package com.yonyou.iuap.auth.shiro;

import com.iuap.log.security.entities.SecurityLog;
import com.yonyou.iuap.auth.session.SessionManager;
import com.yonyou.iuap.auth.token.ITokenProcessor;
import com.yonyou.iuap.auth.token.TokenFactory;
import com.yonyou.iuap.auth.token.TokenParameter;
import com.yonyou.iuap.auth.util.CheckMobile;
import com.yonyou.iuap.auth.util.WebPushUtil;
import com.yonyou.iuap.context.InvocationInfoProxy;
import com.yonyou.iuap.log.utils.ThreadCallerIdGenerator;
import com.yonyou.iuap.utils.CookieUtil;
import com.yonyou.iuap.utils.PropertyUtil;
import com.yyjz.icop.mq.common.MqMessage;
import com.yyjz.icop.mq.sender.MsgSender;
import java.io.IOException;
import java.util.Arrays;
import java.util.Date;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import java.util.concurrent.atomic.AtomicLong;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import net.sf.json.JSONObject;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.lang3.StringUtils;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.web.filter.AccessControlFilter;
import org.apache.shiro.web.util.WebUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.slf4j.MDC;
import org.springframework.beans.factory.annotation.Autowired;
import org.springside.modules.nosql.redis.JedisTemplate;

/* loaded from: input_file:com/yonyou/iuap/auth/shiro/StatelessAuthcFilter.class */
public class StatelessAuthcFilter extends AccessControlFilter {
    public static final int HTTP_STATUS_AUTH = 306;
    public static final String ROLE_URL_PREFIX = "__A__R__U__";
    private static final String APP_BTN_URL_KEY = "__GLOBAL_BTN_URLS__";
    private String sysid;

    @Autowired
    private MsgSender msgSender;

    @Autowired
    private TokenFactory tokenFactory;

    @Autowired(required = false)
    private JedisTemplate jedisTemplate;

    @Autowired(required = false)
    private SessionManager sessionManager;
    private String[] esc = {"/logout", "/login", "/formLogin", ".jpg", ".png", ".gif", ".css", ".js", ".jpeg", "/oauth_login", "/oauth_approval"};
    private List<String> excludCongtextKeys = Arrays.asList("u_sysid", AuthConstants.PARAM_TENANTID, AuthConstants.PARAM_CALLID, AuthConstants.PARAM_USERNAME, AuthConstants.PARAM_TOKEN, AuthConstants.PARAM_LOGINTS, AuthConstants.PARAM_LOCALE, AuthConstants.PARAM_THEME, AuthConstants.PARAM_TIMEZONE, "current_user_name", "call_thread_id", "current_tenant_id");
    private static final Logger log = LoggerFactory.getLogger(StatelessAuthcFilter.class);
    private static final AtomicLong createCount = new AtomicLong(0);

    public void setSysid(String str) {
        this.sysid = str;
    }

    public void setTokenFactory(TokenFactory tokenFactory) {
        this.tokenFactory = tokenFactory;
    }

    public void setEsc(String[] strArr) {
        this.esc = strArr;
    }

    public void setExcludCongtextKeys(List<String> list) {
        this.excludCongtextKeys = list;
    }

    protected boolean isAccessAllowed(ServletRequest servletRequest, ServletResponse servletResponse, Object obj) throws Exception {
        return false;
    }

    private String buildParams(String str, String str2) {
        HashMap hashMap = new HashMap();
        hashMap.put("identity", "server1001");
        hashMap.put("userkeys", str);
        HashMap hashMap2 = new HashMap();
        hashMap2.put(str, str + "_server1001");
        hashMap2.put("type", str2);
        hashMap.put("message", hashMap2);
        return JSONObject.fromObject(hashMap).toString();
    }

