package com.apache.uct.common.filter;

import com.apache.api.manager.ProxyManager;
import com.apache.api.vo.ParamsVo;
import com.apache.database.constant.SpringContextLoader;
import com.apache.database.constant.SystemTools;
import com.apache.oscache.OsCacheManager;
import com.apache.passport.common.DesUtils;
import com.apache.passport.common.PassportHelper;
import com.apache.passport.common.XmlWhiteUtils;
import com.apache.passport.entity.Token;
import com.apache.tools.ConfigUtil;
import com.apache.tools.StrUtil;
import com.apache.uct.common.LoginUser;
import com.apache.uct.common.ToolsUtil;
import com.apache.uct.common.entity.Act;
import com.apache.uct.common.entity.Role;
import com.apache.uct.service.plugins.ActCacheHelper;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/apache/uct/common/filter/SsoServerFilter.class */
public class SsoServerFilter implements Filter {
    private static final String SUFFIX = "js,css,png,jpg,gif,bmp,swf,fla,ico";
    private ProxyManager uctProxyManager;
    private Logger log = LoggerFactory.getLogger(SsoServerFilter.class);
    private String COOKIENAME = "";
    private String login_url = "";
    private String white_url = "";
    private String jumpUrl = "";
    private String rpc_service_url = "";
    private Map<String, String> unLockMap = new HashMap();
    private Map<String, ArrayList<String>> whiteMap = new HashMap();
    private String errorPage = "";
    private List<String> whiteJK = new ArrayList<String>() { // from class: com.apache.uct.common.filter.SsoServerFilter.1
        {
            add("/health");
            add("/info");
            add("/auditevents");
            add("/metrics");
            add("/logfile");
            add("/loggers");
            add("/jolokia");
            add("/flyway");
            add("/liquibase");
            add("/dump");
            add("/heapdump");
            add("/auditevents");
            add("/env");
            add("/turbine");
            add("/trace");
            add("/hystrix");
            add("/api");
            add("/refresh");
        }
    };

    public void init(FilterConfig filterConfig) throws ServletException {
        this.unLockMap.put("/common/image.jsp", "");
        this.unLockMap.put("/uct/service/", "");
        this.unLockMap.put("/passport/outside", "");
        this.unLockMap.put("/login.jsp", "");
        this.unLockMap.put("/mobile/service", "");
        this.unLockMap.put("/error.action", "");
        this.errorPage = StrUtil.doNull(filterConfig.getInitParameter("errorPage"), "/");
        initValue();
        this.uctProxyManager = (ProxyManager) SpringContextLoader.getBean("uctProxyManager");
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        httpServletResponse.setCharacterEncoding("UTF-8");
        httpServletResponse.setDateHeader("expires", 0L);
        httpServletResponse.setHeader("Cache-Control", "no-cache");
        httpServletResponse.setHeader("pragma", "no-cache");
        httpServletRequest.setCharacterEncoding("UTF-8");
        String parameter = servletRequest.getParameter("sys");
        String parameter2 = servletRequest.getParameter("cset");
        String parameter3 = servletRequest.getParameter("go");
        String parameter4 = servletRequest.getParameter("_client");
        String parameter5 = servletRequest.getParameter("ptlang");
        String requestURI = httpServletRequest.getRequestURI();
        String servletPath = httpServletRequest.getServletPath();
        String lowerCase = PassportHelper.getInstance().parseUrlSuffix(requestURI).toLowerCase();
        if (StrUtil.isNotNull(lowerCase) && SUFFIX.contains(lowerCase)) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        if (jkWhite(httpServletRequest.getServletPath())) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        String tokenId = PassportHelper.getInstance().getTokenId(httpServletRequest);
        String currCookie = PassportHelper.getInstance().getCurrCookie(httpServletRequest, "_uc.sso");
        if (ConfigUtil.getInstance().checkFileUpdate("")) {
            initValue();
        }
        String parameter6 = httpServletRequest.getParameter("tokenId");
        if (!StrUtil.isNull(parameter6)) {
            outwardSys(parameter3, parameter6, parameter2, parameter5, httpServletRequest, httpServletResponse);
            return;
        }
        Token token = (Token) SystemTools.getInstance().getCache("loginToken").getCacheCloneByKey(tokenId);
        if (ToolsUtil.isEmpty(token)) {
            if (actPathGoto(httpServletRequest)) {
                filterChain.doFilter(servletRequest, servletResponse);
                return;
            } else {
                httpServletResponse.sendRedirect(this.login_url);
                return;
            }
        }
        if (!ToolsUtil.isNull(parameter) && !ToolsUtil.isNull(parameter2) && !ToolsUtil.isNull(parameter3) && !ToolsUtil.isNull(parameter4)) {
            httpServletRequest.setAttribute("tokenId", token.getTokenId());
            httpServletResponse.sendRedirect(parameter2 + "?ticket=" + token.getTokenId() + "&go=" + parameter3 + "&ucsso=" + currCookie);
            return;
        }
        LoginUser initLoginUser = initLoginUser(httpServletRequest, httpServletResponse, tokenId, token.getUserEname());
        if (actPathGoto(httpServletRequest)) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        String valueByKey = ToolsUtil.getInstance().getValueByKey("unity_noright_url");
        if (ToolsUtil.isNotNull(valueByKey)) {
            for (String str : valueByKey.split(",")) {
                if (ToolsUtil.isNotNull(str) && servletPath.startsWith(str)) {
                    filterChain.doFilter(servletRequest, servletResponse);
                    return;
                }
            }
        }
        String contextPath = httpServletRequest.getContextPath();
        if (!"1".equals(SystemTools.getInstance().getValue("usage_patterns")) || canAccess(initLoginUser, servletPath)) {
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        httpServletRequest.getSession().setAttribute("errorMsg", "对不起,您没有访问权限!!");
        httpServletResponse.sendRedirect(contextPath + this.errorPage);
        this.log.error("没有操作权限");
    }

