package org.wf.jwtp;

import io.jsonwebtoken.ExpiredJwtException;
import java.lang.reflect.Method;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
import org.wf.jwtp.annotation.RequiresPermissions;
import org.wf.jwtp.annotation.RequiresRoles;
import org.wf.jwtp.exception.ErrorTokenException;
import org.wf.jwtp.exception.ExpiredTokenException;
import org.wf.jwtp.exception.UnauthorizedException;
import org.wf.jwtp.provider.Config;
import org.wf.jwtp.provider.Token;
import org.wf.jwtp.provider.TokenStore;
import org.wf.jwtp.util.SubjectUtil;
import org.wf.jwtp.util.TokenUtil;

/* loaded from: input_file:org/wf/jwtp/TokenInterceptor.class */
public class TokenInterceptor extends HandlerInterceptorAdapter {
    protected final Log logger;
    private TokenStore tokenStore;
    private Integer maxToken;

    public TokenInterceptor() {
        this(null);
    }

    public TokenInterceptor(TokenStore tokenStore) {
        this(tokenStore, -1);
    }

    public TokenInterceptor(TokenStore tokenStore, Integer num) {
        this.logger = LogFactory.getLog(getClass());
        setTokenStore(tokenStore);
        setMaxToken(num);
    }

    public TokenStore getTokenStore() {
        return this.tokenStore;
    }

    public void setTokenStore(TokenStore tokenStore) {
        this.tokenStore = tokenStore;
    }

    public Integer getMaxToken() {
        return this.maxToken;
    }

    public void setMaxToken(Integer num) {
        this.maxToken = num;
        Config.getInstance().setMaxToken(num);
    }

    public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj) throws Exception {
        Method method;
        if (httpServletRequest.getMethod().equals("OPTIONS")) {
            httpServletResponse.setStatus(200);
            httpServletResponse.setHeader("Access-Control-Allow-Origin", "*");
            httpServletResponse.setHeader("Access-Control-Allow-Methods", "POST, GET, PUT, OPTIONS, DELETE");
            httpServletResponse.setHeader("Access-Control-Max-Age", "3600");
            httpServletResponse.setHeader("Access-Control-Allow-Headers", "Content-Type, x-requested-with, X-Custom-Header, Authorization");
            return false;
        }
        String parameter = httpServletRequest.getParameter("access_token");
        if (parameter == null || parameter.trim().isEmpty()) {
            parameter = httpServletRequest.getHeader("Authorization");
            if (parameter != null && parameter.length() >= 7) {
                parameter = parameter.substring(7);
            }
        }
        if (parameter == null || parameter.trim().isEmpty()) {
            throw new ErrorTokenException("token不能为空");
        }
        try {
            String tokenKey = this.tokenStore.getTokenKey();
            this.logger.debug("-------------------------------------------");
            this.logger.debug("开始解析token：" + parameter);
            this.logger.debug("使用tokenKey：" + tokenKey);
            Token findToken = this.tokenStore.findToken(TokenUtil.parseToken(parameter, tokenKey), parameter);
            if (findToken == null) {
                this.logger.debug("token不在系统中");
                throw new ErrorTokenException();
            }
            if ((obj instanceof HandlerMethod) && (method = ((HandlerMethod) obj).getMethod()) != null && (!checkPermission(method, findToken) || !checkRole(method, findToken))) {
                throw new UnauthorizedException();
            }
            httpServletRequest.setAttribute(SubjectUtil.REQUEST_TOKEN_NAME, findToken);
            this.logger.debug("-------------------------------------------");
            return super.preHandle(httpServletRequest, httpServletResponse, obj);
        } catch (Exception e) {
            this.logger.debug(e.getMessage());
            throw new ErrorTokenException();
        } catch (ExpiredJwtException e2) {
            this.logger.debug("token已过期");
            throw new ExpiredTokenException();
        }
    }

    private boolean checkPermission(Method method, Token token) {
        RequiresPermissions requiresPermissions = (RequiresPermissions) method.getAnnotation(RequiresPermissions.class);
        if (requiresPermissions == null) {
            requiresPermissions = (RequiresPermissions) method.getDeclaringClass().getAnnotation(RequiresPermissions.class);
            if (requiresPermissions == null) {
                return true;
            }
        }
        return SubjectUtil.hasPermission(token, requiresPermissions.value(), requiresPermissions.logical());
    }

    private boolean checkRole(Method method, Token token) {
        RequiresRoles requiresRoles = (RequiresRoles) method.getAnnotation(RequiresRoles.class);
        if (requiresRoles == null) {
            requiresRoles = (RequiresRoles) method.getDeclaringClass().getAnnotation(RequiresRoles.class);
            if (requiresRoles == null) {
                return true;
            }
        }
        return SubjectUtil.hasRole(token, requiresRoles.value(), requiresRoles.logical());
    }
}
