package com.ejianc.framework.idmclient.cas;

import com.ejianc.framework.core.util.Utils;
import com.ejianc.framework.idmclient.IdmFilterConfiguration;
import com.ejianc.framework.idmclient.cas.logout.entity.TenantUser;
import com.ejianc.framework.idmclient.esapi.EncryptException;
import com.ejianc.framework.idmclient.sdk.RedisUtils;
import com.ejianc.framework.idmclient.utils.CookieUtil;
import com.ejianc.framework.idmclient.utils.IRequestMatcherStrategy;
import com.ejianc.framework.idmclient.utils.TokenGenerator;
import java.io.IOException;
import java.util.HashMap;
import java.util.Map;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.lang.StringUtils;
import org.jasig.cas.client.authentication.AuthenticationRedirectStrategy;
import org.jasig.cas.client.authentication.DefaultAuthenticationRedirectStrategy;
import org.jasig.cas.client.authentication.DefaultGatewayResolverImpl;
import org.jasig.cas.client.authentication.ExactUrlPatternMatcherStrategy;
import org.jasig.cas.client.authentication.GatewayResolver;
import org.jasig.cas.client.authentication.RegexUrlPatternMatcherStrategy;
import org.jasig.cas.client.authentication.UrlPatternMatcherStrategy;
import org.jasig.cas.client.util.AbstractCasFilter;
import org.jasig.cas.client.util.CommonUtils;
import org.jasig.cas.client.util.ReflectUtils;
import org.jasig.cas.client.validation.Assertion;
import org.springframework.web.context.support.WebApplicationContextUtils;

/* loaded from: input_file:com/ejianc/framework/idmclient/cas/AuthenticationFilter.class */
public class AuthenticationFilter extends AbstractCasFilter {
    private String casServerLoginUrl;
    private IRequestMatcherStrategy ignoreUrlClass;
    private static final Map<String, Class<? extends UrlPatternMatcherStrategy>> PATTERN_MATCHER_TYPES = new HashMap();
    private String myServerName;
    private String myService;
    private static final String SSO_PORTAL_URL = "/portal/sso/index";
    private IdmFilterConfiguration idmFilterConfiguration;
    private boolean renew = false;
    private boolean gateway = false;
    private GatewayResolver gatewayStorage = new DefaultGatewayResolverImpl();
    private AuthenticationRedirectStrategy authenticationRedirectStrategy = new DefaultAuthenticationRedirectStrategy();
    private UrlPatternMatcherStrategy ignoreUrlPatternMatcherStrategyClass = null;
    private boolean myEncodeServiceUrl = true;
    private String simpleReg = "72941b226fa7bff1fcac9ec5ccba2d05038cd881";

    public void init() {
        super.init();
        CommonUtils.assertNotNull(this.casServerLoginUrl, "casServerLoginUrl cannot be null.");
    }

    protected void initInternal(FilterConfig filterConfig) throws ServletException {
        this.idmFilterConfiguration = (IdmFilterConfiguration) WebApplicationContextUtils.getWebApplicationContext(filterConfig.getServletContext()).getBean("idmFilterConfiguration", IdmFilterConfiguration.class);
        if (!isIgnoreInitConfiguration()) {
            super.initInternal(filterConfig);
            String casRedirectUrl = this.idmFilterConfiguration.getCasRedirectUrl();
            if (StringUtils.isNotBlank(casRedirectUrl)) {
                setCasServerLoginUrl(casRedirectUrl);
            } else {
                setCasServerLoginUrl(getPropertyFromInitParams(filterConfig, "casServerLoginUrl", null));
            }
            String propertyFromInitParams = getPropertyFromInitParams(filterConfig, "ignoreUrlClassPath", null);
            if (StringUtils.isNotBlank(propertyFromInitParams)) {
                this.ignoreUrlClass = (IRequestMatcherStrategy) ReflectUtils.newInstance(propertyFromInitParams, new Object[0]);
            }
            this.logger.trace("Loaded CasServerLoginUrl parameter: {}", this.casServerLoginUrl);
            setRenew(parseBoolean(getPropertyFromInitParams(filterConfig, "renew", "false")));
            this.logger.trace("Loaded renew parameter: {}", Boolean.valueOf(this.renew));
            setGateway(parseBoolean(getPropertyFromInitParams(filterConfig, "gateway", "false")));
            this.logger.trace("Loaded gateway parameter: {}", Boolean.valueOf(this.gateway));
            String propertyFromInitParams2 = getPropertyFromInitParams(filterConfig, "ignorePattern", null);
            this.logger.trace("Loaded ignorePattern parameter: {}", propertyFromInitParams2);
            String propertyFromInitParams3 = getPropertyFromInitParams(filterConfig, "ignoreUrlPatternType", "REGEX");
            this.logger.trace("Loaded ignoreUrlPatternType parameter: {}", propertyFromInitParams3);
            if (propertyFromInitParams2 != null) {
                Class<? extends UrlPatternMatcherStrategy> cls = PATTERN_MATCHER_TYPES.get(propertyFromInitParams3);
                if (cls != null) {
                    this.ignoreUrlPatternMatcherStrategyClass = (UrlPatternMatcherStrategy) ReflectUtils.newInstance(cls.getName(), new Object[0]);
                } else {
                    try {
                        this.logger.trace("Assuming {} is a qualified class name...", propertyFromInitParams3);
                        this.ignoreUrlPatternMatcherStrategyClass = (UrlPatternMatcherStrategy) ReflectUtils.newInstance(propertyFromInitParams3, new Object[0]);
                    } catch (IllegalArgumentException e) {
                        this.logger.error("Could not instantiate class [{}]", propertyFromInitParams3, e);
                    }
                }
                if (this.ignoreUrlPatternMatcherStrategyClass != null) {
                    this.ignoreUrlPatternMatcherStrategyClass.setPattern(propertyFromInitParams2);
                }
            }
            String propertyFromInitParams4 = getPropertyFromInitParams(filterConfig, "gatewayStorageClass", null);
            if (propertyFromInitParams4 != null) {
                this.gatewayStorage = (GatewayResolver) ReflectUtils.newInstance(propertyFromInitParams4, new Object[0]);
            }
            String propertyFromInitParams5 = getPropertyFromInitParams(filterConfig, "authenticationRedirectStrategyClass", null);
            if (propertyFromInitParams5 != null) {
                this.authenticationRedirectStrategy = (AuthenticationRedirectStrategy) ReflectUtils.newInstance(propertyFromInitParams5, new Object[0]);
            }
        }
        String serverName = this.idmFilterConfiguration.getServerName();
        if (StringUtils.isNotBlank(serverName)) {
            setMyServerName(serverName);
            setServerName(serverName);
        } else {
            setMyServerName(getPropertyFromInitParams(filterConfig, "serverName", null));
            setServerName(getPropertyFromInitParams(filterConfig, "serverName", null));
        }
        setMyService(getPropertyFromInitParams(filterConfig, "service", null));
        setMyEncodeServiceUrl(parseBoolean(getPropertyFromInitParams(filterConfig, "encodeServiceUrl", "true")));
    }

