package com.uccc.security.spring.interceptor;

import com.auth0.jwt.JWTVerifier;
import com.uccc.security.model.JwtCodeBean;
import com.uccc.security.sdk.core.SecurityApiManager;
import com.uccc.security.spring.exception.AuthorizationException;
import com.uccc.security.util.ResultJson;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.collections.MapUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.util.StringUtils;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;

/* loaded from: input_file:com/uccc/security/spring/interceptor/CCSecurityInterceptor.class */
public class CCSecurityInterceptor implements HandlerInterceptor {
    private static final Logger log = LoggerFactory.getLogger(CCSecurityInterceptor.class);
    private String jwtSecret;
    private SecurityApiManager securityApiManager;
    private String servletPath;

    public CCSecurityInterceptor(String str, SecurityApiManager securityApiManager) {
        this.jwtSecret = str;
        this.securityApiManager = securityApiManager;
    }

    public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj) throws Exception {
        JwtCodeBean unpackJwtCode = unpackJwtCode(httpServletRequest, httpServletResponse);
        if (unpackJwtCode == null) {
            log.warn("Authorization header not found,uri={}", httpServletRequest.getRequestURI());
            throw new AuthorizationException("Authorization header not found,uri=" + httpServletRequest.getRequestURI());
        }
        String requestURI = httpServletRequest.getRequestURI();
        if (this.servletPath != null) {
            requestURI = requestURI.replace(this.servletPath, "");
        }
        ResultJson checkPermission = this.securityApiManager.checkPermission(Long.valueOf(unpackJwtCode.getUid()).longValue(), requestURI + ":" + httpServletRequest.getMethod().toLowerCase());
        if (!checkPermission.isSuccess()) {
            log.warn("request permission failed,uri={},error={}", httpServletRequest.getRequestURI(), checkPermission.toString());
            throw new AuthorizationException("request permission failed,uri=" + httpServletRequest.getRequestURI() + ",error=" + checkPermission.toString());
        }
        if (!log.isDebugEnabled()) {
            return true;
        }
        log.debug("request is auth success,uri={}", httpServletRequest.getRequestURI());
        return true;
    }

    private JwtCodeBean unpackJwtCode(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Exception {
        JWTVerifier jWTVerifier = new JWTVerifier(this.jwtSecret);
        String header = httpServletRequest.getHeader("Authorization");
        if (StringUtils.isEmpty(header)) {
            httpServletResponse.setStatus(401);
            return null;
        }
        Map verify = jWTVerifier.verify(header);
        JwtCodeBean deviceId = new JwtCodeBean().setExp(MapUtils.getLongValue(verify, "exp")).setIat(MapUtils.getLongValue(verify, "iat")).setIssure(MapUtils.getString(verify, "iss")).setTenantIds(MapUtils.getString(verify, "tenantIds")).setUid(MapUtils.getString(verify, "uid")).setAppKey(MapUtils.getString(verify, "appKey")).setDeviceId(MapUtils.getString(verify, "deviceId"));
        httpServletRequest.setAttribute("jwtCode", deviceId);
        return deviceId;
    }

    public void postHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj, ModelAndView modelAndView) throws Exception {
    }

    public void afterCompletion(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj, Exception exc) throws Exception {
    }

    public void setServletPath(String str) {
        this.servletPath = str;
    }
}
