package top.chaser.framework.starter.uaa.resource.security;

import cn.hutool.core.convert.Convert;
import io.jsonwebtoken.ExpiredJwtException;
import io.jsonwebtoken.JwtException;
import java.io.IOException;
import java.util.Collection;
import java.util.stream.Collectors;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.CredentialsExpiredException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
import top.chaser.framework.common.base.exception.AuthenticationException;
import top.chaser.framework.common.base.exception.SystemException;
import top.chaser.framework.common.web.exception.WebErrorType;
import top.chaser.framework.common.web.session.User;
import top.chaser.framework.starter.uaa.resource.ResourceServerJwtProperties;
import top.chaser.framework.starter.uaa.resource.ResourceServerProperties;
import top.chaser.framework.uaa.base.store.TokenStore;
import top.chaser.framework.uaa.base.util.JwtUtil;

/* loaded from: input_file:BOOT-INF/lib/chaser-starter-uaa-resource-server-B-1.0.0.RELEASE.jar:top/chaser/framework/starter/uaa/resource/security/JWTAuthenticationFilter.class */
public class JWTAuthenticationFilter extends BasicAuthenticationFilter {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) JWTAuthenticationFilter.class);
    protected TokenStore tokenStore;
    protected ResourceServerProperties resourceServerProperties;
    protected ResourceServerJwtProperties jwtProperties;

    public JWTAuthenticationFilter(AuthenticationManager authenticationManager, TokenStore tokenStore, ResourceServerProperties resourceServerProperties, ResourceServerJwtProperties resourceServerJwtProperties) {
        super(authenticationManager);
        this.tokenStore = tokenStore;
        this.resourceServerProperties = resourceServerProperties;
        this.jwtProperties = resourceServerJwtProperties;
    }

    @Override // org.springframework.security.web.authentication.www.BasicAuthenticationFilter, org.springframework.web.filter.OncePerRequestFilter
    protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws IOException, ServletException {
        String header = httpServletRequest.getHeader("Authorization");
        log.info("{},{}", httpServletRequest.getRequestURI(), httpServletRequest.getContentType());
        if (header == null || !header.startsWith("Bearer ")) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        SecurityContextHolder.getContext().setAuthentication(getAuthentication(httpServletRequest, httpServletResponse));
        filterChain.doFilter(httpServletRequest, httpServletResponse);
    }

    private UsernamePasswordAuthenticationToken getAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        String header = httpServletRequest.getHeader("Authorization");
        if (header == null || header.isEmpty()) {
            throw new AuthenticationException("Token为空");
        }
        try {
            String replace = header.replace("Bearer ", "");
            User userDetailFromToken = JwtUtil.getUserDetailFromToken(replace, this.jwtProperties.getPublicKey());
            if (!this.tokenStore.validate(userDetailFromToken.getUserCode(), replace)) {
                throw new SystemException(WebErrorType.AUTH_ERROR, "token已过期或无效");
            }
            this.tokenStore.expire(userDetailFromToken.getUserCode(), Convert.toInt(Long.valueOf(this.jwtProperties.getExpireSeconds())).intValue());
            return new UsernamePasswordAuthenticationToken(userDetailFromToken, null, (Collection) userDetailFromToken.getRoles().stream().map(role -> {
                return new SimpleGrantedAuthority(role.getCode());
            }).collect(Collectors.toList()));
        } catch (ExpiredJwtException e) {
            log.error("Token已过期 ", (Throwable) e);
            throw new CredentialsExpiredException("token已过期");
        } catch (JwtException e2) {
            log.error("Token 解析错误 ", (Throwable) e2);
            throw new AccessDeniedException("token格式错误");
        } catch (IllegalArgumentException e3) {
            log.error("非法参数异常" + e3);
            throw new AccessDeniedException("非法参数异常");
        } catch (SystemException e4) {
            throw new AccessDeniedException(e4.getMessage());
        } catch (Exception e5) {
            log.error("非法参数异常 ", (Throwable) e5);
            throw new AccessDeniedException("非法参数异常");
        }
    }
}
