package com.yonyou.yht.web.cas;

import com.yonyou.yht.sdk.ISessionStore;
import com.yonyou.yht.sdk.SessionStoreFactory;
import com.yonyou.yht.sdkutils.StringUtils;
import com.yonyou.yht.sdkutils.YhtClientPropertyUtil;
import com.yonyou.yht.security.esapi.EncryptException;
import com.yonyou.yht.security.utils.TokenGenerator;
import com.yonyou.yht.utils.SdkUtils;
import com.yonyou.yht.web.cas.sso.SingleSignOutHandler;
import com.yonyou.yht.web.cas.sso.entity.TenantUser;
import com.yonyou.yht.web.cas.util.CasClientUtils;
import com.yonyou.yht.web.cas.util.SsoClientHelper;
import java.io.BufferedReader;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.PrintWriter;
import java.io.StringWriter;
import java.net.URLEncoder;
import java.util.Arrays;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.List;
import java.util.Properties;
import java.util.Timer;
import java.util.TimerTask;
import javax.net.ssl.HostnameVerifier;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import net.sf.json.JSONObject;
import org.jasig.cas.client.authentication.AttributePrincipal;
import org.jasig.cas.client.proxy.AbstractEncryptedProxyGrantingTicketStorageImpl;
import org.jasig.cas.client.proxy.Cas20ProxyRetriever;
import org.jasig.cas.client.proxy.CleanUpTimerTask;
import org.jasig.cas.client.proxy.ProxyGrantingTicketStorage;
import org.jasig.cas.client.proxy.ProxyGrantingTicketStorageImpl;
import org.jasig.cas.client.ssl.HttpsURLConnectionFactory;
import org.jasig.cas.client.util.AbstractCasFilter;
import org.jasig.cas.client.util.CommonUtils;
import org.jasig.cas.client.util.ReflectUtils;
import org.jasig.cas.client.validation.Assertion;
import org.jasig.cas.client.validation.Cas20ProxyTicketValidator;
import org.jasig.cas.client.validation.Cas20ServiceTicketValidator;
import org.jasig.cas.client.validation.TicketValidationException;
import org.jasig.cas.client.validation.TicketValidator;

/* loaded from: input_file:com/yonyou/yht/web/cas/ProxyReceivingTicketValidationFilter.class */
public class ProxyReceivingTicketValidationFilter extends AbstractCasFilter {
    private static final String[] RESERVED_INIT_PARAMS = {"proxyGrantingTicketStorageClass", "proxyReceptorUrl", "acceptAnyProxy", "allowedProxyChains", "casServerUrlPrefix", "proxyCallbackUrl", "renew", "exceptionOnValidationFailure", "redirectAfterValidation", "useSession", "serverName", SingleSignOutHandler.DEFAULT_REDIRECR_URL_NAME, "artifactParameterName", "serviceParameterName", "encodeServiceUrl", "millisBetweenCleanUps", "hostnameVerifier", "encoding", "config", "ticketValidatorClass"};
    private static final int DEFAULT_MILLIS_BETWEEN_CLEANUPS = 60000;
    private String proxyReceptorUrl;
    private Timer timer;
    private TimerTask timerTask;
    private int millisBetweenCleanUps;
    private TicketValidator ticketValidator;
    public static boolean needSelectEnterpriseAccount;
    private boolean redirectAfterValidation = true;
    private boolean redirectAfterTokenValidation = false;
    private boolean exceptionOnValidationFailure = false;
    private boolean useSession = true;
    private boolean useAccessToken = true;
    private ProxyGrantingTicketStorage proxyGrantingTicketStorage = new ProxyGrantingTicketStorageImpl();

