package org.apache.shiro.spring.boot.jwt.authc;

import com.alibaba.fastjson.JSONObject;
import com.alibaba.fastjson.serializer.SerializerFeature;
import com.fasterxml.jackson.databind.ObjectMapper;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.biz.authc.AuthcResponse;
import org.apache.shiro.biz.utils.StringUtils;
import org.apache.shiro.biz.utils.WebUtils;
import org.apache.shiro.biz.web.filter.authc.PostLoginRequest;
import org.apache.shiro.biz.web.filter.authc.TrustableRestAuthenticatingFilter;
import org.apache.shiro.spring.boot.jwt.JwtPayloadRepository;
import org.apache.shiro.spring.boot.jwt.exception.InvalidJwtToken;
import org.apache.shiro.spring.boot.jwt.token.JwtAuthenticationToken;
import org.apache.shiro.spring.boot.jwt.token.JwtAuthorizationToken;
import org.apache.shiro.subject.Subject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/shiro/spring/boot/jwt/authc/JwtAuthenticatingFilter.class */
public class JwtAuthenticatingFilter extends TrustableRestAuthenticatingFilter {
    private static final Logger LOG = LoggerFactory.getLogger(JwtAuthenticatingFilter.class);
    protected static final String AUTHORIZATION_HEADER = "X-Authorization";
    protected static final String AUTHORIZATION_PARAM = "token";
    private JwtPayloadRepository jwtPayloadRepository;
    private String authorizationHeaderName = AUTHORIZATION_HEADER;
    private String authorizationParamName = AUTHORIZATION_PARAM;
    private String authorizationCookieName = AUTHORIZATION_PARAM;
    private boolean checkExpiry = false;
    private ObjectMapper objectMapper = new ObjectMapper();

    protected boolean isAccessAllowed(ServletRequest servletRequest, ServletResponse servletResponse, Object obj) {
        if (!isSessionStateless()) {
            return super.isAccessAllowed(servletRequest, servletResponse, obj);
        }
        if (isLoginRequest(servletRequest, servletResponse) || !isJwtSubmission(servletRequest, servletResponse)) {
            return false;
        }
        AuthenticationToken createJwtToken = createJwtToken(servletRequest, servletResponse);
        try {
            Subject subject = getSubject(servletRequest, servletResponse);
            subject.login(createJwtToken);
            if (!this.checkExpiry || getJwtPayloadRepository().verify(createJwtToken, subject, isCheckExpiry())) {
                return onAccessSuccess(createJwtToken, subject, servletRequest, servletResponse);
            }
            throw new InvalidJwtToken("Invalid JWT value.");
        } catch (AuthenticationException e) {
            return onAccessFailure(createJwtToken, e, servletRequest, servletResponse);
        }
    }

    protected boolean onAccessDenied(ServletRequest servletRequest, ServletResponse servletResponse) throws Exception {
        if (!isLoginRequest(servletRequest, servletResponse)) {
            if (isJwtSubmission(servletRequest, servletResponse)) {
                return false;
            }
            String format = String.format("Attempting to access a path which requires authentication.  %s = Authorization Header or %s = Authorization Param or %s = Authorization Cookie  is not present in the request", getAuthorizationHeaderName(), getAuthorizationParamName(), getAuthorizationCookieName());
            if (LOG.isTraceEnabled()) {
                LOG.trace(format);
            }
            WebUtils.toHttp(servletResponse).setStatus(200);
            servletResponse.setContentType("application/json");
            servletResponse.setCharacterEncoding(StandardCharsets.UTF_8.toString());
            JSONObject.writeJSONString(servletResponse.getOutputStream(), AuthcResponse.fail(401, format), new SerializerFeature[0]);
            return false;
        }
        if (isLoginSubmission(servletRequest, servletResponse)) {
            if (LOG.isTraceEnabled()) {
                LOG.trace("Login submission detected.  Attempting to execute login.");
            }
            return executeLogin(servletRequest, servletResponse);
        }
        String str = "Authentication url [" + getLoginUrl() + "] Not Http Post request.";
        if (LOG.isTraceEnabled()) {
            LOG.trace(str);
        }
        WebUtils.toHttp(servletResponse).setStatus(200);
        servletResponse.setContentType("application/json");
        servletResponse.setCharacterEncoding(StandardCharsets.UTF_8.toString());
        JSONObject.writeJSONString(servletResponse.getOutputStream(), AuthcResponse.fail(400, str), new SerializerFeature[0]);
        return false;
    }