    public final void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        Assertion sessionCacheAttribute;
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        String casServer = this.idmFilterConfiguration.getCasServer();
        if (Utils.getDingDingDomain().contains(httpServletRequest.getServerName())) {
            String dingDingDomain = Utils.getDingDingDomain();
            setMyServerName(dingDingDomain);
            setServerName(dingDingDomain);
            setCasServerLoginUrl(dingDingDomain + "/sso/login");
            casServer = dingDingDomain + "/portal/sso/login";
        }
        if (isRequestUrlExcluded(httpServletRequest)) {
            this.logger.debug("Request is ignored.");
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        if (SSO_PORTAL_URL.equals(httpServletRequest.getRequestURI())) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        String findCookieValue = CookieUtil.findCookieValue(httpServletRequest.getCookies(), "tenant_token");
        String findCookieValue2 = CookieUtil.findCookieValue(httpServletRequest.getCookies(), "tenant_username");
        TenantUser userCache = RedisUtils.getUserCache("user.info.login.tenant:" + findCookieValue2);
        String str = "";
        if (userCache != null) {
            try {
                str = TokenGenerator.genToken(findCookieValue2, userCache.getLoginTs(), RedisUtils.findSeed());
            } catch (EncryptException e) {
                e.printStackTrace();
            }
            if (str.equalsIgnoreCase(findCookieValue)) {
                HttpSession session = httpServletRequest.getSession(true);
                if ((session != null ? (Assertion) session.getAttribute("_const_cas_assertion_") : null) == null && (sessionCacheAttribute = RedisUtils.getSessionCacheAttribute("tenant_assertion", findCookieValue2)) != null) {
                    session.setAttribute("_const_cas_assertion_", sessionCacheAttribute);
                }
                filterChain.doFilter(httpServletRequest, httpServletResponse);
                return;
            }
        }
        String issimpleregister = this.idmFilterConfiguration.getIssimpleregister();
        String constructServiceUrl2 = constructServiceUrl2(httpServletRequest, httpServletResponse);
        String retrieveTicketFromRequest = retrieveTicketFromRequest(httpServletRequest);
        boolean z = this.gateway && this.gatewayStorage.hasGatewayedAlready(httpServletRequest, constructServiceUrl2);
        if (CommonUtils.isNotBlank(retrieveTicketFromRequest) || z) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        this.logger.debug("no ticket and no assertion found");
        String constructRedirectUrl = CommonUtils.constructRedirectUrl(this.casServerLoginUrl, getServiceParameterName(), casServer, this.renew, this.gateway);
        String findCookieValue3 = CookieUtil.findCookieValue(httpServletRequest.getCookies(), "current_sys_id");
        if (StringUtils.isNotBlank(findCookieValue3)) {
            constructRedirectUrl = constructRedirectUrl.split("service=")[0] + "sysid=" + findCookieValue3 + "&service=" + constructRedirectUrl.split("service=")[1];
        }
        if ("1".equalsIgnoreCase(issimpleregister)) {
            constructRedirectUrl = constructRedirectUrl + "&registertype=" + this.simpleReg;
        }
        this.logger.debug("redirecting to \"{}\"", constructRedirectUrl);
        this.authenticationRedirectStrategy.redirect(httpServletRequest, httpServletResponse, constructRedirectUrl);
    }

