package com.inspur.frame.security;

import com.inspur.frame.exception.TinyResponseException;
import com.inspur.frame.utils.FramePubConfig;
import io.jsonwebtoken.Claims;
import io.jsonwebtoken.JwtException;
import io.jsonwebtoken.SignatureAlgorithm;
import java.security.Key;
import java.util.Arrays;
import java.util.Optional;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.util.AntPathMatcher;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.HandlerInterceptor;

/* loaded from: input_file:com/inspur/frame/security/JwtFilter.class */
public class JwtFilter implements HandlerInterceptor {
    private static final Logger log = LoggerFactory.getLogger(JwtFilter.class);
    private static final String AUTH_PREFIX = "/api/";
    private TinyConfiguration tinyConfiguration;
    private Key key;

    /* renamed from: com.inspur.frame.security.JwtFilter$1, reason: invalid class name */
    /* loaded from: input_file:com/inspur/frame/security/JwtFilter$1.class */
    static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$io$jsonwebtoken$SignatureAlgorithm = new int[SignatureAlgorithm.values().length];

        static {
            try {
                $SwitchMap$io$jsonwebtoken$SignatureAlgorithm[SignatureAlgorithm.HS256.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$io$jsonwebtoken$SignatureAlgorithm[SignatureAlgorithm.HS384.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$io$jsonwebtoken$SignatureAlgorithm[SignatureAlgorithm.HS512.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$io$jsonwebtoken$SignatureAlgorithm[SignatureAlgorithm.RS256.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
            try {
                $SwitchMap$io$jsonwebtoken$SignatureAlgorithm[SignatureAlgorithm.RS384.ordinal()] = 5;
            } catch (NoSuchFieldError e5) {
            }
            try {
                $SwitchMap$io$jsonwebtoken$SignatureAlgorithm[SignatureAlgorithm.RS512.ordinal()] = 6;
            } catch (NoSuchFieldError e6) {
            }
        }
    }

    public JwtFilter(TinyConfiguration tinyConfiguration) {
        this.tinyConfiguration = tinyConfiguration;
        String algorithm = tinyConfiguration.getSecurity().getJwt().getAlgorithm();
        switch (AnonymousClass1.$SwitchMap$io$jsonwebtoken$SignatureAlgorithm[SignatureAlgorithm.forName(algorithm).ordinal()]) {
            case 1:
            case 2:
            case 3:
                String secret = tinyConfiguration.getSecurity().getJwt().getSecret();
                if (StringUtils.isBlank(secret)) {
                    log.error("JWT签名算法{}需要设置tiny.security.jwt.secret", algorithm);
                    return;
                }
                try {
                    this.key = SecurityUtil.generateSecretKey(secret, algorithm).get();
                    return;
                } catch (Exception e) {
                    log.error("生成密钥出错：{}", e.getMessage());
                    return;
                }
            case 4:
            case 5:
            case 6:
                String publicKey = tinyConfiguration.getSecurity().getJwt().getPublicKey();
                if (StringUtils.isBlank(publicKey)) {
                    log.error("JWT签名算法{}需要设置tiny.security.jwt.publicKey", algorithm);
                    return;
                }
                try {
                    this.key = SecurityUtil.generatePublicKey(publicKey).get();
                    return;
                } catch (Exception e2) {
                    log.error("生成公钥出错：{}", e2.getMessage());
                    return;
                }
            default:
                log.warn("JWT签名算法不被支持");
                return;
        }
    }

    private boolean excludeUri(String str) {
        String[] excludes = this.tinyConfiguration.getSecurity().getExcludes();
        AntPathMatcher antPathMatcher = new AntPathMatcher();
        return null != excludes && Arrays.stream(excludes).anyMatch(str2 -> {
            return antPathMatcher.match(str2, str);
        });
    }

    private boolean authPrefixs(HttpServletRequest httpServletRequest) {
        String[] authPrefixs = this.tinyConfiguration.getSecurity().getAuthPrefixs();
        if (authPrefixs == null) {
            return false;
        }
        for (String str : authPrefixs) {
            if (httpServletRequest.getRequestURI().startsWith(str) || httpServletRequest.getRequestURI().startsWith(httpServletRequest.getContextPath() + str)) {
                return true;
            }
        }
        return false;
    }

    public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj) throws Exception {
        String resolveToken = resolveToken(httpServletRequest);
        if (!(obj instanceof HandlerMethod)) {
            log.warn("JwtFilter===preHandle===not===HandlerMethod===");
            return true;
        }
        if (FramePubConfig.N.equals(this.tinyConfiguration.getSecurity().getOpenValidate())) {
            return true;
        }
        HandlerMethod handlerMethod = (HandlerMethod) obj;
        JwtFlag jwtFlag = (JwtFlag) handlerMethod.getMethodAnnotation(JwtFlag.class);
        JwtFlag jwtFlag2 = (JwtFlag) handlerMethod.getMethod().getDeclaringClass().getAnnotation(JwtFlag.class);
        boolean z = false;
        if (jwtFlag2 != null) {
            z = jwtFlag2.inUse();
        }
        if (jwtFlag != null) {
            z = jwtFlag.inUse();
        }
        if (!z) {
            log.warn("依照TinyFramework约定：本次访问的路径{}不做权限限制", httpServletRequest.getRequestURI());
            return true;
        }
        try {
            if (resolveToken == null) {
                httpServletResponse.setStatus(401);
                return false;
            }
            try {
                log.info("需要解密token==={}", resolveToken);
                resolveToken = DESUtil.decryption(resolveToken, "QWer12#$");
                log.info("解密后的token为:==={}", resolveToken);
            } catch (Exception e) {
                log.error("DES解密token报错===jwt==={}", resolveToken, e);
            }
            Optional<Claims> parseToken = SecurityUtil.parseToken(resolveToken, this.key);
            if (!parseToken.isPresent()) {
                httpServletResponse.setStatus(401);
                return false;
            }
            Claims claims = parseToken.get();
            httpServletRequest.setAttribute(PredefinedHeaderKey.AUTH_USER_INFO, claims);
            httpServletRequest.setAttribute("TINY-AUTH-USERACCOUNT", claims.getSubject());
            httpServletRequest.setAttribute(PredefinedHeaderKey.AUTHORIZATION_HEADER, httpServletRequest.getHeader(PredefinedHeaderKey.AUTHORIZATION_HEADER));
            httpServletRequest.setAttribute(PredefinedHeaderKey.TX_CONTEXT, httpServletRequest.getHeader(PredefinedHeaderKey.TX_CONTEXT));
            return true;
        } catch (JwtException e2) {
            log.error("JwtException===jwt==={}", resolveToken, e2);
            throw new TinyResponseException(ResponseCode.VALIDATE_FAILED);
        }
    }

    private String resolveToken(HttpServletRequest httpServletRequest) {
        String header = httpServletRequest.getHeader(PredefinedHeaderKey.AUTHORIZATION_HEADER);
        if (StringUtils.isNotBlank(header)) {
            return header.startsWith(PredefinedHeaderKey.BEARER_STARTSTR) ? header.substring(7, header.length()) : header;
        }
        return null;
    }
}
