package com.jzt.wotu.sso;

import io.jsonwebtoken.ExpiredJwtException;
import io.jsonwebtoken.MalformedJwtException;
import io.jsonwebtoken.UnsupportedJwtException;
import java.io.IOException;
import java.util.Collection;
import java.util.stream.Collectors;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.keycloak.TokenVerifier;
import org.keycloak.common.VerificationException;
import org.keycloak.representations.AccessToken;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.web.filter.OncePerRequestFilter;

/* loaded from: input_file:com/jzt/wotu/sso/JWTAuthorizationFilter.class */
public class JWTAuthorizationFilter extends OncePerRequestFilter {
    private final String HEADER = "Authorization";
    private final String ignoreHEADER = "BranchId";
    private final String PREFIX = "Bearer ";
    private final String SECRET = "mySecretKey";

    protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
        try {
            if (checkJWTToken(httpServletRequest, httpServletResponse)) {
                AccessToken validateToken = validateToken(httpServletRequest);
                if (validateToken == null || validateToken.getSubject() == null) {
                    SecurityContextHolder.clearContext();
                } else {
                    setUpSpringAuthentication(validateToken);
                }
            } else {
                SecurityContextHolder.clearContext();
            }
            filterChain.doFilter(httpServletRequest, httpServletResponse);
        } catch (ExpiredJwtException | UnsupportedJwtException | MalformedJwtException e) {
            httpServletResponse.setStatus(403);
            httpServletResponse.sendError(403, e.getMessage());
        }
    }

    private AccessToken validateToken(HttpServletRequest httpServletRequest) {
        try {
            return TokenVerifier.create(httpServletRequest.getHeader("Authorization").replace("Bearer ", ""), AccessToken.class).getToken();
        } catch (VerificationException e) {
            return null;
        }
    }

    private void setUpSpringAuthentication(AccessToken accessToken) {
        SecurityContextHolder.getContext().setAuthentication(new UsernamePasswordAuthenticationToken(accessToken, (Object) null, (Collection) accessToken.getResourceAccess().keySet().stream().map(SimpleGrantedAuthority::new).collect(Collectors.toList())));
    }

    private boolean checkJWTToken(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        String header;
        return httpServletRequest.getHeader("BranchId") == null && (header = httpServletRequest.getHeader("Authorization")) != null && header.startsWith("Bearer ");
    }
}
