package com.xiaomi.mone.tpc.login.filter;

import com.google.gson.Gson;
import com.google.gson.GsonBuilder;
import com.xiaomi.mone.tpc.login.enums.UserTypeEnum;
import com.xiaomi.mone.tpc.login.util.CommonUtil;
import com.xiaomi.mone.tpc.login.util.ConstUtil;
import com.xiaomi.mone.tpc.login.util.SignUtil;
import com.xiaomi.mone.tpc.login.vo.AuthUserVo;
import com.xiaomi.mone.tpc.login.vo.UserInfoVO;
import java.util.Enumeration;
import java.util.HashMap;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/xiaomi/mone/tpc/login/filter/AuthCasFilter.class */
public class AuthCasFilter implements Filter {
    private static final Logger log = LoggerFactory.getLogger(AuthCasFilter.class);
    private String[] publicKeys = null;
    private String[] ignoreUrls;

    public void init(FilterConfig filterConfig) throws ServletException {
        String initParameter = filterConfig.getInitParameter("AEGIS_SDK_PUBLIC_KEY");
        if (StringUtils.isBlank(initParameter)) {
            throw new IllegalArgumentException("CAS_PUBLIC_KEY must config");
        }
        this.publicKeys = initParameter.split("[,|，]");
        String initParameter2 = filterConfig.getInitParameter(ConstUtil.ignoreUrl);
        if (StringUtils.isNotBlank(initParameter2)) {
            this.ignoreUrls = initParameter2.split("[,|，]");
            log.info("已设置忽略路径，ignoreUrls:{}", initParameter2);
        }
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws ServletException {
        try {
            HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
            if (log.isDebugEnabled()) {
                httpHeaderLog(httpServletRequest);
            }
            String requestURI = ((HttpServletRequest) servletRequest).getRequestURI();
            log.info("AuthCasFilter begin filter url:{}", requestURI);
            if (CommonUtil.isIgnoreUrl(this.ignoreUrls, requestURI)) {
                log.info("配置为忽略的路径,url:{}", requestURI);
                filterChain.doFilter(servletRequest, servletResponse);
                return;
            }
            String header = httpServletRequest.getHeader(ConstUtil.HEADER_KEY_SIGN_VERIFY_IDENTITY);
            if (StringUtils.isEmpty(header)) {
                log.error("没有标识身份的签名数据,url:{}", requestURI);
                noAuthResponse(servletResponse);
                return;
            }
            String str = null;
            String str2 = null;
            String[] strArr = this.publicKeys;
            int length = strArr.length;
            int i = 0;
            while (true) {
                if (i >= length) {
                    break;
                }
                String str3 = strArr[i];
                str2 = SignUtil.verifySignGetInfo(header, str3);
                if (StringUtils.isNotEmpty(str2)) {
                    str = str3;
                    break;
                }
                i++;
            }
            if (StringUtils.isEmpty(str2)) {
                log.error("检测身份,验签失败,url:{},signData:{}", requestURI, header);
                noAuthResponse(servletResponse);
                return;
            }
            log.info("账号登录,url:{}", requestURI);
            String header2 = httpServletRequest.getHeader(ConstUtil.HEADER_KEY_SIGN_AND_USER_DATA);
            if (StringUtils.isEmpty(header2)) {
                log.info("确认请求，没有签名用户数据(bypass|静态资源)，url:{}", requestURI);
                filterChain.doFilter(servletRequest, servletResponse);
                return;
            }
            String verifySignGetInfo = SignUtil.verifySignGetInfo(header2, str);
            if (StringUtils.isEmpty(verifySignGetInfo)) {
                log.error("获取用户数据，验签失败,url:{},signData:{}", requestURI, header2);
                noAuthResponse(servletResponse);
                return;
            }
            UserInfoVO userInfoVO = (UserInfoVO) new GsonBuilder().serializeNulls().create().fromJson(verifySignGetInfo, UserInfoVO.class);
            AuthUserVo authUserVo = new AuthUserVo();
            authUserVo.setUserType(UserTypeEnum.CAS_TYPE.getCode());
            authUserVo.setAccount(userInfoVO.getUser());
            authUserVo.setName(userInfoVO.getDisplayName());
            authUserVo.setEmail(userInfoVO.getEmail());
            authUserVo.setAvatarUrl(userInfoVO.getAvatar());
            authUserVo.setCasUid(userInfoVO.getuID());
            authUserVo.setDepartmentName(userInfoVO.getDepartmentName());
            servletRequest.setAttribute(ConstUtil.TPC_USER, authUserVo);
            log.info("AuthCasFilter check success,url:{}", requestURI);
            filterChain.doFilter(servletRequest, servletResponse);
        } catch (Throwable th) {
            log.error("AuthCasFilter check exception", th);
            throw new ServletException(th);
        }
    }

    private void noAuthResponse(ServletResponse servletResponse) {
        ((HttpServletResponse) servletResponse).setStatus(401);
    }

    private void httpHeaderLog(HttpServletRequest httpServletRequest) {
        HashMap hashMap = new HashMap();
        Enumeration headerNames = httpServletRequest.getHeaderNames();
        while (headerNames.hasMoreElements()) {
            String str = (String) headerNames.nextElement();
            hashMap.put(str, httpServletRequest.getHeader(str));
        }
        log.debug("http all header>>>>{}", new Gson().toJson(hashMap));
    }

    public void destroy() {
        log.info("AuthCasFilter destroy finish..");
    }
}
