package vip.isass.core.web.security.authentication.jwt;

import cn.hutool.core.util.StrUtil;
import java.io.IOException;
import java.util.Map;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.CredentialsExpiredException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import vip.isass.core.exception.UnifiedException;
import vip.isass.core.exception.code.StatusMessageEnum;
import vip.isass.core.login.DefaultLoginUser;
import vip.isass.core.web.security.authentication.AbstractAuthenticationFilter;

/* loaded from: input_file:vip/isass/core/web/security/authentication/jwt/JwtAuthenticationFilter.class */
public class JwtAuthenticationFilter extends AbstractAuthenticationFilter {
    private static final Logger log = LoggerFactory.getLogger(JwtAuthenticationFilter.class);
    private IJwtService jwtService;
    private TerminalOnlineConfiguration terminalOnlineConfiguration;

    public JwtAuthenticationFilter(AuthenticationManager authenticationManager, IJwtService iJwtService, TerminalOnlineConfiguration terminalOnlineConfiguration) {
        super(authenticationManager);
        this.jwtService = iJwtService;
        this.terminalOnlineConfiguration = terminalOnlineConfiguration;
    }

    protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws IOException, ServletException {
        String replace;
        Authentication authentication;
        DefaultLoginUser tokenFrom;
        String header = httpServletRequest.getHeader("isass-authorization");
        if (StrUtil.isEmpty(header)) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        if (header.startsWith("Bearer ")) {
            replace = header.replace("Bearer ", "");
        } else {
            if (!header.startsWith("Bearer%20")) {
                filterChain.doFilter(httpServletRequest, httpServletResponse);
                return;
            }
            replace = header.replace("Bearer%20", "");
        }
        try {
            authentication = (JwtAuthenticationToken) getAuthenticationManager().authenticate(new JwtAuthenticationToken(replace));
            JwtClaim jwtClaim = authentication.getJwtClaim();
            tokenFrom = new DefaultLoginUser().setUserId(jwtClaim.getUid()).setNickName(jwtClaim.getName()).setLoginFrom(jwtClaim.getFr()).setVersion(jwtClaim.getV()).setTokenFrom(JwtAuthenticationToken.class.getSimpleName());
        } catch (AuthenticationException e) {
            onUnsuccessfulAuthentication(httpServletRequest, httpServletResponse, e);
        }
        if (!processTerminal(tokenFrom)) {
            throw new CredentialsExpiredException("强制下线");
        }
        saveAuthentication(tokenFrom, authentication.getAuthorities());
        onSuccessfulAuthentication(httpServletRequest, httpServletResponse, authentication);
        filterChain.doFilter(httpServletRequest, httpServletResponse);
    }

    private boolean processTerminal(DefaultLoginUser defaultLoginUser) {
        if (this.jwtService == null) {
            return true;
        }
        Integer forceOfflineVersion = this.jwtService.getForceOfflineVersion(defaultLoginUser.getUserId());
        if (forceOfflineVersion == null || defaultLoginUser.getVersion().intValue() > forceOfflineVersion.intValue()) {
            return checkTerminalOnline(defaultLoginUser);
        }
        return false;
    }

    private boolean checkTerminalOnline(DefaultLoginUser defaultLoginUser) {
        if (this.terminalOnlineConfiguration.isEnableAllTerminalSameTimeOnline()) {
            return true;
        }
        if (this.terminalOnlineConfiguration.isDirectOnlineTerminal(defaultLoginUser.getLoginFrom())) {
            if (this.terminalOnlineConfiguration.canSameTerminalsOnlineAtSameTime(defaultLoginUser.getLoginFrom())) {
                return true;
            }
            Integer versionByTerminal = this.jwtService.getVersionByTerminal(defaultLoginUser.getUserId(), defaultLoginUser.getLoginFrom());
            if (versionByTerminal == null || versionByTerminal.intValue() > defaultLoginUser.getVersion().intValue()) {
                return false;
            }
        }
        if (!this.terminalOnlineConfiguration.isMutexTerminal(defaultLoginUser.getLoginFrom())) {
            if (!this.terminalOnlineConfiguration.canSameTerminalsOnlineAtSameTime(defaultLoginUser.getLoginFrom()) && this.terminalOnlineConfiguration.isEnableForceOfflineIfTerminalNotConfigured().booleanValue()) {
                throw new UnifiedException(StatusMessageEnum.TOKEN_FORCE_OFFLINE);
            }
            return true;
        }
        String str = null;
        Integer num = null;
        for (Map.Entry entry : this.jwtService.getVersionByTerminals(defaultLoginUser.getUserId(), this.terminalOnlineConfiguration.getMutexTerminals()).entrySet()) {
            if (str == null) {
                str = (String) entry.getKey();
                num = (Integer) entry.getValue();
            } else if (entry.getValue() != null && num.intValue() < ((Integer) entry.getValue()).intValue()) {
                str = (String) entry.getKey();
                num = (Integer) entry.getValue();
            }
        }
        if (str == null || !str.equals(defaultLoginUser.getLoginFrom())) {
            return false;
        }
        if (this.terminalOnlineConfiguration.canSameTerminalsOnlineAtSameTime(defaultLoginUser.getLoginFrom())) {
            return true;
        }
        return num.equals(defaultLoginUser.getVersion());
    }
}
