package com.gold.ms.gateway.security.filter;

import com.gold.ms.gateway.AuthServerConstants;
import com.gold.ms.gateway.AuthServerProperties;
import com.gold.ms.gateway.core.json.BaseJsonObject;
import com.gold.ms.gateway.security.client.UserFeignClient;
import com.gold.ms.gateway.security.client.service.LoginUser;
import com.gold.ms.gateway.utils.cache.CacheHolder;
import java.io.IOException;
import java.text.ParseException;
import java.text.SimpleDateFormat;
import java.util.Date;
import java.util.Locale;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.codec.binary.Base64;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.i18n.LocaleContextHolder;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.util.Assert;
import org.springframework.util.StringUtils;
import org.springframework.web.filter.OncePerRequestFilter;

/* loaded from: input_file:com/gold/ms/gateway/security/filter/CaptchaFilter.class */
public class CaptchaFilter extends OncePerRequestFilter {
    private AuthenticationEntryPoint authenticationEntryPoint;

    @Autowired
    private AuthServerProperties authServerProperties;

    @Autowired
    private UserFeignClient userFeignClient;

    public CaptchaFilter(AuthenticationEntryPoint authenticationEntryPoint) {
        this.authenticationEntryPoint = authenticationEntryPoint;
    }

    public void afterPropertiesSet() {
        Assert.notNull(this.authenticationEntryPoint, "An AuthenticationEntryPoint is required");
    }

    protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
        String header = httpServletRequest.getHeader("lang");
        if (StringUtils.isEmpty(header)) {
            header = httpServletRequest.getParameter("lang");
        }
        LocaleContextHolder.setLocale(header != null ? new Locale(header) : Locale.getDefault(), false);
        String str = (String) httpServletRequest.getSession().getAttribute("authService.USERID");
        if (httpServletRequest.getHeader("Authorization") == null || !StringUtils.isEmpty(str)) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        try {
            String str2 = new String(Base64.decodeBase64(httpServletRequest.getHeader("Authorization").substring(6).getBytes("UTF-8")), "UTF-8").split(":")[0];
            Integer num = 0;
            if (CacheHolder.get(CustomBasicAuthenticationFilter.FAIL_LOGIN_USERNAME + str2) != null) {
                num = Integer.valueOf(Integer.parseInt(String.valueOf(CacheHolder.get(CustomBasicAuthenticationFilter.FAIL_LOGIN_USERNAME + str2))));
            }
            CacheHolder.put(CustomBasicAuthenticationFilter.FAIL_LOGIN_USERNAME + str2 + "_capatca", Boolean.valueOf(num.intValue() >= this.userFeignClient.getLoginConfig().getData().getLoginSecurity().getAddFailTimesForCheck().intValue() - 1).toString(), CustomBasicAuthenticationFilter.MAX_LOCK_DURATION_SECONDS);
            if (!StringUtils.isEmpty(CacheHolder.get(str2 + "_auto_valid_once_wx"))) {
                filterChain.doFilter(httpServletRequest, httpServletResponse);
                return;
            }
            if (this.authServerProperties.isCaptcha()) {
                String requestURI = httpServletRequest.getRequestURI();
                if (requestURI.startsWith("/user/generateCaptchaNum") || requestURI.startsWith("/user/generateCaptchaImage")) {
                    filterChain.doFilter(httpServletRequest, httpServletResponse);
                    return;
                }
                BaseJsonObject<LoginUser> userByWxOpenid = this.userFeignClient.getUserByWxOpenid("", str2);
                if (userByWxOpenid.getData() != null && str2.equals(userByWxOpenid.getData().getWxOpenID())) {
                    filterChain.doFilter(httpServletRequest, httpServletResponse);
                    return;
                }
                String parameter = httpServletRequest.getParameter(AuthServerConstants.REQUEST_KEY_CAPTCHA);
                String str3 = (String) httpServletRequest.getSession().getAttribute(AuthServerConstants.SESSION_KEY_CAPTCHA);
                String str4 = (String) httpServletRequest.getSession().getAttribute(AuthServerConstants.SESSION_KEY_CAPTCHA_TIME);
                if (!StringUtils.isEmpty(str4)) {
                    SimpleDateFormat simpleDateFormat = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");
                    try {
                        if ((simpleDateFormat.parse(simpleDateFormat.format(new Date())).getTime() - simpleDateFormat.parse(str4).getTime()) / 1000 > this.authServerProperties.getCaptchaTimeout()) {
                            failed(httpServletRequest, httpServletResponse, new AuthenticationMsgException("验证码已超时", str2));
                            return;
                        }
                    } catch (ParseException e) {
                        failed(httpServletRequest, httpServletResponse, new AuthenticationMsgException("验证码错误", str2));
                        return;
                    }
                }
                if (StringUtils.isEmpty(parameter) || StringUtils.isEmpty(str3) || !parameter.toUpperCase().equals(str3.toUpperCase())) {
                    failed(httpServletRequest, httpServletResponse, new AuthenticationMsgException("验证码错误", str2));
                    return;
                } else {
                    httpServletRequest.getSession().removeAttribute(AuthServerConstants.SESSION_KEY_CAPTCHA);
                    httpServletRequest.getSession().removeAttribute(AuthServerConstants.SESSION_KEY_CAPTCHA_TIME);
                }
            }
            filterChain.doFilter(httpServletRequest, httpServletResponse);
        } catch (IllegalArgumentException e2) {
            throw new BadCredentialsException("Failed to decode basic authentication token");
        }
    }

    private void failed(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationException authenticationException) throws IOException, ServletException {
        httpServletRequest.getSession().removeAttribute(AuthServerConstants.SESSION_KEY_CAPTCHA);
        httpServletRequest.getSession().removeAttribute(AuthServerConstants.SESSION_KEY_CAPTCHA_TIME);
        this.authenticationEntryPoint.commence(httpServletRequest, httpServletResponse, authenticationException);
    }
}
