package cloud.agileframework.security.filter.token;

import cloud.agileframework.security.properties.SecurityProperties;
import cloud.agileframework.security.properties.TokenType;
import cloud.agileframework.security.util.TokenUtil;
import cloud.agileframework.spring.util.ParamUtil;
import cloud.agileframework.spring.util.SecurityUtil;
import cloud.agileframework.spring.util.ServletUtil;
import java.io.IOException;
import java.util.List;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.access.AccessDeniedHandlerImpl;
import org.springframework.security.web.util.matcher.RequestMatcher;
import org.springframework.web.filter.OncePerRequestFilter;

/* loaded from: input_file:cloud/agileframework/security/filter/token/TokenFilter.class */
public class TokenFilter extends OncePerRequestFilter {
    private final AccessDeniedHandlerImpl failureHandler = new AccessDeniedHandlerImpl();
    private List<RequestMatcher> matches;

    @Autowired
    private SecurityProperties securityProperties;

    public void afterPropertiesSet() throws ServletException {
        super.afterPropertiesSet();
        this.matches = ServletUtil.coverRequestMatcher((String[]) this.securityProperties.getExcludeUrl().toArray(new String[0]));
        this.failureHandler.setErrorPage(this.securityProperties.getFailForwardUrl());
    }

    protected void doFilterNestedErrorDispatch(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
        super.doFilterNestedErrorDispatch(httpServletRequest, httpServletResponse, filterChain);
    }

    protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws IOException, ServletException {
        try {
            if ((SecurityContextHolder.getContext().getAuthentication() instanceof UsernamePasswordAuthenticationToken) || ServletUtil.matcherRequest(httpServletRequest, this.matches)) {
                filterChain.doFilter(httpServletRequest, httpServletResponse);
                return;
            }
            CurrentLoginInfo currentLoginInfo = LoginCacheInfo.getCurrentLoginInfo(ParamUtil.getInfo(httpServletRequest, this.securityProperties.getTokenHeader()));
            LoginCacheInfo.validateCacheDate(currentLoginInfo.getLoginCacheInfo());
            Authentication authentication = currentLoginInfo.getLoginCacheInfo().getAuthentication();
            SecurityUtil.setCurrentUser(httpServletRequest, authentication);
            SecurityContextHolder.getContext().setAuthentication(authentication);
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            if (this.securityProperties.getTokenType() == TokenType.DIFFICULT) {
                TokenUtil.notice(httpServletRequest, httpServletResponse, LoginCacheInfo.refreshToken(currentLoginInfo));
            }
        } catch (Exception e) {
            this.failureHandler.handle(httpServletRequest, httpServletResponse, new AccessDeniedException("令牌验证失败", e));
        }
    }
}
