package com.tydic.umc.security.auth.filter;

import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson.JSONObject;
import com.alibaba.fastjson.serializer.SerializerFeature;
import com.tydic.umc.security.util.IpAddressUtil;
import com.tydic.umc.security.util.RegexUtils;
import com.tydic.umc.security.util.SSLClient;
import java.io.IOException;
import java.io.PrintWriter;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.core.annotation.Order;
import org.springframework.security.core.AuthenticationException;
import org.springframework.stereotype.Component;
import org.springframework.web.filter.GenericFilterBean;

@Order(2147483645)
@Component
/* loaded from: input_file:com/tydic/umc/security/auth/filter/ExtTokenAuthenticationFilter.class */
public class ExtTokenAuthenticationFilter extends GenericFilterBean {
    private static final Logger log = LoggerFactory.getLogger(ExtTokenAuthenticationFilter.class);

    @Value("${AUTH_INTF_URL:http://39.96.39.0/auth/getUserInfo}")
    private String URL;

    @Value("${NOAUTH_URI:/**/noauth/**}")
    private String NOAUTH;
    private static final String RSP_CODE_SUCCESS = "0";
    private static final String RSP_DESC_SUCCESS = "鉴权成功";
    private static final String RSP_CODE_FAILUR = "1";
    private static final String RSP_DESC_FAILUR = "登录信息无效，请重新登录";
    private final String TOKEN_KEY = "auth-token";
    private final Long ERR_USER_ID = 0L;

    @Value("${noauth.url.resources:127.0.0.1}")
    private String noauthUrlResources;

    @Value("${noauth.url.path.resources:url}")
    private String noauthUrlPathResources;

    @Value("${noauth.url.enable:true}")
    private String noauthUrlEnable;

    public void attemptAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws AuthenticationException, IOException {
        Cookie[] cookies;
        String header = httpServletRequest.getHeader("auth-token");
        if (StringUtils.isBlank(header) && (cookies = httpServletRequest.getCookies()) != null) {
            for (int i = 0; i < cookies.length; i++) {
                if (cookies[i].getName().equals("auth-token")) {
                    header = cookies[i].getValue();
                }
            }
        }
        if (log.isDebugEnabled()) {
            log.debug("获取当前token:{}", header);
        }
        JSONObject jSONObject = new JSONObject();
        jSONObject.put("code", RSP_CODE_FAILUR);
        jSONObject.put("message", RSP_DESC_FAILUR);
        if (!StringUtils.isBlank(header)) {
            String doPost = SSLClient.doPost(this.URL, header);
            if (!StringUtils.isBlank(doPost)) {
                ExtRspBO extRspBO = (ExtRspBO) JSON.parseObject(doPost, ExtRspBO.class);
                if (RSP_CODE_SUCCESS.equals(extRspBO.getCode()) && null != extRspBO.getData() && !this.ERR_USER_ID.equals(extRspBO.getData().getUserId())) {
                    return;
                }
            }
        }
        httpServletResponse.setContentType("text/html;charset=UTF-8");
        httpServletResponse.setStatus(401);
        PrintWriter writer = httpServletResponse.getWriter();
        String jSONString = JSON.toJSONString(jSONObject, new SerializerFeature[]{SerializerFeature.WriteMapNullValue, SerializerFeature.WriteNullStringAsEmpty});
        writer.write(jSONString);
        writer.close();
        if (log.isDebugEnabled()) {
            log.debug("结果:{}", jSONString);
        }
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        String requestURI = httpServletRequest.getRequestURI();
        boolean z = RegexUtils.wildcardEquals("**" + this.NOAUTH, requestURI) ? false : true;
        if (RegexUtils.wildcardEquals("**/**" + this.NOAUTH, requestURI)) {
            z = false;
        }
        if (StringUtils.isNotBlank(this.noauthUrlPathResources)) {
            Boolean bool = false;
            for (String str : this.noauthUrlPathResources.split(";")) {
                if (str.equals(requestURI)) {
                    bool = true;
                }
            }
            if (bool.booleanValue()) {
                checkNoauthIp(httpServletRequest);
            }
        }
        if (z) {
            attemptAuthentication(httpServletRequest, httpServletResponse);
        }
        filterChain.doFilter(httpServletRequest, httpServletResponse);
    }

    private void checkNoauthIp(HttpServletRequest httpServletRequest) {
        if (this.noauthUrlEnable.equals("true")) {
            String ipAddress = IpAddressUtil.getIpAddress(httpServletRequest);
            boolean z = true;
            if (StringUtils.isNotBlank(this.noauthUrlResources)) {
                for (String str : this.noauthUrlResources.split(";")) {
                    if (str.equals(ipAddress)) {
                        z = false;
                    }
                }
                if (z) {
                    throw new RuntimeException("非法来源ip访问:" + ipAddress);
                }
            }
        }
    }
}
