package io.github.icodegarden.commons.springboot.web.filter;

import io.github.icodegarden.commons.springboot.security.SecurityUtils;
import io.github.icodegarden.commons.springboot.security.SimpleAuthentication;
import io.github.icodegarden.commons.springboot.security.SimpleUser;
import io.github.icodegarden.commons.springboot.web.util.WebUtils;
import java.io.IOException;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.stream.Collectors;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.http.HttpMethod;
import org.springframework.lang.Nullable;
import org.springframework.util.AntPathMatcher;
import org.springframework.util.Assert;
import org.springframework.util.StringUtils;
import org.springframework.web.filter.GenericFilterBean;
import org.springframework.web.util.UrlPathHelper;

/* loaded from: input_file:io/github/icodegarden/commons/springboot/web/filter/GatewayPreAuthenticatedAuthenticationFilter.class */
public class GatewayPreAuthenticatedAuthenticationFilter extends GenericFilterBean {
    public static final String HEADER_APPID = "X-Auth-AppId";
    public static final String HEADER_APPNAME = "X-Auth-Appname";
    public static final String HEADER_USERID = "X-Auth-UserId";
    public static final String HEADER_USERNAME = "X-Auth-Username";
    private OrRequestMatcher shouldAuthOpenapiMatcher;
    private OrRequestMatcher shouldAuthInternalApiMatcher;

    /* loaded from: input_file:io/github/icodegarden/commons/springboot/web/filter/GatewayPreAuthenticatedAuthenticationFilter$AntPath.class */
    public static class AntPath {
        private final String pattern;
        private final String httpMethod;

        public AntPath(String str, @Nullable String str2) {
            Assert.hasText(str, "pattern must not empty");
            this.pattern = str;
            this.httpMethod = str2 != null ? str2.toUpperCase() : null;
        }

        public String getPattern() {
            return this.pattern;
        }

        public String getHttpMethod() {
            return this.httpMethod;
        }

        public String toString() {
            return "AntPath [pattern=" + this.pattern + ", httpMethod=" + this.httpMethod + "]";
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:io/github/icodegarden/commons/springboot/web/filter/GatewayPreAuthenticatedAuthenticationFilter$AntPathRequestMatcher.class */
    public static class AntPathRequestMatcher {
        private static final String MATCH_ALL = "/**";
        private final Matcher matcher;
        private final String pattern;
        private final HttpMethod httpMethod;
        private final boolean caseSensitive;
        private final UrlPathHelper urlPathHelper;

        /* JADX INFO: Access modifiers changed from: private */
        /* loaded from: input_file:io/github/icodegarden/commons/springboot/web/filter/GatewayPreAuthenticatedAuthenticationFilter$AntPathRequestMatcher$Matcher.class */
        public interface Matcher {
            boolean matches(String str);

            Map<String, String> extractUriTemplateVariables(String str);
        }

        /* loaded from: input_file:io/github/icodegarden/commons/springboot/web/filter/GatewayPreAuthenticatedAuthenticationFilter$AntPathRequestMatcher$SpringAntMatcher.class */
        private final class SpringAntMatcher implements Matcher {
            private final AntPathMatcher antMatcher;
            private final String pattern;

            private SpringAntMatcher(String str, boolean z) {
                this.pattern = str;
                this.antMatcher = createMatcher(z);
            }

            @Override // io.github.icodegarden.commons.springboot.web.filter.GatewayPreAuthenticatedAuthenticationFilter.AntPathRequestMatcher.Matcher
            public boolean matches(String str) {
                return this.antMatcher.match(this.pattern, str);
            }

            @Override // io.github.icodegarden.commons.springboot.web.filter.GatewayPreAuthenticatedAuthenticationFilter.AntPathRequestMatcher.Matcher
            public Map<String, String> extractUriTemplateVariables(String str) {
                return this.antMatcher.extractUriTemplateVariables(this.pattern, str);
            }

            private AntPathMatcher createMatcher(boolean z) {
                AntPathMatcher antPathMatcher = new AntPathMatcher();
                antPathMatcher.setTrimTokens(false);
                antPathMatcher.setCaseSensitive(z);
                return antPathMatcher;
            }
        }

        /* loaded from: input_file:io/github/icodegarden/commons/springboot/web/filter/GatewayPreAuthenticatedAuthenticationFilter$AntPathRequestMatcher$SubpathMatcher.class */
        private final class SubpathMatcher implements Matcher {
            private final String subpath;
            private final int length;
            private final boolean caseSensitive;

            private SubpathMatcher(String str, boolean z) {
                Assert.isTrue(!str.contains("*"), "subpath cannot contain \"*\"");
                this.subpath = z ? str : str.toLowerCase();
                this.length = str.length();
                this.caseSensitive = z;
            }

