package com.digiwin.athena.appcore.auth.filter;

import com.digiwin.athena.appcore.AppCoreProperties;
import com.digiwin.athena.appcore.auth.AppAuthContextHolder;
import com.digiwin.athena.appcore.auth.GlobalConstant;
import com.digiwin.athena.appcore.auth.domain.AuthoredUser;
import com.digiwin.athena.appcore.auth.service.TokenVerifyService;
import com.digiwin.athena.appcore.constant.ErrorTypeEnum;
import com.digiwin.athena.appcore.domain.BaseResultDTO;
import com.digiwin.athena.appcore.util.JsonUtils;
import com.digiwin.athena.appcore.web.RequestMatcher;
import com.digiwin.athena.uibot.domain.core.ReportGlobalConstant;
import com.digiwin.service.permission.DWSecurityTokenGenerator;
import com.digiwin.service.permission.consts.ConstDef;
import com.digiwin.service.permission.pojo.DWSecurityContext;
import com.digiwin.service.permission.pojo.DWSecurityToken;
import java.io.IOException;
import java.io.PrintStream;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.stream.Stream;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.collections.MapUtils;
import org.slf4j.MDC;
import org.springframework.core.Ordered;
import org.springframework.http.HttpMethod;
import org.springframework.http.HttpStatus;
import org.springframework.util.StringUtils;
import org.springframework.web.filter.OncePerRequestFilter;

/* loaded from: input_file:BOOT-INF/lib/app-core-starter-0.0.89.39.jar:com/digiwin/athena/appcore/auth/filter/UserTokenAuthenticationFilter.class */
public class UserTokenAuthenticationFilter extends OncePerRequestFilter implements Ordered {
    private TokenVerifyService iamService;
    private AppCoreProperties.Auth auth;
    private List<RequestMatcher> requestMatchers;
    public static final String[] AUTH_WHITELIST = {"/", "/*.html", "/favicon.ico", "/**/*.html", "/**/*.css", "/**/*.js", "/webjars/**", "/swagger-resources/**", "/**/api-docs/**", "/**/env/**", "/error", "/druid/**", "/api/test", "/v2/api-docs", "/swagger-resources", "/swagger-resources/**", "/configuration/ui", "/configuration/security", "/swagger-ui.html", "/webjars/**", "/actuator/**", "/test/**", "/**/tool/**"};

    public UserTokenAuthenticationFilter(AppCoreProperties.Auth auth, TokenVerifyService tokenVerifyService) {
        this.iamService = tokenVerifyService;
        this.auth = auth;
        if (StringUtils.isEmpty(this.auth.getWhiteList())) {
            this.requestMatchers = RequestMatcher.antMatchers(AUTH_WHITELIST);
            return;
        }
        Stream concat = Stream.concat(Stream.of((Object[]) this.auth.getWhiteList()), Stream.of((Object[]) AUTH_WHITELIST));
        PrintStream printStream = System.out;
        printStream.getClass();
        this.requestMatchers = RequestMatcher.antMatchers((String[]) concat.peek(printStream::println).toArray(i -> {
            return new String[i];
        }));
    }

    private boolean inWriteList(HttpServletRequest httpServletRequest) {
        if (this.requestMatchers == null) {
            return false;
        }
        Iterator<RequestMatcher> it = this.requestMatchers.iterator();
        while (it.hasNext()) {
            if (it.next().matches(httpServletRequest)) {
                return true;
            }
        }
        return false;
    }