    protected boolean onAccessDenied(ServletRequest servletRequest, ServletResponse servletResponse) throws Exception {
        boolean isAjax = isAjax(servletRequest);
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        Cookie[] cookies = httpServletRequest.getCookies();
        String header = httpServletRequest.getHeader("Authority");
        String findCookieValue = CookieUtil.findCookieValue(cookies, AuthConstants.PARAM_TOKEN);
        if (StringUtils.isBlank(findCookieValue)) {
            log.warn("no-token-in-cookie");
            if (StringUtils.isNotBlank(header)) {
                HashSet hashSet = new HashSet();
                for (String str : header.split(";")) {
                    String[] split = str.split("=");
                    hashSet.add(new Cookie(StringUtils.trim(split[0]), StringUtils.trim(split[1])));
                }
                cookies = (Cookie[]) hashSet.toArray(new Cookie[0]);
                findCookieValue = CookieUtil.findCookieValue(cookies, AuthConstants.PARAM_TOKEN);
            } else {
                log.error("no-token-in-cookie&header");
            }
        } else {
            log.debug("token-in-cookie");
        }
        String findCookieValue2 = CookieUtil.findCookieValue(cookies, AuthConstants.PARAM_USERNAME);
        String findCookieValue3 = CookieUtil.findCookieValue(cookies, AuthConstants.PARAM_THEME);
        String findCookieValue4 = CookieUtil.findCookieValue(cookies, AuthConstants.PARAM_LOCALE);
        String findCookieValue5 = CookieUtil.findCookieValue(cookies, AuthConstants.PARAM_TIMEZONE);
        String findCookieValue6 = CookieUtil.findCookieValue(cookies, AuthConstants.PARAM_LOGINTS);
        String findCookieValue7 = CookieUtil.findCookieValue(cookies, AuthConstants.USER_TYPE);
        String findCookieValue8 = CookieUtil.findCookieValue(cookies, AuthConstants.USER_ROLE);
        String findCookieValue9 = CookieUtil.findCookieValue(cookies, AuthConstants.PARAM_CALLID);
        if (StringUtils.isEmpty(this.sysid)) {
            throw new Exception("sysid is empty! add  sysid  parameter to 'StatelessAuthcFilter' bean in application-shiro.xml");
        }
        String parameter = servletRequest.getParameter(AuthConstants.PARAM_USERNAME);
        if (parameter == null && StringUtils.isNotBlank(findCookieValue2)) {
            parameter = findCookieValue2;
        }
        if (!(!include(httpServletRequest))) {
            return true;
        }
        if (findCookieValue == null || parameter == null) {
            if (isAjax) {
                onAjaxAuthFail(servletRequest, servletResponse);
                return false;
            }
            onLoginFail(servletRequest, servletResponse);
            return false;
        }
        HashMap hashMap = new HashMap(servletRequest.getParameterMap());
        ITokenProcessor tokenProcessor = this.tokenFactory.getTokenProcessor(findCookieValue);
        TokenParameter tokenParameterFromCookie = tokenProcessor.getTokenParameterFromCookie(cookies);
        StatelessToken statelessToken = new StatelessToken(parameter, tokenProcessor, tokenParameterFromCookie, hashMap, new String(findCookieValue));
        try {
            InvocationInfoProxy.setSysid(this.sysid);
            InvocationInfoProxy.setTheme(findCookieValue3);
            InvocationInfoProxy.setLocale(findCookieValue4);
            if (!StringUtils.isEmpty(findCookieValue5)) {
                InvocationInfoProxy.setTimeZone(findCookieValue5);
            }
            if (this.sessionManager != null && !this.sessionManager.validateOnlineSession(parameter, findCookieValue)) {
                String lowerCase = httpServletRequest.getHeader("USER-AGENT").toLowerCase();
                if (StringUtils.isEmpty(lowerCase)) {
                    WebPushUtil.webPush(buildParams(findCookieValue6 + "_" + parameter, "pc_session_invalidation"));
                } else if (CheckMobile.check(lowerCase)) {
                    WebPushUtil.webPush(buildParams(findCookieValue6 + "_" + parameter, "mobile_session_invalidation"));
                } else {
                    WebPushUtil.webPush(buildParams(findCookieValue6 + "_" + parameter, "pc_session_invalidation"));
                }
            }
            getSubject(servletRequest, servletResponse).login(statelessToken);
            if (!"1".equals(findCookieValue7)) {
                try {
                    Set smembers = this.jedisTemplate.smembers(APP_BTN_URL_KEY);
                    String str2 = httpServletRequest.getContextPath() + httpServletRequest.getServletPath();
                    if (smembers != null && smembers.contains(str2)) {
                        Set smembers2 = this.jedisTemplate.smembers(ROLE_URL_PREFIX + findCookieValue8);
                        if (smembers2 != null && !smembers2.contains(str2)) {
                            throw new Exception("you do not have the function permissions!!!");
                        }
                    }
                } catch (Exception e) {
                    log.info("jedisTempate is null, sysid is empty! add  jedisTempate bean in applicationContext.xml");
                }
            }
            try {
                if (httpServletRequest.getServletPath().indexOf(".") == -1) {
                    SecurityLog securityLog = new SecurityLog();
                    securityLog.setTimestamp(new Date());
                    securityLog.setProduct(httpServletRequest.getContextPath());
                    securityLog.setCategory("2");
                    securityLog.setLevel("10");
                    securityLog.setNotice(httpServletRequest.getServletPath());
                    securityLog.setUserId(parameter);
                    securityLog.setUserCode(CookieUtil.findCookieValue(cookies, "_A_P_userName"));
                    securityLog.setLessee(tokenParameterFromCookie.getExt().get(AuthConstants.PARAM_TENANTID));
                    securityLog.setIp(httpServletRequest.getRemoteAddr());
                    securityLog.setSystem("linux");
                    securityLog.setResult(httpServletRequest.getContextPath());
                    securityLog.setContentDes(httpServletRequest.getContextPath() + httpServletRequest.getServletPath());
                    int incrementAndGet = (int) (createCount.incrementAndGet() % 7);
                    MqMessage mqMessage = new MqMessage();
                    mqMessage.setBody(securityLog);
                    this.msgSender.sendMessage(mqMessage, "simple_queue" + incrementAndGet);
                }
            } catch (Exception e2) {
                log.info("business log insert error !");
            }
            InvocationInfoProxy.setUserid(parameter);
            InvocationInfoProxy.setLogints(findCookieValue6);
            InvocationInfoProxy.setTenantid(tokenParameterFromCookie.getExt().get(AuthConstants.PARAM_TENANTID));
            InvocationInfoProxy.setToken(findCookieValue);
            InvocationInfoProxy.setCallid(findCookieValue9);
            initExtendParams(cookies);
            initMDC();
            afterValidate(httpServletRequest);
            return true;
        } catch (Exception e3) {
            log.error(e3.getMessage(), e3);
            if (isAjax && (e3 instanceof AuthenticationException)) {
                onAjaxAuthFail(servletRequest, servletResponse);
                return false;
            }
            onLoginFail(servletRequest, servletResponse);
            return false;
        }
    }

