package com.apache.passport.common;

import com.apache.oscache.OsCacheManager;
import com.apache.passport.jwt.CorsFilter;
import com.apache.tools.ConfigUtil;
import com.apache.tools.StrUtil;
import com.apache.uct.common.LoginUser;
import com.apache.uct.common.ToolsUtil;
import java.io.IOException;
import java.io.PrintWriter;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Map;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import net.sf.json.JSONObject;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/apache/passport/common/JwtClientFilter.class */
public class JwtClientFilter extends CorsFilter {
    private static final Logger logg = LoggerFactory.getLogger(JwtClientFilter.class);
    protected String jwtOrgEname = ToolsUtil.BLANK;
    private String sysCode = ToolsUtil.BLANK;
    private Map<String, ArrayList<String>> whiteMap = new HashMap();

    @Override // com.apache.passport.jwt.CorsFilter
    public void init(FilterConfig filterConfig) {
        this.sysCode = filterConfig.getInitParameter("sysCode");
        super.init(filterConfig);
        this.jwtOrgEname = ToolsUtil.getInstance().getValueByKey("jwt_orgEname");
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        httpServletResponse.setCharacterEncoding("UTF-8");
        httpServletResponse.setDateHeader("expires", 0L);
        httpServletResponse.setHeader("Cache-Control", "no-cache");
        httpServletResponse.setHeader("pragma", "no-cache");
        httpServletRequest.setCharacterEncoding("UTF-8");
        httpServletResponse.setHeader("Access-Control-Allow-Origin", "*");
        httpServletResponse.setHeader("Access-Control-Allow-Methods", "POST, GET, PUT, OPTIONS, DELETE");
        httpServletResponse.setHeader("Access-Control-Max-Age", "3600");
        httpServletResponse.setHeader("Access-Control-Allow-Headers", "*");
        httpServletRequest.getSession().setAttribute("outUrl", StrUtil.doNull(httpServletRequest.getHeader("real-server-name"), httpServletRequest.getScheme() + "://" + httpServletRequest.getServerName() + ":" + httpServletRequest.getServerPort()) + httpServletRequest.getContextPath() + "/");
        String requestURI = httpServletRequest.getRequestURI();
        if (requestURI.indexOf("/api/") > -1 || requestURI.indexOf("/atta/") != -1 || requestURI.indexOf("/export/") != -1 || jkWhite(httpServletRequest.getServletPath()) || requestURI.indexOf("/images/") != -1 || requestURI.indexOf("/js/") != -1 || requestURI.indexOf("/common/") != -1) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        String parseUrlSuffix = PassportHelper.getInstance().parseUrlSuffix(requestURI);
        if (StrUtil.isNotNull(parseUrlSuffix) && XmlWhiteUtils.SUFFIX.contains(parseUrlSuffix.toLowerCase())) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        String tokenId = PassportHelper.getInstance().getTokenId(httpServletRequest);
        String contextPath = httpServletRequest.getContextPath();
        boolean z = false;
        if (ConfigUtil.getInstance().checkFileUpdate(ToolsUtil.BLANK) || StrUtil.isNull(this.cookieName)) {
            initValue();
        }
        if (!requestURI.equals(contextPath + "/logout") && !requestURI.equals(contextPath + "/cset")) {
            String parameter = httpServletRequest.getParameter("code");
            if ("T".equals(ToolsUtil.getInstance().getValueByKey("if_jwt_check")) && StrUtil.isNotNull(parameter)) {
                tokenId = getAccessToken(parameter, httpServletRequest, httpServletResponse);
            }
            if (StrUtil.isNotNull(tokenId)) {
                z = auditTokenAndSso(tokenId, httpServletRequest, httpServletResponse);
                if (!z) {
                    LoginUser loginUser = OsCacheManager.getInstance().getLoginUser(tokenId);
                    String doNull = StrUtil.doNull(httpServletRequest.getHeader("zuultokenid"), PassportHelper.getInstance().getCurrCookie(httpServletRequest, "_uc.sso"));
                    if (loginUser != null) {
                        doNull = loginUser.getUserEname();
                    }
                    if (StrUtil.isNotNull(doNull)) {
                        checkToken(tokenId, httpServletRequest.getLocalAddr(), "logout", doNull);
                    }
                    clearCookie(ToolsUtil.BLANK, httpServletRequest, httpServletResponse, "/");
                    OsCacheManager.getInstance().removeLoginUser(tokenId);
                }
            }
        }
        String str = ToolsUtil.BLANK;
        if (!z) {
            String localByKey = ToolsUtil.getInstance().getLocalByKey("config.properties", "custom_login");
            str = StrUtil.isNull(localByKey) ? getLonginUrl(httpServletRequest, httpServletResponse, tokenId) + "&reqSysCode=" + this.sysCode : localByKey.startsWith("http") ? localByKey : StrUtil.doNull(httpServletRequest.getHeader("real-server-name"), ToolsUtil.BLANK) + httpServletRequest.getContextPath() + "/" + localByKey;
        }
        if (httpServletRequest.getRequestURI().equals(contextPath + "/logout")) {
            doLogout(httpServletRequest, httpServletResponse, filterChain, tokenId, str);
            return;
        }
        if (httpServletRequest.getRequestURI().equals(contextPath + "/cset")) {
            setCookie(httpServletRequest, httpServletResponse);
            return;
        }
        this.log.info("sysEname->" + this.sysEname + ",uri=" + requestURI + " -> tokenMark = " + z);
        if (z) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        if (!StrUtil.isNull(tokenId)) {
            clearCookie(tokenId, httpServletRequest, httpServletResponse, "/");
        }
        if (whitePathFiter(requestURI, httpServletRequest)) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        if (z || !StrUtil.isNotNull(httpServletRequest.getHeader("source_web"))) {
            httpServletResponse.sendRedirect(str);
            return;
        }
        PrintWriter writer = httpServletResponse.getWriter();
        JSONObject jSONObject = new JSONObject();
        jSONObject.put("longinFlag", "F");
        jSONObject.put("msg", "当前请求地址需要登录后访问,请你登录后操作!");
        httpServletResponse.setContentType("text/html;charset=UTF-8");
        httpServletResponse.setHeader("Access-Control-Allow-Origin", "*");
        httpServletResponse.setHeader("Access-Control-Allow-Methods", "POST,GET");
        httpServletResponse.setHeader("Access-Control-Allow-Credentials", "true");
        writer.print(jSONObject.toString());
        writer.flush();
        writer.close();
    }

