package org.apache.shiro.spring.boot.kisso.authc;

import com.baomidou.kisso.SSOHelper;
import com.baomidou.kisso.security.token.SSOToken;
import com.baomidou.kisso.web.handler.KissoDefaultHandler;
import com.baomidou.kisso.web.handler.SSOHandlerInterceptor;
import com.google.common.collect.Maps;
import io.jsonwebtoken.impl.DefaultClaims;
import java.io.IOException;
import java.util.HashMap;
import java.util.Iterator;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.biz.authz.principal.ShiroPrincipal;
import org.apache.shiro.biz.utils.WebUtils;
import org.apache.shiro.biz.web.filter.authc.AbstractTrustableAuthenticatingFilter;
import org.apache.shiro.biz.web.filter.authc.listener.LoginListener;
import org.apache.shiro.subject.Subject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/shiro/spring/boot/kisso/authc/KissoAuthenticatingFilter.class */
public class KissoAuthenticatingFilter extends AbstractTrustableAuthenticatingFilter {
    private static final Logger LOG = LoggerFactory.getLogger(KissoAuthenticatingFilter.class);
    private SSOHandlerInterceptor handlerInterceptor;

    protected boolean isAccessAllowed(ServletRequest servletRequest, ServletResponse servletResponse, Object obj) {
        if (!isSessionStateless()) {
            return super.isAccessAllowed(servletRequest, servletResponse, obj);
        }
        SSOToken sSOToken = SSOHelper.getSSOToken(WebUtils.toHttp(servletRequest));
        if (sSOToken == null) {
            return false;
        }
        servletRequest.setAttribute("kissoTokenAttr", sSOToken);
        AuthenticationToken createToken = createToken(servletRequest, servletResponse);
        try {
            Subject subject = getSubject(servletRequest, servletResponse);
            subject.login(createToken);
            return onAccessSuccess(createToken, subject, servletRequest, servletResponse);
        } catch (AuthenticationException e) {
            return onAccessFailure(createToken, e, servletRequest, servletResponse);
        }
    }

    protected boolean onAccessDenied(ServletRequest servletRequest, ServletResponse servletResponse) throws Exception {
        if (!isLoginRequest(servletRequest, servletResponse)) {
            if (LOG.isTraceEnabled()) {
                LOG.trace("Attempting to access a path which requires authentication. ");
            }
            if (WebUtils.isAjaxRequest(servletRequest)) {
                WebUtils.writeJSONString(servletResponse, 401, "Attempting to access a path which requires authentication. ");
                return false;
            }
            saveRequestAndRedirectToLogin(servletRequest, servletResponse);
            return false;
        }
        if (isLoginSubmission(servletRequest, servletResponse)) {
            if (LOG.isTraceEnabled()) {
                LOG.trace("Login submission detected.  Attempting to execute login.");
            }
            return executeLogin(servletRequest, servletResponse);
        }
        String str = "Authentication url [" + getLoginUrl() + "] Not Http Post request.";
        if (LOG.isTraceEnabled()) {
            LOG.trace(str);
        }
        WebUtils.writeJSONString(servletResponse, 400, str);
        return false;
    }

    protected boolean onLoginSuccess(AuthenticationToken authenticationToken, Subject subject, ServletRequest servletRequest, ServletResponse servletResponse) throws Exception {
        if (getLoginListeners() != null && getLoginListeners().size() > 0) {
            Iterator it = getLoginListeners().iterator();
            while (it.hasNext()) {
                ((LoginListener) it.next()).onSuccess(authenticationToken, subject, servletRequest, servletResponse);
            }
        }
        HttpServletRequest http = WebUtils.toHttp(servletRequest);
        HttpServletResponse http2 = WebUtils.toHttp(servletResponse);
        ShiroPrincipal shiroPrincipal = (ShiroPrincipal) subject.getPrincipal();
        HashMap newHashMap = Maps.newHashMap();
        newHashMap.put("userid", shiroPrincipal.getUserid());
        newHashMap.put("userkey", shiroPrincipal.getUserkey());
        newHashMap.put("username", shiroPrincipal.getUsername());
        newHashMap.put("roles", shiroPrincipal.getRoles());
        newHashMap.put("perms", shiroPrincipal.getRoles());
        SSOHelper.setCookie(http, http2, SSOToken.create().setIp(http).setUserAgent(http).setId(shiroPrincipal.getUserid()).setIssuer("kisso").setClaims(new DefaultClaims(newHashMap)), false);
        if (!WebUtils.isAjaxRequest(servletRequest)) {
            issueSuccessRedirect(servletRequest, servletResponse);
            return false;
        }
        HashMap hashMap = new HashMap();
        hashMap.put("status", "success");
        hashMap.put("message", "Authentication Success.");
        WebUtils.writeJSONString(servletResponse, hashMap);
        return false;
    }

    protected boolean onLoginFailure(AuthenticationToken authenticationToken, AuthenticationException authenticationException, ServletRequest servletRequest, ServletResponse servletResponse) {
        HttpServletRequest http = WebUtils.toHttp(servletRequest);
        HttpServletResponse http2 = WebUtils.toHttp(servletResponse);
        if (WebUtils.isAjaxRequest(servletRequest)) {
            if (getHandlerInterceptor() != null) {
                getHandlerInterceptor().preTokenIsNullAjax(http, http2);
                return false;
            }
            WebUtils.writeJSONString(servletResponse, 401, "Unauthentication.");
            return false;
        }
        if (getHandlerInterceptor() == null) {
            try {
                saveRequestAndRedirectToLogin(servletRequest, servletResponse);
                return false;
            } catch (IOException e) {
                e.printStackTrace();
                return false;
            }
        }
        if (!getHandlerInterceptor().preTokenIsNull(http, http2)) {
            return false;
        }
        LOG.debug("logout. request url:" + ((Object) http.getRequestURL()));
        try {
            SSOHelper.clearRedirectLogin(http, http2);
            return false;
        } catch (IOException e2) {
            e2.printStackTrace();
            return false;
        }
    }

    public SSOHandlerInterceptor getHandlerInterceptor() {
        return this.handlerInterceptor == null ? KissoDefaultHandler.getInstance() : this.handlerInterceptor;
    }

    public void setHandlerInterceptor(SSOHandlerInterceptor sSOHandlerInterceptor) {
        this.handlerInterceptor = sSOHandlerInterceptor;
    }
}
