package com.apache.portal.filter;

import com.apache.api.vo.ResultMsg;
import com.apache.client.IBaseReplaceCard;
import com.apache.client.UctCoreClient;
import com.apache.passport.common.PassportHelper;
import com.apache.passport.common.XmlWhiteUtils;
import com.apache.portal.common.oscache.OsCacheManager;
import com.apache.portal.common.util.PortalPubFactory;
import com.apache.portal.common.util.PortalUtil;
import com.apache.tools.ConfigUtil;
import com.apache.tools.RequestTools;
import com.apache.tools.StrUtil;
import com.apache.uct.common.LoginUser;
import com.apache.uct.common.PBOSSOTools;
import com.apache.uct.common.ToolsUtil;
import java.io.IOException;
import java.io.PrintWriter;
import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import net.sf.json.JSONObject;
import org.apache.log4j.Logger;

/* loaded from: input_file:com/apache/portal/filter/AopFilterAie.class */
public class AopFilterAie extends PortalPubSuperFilter {
    private Logger logger = Logger.getLogger(getClass());

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        httpServletResponse.setDateHeader("expires", 0L);
        httpServletResponse.setHeader("Cache-Control", "no-cache");
        httpServletResponse.setHeader("pragma", "no-cache");
        httpServletRequest.setCharacterEncoding("UTF-8");
        httpServletRequest.getSession().setAttribute("outUrl", httpServletRequest.getScheme() + "://" + httpServletRequest.getServerName() + ":" + httpServletRequest.getServerPort() + httpServletRequest.getContextPath() + "/");
        String requestURI = httpServletRequest.getRequestURI();
        String parseUrlSuffix = PassportHelper.getInstance().parseUrlSuffix(requestURI);
        if (StrUtil.isNotNull(parseUrlSuffix) && "js,css,png,jpg,gif,bmp,swf,fla,ico".contains(parseUrlSuffix.toLowerCase())) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        boolean checkSecurity = checkSecurity(httpServletRequest);
        if (checkSecurity) {
            log.error("拦截安全攻击：" + checkSecurity);
            sendErrorPage(httpServletRequest, httpServletResponse);
            return;
        }
        String currCookie = PassportHelper.getInstance().getCurrCookie(httpServletRequest);
        String doNull = StrUtil.doNull(String.valueOf(this.oscache.get(httpServletRequest.getSession().getId())), currCookie);
        String contextPath = httpServletRequest.getContextPath();
        boolean JudgeIsMoblie = PortalPubFactory.getInstance().JudgeIsMoblie(httpServletRequest);
        if (requestURI.indexOf("login") > -1) {
            log.info("请求来源 [移动端] - [" + httpServletRequest.getHeader("User-agent") + "]");
        }
        boolean z = false;
        String parameter = servletRequest.getParameter("userAgent");
        if ("wx".equals(parameter)) {
            z = true;
        } else {
            if (ConfigUtil.getInstance().checkFileUpdate("")) {
                initValue();
            }
            if (StrUtil.isNotNull(doNull) && !requestURI.equals(contextPath + "/logout") && !requestURI.equals(contextPath + "/cset")) {
                z = auditTokenAndSso(doNull, currCookie, httpServletRequest, httpServletResponse);
            }
        }
        LoginUser loginUser = PortalUtil.getInstance().getLoginUser(httpServletRequest);
        if (JudgeIsMoblie) {
            if (z) {
                if (ToolsUtil.isEmpty(loginUser)) {
                    loginUser = "wx".equals(parameter) ? PortalUtil.getInstance().getUserForWx(doNull) : PBOSSOTools.getLoginUserFromUserCenterSso(doNull);
                }
                if (!ToolsUtil.isEmpty(loginUser)) {
                    OsCacheManager.getInstance().putLoginUser(doNull, loginUser);
                }
                filterChain.doFilter(httpServletRequest, httpServletResponse);
                return;
            }
            clearCookie(httpServletRequest, httpServletResponse, "/");
            if (StrUtil.isNotNull(doNull)) {
                JSONObject fromObject = JSONObject.fromObject(new ResultMsg("F", "登录tokenId已失效"));
                if (StrUtil.isNotNull(fromObject.toString())) {
                    servletResponse.setContentType("text/html;charset=UTF-8");
                    PrintWriter writer = servletResponse.getWriter();
                    writer.print(fromObject);
                    writer.flush();
                    writer.close();
                    return;
                }
                return;
            }
        } else {
            if (StrUtil.isNull(doNull) && StrUtil.isNotNull(doNull)) {
                httpServletResponse.sendRedirect(doSsoFilter(httpServletRequest, httpServletResponse, doNull, doNull));
                return;
            }
            if (z) {
                loginUser = doUctFilter(httpServletRequest, httpServletResponse, doNull);
                if (!httpServletRequest.getRequestURI().equals(contextPath + "/logout") && !httpServletRequest.getRequestURI().equals(contextPath + "/cset") && !ToolsUtil.isEmpty(loginUser)) {
                    if ("T".equals(ToolsUtil.getInstance().getValueByKey("local_user"))) {
                        String valueByKey = ToolsUtil.getInstance().getValueByKey("reflect_path");
                        try {
                            if (StrUtil.isNotNull(valueByKey) && !((IBaseReplaceCard) Class.forName(valueByKey).newInstance()).replaceCard(loginUser, httpServletRequest, httpServletResponse)) {
                                httpServletResponse.sendRedirect(httpServletRequest.getContextPath() + "/");
                                return;
                            }
                        } catch (Exception e) {
                            this.logger.error(e);
                        }
                    }
                    String str = (String) UctCoreClient.getConf_Map().get("noright_url");
                    if (ToolsUtil.isNotNull(str)) {
                        for (String str2 : str.split(",")) {
                            if (ToolsUtil.isNotNull(str2) && contextPath.startsWith(str2)) {
                                filterChain.doFilter(httpServletRequest, httpServletResponse);
                                return;
                            }
                        }
                    }
                    filterChain.doFilter(httpServletRequest, httpServletResponse);
                    return;
                }
            }
        }
        String doSsoFilter = doSsoFilter(httpServletRequest, httpServletResponse, doNull, "");
        if (httpServletRequest.getRequestURI().equals(contextPath + "/logout")) {
            doLogout(httpServletRequest, httpServletResponse, filterChain, doNull, doSsoFilter);
            return;
        }
        if (httpServletRequest.getRequestURI().equals(contextPath + "/cset")) {
            setCookie(httpServletRequest, httpServletResponse);
            return;
        }
        if (z) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        if (!StrUtil.isNull(doNull) || null != loginUser) {
            clearCookie(httpServletRequest, httpServletResponse, "/");
        }
        if (whitePathFiter(requestURI, httpServletRequest)) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
        } else {
            httpServletResponse.sendRedirect(httpServletRequest.getContextPath() + StrUtil.doNull(this.customLogin, "/"));
        }
    }

