package com.supwisdom.insititute.token.server.federation.domain.web.authentication;

import com.alibaba.fastjson.JSON;
import com.supwisdom.insititute.token.server.account.domain.entity.Account;
import com.supwisdom.insititute.token.server.core.state.State;
import com.supwisdom.insititute.token.server.core.state.StateStore;
import com.supwisdom.insititute.token.server.federation.domain.entity.Federation;
import com.supwisdom.insititute.token.server.federation.domain.federated.FederatedUserinfo;
import com.supwisdom.insititute.token.server.federation.domain.service.FederationRetriever;
import com.supwisdom.insititute.token.server.federation.webapi.controller.FederatedController;
import com.supwisdom.insititute.token.server.security.domain.authentication.FederationLoginAuthenticationToken;
import com.supwisdom.insititute.token.server.security.domain.authentication.TokenAuthenticationEventPublisher;
import com.supwisdom.insititute.token.server.security.domain.authx.log.enums.AuthnFailReason;
import com.supwisdom.insititute.token.server.security.domain.core.userdetails.TokenUser;
import com.supwisdom.insititute.token.server.security.domain.core.userdetails.TokenUserConverter;
import com.supwisdom.insititute.token.server.security.domain.validator.AccountStatusValidator;
import java.io.IOException;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.springframework.context.support.MessageSourceAccessor;
import org.springframework.http.HttpStatus;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.security.web.util.matcher.RequestMatcher;
import org.springframework.util.Assert;
import org.springframework.web.filter.GenericFilterBean;

/* loaded from: input_file:BOOT-INF/lib/token-server-federation-domain-1.7.4-RELEASE.jar:com/supwisdom/insititute/token/server/federation/domain/web/authentication/FederationLoginAuthenticationFilter.class */
public class FederationLoginAuthenticationFilter extends GenericFilterBean {
    private static final String FEDERATED_STATE_KEY_PREFIX = "FEDERATED_STATE";
    private TokenAuthenticationEventPublisher eventPublisher;
    private MessageSourceAccessor messageSourceAccessor;
    private AccountStatusValidator accountStatusValidator;
    private StateStore redisStateStore;
    private UserDetailsService userDetailsService;
    private TokenUserConverter tokenUserConverter;
    private FederationRetriever redisFederationRetriever;
    private FederationRetriever remoteFederationRetriever;
    private RequestMatcher requiresAuthenticationRequestMatcher = new AntPathRequestMatcher(FederatedController.LOGIN_ENDPOINT, "POST");

    public FederationLoginAuthenticationFilter(String str) {
        setFilterProcessesUrl(str);
    }

    public void setFilterProcessesUrl(String str) {
        setRequiresAuthenticationRequestMatcher(new AntPathRequestMatcher(str, "POST"));
    }

    public final void setRequiresAuthenticationRequestMatcher(RequestMatcher requestMatcher) {
        Assert.notNull(requestMatcher, "requestMatcher cannot be null");
        this.requiresAuthenticationRequestMatcher = requestMatcher;
    }

    @Override // org.springframework.web.filter.GenericFilterBean, org.springframework.beans.factory.InitializingBean
    public void afterPropertiesSet() throws ServletException {
        super.afterPropertiesSet();
        Assert.notNull(this.redisStateStore, "A StateStore is required");
        Assert.notNull(this.userDetailsService, "A UserDetailsService is required");
        Assert.notNull(this.tokenUserConverter, "An TokenUserConverter is required");
        Assert.notNull(this.redisFederationRetriever, "A RedisFederationRetriever is required");
        Assert.notNull(this.remoteFederationRetriever, "A RemoteFederationRetriever is required");
    }

    @Override // javax.servlet.Filter
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        if (!requiresAuthentication(httpServletRequest, httpServletResponse)) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("Request is to process authentication");
        }
        doFilterInternal(httpServletRequest, httpServletResponse, filterChain);
    }

    protected boolean requiresAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        return this.requiresAuthenticationRequestMatcher.matches(httpServletRequest);
    }

    protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
        UserDetails loadUserByUsername;
        String parameter = httpServletRequest.getParameter("nonce");
        if (parameter == null || parameter.isEmpty()) {
            httpServletResponse.sendError(HttpStatus.BAD_REQUEST.value(), this.messageSourceAccessor.getMessage("request.parameter.error"));
            return;
        }
        State loadState = this.redisStateStore.loadState(FEDERATED_STATE_KEY_PREFIX, parameter);
        if (loadState == null) {
            httpServletResponse.sendError(HttpStatus.BAD_REQUEST.value(), this.messageSourceAccessor.getMessage("FederationLoginAuthenticationFilter.state.error.empty", "Bad request"));
            return;
        }
        this.logger.debug("federatedLogin.stateData is " + JSON.toJSONString(loadState.getStateData()));
        String parameter2 = httpServletRequest.getParameter("appId");
        String parameter3 = httpServletRequest.getParameter("deviceId");
        if (StringUtils.isBlank(parameter2)) {
            parameter2 = loadState.getString("appId");
        }
        if (StringUtils.isBlank(parameter3)) {
            parameter3 = loadState.getString("deviceId");
        }
        if (!loadState.containsKey("federatedUserInfo")) {
            httpServletResponse.sendError(HttpStatus.BAD_REQUEST.value(), this.messageSourceAccessor.getMessage("FederationLoginAuthenticationFilter.state.error.userinfo.not.exist", "Bad request"));
            return;
        }
        String string = loadState.getString("federatedUserInfo");
        if (string == null) {
            httpServletResponse.sendError(HttpStatus.BAD_REQUEST.value(), this.messageSourceAccessor.getMessage("FederationLoginAuthenticationFilter.state.error.userinfo.is.null", "Bad request"));
            return;
        }
        FederatedUserinfo federatedUserinfo = (FederatedUserinfo) JSON.parseObject(string).toJavaObject(FederatedUserinfo.class);
        if (federatedUserinfo == null) {
            httpServletResponse.sendError(HttpStatus.BAD_REQUEST.value(), this.messageSourceAccessor.getMessage("FederationLoginAuthenticationFilter.state.error.userinfo.parsejson.error", "Bad request"));
            return;
        }
        Map<String, Object> externalInfo = federatedUserinfo.getExternalInfo();
        String federatedType = federatedUserinfo.getFederatedType();
        String federatedId = federatedUserinfo.getFederatedId();
        federatedUserinfo.getName();
        federatedUserinfo.getLogo();
        String str = null;
        if (externalInfo != null && !externalInfo.isEmpty()) {
            if (externalInfo.containsKey("wxType")) {
                String.valueOf(externalInfo.get("wxType"));
            }
            if (externalInfo.containsKey("openid")) {
                str = String.valueOf(externalInfo.get("openid"));
            }
        }
        Federation federation = null;
        if (this.redisFederationRetriever != null) {
            federation = this.redisFederationRetriever.loadByFederatedTypeId(federatedType, federatedId);
        }
        if (federation == null && this.remoteFederationRetriever != null) {
            federation = this.remoteFederationRetriever.loadByFederatedTypeId(federatedType, federatedId);
            if (federation == null && StringUtils.isNotBlank(str)) {
                federation = this.remoteFederationRetriever.loadByFederatedTypeId(federatedType, str);
            }
        }
        if (federation == null) {
            this.logger.debug("federation is null");
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        this.logger.debug("federation is " + federation.toString());
        String userId = federation.getUserId();
        if (StringUtils.isBlank(userId)) {
            userId = federation.getUserNo();
        }
        FederationLoginAuthenticationToken federationLoginAuthenticationToken = new FederationLoginAuthenticationToken(federatedType, federatedId, userId);
        try {
            String userId2 = federation.getUserId();
            if (StringUtils.isBlank(userId2)) {
                userId2 = federation.getUserNo();
                loadUserByUsername = this.userDetailsService.loadUserByUsername("{USERNO}" + userId2);
            } else {
                loadUserByUsername = this.userDetailsService.loadUserByUsername("{USERID}" + userId2);
            }
            if (loadUserByUsername == null) {
                throw new UsernameNotFoundException(String.format("%s not found", userId2));
            }
            TokenUser convertFromUserDetails = loadUserByUsername instanceof TokenUser ? (TokenUser) loadUserByUsername : this.tokenUserConverter.convertFromUserDetails(loadUserByUsername);