    protected AuthenticationToken createToken(ServletRequest servletRequest, ServletResponse servletResponse) {
        if (WebUtils.isObjectRequest(servletRequest)) {
            try {
                PostLoginRequest postLoginRequest = (PostLoginRequest) this.objectMapper.readValue(servletRequest.getReader(), PostLoginRequest.class);
                String host = getHost(servletRequest);
                return isCaptchaEnabled() ? new JwtAuthenticationToken(postLoginRequest.getUsername(), postLoginRequest.getPassword(), postLoginRequest.getCaptcha(), postLoginRequest.isRememberMe(), host) : new JwtAuthenticationToken(postLoginRequest.getUsername(), postLoginRequest.getPassword(), postLoginRequest.isRememberMe(), host);
            } catch (IOException e) {
            }
        }
        return super.createToken(servletRequest, servletResponse);
    }

    protected AuthenticationToken createToken(String str, String str2, ServletRequest servletRequest, ServletResponse servletResponse) {
        boolean isRememberMe = isRememberMe(servletRequest);
        String host = getHost(servletRequest);
        return isCaptchaEnabled() ? new JwtAuthenticationToken(str, str2, getCaptcha(servletRequest), isRememberMe, host) : new JwtAuthenticationToken(str, str2, isRememberMe, host);
    }

    protected AuthenticationToken createJwtToken(ServletRequest servletRequest, ServletResponse servletResponse) {
        return new JwtAuthorizationToken(WebUtils.getRemoteAddr(servletRequest), getAccessToken(servletRequest), isRememberMe(servletRequest));
    }

    protected boolean isJwtSubmission(ServletRequest servletRequest, ServletResponse servletResponse) {
        return (servletRequest instanceof HttpServletRequest) && getAccessToken(servletRequest) != null;
    }

    protected String getAccessToken(ServletRequest servletRequest) {
        HttpServletRequest http = WebUtils.toHttp(servletRequest);
        String header = http.getHeader(getAuthorizationHeaderName());
        if (StringUtils.isEmpty(header)) {
            return http.getParameter(getAuthorizationParamName());
        }
        if (StringUtils.isEmpty(header)) {
            Cookie[] cookies = http.getCookies();
            if (null != cookies && cookies.length != 0) {
                int length = cookies.length;
                int i = 0;
                while (true) {
                    if (i >= length) {
                        break;
                    }
                    Cookie cookie = cookies[i];
                    if (cookie.getName().equals(getAuthorizationCookieName())) {
                        header = cookie.getValue();
                        break;
                    }
                    i++;
                }
            } else {
                return null;
            }
        }
        return header;
    }

    public String getAuthorizationHeaderName() {
        return this.authorizationHeaderName;
    }

    public void setAuthorizationHeaderName(String str) {
        this.authorizationHeaderName = str;
    }

    public String getAuthorizationParamName() {
        return this.authorizationParamName;
    }

    public void setAuthorizationParamName(String str) {
        this.authorizationParamName = str;
    }

    public String getAuthorizationCookieName() {
        return this.authorizationCookieName;
    }

    public void setAuthorizationCookieName(String str) {
        this.authorizationCookieName = str;
    }

    public JwtPayloadRepository getJwtPayloadRepository() {
        return this.jwtPayloadRepository;
    }

    public void setJwtPayloadRepository(JwtPayloadRepository jwtPayloadRepository) {
        this.jwtPayloadRepository = jwtPayloadRepository;
    }

    public boolean isCheckExpiry() {
        return this.checkExpiry;
    }

    public void setCheckExpiry(boolean z) {
        this.checkExpiry = z;
    }
}
