package com.smec.mpaas.unicorn.comm.filter;

import com.alibaba.fastjson.JSON;
import com.smec.mpaas.unicorn.comm.adapter.JWKSEnhanceUserProfile;
import com.smec.mpaas.unicorn.comm.adapter.MPaasSSOAuthentication;
import com.smec.mpaas.unicorn.comm.pojo.RErrorResponse;
import com.smec.mpaas.unicorn.comm.pojo.UserProfile;
import com.smec.mpaas.unicorn.comm.pojo.UserProfileThread;
import com.smec.mpaas.unicorn.comm.property.SecurityProperty;
import com.smec.mpaas.unicorn.comm.util.JwtUtil;
import java.io.IOException;
import java.util.Arrays;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Optional;
import java.util.regex.Pattern;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import org.springframework.web.bind.annotation.RequestMethod;

@Component
/* loaded from: input_file:com/smec/mpaas/unicorn/comm/filter/SecurityFilter.class */
public class SecurityFilter implements Filter {

    @Autowired(required = false)
    private MPaasSSOAuthentication paasSSOAuthentication;

    @Autowired(required = false)
    private JWKSEnhanceUserProfile jwksEnhanceUserProfile;

    @Autowired
    private SecurityProperty securityProperty;

    @Autowired
    private JwtUtil jwtUtil;
    private List<String> originPublicRouteList = Arrays.asList("/druid/*", "/swagger-ui.html/*", "/swagger-resources/*", "/webjars/*", "/v2/api-docs/*");

    public void init(FilterConfig filterConfig) throws ServletException {
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        UserProfile userProfile = null;
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        if (RequestMethod.OPTIONS.name().equals(httpServletRequest.getMethod())) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        String requestURI = httpServletRequest.getRequestURI();
        if (isOriginPublicRoute(requestURI)) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        try {
            switch ((SecurityProperty.MODE_ENUM) Optional.ofNullable(this.securityProperty.getMode()).map(SecurityProperty.MODE_ENUM::valueOf).orElse(SecurityProperty.MODE_ENUM.simple)) {
                case simple:
                    userProfile = simpleHandle(httpServletRequest);
                    break;
                case jwks:
                    userProfile = jwksHandle(httpServletRequest);
                    break;
                case custom:
                    userProfile = customHandle(httpServletRequest);
                    break;
            }
        } catch (Exception e) {
            e.printStackTrace();
            userProfile = UserProfile.ANONYMOUS_OBJ;
        }
        if (this.securityProperty.isOpen() && userProfile.isAnonymous()) {
            boolean z = false;
            if (this.securityProperty.getPublicRoute() != null) {
                String[] split = this.securityProperty.getPublicRoute().split(",");
                int length = split.length;
                int i = 0;
                while (true) {
                    if (i < length) {
                        if (Pattern.compile(split[i]).matcher(requestURI).find()) {
                            z = true;
                        } else {
                            i++;
                        }
                    }
                }
            }
            if (!z) {
                unAuthorized(servletResponse);
                return;
            }
        }
        UserProfileThread.setUserProfile(userProfile);
        filterChain.doFilter(servletRequest, servletResponse);
    }

    public void destroy() {
    }

    private void unAuthorized(ServletResponse servletResponse) {
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        try {
            httpServletResponse.getOutputStream().write(JSON.toJSONString(RErrorResponse.error("Unauthorized")).getBytes());
        } catch (IOException e) {
            e.printStackTrace();
        }
        httpServletResponse.setStatus(401);
    }

    private UserProfile simpleHandle(HttpServletRequest httpServletRequest) {
        String header = httpServletRequest.getHeader(this.securityProperty.getHeaderName());
        return header == null ? UserProfile.ANONYMOUS_OBJ : new UserProfile(header, false);
    }

    private UserProfile jwksHandle(HttpServletRequest httpServletRequest) throws Exception {
        UserProfile enhance;
        String header = httpServletRequest.getHeader(this.securityProperty.getHeaderName());
        if (header == null) {
            enhance = UserProfile.ANONYMOUS_OBJ;
        } else {
            enhance = this.jwksEnhanceUserProfile.enhance(this.jwtUtil.parseAccessToken(header));
        }
        return enhance;
    }

    private UserProfile customHandle(HttpServletRequest httpServletRequest) {
        UserProfile userProfile;
        Cookie[] cookies = httpServletRequest.getCookies();
        HashMap hashMap = new HashMap();
        if (cookies != null) {
            for (Cookie cookie : cookies) {
                hashMap.put(cookie.getName(), cookie.getValue());
            }
        }
        HashMap hashMap2 = new HashMap();
        Enumeration headerNames = httpServletRequest.getHeaderNames();
        while (headerNames.hasMoreElements()) {
            String str = (String) headerNames.nextElement();
            hashMap2.put(str, httpServletRequest.getHeader(str));
        }
        try {
            userProfile = this.paasSSOAuthentication.ssoAuth(hashMap2, hashMap);
        } catch (Throwable th) {
            th.printStackTrace();
            userProfile = UserProfile.ANONYMOUS_OBJ;
        }
        return userProfile;
    }

    private boolean isOriginPublicRoute(String str) {
        if (!this.securityProperty.isOpen()) {
            return true;
        }
        Iterator<String> it = this.originPublicRouteList.iterator();
        while (it.hasNext()) {
            if (Pattern.compile(it.next()).matcher(str).find()) {
                return true;
            }
        }
        return false;
    }
}