    private LoginUser doUctFilter(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) {
        LoginUser loginUser = (LoginUser) httpServletRequest.getSession().getAttribute(this.sessionKey);
        if (ToolsUtil.isNull(str)) {
            clearCookie(httpServletRequest, httpServletResponse, "/");
        } else if (null == loginUser) {
            loginUser = OsCacheManager.getInstance().getLoginUser(str);
            if (null == loginUser) {
                if (ToolsUtil.isNull(PassportHelper.getInstance().getCurrCookie(httpServletRequest, "_uc.sso"))) {
                    return null;
                }
                loginUser = UctCoreClient.getLoginUserFromUserCenterSso("", str);
            }
            if (!ToolsUtil.isEmpty(loginUser)) {
                httpServletRequest.getSession().setAttribute("cookieToken", str);
            }
        }
        if (!ToolsUtil.isEmpty(loginUser)) {
            httpServletRequest.getSession().setAttribute(this.sessionKey, loginUser);
            if (ToolsUtil.isEmpty(httpServletRequest.getSession().getAttribute("loginUserRoles"))) {
                List rolesForLoginUser = PBOSSOTools.getRolesForLoginUser(httpServletRequest);
                if (!ToolsUtil.isEmpty(rolesForLoginUser)) {
                    httpServletRequest.getSession().setAttribute("loginUserRoles", rolesForLoginUser);
                }
            }
        }
        return loginUser;
    }

