package com.apache.client.common;

import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson.JSONObject;
import com.apache.api.api.IAuthentication;
import com.apache.api.vo.AouthSecurity;
import com.apache.api.vo.ResultMsg;
import com.apache.api.vo.Token;
import com.apache.database.constant.SpringContextLoader;
import com.apache.exception.BusinessException;
import com.apache.license.validator.LicenseValidate;
import com.apache.passport.common.PassportHelper;
import com.apache.tools.ConfigUtil;
import com.apache.tools.MD5Utils;
import com.apache.tools.RequestTools;
import com.apache.tools.StrUtil;
import com.apache.uct.common.LoginUser;
import com.apache.uct.common.PBOSSOTools;
import com.apache.uct.common.ToolsUtil;
import java.io.IOException;
import java.io.PrintWriter;
import java.lang.reflect.Method;
import java.util.Arrays;
import java.util.UUID;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;

/* loaded from: input_file:com/apache/client/common/TokenInterceptor.class */
public class TokenInterceptor extends HandlerInterceptorAdapter {
    private Logger logger = LoggerFactory.getLogger("TokenInterceptor");
    private String sysCode;

    public TokenInterceptor(String str) {
        this.sysCode = str;
    }

    public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object obj) throws Exception {
        if (!(obj instanceof HandlerMethod)) {
            return super.preHandle(httpServletRequest, httpServletResponse, obj);
        }
        if (!doCheckInfo(httpServletRequest, httpServletResponse)) {
            httpServletResponse.setStatus(500);
            return false;
        }
        String ip = RequestTools.getIp(httpServletRequest);
        Method method = ((HandlerMethod) obj).getMethod();
        AouthSecurity annotation = method.getAnnotation(AouthSecurity.class);
        if (annotation != null) {
            String servletPath = httpServletRequest.getServletPath();
            String tokenId = PassportHelper.getInstance().getTokenId(httpServletRequest);
            LoginUser loginUser = PBOSSOTools.getLoginUser(tokenId);
            if (annotation.token() && ((StrUtil.isNull(tokenId) || loginUser == null) && !"/sso".equals(httpServletRequest.getContextPath()))) {
                this.logger.warn("当前请求地址(" + servletPath + ")需要登录后访问,当前用户未登录!");
                toErrorPage(httpServletRequest, httpServletResponse, "当前请求地址需要登录后访问,请你登录后操作!");
                return false;
            }
            if (StrUtil.isNotNull(tokenId) && !"/sso".equals(httpServletRequest.getContextPath()) && loginUser != null) {
                String doNull = StrUtil.doNull(ConfigUtil.getInstance().findValueByKey("ius_developer_user"), "admin");
                this.logger.info("reqIp==>{};tokenId ={}; userEname ={}", new Object[]{ip, tokenId, loginUser.getUserEname()});
                if (!Arrays.asList(doNull.split(",")).contains(loginUser.getUserEname()) && !checkLoginUserAct(httpServletRequest, loginUser.getUserId() + loginUser.getUserEname())) {
                    httpServletResponse.setStatus(403);
                    toErrorPage(httpServletRequest, httpServletResponse, "身份验证失败");
                    return false;
                }
            }
            if (annotation.security()) {
                boolean z = false;
                if (StrUtil.isNotNull(annotation.user()) && !StrUtil.isEmpty(loginUser) && !Arrays.asList(annotation.user().split(",")).contains(((JSONObject) JSON.toJSON(loginUser)).getString("userEname"))) {
                    httpServletResponse.setStatus(403);
                    toErrorPage(httpServletRequest, httpServletResponse, "您没有当前请求地址访问权限,授权后再进行操作!");
                    return false;
                }
                if (0 == 0 && !StrUtil.isEmpty(loginUser)) {
                    IAuthentication iAuthentication = (IAuthentication) SpringContextLoader.getBean("myAuthentication");
                    if (iAuthentication == null) {
                        iAuthentication = new DefaultIAuthentication();
                    }
                    httpServletRequest.setAttribute("sys-ename-code", this.sysCode);
                    z = iAuthentication.aouthSecurity(loginUser, httpServletRequest, httpServletResponse, annotation.role(), annotation.userType());
                }
                if (!z) {
                    this.logger.warn("当前请求地址(" + servletPath + ")访问权限验证不能过!");
                    toErrorPage(httpServletRequest, httpServletResponse, "您没有当前请求地址访问权限,授权后再进行操作!");
                    return false;
                }
            }
        }
        Token annotation2 = method.getAnnotation(Token.class);
        if (annotation2 == null) {
            return true;
        }
        if (annotation2.save()) {
            HttpSession session = httpServletRequest.getSession(true);
            String uuid = UUID.randomUUID().toString();
            if (null != session) {
                session.setAttribute("formToken", uuid);
            }
        }
        if (!annotation2.remove()) {
            return true;
        }
        if (isRepeatSubmit(httpServletRequest)) {
            httpServletResponse.setStatus(302);
            return false;
        }
        httpServletRequest.getSession(false).removeAttribute("formToken");
        return true;
    }