    private boolean isAjax(ServletRequest servletRequest) {
        String header;
        boolean z = false;
        if ((servletRequest instanceof HttpServletRequest) && (header = ((HttpServletRequest) servletRequest).getHeader("X-Requested-With")) != null && "XMLHttpRequest".equals(header)) {
            z = true;
        }
        return z;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void onAjaxAuthFail(ServletRequest servletRequest, ServletResponse servletResponse) throws IOException {
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        JSONObject jSONObject = new JSONObject();
        jSONObject.put("msg", "auth check error!");
        httpServletResponse.setStatus(403);
        httpServletResponse.getWriter().write(jSONObject.toString());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void onLoginFail(ServletRequest servletRequest, ServletResponse servletResponse) throws IOException {
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        httpServletResponse.setStatus(HTTP_STATUS_AUTH);
        redirectToLogin(servletRequest, httpServletResponse);
    }

    protected void redirectToLogin(ServletRequest servletRequest, ServletResponse servletResponse) throws IOException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        String requestURI = httpServletRequest.getRequestURI();
        String queryString = httpServletRequest.getQueryString();
        if (queryString != null && !queryString.isEmpty()) {
            String str = queryString + "?" + httpServletRequest.getQueryString();
        }
        WebUtils.issueRedirect(servletRequest, servletResponse, getLoginUrl() + "?r=" + Base64.encodeBase64URLSafeString(requestURI.getBytes()));
    }

    public boolean include(HttpServletRequest httpServletRequest) {
        String requestURI = httpServletRequest.getRequestURI();
        for (String str : this.esc) {
            if (requestURI.endsWith(str)) {
                return true;
            }
        }
        String propertyByKey = PropertyUtil.getPropertyByKey(AuthConstants.URL_EXCLUDES);
        if (!StringUtils.isNotBlank(propertyByKey)) {
            return false;
        }
        for (String str2 : propertyByKey.split(",")) {
            if (requestURI.endsWith(str2)) {
                return true;
            }
        }
        return false;
    }

    public void afterCompletion(ServletRequest servletRequest, ServletResponse servletResponse, Exception exc) throws Exception {
        super.afterCompletion(servletRequest, servletResponse, exc);
        InvocationInfoProxy.reset();
        clearMDC();
    }

    private void initExtendParams(Cookie[] cookieArr) {
        for (Cookie cookie : cookieArr) {
            String name = cookie.getName();
            String value = cookie.getValue();
            if (!this.excludCongtextKeys.contains(name)) {
                InvocationInfoProxy.setParameter(name, value);
            }
        }
    }

    private void initMDC() {
        String str = "";
        Subject subject = SecurityUtils.getSubject();
        if (subject != null && subject.getPrincipal() != null) {
            str = (String) SecurityUtils.getSubject().getPrincipal();
        }
        MDC.put("current_user_name", str);
        String callid = InvocationInfoProxy.getCallid();
        if (StringUtils.isBlank(callid)) {
            InvocationInfoProxy.setCallid(ThreadCallerIdGenerator.genCallerThreadId());
        } else {
            MDC.put("call_thread_id", callid);
        }
        MDC.put("current_tenant_id", InvocationInfoProxy.getTenantid());
        initCustomMDC();
    }

    protected void initCustomMDC() {
    }

    protected void afterValidate(HttpServletRequest httpServletRequest) {
    }

    protected void clearMDC() {
        MDC.remove("current_user_name");
        MDC.remove("call_thread_id");
        MDC.remove("current_tenant_id");
        clearCustomMDC();
    }

    protected void clearCustomMDC() {
    }

    public static void main(String[] strArr) {
        for (int i = 0; i < 100; i++) {
            System.out.println("====" + ((int) (createCount.incrementAndGet() % 7)));
        }
    }
}