    private String doSsoFilter(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, String str2) throws UnsupportedEncodingException {
        String servletPath = httpServletRequest.getServletPath();
        String parameter = httpServletRequest.getParameter("go");
        String str3 = httpServletRequest.getScheme() + "://" + httpServletRequest.getServerName() + ":" + httpServletRequest.getServerPort() + servletPath;
        if (parameter == null) {
            parameter = httpServletRequest.getRequestURL().toString();
        }
        String str4 = "";
        if ("T".equals(ToolsUtil.getInstance().getValueByKey("is_url_params"))) {
            String reqParams = PassportHelper.getInstance().getReqParams(httpServletRequest, "go");
            str4 = PassportHelper.getInstance().isNov(reqParams, reqParams, "?" + reqParams);
        }
        ArrayList arrayList = new ArrayList();
        if (StrUtil.isNull(str) && StrUtil.isNotNull(str2)) {
            StringBuffer stringBuffer = new StringBuffer();
            arrayList.add(this.login_url);
            arrayList.add(str2);
            arrayList.add(parameter + str4);
            arrayList.add("apache");
            arrayList.add(str3);
            Collections.sort(arrayList);
            String SHA1 = PassportHelper.getInstance().SHA1(arrayList);
            log.info("login_url=" + this.login_url + "====pkt=" + str2);
            if ("T".equals(this.login_pass)) {
                stringBuffer.append(this.login_url);
                stringBuffer.append("?");
                stringBuffer.append("ptlang=" + SHA1);
                stringBuffer.append("&");
                stringBuffer.append("tokenId=" + str2);
                stringBuffer.append("&");
                stringBuffer.append("go=" + parameter + str4);
                stringBuffer.append("&");
                stringBuffer.append("cset=" + str3);
            } else {
                stringBuffer.append(this.login_url);
            }
            httpServletRequest.removeAttribute("tokenId");
            return stringBuffer.toString();
        }
        String str5 = str3 + "/cset";
        arrayList.add(this.login_url);
        arrayList.add(this.sysEname);
        arrayList.add(str5);
        if (httpServletRequest.getRequestURI().equals(servletPath + "/logout")) {
            arrayList.add(parameter);
        } else {
            arrayList.add(parameter + str4);
        }
        arrayList.add("apache");
        Collections.sort(arrayList);
        String SHA12 = PassportHelper.getInstance().SHA1(arrayList);
        StringBuffer stringBuffer2 = new StringBuffer();
        if ("T".equals(this.login_pass)) {
            stringBuffer2.append(this.login_url);
            stringBuffer2.append("?");
            stringBuffer2.append("_client=" + SHA12);
            stringBuffer2.append("&");
            stringBuffer2.append("sys=" + this.sysEname);
            stringBuffer2.append("&");
            stringBuffer2.append("cset=" + URLEncoder.encode(str5, "UTF-8"));
            stringBuffer2.append("&");
            stringBuffer2.append("go=" + URLEncoder.encode(parameter, "UTF-8") + str4);
        } else {
            stringBuffer2.append(this.login_url);
        }
        return stringBuffer2.toString();
    }

    private boolean auditTokenAndSso(String str, String str2, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        if (!StrUtil.isNotNull(str)) {
            return false;
        }
        String str3 = str.split("\\|")[0];
        String str4 = "checkToken_" + str3;
        if (StrUtil.isNotNull(String.valueOf(this.oscache.get(str4))) && StrUtil.isNotNull(str2)) {
            return true;
        }
        try {
            JSONObject ssoSend = ssoSend(str3, RequestTools.getIp(httpServletRequest), "checkToken", "");
            if (!ssoSend.getBoolean("result")) {
                return false;
            }
            String string = ssoSend.getString("entity");
            String string2 = ssoSend.getString("message");
            if (!str3.equalsIgnoreCase(string)) {
                return false;
            }
            Cookie cookie = new Cookie(this.cookieName, str3);
            cookie.setPath("/");
            cookie.setMaxAge(-1);
            Cookie cookie2 = new Cookie("_uc.sso", string2);
            cookie2.setPath("/");
            cookie2.setMaxAge(-1);
            httpServletResponse.addCookie(cookie);
            httpServletResponse.addCookie(cookie2);
            this.oscache.put(str4, string);
            return true;
        } catch (Exception e) {
            log.error(e.getMessage());
            return false;
        }
    }

