package com.elitescloud.cloudt.authorization.api.provider.security.configurer.filter;

import java.io.IOException;
import java.security.Principal;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.springframework.http.HttpMethod;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.oauth2.server.authorization.OAuth2Authorization;
import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService;
import org.springframework.security.oauth2.server.authorization.OAuth2TokenType;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.security.web.util.matcher.OrRequestMatcher;
import org.springframework.security.web.util.matcher.RequestMatcher;
import org.springframework.util.StringUtils;
import org.springframework.web.filter.OncePerRequestFilter;

/* loaded from: input_file:com/elitescloud/cloudt/authorization/api/provider/security/configurer/filter/OAuth2AuthorizationCodeStateAuthenticationFilter.class */
public class OAuth2AuthorizationCodeStateAuthenticationFilter extends OncePerRequestFilter {
    private static final Logger a = LogManager.getLogger(OAuth2AuthorizationCodeStateAuthenticationFilter.class);
    private static final OAuth2TokenType b = new OAuth2TokenType("state");
    private final RequestMatcher c;
    private final OAuth2AuthorizationService d;

    public OAuth2AuthorizationCodeStateAuthenticationFilter(String str, OAuth2AuthorizationService oAuth2AuthorizationService) {
        this.c = a(str);
        this.d = oAuth2AuthorizationService;
    }

    protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
        if (!this.c.matches(httpServletRequest)) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        String parameter = httpServletRequest.getParameter("state");
        String parameter2 = httpServletRequest.getParameter("client_id");
        if (!StringUtils.hasText(parameter) || !StringUtils.hasText(parameter2)) {
            a.warn("缺少必要参数，认证请求忽略：{}，{}", parameter, parameter2);
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        Authentication a2 = a(parameter2, parameter);
        if (a2 != null) {
            SecurityContext createEmptyContext = SecurityContextHolder.createEmptyContext();
            createEmptyContext.setAuthentication(a2);
            SecurityContextHolder.setContext(createEmptyContext);
        }
        try {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
        } finally {
            SecurityContextHolder.clearContext();
        }
    }

    private Authentication a(String str, String str2) {
        OAuth2Authorization findByToken = this.d.findByToken(str2, b);
        if (findByToken == null) {
            a.info("未找到OAuth2Authorization：{}，需登录认证", str2);
            return null;
        }
        if (str.equals(findByToken.getAttribute("client_id"))) {
            return (Authentication) findByToken.getAttribute(Principal.class.getName());
        }
        a.info("客户端{}, {}不一致，需登录认证", str, str);
        return null;
    }

    private RequestMatcher a(String str) {
        return new OrRequestMatcher(new RequestMatcher[]{new AntPathRequestMatcher(str, HttpMethod.GET.name()), new AntPathRequestMatcher(str, HttpMethod.POST.name())});
    }
}
