package com.supwisdom.infras.security.configure.jwt;

import com.supwisdom.infras.security.authentication.JwtAuthenticationToken;
import com.supwisdom.infras.security.cert.CertUtil;
import com.supwisdom.infras.security.configure.jwt.util.HttpUtil;
import com.supwisdom.infras.security.core.userdetails.InfrasUser;
import com.supwisdom.infras.security.utils.JWTValidateUtil;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.Jwts;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.UnsupportedEncodingException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.InvalidKeySpecException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.codec.binary.Base64;
import org.apache.http.HttpResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.web.filter.OncePerRequestFilter;

/* loaded from: input_file:com/supwisdom/infras/security/configure/jwt/JWTAuthenticationTokenFilter.class */
public class JWTAuthenticationTokenFilter extends OncePerRequestFilter {
    private static final Logger logger = LoggerFactory.getLogger(JWTAuthenticationTokenFilter.class);

    @Value("${infras.security.jwt.token.authorization.prefix:Bearer}")
    private String authorizationPrefix;

    @Value("${infras.security.jwt.token.generate.type:jwt}")
    private String generateType;

    @Value("${infras.security.jwt.token.decrypt.key.private-key-pem-pkcs8:}")
    private String decryptKeyPrivateKeyPemPKCS8;
    private RSAPrivateKey appRSAPrivateKey;

    @Value("${infras.security.jwt.token.signing.key.url:http://localhost:8080/cas/jwt/publicKey}")
    private String signingKeyUrl;
    private RSAPublicKey casRSAPublicKey;
    private UserDetailsService userDetailsService;
    private JWTValidateUtil jwtValidateUtil;

    public JWTAuthenticationTokenFilter(UserDetailsService userDetailsService, JWTValidateUtil jWTValidateUtil) {
        this.userDetailsService = userDetailsService;
        this.jwtValidateUtil = jWTValidateUtil;
    }

    protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
        String decyptToken;
        InfrasUser infrasUserFromToken;
        String str = null;
        String parameter = httpServletRequest.getParameter("token");
        logger.debug("authParamter is [{}]", parameter);
        if (parameter != null && !parameter.isEmpty()) {
            str = parameter;
        }
        if (str == null) {
            String header = httpServletRequest.getHeader("Authorization");
            logger.debug("authHeader is [{}]", header);
            if (header != null && header.toLowerCase().startsWith(this.authorizationPrefix.toLowerCase())) {
                str = header.substring(this.authorizationPrefix.length() + 1);
            }
        }
        if (str == null && "cas".equals(this.generateType)) {
            String str2 = null;
            String parameter2 = httpServletRequest.getParameter("idToken");
            logger.debug("idTokenParamterValue is [{}]", parameter2);
            if (parameter2 != null && !parameter2.isEmpty()) {
                str2 = parameter2;
            }
            if (str2 == null) {
                String header2 = httpServletRequest.getHeader("X-Id-Token");
                logger.debug("idTokenHeaderValue is [{}]", header2);
                if (header2 != null && !header2.isEmpty()) {
                    str2 = header2;
                }
            }
            logger.debug("idToken is [{}]", str2);
            if (str2 != null && !str2.isEmpty()) {
                str = str2;
            }
        }
        logger.debug("authToken is [{}]", str);
        if (str != null && !str.isEmpty() && (infrasUserFromToken = getInfrasUserFromToken((decyptToken = decyptToken(str)))) != null) {
            SecurityContextHolder.getContext().setAuthentication(new JwtAuthenticationToken(infrasUserFromToken, decyptToken, infrasUserFromToken.getAuthorities(), infrasUserFromToken.getAttributes()));
        }
        filterChain.doFilter(httpServletRequest, httpServletResponse);
    }

    private String decyptToken(String str) {
        byte[] doFinal;
        if ("cas".equals(this.generateType) && !str.contains(".")) {
            if (this.appRSAPrivateKey == null && this.decryptKeyPrivateKeyPemPKCS8 != null && this.decryptKeyPrivateKeyPemPKCS8.length() > 0) {
                try {
                    this.appRSAPrivateKey = CertUtil.stringToPrivateKey(this.decryptKeyPrivateKeyPemPKCS8);
                } catch (NoSuchAlgorithmException e) {
                    e.printStackTrace();
                } catch (InvalidKeySpecException e2) {
                    e2.printStackTrace();
                }
            }
            if (this.appRSAPrivateKey != null) {
                try {
                    Cipher cipher = Cipher.getInstance(CertUtil.KEY_ALGORITHM);
                    cipher.init(2, this.appRSAPrivateKey);
                    int bitLength = this.appRSAPrivateKey.getModulus().bitLength() / 8;
                    byte[] decodeBase64 = Base64.decodeBase64(str);
                    int length = decodeBase64.length;
                    int i = 0;
                    byte[] bArr = new byte[0];
                    byte[] bArr2 = new byte[0];
                    while (length - i > 0) {
                        if (length - i > bitLength) {
                            doFinal = cipher.doFinal(decodeBase64, i, bitLength);
                            i += bitLength;
                        } else {
                            doFinal = cipher.doFinal(decodeBase64, i, length - i);
                            i = length;
                        }
                        bArr = Arrays.copyOf(bArr, bArr.length + doFinal.length);
                        System.arraycopy(doFinal, 0, bArr, bArr.length - doFinal.length, doFinal.length);
                    }
                    str = new String(bArr);
                } catch (InvalidKeyException e3) {
                    e3.printStackTrace();
                } catch (NoSuchAlgorithmException e4) {
                    e4.printStackTrace();
                } catch (BadPaddingException e5) {
                    e5.printStackTrace();
                } catch (IllegalBlockSizeException e6) {
                    e6.printStackTrace();
                } catch (NoSuchPaddingException e7) {
                    e7.printStackTrace();
                }
            }
        }
        return str;
    }

