package com.github.hetianyi.boot.ready.config.security;

import com.github.hetianyi.boot.ready.config.AppConfigurationProperties;
import com.github.hetianyi.common.Const;
import com.github.hetianyi.common.util.CookieUtil;
import com.github.hetianyi.common.util.StringUtil;
import com.google.common.collect.ImmutableSet;
import java.util.concurrent.TimeUnit;
import javax.annotation.Resource;
import javax.servlet.AsyncContext;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import javax.servlet.http.HttpServletResponse;
import org.redisson.api.RedissonClient;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.security.authentication.AuthenticationTrustResolver;
import org.springframework.security.authentication.AuthenticationTrustResolverImpl;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.context.HttpRequestResponseHolder;
import org.springframework.security.web.util.OnCommittedResponseWrapper;
import org.springframework.web.util.WebUtils;

@ConditionalOnProperty(name = {"app.security.sessionResumeMode"}, havingValue = "redis")
/* loaded from: input_file:com/github/hetianyi/boot/ready/config/security/RedisSecurityContextRepository.class */
public class RedisSecurityContextRepository implements ReadySecurityContextRepository {
    private static final Logger log = LoggerFactory.getLogger(RedisSecurityContextRepository.class);
    public static final String SPRING_SECURITY_CONTEXT_KEY = "SPRING_SECURITY_CONTEXT";
    public static final String PRE_SIGNED_TOKEN = "PRE_SIGNED_TOKEN";
    private AuthenticationTrustResolver trustResolver = new AuthenticationTrustResolverImpl();

    @Resource
    private RedissonClient redissonClient;

    @Resource
    private AppConfigurationProperties appConfigurationProperties;
    private final Class sessionClass;

    /* loaded from: input_file:com/github/hetianyi/boot/ready/config/security/RedisSecurityContextRepository$SaveToRedisRequestWrapper.class */
    private static class SaveToRedisRequestWrapper extends HttpServletRequestWrapper {
        private final SaveToRedisResponseWrapper response;

        SaveToRedisRequestWrapper(HttpServletRequest httpServletRequest, SaveToRedisResponseWrapper saveToRedisResponseWrapper) {
            super(httpServletRequest);
            this.response = saveToRedisResponseWrapper;
        }

        public AsyncContext startAsync() {
            this.response.disableSaveOnResponseCommitted();
            return super.startAsync();
        }

        public AsyncContext startAsync(ServletRequest servletRequest, ServletResponse servletResponse) throws IllegalStateException {
            this.response.disableSaveOnResponseCommitted();
            return super.startAsync(servletRequest, servletResponse);
        }
    }

    /* loaded from: input_file:com/github/hetianyi/boot/ready/config/security/RedisSecurityContextRepository$SaveToRedisResponseWrapper.class */
    final class SaveToRedisResponseWrapper extends OnCommittedResponseWrapper {
        private boolean contextSaved;
        private final boolean disableUrlRewriting = false;
        private final HttpServletRequest request;
        private final SecurityContext contextBeforeExecution;
        private final Authentication authBeforeExecution;

        SaveToRedisResponseWrapper(HttpServletResponse httpServletResponse, HttpServletRequest httpServletRequest, SecurityContext securityContext) {
            super(httpServletResponse);
            this.contextSaved = false;
            this.disableUrlRewriting = false;
            this.request = httpServletRequest;
            this.contextBeforeExecution = securityContext;
            this.authBeforeExecution = securityContext.getAuthentication();
        }

        protected void saveContext(SecurityContext securityContext) {
            Authentication authentication = securityContext.getAuthentication();
            if (authentication == null || null == authentication.getPrincipal() || RedisSecurityContextRepository.this.trustResolver.isAnonymous(authentication)) {
                this.request.removeAttribute("SPRING_SECURITY_CONTEXT");
                return;
            }
            if (contextChanged(securityContext) || this.request.getAttribute("SPRING_SECURITY_CONTEXT") == null) {
                if (RedisSecurityContextRepository.this.saveSession(authentication.getPrincipal(), this.request)) {
                    return;
                }
                RedisSecurityContextRepository.log.error("save context failed");
            }
        }

        private boolean contextChanged(SecurityContext securityContext) {
            return (securityContext == this.contextBeforeExecution && securityContext.getAuthentication() == this.authBeforeExecution) ? false : true;
        }

