package com.els.modules.shiro.authc.aop;

import com.alibaba.fastjson.JSON;
import com.els.common.constant.CommonConstant;
import com.els.common.exception.ELSBootException;
import com.els.common.exception.ELSBootExceptionHandler;
import com.els.common.system.util.JwtUtil;
import com.els.common.util.PasswordUtil;
import com.els.common.util.RedisUtil;
import com.els.common.util.SpringContextUtils;
import com.els.config.mybatis.TenantContext;
import com.els.modules.shiro.authc.JwtToken;
import com.els.modules.shiro.contants.DefContants;
import com.els.modules.system.entity.ElsSubAccount;
import com.els.modules.system.service.ElsSubAccountService;
import com.els.modules.system.service.impl.ElsSubAccountServiceImpl;
import java.io.IOException;
import java.io.PrintWriter;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.web.filter.authc.BasicHttpAuthenticationFilter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.HttpStatus;
import org.springframework.web.bind.annotation.RequestMethod;

/* loaded from: input_file:com/els/modules/shiro/authc/aop/OpenApiFilter.class */
public class OpenApiFilter extends BasicHttpAuthenticationFilter {
    private static final Logger log = LoggerFactory.getLogger(OpenApiFilter.class);

    protected boolean isAccessAllowed(ServletRequest servletRequest, ServletResponse servletResponse, Object obj) {
        try {
            return executeLogin(servletRequest, servletResponse);
        } catch (Exception e) {
            throw new AuthenticationException("API 鉴权失败：" + e.getMessage(), e);
        }
    }

    protected boolean executeLogin(ServletRequest servletRequest, ServletResponse servletResponse) throws Exception {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        String header = httpServletRequest.getHeader(DefContants.API_ELS_ACCOUNT);
        String header2 = httpServletRequest.getHeader(DefContants.API_SUB_ACCOUNT);
        String header3 = httpServletRequest.getHeader(DefContants.API_PWD);
        try {
            if (StringUtils.isBlank(header) || StringUtils.isBlank(header2) || StringUtils.isBlank(header3) || !header2.contains("App_")) {
                throw new ELSBootException("账号密码格式不正确");
            }
            TenantContext.setTenant(header);
            ElsSubAccountService elsSubAccountService = (ElsSubAccountService) SpringContextUtils.getBean(ElsSubAccountServiceImpl.class);
            ElsSubAccount userBySubAccount = elsSubAccountService.getUserBySubAccount(header2);
            if (userBySubAccount == null) {
                throw new ELSBootException("账号密码不正确");
            }
            if (!PasswordUtil.encrypt(String.valueOf(header) + "_" + header2, header3, userBySubAccount.getSalt()).equals(userBySubAccount.getPassword())) {
                throw new ELSBootException("账号密码不正确");
            }
            if (!elsSubAccountService.checkUserIsEffective(userBySubAccount).isSuccess()) {
                throw new ELSBootException("账号不可用");
            }
            String sign = JwtUtil.sign(String.valueOf(header) + "_" + header2, header3);
            RedisUtil redisUtil = (RedisUtil) SpringContextUtils.getBean(RedisUtil.class);
            redisUtil.set(CommonConstant.PREFIX_USER_TOKEN + sign, sign);
            redisUtil.expire(CommonConstant.PREFIX_USER_TOKEN + sign, 3600L);
            SecurityUtils.getSubject().login(new JwtToken(sign));
            TenantContext.setTenant(header);
            return true;
        } catch (ELSBootException e) {
            returnJson(servletResponse, JSON.toJSONString(new ELSBootExceptionHandler().handleRRException(e)));
            return false;
        }
    }

    private void returnJson(ServletResponse servletResponse, String str) {
        PrintWriter printWriter = null;
        servletResponse.setCharacterEncoding("UTF-8");
        servletResponse.setContentType("application/json; charset=utf-8");
        try {
            try {
                printWriter = servletResponse.getWriter();
                printWriter.print(str);
                if (printWriter != null) {
                    printWriter.close();
                }
            } catch (IOException e) {
                log.error("response error", e);
                if (printWriter != null) {
                    printWriter.close();
                }
            }
        } catch (Throwable th) {
            if (printWriter != null) {
                printWriter.close();
            }
            throw th;
        }
    }

    protected boolean preHandle(ServletRequest servletRequest, ServletResponse servletResponse) throws Exception {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        httpServletResponse.setHeader("Access-control-Allow-Origin", httpServletRequest.getHeader("Origin"));
        httpServletResponse.setHeader("Access-Control-Allow-Methods", "GET,POST,OPTIONS,PUT,DELETE");
        httpServletResponse.setHeader("Access-Control-Allow-Headers", httpServletRequest.getHeader("Access-Control-Request-Headers"));
        if (!httpServletRequest.getMethod().equals(RequestMethod.OPTIONS.name())) {
            return super.preHandle(servletRequest, servletResponse);
        }
        httpServletResponse.setStatus(HttpStatus.OK.value());
        return false;
    }

    public /* bridge */ /* synthetic */ String getAuthcScheme() {
        return super.getAuthcScheme();
    }

    public /* bridge */ /* synthetic */ void setAuthzScheme(String str) {
        super.setAuthzScheme(str);
    }

    public /* bridge */ /* synthetic */ void setAuthcScheme(String str) {
        super.setAuthcScheme(str);
    }

    public /* bridge */ /* synthetic */ void setApplicationName(String str) {
        super.setApplicationName(str);
    }

    public /* bridge */ /* synthetic */ String getAuthzScheme() {
        return super.getAuthzScheme();
    }

    public /* bridge */ /* synthetic */ String getApplicationName() {
        return super.getApplicationName();
    }
}
