUri();
        HttpHeaders httpHeaders = new HttpHeaders();
        httpHeaders.setAccept(Collections.singletonList(MediaType.APPLICATION_JSON));
        httpHeaders.setContentType(MediaType.APPLICATION_FORM_URLENCODED);
        httpHeaders.setBasicAuth(clientId, clientSecret, StandardCharsets.UTF_8);
        if (((Oauth2Introspection) this.restTemplate.exchange(new RequestEntity(httpHeaders, HttpMethod.POST, URI.create(tokenIntrospectionUri + "?token=" + str)), Oauth2Introspection.class).getBody()).isActive()) {
            return true;
        }
        throw new Y9UnauthorizedException(GlobalErrorCodeEnum.ACCESS_TOKEN_EXPIRED.getCode(), GlobalErrorCodeEnum.ACCESS_TOKEN_EXPIRED.getDescription());
    }

    private String getAccessTokenFromRequest(HttpServletRequest httpServletRequest) {
        String parameter = httpServletRequest.getParameter("access_token");
        if (StringUtils.isBlank(parameter)) {
            String header = httpServletRequest.getHeader("Authorization");
            if (StringUtils.isNotBlank(header) && header.startsWith("Bearer ")) {
                parameter = header.substring("Bearer ".length());
            }
        }
        if (StringUtils.isBlank(parameter)) {
            throw new Y9UnauthorizedException(GlobalErrorCodeEnum.ACCESS_TOKEN_NOT_FOUND.getCode(), GlobalErrorCodeEnum.ACCESS_TOKEN_NOT_FOUND.getDescription());
        }
        return parameter;
    }

    @Generated
    public ApiTokenFilter(Y9ApiAccessControlProperties.TokenProperties tokenProperties) {
        this.tokenProperties = tokenProperties;
    }
}