    public final void setRenew(boolean z) {
        this.renew = z;
    }

    public final void setGateway(boolean z) {
        this.gateway = z;
    }

    public final void setCasServerLoginUrl(String str) {
        this.casServerLoginUrl = str;
    }

    public final void setGatewayStorage(GatewayResolver gatewayResolver) {
        this.gatewayStorage = gatewayResolver;
    }

    private boolean isRequestUrlExcluded(HttpServletRequest httpServletRequest) {
        if (this.ignoreUrlClass == null && this.ignoreUrlPatternMatcherStrategyClass == null) {
            return false;
        }
        StringBuffer requestURL = httpServletRequest.getRequestURL();
        if (httpServletRequest.getQueryString() != null) {
            requestURL.append("?").append(httpServletRequest.getQueryString());
        }
        return this.ignoreUrlClass != null ? this.ignoreUrlClass.matches(httpServletRequest) : this.ignoreUrlPatternMatcherStrategyClass.matches(requestURL.toString());
    }

    protected final String constructServiceUrl2(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        if (CommonUtils.isNotBlank(this.myService)) {
            return this.myEncodeServiceUrl ? httpServletResponse.encodeURL(this.myService) : this.myService;
        }
        StringBuilder sb = new StringBuilder();
        String findMatchingServerName = findMatchingServerName(httpServletRequest, this.myServerName);
        if (!findMatchingServerName.startsWith("https://") && !findMatchingServerName.startsWith("http://")) {
            sb.append(httpServletRequest.isSecure() ? "https://" : "http://");
        }
        sb.append(findMatchingServerName);
        if (!StringUtils.isNotBlank(httpServletRequest.getRequestURI()) || httpServletRequest.getRequestURI().indexOf("sso/login") == -1) {
            String contextName = this.idmFilterConfiguration.getContextName();
            sb.append(contextName + "/" + this.idmFilterConfiguration.getLoginUrl() + "?r=" + Base64.encodeBase64URLSafeString(contextName.getBytes()));
        } else {
            sb.append(httpServletRequest.getRequestURI());
        }
        if (CommonUtils.isNotBlank(httpServletRequest.getQueryString())) {
            int indexOf = httpServletRequest.getQueryString().indexOf(getArtifactParameterName() + "=");
            if (indexOf == 0) {
                String encodeURL = this.myEncodeServiceUrl ? httpServletResponse.encodeURL(sb.toString()) : sb.toString();
                this.logger.debug("serviceUrl generated: {}", encodeURL);
                return encodeURL;
            }
            sb.append("?");
            if (indexOf == -1) {
                sb.append(httpServletRequest.getQueryString());
            } else if (indexOf > 0) {
                int indexOf2 = httpServletRequest.getQueryString().indexOf("&" + getArtifactParameterName() + "=");
                if (indexOf2 == -1) {
                    sb.append(httpServletRequest.getQueryString());
                } else if (indexOf2 > 0) {
                    sb.append(httpServletRequest.getQueryString().substring(0, indexOf2));
                }
            }
        }
        String encodeURL2 = this.myEncodeServiceUrl ? httpServletResponse.encodeURL(sb.toString()) : sb.toString();
        this.logger.debug("serviceUrl generated: {}", encodeURL2);
        return encodeURL2;
    }

    public final void setMyServerName(String str) {
        if (str == null || !str.endsWith("/")) {
            this.myServerName = str;
        } else {
            this.myServerName = str.substring(0, str.length() - 1);
            this.logger.info("Eliminated extra slash from serverName [{}].  It is now [{}]", str, this.myServerName);
        }
    }

    public final void setMyService(String str) {
        this.myService = str;
    }

    public final void setMyEncodeServiceUrl(boolean z) {
        this.myEncodeServiceUrl = z;
    }

    private String findMatchingServerName(HttpServletRequest httpServletRequest, String str) {
        String[] split = str.split(" ");
        if (split == null || split.length == 0 || split.length == 1) {
            return str;
        }
        String header = httpServletRequest.getHeader("Host");
        String header2 = httpServletRequest.getHeader("X-Forwarded-Host");
        String str2 = (header2 == null || header != "localhost") ? header : header2;
        if (str2 == null) {
            return str;
        }
        for (String str3 : split) {
            if (str3.toLowerCase().contains(str2)) {
                return str3;
            }
        }
        return split[0];
    }

    static {
        PATTERN_MATCHER_TYPES.put("CONTAINS", MutiContainsPatternUrlPatternMatcherStrategy.class);
        PATTERN_MATCHER_TYPES.put("MUTICONTAINS", MutiContainsPatternUrlPatternMatcherStrategy.class);
        PATTERN_MATCHER_TYPES.put("REGEX", RegexUrlPatternMatcherStrategy.class);
        PATTERN_MATCHER_TYPES.put("EXACT", ExactUrlPatternMatcherStrategy.class);
    }
}
