package com.digiwin.dap.middleware.auth;

import com.digiwin.dap.middleware.auth.domain.DapAuthenticationToken;
import com.digiwin.dap.middleware.constant.DapHttpHeaders;
import com.digiwin.dap.middleware.constant.GlobalConstants;
import com.digiwin.dap.middleware.domain.CommonCode;
import com.digiwin.dap.middleware.domain.CommonErrorCode;
import com.digiwin.dap.middleware.domain.DapEnv;
import com.digiwin.dap.middleware.exception.BusinessException;
import com.digiwin.dap.middleware.exception.DapException;
import com.digiwin.dap.middleware.support.DapSecuritySupport;
import java.io.IOException;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
import org.springframework.util.StringUtils;

/* loaded from: input_file:BOOT-INF/lib/dapware-core-2.3.0.jar:com/digiwin/dap/middleware/auth/DapTokenAuthenticationFilter.class */
public class DapTokenAuthenticationFilter extends BasicAuthenticationFilter {
    private static final String ALLOW = "ALLOW";
    private final DapEnv dapEnv;
    private final DapSecuritySupport dapSecuritySupport;

    public DapTokenAuthenticationFilter(AuthenticationManager authenticationManager, DapSecuritySupport dapSecuritySupport) {
        super(authenticationManager);
        this.dapEnv = dapSecuritySupport.getDapEnv();
        this.dapSecuritySupport = dapSecuritySupport;
    }

    /* JADX WARN: Finally extract failed */
    @Override // org.springframework.security.web.authentication.www.BasicAuthenticationFilter, org.springframework.web.filter.OncePerRequestFilter
    protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws IOException, ServletException {
        AppAuthContext context = AppAuthContextHolder.getContext();
        try {
            try {
                this.dapSecuritySupport.preProcessToken(httpServletRequest, httpServletResponse);
                if (!ALLOW.equals(context.getResultType()) && httpServletRequest.getRequestURI().startsWith("/api")) {
                    if (this.dapEnv.isAppTokenCheck() && httpServletRequest.getHeader(DapHttpHeaders.APP_TOKEN.getHeader()) == null) {
                        throw new BusinessException(CommonErrorCode.APP_TOKEN_NONE);
                    }
                    if (this.dapEnv.isAppSecretCheck() && httpServletRequest.getHeader(DapHttpHeaders.APP_SECRET.getHeader()) == null) {
                        throw new BusinessException(CommonErrorCode.APP_SECRET_NONE);
                    }
                }
                String header = httpServletRequest.getHeader(GlobalConstants.HTTP_HEADER_USER_TOKEN_KEY);
                String header2 = header == null ? httpServletRequest.getHeader(GlobalConstants.HTTP_HEADER_ACCESS_TOKEN_KEY) : header;
                String header3 = httpServletRequest.getHeader(GlobalConstants.HTTP_HEADER_APP_TOKEN_KEY);
                AuthoredSys obtainApp = AuthoredSys.obtainApp(header3);
                try {
                    try {
                        if (!StringUtils.isEmpty(header2)) {
                            AuthoredUser loginUser = this.dapSecuritySupport.getLoginUser(httpServletRequest, header2);
                            httpServletRequest.setAttribute(GlobalConstants.AUTH_USER, loginUser);
                            context.setAuthoredUser(loginUser);
                            SecurityContextHolder.getContext().setAuthentication(new DapAuthenticationToken(loginUser));
                        }
                        if (CommonCode.EMC.name().equalsIgnoreCase(this.dapEnv.getAppName())) {
                            context.setResultType(ALLOW);
                        }
                        if (ALLOW.equals(context.getResultType()) && httpServletRequest.getAttribute(GlobalConstants.AUTH_USER) == null && !GlobalConstants.TOKEN_ANALYZE.equals(httpServletRequest.getRequestURI()) && !GlobalConstants.INTERNAL_TOKEN_ANALYZE.equals(httpServletRequest.getRequestURI())) {
                            anonymousAuthentication(httpServletRequest, this.dapSecuritySupport.anonymous());
                        }
                    } catch (Exception e) {
                        if (!ALLOW.equals(context.getResultType()) || GlobalConstants.TOKEN_ANALYZE.equals(httpServletRequest.getRequestURI()) || GlobalConstants.INTERNAL_TOKEN_ANALYZE.equals(httpServletRequest.getRequestURI())) {
                            throw e;
                        }
                        this.logger.warn("allow anonymous access.", e);
                        if (ALLOW.equals(context.getResultType()) && httpServletRequest.getAttribute(GlobalConstants.AUTH_USER) == null && !GlobalConstants.TOKEN_ANALYZE.equals(httpServletRequest.getRequestURI()) && !GlobalConstants.INTERNAL_TOKEN_ANALYZE.equals(httpServletRequest.getRequestURI())) {
                            anonymousAuthentication(httpServletRequest, this.dapSecuritySupport.anonymous());
                        }
                    }
                    if (!StringUtils.isEmpty(header3) && context.getAuthoredSys() == null) {
                        AuthoredSys loginSys = this.dapSecuritySupport.getLoginSys(httpServletRequest, obtainApp.getId());
                        httpServletRequest.setAttribute(GlobalConstants.AUTH_APP, loginSys == null ? obtainApp : loginSys);
                        context.setAuthoredSys(loginSys == null ? obtainApp : loginSys);
                    }
                    this.dapSecuritySupport.postProcessToken(httpServletRequest, httpServletResponse);
                    this.dapSecuritySupport.afterProcessToken(httpServletRequest, httpServletResponse);
                    filterChain.doFilter(httpServletRequest, httpServletResponse);
                } catch (Throwable th) {
                    if (ALLOW.equals(context.getResultType()) && httpServletRequest.getAttribute(GlobalConstants.AUTH_USER) == null && !GlobalConstants.TOKEN_ANALYZE.equals(httpServletRequest.getRequestURI()) && !GlobalConstants.INTERNAL_TOKEN_ANALYZE.equals(httpServletRequest.getRequestURI())) {
                        anonymousAuthentication(httpServletRequest, this.dapSecuritySupport.anonymous());
                    }
                    throw th;
                }
            } catch (DapException e2) {
                throw e2;
            }
        } catch (Throwable th2) {
            this.dapSecuritySupport.afterProcessToken(httpServletRequest, httpServletResponse);
            throw th2;
        }
    }

    private void anonymousAuthentication(HttpServletRequest httpServletRequest, AuthoredUser authoredUser) {
        httpServletRequest.setAttribute(GlobalConstants.AUTH_USER, authoredUser);
        AppAuthContextHolder.getContext().setAuthoredUser(authoredUser);
        SecurityContextHolder.getContext().setAuthentication(new DapAuthenticationToken(authoredUser));
    }
}
