package com.yonyou.bpm.rest.filter;

import com.yonyou.bpm.cache.CacheManager;
import com.yonyou.bpm.core.entity.TenantEntity;
import com.yonyou.bpm.core.impl.TenantQueryParam;
import com.yonyou.bpm.engine.impl.BpmAuthentication;
import com.yonyou.bpm.rest.security.DigestUtils;
import com.yonyou.bpm.rest.security.RestHMacParam;
import com.yonyou.bpm.rest.utils.StringUtils;
import com.yonyou.bpm.server.BpmServiceUtils;
import java.io.IOException;
import java.io.Serializable;
import java.util.List;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.web.context.support.WebApplicationContextUtils;

/* loaded from: input_file:com/yonyou/bpm/rest/filter/RestFulSecurityFilter.class */
public class RestFulSecurityFilter implements Filter {
    private final Logger logger = LoggerFactory.getLogger(getClass());
    private CacheManager cm;
    private static final String TENANT_CODE_SECURITY = "securitytenant";
    private static final String TENANT_CODE = "tenant";
    private static final String OPERATOR_ID = "operator";
    private static final String SIGN = "sign";

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        String str;
        String hmac;
        if (!(servletRequest instanceof HttpServletRequest)) {
            HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
            httpServletResponse.setStatus(400);
            httpServletResponse.addHeader("restful validate error", " 400 , Request is not HttpServletRequest ! ");
            httpServletResponse.getWriter().write("Request is not HttpServletRequest !");
            return;
        }
        this.logger.debug("----security----filter----in---");
        this.logger.error("===Before BpmAuthentication.getAuthenticatedTenantId():" + BpmAuthentication.getAuthenticatedTenantId());
        if (StringUtils.isNotBlank(BpmAuthentication.getSecurityTenantId())) {
            BpmAuthentication.removeSecurityTenantId();
        }
        if (StringUtils.isNotBlank(BpmAuthentication.getAuthenticatedTenantId())) {
            BpmAuthentication.removeAuthenticatedTenantId();
        }
        if (StringUtils.isNotBlank(BpmAuthentication.getAuthenticatedOrgId())) {
            BpmAuthentication.removeAuthenticatedOrgId();
        }
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        String header = httpServletRequest.getHeader("restservice");
        if (header == null || !header.startsWith("REST_SERVICE_")) {
            String value = getValue(httpServletRequest, TENANT_CODE);
            String value2 = getValue(httpServletRequest, SIGN);
            if (StringUtils.isBlank(value2) || StringUtils.isBlank(value)) {
                HttpServletResponse httpServletResponse2 = (HttpServletResponse) servletResponse;
                httpServletResponse2.setStatus(400);
                httpServletResponse2.addHeader("restful validate error", "Method Not Allowed, sign and tenant can not be null ! ");
                httpServletResponse2.getWriter().write("Method Not Allowed, sign and tenant can not be null !");
                return;
            }
            String str2 = (String) getId(value);
            String str3 = (String) getToken(value);
            if (StringUtils.isBlank(str2) || StringUtils.isBlank(str3)) {
                List<TenantEntity> tenantList = getTenantList(value);
                if ((tenantList != null ? tenantList.size() : 0) == 0) {
                    HttpServletResponse httpServletResponse3 = (HttpServletResponse) servletResponse;
                    httpServletResponse3.setStatus(400);
                    httpServletResponse3.addHeader("restful validate error", "Method Not Allowed, can not find tenant with tenant code(" + value + ") ! ");
                    httpServletResponse3.getWriter().write("Method Not Allowed, can not find tenant with tenant code(" + value + ") !");
                    return;
                }
                TenantEntity tenantEntity = tenantList.get(0);
                str2 = tenantEntity.getId();
                str3 = tenantEntity.getToken();
                putId(value, str2);
                putToken(value, str3);
            }
            if (StringUtils.isBlank(str3)) {
                HttpServletResponse httpServletResponse4 = (HttpServletResponse) servletResponse;
                httpServletResponse4.setStatus(400);
                httpServletResponse4.addHeader("restful validate error", "Method Not Allowed, current tenant with code(" + value + ") does not have token ! ");
                httpServletResponse4.getWriter().write("Method Not Allowed, current tenant with code(" + value + ") does not have token !");
                return;
            }
            String value3 = getValue(httpServletRequest, "Operator");
            String value4 = getValue(httpServletRequest, "beginTs");
            String value5 = getValue(httpServletRequest, "expireTs");
            String value6 = getValue(httpServletRequest, "ipAuth");
            String stringBuffer = httpServletRequest.getRequestURL().toString();
            boolean z = false;
            try {
                if (stringBuffer.indexOf("?") > 0) {
                    stringBuffer = stringBuffer.substring(0, stringBuffer.indexOf("?"));
                }
                this.logger.error("RestFulSecurityFilter===requestPath:" + stringBuffer);
                RestHMacParam restHMacParam = new RestHMacParam(stringBuffer, value4, value5, value6, servletRequest.getRemoteAddr());
                restHMacParam.setOperatorID(value3);
                restHMacParam.setTenant(value);
                String header2 = httpServletRequest.getHeader("user-agent");
                if (header2 == null || !header2.startsWith("BPM_SDK_net")) {
                    hmac = DigestUtils.hmac(restHMacParam, str3.trim(), DigestUtils.Algorithm_HMAC.HmacSHA1);
                } else if (StringUtils.isNotBlank(httpServletRequest.getHeader("canUse"))) {
                    hmac = value2;
                } else {
                    int indexOf = str3.indexOf("nkey");
                    int indexOf2 = str3.indexOf("token");
                    String trim = str3.substring(0, indexOf).trim();
                    String trim2 = str3.substring(indexOf, indexOf2).trim();
                    String trim3 = str3.substring(indexOf2).trim();
                    hmac = DigestUtils.hmac_net(restHMacParam, trim + trim2 + trim3, DigestUtils.Algorithm_HMAC.HmacSHA1);
                    if (!value2.equals(hmac)) {
                        this.logger.error("[TOKEN-key]" + trim + "[TOKEN-nkey]" + trim2 + "[TOKEN-token]" + trim3);
                    }
                }
                z = value2.equals(hmac);
            } catch (Exception e) {
                this.logger.error("验证token出现异常!", e);
            }
            if (!z) {
                HttpServletResponse httpServletResponse5 = (HttpServletResponse) servletResponse;
                httpServletResponse5.setStatus(403);
                httpServletResponse5.addHeader("restful validate error", "Forbidden! token error!");
                httpServletResponse5.getWriter().write("Forbidden! token error");
                return;
            }
            BpmAuthentication.setSecurityTenantId(str2);
            BpmAuthentication.setAuthenticatedOrgId(getValue(httpServletRequest, "org"));
            String value7 = getValue(httpServletRequest, "tenantL");
            String value8 = getValue(httpServletRequest, "tenantLId");
            if (StringUtils.isNotBlank(value8)) {
                str = value8;
            } else if (StringUtils.isNotBlank(value7)) {
                str = (String) getId(value7);
                if (StringUtils.isBlank(str)) {
                    List<TenantEntity> tenantList2 = getTenantList(value7);
                    if ((tenantList2 != null ? tenantList2.size() : 0) == 0) {
                        HttpServletResponse httpServletResponse6 = (HttpServletResponse) servletResponse;
                        httpServletResponse6.setStatus(400);
                        httpServletResponse6.addHeader("restful validate error", "Method Not Allowed, can not find tenant with tenant code(" + value7 + ") ! ");
                        httpServletResponse6.getWriter().write("Method Not Allowed, can not find tenant with tenant code(" + value7 + ") !");
                        return;
                    }
                    str = tenantList2.get(0).getId();
                    putId(value7, str);
                }
            } else {
                str = str2;
            }
            BpmAuthentication.setAuthenticatedTenantId(str);
        } else {
            if (!(httpServletRequest.getRequestURI().equals(new StringBuilder().append(httpServletRequest.getContextPath()).append("/service/hmacsha1").toString()) ? true : restService_doFilter(servletRequest, servletResponse, filterChain))) {
                return;
            }
        }
        this.logger.error("===After BpmAuthentication.getAuthenticatedTenantId():" + BpmAuthentication.getAuthenticatedTenantId());
        filterChain.doFilter(servletRequest, servletResponse);
    }

