package io.choerodon.resource.security;

import io.choerodon.resource.permission.PublicPermission;
import io.choerodon.resource.permission.PublicPermissionOperationPlugin;
import io.choerodon.resource.security.exception.AuthenticationRequestFailedException;
import io.choerodon.resource.security.exception.JwtTokenNotFoundException;
import java.util.Arrays;
import java.util.stream.Stream;
import javax.servlet.http.HttpServletRequest;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.authentication.AbstractAuthenticationToken;
import org.springframework.security.authentication.AnonymousAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.oauth2.common.exceptions.InvalidTokenException;
import org.springframework.security.oauth2.common.exceptions.OAuth2Exception;
import org.springframework.security.oauth2.provider.OAuth2Authentication;
import org.springframework.security.oauth2.provider.authentication.OAuth2AuthenticationDetails;
import org.springframework.security.oauth2.provider.token.DefaultTokenServices;
import org.springframework.util.AntPathMatcher;
import org.springframework.util.ObjectUtils;

/* loaded from: input_file:io/choerodon/resource/security/JwtTokenParser.class */
public class JwtTokenParser {
    private final String[] jwtIgnore;
    private PublicPermissionOperationPlugin publicPermissionOperationPlugin;
    private final DefaultTokenServices defaultTokenServices;
    private final JwtTokenExtractor jwtTokenExtractor;
    private static final Logger LOGGER = LoggerFactory.getLogger(JwtTokenParser.class);
    private static final AntPathMatcher MATCHER = new AntPathMatcher();
    private static final String[] DEFAULT_JWT_IGNORE = {"/choerodon/**", "/", "/dis/**", "/env-config.js", "/actuator/**"};

    public JwtTokenParser(String[] strArr, PublicPermissionOperationPlugin publicPermissionOperationPlugin, DefaultTokenServices defaultTokenServices, JwtTokenExtractor jwtTokenExtractor) {
        this.publicPermissionOperationPlugin = publicPermissionOperationPlugin;
        this.defaultTokenServices = defaultTokenServices;
        this.jwtTokenExtractor = jwtTokenExtractor;
        if (ObjectUtils.isEmpty(strArr)) {
            this.jwtIgnore = DEFAULT_JWT_IGNORE;
        } else {
            this.jwtIgnore = (String[]) Stream.concat(Arrays.stream(strArr), Arrays.stream(DEFAULT_JWT_IGNORE)).toArray(i -> {
                return new String[i];
            });
        }
    }

    public boolean extractor(HttpServletRequest httpServletRequest) {
        for (PublicPermission publicPermission : this.publicPermissionOperationPlugin.getPublicPaths()) {
            if (MATCHER.match(publicPermission.path, httpServletRequest.getRequestURI()) && publicPermission.method.matches(httpServletRequest.getMethod())) {
                return true;
            }
        }
        for (String str : this.jwtIgnore) {
            if (MATCHER.match(str, httpServletRequest.getRequestURI())) {
                return true;
            }
        }
        try {
            AbstractAuthenticationToken extract = this.jwtTokenExtractor.extract(httpServletRequest);
            if (extract == null) {
                if (isAuthenticated()) {
                    LOGGER.debug("Clearing security context.");
                    SecurityContextHolder.clearContext();
                }
                throw new JwtTokenNotFoundException("No Jwt token in request: " + httpServletRequest.getRequestURI());
            }
            httpServletRequest.setAttribute(OAuth2AuthenticationDetails.ACCESS_TOKEN_VALUE, extract.getPrincipal());
            if (extract instanceof AbstractAuthenticationToken) {
                extract.setDetails(new OAuth2AuthenticationDetails(httpServletRequest));
            }
            Authentication authenticate = authenticate(extract);
            LOGGER.debug("Authentication success: {}", authenticate);
            SecurityContextHolder.getContext().setAuthentication(authenticate);
            return true;
        } catch (OAuth2Exception e) {
            SecurityContextHolder.clearContext();
            throw new AuthenticationRequestFailedException("Authentication request failed");
        }
    }

    protected Authentication authenticate(Authentication authentication) {
        if (authentication == null) {
            throw new InvalidTokenException("Invalid token (token not found)");
        }
        String str = (String) authentication.getPrincipal();
        OAuth2Authentication loadAuthentication = this.defaultTokenServices.loadAuthentication(str);
        if (loadAuthentication == null) {
            throw new InvalidTokenException("Invalid token: " + str);
        }
        if (authentication.getDetails() instanceof OAuth2AuthenticationDetails) {
            OAuth2AuthenticationDetails oAuth2AuthenticationDetails = (OAuth2AuthenticationDetails) authentication.getDetails();
            if (!oAuth2AuthenticationDetails.equals(loadAuthentication.getDetails())) {
                oAuth2AuthenticationDetails.setDecodedDetails(loadAuthentication.getDetails());
            }
        }
        loadAuthentication.setDetails(authentication.getDetails());
        loadAuthentication.setAuthenticated(true);
        return loadAuthentication;
    }

    private boolean isAuthenticated() {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        return (authentication == null || (authentication instanceof AnonymousAuthenticationToken)) ? false : true;
    }
}