    private boolean actPathGoto(HttpServletRequest httpServletRequest) {
        String servletPath = httpServletRequest.getServletPath();
        Iterator<String> it = this.unLockMap.keySet().iterator();
        while (it.hasNext()) {
            if (servletPath.indexOf(it.next()) > -1) {
                return true;
            }
        }
        return this.white_url.contains(servletPath) || unlockPath(servletPath);
    }

    private void outwardSys(String str, String str2, String str3, String str4, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, ServletException {
        Token token = (Token) SystemTools.getInstance().getCache("loginToken").getCacheCloneByKey(str2);
        if (ToolsUtil.isEmpty(token)) {
            httpServletResponse.sendRedirect(ToolsUtil.isNull(str) ? this.login_url : str);
            return;
        }
        String decrypt = DesUtils.getInstance().decrypt(token.getUserEname());
        if (ToolsUtil.isNull(str2) || ToolsUtil.isNull(str)) {
            Cookie cookie = new Cookie(this.COOKIENAME, str2);
            cookie.setPath("/");
            cookie.setMaxAge(-1);
            httpServletResponse.addCookie(cookie);
            Cookie cookie2 = new Cookie("_uc.sso", decrypt);
            cookie2.setPath("/");
            cookie2.setMaxAge(-1);
            httpServletResponse.addCookie(cookie2);
            httpServletRequest.setAttribute("tokenId", token.getTokenId());
            return;
        }
        ArrayList arrayList = new ArrayList();
        arrayList.add(this.rpc_service_url);
        arrayList.add(str2);
        arrayList.add(str3);
        arrayList.add(str);
        arrayList.add("apache");
        Collections.sort(arrayList);
        StringBuffer stringBuffer = new StringBuffer();
        for (int i = 0; i < arrayList.size(); i++) {
            stringBuffer.append((String) arrayList.get(i));
        }
        String SHA1 = PassportHelper.getInstance().SHA1(stringBuffer.toString());
        this.log.debug("rpc_url msg:[{}]" + this.rpc_service_url);
        this.log.debug("pkt msg:[{}]" + str2);
        this.log.debug("setCookieUrl msg:[{}]" + str3);
        this.log.debug("goUrl msg:[{}]" + str);
        this.log.debug("ptlangSha1=" + SHA1 + "; ptlang=" + str4);
        if (!SHA1.equals(str4)) {
            this.log.debug("passport msg:[{}]=Keys Are Different");
            httpServletRequest.getRequestDispatcher(this.jumpUrl).forward(httpServletRequest, httpServletResponse);
            return;
        }
        Cookie cookie3 = new Cookie(this.COOKIENAME, str2);
        cookie3.setPath("/");
        cookie3.setMaxAge(-1);
        httpServletResponse.addCookie(cookie3);
        Cookie cookie4 = new Cookie("_uc.sso", decrypt);
        cookie4.setPath("/");
        cookie4.setMaxAge(-1);
        httpServletResponse.addCookie(cookie4);
        httpServletRequest.setAttribute("tokenId", token.getTokenId());
        httpServletResponse.sendRedirect(str3 + "/cset?ticket=" + token.getTokenId() + "&go=" + str + "&ucsso=" + decrypt);
    }