            this.logger.debug("loadUserByUsername, tokenUser is " + JSON.toJSONString(convertFromUserDetails));
            String parameter4 = httpServletRequest.getParameter("accountId");
            if (parameter4 != null && !parameter4.isEmpty()) {
                this.logger.debug("accountId is " + parameter4);
                Iterator<Account> it = convertFromUserDetails.getAccounts().iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    Account next = it.next();
                    if (parameter4.equals(next.getId())) {
                        convertFromUserDetails = this.tokenUserConverter.convertFromAccountEraseCredentials(next);
                        convertFromUserDetails.setAccounts(Arrays.asList(next));
                        break;
                    }
                }
            }
            this.logger.debug("tokenUser is " + JSON.toJSONString(convertFromUserDetails));
            if (convertFromUserDetails == null) {
                String message = this.messageSourceAccessor.getMessage("PasswordlessLoginAuthenticationFilter.userNotFound", "User not found");
                this.eventPublisher.publishAuthenticationFailure(new UsernameNotFoundException(AuthnFailReason.LOGIN_FAILED.name()), federationLoginAuthenticationToken, parameter2, parameter3);
                SecurityContextHolder.clearContext();
                httpServletResponse.sendError(HttpStatus.UNAUTHORIZED.value(), message);
                return;
            }
            try {
                List<Account> accounts = convertFromUserDetails.getAccounts();
                if (accounts != null && accounts.size() == 1) {
                    this.accountStatusValidator.validate(accounts.get(0));
                }
                FederationLoginAuthenticationToken federationLoginAuthenticationToken2 = new FederationLoginAuthenticationToken(federatedType, federatedId, userId, convertFromUserDetails, null, convertFromUserDetails.getAuthorities());
                this.eventPublisher.publishAuthenticationSuccess(federationLoginAuthenticationToken2, parameter2, parameter3);
                SecurityContextHolder.getContext().setAuthentication(federationLoginAuthenticationToken2);
                filterChain.doFilter(httpServletRequest, httpServletResponse);
            } catch (AuthenticationException e) {
                this.eventPublisher.publishAuthenticationFailure(e, new FederationLoginAuthenticationToken(federatedType, federatedId, userId, convertFromUserDetails, null), parameter2, parameter3);
                SecurityContextHolder.clearContext();
                httpServletResponse.sendError(HttpStatus.UNAUTHORIZED.value(), this.messageSourceAccessor.getMessage(e.getMessage()));
            }
        } catch (UsernameNotFoundException e2) {
            String message2 = this.messageSourceAccessor.getMessage("PasswordlessLoginAuthenticationFilter.userNotFound", "User not found");
            this.eventPublisher.publishAuthenticationFailure(new UsernameNotFoundException(AuthnFailReason.LOGIN_FAILED.name()), federationLoginAuthenticationToken, parameter2, parameter3);
            SecurityContextHolder.clearContext();
            httpServletResponse.sendError(HttpStatus.UNAUTHORIZED.value(), message2);
        } catch (AuthenticationException e3) {
            this.eventPublisher.publishAuthenticationFailure(e3, federationLoginAuthenticationToken, parameter2, parameter3);
            SecurityContextHolder.clearContext();
            httpServletResponse.sendError(HttpStatus.UNAUTHORIZED.value(), e3.getMessage());
        }
    }

    public void setEventPublisher(TokenAuthenticationEventPublisher tokenAuthenticationEventPublisher) {
        this.eventPublisher = tokenAuthenticationEventPublisher;
    }

    public void setMessageSourceAccessor(MessageSourceAccessor messageSourceAccessor) {
        this.messageSourceAccessor = messageSourceAccessor;
    }

    public void setAccountStatusValidator(AccountStatusValidator accountStatusValidator) {
        this.accountStatusValidator = accountStatusValidator;
    }

    public void setRedisStateStore(StateStore stateStore) {
        this.redisStateStore = stateStore;
    }

    public void setUserDetailsService(UserDetailsService userDetailsService) {
        this.userDetailsService = userDetailsService;
    }

    public void setTokenUserConverter(TokenUserConverter tokenUserConverter) {
        this.tokenUserConverter = tokenUserConverter;
    }

    public void setRedisFederationRetriever(FederationRetriever federationRetriever) {
        this.redisFederationRetriever = federationRetriever;
    }

    public void setRemoteFederationRetriever(FederationRetriever federationRetriever) {
        this.remoteFederationRetriever = federationRetriever;
    }
}