    protected boolean whitePathFiter(String str, HttpServletRequest httpServletRequest) {
        String servletPath = httpServletRequest.getServletPath();
        XmlWhiteUtils.getInstance().deWhiteXml(this.whiteMap, this.sysCode);
        if (StrUtil.isNotNull("/error.action,/errorPage,/api,")) {
            for (String str2 : "/error.action,/errorPage,/api,".split(",")) {
                if (StrUtil.isNotNull(str2) && servletPath.startsWith(str2)) {
                    return true;
                }
            }
        }
        ArrayList<String> arrayList = this.whiteMap.get("whiteUrl");
        ArrayList<String> arrayList2 = this.whiteMap.get("whiteParadigm");
        String substring = str.substring(httpServletRequest.getContextPath().length());
        if (arrayList.contains(substring)) {
            return true;
        }
        int size = arrayList2.size();
        if (substring.length() <= 1) {
            return false;
        }
        for (int i = 0; i < size; i++) {
            if (arrayList2.get(i).contains("*")) {
                if (substring.indexOf(arrayList2.get(i).replace("*", ToolsUtil.BLANK)) == 0) {
                    return true;
                }
            } else if (!ToolsUtil.BLANK.equals(arrayList2.get(i)) && substring.indexOf(arrayList2.get(i)) == 0) {
                return true;
            }
        }
        return false;
    }

    protected void doLogout(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain, String str, String str2) {
        try {
            if (StrUtil.isNull(str)) {
                clearCookie(ToolsUtil.BLANK, httpServletRequest, httpServletResponse, "/");
                httpServletResponse.sendRedirect(str2);
                return;
            }
            long currentTimeMillis = System.currentTimeMillis();
            String currCookie = PassportHelper.getInstance().getCurrCookie(httpServletRequest, "_uc.sso");
            if (StrUtil.isNull(currCookie)) {
                currCookie = (String) httpServletRequest.getSession().getAttribute("message");
            }
            if ("true".equals(checkToken(str, httpServletRequest.getLocalAddr(), "logout", currCookie).getResult())) {
                clearCookie(str, httpServletRequest, httpServletResponse, "/");
                this.log.warn("logout : userEname=" + currCookie + ";" + (System.currentTimeMillis() - currentTimeMillis));
            } else {
                this.log.warn("与统一登录系统通讯失败,操作[证书认证]失败");
            }
            if (str.indexOf("uni_") == -1) {
                httpServletResponse.sendRedirect(str2);
            } else {
                httpServletResponse.sendRedirect(getLonginUrl(httpServletRequest, httpServletResponse, ToolsUtil.BLANK));
            }
        } catch (Exception e) {
            this.log.error(e.getMessage());
        }
    }

    protected void clearCookie(String str, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str2) {
        Cookie[] cookies = httpServletRequest.getCookies();
        if (null != cookies) {
            try {
                if (cookies.length > 0) {
                    for (Cookie cookie : cookies) {
                        Cookie cookie2 = new Cookie(cookie.getName(), (String) null);
                        cookie2.setMaxAge(0);
                        cookie2.setPath("/");
                        cookie2.setPath(str2);
                        httpServletResponse.addCookie(cookie2);
                    }
                }
            } catch (Exception e) {
                this.log.error("清空Cookies发生异常!" + e.getMessage());
            }
        }
        if ("0".equals(this.isClearSession)) {
            return;
        }
        Enumeration attributeNames = httpServletRequest.getSession().getAttributeNames();
        while (attributeNames.hasMoreElements()) {
            httpServletRequest.getSession().removeAttribute(attributeNames.nextElement().toString());
        }
        httpServletRequest.getSession().invalidate();
    }
}