    private boolean restService_doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        String str;
        List<TenantEntity> tenantList;
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        String value = getValue(httpServletRequest, TENANT_CODE_SECURITY);
        if (StringUtils.isBlank(value)) {
            HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
            httpServletResponse.setStatus(400);
            httpServletResponse.addHeader("restful validate error", " 400 , Method Not Allowed, request header parameter of tenant is null ! ");
            httpServletResponse.getWriter().write("Method Not Allowed, request header parameter of tenant is null !");
            return false;
        }
        String value2 = getValue(httpServletRequest, SIGN);
        if (StringUtils.isBlank(value2)) {
            HttpServletResponse httpServletResponse2 = (HttpServletResponse) servletResponse;
            httpServletResponse2.setStatus(400);
            httpServletResponse2.addHeader("restful validate error", " 400 , Method Not Allowed, request header parameter of sign is null ! ");
            httpServletResponse2.getWriter().write("Method Not Allowed, request header parameter of sign is null !");
            return false;
        }
        if (StringUtils.isBlank(getValue(httpServletRequest, OPERATOR_ID))) {
            HttpServletResponse httpServletResponse3 = (HttpServletResponse) servletResponse;
            httpServletResponse3.setStatus(400);
            httpServletResponse3.addHeader("restful validate error", " 400 , Method Not Allowed, request header parameter of operator is null ! ");
            httpServletResponse3.getWriter().write("Method Not Allowed, request header parameter of operator is null !");
            return false;
        }
        this.logger.error("====tenant security code : " + value);
        String str2 = (String) getId(value);
        if (StringUtils.isBlank(str2)) {
            synchronized (this) {
                str2 = (String) getId(value);
                if (StringUtils.isBlank(str2)) {
                    List<TenantEntity> tenantList2 = getTenantList(value);
                    if (tenantList2 == null || tenantList2.size() <= 0) {
                        this.logger.error("Can not find tenant with code : " + value);
                    } else {
                        putId(value, tenantList2.get(0).getId());
                        putToken(value, tenantList2.get(0).getToken());
                        str2 = (String) getId(value);
                    }
                }
            }
        }
        if (StringUtils.isBlank(str2)) {
            HttpServletResponse httpServletResponse4 = (HttpServletResponse) servletResponse;
            httpServletResponse4.setStatus(400);
            httpServletResponse4.addHeader("restful validate error", " 400 , Method Not Allowed, tenant does not query ID ! ");
            httpServletResponse4.getWriter().write("Method Not Allowed, tenant does not query ID !");
            return false;
        }
        String str3 = (String) getToken(value);
        if (StringUtils.isBlank(str3)) {
            synchronized (this) {
                str3 = (String) getToken(value);
                if (StringUtils.isBlank(str3)) {
                    List<TenantEntity> tenantList3 = getTenantList(value);
                    if (tenantList3 == null || tenantList3.size() <= 0) {
                        this.logger.error("Can not find tenant with code : " + value);
                    } else {
                        putId(value, tenantList3.get(0).getId());
                        putToken(value, tenantList3.get(0).getToken());
                        str3 = (String) getToken(value);
                    }
                }
            }
        }
        if (StringUtils.isBlank(str3)) {
            HttpServletResponse httpServletResponse5 = (HttpServletResponse) servletResponse;
            httpServletResponse5.setStatus(400);
            httpServletResponse5.addHeader("restful validate error", " 400 , Method Not Allowed, tenant does not query token ! ");
            httpServletResponse5.getWriter().write("Method Not Allowed, tenant does not query token !");
            return false;
        }
        if (!value2.equals(DigestUtils.hmac(str2, str3, DigestUtils.Algorithm_HMAC.HmacSHA1))) {
            HttpServletResponse httpServletResponse6 = (HttpServletResponse) servletResponse;
            httpServletResponse6.setStatus(403);
            httpServletResponse6.addHeader("restful validate error", " 403 , Forbidden! token error!");
            httpServletResponse6.getWriter().write("Forbidden! token error!");
            return false;
        }
        BpmAuthentication.setSecurityTenantId(str2);
        String value3 = getValue(httpServletRequest, TENANT_CODE);
        if (StringUtils.isBlank(value3)) {
            BpmAuthentication.setAuthenticatedTenantId(str2);
            return true;
        }
        synchronized (this) {
            str = (String) getId(value3);
            if (StringUtils.isBlank(str) && (tenantList = getTenantList(value3)) != null && tenantList.size() > 0) {
                putId(value3, tenantList.get(0).getId());
                str = (String) getId(value3);
            }
        }
        if (StringUtils.isNotBlank(str)) {
            BpmAuthentication.setAuthenticatedTenantId(str);
            return true;
        }
        HttpServletResponse httpServletResponse7 = (HttpServletResponse) servletResponse;
        httpServletResponse7.setStatus(400);
        httpServletResponse7.addHeader("restful validate error", " 400 , Method Not Allowed, tenantCode(" + value3 + ") does not query tenant ! ");
        httpServletResponse7.getWriter().write("Method Not Allowed, tenantCode(" + value3 + ") does not query tenant ! ");
        return false;
    }

