package com.mbap.auth.filter;

import com.mbap.core.KeyPair.KeyPairFactory;
import com.mbap.core.config.item.domain.ConfigItem;
import com.mbap.core.logger.LoggerBox;
import com.mbap.mybatis.ty.service.BaseDao;
import com.mbap.util.date.DateUtil;
import com.mbap.util.lang.StringUtil;
import com.mbap.util.security.MD5Util;
import com.mbap.util.view.R;
import com.mbap.util.view.RCode;
import java.io.IOException;
import java.util.Base64;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.codehaus.jackson.map.ObjectMapper;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.data.redis.core.RedisTemplate;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.oauth2.provider.ClientDetails;
import org.springframework.security.oauth2.provider.ClientDetailsService;
import org.springframework.stereotype.Component;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;
import org.springframework.web.filter.OncePerRequestFilter;

@Component
/* loaded from: input_file:com/mbap/auth/filter/BootBasicAuthenticationFilter.class */
public class BootBasicAuthenticationFilter extends OncePerRequestFilter {

    @Autowired
    private ClientDetailsService clientDetailsService;

    @Autowired
    private BaseDao baseService;

    @Autowired
    private ConfigItem configItem;

    @Autowired
    private KeyPairFactory keyPairFactory;

    @Autowired
    private RedisTemplate<String, Object> redisTemplate;

    protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
        httpServletResponse.setContentType("application/json,charset=utf-8");
        httpServletResponse.setCharacterEncoding("UTF-8");
        new ObjectMapper();
        if (!httpServletRequest.getRequestURI().equals("/oauth/token") || !httpServletRequest.getParameter("grant_type").equals("password")) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        String[] isHasClientDetails = isHasClientDetails(httpServletRequest);
        if (isHasClientDetails == null) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
        } else {
            handle(httpServletRequest, httpServletResponse, isHasClientDetails, filterChain);
        }
    }

    private void handle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String[] strArr, FilterChain filterChain) throws IOException, ServletException {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        ObjectMapper objectMapper = new ObjectMapper();
        if (authentication != null && authentication.isAuthenticated()) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        ClientDetails loadClientByClientId = this.clientDetailsService.loadClientByClientId(strArr[0]);
        String str = strArr[1];
        if (loadClientByClientId.getClientSecret() == null) {
            objectMapper.writeValue(httpServletResponse.getOutputStream(), R.ERROR(RCode.AUTH_EXCEPTION));
            return;
        }
        List findBySql2Map = this.baseService.findBySql2Map(true, "select * from sys_oauth_client where clientname=? ", new Object[]{strArr[0]});
        if (StringUtil.isNotEmpty(this.configItem.getValidCodeSwitch()) && Boolean.parseBoolean(this.configItem.getValidCodeSwitch()) && !validRequest(strArr[0])) {
            LoggerBox.EXCEPTION_LOGGER.record("验证码校验失败");
            objectMapper.writeValue(httpServletResponse.getOutputStream(), R.ERROR(RCode.AUTH_EXCEPTION));
            return;
        }
        int parseInt = Integer.parseInt(((Map) findBySql2Map.get(0)).get("wrongnum") + "");
        if (!loadClientByClientId.getClientSecret().equals(MD5Util.getCrypt(str))) {
            if (findBySql2Map != null && findBySql2Map.size() > 0 && parseInt != 0) {
                this.redisTemplate.opsForValue().increment("CLIENTERRORNUM:" + ((Map) findBySql2Map.get(0)).get("clientname"), 1L);
                if (((Integer) this.redisTemplate.opsForValue().get("CLIENTERRORNUM:" + ((Map) findBySql2Map.get(0)).get("clientname"))).intValue() > parseInt) {
                    this.baseService.execNoResultSql("update sys_oauth_client set deleted=2 where clientname = ?", new Object[]{strArr[0]});
                }
            }
            objectMapper.writeValue(httpServletResponse.getOutputStream(), R.ERROR(RCode.AUTH_EXCEPTION));
            return;
        }
        if (parseInt != 0 && this.redisTemplate.hasKey("CLIENTERRORNUM:" + ((Map) findBySql2Map.get(0)).get("clientname")).booleanValue() && ((Integer) this.redisTemplate.opsForValue().get("CLIENTERRORNUM:" + ((Map) findBySql2Map.get(0)).get("clientname"))).intValue() > parseInt) {
            objectMapper.writeValue(httpServletResponse.getOutputStream(), R.ERROR(RCode.AUTH_EXCEPTION));
            return;
        }
        SecurityContextHolder.getContext().setAuthentication(new UsernamePasswordAuthenticationToken(loadClientByClientId.getClientId(), loadClientByClientId.getClientSecret(), loadClientByClientId.getAuthorities()));
        HeaderMapRequestWrapper headerMapRequestWrapper = new HeaderMapRequestWrapper(httpServletRequest);
        headerMapRequestWrapper.addHeader("Authorization", "Basic " + new String(Base64.getEncoder().encode((strArr[0] + ":" + strArr[1]).getBytes())));
        filterChain.doFilter(headerMapRequestWrapper, httpServletResponse);
    }

    private String[] isHasClientDetails(HttpServletRequest httpServletRequest) {
        String[] strArr = null;
        String header = httpServletRequest.getHeader("Authorization");
        if (header != null && header.substring(0, 5).toLowerCase().contains("basic")) {
            String[] split = this.keyPairFactory.keyPairDecode(header.substring(6)).split(":");
            if (split.length != 2) {
                return null;
            }
            strArr = split;
        }
        String parameter = httpServletRequest.getParameter("client_id");
        String parameter2 = httpServletRequest.getParameter("client_secret");
        if (header == null && parameter != null) {
            strArr = new String[]{parameter, parameter2};
        }
        return strArr;
    }

    public ClientDetailsService getClientDetailsService() {
        return this.clientDetailsService;
    }

    public void setClientDetailsService(ClientDetailsService clientDetailsService) {
        this.clientDetailsService = clientDetailsService;
    }

    private boolean validRequest(String str) {
        LinkedHashMap linkedHashMap;
        ServletRequestAttributes requestAttributes = RequestContextHolder.getRequestAttributes();
        if (requestAttributes == null) {
            return false;
        }
        HttpServletRequest request = requestAttributes.getRequest();
        String parameter = request.getParameter("csrf");
        String str2 = "csrfrecord:" + DateUtil.format("yyyyMMdd") + ":" + str + ":" + parameter;
        String parameter2 = request.getParameter("validcode");
        if (!StringUtil.isNotEmpty(parameter) || !StringUtil.isNotEmpty(parameter2) || (linkedHashMap = (LinkedHashMap) this.redisTemplate.opsForHash().get(str2, parameter)) == null || !str.equals(linkedHashMap.getOrDefault("client_id", "")) || !parameter2.equals(linkedHashMap.getOrDefault("validCode", "")) || System.currentTimeMillis() - Long.parseLong(linkedHashMap.getOrDefault("time", "0").toString()) > 1800000) {
            return false;
        }
        this.redisTemplate.opsForHash().delete(str2, new Object[]{parameter});
        return true;
    }
}