    @Override // org.springframework.web.filter.OncePerRequestFilter
    protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws IOException, ServletException {
        AppAuthContextHolder.clearContext();
        if (httpServletRequest.getMethod().matches(HttpMethod.OPTIONS.name())) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        String header = httpServletRequest.getHeader("digi-middleware-auth-user");
        String header2 = httpServletRequest.getHeader(GlobalConstant.IAM_IDENTITY_TYPE_PROXY_TOKEN);
        if (StringUtils.isEmpty(header2)) {
            header2 = httpServletRequest.getHeader(GlobalConstant.IAM_IDENTITY_TYPE_PROXY_TOKEN3);
        }
        if (StringUtils.isEmpty(header2)) {
            header2 = httpServletRequest.getHeader(GlobalConstant.IAM_IDENTITY_TYPE_PROXY_TOKEN2);
        }
        if (StringUtils.isEmpty(header)) {
            header = httpServletRequest.getHeader("token");
        }
        AuthoredUser authoredUser = null;
        AuthoredUser authoredUser2 = null;
        String header3 = httpServletRequest.getHeader("security-token");
        if (!StringUtils.isEmpty(header3)) {
            authoredUser = getAuthoredUserBySecurityToken(header3);
            if (null != authoredUser && StringUtils.isEmpty(authoredUser.getToken())) {
                authoredUser.setToken(header);
            }
        }
        if (authoredUser == null) {
            header3 = null;
            if (!StringUtils.isEmpty(header)) {
                authoredUser = this.iamService.getUserInfo(header);
            }
        }
        if (!inWriteList(httpServletRequest) && authoredUser == null) {
            writeUnAuth(httpServletRequest.getRequestURL().toString(), httpServletResponse, StringUtils.isEmpty(header) ? "token 为空" : (Objects.equals(httpServletRequest.getHeader("locale"), ReportGlobalConstant.LAN_TW) || Objects.equals(httpServletRequest.getHeader("locale"), "zh-TW")) ? "當前用戶登錄已失效，請重新登錄！" : "当前用户登录已失效，请重新登录！");
            return;
        }
        if (!StringUtils.isEmpty(header2)) {
            try {
                authoredUser2 = this.iamService.getUserInfo(header2);
                if (authoredUser2 != null && org.apache.commons.lang.StringUtils.isNotEmpty(authoredUser.getTenantId()) && org.apache.commons.lang.StringUtils.isNotEmpty(authoredUser2.getTenantId())) {
                    if (authoredUser.getTenantId().equals(authoredUser2.getTenantId())) {
                        authoredUser2 = null;
                    } else {
                        httpServletRequest.setAttribute(GlobalConstant.PROXY_AUTH_USER, authoredUser2);
                        AppAuthContextHolder.getContext().setProxyAuthoredUser(authoredUser2);
                    }
                }
            } catch (Exception e) {
                this.logger.error("代理token失效:" + header2, e);
            }
        }
        if (authoredUser != null) {
            if (StringUtils.isEmpty(header3)) {
                header3 = authoredUser2 != null ? generateSecurityToken("", header2, authoredUser2, authoredUser) : generateSecurityToken("", header, authoredUser, null);
            }
            httpServletRequest.setAttribute("digi-middleware-auth-user-data", authoredUser);
            AppAuthContextHolder.getContext().setSecurityToken(header3);
            AppAuthContextHolder.getContext().setAuthoredUser(authoredUser);
            AppAuthContextHolder.getContext().setProxyToken(header2);
        }
        String header4 = httpServletRequest.getHeader(GlobalConstant.ROUTER_KEY);
        if (StringUtils.hasText(header4)) {
            MDC.put(GlobalConstant.ROUTER_KEY, header4);
        }
        filterChain.doFilter(httpServletRequest, httpServletResponse);
        AppAuthContextHolder.clearContext();
    }

