package com.zrhsh.yst.enhancement.security.aspect;

import cn.hutool.jwt.JWTUtil;
import javax.servlet.FilterChain;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.lang3.StringUtils;
import org.aspectj.lang.ProceedingJoinPoint;
import org.aspectj.lang.annotation.Around;
import org.aspectj.lang.annotation.Aspect;
import org.aspectj.lang.annotation.Pointcut;
import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
import org.springframework.stereotype.Component;

@ConditionalOnClass({HttpServletRequest.class})
@Aspect
@Component
/* loaded from: input_file:com/zrhsh/yst/enhancement/security/aspect/OCAuthHeaderAspect.class */
public class OCAuthHeaderAspect {
    @Pointcut("execution(* org.springframework.security.oauth2.provider.authentication.OAuth2AuthenticationProcessingFilter.doFilter(..))")
    public void securityOauth2DoFilter() {
    }

    @Around("securityOauth2DoFilter()")
    public void skipNotCustom(ProceedingJoinPoint proceedingJoinPoint) throws Throwable {
        Object[] args = proceedingJoinPoint.getArgs();
        if (args == null || args.length != 3 || !(args[0] instanceof HttpServletRequest) || !(args[1] instanceof ServletResponse) || !(args[2] instanceof FilterChain)) {
            proceedingJoinPoint.proceed();
        } else if (hasOceanetToken((HttpServletRequest) args[0])) {
            ((FilterChain) args[2]).doFilter((ServletRequest) args[0], (ServletResponse) args[1]);
        } else {
            proceedingJoinPoint.proceed();
        }
    }

    private boolean hasOceanetToken(HttpServletRequest httpServletRequest) {
        String header = httpServletRequest.getHeader("Authorization");
        if (header == null || !StringUtils.startsWithIgnoreCase(header, "Bearer ")) {
            return false;
        }
        try {
            return StringUtils.equals("oceanet-auth", JWTUtil.parseToken(header.substring(7)).getPayload("issuer").toString());
        } catch (Exception e) {
            return false;
        }
    }
}
