package com.xiaomi.mone.tpc.login.filter;

import com.google.gson.GsonBuilder;
import com.xiaomi.mone.tpc.login.enums.UserTypeEnum;
import com.xiaomi.mone.tpc.login.util.CommonUtil;
import com.xiaomi.mone.tpc.login.util.ConstUtil;
import com.xiaomi.mone.tpc.login.util.SignUtil;
import com.xiaomi.mone.tpc.login.vo.AuthUserVo;
import com.xiaomi.mone.tpc.login.vo.UserInfoVO;
import com.xiaomi.youpin.docean.mvc.MvcContext;
import java.util.Map;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/xiaomi/mone/tpc/login/filter/DoceanAuthCasFilter.class */
public class DoceanAuthCasFilter extends DoceanFilter {
    private static final Logger log = LoggerFactory.getLogger(DoceanAuthCasFilter.class);
    private String[] publicKeys = null;
    private String[] ignoreUrls;

    @Override // com.xiaomi.mone.tpc.login.filter.DoceanFilter
    public void init(Map<String, String> map) {
        String str = map.get("AEGIS_SDK_PUBLIC_KEY");
        if (StringUtils.isBlank(str)) {
            throw new IllegalArgumentException("CAS_PUBLIC_KEY must config");
        }
        this.publicKeys = str.split("[,|，]");
        String str2 = map.get(ConstUtil.ignoreUrl);
        if (StringUtils.isNotBlank(str2)) {
            this.ignoreUrls = str2.split("[,|，]");
            log.info("已设置忽略路径，ignoreUrls:{}", str2);
        }
    }

    @Override // com.xiaomi.mone.tpc.login.filter.DoceanFilter
    public boolean doFilter(MvcContext mvcContext) {
        try {
            String path = mvcContext.getPath();
            log.info("AuthCasFilter begin filter url:{}", path);
            if (CommonUtil.isIgnoreUrl(this.ignoreUrls, path)) {
                log.info("配置为忽略的路径,url:{}", path);
                return true;
            }
            String str = (String) mvcContext.getHeaders().get(ConstUtil.HEADER_KEY_SIGN_VERIFY_IDENTITY);
            if (StringUtils.isEmpty(str)) {
                log.error("没有标识身份的签名数据,url:{}", path);
                noAuthResponse(mvcContext);
                return false;
            }
            String str2 = null;
            String str3 = null;
            String[] strArr = this.publicKeys;
            int length = strArr.length;
            int i = 0;
            while (true) {
                if (i >= length) {
                    break;
                }
                String str4 = strArr[i];
                str3 = SignUtil.verifySignGetInfo(str, str4);
                if (StringUtils.isNotEmpty(str3)) {
                    str2 = str4;
                    break;
                }
                i++;
            }
            if (StringUtils.isEmpty(str3)) {
                log.error("检测身份,验签失败,url:{},signData:{}", path, str);
                noAuthResponse(mvcContext);
                return false;
            }
            log.info("账号登录,url:{}", path);
            String str5 = (String) mvcContext.getHeaders().get(ConstUtil.HEADER_KEY_SIGN_AND_USER_DATA);
            if (StringUtils.isEmpty(str5)) {
                log.info("确认请求，没有签名用户数据(bypass|静态资源)，url:{}", path);
                return true;
            }
            String verifySignGetInfo = SignUtil.verifySignGetInfo(str5, str2);
            if (StringUtils.isEmpty(verifySignGetInfo)) {
                log.error("获取用户数据，验签失败,url:{},signData:{}", path, str5);
                noAuthResponse(mvcContext);
                return false;
            }
            UserInfoVO userInfoVO = (UserInfoVO) new GsonBuilder().serializeNulls().create().fromJson(verifySignGetInfo, UserInfoVO.class);
            AuthUserVo authUserVo = new AuthUserVo();
            authUserVo.setUserType(UserTypeEnum.CAS_TYPE.getCode());
            authUserVo.setAccount(userInfoVO.getUser());
            authUserVo.setName(userInfoVO.getDisplayName());
            authUserVo.setEmail(userInfoVO.getEmail());
            authUserVo.setAvatarUrl(userInfoVO.getAvatar());
            authUserVo.setCasUid(userInfoVO.getuID());
            authUserVo.setDepartmentName(userInfoVO.getDepartmentName());
            mvcContext.session().setAttribute(ConstUtil.TPC_USER, authUserVo);
            return true;
        } catch (Throwable th) {
            log.error("AuthCasFilter check exception", th);
            throw new RuntimeException(th);
        }
    }

    private void noAuthResponse(MvcContext mvcContext) {
        mvcContext.getResHeaders().put("x-status", "401");
    }

    @Override // com.xiaomi.mone.tpc.login.filter.DoceanFilter
    public void destroy() {
        log.info("AuthCasFilter destroy finish..");
    }
}