    private boolean whitePathFiter(String str, HttpServletRequest httpServletRequest) {
        String servletPath = httpServletRequest.getServletPath();
        if (servletPath.indexOf("sendPage.action") != -1 || servletPath.indexOf("/admin/") != -1) {
            return false;
        }
        XmlWhiteUtils.getInstance().deWhiteXml(this.whiteMap, this.sysCode);
        if (StrUtil.isNotNull("/error.action,/errorPage,")) {
            for (String str2 : "/error.action,/errorPage,".split(",")) {
                if (StrUtil.isNotNull(str2) && servletPath.startsWith(str2)) {
                    return true;
                }
            }
        }
        ArrayList arrayList = (ArrayList) this.whiteMap.get("whiteUrl");
        ArrayList arrayList2 = (ArrayList) this.whiteMap.get("whiteParadigm");
        String substring = str.substring(httpServletRequest.getContextPath().length());
        if (arrayList.contains(substring)) {
            return true;
        }
        int size = arrayList2.size();
        if (substring.length() <= 1) {
            return false;
        }
        for (int i = 0; i < size; i++) {
            if (((String) arrayList2.get(i)).contains("*")) {
                if (substring.indexOf(((String) arrayList2.get(i)).replace("*", "")) == 0) {
                    return true;
                }
            } else if (!"".equals(arrayList2.get(i)) && substring.indexOf((String) arrayList2.get(i)) == 0) {
                return true;
            }
        }
        return false;
    }

    private void doLogout(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain, String str, String str2) {
        try {
            String doNull = StrUtil.doNull(httpServletRequest.getParameter("go"), StrUtil.doNull(this.customLogin, "/login.jsp"));
            if (StrUtil.isNull(str)) {
                clearCookie(httpServletRequest, httpServletResponse, "/");
                httpServletResponse.sendRedirect(httpServletRequest.getContextPath() + doNull);
                return;
            }
            long currentTimeMillis = System.currentTimeMillis();
            String currCookie = PassportHelper.getInstance().getCurrCookie(httpServletRequest, "_uc.sso");
            if (StrUtil.isNull(currCookie)) {
                currCookie = (String) httpServletRequest.getSession().getAttribute("message");
            }
            if (ssoSend(str, RequestTools.getIp(httpServletRequest), "checkToken", currCookie).getBoolean("result")) {
                clearCookie(httpServletRequest, httpServletResponse, "/");
                this.logger.warn("logout : userEname=" + currCookie + ";" + (System.currentTimeMillis() - currentTimeMillis));
            } else {
                log.info("passport msg:[{}]", "与统一登录系统通讯失败,操作[证书认证]失败");
            }
            httpServletResponse.sendRedirect(httpServletRequest.getContextPath() + doNull);
        } catch (Exception e) {
            log.error(e.getMessage());
        }
    }

    private void setCookie(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        String parameter = httpServletRequest.getParameter("ticket");
        String parameter2 = httpServletRequest.getParameter("ucsso");
        String parameter3 = httpServletRequest.getParameter("go");
        Cookie cookie = new Cookie(this.cookieName, parameter);
        cookie.setPath("/");
        cookie.setMaxAge(-1);
        Cookie cookie2 = new Cookie("_uc.sso", parameter2);
        cookie2.setPath("/");
        cookie2.setMaxAge(-1);
        try {
            httpServletResponse.addCookie(cookie);
            httpServletResponse.addCookie(cookie2);
            if (StrUtil.isNotNull(parameter3)) {
                String replaceAll = parameter3.replaceAll("\\|", "&");
                httpServletResponse.sendRedirect(replaceAll.indexOf("?tokenId=") != -1 ? replaceAll.replaceAll("tokenId=" + parameter + "&", "") : replaceAll.replaceAll("&tokenId=" + parameter, ""));
            }
        } catch (IOException e) {
            log.warn(e.getMessage());
        }
    }
}