        public void disableSaveOnResponseCommitted() {
            disableOnResponseCommitted();
        }

        protected void onResponseCommitted() {
            saveContext(SecurityContextHolder.getContext());
            this.contextSaved = true;
        }

        public final String encodeRedirectUrl(String str) {
            getClass();
            return super.encodeRedirectUrl(str);
        }

        public final String encodeRedirectURL(String str) {
            getClass();
            return super.encodeRedirectURL(str);
        }

        public final String encodeUrl(String str) {
            getClass();
            return super.encodeUrl(str);
        }

        public final String encodeURL(String str) {
            getClass();
            return super.encodeURL(str);
        }

        public final boolean isContextSaved() {
            return this.contextSaved;
        }
    }

    public RedisSecurityContextRepository(RedissonClient redissonClient, AppConfigurationProperties appConfigurationProperties) throws ClassNotFoundException {
        this.redissonClient = redissonClient;
        this.appConfigurationProperties = appConfigurationProperties;
        this.sessionClass = Class.forName(appConfigurationProperties.getSecurity().getSessionClass());
    }

    public SecurityContext loadContext(HttpRequestResponseHolder httpRequestResponseHolder) {
        HttpServletRequest request = httpRequestResponseHolder.getRequest();
        HttpServletResponse response = httpRequestResponseHolder.getResponse();
        SecurityContext readSecurityContextFromRequestAttribute = readSecurityContextFromRequestAttribute(request);
        if (null != readSecurityContextFromRequestAttribute) {
            SaveToRedisResponseWrapper saveToRedisResponseWrapper = new SaveToRedisResponseWrapper(response, request, readSecurityContextFromRequestAttribute);
            httpRequestResponseHolder.setResponse(saveToRedisResponseWrapper);
            httpRequestResponseHolder.setRequest(new SaveToRedisRequestWrapper(request, saveToRedisResponseWrapper));
            return readSecurityContextFromRequestAttribute;
        }
        try {
            readSecurityContextFromRequestAttribute = generateNewContext();
            String token = getToken(request);
            if (StringUtil.isNullOrEmpty(token)) {
                SaveToRedisResponseWrapper saveToRedisResponseWrapper2 = new SaveToRedisResponseWrapper(response, request, readSecurityContextFromRequestAttribute);
                httpRequestResponseHolder.setResponse(saveToRedisResponseWrapper2);
                httpRequestResponseHolder.setRequest(new SaveToRedisRequestWrapper(request, saveToRedisResponseWrapper2));
                return readSecurityContextFromRequestAttribute;
            }
            if (log.isDebugEnabled()) {
                log.debug("trying to restore session from redis: {}", token);
            }
            String str = (String) this.redissonClient.getBucket(String.format("%s%s", this.appConfigurationProperties.getSession().getSessionRedisKey(), token)).get();
            try {
                if (StringUtil.isNullOrEmpty(str)) {
                    SaveToRedisResponseWrapper saveToRedisResponseWrapper3 = new SaveToRedisResponseWrapper(response, request, readSecurityContextFromRequestAttribute);
                    httpRequestResponseHolder.setResponse(saveToRedisResponseWrapper3);
                    httpRequestResponseHolder.setRequest(new SaveToRedisRequestWrapper(request, saveToRedisResponseWrapper3));
                    return readSecurityContextFromRequestAttribute;
                }
                try {
                    readSecurityContextFromRequestAttribute.setAuthentication(new UsernamePasswordAuthenticationToken(Const.OBJECT_MAPPER.readValue(str, this.sessionClass), (Object) null, ImmutableSet.of(new SimpleGrantedAuthority("USER"))));
                    request.setAttribute("SPRING_SECURITY_CONTEXT", readSecurityContextFromRequestAttribute);
                    SaveToRedisResponseWrapper saveToRedisResponseWrapper4 = new SaveToRedisResponseWrapper(response, request, readSecurityContextFromRequestAttribute);
                    httpRequestResponseHolder.setResponse(saveToRedisResponseWrapper4);
                    httpRequestResponseHolder.setRequest(new SaveToRedisRequestWrapper(request, saveToRedisResponseWrapper4));
                    return readSecurityContextFromRequestAttribute;
                } catch (Exception e) {
                    log.error("error parse redis session with token {}: {}", token, e.getMessage());
                    request.setAttribute("SPRING_SECURITY_CONTEXT", readSecurityContextFromRequestAttribute);
                    SaveToRedisResponseWrapper saveToRedisResponseWrapper5 = new SaveToRedisResponseWrapper(response, request, readSecurityContextFromRequestAttribute);
                    httpRequestResponseHolder.setResponse(saveToRedisResponseWrapper5);
                    httpRequestResponseHolder.setRequest(new SaveToRedisRequestWrapper(request, saveToRedisResponseWrapper5));
                    return readSecurityContextFromRequestAttribute;
                }
            } catch (Throwable th) {
                request.setAttribute("SPRING_SECURITY_CONTEXT", readSecurityContextFromRequestAttribute);
                SaveToRedisResponseWrapper saveToRedisResponseWrapper6 = new SaveToRedisResponseWrapper(response, request, readSecurityContextFromRequestAttribute);
                httpRequestResponseHolder.setResponse(saveToRedisResponseWrapper6);
                httpRequestResponseHolder.setRequest(new SaveToRedisRequestWrapper(request, saveToRedisResponseWrapper6));
                return readSecurityContextFromRequestAttribute;
            }
        } catch (Throwable th2) {
            SaveToRedisResponseWrapper saveToRedisResponseWrapper7 = new SaveToRedisResponseWrapper(response, request, readSecurityContextFromRequestAttribute);
            httpRequestResponseHolder.setResponse(saveToRedisResponseWrapper7);
            httpRequestResponseHolder.setRequest(new SaveToRedisRequestWrapper(request, saveToRedisResponseWrapper7));
            throw th2;
        }
    }