            @Override // io.github.icodegarden.commons.springboot.web.filter.GatewayPreAuthenticatedAuthenticationFilter.AntPathRequestMatcher.Matcher
            public boolean matches(String str) {
                if (!this.caseSensitive) {
                    str = str.toLowerCase();
                }
                return str.startsWith(this.subpath) && (str.length() == this.length || str.charAt(this.length) == '/');
            }

            @Override // io.github.icodegarden.commons.springboot.web.filter.GatewayPreAuthenticatedAuthenticationFilter.AntPathRequestMatcher.Matcher
            public Map<String, String> extractUriTemplateVariables(String str) {
                return Collections.emptyMap();
            }
        }

        public AntPathRequestMatcher(String str) {
            this(str, null);
        }

        public AntPathRequestMatcher(String str, String str2) {
            this(str, str2, true);
        }

        public AntPathRequestMatcher(String str, String str2, boolean z) {
            this(str, str2, z, null);
        }

        public AntPathRequestMatcher(String str, String str2, boolean z, UrlPathHelper urlPathHelper) {
            Assert.hasText(str, "Pattern cannot be null or empty");
            this.caseSensitive = z;
            if (str.equals(MATCH_ALL) || str.equals("**")) {
                str = MATCH_ALL;
                this.matcher = null;
            } else if (str.endsWith(MATCH_ALL) && str.indexOf(63) == -1 && str.indexOf(123) == -1 && str.indexOf(125) == -1 && str.indexOf("*") == str.length() - 2) {
                this.matcher = new SubpathMatcher(str.substring(0, str.length() - 3), z);
            } else {
                this.matcher = new SpringAntMatcher(str, z);
            }
            this.pattern = str;
            this.httpMethod = StringUtils.hasText(str2) ? HttpMethod.valueOf(str2) : null;
            this.urlPathHelper = urlPathHelper;
        }

        public boolean matches(HttpServletRequest httpServletRequest) {
            if (this.httpMethod != null && StringUtils.hasText(httpServletRequest.getMethod()) && this.httpMethod != HttpMethod.resolve(httpServletRequest.getMethod())) {
                return false;
            }
            if (this.pattern.equals(MATCH_ALL)) {
                return true;
            }
            return this.matcher.matches(getRequestPath(httpServletRequest));
        }

        @Deprecated
        public Map<String, String> extractUriTemplateVariables(HttpServletRequest httpServletRequest) {
            return matcher(httpServletRequest).getVariables();
        }

        public MatchResult matcher(HttpServletRequest httpServletRequest) {
            if (!matches(httpServletRequest)) {
                return MatchResult.notMatch();
            }
            if (this.matcher == null) {
                return MatchResult.match();
            }
            return MatchResult.match(this.matcher.extractUriTemplateVariables(getRequestPath(httpServletRequest)));
        }

        private String getRequestPath(HttpServletRequest httpServletRequest) {
            if (this.urlPathHelper != null) {
                return this.urlPathHelper.getPathWithinApplication(httpServletRequest);
            }
            String servletPath = httpServletRequest.getServletPath();
            String pathInfo = httpServletRequest.getPathInfo();
            if (pathInfo != null) {
                servletPath = StringUtils.hasLength(servletPath) ? servletPath + pathInfo : pathInfo;
            }
            return servletPath;
        }

        public String getPattern() {
            return this.pattern;
        }

        public boolean equals(Object obj) {
            if (!(obj instanceof AntPathRequestMatcher)) {
                return false;
            }
            AntPathRequestMatcher antPathRequestMatcher = (AntPathRequestMatcher) obj;
            return this.pattern.equals(antPathRequestMatcher.pattern) && this.httpMethod == antPathRequestMatcher.httpMethod && this.caseSensitive == antPathRequestMatcher.caseSensitive;
        }

        public int hashCode() {
            return (31 * ((31 * (this.pattern != null ? this.pattern.hashCode() : 0)) + (this.httpMethod != null ? this.httpMethod.hashCode() : 0))) + (this.caseSensitive ? 1231 : 1237);
        }

        public String toString() {
            StringBuilder sb = new StringBuilder();
            sb.append("Ant [pattern='").append(this.pattern).append("'");
            if (this.httpMethod != null) {
                sb.append(", ").append(this.httpMethod);
            }
            sb.append("]");
            return sb.toString();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:io/github/icodegarden/commons/springboot/web/filter/GatewayPreAuthenticatedAuthenticationFilter$MatchResult.class */
    public static class MatchResult {
        private final boolean match;
        private final Map<String, String> variables;

