package com.xunyi.beast.security.authentication.servlet;

import com.xunyi.beast.security.authentication.ClientSignatureAuthenticationToken;
import com.xunyi.beast.security.authentication.ClientSignatureToken;
import com.xunyi.beast.security.authentication.servlet.error.ClientSignatureAuthenticationEntryPoint;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.io.IOUtils;
import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.oauth2.provider.ClientDetails;
import org.springframework.security.oauth2.provider.ClientDetailsService;
import org.springframework.util.StringUtils;
import org.springframework.web.filter.OncePerRequestFilter;

/* loaded from: input_file:com/xunyi/beast/security/authentication/servlet/ClientSignatureAuthenticationFilter.class */
public class ClientSignatureAuthenticationFilter extends OncePerRequestFilter {
    public static final String AUTHENTICATION_SCHEME_APP = "APP-SHA256-RSA2048";
    private ClientDetailsService clientDetailsService;
    private ClientSignatureAuthenticationConverter converter = new ClientSignatureAuthenticationConverter();
    private ClientSignatureAuthenticationEntryPoint authenticationEntryPoint = new ClientSignatureAuthenticationEntryPoint();

    public ClientSignatureAuthenticationFilter(ClientDetailsService clientDetailsService) {
        this.clientDetailsService = clientDetailsService;
    }

    protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
        if (!StringUtils.startsWithIgnoreCase(httpServletRequest.getHeader("Authorization"), "APP-SHA256-RSA2048")) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        boolean z = !isAsyncDispatch(httpServletRequest);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        IOUtils.copy(httpServletRequest.getInputStream(), byteArrayOutputStream);
        byte[] byteArray = byteArrayOutputStream.toByteArray();
        RequestBodyWrapper requestBodyWrapper = new RequestBodyWrapper(httpServletRequest, byteArray);
        try {
            ClientSignatureToken apply = this.converter.apply(httpServletRequest);
            ClientDetails loadClientByClientId = this.clientDetailsService.loadClientByClientId(apply.getAppId());
            if (loadClientByClientId == null) {
                throw new AuthenticationCredentialsNotFoundException("client credentials missing.");
            }
            apply.validate(loadClientByClientId.getClientSecret(), new RequestBodyWrapper(httpServletRequest, byteArray));
            Authentication createSuccessfulAuthentication = createSuccessfulAuthentication(httpServletRequest, loadClientByClientId);
            SecurityContext createEmptyContext = SecurityContextHolder.createEmptyContext();
            createEmptyContext.setAuthentication(createSuccessfulAuthentication);
            SecurityContextHolder.setContext(createEmptyContext);
            filterChain.doFilter(requestBodyWrapper, httpServletResponse);
        } catch (AuthenticationException e) {
            this.logger.info("Authentication request for failed!", e);
            this.authenticationEntryPoint.commence(httpServletRequest, httpServletResponse, e);
        }
    }

    public Authentication createSuccessfulAuthentication(HttpServletRequest httpServletRequest, ClientDetails clientDetails) {
        ClientSignatureAuthenticationToken clientSignatureAuthenticationToken = new ClientSignatureAuthenticationToken(clientDetails.getClientId(), clientDetails.getClientSecret());
        clientSignatureAuthenticationToken.setAuthenticated(true);
        return clientSignatureAuthenticationToken;
    }
}
