package com.lc.ibps.auth.client;

import com.lc.ibps.auth.client.exception.OAuth2AuthenticationException;
import com.lc.ibps.base.core.util.AppUtil;
import com.lc.ibps.base.core.util.BeanUtils;
import com.lc.ibps.base.core.util.JacksonUtil;
import com.lc.ibps.base.core.util.string.StringUtil;
import com.lc.ibps.base.web.context.ContextUtil;
import com.lc.ibps.base.web.model.CookieOption;
import com.lc.ibps.base.web.model.UrlOption;
import com.lc.ibps.base.web.util.CookieUtil;
import java.io.IOException;
import java.util.HashMap;
import javax.annotation.Resource;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import net.sf.json.JSONObject;
import org.apache.commons.codec.binary.Base64;
import org.apache.oltu.oauth2.client.OAuthClient;
import org.apache.oltu.oauth2.client.URLConnectionClient;
import org.apache.oltu.oauth2.client.request.OAuthBearerClientRequest;
import org.apache.oltu.oauth2.client.request.OAuthClientRequest;
import org.apache.oltu.oauth2.client.response.OAuthJSONAccessTokenResponse;
import org.apache.oltu.oauth2.client.response.OAuthResourceResponse;
import org.apache.oltu.oauth2.common.exception.OAuthProblemException;
import org.apache.oltu.oauth2.common.exception.OAuthSystemException;
import org.apache.oltu.oauth2.common.message.types.GrantType;
import org.apache.oltu.oauth2.common.message.types.ResponseType;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.web.filter.authc.AuthenticatingFilter;
import org.apache.shiro.web.util.WebUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/lc/ibps/auth/client/OAuth2AuthenticationFilter.class */
public class OAuth2AuthenticationFilter extends AuthenticatingFilter {
    private String failureUrl;

    @Resource
    private UrlOption urlOption;

    @Resource
    private CookieOption cookieOption;
    private Logger logger = LoggerFactory.getLogger(getClass());
    private String authcCodeParam = GrantType.AUTHORIZATION_CODE.toString();
    private String authcTokenParam = "access_token";
    private ThreadLocal<String> currentAccessToken = new ThreadLocal<>();

    public String getLoginUrl() {
        return BeanUtils.isNotEmpty(this.urlOption) ? this.urlOption.getLoginUrl() : super.getLoginUrl();
    }

    protected AuthenticationToken createToken(ServletRequest servletRequest, ServletResponse servletResponse) throws Exception {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        String parameter = httpServletRequest.getParameter(this.authcTokenParam);
        if (StringUtil.isEmpty(parameter)) {
            if (StringUtil.isNotEmpty(this.currentAccessToken.get())) {
                parameter = this.currentAccessToken.get();
            } else if (CookieUtil.isExistByName(this.cookieOption.getName(), httpServletRequest)) {
                parameter = getCookieAccessToken(httpServletRequest);
            }
        }
        ContextUtil.setCurrentAccessToken(parameter);
        return new OAuth2Token(parameter);
    }

    private String getCookieAccessToken(HttpServletRequest httpServletRequest) {
        return JSONObject.fromObject(new String(Base64.decodeBase64(CookieUtil.getValueByName(this.cookieOption.getName(), httpServletRequest)))).getString("access_token");
    }

    private String getCookieRefreshToken(HttpServletRequest httpServletRequest) {
        return JSONObject.fromObject(new String(Base64.decodeBase64(CookieUtil.getValueByName(this.cookieOption.getName(), httpServletRequest)))).getString("refresh_token");
    }

    private String extractUsername(String str) {
        try {
            return new OAuthClient(new URLConnectionClient()).resource(new OAuthBearerClientRequest(this.urlOption.getUserUrl()).setAccessToken(str).buildQueryMessage(), "GET", OAuthResourceResponse.class).getBody();
        } catch (Exception e) {
            throw new OAuth2AuthenticationException(e);
        }
    }

    private String accessToken(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, GrantType grantType, String str, String str2) throws OAuthSystemException, OAuthProblemException {
        OAuthJSONAccessTokenResponse accessToken = new OAuthClient(new URLConnectionClient()).accessToken(OAuthClientRequest.tokenLocation(this.urlOption.getAccessTokenUrl()).setClientId(this.urlOption.getClientId()).setClientSecret(this.urlOption.getClientSecret()).setGrantType(grantType).setCode(str).setRefreshToken(str2).setRedirectURI(this.urlOption.getRedirectUrl()).buildQueryMessage(), "POST");
        String accessToken2 = accessToken.getAccessToken();
        String refreshToken = accessToken.getRefreshToken();
        long longValue = accessToken.getExpiresIn().longValue();
        JSONObject jSONObject = new JSONObject();
        jSONObject.accumulate("access_token", accessToken2);
        jSONObject.accumulate("refresh_token", refreshToken);
        jSONObject.accumulate("expires_in", longValue);
        CookieUtil.addCookie(this.cookieOption.getName(), new String(Base64.encodeBase64(jSONObject.toString().getBytes())), Integer.valueOf(String.valueOf(longValue)).intValue(), httpServletRequest, httpServletResponse);
        return accessToken2;
    }

