package org.chenile.security.interceptor;

import org.chenile.base.exception.ErrorNumException;
import org.chenile.core.context.ChenileExchange;
import org.chenile.core.context.ContextContainer;
import org.chenile.core.interceptors.BaseChenileInterceptor;
import org.chenile.security.errorcodes.ErrorCodes;
import org.chenile.security.model.SecurityConfig;
import org.chenile.security.service.SecurityService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken;
import org.springframework.security.oauth2.core.oidc.user.DefaultOidcUser;
import org.springframework.security.oauth2.server.resource.authentication.BearerTokenAuthentication;

/* loaded from: input_file:org/chenile/security/interceptor/SecurityInterceptor.class */
public class SecurityInterceptor extends BaseChenileInterceptor {
    private static final Logger logger = LoggerFactory.getLogger(SecurityInterceptor.class);

    @Autowired
    SecurityService securityService;

    @Autowired
    private ContextContainer contextContainer;

    protected void doPreProcessing(ChenileExchange chenileExchange) {
        if (!this.securityService.doesCurrentUserHaveGuardingAuthorities(chenileExchange)) {
            throw new ErrorNumException(HttpStatus.FORBIDDEN.value(), ErrorCodes.FORBIDDEN.getSubError(), new Object[0]);
        }
        BearerTokenAuthentication authentication = SecurityContextHolder.getContext().getAuthentication();
        String str = "1";
        String str2 = "Bearer ";
        if (authentication instanceof BearerTokenAuthentication) {
            BearerTokenAuthentication bearerTokenAuthentication = authentication;
            str = String.valueOf(bearerTokenAuthentication.getTokenAttributes().getOrDefault("email", "1"));
            str2 = str2 + bearerTokenAuthentication.getToken().getTokenValue();
        }
        if (authentication instanceof OAuth2AuthenticationToken) {
            str = String.valueOf(((OAuth2AuthenticationToken) authentication).getPrincipal().getAttributes().getOrDefault("email", "1"));
            str2 = str2 + ((DefaultOidcUser) authentication.getPrincipal()).getIdToken().getTokenValue();
        }
        chenileExchange.setHeader("x-chenile-auth-user", str);
        this.contextContainer.put("x-chenile-auth-user", str);
        chenileExchange.setHeader("x-Authorization", str2);
        this.contextContainer.put("x-Authorization", str2);
    }

    protected boolean bypassInterception(ChenileExchange chenileExchange) {
        SecurityConfig extensionByAnnotation;
        return !((String) chenileExchange.getHeader("chenile-entry-point", String.class)).equals("HTTP") || (extensionByAnnotation = getExtensionByAnnotation(SecurityConfig.class, chenileExchange)) == null || extensionByAnnotation.value() == SecurityConfig.ProtectionStatus.UNPROTECTED;
    }
}
