package com.geoway.vision.shiro.filter;

import cn.hutool.core.util.ObjectUtil;
import cn.hutool.json.JSONUtil;
import com.geoway.base.response.BaseResponse;
import com.geoway.vision.shiro.constant.ShiroConstant;
import com.geoway.vision.shiro.token.JwtToken;
import com.geoway.vision.shiro.util.JwtUtils;
import com.google.common.cache.CacheLoader;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;
import java.time.LocalDateTime;
import java.time.ZoneId;
import java.util.Date;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.web.filter.authc.AuthenticatingFilter;
import org.apache.shiro.web.util.WebUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.ResponseEntity;

/* loaded from: input_file:com/geoway/vision/shiro/filter/JwtAuthFilter.class */
public class JwtAuthFilter extends AuthenticatingFilter {
    private static final Logger log = LoggerFactory.getLogger(JwtAuthFilter.class);
    private final int tokenRefreshInterval;

    public JwtAuthFilter(int i) {
        this.tokenRefreshInterval = i;
    }

    protected boolean isAccessAllowed(ServletRequest servletRequest, ServletResponse servletResponse, Object obj) {
        if (isLoginRequest(servletRequest, servletResponse)) {
            return true;
        }
        boolean z = false;
        try {
            z = executeLogin(servletRequest, servletResponse);
        } catch (IllegalStateException e) {
            log.error("非法状态异常{}", e.toString());
        } catch (Exception e2) {
            log.error("系统异常{}", e2.toString());
        }
        return z || super.isPermissive(obj);
    }

    protected boolean onAccessDenied(ServletRequest servletRequest, ServletResponse servletResponse) throws Exception {
        HttpServletResponse http = WebUtils.toHttp(servletResponse);
        http.setCharacterEncoding(StandardCharsets.UTF_8.name());
        http.setContentType("application/json");
        if (ObjectUtil.isEmpty(http.getHeader(ShiroConstant.EXCEPTION))) {
            http.getWriter().print(JSONUtil.toJsonStr(BaseResponse.error("token错误")));
        }
        fillCorsHeader(WebUtils.toHttp(servletRequest), http);
        return false;
    }

    protected AuthenticationToken createToken(ServletRequest servletRequest, ServletResponse servletResponse) {
        String token = getToken(servletRequest);
        if (ObjectUtil.isEmpty(token) || JwtUtils.isTokenExpired(token)) {
            return null;
        }
        return new JwtToken(token);
    }

    protected boolean onLoginSuccess(AuthenticationToken authenticationToken, Subject subject, ServletRequest servletRequest, ServletResponse servletResponse) {
        HttpServletResponse http = WebUtils.toHttp(servletResponse);
        String str = null;
        if (authenticationToken instanceof JwtToken) {
            JwtToken jwtToken = (JwtToken) authenticationToken;
            if (shouldTokenRefresh(JwtUtils.getIssuedAt(jwtToken.getToken()))) {
                str = JwtUtils.sign(JwtUtils.getUserId(jwtToken.getToken()), JwtUtils.getOwner(jwtToken.getToken()));
            }
        }
        if (ObjectUtil.isEmpty(str)) {
            return true;
        }
        http.setHeader("Authorization", str);
        return true;
    }

    private String getToken(ServletRequest servletRequest) {
        return ((HttpServletRequest) servletRequest).getHeader("Authorization");
    }

    protected boolean onLoginFailure(AuthenticationToken authenticationToken, AuthenticationException authenticationException, ServletRequest servletRequest, ServletResponse servletResponse) {
        HttpServletResponse http = WebUtils.toHttp(servletResponse);
        http.setCharacterEncoding(StandardCharsets.UTF_8.name());
        http.setContentType("application/json");
        if (!(authenticationException.getCause() instanceof CacheLoader.InvalidCacheLoadException)) {
            return false;
        }
        ResponseEntity error = BaseResponse.error("长时间未进行操作或系统重启，请重新登录");
        http.setHeader(ShiroConstant.EXCEPTION, "true");
        try {
            http.getWriter().print(JSONUtil.toJsonStr(error));
            return false;
        } catch (IOException e) {
            log.error("用户登陆异常，异常原因是{}", authenticationException.toString());
            return false;
        }
    }

    protected boolean shouldTokenRefresh(Date date) {
        return LocalDateTime.now().minusSeconds(this.tokenRefreshInterval).isAfter(LocalDateTime.ofInstant(date.toInstant(), ZoneId.systemDefault()));
    }

    protected void fillCorsHeader(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws UnsupportedEncodingException {
        httpServletResponse.setHeader("Access-Control-Allow-Methods", "GET,POST,PUT,PATCH,DELETE,OPTIONS,HEAD");
        if (ObjectUtil.isNotNull(httpServletRequest.getHeader("Origin"))) {
            httpServletResponse.setHeader("Access-control-Allow-Origin", URLEncoder.encode(httpServletRequest.getHeader("Origin"), "UTF-8"));
        }
        if (ObjectUtil.isNotNull(httpServletRequest.getHeader("Access-Control-Allow-Headers"))) {
            httpServletResponse.setHeader("Access-Control-Allow-Headers", URLEncoder.encode(httpServletRequest.getHeader("Access-Control-Request-Headers"), "UTF-8"));
        }
        httpServletResponse.setHeader("Access-Control-Allow-Credentials", "true");
    }
}
