package org.onetwo.ext.security.ajax;

import com.google.common.collect.ImmutableMap;
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.onetwo.common.exception.BaseException;
import org.onetwo.common.exception.ExceptionCodeMark;
import org.onetwo.common.jackson.JsonMapper;
import org.onetwo.common.log.JFishLoggerFactory;
import org.onetwo.common.spring.mvc.utils.DataResults;
import org.onetwo.common.utils.LangUtils;
import org.onetwo.common.web.utils.RequestUtils;
import org.onetwo.common.web.utils.ResponseUtils;
import org.onetwo.common.web.utils.WebUtils;
import org.onetwo.ext.security.jwt.JwtAuthStores;
import org.onetwo.ext.security.jwt.JwtSecurityTokenInfo;
import org.onetwo.ext.security.jwt.JwtSecurityTokenService;
import org.onetwo.ext.security.utils.CookieStorer;
import org.onetwo.ext.security.utils.SecurityConfig;
import org.onetwo.ext.security.utils.SecurityUtils;
import org.slf4j.Logger;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler;
import org.springframework.security.web.savedrequest.HttpSessionRequestCache;
import org.springframework.security.web.savedrequest.NullRequestCache;
import org.springframework.security.web.savedrequest.RequestCache;
import org.springframework.security.web.savedrequest.SavedRequest;
import org.springframework.util.Assert;

/* loaded from: input_file:org/onetwo/ext/security/ajax/AjaxAuthenticationHandler.class */
public class AjaxAuthenticationHandler extends SimpleUrlAuthenticationSuccessHandler implements AuthenticationFailureHandler, AuthenticationSuccessHandler, InitializingBean {
    private final Logger logger;
    private AuthenticationFailureHandler failureHandler;
    private boolean failureUrlWithMessage;
    private AuthenticationSuccessHandler successHandler;
    private JsonMapper mapper;
    private String authenticationFailureUrl;
    private RequestCache requestCache;

    @Autowired(required = false)
    private JwtSecurityTokenService jwtTokenService;
    private CookieStorer cookieStorer;
    private SecurityConfig.JwtConfig jwtConfig;

    public AjaxAuthenticationHandler() {
        this(null, null, false);
    }

    public AjaxAuthenticationHandler(String str) {
        this(str, null, false);
    }

    public AjaxAuthenticationHandler(String str, String str2) {
        this(str, str2, false);
    }

    public AjaxAuthenticationHandler(String str, String str2, boolean z) {
        this(false, str, str2, z);
    }

    public AjaxAuthenticationHandler(boolean z, String str, String str2, boolean z2) {
        this.logger = JFishLoggerFactory.getLogger(getClass());
        this.mapper = JsonMapper.IGNORE_NULL;
        this.requestCache = new NullRequestCache();
        this.failureUrlWithMessage = z;
        this.authenticationFailureUrl = str;
        if (StringUtils.isNotBlank(str2)) {
            setDefaultTargetUrl(str2);
        }
        setAlwaysUseDefaultTargetUrl(z2);
    }

    public void afterPropertiesSet() throws Exception {
        SimpleUrlAuthenticationSuccessHandler simpleUrlAuthenticationSuccessHandler;
        if (this.jwtConfig.isEnabled()) {
            if (this.jwtTokenService == null) {
                throw new BaseException("not jwtTokenService found!");
            }
            Assert.notNull(this.jwtConfig.getAuthStore(), "jwt auth store can not be null");
        }
        if (this.authenticationFailureUrl != null) {
            this.failureHandler = new SimpleUrlAuthenticationFailureHandler(this.authenticationFailureUrl);
        } else {
            this.failureHandler = new SimpleUrlAuthenticationFailureHandler();
        }
        if (isAlwaysUseDefaultTargetUrl()) {
            simpleUrlAuthenticationSuccessHandler = new SimpleUrlAuthenticationSuccessHandler();
        } else {
            this.requestCache = new HttpSessionRequestCache();
            SimpleUrlAuthenticationSuccessHandler savedRequestAwareAuthenticationSuccessHandler = new SavedRequestAwareAuthenticationSuccessHandler();
            savedRequestAwareAuthenticationSuccessHandler.setRequestCache(this.requestCache);
            simpleUrlAuthenticationSuccessHandler = savedRequestAwareAuthenticationSuccessHandler;
        }
        if (getDefaultTargetUrl() != null) {
            simpleUrlAuthenticationSuccessHandler.setDefaultTargetUrl(getDefaultTargetUrl());
            simpleUrlAuthenticationSuccessHandler.setAlwaysUseDefaultTargetUrl(isAlwaysUseDefaultTargetUrl());
        }
        this.successHandler = simpleUrlAuthenticationSuccessHandler;
    }

