package cn.kduck.security.mfa;

import cn.kduck.security.handler.LoginFailHandler;
import cn.kduck.security.handler.LoginSuccessHandler;
import cn.kduck.security.mfa.exception.IllegalTokenException;
import cn.kduck.security.mfa.exception.MfaValidationException;
import cn.kduck.security.mfa.exception.MissingTokenException;
import java.io.IOException;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.web.filter.OncePerRequestFilter;

/* loaded from: input_file:cn/kduck/security/mfa/MfaAuthenticationValidationFilter.class */
public class MfaAuthenticationValidationFilter extends OncePerRequestFilter {
    public static final String DEFAULT_MFA_PARAMETER_NAME = "mfa_token";
    private final MfaUserDetailsService mfaUserDetailsService;
    private MfaTokenService tokenService;
    private String endpoint;
    public String mfaParameterName = DEFAULT_MFA_PARAMETER_NAME;
    private LoginSuccessHandler successHandler = new LoginSuccessHandler();
    private LoginFailHandler failureHandler = new LoginFailHandler();

    public MfaAuthenticationValidationFilter(MfaUserDetailsService mfaUserDetailsService, MfaTokenService mfaTokenService, String str, String str2, String str3) {
        this.mfaUserDetailsService = mfaUserDetailsService;
        this.tokenService = mfaTokenService;
        this.endpoint = str;
        if (str2 != null) {
            this.successHandler.setDefaultTargetUrl(str2);
        }
        if (str3 != null) {
            this.failureHandler.setDefaultFailureUrl(str3);
        }
    }

    protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws IOException, ServletException {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if (!httpServletRequest.getRequestURI().substring(httpServletRequest.getContextPath().length()).equals(this.endpoint)) {
            if (authentication == null || !(authentication instanceof MfaAuthenticationToken)) {
                filterChain.doFilter(httpServletRequest, httpServletResponse);
                return;
            } else if (authentication instanceof MfaAuthenticationToken) {
                this.failureHandler.onAuthenticationFailure(httpServletRequest, httpServletResponse, new MfaValidationException(authentication.getName(), "需要FMA验证"));
                return;
            }
        }
        String parameter = httpServletRequest.getParameter(this.mfaParameterName);
        if (parameter == null) {
            throw new MissingTokenException("MFA验证请求缺少参数：" + this.mfaParameterName);
        }
        if (!(authentication instanceof MfaAuthenticationToken)) {
            throw new IllegalTokenException("MFA认证Token类型不匹配:" + authentication.getClass().getName());
        }
        MfaAuthenticationToken mfaAuthenticationToken = (MfaAuthenticationToken) authentication;
        String name = mfaAuthenticationToken.getName();
        if (!this.tokenService.isTokenValid(this.mfaUserDetailsService.loadUserByUsername(name), parameter)) {
            this.failureHandler.onAuthenticationFailure(httpServletRequest, httpServletResponse, new MfaValidationException(name, "MFA校验失败"));
        } else {
            SecurityContextHolder.getContext().setAuthentication(mfaAuthenticationToken.getEmbeddedToken());
            this.successHandler.onAuthenticationSuccess(httpServletRequest, httpServletResponse, mfaAuthenticationToken.getEmbeddedToken());
        }
    }
}