    /* JADX INFO: Access modifiers changed from: protected */
    public void initInternal(FilterConfig filterConfig) throws ServletException {
        setProxyReceptorUrl(getPropertyFromInitParams(filterConfig, "proxyReceptorUrl", null));
        String propertyFromInitParams = getPropertyFromInitParams(filterConfig, "proxyGrantingTicketStorageClass", null);
        if (propertyFromInitParams != null) {
            this.proxyGrantingTicketStorage = (ProxyGrantingTicketStorage) ReflectUtils.newInstance(propertyFromInitParams, new Object[0]);
            if (this.proxyGrantingTicketStorage instanceof AbstractEncryptedProxyGrantingTicketStorageImpl) {
                AbstractEncryptedProxyGrantingTicketStorageImpl abstractEncryptedProxyGrantingTicketStorageImpl = this.proxyGrantingTicketStorage;
                String propertyFromInitParams2 = getPropertyFromInitParams(filterConfig, "cipherAlgorithm", "DESede");
                String propertyFromInitParams3 = getPropertyFromInitParams(filterConfig, "secretKey", null);
                abstractEncryptedProxyGrantingTicketStorageImpl.setCipherAlgorithm(propertyFromInitParams2);
                if (propertyFromInitParams3 != null) {
                    try {
                        abstractEncryptedProxyGrantingTicketStorageImpl.setSecretKey(propertyFromInitParams3);
                    } catch (Exception e) {
                        throw new RuntimeException(e);
                    }
                }
            }
        }
        this.logger.trace("Setting proxyReceptorUrl parameter: {}", this.proxyReceptorUrl);
        this.millisBetweenCleanUps = Integer.parseInt(getPropertyFromInitParams(filterConfig, "millisBetweenCleanUps", Integer.toString(DEFAULT_MILLIS_BETWEEN_CLEANUPS)));
        setExceptionOnValidationFailure(parseBoolean(getPropertyFromInitParams(filterConfig, "exceptionOnValidationFailure", "false")));
        this.logger.trace("Setting exceptionOnValidationFailure parameter: {}", Boolean.valueOf(this.exceptionOnValidationFailure));
        setRedirectAfterValidation(parseBoolean(getPropertyFromInitParams(filterConfig, "redirectAfterValidation", "true")));
        this.logger.trace("Setting redirectAfterValidation parameter: {}", Boolean.valueOf(this.redirectAfterValidation));
        setRedirectAfterTokenValidation(parseBoolean(getPropertyFromInitParams(filterConfig, "redirectAfterTokenValidation", "false")));
        this.logger.trace("Setting redirectAfterValidation parameter: {}", Boolean.valueOf(this.redirectAfterValidation));
        setUseSession(parseBoolean(getPropertyFromInitParams(filterConfig, "useSession", "true")));
        this.logger.trace("Setting useSession parameter: {}", Boolean.valueOf(this.useSession));
        if (!this.useSession && this.redirectAfterValidation) {
            this.logger.warn("redirectAfterValidation parameter may not be true when useSession parameter is false. Resetting it to false in order to prevent infinite redirects.");
            setRedirectAfterValidation(false);
        }
        setTicketValidator(getTicketValidator(filterConfig));
        super.initInternal(filterConfig);
        String propertyByKey = YhtClientPropertyUtil.getPropertyByKey("servername");
        if (CommonUtils.isNotBlank(propertyByKey)) {
            setServerName(propertyByKey);
        } else {
            setServerName(getPropertyFromInitParams(filterConfig, "serverName", null));
        }
        String propertyByKey2 = YhtClientPropertyUtil.getPropertyByKey("useAccessToken");
        if (CommonUtils.isNotBlank(propertyByKey2)) {
            setUseAccessToken(parseBoolean(propertyByKey2));
        } else {
            setUseAccessToken(parseBoolean(getPropertyFromInitParams(filterConfig, "useAccessToken", "true")));
        }
    }

    public void init() {
        super.init();
        CommonUtils.assertNotNull(this.proxyGrantingTicketStorage, "proxyGrantingTicketStorage cannot be null.");
        CommonUtils.assertNotNull(this.ticketValidator, "ticketValidator cannot be null.");
        if (this.timer == null) {
            this.timer = new Timer(true);
        }
        if (this.timerTask == null) {
            this.timerTask = new CleanUpTimerTask(this.proxyGrantingTicketStorage);
        }
        this.timer.schedule(this.timerTask, this.millisBetweenCleanUps, this.millisBetweenCleanUps);
    }

