package com.jxdinfo.hussar.support.security.integration.authentication.interceptors;

import com.jxdinfo.hussar.platform.core.utils.HussarUtils;
import com.jxdinfo.hussar.support.security.core.SecurityManager;
import com.jxdinfo.hussar.support.security.core.config.SecurityTokenConfig;
import com.jxdinfo.hussar.support.security.core.context.model.SecurityRequest;
import com.jxdinfo.hussar.support.security.core.router.SecurityRouter;
import com.jxdinfo.hussar.support.security.core.stp.SecurityUtil;
import com.jxdinfo.hussar.support.security.core.strategy.SecurityStrategy;
import com.jxdinfo.hussar.support.security.integration.authentication.support.InnerHandler;
import com.jxdinfo.hussar.support.security.plugin.oauth2.SecurityOAuth2Manager;
import com.jxdinfo.hussar.support.security.plugin.oauth2.config.SecurityOAuth2Config;
import com.jxdinfo.hussar.support.security.plugin.oauth2.exception.SecurityOAuth2Exception;
import com.jxdinfo.hussar.support.security.plugin.oauth2.logic.SecurityOAuth2Consts;
import com.jxdinfo.hussar.support.security.plugin.oauth2.logic.SecurityOAuth2Util;
import com.jxdinfo.hussar.support.security.plugin.oauth2.model.AccessTokenModel;
import com.jxdinfo.hussar.support.security.plugin.oauth2.model.SecurityClientModel;
import com.jxdinfo.hussar.support.security.servlet.model.SecurityRequestForServlet;
import com.jxdinfo.hussar.support.security.servlet.model.SecurityResponseForServlet;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.HandlerInterceptor;

/* loaded from: input_file:com/jxdinfo/hussar/support/security/integration/authentication/interceptors/SecurityOAuth2Interceptor.class */
public class SecurityOAuth2Interceptor implements HandlerInterceptor {
    public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj) {
        SecurityRequestForServlet securityRequestForServlet = new SecurityRequestForServlet(httpServletRequest);
        List<String> ignoreList = InnerHandler.getIgnoreList(securityRequestForServlet, obj);
        if (SecurityRouter.isMatchCurrURI(ignoreList)) {
            return true;
        }
        String oAuthAcessToken = getOAuthAcessToken(securityRequestForServlet);
        SecurityOAuth2Exception.throwBy(HussarUtils.isEmpty(oAuthAcessToken), "请求失败,未传递token=[" + oAuthAcessToken + "]");
        AccessTokenModel accessToken = SecurityOAuth2Util.getAccessToken(oAuthAcessToken);
        SecurityOAuth2Exception.throwBy(HussarUtils.isEmpty(accessToken), "请求失败，token=[" + oAuthAcessToken + "]无效,");
        SecurityOAuth2Exception.throwBy(accessToken.getExpiresIn() <= 0, "请求失败，token=[" + oAuthAcessToken + "]过期");
        String str = accessToken.loginTicket;
        SecurityOAuth2Exception.throwBy(HussarUtils.isEmpty(str), "请求失败，LoginToken必须设置为永不过期，然后禁用cookie");
        AccessTokenModel renewalAndRefreshToken = renewalAndRefreshToken(str, oAuthAcessToken, accessToken.refreshToken, accessToken.clientId);
        returnAccessTokenModelToResponse(httpServletResponse, renewalAndRefreshToken);
        if (HussarUtils.isNotEmpty(renewalAndRefreshToken)) {
            oAuthAcessToken = renewalAndRefreshToken.accessToken;
            str = renewalAndRefreshToken.loginTicket;
        }
        String str2 = oAuthAcessToken;
        SecurityRouter.match(new String[]{"/**"}).notMatch(ignoreList).check(() -> {
            SecurityOAuth2Util.checkAccessToken(str2);
        });
        SecurityUtil.setTokenValue(str, -1);
        checkLoginToken(obj, ignoreList);
        return true;
    }

    private AccessTokenModel renewalAndRefreshToken(String str, String str2, String str3, String str4) {
        SecurityOAuth2Config config = SecurityOAuth2Manager.getConfig();
        if (config.getRefreshTokenThreshold() <= 0) {
            return null;
        }
        SecurityClientModel clientModelByClientId = SecurityOAuth2Util.getClientModelByClientId(str4);
        if (HussarUtils.isEmpty(clientModelByClientId)) {
            return null;
        }
        AccessTokenModel accessTokenModel = null;
        if (SecurityUtil.getTokenTimeout(str) > config.getRefreshTokenThreshold()) {
            SecurityUtil.updateAllLoginTokenTimeout(str, clientModelByClientId.getAccessTokenValidTime());
            SecurityOAuth2Util.updateAllAccessTokenTimeout(str2, clientModelByClientId.getAccessTokenValidTime(), clientModelByClientId.getRefreshTokenValidTime());
        } else {
            accessTokenModel = SecurityOAuth2Util.refreshAccessToken(str3);
        }
        return accessTokenModel;
    }

    private void returnAccessTokenModelToResponse(HttpServletResponse httpServletResponse, AccessTokenModel accessTokenModel) {
        if (HussarUtils.isEmpty(accessTokenModel)) {
            return;
        }
        SecurityResponseForServlet securityResponseForServlet = new SecurityResponseForServlet(httpServletResponse);
        securityResponseForServlet.setHeader(SecurityOAuth2Consts.Param.client_id, accessTokenModel.clientId);
        securityResponseForServlet.setHeader(SecurityOAuth2Consts.Param.access_token, accessTokenModel.accessToken);
        securityResponseForServlet.setHeader(SecurityOAuth2Consts.Param.refresh_token, accessTokenModel.refreshToken);
        securityResponseForServlet.setHeader(SecurityOAuth2Consts.Param.expires_in, accessTokenModel.getExpiresIn() + "");
        securityResponseForServlet.setHeader(SecurityOAuth2Consts.Param.refresh_expires_in, accessTokenModel.getRefreshExpiresIn() + "");
        securityResponseForServlet.setHeader(SecurityOAuth2Consts.Param.openid, accessTokenModel.openid);
        securityResponseForServlet.setHeader(SecurityOAuth2Consts.Param.scope, accessTokenModel.scope);
        securityResponseForServlet.setHeader(SecurityOAuth2Consts.Param.login_ticket, accessTokenModel.loginTicket);
    }

    private boolean checkLoginToken(Object obj, List<String> list) {
        if (obj instanceof HandlerMethod) {
            SecurityStrategy.me.checkMethodAuthenticatonAnnotation.accept(((HandlerMethod) obj).getMethod());
        }
        SecurityRouter.match(new String[]{"/**"}).notMatch(list).check(() -> {
            SecurityUtil.checkLogin();
        });
        return true;
    }

    private String getOAuthAcessToken(SecurityRequest securityRequest) {
        SecurityOAuth2Config config = SecurityOAuth2Manager.getConfig();
        SecurityTokenConfig config2 = SecurityManager.getConfig();
        String str = null;
        String headerTokenKey = config.getHeaderTokenKey();
        if (0 == 0 && config2.getIsReadBody().booleanValue()) {
            str = securityRequest.getParam(headerTokenKey);
        }
        if (str == null && config2.getIsReadHead().booleanValue()) {
            str = securityRequest.getHeader(headerTokenKey);
        }
        if (str == null && config2.getIsReadCookie().booleanValue()) {
            str = securityRequest.getCookieValue(headerTokenKey);
        }
        return str;
    }
}
