package com.goldgov.kduck.security.principal.filter;

import com.goldgov.kduck.cache.CacheHelper;
import com.goldgov.kduck.security.UserExtInfo;
import com.goldgov.kduck.security.principal.AuthUser;
import com.goldgov.kduck.security.principal.KduckSecurityPrincipalProperties;
import com.goldgov.kduck.utils.ValueMapUtils;
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.web.client.HttpClientErrorException;
import org.springframework.web.client.HttpServerErrorException;
import org.springframework.web.client.RestTemplate;
import org.springframework.web.filter.OncePerRequestFilter;

/* loaded from: input_file:com/goldgov/kduck/security/principal/filter/AuthenticatedUserFilter.class */
public class AuthenticatedUserFilter extends OncePerRequestFilter {
    public static final String AUTH_USER_SUFFIX = ".AUTH_USER_SUFFIX";

    @Autowired
    private KduckSecurityPrincipalProperties.SecurityOauth2ClientProviderProperties providerProperties;

    @Autowired
    private KduckSecurityPrincipalProperties.SecurityOauth2ClientRegistrationProperties registrationProperties;

    @Autowired
    private RestTemplate restTemplate;

    @Autowired(required = false)
    private UserExtInfo userExtInfo;
    private RestTemplate refreshTokenTemplate = new RestTemplate();

    /* loaded from: input_file:com/goldgov/kduck/security/principal/filter/AuthenticatedUserFilter$AuthUserContext.class */
    public static class AuthUserContext {
        private static final ThreadLocal<AuthUser> authUserThreadLocal = new ThreadLocal<>();

        private AuthUserContext() {
        }

        public static void setAuthUser(AuthUser authUser) {
            authUserThreadLocal.set(authUser);
        }

        public static AuthUser getAuthUser() {
            return authUserThreadLocal.get();
        }

        static void reset() {
            authUserThreadLocal.remove();
        }
    }

    /* loaded from: input_file:com/goldgov/kduck/security/principal/filter/AuthenticatedUserFilter$AuthUserProxy.class */
    public static class AuthUserProxy {
        private String username;
        private List<String> authorities;
        private boolean accountNonExpired;
        private boolean accountNonLocked;
        private boolean credentialsNonExpired;
        private boolean enabled;
        private Map details;
        private boolean clientOnly;

        public AuthUserProxy() {
            this.authorities = Collections.emptyList();
            this.details = new HashMap();
            this.clientOnly = false;
        }

        public AuthUserProxy(AuthUser authUser) {
            this.authorities = Collections.emptyList();
            this.details = new HashMap();
            this.clientOnly = false;
            this.username = authUser.getUsername();
            Collection authorities = authUser.getAuthorities();
            if (authorities != null) {
                this.authorities = new ArrayList();
                Iterator it = authorities.iterator();
                while (it.hasNext()) {
                    this.authorities.add(((GrantedAuthority) it.next()).getAuthority());
                }
            }
            this.accountNonExpired = authUser.isAccountNonExpired();
            this.accountNonLocked = authUser.isAccountNonLocked();
            this.credentialsNonExpired = authUser.isCredentialsNonExpired();
            this.enabled = authUser.isEnabled();
        }

        public Map getDetails() {
            return this.details;
        }

        public void setDetails(Map map) {
            this.details = map;
        }

        public String getUsername() {
            return this.username;
        }

        public void setUsername(String str) {
            this.username = str;
        }

        public List<String> getAuthorities() {
            return this.authorities;
        }

        public void setAuthorities(List<String> list) {
            this.authorities = list;
        }

        public boolean isAccountNonExpired() {
            return this.accountNonExpired;
        }

        public void setAccountNonExpired(boolean z) {
            this.accountNonExpired = z;
        }

        public boolean isAccountNonLocked() {
            return this.accountNonLocked;
        }

        public void setAccountNonLocked(boolean z) {
            this.accountNonLocked = z;
        }

        public boolean isCredentialsNonExpired() {
            return this.credentialsNonExpired;
        }

        public void setCredentialsNonExpired(boolean z) {
            this.credentialsNonExpired = z;
        }

        public boolean isEnabled() {
            return this.enabled;
        }

        public void setEnabled(boolean z) {
            this.enabled = z;
        }

        public boolean isClientOnly() {
            return this.clientOnly;
        }

        public void setClientOnly(boolean z) {
            this.clientOnly = z;
        }
    }

    protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
        String extractToken = extractToken(httpServletRequest);
        if (extractToken != null) {
            String userInfoUri = this.providerProperties.getUserInfoUri();
            if (!userInfoUri.startsWith("http")) {
                throw new RuntimeException("OAuth2的用户信息接口未配置或配置错误（kduck.security.oauth2.client.provider.userInfoUri）：" + userInfoUri);
            }
            try {
                if (!httpServletRequest.getRequestURI().equals(new URI(userInfoUri).getPath())) {
                    AuthUserProxy authUserProxy = (AuthUserProxy) CacheHelper.get(extractToken + AUTH_USER_SUFFIX, AuthUserProxy.class);
                    if (authUserProxy == null) {
                        String str = userInfoUri + "?access_token=" + extractToken;
                        try {
                            authUserProxy = (AuthUserProxy) this.restTemplate.getForEntity(str, AuthUserProxy.class, new Object[0]).getBody();
                            CacheHelper.put(extractToken + AUTH_USER_SUFFIX, authUserProxy, 3600L);
                        } catch (HttpClientErrorException e) {
                            throw new ServletException("调用用户信息接口返回客户端错误（4xx）：CODE=" + e.getRawStatusCode() + "，URL=" + str, e);
                        } catch (HttpServerErrorException e2) {
                            throw new ServletException("调用用户信息接口返回服务端错误（5xx）：CODE=" + e2.getRawStatusCode() + "，URL=" + str, e2);
                        }
                    }
                    if (refreshToken(authUserProxy, httpServletResponse, httpServletRequest) != null) {
                    }
                    List<String> authorities = authUserProxy.getAuthorities();
                    ArrayList arrayList = new ArrayList(authorities.size());
                    if (authorities != null) {
                        Iterator<String> it = authorities.iterator();
                        while (it.hasNext()) {
                            arrayList.add(new SimpleGrantedAuthority(it.next()));
                        }
                    }
                    AuthUser authUser = new AuthUser(authUserProxy.getUsername(), "", arrayList);
                    authUser.eraseCredentials();
                    authUser.setAllDetailsItem(authUserProxy.getDetails());
                    AuthUserContext.setAuthUser(authUser);
                }
            } catch (URISyntaxException e3) {
                throw new ServletException("user_info的链接格式不合法：" + userInfoUri, e3);
            }
        } else {
            Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
            if (authentication instanceof UsernamePasswordAuthenticationToken) {
                Object principal = authentication.getPrincipal();
                if (principal instanceof AuthUser) {
                    AuthUser authUser2 = (AuthUser) principal;
                    if (this.userExtInfo != null) {
                        authUser2.setAllDetailsItem(this.userExtInfo.getUserExtInfo(authUser2.getUsername()));
                    }
                    AuthUserContext.setAuthUser(authUser2);
                } else if (principal instanceof UserDetails) {
                    AuthUser authUser3 = new AuthUser((UserDetails) principal);
                    if (this.userExtInfo != null) {
                        authUser3.setAllDetailsItem(this.userExtInfo.getUserExtInfo(authUser3.getUsername()));
                    }
                    AuthUserContext.setAuthUser(authUser3);
                }
            }
        }
        try {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
        } finally {
            AuthUserContext.reset();
        }
    }

    private String refreshToken(AuthUserProxy authUserProxy, HttpServletResponse httpServletResponse, HttpServletRequest httpServletRequest) {
        Map details = authUserProxy.getDetails();
        Date date = new Date(Long.valueOf(details.get("expiration").toString()).longValue());
        String str = (String) details.get("refresh_token");
        String str2 = null;
        System.out.println(httpServletRequest.getRequestURI() + "，令牌过期时间：" + date + ",刷新Token：" + str);
        if (date != null && date.before(new Date(System.currentTimeMillis() + 600000)) && str != null) {
            HashMap hashMap = new HashMap();
            hashMap.put("client_id", this.registrationProperties.getClientId());
            hashMap.put("client_secret", this.registrationProperties.getClientSecret());
            hashMap.put("refresh_token", str);
            Map map = (Map) this.refreshTokenTemplate.postForObject(this.providerProperties.getTokenUri() + "?client_id={client_id}&client_secret={client_secret}&grant_type=refresh_token&refresh_token={refresh_token}", (Object) null, Map.class, hashMap);
            System.out.println(map);
            str2 = ValueMapUtils.getValueAsString(map, "access_token");
            String valueAsString = ValueMapUtils.getValueAsString(map, "refresh_token");
            int valueAsInt = ValueMapUtils.getValueAsInt(map, "expires_in");
            Date date2 = new Date(System.currentTimeMillis() + (valueAsInt * 1000));
            httpServletResponse.setHeader("New-Access-Token", str2);
            details.put("refresh_token", valueAsString);
            details.put("expiration", date2);
            CacheHelper.put(str2 + AUTH_USER_SUFFIX, authUserProxy, Integer.valueOf(valueAsInt), 3600L);
        }
        return str2;
    }

    public void destroy() {
        AuthUserContext.reset();
    }

    protected String extractToken(HttpServletRequest httpServletRequest) {
        String extractHeaderToken = extractHeaderToken(httpServletRequest);
        if (extractHeaderToken == null) {
            extractHeaderToken = httpServletRequest.getParameter("access_token");
        }
        return extractHeaderToken;
    }

    protected String extractHeaderToken(HttpServletRequest httpServletRequest) {
        Enumeration headers = httpServletRequest.getHeaders("Authorization");
        while (headers.hasMoreElements()) {
            String str = (String) headers.nextElement();
            if (str.toLowerCase().startsWith("Bearer".toLowerCase())) {
                String trim = str.substring("Bearer".length()).trim();
                int indexOf = trim.indexOf(44);
                if (indexOf > 0) {
                    trim = trim.substring(0, indexOf);
                }
                return trim;
            }
        }
        return null;
    }
}