        MatchResult(boolean z, Map<String, String> map) {
            this.match = z;
            this.variables = map;
        }

        public boolean isMatch() {
            return this.match;
        }

        public Map<String, String> getVariables() {
            return this.variables;
        }

        public static MatchResult match() {
            return new MatchResult(true, Collections.emptyMap());
        }

        public static MatchResult match(Map<String, String> map) {
            return new MatchResult(true, map);
        }

        public static MatchResult notMatch() {
            return new MatchResult(false, Collections.emptyMap());
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:io/github/icodegarden/commons/springboot/web/filter/GatewayPreAuthenticatedAuthenticationFilter$OrRequestMatcher.class */
    public static class OrRequestMatcher {
        private final List<AntPathRequestMatcher> requestMatchers;

        public OrRequestMatcher(List<AntPathRequestMatcher> list) {
            Assert.notEmpty(list, "requestMatchers must contain a value");
            Assert.isTrue(!list.contains(null), "requestMatchers cannot contain null values");
            this.requestMatchers = list;
        }

        public OrRequestMatcher(AntPathRequestMatcher... antPathRequestMatcherArr) {
            this((List<AntPathRequestMatcher>) Arrays.asList(antPathRequestMatcherArr));
        }

        public boolean matches(HttpServletRequest httpServletRequest) {
            Iterator<AntPathRequestMatcher> it = this.requestMatchers.iterator();
            while (it.hasNext()) {
                if (it.next().matches(httpServletRequest)) {
                    return true;
                }
            }
            return false;
        }

        public String toString() {
            return "Or " + this.requestMatchers;
        }
    }

    public GatewayPreAuthenticatedAuthenticationFilter() {
        setShouldAuthOpenapi(Arrays.asList(new AntPath("/openapi/**", "POST")));
        setShouldAuthInternalApi(Arrays.asList(new AntPath("/api/**", null), new AntPath("/internalapi/**", null), new AntPath("/innerapi/**", null)));
    }

    public void setShouldAuthOpenapi(Collection<AntPath> collection) {
        this.shouldAuthOpenapiMatcher = new OrRequestMatcher((List<AntPathRequestMatcher>) collection.stream().map(antPath -> {
            return new AntPathRequestMatcher(antPath.getPattern(), antPath.getHttpMethod());
        }).collect(Collectors.toList()));
    }

    public void setShouldAuthInternalApi(Collection<AntPath> collection) {
        this.shouldAuthInternalApiMatcher = new OrRequestMatcher((List<AntPathRequestMatcher>) collection.stream().map(antPath -> {
            return new AntPathRequestMatcher(antPath.getPattern(), antPath.getHttpMethod());
        }).collect(Collectors.toList()));
    }

    private boolean shouldAuthOpenapi(HttpServletRequest httpServletRequest) {
        return this.shouldAuthOpenapiMatcher.matches(httpServletRequest);
    }

    private boolean shouldAuthInternalApi(HttpServletRequest httpServletRequest) {
        return this.shouldAuthInternalApiMatcher.matches(httpServletRequest);
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        String header = httpServletRequest.getHeader(HEADER_APPID);
        if (header == null && shouldAuthOpenapi(httpServletRequest)) {
            WebUtils.responseWrite(401, "Access Denied, Unauthorized, App No Principal", httpServletResponse);
            return;
        }
        String str = null;
        if (header == null) {
            str = httpServletRequest.getHeader(HEADER_USERID);
            if (str == null && shouldAuthInternalApi(httpServletRequest)) {
                WebUtils.responseWrite(401, "Access Denied, Unauthorized, User No Principal", httpServletResponse);
                return;
            }
        }
        try {
            if (header != null) {
                SecurityUtils.setAuthentication(new SimpleAuthentication(new SimpleUser(header, httpServletRequest.getHeader(HEADER_APPNAME), "", Collections.emptyList()), Collections.emptyList()));
            } else if (str != null) {
                SecurityUtils.setAuthentication(new SimpleAuthentication(new SimpleUser(str, httpServletRequest.getHeader(HEADER_USERNAME), "", Collections.emptyList()), Collections.emptyList()));
            }
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            SecurityUtils.setAuthentication(null);
        } catch (Throwable th) {
            SecurityUtils.setAuthentication(null);
            throw th;
        }
    }
}
