package com.digiwin.athena.appcore.auth;

import com.digiwin.athena.appcore.AppCoreProperties;
import com.digiwin.athena.appcore.auth.domain.AuthoredUser;
import com.digiwin.athena.appcore.util.ChainInfoUtil;
import com.google.common.collect.Lists;
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import java.util.Iterator;
import java.util.List;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.lang.ArrayUtils;
import org.apache.commons.lang.BooleanUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.slf4j.MDC;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpRequest;
import org.springframework.http.client.ClientHttpRequestExecution;
import org.springframework.http.client.ClientHttpRequestInterceptor;
import org.springframework.http.client.ClientHttpResponse;
import org.springframework.stereotype.Component;
import org.springframework.util.AntPathMatcher;
import org.springframework.util.StringUtils;

@Component
/* loaded from: input_file:BOOT-INF/lib/app-core-starter-1.0.2-beta-SNAPSHOT.jar:com/digiwin/athena/appcore/auth/RestTemplateAddTokenInterceptor.class */
public class RestTemplateAddTokenInterceptor implements ClientHttpRequestInterceptor {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) RestTemplateAddTokenInterceptor.class);
    private final AppCoreProperties appCoreProperties;
    private List<String> addAppTokenDomainWhiteList = Lists.newArrayList();

    public RestTemplateAddTokenInterceptor(AppCoreProperties appCoreProperties) {
        this.appCoreProperties = appCoreProperties;
        buildAddAppTokenDomainWhiteList();
    }

    @Override // org.springframework.http.client.ClientHttpRequestInterceptor
    public ClientHttpResponse intercept(HttpRequest httpRequest, byte[] bArr, ClientHttpRequestExecution clientHttpRequestExecution) throws IOException {
        HttpHeaders headers = httpRequest.getHeaders();
        AppAuthContext context = AppAuthContextHolder.getContext();
        AuthoredUser authoredUser = AppAuthContextHolder.getContext().getAuthoredUser();
        String securityToken = AppAuthContextHolder.getContext().getSecurityToken();
        if (!StringUtils.isEmpty(securityToken)) {
            headers.add("security-token", securityToken);
        }
        if (!StringUtils.isEmpty(context.getProxyToken())) {
            if (!headers.containsKey("digi-middleware-auth-user")) {
                headers.add("digi-middleware-auth-user", context.getProxyToken());
            }
            if (!headers.containsKey("token")) {
                headers.add("token", context.getProxyToken());
            }
        } else if (authoredUser != null) {
            if (!headers.containsKey("digi-middleware-auth-user")) {
                headers.add("digi-middleware-auth-user", authoredUser.getToken());
            }
            if (!headers.containsKey("token")) {
                headers.add("token", authoredUser.getToken());
            }
        }
        if (!headers.containsKey("routerKey")) {
            String str = MDC.get("routerKey");
            if (!StringUtils.isEmpty(str)) {
                headers.add("routerKey", str);
            } else if (AppAuthContextHolder.getContext().getProxyAuthoredUser() != null) {
                headers.add("routerKey", AppAuthContextHolder.getContext().getProxyAuthoredUser().getTenantId());
            } else if (authoredUser != null) {
                headers.add("routerKey", authoredUser.getTenantId());
            }
        }
        if (!headers.containsKey(GlobalConstant.DIGI_DAP_SERVICE_CHAIN_INFO)) {
            headers.add(GlobalConstant.DIGI_DAP_SERVICE_CHAIN_INFO, ChainInfoUtil.genInvokeChainInfo(MDC.get(GlobalConstant.DIGI_DAP_SERVICE_CHAIN_INFO)));
        }
        addAppToken(httpRequest);
        return clientHttpRequestExecution.execute(httpRequest, bArr);
    }

    private void addAppToken(HttpRequest httpRequest) {
        if (inAppTokenWhiteList(httpRequest)) {
            HttpHeaders headers = httpRequest.getHeaders();
            if (headers.containsKey("digi-middleware-auth-app")) {
                return;
            }
            headers.add("digi-middleware-auth-app", "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpZCI6IkF0aGVuYSIsInNpZCI6MTYzNjc3NzI1NzgyNTkyfQ.3QLTPVKsk2Mp3j_aQ3X8bQW1wCJMNWeCkL6VPoK352c");
        }
    }

    private boolean inAppTokenWhiteList(HttpRequest httpRequest) {
        if (CollectionUtils.isEmpty(this.addAppTokenDomainWhiteList)) {
            return false;
        }
        String host = httpRequest.getURI().getHost();
        AntPathMatcher antPathMatcher = new AntPathMatcher();
        Iterator<String> it = this.addAppTokenDomainWhiteList.iterator();
        while (it.hasNext()) {
            try {
                if (antPathMatcher.match(it.next(), host)) {
                    return true;
                }
            } catch (Throwable th) {
                return true;
            }
        }
        return false;
    }

    private void buildAddAppTokenDomainWhiteList() {
        AppCoreProperties.AppToken appToken = this.appCoreProperties.getAppToken();
        Boolean enable = appToken.getEnable();
        String[] whiteList = appToken.getWhiteList();
        if (BooleanUtils.isFalse(enable)) {
            return;
        }
        if (ArrayUtils.isEmpty(whiteList)) {
            this.addAppTokenDomainWhiteList = Lists.newArrayList(GlobalConstant.APP_TOKEN_ATHENA_WHITE_LIST_DOMAIN);
            return;
        }
        for (String str : whiteList) {
            if (!org.apache.commons.lang.StringUtils.isBlank(str)) {
                try {
                    this.addAppTokenDomainWhiteList.add(new URI(str).getHost());
                } catch (URISyntaxException e) {
                    log.warn("URISyntaxException, uri: {}", str);
                }
            }
        }
    }
}
