package io.github.toquery.framework.security.jwt.filter;

import com.google.common.base.Strings;
import io.github.toquery.framework.security.jwt.JwtTokenUtil;
import io.github.toquery.framework.security.jwt.properties.AppSecurityJwtProperties;
import io.github.toquery.framework.security.properties.AppSecurityProperties;
import io.jsonwebtoken.ExpiredJwtException;
import java.io.IOException;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
import org.springframework.util.AntPathMatcher;
import org.springframework.util.PathMatcher;
import org.springframework.web.filter.OncePerRequestFilter;

/* loaded from: input_file:io/github/toquery/framework/security/jwt/filter/JwtAuthorizationTokenFilter.class */
public class JwtAuthorizationTokenFilter extends OncePerRequestFilter {
    private static final Logger log = LoggerFactory.getLogger(JwtAuthorizationTokenFilter.class);
    private final UserDetailsService userDetailsService;
    private final JwtTokenUtil jwtTokenUtil;
    private final String tokenHeader;
    private final AppSecurityProperties appSecurityProperties;
    private final PathMatcher matcher = new AntPathMatcher();

    public JwtAuthorizationTokenFilter(UserDetailsService userDetailsService, JwtTokenUtil jwtTokenUtil, AppSecurityProperties appSecurityProperties, AppSecurityJwtProperties appSecurityJwtProperties) {
        this.userDetailsService = userDetailsService;
        this.jwtTokenUtil = jwtTokenUtil;
        this.tokenHeader = appSecurityJwtProperties.getHeader();
        this.appSecurityProperties = appSecurityProperties;
    }

    protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
        if (this.appSecurityProperties.getWhitelist().stream().anyMatch(str -> {
            return this.matcher.match(str, httpServletRequest.getRequestURI());
        })) {
            log.info("当前请求 {} 已被设为白名单", httpServletRequest.getRequestURI());
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        log.debug("processing authentication for '{}'", httpServletRequest.getRequestURL());
        String header = httpServletRequest.getHeader(this.tokenHeader);
        String[] parameterValues = httpServletRequest.getParameterValues(this.tokenHeader);
        if (Strings.isNullOrEmpty(header) && parameterValues != null && parameterValues.length > 0 && !Strings.isNullOrEmpty(parameterValues[0])) {
            header = parameterValues[0];
        }
        String str2 = null;
        String str3 = null;
        if (Strings.isNullOrEmpty(header)) {
            log.warn("couldn't find bearer string, will ignore the header");
        } else {
            if (header.startsWith("Bearer ")) {
                str3 = header.substring(7);
            }
            try {
                str2 = this.jwtTokenUtil.getUsernameFromToken(str3);
            } catch (ExpiredJwtException e) {
                log.warn("the token is expired and not valid anymore", e);
            } catch (IllegalArgumentException e2) {
                log.error("an error occured during getting username from token", e2);
            }
        }
        log.debug("checking authentication for user '{}'", str2);
        if (str2 != null && SecurityContextHolder.getContext().getAuthentication() == null) {
            log.debug("security context was null, so authorizating user");
            UserDetails loadUserByUsername = this.userDetailsService.loadUserByUsername(str2);
            if (this.jwtTokenUtil.validateToken(str3, loadUserByUsername).booleanValue()) {
                UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken(loadUserByUsername, (Object) null, loadUserByUsername.getAuthorities());
                usernamePasswordAuthenticationToken.setDetails(new WebAuthenticationDetailsSource().buildDetails(httpServletRequest));
                log.info("authorizated user '{}', setting security context", str2);
                SecurityContextHolder.getContext().setAuthentication(usernamePasswordAuthenticationToken);
            }
        }
        filterChain.doFilter(httpServletRequest, httpServletResponse);
    }
}
