package io.choerodon.resource.filter;

import io.choerodon.resource.permission.PublicPermission;
import java.io.IOException;
import java.util.Set;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.authentication.AbstractAuthenticationToken;
import org.springframework.security.authentication.AnonymousAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.oauth2.common.exceptions.InvalidTokenException;
import org.springframework.security.oauth2.common.exceptions.OAuth2Exception;
import org.springframework.security.oauth2.provider.OAuth2Authentication;
import org.springframework.security.oauth2.provider.authentication.OAuth2AuthenticationDetails;
import org.springframework.security.oauth2.provider.authentication.TokenExtractor;
import org.springframework.security.oauth2.provider.token.ResourceServerTokenServices;
import org.springframework.util.AntPathMatcher;
import org.springframework.web.context.support.SpringBeanAutowiringSupport;

/* loaded from: input_file:io/choerodon/resource/filter/JwtTokenFilter.class */
public class JwtTokenFilter implements Filter {
    private TokenExtractor tokenExtractor;
    private ResourceServerTokenServices tokenServices;
    private Set<PublicPermission> publicPermissions;
    private static final AntPathMatcher MATCHER = new AntPathMatcher();
    private static final Logger LOGGER = LoggerFactory.getLogger(JwtTokenFilter.class);

    public JwtTokenFilter() {
    }

    public JwtTokenFilter(ResourceServerTokenServices resourceServerTokenServices, TokenExtractor tokenExtractor, Set<PublicPermission> set) {
        this.tokenServices = resourceServerTokenServices;
        this.tokenExtractor = tokenExtractor;
        this.publicPermissions = set;
    }

    public void init(FilterConfig filterConfig) throws ServletException {
        SpringBeanAutowiringSupport.processInjectionBasedOnServletContext(this, filterConfig.getServletContext());
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        boolean isDebugEnabled = LOGGER.isDebugEnabled();
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        for (PublicPermission publicPermission : this.publicPermissions) {
            if (MATCHER.match(publicPermission.path, httpServletRequest.getRequestURI()) && publicPermission.method.matches(httpServletRequest.getMethod())) {
                filterChain.doFilter(servletRequest, servletResponse);
                return;
            }
        }
        try {
            AbstractAuthenticationToken extract = this.tokenExtractor.extract(httpServletRequest);
            if (extract == null) {
                if (isAuthenticated()) {
                    LOGGER.debug("Clearing security context.");
                    SecurityContextHolder.clearContext();
                }
                LOGGER.debug("No Jwt token in request, will continue chain.");
                ((HttpServletResponse) servletResponse).sendError(401, "No Jwt token in request.");
                return;
            }
            servletRequest.setAttribute(OAuth2AuthenticationDetails.ACCESS_TOKEN_VALUE, extract.getPrincipal());
            if (extract instanceof AbstractAuthenticationToken) {
                extract.setDetails(new OAuth2AuthenticationDetails(httpServletRequest));
            }
            Authentication authenticate = authenticate(extract);
            if (isDebugEnabled) {
                LOGGER.debug("Authentication success: {}", authenticate);
            }
            SecurityContextHolder.getContext().setAuthentication(authenticate);
            filterChain.doFilter(servletRequest, servletResponse);
        } catch (OAuth2Exception e) {
            SecurityContextHolder.clearContext();
            if (isDebugEnabled) {
                LOGGER.debug("Authentication request failed: " + e);
            }
        }
    }

    public void destroy() {
    }

    protected Authentication authenticate(Authentication authentication) {
        if (authentication == null) {
            throw new InvalidTokenException("Invalid token (token not found)");
        }
        String str = (String) authentication.getPrincipal();
        OAuth2Authentication loadAuthentication = this.tokenServices.loadAuthentication(str);
        if (loadAuthentication == null) {
            throw new InvalidTokenException("Invalid token: " + str);
        }
        if (authentication.getDetails() instanceof OAuth2AuthenticationDetails) {
            OAuth2AuthenticationDetails oAuth2AuthenticationDetails = (OAuth2AuthenticationDetails) authentication.getDetails();
            if (!oAuth2AuthenticationDetails.equals(loadAuthentication.getDetails())) {
                oAuth2AuthenticationDetails.setDecodedDetails(loadAuthentication.getDetails());
            }
        }
        loadAuthentication.setDetails(authentication.getDetails());
        loadAuthentication.setAuthenticated(true);
        return loadAuthentication;
    }

    private boolean isAuthenticated() {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        return (authentication == null || (authentication instanceof AnonymousAuthenticationToken)) ? false : true;
    }
}
