package com.payneteasy.superfly.security.filters;

import com.caucho.hessian.client.HessianProxyFactory;
import com.payneteasy.superfly.api.ActionDescription;
import com.payneteasy.superfly.api.SSOAction;
import com.payneteasy.superfly.api.SSOService;
import com.payneteasy.superfly.api.SSOUser;
import com.payneteasy.superfly.security.filters.internal.SecurityFilterFlow;
import com.payneteasy.superfly.security.spring.SecuredBeanPostProcessor;
import com.payneteasy.superfly.security.spring.internal.SecurityContext;
import com.payneteasy.superfly.security.spring.internal.SecurityContextStore;
import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URLEncoder;
import java.util.HashSet;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/payneteasy/superfly/security/filters/ExternalFormSecurityFilter.class */
public class ExternalFormSecurityFilter implements Filter {
    private static final Logger LOG = LoggerFactory.getLogger(ExternalFormSecurityFilter.class);
    private final ExcludedPaths paths;
    private final String loginFormUrl;
    private final String logoutUrl;
    private final SSOService ssoService;
    private final String packageName;
    private final String systemName;

    public ExternalFormSecurityFilter(ExcludedPaths excludedPaths, String str, String str2, String str3, String str4, String str5) {
        this.paths = excludedPaths;
        this.loginFormUrl = str3 + "/sso/login?subsystemIdentifier=" + str + "&targetUrl=";
        this.logoutUrl = str3 + "/sso/logout?subsystemIdentifier=" + str + "&targetUrl=";
        this.packageName = str4;
        this.systemName = str;
        HessianProxyFactory hessianProxyFactory = new HessianProxyFactory();
        hessianProxyFactory.setUser(str);
        hessianProxyFactory.setPassword(str2);
        hessianProxyFactory.setConnectTimeout(30000L);
        hessianProxyFactory.setReadTimeout(30000L);
        String str6 = str5 + "/remoting/basic.hessian.service";
        try {
            this.ssoService = (SSOService) hessianProxyFactory.create(SSOService.class, str6);
        } catch (MalformedURLException e) {
            throw new IllegalStateException("Could not parse url: " + str6, e);
        }
    }

    public void init(FilterConfig filterConfig) throws ServletException {
        try {
            ActionDescription[] actionDescriptions = getActionDescriptions();
            LOG.info("Sending {} actions to sso ...", Integer.valueOf(actionDescriptions.length));
            this.ssoService.sendSystemData(this.systemName, actionDescriptions);
        } catch (Exception e) {
            LOG.error("Unable to send action to sso service", e);
            throw new ServletException("Unable to send action to sso service", e);
        }
    }

    private ActionDescription[] getActionDescriptions() {
        String[] collectedActions = SecuredBeanPostProcessor.getCollectedActions();
        ActionDescription[] actionDescriptionArr = new ActionDescription[collectedActions.length];
        for (int i = 0; i < collectedActions.length; i++) {
            actionDescriptionArr[i] = new ActionDescription(collectedActions[i], (String) null);
        }
        return actionDescriptionArr;
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        SecurityFilterFlow securityFilterFlow = new SecurityFilterFlow(httpServletRequest, httpServletResponse);
        if (processLogoutUrl(securityFilterFlow.getPath(), httpServletRequest, httpServletResponse)) {
            LOG.debug("Logout url");
            return;
        }
        if (securityFilterFlow.processWithSecurityContext(filterChain)) {
            LOG.debug("Process with security context");
            return;
        }
        if (securityFilterFlow.processExcluded(this.paths, filterChain)) {
            LOG.debug("Process excluded urls");
            return;
        }
        if (!securityFilterFlow.getPath().equals("/check-token") && !securityFilterFlow.getPath().equals("/j_superfly_sso_security_check")) {
            redirectToLoginPage(httpServletRequest.getRequestURI(), httpServletResponse);
            return;
        }
        try {
            validateExternalToken(httpServletRequest);
            httpServletResponse.sendRedirect(httpServletRequest.getParameter("targetUrl"));
        } catch (Exception e) {
            LOG.error("Could not validate token", e);
            showBadTokenPage(httpServletResponse, e.getMessage());
        }
    }

    public boolean processLogoutUrl(String str, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        if (!str.startsWith("/j_spring_security_logout")) {
            return false;
        }
        SecurityContextStore.clearFromSession(httpServletRequest);
        httpServletResponse.sendRedirect(this.logoutUrl + URLEncoder.encode(httpServletRequest.getContextPath(), "utf-8"));
        return true;
    }

    private void showBadTokenPage(HttpServletResponse httpServletResponse, String str) throws IOException {
        httpServletResponse.getWriter().println(str);
    }

    private void validateExternalToken(HttpServletRequest httpServletRequest) {
        String parameter = httpServletRequest.getParameter("subsystemToken");
        if (parameter == null) {
            throw new IllegalStateException("No 'subsystemToken' in paraters");
        }
        LOG.info("Checking token {}", parameter);
        SSOUser exchangeSubsystemToken = this.ssoService.exchangeSubsystemToken(parameter);
        if (exchangeSubsystemToken == null) {
            throw new IllegalStateException("Token is not valid");
        }
        SecurityContext createContextFromUser = createContextFromUser(exchangeSubsystemToken);
        LOG.info("Got security context: {}", createContextFromUser);
        SecurityContextStore.setToSession(createContextFromUser, httpServletRequest);
    }

    private SecurityContext createContextFromUser(SSOUser sSOUser) {
        SSOAction[] sSOActionArr = (SSOAction[]) sSOUser.getActionsMap().values().iterator().next();
        HashSet hashSet = new HashSet();
        for (SSOAction sSOAction : sSOActionArr) {
            hashSet.add(sSOAction.getName().toUpperCase());
        }
        return new SecurityContext(sSOUser.getName(), hashSet);
    }

    private void redirectToLoginPage(String str, HttpServletResponse httpServletResponse) throws IOException {
        String str2 = this.loginFormUrl + URLEncoder.encode(str, "utf-8");
        LOG.debug("Sending redirect to external form to {}", str2);
        httpServletResponse.sendRedirect(str2);
    }

    public void destroy() {
    }
}
