package cn.kduck.security.filter;

import cn.kduck.security.callback.AuthenticationSuccessCallback;
import cn.kduck.security.exception.AuthenticationFailureException;
import cn.kduck.security.listener.AuthenticationFailListener;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.gold.kduck.cache.CacheHelper;
import com.gold.kduck.utils.RequestUtils;
import com.gold.kduck.web.json.JsonObject;
import java.io.IOException;
import java.util.Collection;
import java.util.List;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.security.authentication.AbstractAuthenticationToken;
import org.springframework.security.authentication.AuthenticationDetailsSource;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.security.web.util.matcher.OrRequestMatcher;
import org.springframework.security.web.util.matcher.RequestMatcher;
import org.springframework.stereotype.Component;
import org.springframework.web.filter.GenericFilterBean;

/* loaded from: input_file:cn/kduck/security/filter/AuthenticationFailureStrategyFilter.class */
public class AuthenticationFailureStrategyFilter extends GenericFilterBean {
    public static final String AUTHENTICATION_FAIL_STRATEGY_NAME = "AUTHENTICATION_FAIL_STRATEGY_NAME";
    public static final String FORM_USERNAME_KEY = "username";
    public static final String OAUTH2_USERNAME_KEY = "client_id";
    private final List<AuthenticationFailureStrategyHandler> failureStrategyHandlerList;
    private ObjectMapper om = new ObjectMapper();
    private String usernameParameter = FORM_USERNAME_KEY;
    private AuthenticationDetailsSource<HttpServletRequest, ?> authenticationDetailsSource = new WebAuthenticationDetailsSource();
    private SimpleUrlAuthenticationFailureHandler failureHandler = new SimpleUrlAuthenticationFailureHandler();
    private RequestMatcher requestMatcher = new OrRequestMatcher(new RequestMatcher[]{new AntPathRequestMatcher("/oauth/token"), new AntPathRequestMatcher("/login", "POST"), new AntPathRequestMatcher("/sso/token", "POST")});

    /* loaded from: input_file:cn/kduck/security/filter/AuthenticationFailureStrategyFilter$AuthenticationFailureStrategyHandler.class */
    public interface AuthenticationFailureStrategyHandler {
        boolean supports(PreAuthenticationToken preAuthenticationToken, HttpServletRequest httpServletRequest);

        boolean authenticate(PreAuthenticationToken preAuthenticationToken, HttpServletRequest httpServletRequest) throws AuthenticationFailureException;
    }

    @Component
    /* loaded from: input_file:cn/kduck/security/filter/AuthenticationFailureStrategyFilter$CleanFailureStrategyInfo.class */
    public static class CleanFailureStrategyInfo implements AuthenticationSuccessCallback {
        @Override // cn.kduck.security.callback.AuthenticationSuccessCallback
        public void doHandle(UserDetails userDetails, HttpServletRequest httpServletRequest) {
            CacheHelper.evict(AuthenticationFailListener.AUTHENTICATION_FAIL_CAHCE_NAME, userDetails.getUsername());
            CacheHelper.evict(AuthenticationFailureStrategyFilter.AUTHENTICATION_FAIL_STRATEGY_NAME, userDetails.getUsername());
        }
    }

    /* loaded from: input_file:cn/kduck/security/filter/AuthenticationFailureStrategyFilter$PreAuthenticationToken.class */
    public static class PreAuthenticationToken extends AbstractAuthenticationToken {
        private static final AuthenticationFailListener.AuthenticationFailRecord NO_FAIL_RECORD = new AuthenticationFailListener.AuthenticationFailRecord();
        private final Object principal;
        private final AuthenticationFailListener.AuthenticationFailRecord failRecord;

        public PreAuthenticationToken(Object obj, AuthenticationFailListener.AuthenticationFailRecord authenticationFailRecord) {
            super((Collection) null);
            this.principal = obj;
            this.failRecord = authenticationFailRecord;
        }

        public Object getCredentials() {
            return null;
        }

        public Object getPrincipal() {
            return this.principal;
        }

        public AuthenticationFailListener.AuthenticationFailRecord getFailRecord() {
            return this.failRecord == null ? NO_FAIL_RECORD : this.failRecord;
        }
    }

    public AuthenticationFailureStrategyFilter(List<AuthenticationFailureStrategyHandler> list) {
        this.failureStrategyHandlerList = list;
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        if (!requiresAuthentication(httpServletRequest, httpServletResponse)) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        try {
            attemptAuthentication(httpServletRequest, httpServletResponse);
            filterChain.doFilter(httpServletRequest, httpServletResponse);
        } catch (AuthenticationFailureException e) {
            if (!RequestUtils.isAjax(httpServletRequest)) {
                try {
                    this.failureHandler.setDefaultFailureUrl("/login?error=" + e.getMessage());
                    this.failureHandler.onAuthenticationFailure(httpServletRequest, httpServletResponse, e);
                    return;
                } catch (Exception e2) {
                    throw new RuntimeException("预认证失败，跳转到登录页时发生错误", e2);
                }
            }
            JsonObject jsonObject = new JsonObject((Object) null, -2, e.getMessage());
            httpServletResponse.setContentType("application/json");
            httpServletResponse.setStatus(401);
            try {
                this.om.writeValue(httpServletResponse.getOutputStream(), jsonObject);
            } catch (IOException e3) {
                throw new RuntimeException("预认证失败，返回JSON数据时发送IO错误", e3);
            }
        }
    }

    protected boolean requiresAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        return this.requestMatcher.matches(httpServletRequest);
    }

    public void attemptAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws AuthenticationFailureException {
        String obtainUsername = obtainUsername(httpServletRequest);
        if (obtainUsername == null) {
            return;
        }
        String trim = obtainUsername.trim();
        PreAuthenticationToken preAuthenticationToken = new PreAuthenticationToken(trim, (AuthenticationFailListener.AuthenticationFailRecord) CacheHelper.getByCacheName(AuthenticationFailListener.AUTHENTICATION_FAIL_CAHCE_NAME, trim, AuthenticationFailListener.AuthenticationFailRecord.class));
        setDetails(httpServletRequest, preAuthenticationToken);
        for (AuthenticationFailureStrategyHandler authenticationFailureStrategyHandler : this.failureStrategyHandlerList) {
            if (authenticationFailureStrategyHandler.supports(preAuthenticationToken, httpServletRequest)) {
                CacheHelper.put(AUTHENTICATION_FAIL_STRATEGY_NAME, trim, authenticationFailureStrategyHandler.getClass().getName(), 60L);
                if (authenticationFailureStrategyHandler.authenticate(preAuthenticationToken, httpServletRequest)) {
                    CacheHelper.evict(AuthenticationFailListener.AUTHENTICATION_FAIL_CAHCE_NAME, trim);
                }
            }
        }
    }

    protected void setDetails(HttpServletRequest httpServletRequest, PreAuthenticationToken preAuthenticationToken) {
        preAuthenticationToken.setDetails(this.authenticationDetailsSource.buildDetails(httpServletRequest));
    }

    protected String obtainUsername(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getParameter(this.usernameParameter);
    }
}