    private <T> T createNewTicketValidator(String str, String str2, Class<T> cls) {
        return CommonUtils.isBlank(str) ? (T) ReflectUtils.newInstance(cls, new Object[]{str2}) : (T) ReflectUtils.newInstance(str, new Object[]{str2});
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final TicketValidator getTicketValidator(FilterConfig filterConfig) {
        Cas20ServiceTicketValidator cas20ServiceTicketValidator;
        String propertyFromInitParams = getPropertyFromInitParams(filterConfig, "acceptAnyProxy", null);
        String propertyFromInitParams2 = getPropertyFromInitParams(filterConfig, "allowedProxyChains", null);
        String casUrl = getCasUrl(filterConfig);
        String propertyFromInitParams3 = getPropertyFromInitParams(filterConfig, "ticketValidatorClass", null);
        if (CommonUtils.isNotBlank(propertyFromInitParams) || CommonUtils.isNotBlank(propertyFromInitParams2)) {
            Cas20ServiceTicketValidator cas20ServiceTicketValidator2 = (Cas20ProxyTicketValidator) createNewTicketValidator(propertyFromInitParams3, casUrl, Cas20ProxyTicketValidator.class);
            cas20ServiceTicketValidator2.setAcceptAnyProxy(parseBoolean(propertyFromInitParams));
            cas20ServiceTicketValidator2.setAllowedProxyChains(CommonUtils.createProxyList(propertyFromInitParams2));
            cas20ServiceTicketValidator = cas20ServiceTicketValidator2;
        } else {
            cas20ServiceTicketValidator = (Cas20ServiceTicketValidator) createNewTicketValidator(propertyFromInitParams3, casUrl, WithTenantServiceTicketValidator.class);
        }
        cas20ServiceTicketValidator.setProxyCallbackUrl(getPropertyFromInitParams(filterConfig, "proxyCallbackUrl", null));
        cas20ServiceTicketValidator.setProxyGrantingTicketStorage(this.proxyGrantingTicketStorage);
        HttpsURLConnectionFactory httpsURLConnectionFactory = new HttpsURLConnectionFactory(getHostnameVerifier(filterConfig), getSSLConfig(filterConfig));
        cas20ServiceTicketValidator.setURLConnectionFactory(httpsURLConnectionFactory);
        cas20ServiceTicketValidator.setProxyRetriever(new Cas20ProxyRetriever(casUrl, getPropertyFromInitParams(filterConfig, "encoding", null), httpsURLConnectionFactory));
        cas20ServiceTicketValidator.setRenew(parseBoolean(getPropertyFromInitParams(filterConfig, "renew", "false")));
        cas20ServiceTicketValidator.setEncoding(getPropertyFromInitParams(filterConfig, "encoding", null));
        HashMap hashMap = new HashMap();
        List asList = Arrays.asList(RESERVED_INIT_PARAMS);
        Enumeration initParameterNames = filterConfig.getInitParameterNames();
        while (initParameterNames.hasMoreElements()) {
            String str = (String) initParameterNames.nextElement();
            if (!asList.contains(str)) {
                hashMap.put(str, filterConfig.getInitParameter(str));
            }
        }
        cas20ServiceTicketValidator.setCustomParameters(hashMap);
        return cas20ServiceTicketValidator;
    }

    public void destroy() {
        super.destroy();
        this.timer.cancel();
    }

    protected final boolean preFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        String requestURI = httpServletRequest.getRequestURI();
        if (CommonUtils.isEmpty(this.proxyReceptorUrl) || !requestURI.endsWith(this.proxyReceptorUrl)) {
            return true;
        }
        try {
            CommonUtils.readAndRespondToProxyReceptorRequest(httpServletRequest, httpServletResponse, this.proxyGrantingTicketStorage);
            return false;
        } catch (RuntimeException e) {
            this.logger.error(e.getMessage(), e);
            throw e;
        }
    }

