package com.elitescloud.boot.auth.provider.config.servlet.oauth2.configurer.filter;

import com.elitescloud.boot.auth.provider.common.LoginParameterNames;
import com.elitescloud.boot.auth.resolver.UniqueRequestResolver;
import java.io.IOException;
import java.security.Principal;
import java.time.Instant;
import javax.annotation.Nonnull;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.oauth2.server.authorization.OAuth2Authorization;
import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService;
import org.springframework.security.oauth2.server.authorization.OAuth2TokenType;
import org.springframework.security.web.util.matcher.RequestMatcher;
import org.springframework.util.StringUtils;

/* loaded from: input_file:com/elitescloud/boot/auth/provider/config/servlet/oauth2/configurer/filter/OAuth2AuthorizationCodeStateAuthenticationFilter.class */
public class OAuth2AuthorizationCodeStateAuthenticationFilter extends AbstractOAuth2Filter {
    private static final Logger log = LogManager.getLogger(OAuth2AuthorizationCodeStateAuthenticationFilter.class);
    private static final OAuth2TokenType TOKEN_TYPE = new OAuth2TokenType("state");
    private final RequestMatcher oauth2AuthorizationEndpointRequestMatcher;
    private final OAuth2AuthorizationService authorizationService;
    private UniqueRequestResolver uniqueRequestResolver;

    public OAuth2AuthorizationCodeStateAuthenticationFilter(String str, OAuth2AuthorizationService oAuth2AuthorizationService) {
        this.oauth2AuthorizationEndpointRequestMatcher = super.buildOAuth2AuthorizationEndpointRequestMatcher(str);
        this.authorizationService = oAuth2AuthorizationService;
    }

    protected void doFilterInternal(@Nonnull HttpServletRequest httpServletRequest, @Nonnull HttpServletResponse httpServletResponse, @Nonnull FilterChain filterChain) throws ServletException, IOException {
        if (!this.oauth2AuthorizationEndpointRequestMatcher.matches(httpServletRequest)) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if (super.isPrincipalAuthenticated(authentication)) {
            log.info("认证过的用户：{}", authentication.getName());
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        String analyze = this.uniqueRequestResolver.analyze(httpServletRequest);
        String parameter = httpServletRequest.getParameter(LoginParameterNames.CLIENT_ID);
        if (!StringUtils.hasText(parameter) || !StringUtils.hasText(analyze)) {
            log.info("缺少必要参数，认证请求忽略：{}，{}", analyze, parameter);
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        Authentication authentication2 = authentication(parameter, analyze);
        if (authentication2 != null) {
            SecurityContext createEmptyContext = SecurityContextHolder.createEmptyContext();
            createEmptyContext.setAuthentication(authentication2);
            SecurityContextHolder.setContext(createEmptyContext);
        }
        try {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
        } finally {
            SecurityContextHolder.clearContext();
        }
    }

    public void setUniqueRequestResolver(UniqueRequestResolver uniqueRequestResolver) {
        this.uniqueRequestResolver = uniqueRequestResolver;
    }

    private Authentication authentication(String str, String str2) {
        OAuth2Authorization findByToken = this.authorizationService.findByToken(str2, TOKEN_TYPE);
        if (findByToken == null) {
            log.info("未找到OAuth2Authorization：{}，需登录认证", str2);
            return null;
        }
        if (!str.equals(findByToken.getAttribute(LoginParameterNames.CLIENT_ID))) {
            log.info("客户端{}, {}不一致，需登录认证", str, str);
            return null;
        }
        Long l = (Long) findByToken.getAttribute("expires_in");
        if (l == null || l.longValue() >= Instant.now().getEpochSecond()) {
            log.info("OAuth2已认证：{}", str2);
            return (Authentication) findByToken.getAttribute(Principal.class.getName());
        }
        log.info("认证记录{}已过期:{}", str2, l);
        return null;
    }
}
