package com.digiwin.dap.middle.support;

import com.digiwin.dap.middleware.auth.AppAuthContextHolder;
import com.digiwin.dap.middleware.auth.AuthoredSys;
import com.digiwin.dap.middleware.auth.AuthoredUser;
import com.digiwin.dap.middleware.auth.LoginInfo;
import com.digiwin.dap.middleware.auth.domain.RequestInfo;
import com.digiwin.dap.middleware.auth.filter.DapTokenAuthenticationFilter;
import com.digiwin.dap.middleware.commons.util.StrUtils;
import com.digiwin.dap.middleware.constant.GlobalConstants;
import com.digiwin.dap.middleware.domain.DapEnv;
import com.digiwin.dap.middleware.exception.BusinessException;
import com.digiwin.dap.middleware.support.DapHttpService;
import com.digiwin.dap.middleware.support.DapSecuritySupport;
import com.digiwin.service.permission.DWSecurityTokenGenerator;
import com.digiwin.service.permission.consts.ConstDef;
import com.digiwin.service.permission.pojo.DWSecurityContext;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import javax.servlet.Filter;
import javax.servlet.http.HttpServletRequest;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:WEB-INF/lib/dapware-core-2.7.20.jar:com/digiwin/dap/middle/support/DefaultDapSecuritySupport.class */
public class DefaultDapSecuritySupport implements DapSecuritySupport {

    @Autowired
    protected DapEnv dapEnv;

    @Autowired
    protected DapHttpService dapHttpService;

    @Override // com.digiwin.dap.middleware.support.DapSecuritySupport
    public DapEnv getDapEnv() {
        return this.dapEnv;
    }

    @Override // com.digiwin.dap.middleware.support.DapSecuritySupport
    public String[] getWhiteList() {
        return new String[0];
    }

    @Override // com.digiwin.dap.middleware.support.DapSecuritySupport
    public List<String> getAppTokenWhiteList() {
        ArrayList arrayList = new ArrayList();
        arrayList.add("/env");
        return arrayList;
    }

    @Override // com.digiwin.dap.middleware.support.DapSecuritySupport
    public AuthoredUser getLoginUser(HttpServletRequest httpServletRequest, String str) {
        LoginInfo userInfo = getUserInfo(httpServletRequest);
        AuthoredSys sys = userInfo.getSys();
        if (sys != null) {
            httpServletRequest.setAttribute(GlobalConstants.AUTH_APP, sys);
            AppAuthContextHolder.getContext().setAuthoredSys(sys);
        }
        return userInfo.getAuthoredUser();
    }

    @Override // com.digiwin.dap.middleware.support.DapSecuritySupport
    public AuthoredSys getLoginSys(HttpServletRequest httpServletRequest, String str) {
        return getUserInfo(httpServletRequest).getSys();
    }

    @Override // com.digiwin.dap.middleware.support.DapSecuritySupport
    public void ramCheckV2(HttpServletRequest httpServletRequest) {
        this.dapHttpService.accessAnalyze(httpServletRequest);
    }

    @Override // com.digiwin.dap.middleware.support.DapSecuritySupport
    public void ramCheckV1(RequestInfo requestInfo) {
        this.dapHttpService.baseAnalyze(requestInfo);
    }

    @Override // com.digiwin.dap.middleware.support.DapSecuritySupport
    public void serviceCheck(HttpServletRequest httpServletRequest) {
        this.dapHttpService.srvUserAnalyze(httpServletRequest);
    }

    @Override // com.digiwin.dap.middleware.support.DapSecuritySupport
    public void addCustomFilter(HttpSecurity httpSecurity, AuthenticationManager authenticationManager) throws Exception {
        httpSecurity.addFilterBefore((Filter) new DapTokenAuthenticationFilter(authenticationManager, this), UsernamePasswordAuthenticationFilter.class);
    }

    private LoginInfo getUserInfo(HttpServletRequest httpServletRequest) {
        if (this.dapEnv.isServicePermission() && this.dapEnv.isServiceTrustChain()) {
            try {
                String header = httpServletRequest.getHeader(ConstDef.KEY_SECURITY_TOKEN);
                if (StrUtils.isNotEmpty(header)) {
                    DWSecurityContext context = DWSecurityTokenGenerator.parseSecurityToken(header).getContext();
                    if (context.isTokenVerified() && context.isUserVerified()) {
                        Map<String, Object> profile = context.getProfile();
                        LoginInfo loginInfo = new LoginInfo();
                        loginInfo.setSid(Long.parseLong(String.valueOf(profile.get(ConstDef.ProfileKeyDef.USER_SID))));
                        loginInfo.setId(String.valueOf(profile.get(ConstDef.ProfileKeyDef.USER_ID)));
                        loginInfo.setName(String.valueOf(profile.get(ConstDef.ProfileKeyDef.USER_NAME)));
                        loginInfo.setTenantSid(Long.parseLong(String.valueOf(profile.get(ConstDef.ProfileKeyDef.TENANT_SID))));
                        loginInfo.setTenantId(String.valueOf(profile.get("tenantId")));
                        loginInfo.setTenantName(String.valueOf(profile.get(ConstDef.ProfileKeyDef.TENANT_NAME)));
                        loginInfo.setToken(httpServletRequest.getHeader(GlobalConstants.HTTP_HEADER_USER_TOKEN_KEY));
                        return loginInfo;
                    }
                }
            } catch (Exception e) {
                throw new BusinessException(String.format("信任链解析异常：%s", e.getMessage()), e);
            }
        }
        return this.dapHttpService.tokenAnalyze(httpServletRequest);
    }
}
