package com.jxdinfo.hussar.support.security.integration.authentication.interceptors;

import com.jxdinfo.hussar.platform.core.utils.HussarUtils;
import com.jxdinfo.hussar.support.security.core.context.model.SecurityRequest;
import com.jxdinfo.hussar.support.security.core.handler.InnerHandler;
import com.jxdinfo.hussar.support.security.core.id.SecurityIdUtil;
import com.jxdinfo.hussar.support.security.core.router.SecurityRouter;
import com.jxdinfo.hussar.support.security.plugin.oauth2.SecurityOAuth2Manager;
import com.jxdinfo.hussar.support.security.plugin.oauth2.config.SecurityOAuth2Config;
import com.jxdinfo.hussar.support.security.plugin.oauth2.exception.SecurityOAuth2Exception;
import com.jxdinfo.hussar.support.security.servlet.model.SecurityRequestForServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.HandlerInterceptor;

/* loaded from: input_file:BOOT-INF/lib/hussar-security-integration-authentication-0.0.7-cus-zhongqi.jar:com/jxdinfo/hussar/support/security/integration/authentication/interceptors/SecurityIsoloateInternetInterceptor.class */
public class SecurityIsoloateInternetInterceptor implements HandlerInterceptor {
    @Override // org.springframework.web.servlet.HandlerInterceptor
    public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj) throws Exception {
        SecurityOAuth2Config config = SecurityOAuth2Manager.getConfig();
        if (!config.isEnableIsoloate()) {
            return true;
        }
        SecurityRequestForServlet securityRequestForServlet = new SecurityRequestForServlet(httpServletRequest);
        if (isPass(securityRequestForServlet, obj, config)) {
            return true;
        }
        SecurityOAuth2Exception.throwBy(!SecurityIdUtil.isValid(getIsoloateIdToken(securityRequestForServlet)), "无法直接访问子服务，请通过网关进行访问！");
        return true;
    }

    private String getIsoloateIdToken(SecurityRequest securityRequest) {
        String header = securityRequest.getHeader(SecurityOAuth2Manager.getConfig().getIsolatedKey());
        SecurityOAuth2Exception.throwBy(HussarUtils.isEmpty(header), "无法直接访问子服务，请通过网关进行访问！");
        return header;
    }

    private boolean isPass(SecurityRequest securityRequest, Object obj, SecurityOAuth2Config securityOAuth2Config) {
        if ((obj instanceof HandlerMethod) && !SecurityRouter.isMatchCurrURI(InnerHandler.getIgnoreList(securityRequest, obj))) {
            return HussarUtils.isNotEmpty(securityRequest.getHeader(securityOAuth2Config.getFeignKey())) && securityOAuth2Config.getFeignSign().equals(securityRequest.getHeader(securityOAuth2Config.getFeignKey()));
        }
        return true;
    }
}