    protected boolean isAccessAllowed(ServletRequest servletRequest, ServletResponse servletResponse, Object obj) {
        return false;
    }

    protected boolean onAccessDenied(ServletRequest servletRequest, ServletResponse servletResponse) throws Exception {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        this.logger.debug("onAccessDenied------------------->" + AppUtil.getOriginBaseUrl() + httpServletRequest.getRequestURI());
        String parameter = servletRequest.getParameter("error");
        String parameter2 = servletRequest.getParameter("error_description");
        if (StringUtil.isNotEmpty(parameter)) {
            WebUtils.issueRedirect(servletRequest, servletResponse, this.failureUrl + "?error=" + parameter + "&error_description=" + parameter2);
            return false;
        }
        if (CookieUtil.isExistByName("orig_switch_local", httpServletRequest)) {
            return true;
        }
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        String parameter3 = httpServletRequest.getParameter(this.authcCodeParam);
        String parameter4 = httpServletRequest.getParameter(this.authcTokenParam);
        String str = null;
        String str2 = null;
        if (CookieUtil.isExistByName(this.cookieOption.getName(), httpServletRequest)) {
            str = getCookieAccessToken(httpServletRequest);
            str2 = getCookieRefreshToken(httpServletRequest);
        }
        this.logger.debug("currentAccessToken--------------------->" + this.currentAccessToken.get());
        this.logger.debug("code--------------------->" + parameter3);
        this.logger.debug("accessToken--------------------->" + parameter4);
        this.logger.debug("cookieAccessToken--------------------->" + str);
        this.logger.debug("cookieRefreshToken--------------------->" + str2);
        if (StringUtil.isNotBlank(parameter4)) {
            try {
                if (StringUtil.isNotBlank(extractUsername(parameter4))) {
                    return executeLogin(servletRequest, servletResponse);
                }
            } catch (OAuth2AuthenticationException e) {
            }
        }
        if (StringUtil.isBlank(this.currentAccessToken.get()) && StringUtil.isNotBlank(str)) {
            try {
                if (StringUtil.isNotBlank(extractUsername(str))) {
                    this.currentAccessToken.set(str);
                    return executeLogin(servletRequest, servletResponse);
                }
            } catch (OAuth2AuthenticationException e2) {
            }
        }
        if (StringUtil.isBlank(this.currentAccessToken.get()) && StringUtil.isNotBlank(str2)) {
            try {
                this.currentAccessToken.set(accessToken(httpServletRequest, httpServletResponse, GrantType.REFRESH_TOKEN, "", str2));
            } catch (OAuthProblemException | OAuthSystemException e3) {
                redirect(httpServletRequest, httpServletResponse);
                return false;
            }
        }
        if (StringUtil.isBlank(this.currentAccessToken.get()) && StringUtil.isNotBlank(parameter3)) {
            try {
                this.currentAccessToken.set(accessToken(httpServletRequest, httpServletResponse, GrantType.AUTHORIZATION_CODE, parameter3, ""));
            } catch (OAuthProblemException | OAuthSystemException e4) {
                redirect(httpServletRequest, httpServletResponse);
                return false;
            }
        }
        if (!StringUtil.isBlank(this.currentAccessToken.get())) {
            return executeLogin(servletRequest, servletResponse);
        }
        redirect(httpServletRequest, httpServletResponse);
        return false;
    }

    private void redirect(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        HashMap hashMap = new HashMap();
        hashMap.put("response_type", ResponseType.CODE.toString());
        hashMap.put("client_id", this.urlOption.getClientId());
        hashMap.put("redirect_uri", AppUtil.getBaseUrl() + this.urlOption.getSuccessUrl());
        this.logger.debug("login to {} for params {}", this.urlOption.getLoginUrl(), JacksonUtil.toJsonString(hashMap));
        WebUtils.issueRedirect(httpServletRequest, httpServletResponse, this.urlOption.getLoginUrl(), hashMap);
    }

    protected boolean onLoginSuccess(AuthenticationToken authenticationToken, Subject subject, ServletRequest servletRequest, ServletResponse servletResponse) throws Exception {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        this.currentAccessToken.remove();
        this.logger.debug("onLoginSuccess------------------->" + AppUtil.getOriginBaseUrl() + httpServletRequest.getRequestURI());
        return super.onLoginSuccess(authenticationToken, subject, httpServletRequest, servletResponse);
    }

    protected boolean onLoginFailure(AuthenticationToken authenticationToken, AuthenticationException authenticationException, ServletRequest servletRequest, ServletResponse servletResponse) {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        this.currentAccessToken.remove();
        this.logger.debug("onLoginFailure------------------->" + AppUtil.getOriginBaseUrl() + httpServletRequest.getRequestURI());
        try {
            redirect(httpServletRequest, (HttpServletResponse) servletResponse);
            return false;
        } catch (IOException e) {
            this.logger.error(e.getMessage(), e);
            return false;
        }
    }

    public String getFailureUrl() {
        return this.failureUrl;
    }

    public void setFailureUrl(String str) {
        this.failureUrl = str;
    }
}
