package com.chinacreator.asp.comp.sys.oauth2.resourceserver.filter;

import com.auth0.jwt.exceptions.InvalidClaimException;
import com.auth0.jwt.exceptions.JWTVerificationException;
import com.chinacreator.asp.comp.sys.oauth2.OAuth2CredentialFactory;
import com.chinacreator.asp.comp.sys.oauth2.common.Credential;
import com.chinacreator.asp.comp.sys.oauth2.common.CredentialConfiguration;
import com.chinacreator.asp.comp.sys.oauth2.common.CredentialStore;
import com.chinacreator.asp.comp.sys.oauth2.common.util.CORSUtil;
import com.chinacreator.asp.comp.sys.oauth2.common.util.CookieUtil;
import com.chinacreator.asp.comp.sys.oauth2.common.util.MockCredential;
import com.chinacreator.asp.comp.sys.oauth2.common.util.SSOUtils;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.oltu.oauth2.common.exception.OAuthProblemException;
import org.apache.oltu.oauth2.common.exception.OAuthSystemException;
import org.apache.oltu.oauth2.common.message.types.ParameterStyle;
import org.apache.oltu.oauth2.rs.request.OAuthAccessResourceRequest;
import org.json.JSONObject;

/* loaded from: input_file:com/chinacreator/asp/comp/sys/oauth2/resourceserver/filter/C2ResourceServerFilter.class */
public class C2ResourceServerFilter implements Filter {
    private SSOUtils oAuth2SSOService = SSOUtils.getOAuth2SSOService();

    public void init(FilterConfig filterConfig) throws ServletException {
        CredentialConfiguration.init(filterConfig);
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        CORSUtil.addCORSHeaders(httpServletRequest, httpServletResponse);
        if (this.oAuth2SSOService.isAnonUrl(httpServletRequest, httpServletRequest.getRequestURI())) {
            filterChain.doFilter(servletRequest, servletResponse);
        } else {
            doAuthcFilter(httpServletRequest, httpServletResponse, filterChain);
        }
    }

    private void doAuthcFilter(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws IOException, ServletException {
        Credential mockCredential;
        String str = null;
        try {
            try {
                str = new OAuthAccessResourceRequest(httpServletRequest, new ParameterStyle[]{ParameterStyle.HEADER}).getAccessToken();
            } catch (OAuthSystemException e) {
            } catch (OAuthProblemException e2) {
            }
            if (str == null) {
                str = CookieUtil.getCookieByName(httpServletRequest, "C2AT");
            }
            mockCredential = OAuth2CredentialFactory.getCredentialByAccessToken(str, true);
        } catch (NullPointerException e3) {
            if (!CredentialConfiguration.isDebugMode()) {
                hanldeInvalidToken(httpServletRequest, httpServletResponse, filterChain, "", "外部调用没有有效的凭证信息");
                return;
            }
            mockCredential = new MockCredential();
        } catch (JWTVerificationException e4) {
            httpServletResponse.setContentType("text/html;charset=UTF-8");
            httpServletResponse.getWriter().write("凭证校验失败，请检查配置:" + e4.getMessage());
            httpServletResponse.setStatus(403);
            return;
        } catch (InvalidClaimException e5) {
            hanldeInvalidToken(httpServletRequest, httpServletResponse, filterChain, "", "凭证超时");
            return;
        }
        if (mockCredential != null) {
            CredentialStore.setCurrCredential(mockCredential);
            filterChain.doFilter(httpServletRequest, httpServletResponse);
        }
    }

    private void hanldeInvalidToken(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain, String str, String str2) throws IOException, ServletException {
        httpServletResponse.setStatus(CredentialConfiguration.getUnauthorizedStatus());
        JSONObject jSONObject = new JSONObject();
        jSONObject.put("errorType", str);
        jSONObject.put("errorDescription", str2);
        String lowerCase = httpServletRequest.getHeader("User-Agent").toLowerCase();
        if (lowerCase.contains("msie") || (lowerCase.contains("gecko") && lowerCase.contains("rv:11"))) {
            httpServletResponse.setContentType("text/plain;charset=UTF-8");
        } else {
            httpServletResponse.setContentType("application/json;charset=UTF-8");
        }
        httpServletResponse.getOutputStream().write(jSONObject.toString().getBytes("UTF-8"));
    }

    public void destroy() {
    }
}
