package com.ifly.qxb.uap.client.web.filter;

import com.ifly.qxb.uap.client.constants.SSOConstants;
import com.ifly.qxb.uap.client.entity.SSOUser;
import com.ifly.qxb.uap.client.properties.PropertiesCacheUtil;
import com.ifly.qxb.uap.client.utils.HttpUtils;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.xml.parsers.DocumentBuilderFactory;
import org.apache.commons.lang3.ArrayUtils;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.util.AntPathMatcher;
import org.springframework.util.Base64Utils;
import org.springframework.util.PathMatcher;
import org.w3c.dom.Document;

/* loaded from: input_file:com/ifly/qxb/uap/client/web/filter/SSOFilter.class */
public class SSOFilter implements Filter {
    private static final Logger LOGGER = LoggerFactory.getLogger(SSOFilter.class);
    protected String ssoUrl;
    protected String clientUrl;
    protected String[] excludeUrls;
    protected long refreshInterval;
    protected PathMatcher pathMatcher;
    protected static final String SSOQUERY = "ssoQuery";

    public void init(FilterConfig filterConfig) throws ServletException {
        this.pathMatcher = new AntPathMatcher();
        String initParameter = filterConfig.getInitParameter("configPath");
        this.ssoUrl = getConfigValue("sso.ssoUrl", initParameter);
        this.clientUrl = getConfigValue("sso.clientUrl", initParameter);
        this.refreshInterval = Long.parseLong(getConfigValue("sso.refreshInterval", initParameter));
        String configValue = getConfigValue("sso.excludeUrl", initParameter);
        if (StringUtils.isNotEmpty(configValue)) {
            this.excludeUrls = configValue.split(",");
        }
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        if (ArrayUtils.isNotEmpty(this.excludeUrls)) {
            for (String str : this.excludeUrls) {
                if (this.pathMatcher.match(str, httpServletRequest.getServletPath())) {
                    filterChain.doFilter(servletRequest, servletResponse);
                    return;
                }
            }
        }
        SSOUser sSOUser = getSSOUser(httpServletRequest, httpServletResponse);
        if (null != sSOUser && StringUtils.isNotEmpty(sSOUser.getAccountName()) && ((System.currentTimeMillis() - sSOUser.getTimestamp().longValue()) / 1000 < this.refreshInterval || isLogin(httpServletRequest, httpServletResponse))) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        String ticket = getTicket(httpServletRequest);
        if (StringUtils.isNotEmpty(ticket)) {
            try {
                SSOUser sSOUser2 = new SSOUser();
                if (validateST(ticket, sSOUser2, httpServletRequest)) {
                    setSSOUser(sSOUser2, httpServletRequest, httpServletResponse);
                    redirectClientServiceUrl(sSOUser2, httpServletRequest, httpServletResponse);
                    return;
                }
            } catch (Exception e) {
                LOGGER.error("验证ticket失败", e);
            }
        }
        setSSOUser(new SSOUser(), httpServletRequest, httpServletResponse);
        if (!isAjax(httpServletRequest)) {
            redirectSSOServiceUrl(httpServletRequest, httpServletResponse);
        } else {
            httpServletResponse.setHeader("sessionstatus", "timeout");
            filterChain.doFilter(servletRequest, servletResponse);
        }
    }

    protected String getTicket(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getParameter("ticket");
    }

    protected void redirectSSOServiceUrl(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        String format = String.format("%s/login?service=%s", this.ssoUrl, getSSOServiceUrl(httpServletRequest));
        LOGGER.info("==>redirectSSOServiceUrl:{}", format);
        httpServletResponse.sendRedirect(format);
    }

    protected void redirectClientServiceUrl(SSOUser sSOUser, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        String sSOReturnUrl = getSSOReturnUrl(httpServletRequest);
        LOGGER.info("==>redirectClientServiceUrl:{}", sSOReturnUrl);
        httpServletResponse.sendRedirect(sSOReturnUrl);
    }

    protected void setSSOUser(SSOUser sSOUser, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        httpServletRequest.getSession().setAttribute(SSOConstants.SSO_USER, sSOUser);
    }

    protected SSOUser getSSOUser(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        return (SSOUser) httpServletRequest.getSession().getAttribute(SSOConstants.SSO_USER);
    }

