package com.yonyou.uap.tenant.web.filter.security;

import com.yonyou.iuap.security.rest.common.AuthConstants;
import com.yonyou.iuap.security.rest.common.Credential;
import com.yonyou.iuap.security.rest.common.SignProp;
import com.yonyou.iuap.security.rest.exception.UAPSecurityException;
import com.yonyou.iuap.security.rest.factory.ServerVerifyFactory;
import com.yonyou.iuap.security.rest.utils.PostParamsHelper;
import com.yonyou.iuap.security.rest.utils.SignPropGenerator;
import java.io.IOException;
import java.util.Map;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.sql.DataSource;
import org.apache.commons.collections.MapUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.log4j.spi.LocationInfo;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.context.ApplicationContext;
import org.springframework.jdbc.core.JdbcTemplate;
import uap.web.cache.CacheManager;
import uap.web.core.ContextHolder;

/* loaded from: input_file:WEB-INF/classes/com/yonyou/uap/tenant/web/filter/security/SSORestFulSecurityFilter.class */
public class SSORestFulSecurityFilter implements Filter {
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) SSORestFulSecurityFilter.class);
    private static final long DEFAULT_EXPIRED = 300000;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:WEB-INF/classes/com/yonyou/uap/tenant/web/filter/security/SSORestFulSecurityFilter$RestServerVirifyFactory.class */
    public class RestServerVirifyFactory extends ServerVerifyFactory {
        private Logger log = LoggerFactory.getLogger((Class<?>) ServerVerifyFactory.class);

        RestServerVirifyFactory() {
        }

        @Override // com.yonyou.iuap.security.rest.factory.ServerVerifyFactory
        protected Credential genCredential(String str) {
            try {
                ApplicationContext context = ContextHolder.getContext();
                CacheManager cacheManager = (CacheManager) context.getBean("cacheManager");
                Credential credential = (Credential) cacheManager.get("temp_sso_trust_" + str);
                if (credential != null) {
                    return credential;
                }
                context.getBean("dataSource");
                Map<String, Object> queryForMap = new JdbcTemplate((DataSource) context.getBean("dataSource")).queryForMap(" select * from pub_security_client where client_id = ? ", str);
                Credential credential2 = new Credential(MapUtils.getString(queryForMap, "client_id"), MapUtils.getString(queryForMap, "client_key"), MapUtils.getString(queryForMap, "expired_ts"));
                cacheManager.setex("temp_sso_trust_" + str, credential2, 3600);
                return credential2;
            } catch (Exception e) {
                this.log.error(e.getMessage(), (Throwable) e);
                return null;
            }
        }
    }

    public void init(FilterConfig filterConfig) throws ServletException {
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        if (servletRequest instanceof HttpServletRequest) {
            HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
            String header = httpServletRequest.getHeader(AuthConstants.PARAM_DIGEST);
            String header2 = httpServletRequest.getHeader(AuthConstants.APPID);
            if (StringUtils.isEmpty(header)) {
                header = httpServletRequest.getParameter(AuthConstants.PARAM_DIGEST);
            }
            if (StringUtils.isEmpty(header2)) {
                header2 = httpServletRequest.getParameter(AuthConstants.APPID);
            }
            if (header == null || header2 == null) {
                HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
                httpServletResponse.setStatus(400);
                httpServletResponse.addHeader("restful validate error", " 400 , Method Not Allowed,please check restful called paramters ! ");
                httpServletResponse.getWriter().write("Method Not Allowed,please check restful called paramters !");
                return;
            }
            String parameter = httpServletRequest.getParameter(AuthConstants.PARAM_TIMESTAMP);
            if (StringUtils.isNumeric(parameter)) {
                if (System.currentTimeMillis() - Long.parseLong(parameter) > DEFAULT_EXPIRED) {
                    HttpServletResponse httpServletResponse2 = (HttpServletResponse) servletResponse;
                    httpServletResponse2.setStatus(400);
                    httpServletResponse2.addHeader("restful validate error", " 400 , 请求超时");
                    logger.error("restful 签名超超时");
                    httpServletResponse2.getWriter().write("restful validate over time");
                    return;
                }
            }
            if (!validatorURL(httpServletRequest).booleanValue()) {
                HttpServletResponse httpServletResponse3 = (HttpServletResponse) servletResponse;
                httpServletResponse3.setStatus(400);
                httpServletResponse3.addHeader("restful validate error", " 400 , Method Not Allowed,please check restful called paramters ! ");
                httpServletResponse3.getWriter().write("Method Not Allowed,please check restful called paramters !");
                return;
            }
        }
        filterChain.doFilter(servletRequest, servletResponse);
    }

    public void destroy() {
    }

    public Boolean validatorURL(HttpServletRequest httpServletRequest) {
        String header = httpServletRequest.getHeader(AuthConstants.PARAM_DIGEST);
        if (StringUtils.isEmpty(header)) {
            header = httpServletRequest.getParameter(AuthConstants.PARAM_DIGEST);
        }
        String parameter = httpServletRequest.getParameter(AuthConstants.APPID);
        String header2 = StringUtils.isEmpty(header) ? httpServletRequest.getHeader(AuthConstants.PARAM_DIGEST) : header;
        String header3 = StringUtils.isEmpty(parameter) ? httpServletRequest.getHeader(AuthConstants.APPID) : parameter;
        if (StringUtils.isNotEmpty(header2) && StringUtils.isNotEmpty(header3)) {
            try {
                String stringBuffer = httpServletRequest.getRequestURL().toString();
                if (StringUtils.isNotBlank(httpServletRequest.getQueryString())) {
                    stringBuffer = stringBuffer + LocationInfo.NA + httpServletRequest.getQueryString();
                }
                SignProp genSignProp = SignPropGenerator.genSignProp(stringBuffer);
                if (httpServletRequest.getMethod().endsWith("POST")) {
                    genSignProp.setPostParamsStr(PostParamsHelper.genParamsStrByReqeust(httpServletRequest));
                    genSignProp.setContentLength(httpServletRequest.getContentLength());
                }
                return Boolean.valueOf(new RestServerVirifyFactory().getVerifier(header3).verify(header2, genSignProp));
            } catch (UAPSecurityException e) {
                logger.error("restful摘要计算失败!", (Throwable) e);
            } catch (Exception e2) {
                logger.error("restful摘要计算失败!", (Throwable) e2);
            }
        }
        return false;
    }
}