    private List<TenantEntity> getTenantList(String str) {
        TenantQueryParam tenantQueryParam = new TenantQueryParam();
        tenantQueryParam.setCode(str);
        return BpmServiceUtils.getBpmEngineConfiguration().getTenantService().query(tenantQueryParam);
    }

    private String getValue(HttpServletRequest httpServletRequest, String str) {
        String header = httpServletRequest.getHeader(str);
        if (StringUtils.isBlank(str)) {
            header = httpServletRequest.getParameter(str);
        }
        return header;
    }

    public void destroy() {
    }

    public void init(FilterConfig filterConfig) throws ServletException {
        this.cm = (CacheManager) WebApplicationContextUtils.getWebApplicationContext(filterConfig.getServletContext()).getBean("cacheManager");
    }

    protected <T extends Serializable> void putId(String str, T t) {
        if (!str.startsWith(CacheManager.ID_)) {
            str = CacheManager.ID_ + str;
        }
        putCache(str, t);
    }

    protected <T extends Serializable> T getId(String str) {
        if (!str.startsWith(CacheManager.ID_)) {
            str = CacheManager.ID_ + str;
        }
        return (T) getCache(str);
    }

    protected <T extends Serializable> void putToken(String str, T t) {
        if (!str.startsWith(CacheManager.TOKEN_)) {
            str = CacheManager.TOKEN_ + str;
        }
        putCache(str, t);
    }

    protected <T extends Serializable> T getToken(String str) {
        if (!str.startsWith(CacheManager.TOKEN_)) {
            str = CacheManager.TOKEN_ + str;
        }
        return (T) getCache(str);
    }

    protected <T extends Serializable> void putCache(String str, T t) {
        this.cm.put(str, t);
    }

    protected <T extends Serializable> T getCache(String str) {
        return (T) this.cm.get(str);
    }
}