    public final void setProxyReceptorUrl(String str) {
        this.proxyReceptorUrl = str;
    }

    public void setProxyGrantingTicketStorage(ProxyGrantingTicketStorage proxyGrantingTicketStorage) {
        this.proxyGrantingTicketStorage = proxyGrantingTicketStorage;
    }

    public void setTimer(Timer timer) {
        this.timer = timer;
    }

    public void setTimerTask(TimerTask timerTask) {
        this.timerTask = timerTask;
    }

    public void setMillisBetweenCleanUps(int i) {
        this.millisBetweenCleanUps = i;
    }

    protected final Properties getSSLConfig(FilterConfig filterConfig) {
        Properties properties = new Properties();
        String propertyFromInitParams = getPropertyFromInitParams(filterConfig, "sslConfigFile", null);
        if (propertyFromInitParams != null) {
            FileInputStream fileInputStream = null;
            try {
                try {
                    fileInputStream = new FileInputStream(propertyFromInitParams);
                    properties.load(fileInputStream);
                    this.logger.trace("Loaded {} entries from {}", Integer.valueOf(properties.size()), propertyFromInitParams);
                    CommonUtils.closeQuietly(fileInputStream);
                } catch (IOException e) {
                    this.logger.error(e.getMessage(), e);
                    CommonUtils.closeQuietly(fileInputStream);
                }
            } catch (Throwable th) {
                CommonUtils.closeQuietly(fileInputStream);
                throw th;
            }
        }
        return properties;
    }

    protected final HostnameVerifier getHostnameVerifier(FilterConfig filterConfig) {
        String propertyFromInitParams = getPropertyFromInitParams(filterConfig, "hostnameVerifier", null);
        this.logger.trace("Using hostnameVerifier parameter: {}", propertyFromInitParams);
        String propertyFromInitParams2 = getPropertyFromInitParams(filterConfig, "hostnameVerifierConfig", null);
        this.logger.trace("Using hostnameVerifierConfig parameter: {}", propertyFromInitParams2);
        if (propertyFromInitParams != null) {
            return propertyFromInitParams2 != null ? (HostnameVerifier) ReflectUtils.newInstance(propertyFromInitParams, new Object[]{propertyFromInitParams2}) : (HostnameVerifier) ReflectUtils.newInstance(propertyFromInitParams, new Object[0]);
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void onSuccessfulValidation(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Assertion assertion) {
    }