    public void onAuthenticationSuccess(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) throws IOException, ServletException {
        JwtSecurityTokenInfo jwtSecurityTokenInfo = null;
        if (this.jwtConfig.isEnabled()) {
            jwtSecurityTokenInfo = this.jwtTokenService.generateToken(authentication);
            this.jwtConfig.getAuthStore().saveToken(JwtAuthStores.StoreContext.builder().authKey(this.jwtConfig.getAuthKey()).request(httpServletRequest).response(httpServletResponse).cookieStorer(this.cookieStorer).token(jwtSecurityTokenInfo).build());
        }
        if (!RequestUtils.isAjaxRequest(httpServletRequest)) {
            this.successHandler.onAuthenticationSuccess(httpServletRequest, httpServletResponse, authentication);
            return;
        }
        String defaultTargetUrl = getDefaultTargetUrl();
        String targetUrlParameter = getTargetUrlParameter();
        if (isAlwaysUseDefaultTargetUrl() || (targetUrlParameter != null && StringUtils.isNotBlank(httpServletRequest.getParameter(targetUrlParameter)))) {
            defaultTargetUrl = determineTargetUrl(httpServletRequest, httpServletResponse);
        } else {
            SavedRequest request = this.requestCache.getRequest(httpServletRequest, httpServletResponse);
            if (request != null) {
                this.requestCache.removeRequest(httpServletRequest, httpServletResponse);
                defaultTargetUrl = request.getRedirectUrl();
                clearAuthenticationAttributes(httpServletRequest);
            }
        }
        String str = defaultTargetUrl;
        if (jwtSecurityTokenInfo != null) {
            str = ImmutableMap.of("redirectUrl", defaultTargetUrl, "token", jwtSecurityTokenInfo);
        }
        String json = this.mapper.toJson(DataResults.success("登录成功！").data(str).build());
        if (RequestUtils.getBrowerMetaByAgent(httpServletRequest).isFuckingBrowser()) {
            ResponseUtils.render(httpServletResponse, json, "text/html; charset=UTF-8", true);
        } else {
            ResponseUtils.render(httpServletResponse, json, "application/json; charset=UTF-8", true);
        }
    }

    public void onAuthenticationFailure(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationException authenticationException) throws IOException, ServletException {
        this.logger.error("login error", authenticationException);
        if (!RequestUtils.isAjaxRequest(httpServletRequest)) {
            if (!this.failureUrlWithMessage) {
                this.failureHandler.onAuthenticationFailure(httpServletRequest, httpServletResponse, authenticationException);
                return;
            } else {
                new SimpleUrlAuthenticationFailureHandler(RequestUtils.appendParam(this.authenticationFailureUrl, "message", LangUtils.encodeUrl(authenticationException.getMessage()))).onAuthenticationFailure(httpServletRequest, httpServletResponse, authenticationException);
                return;
            }
        }
        DataResults.SimpleResultBuilder<?> error = DataResults.error("验证失败：" + authenticationException.getMessage());
        String name = SecurityUtils.SecurityErrors.AUTH_FAILED.name();
        if (authenticationException instanceof ExceptionCodeMark) {
            name = ((ExceptionCodeMark) authenticationException).getCode();
        }
        ResponseUtils.render(httpServletResponse, this.mapper.toJson(buildErrorCode(error, httpServletRequest, authenticationException).code(name).build()), "application/json; charset=UTF-8", true);
    }

    private DataResults.SimpleResultBuilder<?> buildErrorCode(DataResults.SimpleResultBuilder<?> simpleResultBuilder, HttpServletRequest httpServletRequest, AuthenticationException authenticationException) {
        return WebUtils.buildErrorCode(simpleResultBuilder, httpServletRequest, authenticationException);
    }

    public void setAuthenticationFailureUrl(String str) {
        this.authenticationFailureUrl = str;
    }

    public void setJwtTokenService(JwtSecurityTokenService jwtSecurityTokenService) {
        this.jwtTokenService = jwtSecurityTokenService;
    }

    public void setCookieStorer(CookieStorer cookieStorer) {
        this.cookieStorer = cookieStorer;
    }

    public void setJwtConfig(SecurityConfig.JwtConfig jwtConfig) {
        this.jwtConfig = jwtConfig;
    }
}