    private Claims getClaimsFromToken(String str) {
        if (this.signingKeyUrl != null && this.signingKeyUrl.length() > 0 && this.casRSAPublicKey == null) {
            String str2 = null;
            HttpResponse httpResponse = null;
            try {
                try {
                    try {
                        httpResponse = HttpUtil.executeGet(this.signingKeyUrl);
                        StringBuilder sb = new StringBuilder();
                        BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(httpResponse.getEntity().getContent(), "UTF-8"), 8192);
                        while (true) {
                            String readLine = bufferedReader.readLine();
                            if (readLine == null) {
                                break;
                            }
                            sb.append(readLine);
                        }
                        logger.debug("Fetch response [{}]", sb.toString());
                        str2 = sb.toString();
                        if (httpResponse != null) {
                            HttpUtil.close(httpResponse);
                        }
                    } catch (UnsupportedOperationException e) {
                        e.printStackTrace();
                        if (httpResponse != null) {
                            HttpUtil.close(httpResponse);
                        }
                    }
                } catch (UnsupportedEncodingException e2) {
                    e2.printStackTrace();
                    if (httpResponse != null) {
                        HttpUtil.close(httpResponse);
                    }
                } catch (IOException e3) {
                    e3.printStackTrace();
                    if (httpResponse != null) {
                        HttpUtil.close(httpResponse);
                    }
                }
                if (str2 != null) {
                    try {
                        this.casRSAPublicKey = CertUtil.stringToPublicKey(str2);
                    } catch (NoSuchAlgorithmException e4) {
                        e4.printStackTrace();
                    } catch (InvalidKeySpecException e5) {
                        e5.printStackTrace();
                    }
                }
            } catch (Throwable th) {
                if (httpResponse != null) {
                    HttpUtil.close(httpResponse);
                }
                throw th;
            }
        }
        Claims claims = null;
        if (this.casRSAPublicKey != null) {
            try {
                claims = (Claims) Jwts.parser().setSigningKey(this.casRSAPublicKey).parseClaimsJws(str).getBody();
            } catch (Exception e6) {
                claims = null;
                this.casRSAPublicKey = null;
            }
        }
        return claims != null ? claims : this.jwtValidateUtil.getClaimsFromToken(str);
    }

    private InfrasUser getInfrasUserFromToken(String str) {
        String str2;
        try {
            str2 = getClaimsFromToken(str).getSubject();
        } catch (Exception e) {
            str2 = null;
        }
        if (str2 == null) {
            return null;
        }
        InfrasUser loadUserByUsername = this.userDetailsService.loadUserByUsername(str2);
        if (InfrasUser.class.isInstance(loadUserByUsername)) {
            return loadUserByUsername;
        }
        InfrasUser infrasUser = new InfrasUser(str2, str, new ArrayList(loadUserByUsername.getAuthorities()), getAttributesFromToken(str));
        infrasUser.eraseCredentials();
        return infrasUser;
    }

    private String getUsernameFromToken(String str) {
        String str2;
        try {
            str2 = getClaimsFromToken(str).getSubject();
        } catch (Exception e) {
            str2 = null;
        }
        return str2;
    }

    private List<GrantedAuthority> getAuthoritiesFromToken(String str) {
        ArrayList arrayList = new ArrayList();
        try {
            for (String str2 : ((String) getClaimsFromToken(str).get("ROLES", String.class)).split(",")) {
                arrayList.add(new SimpleGrantedAuthority(str2));
            }
        } catch (Exception e) {
            arrayList = new ArrayList();
        }
        return arrayList;
    }

    private Map<String, Object> getAttributesFromToken(String str) {
        HashMap hashMap = new HashMap();
        try {
            Claims claimsFromToken = getClaimsFromToken(str);
            for (String str2 : claimsFromToken.keySet()) {
                if (str2.startsWith("ATTR_")) {
                    hashMap.put(str2.substring(5), claimsFromToken.get(str2));
                }
            }
        } catch (Exception e) {
            hashMap = new HashMap();
        }
        return hashMap;
    }
}