    private void toErrorPage(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) throws ServletException, IOException {
        if (!StrUtil.isNotNull(httpServletRequest.getHeader("source_web"))) {
            if ("XMLHttpRequest".equals(httpServletRequest.getHeader("X-Requested-With"))) {
                httpServletResponse.setContentType("text/html;charset=utf-8");
                try {
                    PrintWriter writer = httpServletResponse.getWriter();
                    JSONObject jSONObject = new JSONObject();
                    jSONObject.put("flag", "F");
                    jSONObject.put("msg", str);
                    writer.write(jSONObject.toJSONString());
                    writer.flush();
                    writer.close();
                } catch (IOException e) {
                }
            }
            httpServletResponse.sendRedirect((StrUtil.doNull(httpServletRequest.getHeader("real-server-name"), httpServletRequest.getScheme() + "://" + httpServletRequest.getServerName() + ":" + httpServletRequest.getServerPort()) + httpServletRequest.getContextPath()) + "/errorPage?Errorcode=invalid-00000003");
            return;
        }
        PrintWriter writer2 = httpServletResponse.getWriter();
        JSONObject jSONObject2 = new JSONObject();
        if ("身份验证失败".equals(str)) {
            jSONObject2.put("flag", "F");
        } else {
            jSONObject2.put("longinFlag", str.indexOf("登录") > -1 ? "F" : "T");
        }
        jSONObject2.put("msg", str);
        httpServletResponse.setContentType("text/html;charset=UTF-8");
        httpServletResponse.setHeader("Access-Control-Allow-Origin", "*");
        httpServletResponse.setHeader("Access-Control-Allow-Methods", "POST,GET");
        httpServletResponse.setHeader("Access-Control-Allow-Credentials", "true");
        writer2.print(jSONObject2.toString());
        writer2.flush();
        writer2.close();
    }

    private boolean isRepeatSubmit(HttpServletRequest httpServletRequest) {
        String doNull = StrUtil.doNull(String.valueOf(httpServletRequest.getSession(false).getAttribute("formToken")), ToolsUtil.BLANK);
        String parameter = httpServletRequest.getParameter("formToken");
        if (!StrUtil.isNotNull(parameter)) {
            return false;
        }
        if (StrUtil.isNull(doNull) || !doNull.equals(parameter)) {
            return true;
        }
        httpServletRequest.setAttribute("formToken", doNull);
        return false;
    }

    private boolean doCheckInfo(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws BusinessException {
        String requestURI = httpServletRequest.getRequestURI();
        String str = StrUtil.doNull(httpServletRequest.getHeader("real-server-name"), httpServletRequest.getScheme() + "://" + httpServletRequest.getServerName() + ":" + httpServletRequest.getServerPort()) + httpServletRequest.getContextPath();
        try {
            String isformal = LicenseValidate.getInstance().getMsg().getIsformal();
            if ("0".equals(isformal) || "9".equals(isformal)) {
                return true;
            }
            long isTimeByDay = LicenseValidate.getInstance().isTimeByDay(7);
            if (isTimeByDay == -1) {
                httpServletResponse.sendRedirect(str + "/errorPage?Errorcode=invalid-00000001");
                return false;
            }
            if (isTimeByDay <= 7) {
                warnLicenseInfo(httpServletRequest, httpServletResponse, isTimeByDay);
            }
            if (!LicenseValidate.getInstance().isFormal() || requestURI.indexOf("errorPage") != -1 || LicenseValidate.getInstance().isEffective()) {
                return true;
            }
            if (!("XMLHttpRequest".equals(httpServletRequest.getHeader("X-Requested-With")))) {
                httpServletResponse.sendRedirect(str + "/errorPage?Errorcode=invalid-00000002");
                return false;
            }
            JSONObject jSONObject = (JSONObject) JSON.toJSON(new ResultMsg("F", "产品授权已过期"));
            httpServletResponse.setContentType("text/html;charset=utf-8");
            PrintWriter writer = httpServletResponse.getWriter();
            writer.write(jSONObject.toString());
            writer.flush();
            writer.close();
            return false;
        } catch (Exception e) {
            try {
                if (requestURI.indexOf("error") != -1 || requestURI.indexOf("invalid.jsp") != -1) {
                    return true;
                }
                httpServletResponse.sendRedirect(str + "/errorPage");
                return false;
            } catch (IOException e2) {
                return false;
            }
        }
    }

    protected void warnLicenseInfo(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, long j) {
        httpServletRequest.getSession().setAttribute("licenseTodata", Long.valueOf(j));
    }

    private boolean checkLoginUserAct(HttpServletRequest httpServletRequest, String str) {
        long currentTimeMillis = System.currentTimeMillis() / 1000;
        if (!"T".equals(StrUtil.doNull(ConfigUtil.getInstance().getLocalByKey("config.properties", "token_security_enable"), "T"))) {
            return true;
        }
        String header = httpServletRequest.getHeader("user-sign");
        String header2 = httpServletRequest.getHeader("user-appid");
        String doNull = StrUtil.doNull(httpServletRequest.getHeader("user-timestamp"), ToolsUtil.BLANK);
        String doNull2 = StrUtil.doNull(ConfigUtil.getInstance().getValueByKey("api-sign.properties", header2), ToolsUtil.BLANK);
        if (StrUtil.isNull(doNull2) || StrUtil.isNull(header) || StrUtil.isNull(doNull)) {
            this.logger.error("请求参数签名验证失败,签名参数缺失->{},{},{},{}", new Object[]{str, header, doNull2, doNull});
            return false;
        }
        long abs = Math.abs(currentTimeMillis - (Long.parseLong(doNull) / 1000));
        long parseLong = Long.parseLong(StrUtil.doNull(ConfigUtil.getInstance().getLocalByKey("config.properties", "api_sign_timestamp"), "300"));
        if (abs > parseLong) {
            this.logger.error("请求参数签名验证失败,时间验证失效->{},{},已超过{}s", new Object[]{str, Long.valueOf(abs), Long.valueOf(parseLong)});
            return false;
        }
        String MD5 = MD5Utils.MD5(str + doNull + doNull2);
        if (MD5.equals(header)) {
            return true;
        }
        this.logger.error("请求参数签名验证失败,签名验证失效->{},[{}!={}]", new Object[]{doNull, header, MD5});
        return false;
    }
}