    protected void onFailedValidation(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        if (preFilter(servletRequest, servletResponse, filterChain)) {
            HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
            HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
            String retrieveTicketFromRequest = retrieveTicketFromRequest(httpServletRequest);
            String constructServiceUrl2 = constructServiceUrl2(httpServletRequest, httpServletResponse);
            if (CommonUtils.isNotBlank(retrieveTicketFromRequest)) {
                this.logger.debug("Attempting to validate ticket: {}", retrieveTicketFromRequest);
                if (httpServletRequest.getAttribute("_const_cas_assertion_") != null) {
                    if (this.redirectAfterValidation) {
                        this.logger.debug("Redirecting after successful ticket validation.");
                        setEncodeServiceUrl(false);
                        httpServletResponse.sendRedirect(constructServiceUrl2);
                        return;
                    }
                    filterChain.doFilter(httpServletRequest, httpServletResponse);
                }
                try {
                    Assertion validate = this.ticketValidator.validate(retrieveTicketFromRequest, constructServiceUrl2);
                    this.logger.debug("Successfully authenticated user: {}", validate.getPrincipal().getName());
                    httpServletRequest.setAttribute("_const_cas_assertion_", validate);
                    if (this.useSession) {
                        httpServletRequest.getSession().setAttribute("_const_cas_assertion_", validate);
                    }
                    createToken(retrieveTicketFromRequest, validate, httpServletResponse);
                    saveAssertion(retrieveTicketFromRequest, validate);
                    onSuccessfulValidation(httpServletRequest, httpServletResponse, validate);
                    saveLoginInfo(retrieveTicketFromRequest, validate, httpServletRequest, httpServletResponse);
                    if (needSelectEnterpriseAccount) {
                        filterChain.doFilter(httpServletRequest, httpServletResponse);
                        return;
                    } else if (this.redirectAfterValidation) {
                        this.logger.debug("Redirecting after successful ticket validation.");
                        setEncodeServiceUrl(false);
                        httpServletResponse.sendRedirect(constructServiceUrl2);
                        return;
                    }
                } catch (TicketValidationException e) {
                    this.logger.error("ticket validation error", e);
                    onFailedValidation(httpServletRequest, httpServletResponse);
                    if (this.exceptionOnValidationFailure) {
                        throw new ServletException(e);
                    }
                    processError(httpServletResponse, 403, e);
                    return;
                } catch (Throwable th) {
                    this.logger.error("Validation error", th);
                    processError(httpServletResponse, 403, th);
                    return;
                }
            }
            if (isUseAccessToken()) {
                String retrieveAccessToken = SdkUtils.retrieveAccessToken(httpServletRequest);
                if (CommonUtils.isNotBlank(retrieveAccessToken)) {
                    this.logger.info("Valiate  access token");
                    if (null != SdkUtils.getAssertionFromToken(retrieveAccessToken)) {
                        this.logger.info("access token already login");
                        filterChain.doFilter(httpServletRequest, httpServletResponse);
                        return;
                    }
                    try {
                        if (this.ticketValidator instanceof WithTenantServiceTicketValidator) {
                            Assertion validateToken = this.ticketValidator.validateToken(retrieveAccessToken, constructServiceUrl(httpServletRequest, httpServletResponse));
                            this.logger.debug("Successfully authenticated user: {}", validateToken.getPrincipal().getName());
                            httpServletRequest.setAttribute("_const_cas_assertion_", validateToken);
                            if (this.useSession) {
                                httpServletRequest.getSession().setAttribute("_const_cas_assertion_", validateToken);
                            }
                            SdkUtils.saveTokenAssertion(retrieveAccessToken, validateToken);
                            onSuccessfulValidation(httpServletRequest, httpServletResponse, validateToken);
                            if (isRedirectAfterTokenValidation()) {
                                if (needSelectEnterpriseAccount) {
                                    filterChain.doFilter(httpServletRequest, httpServletResponse);
                                    return;
                                }
                                this.logger.debug("Redirecting after successful access token validation.");
                                setEncodeServiceUrl(false);
                                this.logger.debug("redirect url {}", constructServiceUrl2);
                                httpServletResponse.sendRedirect(constructServiceUrl2);
                                return;
                            }
                        }
                    } catch (TicketValidationException e2) {
                        this.logger.error("access token validation error", e2);
                        onFailedValidation(httpServletRequest, httpServletResponse);
                        if (this.exceptionOnValidationFailure) {
                            throw new ServletException(e2);
                        }
                        processFailed(httpServletRequest, httpServletResponse, e2);
                        return;
                    } catch (Throwable th2) {
                        this.logger.error(" access token validation error", th2);
                        processFailed(httpServletRequest, httpServletResponse, th2);
                        return;
                    }
                }
            }
            filterChain.doFilter(httpServletRequest, httpServletResponse);
        }
    }

    public String convertStreamToString(InputStream inputStream) {
        BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(inputStream));
        StringBuilder sb = new StringBuilder();
        while (true) {
            try {
                String readLine = bufferedReader.readLine();
                if (readLine == null) {
                    break;
                }
                sb.append(readLine);
            } catch (IOException e) {
                e.printStackTrace();
            }
        }
        return sb.toString();
    }