    private LoginUser initLoginUser(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str, String str2) {
        LoginUser loginUser = null;
        if (ToolsUtil.isNotNull(str)) {
            loginUser = OsCacheManager.getInstance().getLoginUser(str);
            if (ToolsUtil.isEmpty(loginUser)) {
                String decrypt = DesUtils.getInstance().decrypt(str2);
                if (ToolsUtil.isNotNull(decrypt)) {
                    ParamsVo paramsVo = new ParamsVo();
                    paramsVo.setParams("userEname", decrypt);
                    paramsVo.setKey("loginUser");
                    loginUser = (LoginUser) this.uctProxyManager.doInvoke(paramsVo);
                    if (!ToolsUtil.isEmpty(loginUser)) {
                        OsCacheManager.getInstance().putLoginUser(str, loginUser);
                        httpServletRequest.getSession().setAttribute("loginUser", loginUser);
                        httpServletRequest.getSession().setAttribute("sysUser", loginUser.getSysFlag());
                        if (ToolsUtil.isEmpty(OsCacheManager.getInstance().getCustomerUser(loginUser.getUser().getUserId()))) {
                            List<Role> rolesForUserEname = ActCacheHelper.getInstance().getRolesForUserEname(loginUser.getUserEname());
                            if (!ToolsUtil.isEmpty(rolesForUserEname)) {
                                httpServletRequest.getSession().setAttribute("loginUserRoles", rolesForUserEname);
                                OsCacheManager.getInstance().putCustomerUser(loginUser.getUser().getUserId(), rolesForUserEname);
                            }
                        }
                    }
                }
            }
        }
        return loginUser;
    }

    private boolean unlockPath(String str) {
        XmlWhiteUtils.getInstance().deWhiteXml(this.whiteMap, "");
        ArrayList<String> arrayList = this.whiteMap.get("whiteUrl");
        ArrayList<String> arrayList2 = this.whiteMap.get("whiteParadigm");
        int size = arrayList2.size();
        if (str.length() <= 1) {
            return false;
        }
        if (arrayList.contains(str)) {
            return true;
        }
        for (int i = 0; i < size; i++) {
            if (arrayList2.get(i).contains("*")) {
                if (str.indexOf(arrayList2.get(i).replace("*", "")) == 0) {
                    return true;
                }
            } else if (!"".equals(arrayList2.get(i)) && str.indexOf(arrayList2.get(i)) == 0) {
                return true;
            }
        }
        return false;
    }

    private boolean canAccess(LoginUser loginUser, String str) {
        if (loginUser.getUserEname().equals(StrUtil.doNull(SystemTools.getInstance().getValue("uct_supper_user"), "admin"))) {
            return true;
        }
        Map actMap = loginUser.getActMap();
        if (null != actMap && !actMap.isEmpty()) {
            Iterator it = actMap.keySet().iterator();
            while (it.hasNext()) {
                Act act = (Act) actMap.get((String) it.next());
                if (StrUtil.isNotNull(act.getActUrl())) {
                    String[] split = act.getActUrl().split(",");
                    for (int i = 0; i < split.length; i++) {
                        if (split[i].endsWith(".action")) {
                            if (str.equals(split[i])) {
                                return true;
                            }
                        } else if (str.startsWith(split[i])) {
                            return true;
                        }
                    }
                }
            }
        }
        return false;
    }

    public void destroy() {
    }

    private void initValue() {
        this.COOKIENAME = SystemTools.getInstance().getValue("cookieName");
        this.login_url = SystemTools.getInstance().getValue("login.url");
        this.white_url = SystemTools.getInstance().getValue("white.url");
        this.jumpUrl = SystemTools.getInstance().getValue("jump.url");
        this.rpc_service_url = SystemTools.getInstance().getValue("rpc_service_url");
    }

    private boolean jkWhite(String str) {
        for (int i = 0; i < this.whiteJK.size(); i++) {
            if (str.startsWith(this.whiteJK.get(i))) {
                return true;
            }
        }
        return false;
    }
}
