package com.supwisdom.insititute.token.server.passwordless.domain.web.authentication;

import com.alibaba.fastjson.JSONObject;
import com.supwisdom.insititute.token.server.account.domain.entity.Account;
import com.supwisdom.insititute.token.server.core.state.State;
import com.supwisdom.insititute.token.server.core.state.StateStore;
import com.supwisdom.insititute.token.server.security.domain.authentication.PasswordlessLoginAuthenticationToken;
import com.supwisdom.insititute.token.server.security.domain.authentication.TokenAuthenticationEventPublisher;
import com.supwisdom.insititute.token.server.security.domain.authx.log.enums.AuthnFailReason;
import com.supwisdom.insititute.token.server.security.domain.core.userdetails.TokenUser;
import com.supwisdom.insititute.token.server.security.domain.core.userdetails.TokenUserConverter;
import com.supwisdom.insititute.token.server.security.domain.validator.AccountStatusValidator;
import java.io.IOException;
import java.util.List;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.context.support.MessageSourceAccessor;
import org.springframework.http.HttpStatus;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.security.web.util.matcher.RequestMatcher;
import org.springframework.util.Assert;
import org.springframework.web.filter.GenericFilterBean;

/* loaded from: input_file:BOOT-INF/lib/token-server-passwordless-domain-1.6.6-SNAPSHOT.jar:com/supwisdom/insititute/token/server/passwordless/domain/web/authentication/PasswordlessLoginAuthenticationFilter.class */
public class PasswordlessLoginAuthenticationFilter extends GenericFilterBean {
    private static final String PASSWORDLESS_TOKEN_KEY_PREFIX = "PASSWORDLESS_TOKEN";
    private TokenAuthenticationEventPublisher eventPublisher;
    private MessageSourceAccessor messageSourceAccessor;
    private AccountStatusValidator accountStatusValidator;
    private StateStore redisStateStore;
    private UserDetailsService userDetailsService;
    private TokenUserConverter tokenUserConverter;
    private RequestMatcher requiresAuthenticationRequestMatcher = new AntPathRequestMatcher("/passwordless/smsLogin", "POST");

    public PasswordlessLoginAuthenticationFilter(String str) {
        setFilterProcessesUrl(str);
    }

    public void setFilterProcessesUrl(String str) {
        setRequiresAuthenticationRequestMatcher(new AntPathRequestMatcher(str, "POST"));
    }

    public final void setRequiresAuthenticationRequestMatcher(RequestMatcher requestMatcher) {
        Assert.notNull(requestMatcher, "requestMatcher cannot be null");
        this.requiresAuthenticationRequestMatcher = requestMatcher;
    }

    @Override // org.springframework.web.filter.GenericFilterBean, org.springframework.beans.factory.InitializingBean
    public void afterPropertiesSet() throws ServletException {
        super.afterPropertiesSet();
        Assert.notNull(this.redisStateStore, "A StateStore is required");
        Assert.notNull(this.userDetailsService, "A UserDetailsService is required");
        Assert.notNull(this.tokenUserConverter, "An TokenUserConverter is required");
    }

    @Override // javax.servlet.Filter
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        if (!requiresAuthentication(httpServletRequest, httpServletResponse)) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("Request is to process authentication");
        }
        doFilterInternal(httpServletRequest, httpServletResponse, filterChain);
    }

    protected boolean requiresAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        return this.requiresAuthenticationRequestMatcher.matches(httpServletRequest);
    }

    protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
        String parameter = httpServletRequest.getParameter("nonce");
        String parameter2 = httpServletRequest.getParameter("mobile");
        String parameter3 = httpServletRequest.getParameter("smscode");
        if (parameter == null || parameter.isEmpty()) {
            httpServletResponse.sendError(HttpStatus.BAD_REQUEST.value(), this.messageSourceAccessor.getMessage("request.parameter.error"));
            return;
        }
        if (parameter2 == null || parameter2.isEmpty()) {
            httpServletResponse.sendError(HttpStatus.BAD_REQUEST.value(), this.messageSourceAccessor.getMessage("request.parameter.error"));
            return;
        }
        if (parameter3 == null || parameter3.isEmpty()) {
            httpServletResponse.sendError(HttpStatus.BAD_REQUEST.value(), this.messageSourceAccessor.getMessage("request.parameter.error"));
            return;
        }
        State loadState = this.redisStateStore.loadState(PASSWORDLESS_TOKEN_KEY_PREFIX, parameter);
        if (loadState == null) {
            httpServletResponse.sendError(HttpStatus.BAD_REQUEST.value(), this.messageSourceAccessor.getMessage("PasswordlessLoginAuthenticationFilter.state.error.empty", "Bad request"));
            return;
        }
        if (!parameter2.equals(loadState.getString("mobile"))) {
            httpServletResponse.sendError(HttpStatus.BAD_REQUEST.value(), this.messageSourceAccessor.getMessage("PasswordlessLoginAuthenticationFilter.state.error.mobile.not.equals", "Mobile not matched"));
            return;
        }
        if (!loadState.containsKey("smsSend") || !loadState.getBoolean("smsSend")) {
            httpServletResponse.sendError(HttpStatus.BAD_REQUEST.value(), this.messageSourceAccessor.getMessage("PasswordlessLoginAuthenticationFilter.state.error.smscode.not.sent", "Sms Code not sent"));
            return;
        }
        int errorCount = loadState.getErrorCount();
        if (errorCount < 0 || errorCount >= 5) {
            this.redisStateStore.expireState(PASSWORDLESS_TOKEN_KEY_PREFIX, parameter);
            httpServletResponse.sendError(HttpStatus.BAD_REQUEST.value(), this.messageSourceAccessor.getMessage("PasswordlessLoginAuthenticationFilter.state.error.count.gt.5", "Bad request"));
            return;
        }
        long j = 0;
        String str = null;
        if (loadState.containsKey("token")) {
            JSONObject parseObject = JSONObject.parseObject(loadState.getString("token"));
            j = parseObject.getLongValue("timestamp");
            str = parseObject.getString("token");
        }
        long currentTimeMillis = System.currentTimeMillis();
        if (currentTimeMillis - j < -300000 || currentTimeMillis - j > 300000) {
            this.redisStateStore.expireState(PASSWORDLESS_TOKEN_KEY_PREFIX, parameter);
            httpServletResponse.sendError(HttpStatus.BAD_REQUEST.value(), this.messageSourceAccessor.getMessage("PasswordlessLoginAuthenticationFilter.state.error.smscode.not.expire", "Sms Code expire"));
            return;
        }
        PasswordlessLoginAuthenticationToken passwordlessLoginAuthenticationToken = new PasswordlessLoginAuthenticationToken(parameter2, parameter3);
        try {
            UserDetails loadUserByUsername = this.userDetailsService.loadUserByUsername("{MOBILE}" + parameter2);
            TokenUser convertFromUserDetails = loadUserByUsername instanceof TokenUser ? (TokenUser) loadUserByUsername : this.tokenUserConverter.convertFromUserDetails(loadUserByUsername);
            if (convertFromUserDetails == null) {
                String message = this.messageSourceAccessor.getMessage("PasswordlessLoginAuthenticationFilter.mobileNotFound", "Mobile not found");
                this.eventPublisher.publishAuthenticationFailure(new UsernameNotFoundException(AuthnFailReason.LOGIN_FAILED.name()), passwordlessLoginAuthenticationToken, httpServletRequest);
                SecurityContextHolder.clearContext();
                httpServletResponse.sendError(HttpStatus.UNAUTHORIZED.value(), message);
                return;
            }
            if (!parameter3.equals(str)) {
                this.redisStateStore.updateStateErrorCount(PASSWORDLESS_TOKEN_KEY_PREFIX, parameter, errorCount + 1);
                String message2 = this.messageSourceAccessor.getMessage("PasswordlessLoginAuthenticationFilter.smscodeNotVerify", "Sms Code error");
                this.eventPublisher.publishAuthenticationFailure(new BadCredentialsException(AuthnFailReason.LOGIN_FAILED.name()), new PasswordlessLoginAuthenticationToken(parameter2, parameter3, convertFromUserDetails, null), httpServletRequest);
                httpServletResponse.sendError(HttpStatus.UNAUTHORIZED.value(), message2);
                return;
            }
            try {
                List<Account> accounts = convertFromUserDetails.getAccounts();
                if (accounts != null && accounts.size() == 1) {
                    this.accountStatusValidator.validate(accounts.get(0));
                }
                this.redisStateStore.expireState(PASSWORDLESS_TOKEN_KEY_PREFIX, parameter);
                PasswordlessLoginAuthenticationToken passwordlessLoginAuthenticationToken2 = new PasswordlessLoginAuthenticationToken(parameter2, parameter3, convertFromUserDetails, null, convertFromUserDetails.getAuthorities());
                this.eventPublisher.publishAuthenticationSuccess(passwordlessLoginAuthenticationToken2, httpServletRequest);
                SecurityContextHolder.getContext().setAuthentication(passwordlessLoginAuthenticationToken2);
                filterChain.doFilter(httpServletRequest, httpServletResponse);
            } catch (AuthenticationException e) {
                this.eventPublisher.publishAuthenticationFailure(e, new PasswordlessLoginAuthenticationToken(parameter2, parameter3, convertFromUserDetails, null), httpServletRequest);
                SecurityContextHolder.clearContext();
                httpServletResponse.sendError(HttpStatus.UNAUTHORIZED.value(), this.messageSourceAccessor.getMessage(e.getMessage()));
            }
        } catch (UsernameNotFoundException e2) {
            String message3 = this.messageSourceAccessor.getMessage("PasswordlessLoginAuthenticationFilter.mobileNotFound", "Mobile not found");
            this.eventPublisher.publishAuthenticationFailure(new UsernameNotFoundException(AuthnFailReason.LOGIN_FAILED.name()), passwordlessLoginAuthenticationToken, httpServletRequest);
            SecurityContextHolder.clearContext();
            httpServletResponse.sendError(HttpStatus.UNAUTHORIZED.value(), message3);
        } catch (AuthenticationException e3) {
            this.eventPublisher.publishAuthenticationFailure(e3, passwordlessLoginAuthenticationToken, httpServletRequest);
            SecurityContextHolder.clearContext();
            httpServletResponse.sendError(HttpStatus.UNAUTHORIZED.value(), e3.getMessage());
        }
    }

    public void setEventPublisher(TokenAuthenticationEventPublisher tokenAuthenticationEventPublisher) {
        this.eventPublisher = tokenAuthenticationEventPublisher;
    }

    public void setMessageSourceAccessor(MessageSourceAccessor messageSourceAccessor) {
        this.messageSourceAccessor = messageSourceAccessor;
    }

    public void setAccountStatusValidator(AccountStatusValidator accountStatusValidator) {
        this.accountStatusValidator = accountStatusValidator;
    }

    public void setRedisStateStore(StateStore stateStore) {
        this.redisStateStore = stateStore;
    }

    public void setUserDetailsService(UserDetailsService userDetailsService) {
        this.userDetailsService = userDetailsService;
    }

    public void setTokenUserConverter(TokenUserConverter tokenUserConverter) {
        this.tokenUserConverter = tokenUserConverter;
    }
}