    protected String getSSOServiceUrl(HttpServletRequest httpServletRequest) {
        return StringUtils.isEmpty(this.clientUrl) ? null == httpServletRequest.getQueryString() ? httpServletRequest.getRequestURL().toString() : httpServletRequest.getQueryString().contains("ticket") ? StringUtils.isNotEmpty(httpServletRequest.getParameter(SSOQUERY)) ? String.format("%s?%s=%s", httpServletRequest.getRequestURL().toString(), SSOQUERY, httpServletRequest.getParameter(SSOQUERY)) : httpServletRequest.getRequestURL().toString() : String.format("%s?%s=%s", httpServletRequest.getRequestURL().toString(), SSOQUERY, Base64Utils.encodeToString(httpServletRequest.getQueryString().getBytes())) : this.clientUrl;
    }

    protected String getSSOReturnUrl(HttpServletRequest httpServletRequest) {
        return StringUtils.isEmpty(this.clientUrl) ? (null == httpServletRequest.getQueryString() || StringUtils.isEmpty(httpServletRequest.getParameter(SSOQUERY))) ? httpServletRequest.getRequestURL().toString() : String.format("%s?%s", httpServletRequest.getRequestURL().toString(), new String(Base64Utils.decodeFromString(httpServletRequest.getParameter(SSOQUERY)))) : this.clientUrl;
    }

    protected String getConfigValue(String str, String str2) {
        return PropertiesCacheUtil.getValue(str, str2);
    }

    protected String getConfigValue(String str, String str2, String str3) {
        return PropertiesCacheUtil.getValue(str, str2, str3);
    }

    private boolean validateST(String str, SSOUser sSOUser, HttpServletRequest httpServletRequest) throws Exception {
        String format = String.format("%s/p3/serviceValidate?ticket=%s&service=%s", this.ssoUrl, str, getSSOServiceUrl(httpServletRequest));
        LOGGER.debug("ticket验证：" + format);
        String doHttpGet = HttpUtils.doHttpGet(format);
        LOGGER.debug("ticket验证结果：" + doHttpGet);
        if (!StringUtils.isNotBlank(doHttpGet)) {
            return false;
        }
        Document parse = DocumentBuilderFactory.newInstance().newDocumentBuilder().parse(new ByteArrayInputStream(doHttpGet.getBytes(StandardCharsets.UTF_8)));
        sSOUser.setAccountName(parse.getElementsByTagName("cas:userAccount").item(0).getTextContent());
        sSOUser.setName(parse.getElementsByTagName("cas:userName").item(0).getTextContent());
        sSOUser.setUserSource(Integer.valueOf(parse.getElementsByTagName("cas:userSource").item(0).getTextContent()));
        sSOUser.setUserId(parse.getElementsByTagName("cas:userId").item(0).getTextContent());
        sSOUser.setTimestamp(Long.valueOf(System.currentTimeMillis()));
        return true;
    }

    private boolean isLogin(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        String encodeToString = Base64Utils.encodeToString(httpServletRequest.getHeader("User-Agent").getBytes(StandardCharsets.UTF_8));
        SSOUser sSOUser = getSSOUser(httpServletRequest, httpServletResponse);
        String format = String.format("%s/loginState/check2?userSignId=%s&userAccount=%s", this.ssoUrl, encodeToString, sSOUser.getAccountName());
        LOGGER.debug("登陆状态验证：" + format);
        String doHttpGet = HttpUtils.doHttpGet(format);
        LOGGER.debug("登陆状态验证结果：" + doHttpGet);
        if (!StringUtils.isNotBlank(doHttpGet) || !Boolean.parseBoolean(doHttpGet)) {
            return false;
        }
        sSOUser.setTimestamp(Long.valueOf(System.currentTimeMillis()));
        setSSOUser(sSOUser, httpServletRequest, httpServletResponse);
        return true;
    }

    protected boolean isAjax(HttpServletRequest httpServletRequest) {
        return httpServletRequest.getHeader("X-Requested-With") != null && "XMLHttpRequest".equalsIgnoreCase(httpServletRequest.getHeader("X-Requested-With"));
    }

    public void destroy() {
    }
}
