package cn.virens.web.components.shiro.oauth2.filter;

import cn.hutool.core.util.StrUtil;
import cn.virens.Assert;
import cn.virens.oauth2.Oauth2Client;
import cn.virens.oauth2.standard.Oauth2AuthorizeBuilder;
import cn.virens.web.components.shiro.ShiroAuthInterface;
import cn.virens.web.components.shiro.ShiroConstant;
import cn.virens.web.components.shiro.oauth2.Oauth2AuthenticationToken;
import java.io.IOException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.web.filter.authc.AuthenticatingFilter;
import org.apache.shiro.web.util.WebUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;

/* loaded from: input_file:cn/virens/web/components/shiro/oauth2/filter/Oauth2AuthorizingFilter.class */
public class Oauth2AuthorizingFilter extends AuthenticatingFilter {
    private Boolean useSsl = false;
    private String codeParam = "code";
    private String stateParam = "state";
    private String errorParam = "error";
    private String errorDescParam = "error_description";
    private String failureUrl = "/error";
    private Oauth2Client oauth2Client;

    @Autowired
    @Qualifier(ShiroConstant.SHIRO_AUTH_NAME)
    private ShiroAuthInterface shiroAuthInterface;

    public Boolean getUseSsl() {
        return this.useSsl;
    }

    public void setUseSsl(Boolean bool) {
        this.useSsl = bool;
    }

    public String getCodeParam() {
        return this.codeParam;
    }

    public void setCodeParam(String str) {
        this.codeParam = str;
    }

    public String getStateParam() {
        return this.stateParam;
    }

    public void setStateParam(String str) {
        this.stateParam = str;
    }

    public String getErrorParam() {
        return this.errorParam;
    }

    public void setErrorParam(String str) {
        this.errorParam = str;
    }

    public String getErrorDescParam() {
        return this.errorDescParam;
    }

    public void setErrorDescParam(String str) {
        this.errorDescParam = str;
    }

    public String getFailureUrl() {
        return this.failureUrl;
    }

    public void setFailureUrl(String str) {
        this.failureUrl = str;
    }

    public Oauth2Client getOauth2Client() {
        return this.oauth2Client;
    }

    public void setOauth2Client(Oauth2Client oauth2Client) {
        this.oauth2Client = oauth2Client;
    }

    protected AuthenticationToken createToken(ServletRequest servletRequest, ServletResponse servletResponse) throws Exception {
        Oauth2AuthenticationToken oauth2AuthenticationToken = new Oauth2AuthenticationToken();
        oauth2AuthenticationToken.setState(WebUtils.getCleanParam(servletRequest, this.stateParam));
        oauth2AuthenticationToken.setCode(WebUtils.getCleanParam(servletRequest, this.codeParam));
        oauth2AuthenticationToken.setRedirectUri(getLoginUrl());
        return oauth2AuthenticationToken;
    }

    protected boolean onAccessDenied(ServletRequest servletRequest, ServletResponse servletResponse) throws Exception {
        if (isFailureRequest(servletRequest, servletResponse)) {
            redirectToFailure(servletRequest, servletResponse);
            return false;
        }
        if (getSubject(servletRequest, servletResponse).isAuthenticated() || isLoginRequest(servletRequest, servletResponse)) {
            return executeLogin(servletRequest, servletResponse);
        }
        redirectToLogin(servletRequest, servletResponse);
        return false;
    }

    protected void redirectToFailure(ServletRequest servletRequest, ServletResponse servletResponse) throws IOException {
        String cleanParam = WebUtils.getCleanParam(servletRequest, this.errorParam);
        String cleanParam2 = WebUtils.getCleanParam(servletRequest, this.errorDescParam);
        WebUtils.issueRedirect(servletRequest, servletResponse, this.failureUrl + "?error=" + WebUtils.decodeRequestString(WebUtils.toHttp(servletRequest), cleanParam) + "error_desc=" + WebUtils.decodeRequestString(WebUtils.toHttp(servletRequest), cleanParam2));
    }

    protected void redirectToLogin(ServletRequest servletRequest, ServletResponse servletResponse) throws IOException {
        Assert.isNull(this.oauth2Client, "Oauth2RequestClient is null");
        Oauth2AuthorizeBuilder authorize = this.oauth2Client.authorize();
        authorize.setRedirectUri(getLoginUrl(WebUtils.toHttp(servletRequest)));
        authorize.setScope("snsapi_userinfo");
        WebUtils.issueRedirect(servletRequest, servletResponse, authorize.build());
    }

    protected boolean isFailureRequest(ServletRequest servletRequest, ServletResponse servletResponse) {
        return StrUtil.isNotEmpty(WebUtils.getCleanParam(servletRequest, this.errorParam));
    }

    protected boolean isLoginRequest(ServletRequest servletRequest, ServletResponse servletResponse) {
        return StrUtil.isNotEmpty(WebUtils.getCleanParam(servletRequest, this.codeParam));
    }

    protected boolean onLoginSuccess(AuthenticationToken authenticationToken, Subject subject, ServletRequest servletRequest, ServletResponse servletResponse) throws Exception {
        this.shiroAuthInterface.onLoginSuccess(String.valueOf(subject.getPrincipal()), getHost(servletRequest));
        WebUtils.redirectToSavedRequest(servletRequest, servletResponse, getSuccessUrl());
        return false;
    }

    protected boolean onLoginFailure(AuthenticationToken authenticationToken, AuthenticationException authenticationException, ServletRequest servletRequest, ServletResponse servletResponse) {
        this.shiroAuthInterface.onLoginFailure(String.valueOf(authenticationToken.getPrincipal()), getHost(servletRequest));
        return super.onLoginFailure(authenticationToken, authenticationException, servletRequest, servletResponse);
    }

    private String getLoginUrl(HttpServletRequest httpServletRequest) {
        String loginUrl = getLoginUrl();
        if (StrUtil.startWith(loginUrl, "http")) {
            return loginUrl;
        }
        String header = httpServletRequest.getHeader("Host");
        return Boolean.TRUE.equals(this.useSsl) ? "https://" + header + url(loginUrl) : "http://" + header + url(loginUrl);
    }

    private String url(String str) {
        return StrUtil.startWith(str, '/') ? str : "/" + str;
    }
}
