package com.usthe.sureness.configuration;

import com.usthe.sureness.mgt.SecurityManager;
import com.usthe.sureness.processor.exception.DisabledAccountException;
import com.usthe.sureness.processor.exception.ExcessiveAttemptsException;
import com.usthe.sureness.processor.exception.ExpiredCredentialsException;
import com.usthe.sureness.processor.exception.IncorrectCredentialsException;
import com.usthe.sureness.processor.exception.NeedDigestInfoException;
import com.usthe.sureness.processor.exception.UnauthorizedException;
import com.usthe.sureness.processor.exception.UnknownAccountException;
import com.usthe.sureness.subject.SubjectSum;
import com.usthe.sureness.util.SurenessContextHolder;
import jakarta.servlet.Filter;
import jakarta.servlet.FilterChain;
import jakarta.servlet.FilterConfig;
import jakarta.servlet.ServletException;
import jakarta.servlet.ServletRequest;
import jakarta.servlet.ServletResponse;
import jakarta.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.io.PrintWriter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;

/* loaded from: input_file:com/usthe/sureness/configuration/SurenessJakartaServletFilter.class */
public class SurenessJakartaServletFilter implements Filter {
    private final SecurityManager securityManager;
    private static final Logger logger = LoggerFactory.getLogger(SurenessJakartaServletFilter.class);
    private static final String UPGRADE = "Upgrade";
    private static final String WEBSOCKET = "websocket";

    public SurenessJakartaServletFilter(SecurityManager securityManager) {
        this.securityManager = securityManager;
    }

    public void init(FilterConfig filterConfig) {
        logger.info("servlet surenessFilter initialized");
    }

    public void destroy() {
        logger.info("servlet surenessFilter destroyed");
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        try {
            SubjectSum checkIn = this.securityManager.checkIn(servletRequest);
            if (checkIn != null) {
                SurenessContextHolder.bindSubject(checkIn);
            }
            try {
                filterChain.doFilter(servletRequest, servletResponse);
                int status = ((HttpServletResponse) servletResponse).getStatus();
                String header = ((HttpServletResponse) servletResponse).getHeader(UPGRADE);
                if (status == HttpStatus.SWITCHING_PROTOCOLS.value() && WEBSOCKET.equals(header)) {
                    return;
                }
                SurenessContextHolder.clear();
            } catch (Throwable th) {
                int status2 = ((HttpServletResponse) servletResponse).getStatus();
                String header2 = ((HttpServletResponse) servletResponse).getHeader(UPGRADE);
                if (status2 != HttpStatus.SWITCHING_PROTOCOLS.value() || !WEBSOCKET.equals(header2)) {
                    SurenessContextHolder.clear();
                }
                throw th;
            }
        } catch (NeedDigestInfoException e) {
            logger.debug("you should try once again with digest auth information");
            responseWrite(ResponseEntity.status(HttpStatus.UNAUTHORIZED).header("WWW-Authenticate", new String[]{e.getAuthenticate()}).build(), servletResponse);
        } catch (UnauthorizedException e2) {
            logger.debug("this account can not access this resource, {}", e2.getMessage());
            responseWrite(ResponseEntity.status(HttpStatus.FORBIDDEN).body("This account has no permission to access this resource"), servletResponse);
        } catch (IncorrectCredentialsException | UnknownAccountException | ExpiredCredentialsException e3) {
            logger.debug("this request account info is illegal, {}", e3.getMessage());
            responseWrite(ResponseEntity.status(HttpStatus.UNAUTHORIZED).body("Username or password is incorrect or token expired"), servletResponse);
        } catch (DisabledAccountException | ExcessiveAttemptsException e4) {
            logger.debug("the account is disabled, {}", e4.getMessage());
            responseWrite(ResponseEntity.status(HttpStatus.UNAUTHORIZED).body("Account is disabled"), servletResponse);
        } catch (RuntimeException e5) {
            logger.error("other exception happen: ", e5);
            responseWrite(ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR).build(), servletResponse);
        }
    }

    private static void responseWrite(ResponseEntity responseEntity, ServletResponse servletResponse) {
        servletResponse.setCharacterEncoding("UTF-8");
        ((HttpServletResponse) servletResponse).setStatus(responseEntity.getStatusCodeValue());
        responseEntity.getHeaders().forEach((str, list) -> {
            ((HttpServletResponse) servletResponse).addHeader(str, (String) list.get(0));
        });
        try {
            PrintWriter writer = servletResponse.getWriter();
            try {
                if (responseEntity.getBody() != null) {
                    writer.write(responseEntity.getBody().toString());
                } else {
                    writer.flush();
                }
                if (writer != null) {
                    writer.close();
                }
            } finally {
            }
        } catch (IOException e) {
            logger.error("responseWrite response error: ", e);
        }
    }
}
