package cn.wjee.boot.security.overrides;

import cn.wjee.boot.WJeeVar;
import cn.wjee.boot.context.BodyRequestWrapper;
import cn.wjee.commons.collection.MapUtils;
import cn.wjee.commons.enums.ApiStatusEnum;
import cn.wjee.commons.enums.TokenTypeEnum;
import cn.wjee.commons.exception.Asserts;
import cn.wjee.commons.http.WebUtils;
import cn.wjee.commons.io.IOUtils;
import cn.wjee.commons.lang.JacksonUtils;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.ExpiredJwtException;
import java.io.IOException;
import java.util.Arrays;
import java.util.Collection;
import java.util.stream.Collectors;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.MediaType;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.User;
import org.springframework.web.filter.GenericFilterBean;

/* loaded from: input_file:cn/wjee/boot/security/overrides/JWTTokenFilter.class */
public class JWTTokenFilter extends GenericFilterBean {
    private static final Logger log = LoggerFactory.getLogger(JWTTokenFilter.class);
    private final JWTTokenProvider tokenProvider;
    private final boolean checkTokenIss;
    private final String tokenIss;

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        try {
            BodyRequestWrapper bodyRequestWrapper = new BodyRequestWrapper(httpServletRequest);
            String header = bodyRequestWrapper.getHeader("Authorization");
            if (StringUtils.isBlank(header)) {
                header = bodyRequestWrapper.getParameter("Authorization");
            }
            String contentType = bodyRequestWrapper.getContentType();
            if (StringUtils.isBlank(contentType)) {
                contentType = bodyRequestWrapper.getHeader("Content-Type");
            }
            MediaType mediaType = null;
            if (StringUtils.isNotBlank(contentType)) {
                mediaType = MediaType.valueOf(contentType);
            }
            if (StringUtils.isBlank(header) && mediaType != null && mediaType.isCompatibleWith(MediaType.APPLICATION_JSON)) {
                header = (String) JacksonUtils.convertMap(IOUtils.toString(bodyRequestWrapper.getInputStream())).get("Authorization");
            } else if (StringUtils.isBlank(header) && mediaType != null && mediaType.isCompatibleWith(MediaType.APPLICATION_FORM_URLENCODED)) {
                header = httpServletRequest.getParameter("Authorization");
            } else if (StringUtils.isBlank(header) && mediaType != null && mediaType.isCompatibleWith(MediaType.MULTIPART_FORM_DATA)) {
                header = httpServletRequest.getParameter("Authorization");
            }
            if (StringUtils.isNotBlank(header) && header.startsWith(WJeeVar.Security.BEARER_PREFIX)) {
                header = header.substring(7);
            }
            if (StringUtils.isBlank(header)) {
                WebUtils.writeJson(httpServletResponse, ApiStatusEnum.FAILURE_401);
                return;
            }
            Claims validate = this.tokenProvider.validate(header, TokenTypeEnum.ACCESS_TOKEN);
            if (validate == null) {
                WebUtils.writeJson(httpServletResponse, ApiStatusEnum.FAILURE_401);
                return;
            }
            if (this.checkTokenIss) {
                String value = MapUtils.getValue(validate, WJeeVar.JWT.CLAIM_ISS);
                Asserts.isTrue(StringUtils.isNotBlank(value) && value.equalsIgnoreCase(this.tokenIss), ApiStatusEnum.FAILURE_401);
            }
            Collection collection = (Collection) Arrays.stream(MapUtils.getValue(validate, WJeeVar.JWT.CLAIM_AUTHORITIES, WJeeVar.Cors.DEFAULT_EXPOSED_HEADERS).split(",")).filter((v0) -> {
                return StringUtils.isNotBlank(v0);
            }).map(SimpleGrantedAuthority::new).collect(Collectors.toList());
            SecurityContextHolder.getContext().setAuthentication(new UsernamePasswordAuthenticationToken(new User(validate.getSubject(), WJeeVar.Cors.DEFAULT_EXPOSED_HEADERS, collection), WJeeVar.Cors.DEFAULT_EXPOSED_HEADERS, collection));
            filterChain.doFilter(bodyRequestWrapper, servletResponse);
        } catch (ExpiredJwtException e) {
            log.info("Security exception for user {} - {}", e.getClaims().getSubject(), e.getMessage());
            WebUtils.writeJson(httpServletResponse, ApiStatusEnum.FAILURE_401);
        }
    }

    public JWTTokenFilter(JWTTokenProvider jWTTokenProvider, boolean z, String str) {
        this.tokenProvider = jWTTokenProvider;
        this.checkTokenIss = z;
        this.tokenIss = str;
    }
}