    public void saveContext(SecurityContext securityContext, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        SaveToRedisResponseWrapper saveToRedisResponseWrapper = (SaveToRedisResponseWrapper) WebUtils.getNativeResponse(httpServletResponse, SaveToRedisResponseWrapper.class);
        if (saveToRedisResponseWrapper == null) {
            throw new IllegalStateException("Cannot invoke saveContext on response " + httpServletResponse + ". You must use the HttpRequestResponseHolder.response after invoking loadContext");
        }
        if (saveToRedisResponseWrapper.isContextSaved()) {
            return;
        }
        saveToRedisResponseWrapper.saveContext(securityContext);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public boolean saveSession(Object obj, HttpServletRequest httpServletRequest) {
        String token = getToken(httpServletRequest);
        if (StringUtil.isNullOrEmpty(token)) {
            log.error("cannot save session: tokenId is empty", token);
            return false;
        }
        log.info("store session to redis: {}", token);
        try {
            this.redissonClient.getBucket(String.format("%s%s", this.appConfigurationProperties.getSession().getSessionRedisKey(), token)).set(Const.GSON.toJson(obj), this.appConfigurationProperties.getSession().getMaxAge(), TimeUnit.SECONDS);
            return true;
        } catch (Exception e) {
            log.error("cannot save context: {}", e.getMessage());
            return false;
        }
    }

    public boolean containsContext(HttpServletRequest httpServletRequest) {
        return null != httpServletRequest.getAttribute("SPRING_SECURITY_CONTEXT");
    }

    protected SecurityContext generateNewContext() {
        return SecurityContextHolder.createEmptyContext();
    }

    private SecurityContext readSecurityContextFromRequestAttribute(HttpServletRequest httpServletRequest) {
        Object attribute;
        if (httpServletRequest == null || (attribute = httpServletRequest.getAttribute("SPRING_SECURITY_CONTEXT")) == null || !(attribute instanceof SecurityContext)) {
            return null;
        }
        return (SecurityContext) attribute;
    }

    private String getToken(HttpServletRequest httpServletRequest) {
        String trackingMode = this.appConfigurationProperties.getSession().getTrackingMode();
        String str = (String) httpServletRequest.getAttribute("PRE_SIGNED_TOKEN");
        if (!StringUtil.isNullOrEmpty(str)) {
            return str;
        }
        if ("cookie".equalsIgnoreCase(trackingMode)) {
            return CookieUtil.getCookieValue(httpServletRequest, this.appConfigurationProperties.getSession().getTrackingName());
        }
        if ("header".equalsIgnoreCase(trackingMode)) {
            return httpServletRequest.getHeader(this.appConfigurationProperties.getSession().getTrackingName());
        }
        throw new IllegalArgumentException("invalid tracking mode: " + trackingMode);
    }
}