    private AuthoredUser getAuthoredUserBySecurityToken(String str) {
        try {
            DWSecurityToken parseSecurityToken = DWSecurityTokenGenerator.parseSecurityToken(str);
            if (parseSecurityToken == null || parseSecurityToken.getContext() == null || !MapUtils.isNotEmpty(parseSecurityToken.getContext().getProfile())) {
                return null;
            }
            AuthoredUser authoredUser = new AuthoredUser();
            Map<String, Object> profile = parseSecurityToken.getContext().getProfile();
            authoredUser.setTenantId(profile.get("tenantId").toString());
            authoredUser.setTenantName(profile.get(ConstDef.ProfileKeyDef.TENANT_NAME).toString());
            if (profile.containsKey(ConstDef.ProfileKeyDef.TENANT_SID)) {
                authoredUser.setTenantSid(Long.parseLong(profile.get(ConstDef.ProfileKeyDef.TENANT_SID).toString()));
            }
            authoredUser.setUserId(profile.get(ConstDef.ProfileKeyDef.USER_ID).toString());
            authoredUser.setUserName(profile.get(ConstDef.ProfileKeyDef.USER_NAME).toString());
            if (profile.containsKey(ConstDef.ProfileKeyDef.USER_SID)) {
                authoredUser.setSid(Long.parseLong(profile.get(ConstDef.ProfileKeyDef.USER_SID).toString()));
            }
            authoredUser.setToken(parseSecurityToken.getContext().getUserToken());
            return authoredUser;
        } catch (Exception e) {
            this.logger.error("信任链失败，使用标准的方式验证", e);
            return null;
        }
    }

    private void writeUnAuth(String str, HttpServletResponse httpServletResponse, String str2) throws IOException {
        httpServletResponse.setStatus(HttpStatus.UNAUTHORIZED.value());
        httpServletResponse.setCharacterEncoding("UTF-8");
        httpServletResponse.setContentType("application/json");
        BaseResultDTO baseResultDTO = new BaseResultDTO();
        baseResultDTO.setErrorType(ErrorTypeEnum.BUSINESS.getValue());
        baseResultDTO.setStatus(Integer.valueOf(HttpStatus.UNAUTHORIZED.value()));
        baseResultDTO.setStatusDescription(HttpStatus.UNAUTHORIZED.getReasonPhrase());
        baseResultDTO.setErrorCode(String.valueOf(HttpStatus.UNAUTHORIZED.value()));
        baseResultDTO.setPath(str);
        baseResultDTO.setErrorMessage(str2);
        baseResultDTO.setServerTime(Long.valueOf(System.currentTimeMillis()));
        baseResultDTO.setErrorInstructorsChainInfo(MDC.get(GlobalConstant.DIGI_DAP_SERVICE_CHAIN_INFO));
        httpServletResponse.getWriter().println(JsonUtils.objectToString(baseResultDTO));
    }

    @Override // org.springframework.core.Ordered
    public int getOrder() {
        return Integer.MIN_VALUE;
    }

    private String generateSecurityToken(String str, String str2, AuthoredUser authoredUser, AuthoredUser authoredUser2) {
        Map<String, Object> hashMap = new HashMap<>();
        generateProfileMap(hashMap, authoredUser);
        if (null != authoredUser2) {
            Map<String, Object> hashMap2 = new HashMap<>();
            generateProfileMap(hashMap2, authoredUser2);
            hashMap2.put("userToken", authoredUser2.getToken());
            hashMap.put("_currentUser", hashMap2);
        }
        DWSecurityContext dWSecurityContext = new DWSecurityContext();
        dWSecurityContext.setUserToken(str2);
        dWSecurityContext.setAppToken(str);
        dWSecurityContext.setProfile(hashMap);
        dWSecurityContext.setTokenVerified();
        try {
            return DWSecurityTokenGenerator.generateSecurityToken(dWSecurityContext, 20);
        } catch (Exception e) {
            e.printStackTrace();
            return "";
        }
    }

    private void generateProfileMap(Map<String, Object> map, AuthoredUser authoredUser) {
        map.put("tenantId", authoredUser.getTenantId());
        map.put(ConstDef.ProfileKeyDef.TENANT_NAME, authoredUser.getTenantName());
        map.put(ConstDef.ProfileKeyDef.TENANT_SID, String.valueOf(authoredUser.getTenantSid()));
        map.put(ConstDef.ProfileKeyDef.USER_ID, authoredUser.getUserId());
        map.put(ConstDef.ProfileKeyDef.USER_NAME, authoredUser.getUserName());
        map.put(ConstDef.ProfileKeyDef.USER_SID, String.valueOf(authoredUser.getSid()));
    }
}