    private void processError(HttpServletResponse httpServletResponse, int i, Throwable th) {
        String message = th.getMessage();
        StringWriter stringWriter = new StringWriter();
        th.printStackTrace(new PrintWriter(stringWriter));
        String stringWriter2 = stringWriter.toString();
        if (StringUtils.isNotBlank(message)) {
            message = xssSafeReplace(message);
        }
        if (StringUtils.isNotBlank(stringWriter2)) {
            stringWriter2 = xssSafeReplace(stringWriter2);
        }
        this.logger.info("build error html status {} and msg [{}]", Integer.valueOf(i), message);
        InputStream inputStream = null;
        try {
            try {
                httpServletResponse.setStatus(i);
                httpServletResponse.setContentType("text/html;charset=UTF-8");
                inputStream = getClass().getClassLoader().getResourceAsStream("error.html");
                String replace = convertStreamToString(inputStream).replace("%s", message).replace("#$#", stringWriter2);
                this.logger.debug("build error html status {} and page [{}]", Integer.valueOf(i), message);
                httpServletResponse.getWriter().write(replace);
                httpServletResponse.getWriter().flush();
                if (inputStream != null) {
                    if (stringWriter != null) {
                        try {
                            stringWriter.close();
                        } catch (IOException e) {
                            e.printStackTrace();
                        }
                    }
                    inputStream.close();
                }
            } catch (Throwable th2) {
                if (inputStream != null) {
                    if (stringWriter != null) {
                        try {
                            stringWriter.close();
                        } catch (IOException e2) {
                            e2.printStackTrace();
                            throw th2;
                        }
                    }
                    inputStream.close();
                }
                throw th2;
            }
        } catch (Throwable th3) {
            this.logger.error("failed", th3);
            if (inputStream != null) {
                if (stringWriter != null) {
                    try {
                        stringWriter.close();
                    } catch (IOException e3) {
                        e3.printStackTrace();
                    }
                }
                inputStream.close();
            }
        }
    }

    public String xssSafeReplace(String str) {
        return StringUtils.isNotBlank(str) ? str.replaceAll("[<>'\"]", "") : str;
    }

    private void processFailed(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Throwable th) {
        this.logger.info("return relogin message ");
        try {
            httpServletResponse.setStatus(200);
            httpServletResponse.setContentType("application/json;charset=UTF-8");
            JSONObject jSONObject = new JSONObject();
            jSONObject.put("needrelogin", true);
            jSONObject.put("status", 0);
            jSONObject.put("msg", "请登录后再执行操作");
            String jSONObject2 = jSONObject.toString();
            PrintWriter writer = httpServletResponse.getWriter();
            writer.write(jSONObject2);
            writer.flush();
        } catch (IOException e) {
            this.logger.error("failed", e);
        }
    }

    public String retrieveValueFromRequest(HttpServletRequest httpServletRequest, String str) {
        return CommonUtils.safeGetParameter(httpServletRequest, str, Arrays.asList(str));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void saveLoginInfo(String str, Assertion assertion, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
    }

    public final void setTicketValidator(TicketValidator ticketValidator) {
        this.ticketValidator = ticketValidator;
    }

    public final void setRedirectAfterValidation(boolean z) {
        this.redirectAfterValidation = z;
    }

    public final void setExceptionOnValidationFailure(boolean z) {
        this.exceptionOnValidationFailure = z;
    }

    public final void setUseSession(boolean z) {
        this.useSession = z;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void createToken(String str, Assertion assertion, HttpServletResponse httpServletResponse) {
        Object obj;
        if (httpServletResponse != null) {
            httpServletResponse.addHeader("P3P", "CP=CAO PSA OUR");
        }
        AttributePrincipal principal = assertion.getPrincipal();
        String str2 = "";
        if (principal != null && (obj = principal.getAttributes().get("userId")) != null) {
            str2 = obj.toString();
        }
        if (CommonUtils.isBlank(str2)) {
            return;
        }
        String savedUserId = SdkUtils.getSavedUserId(str, str2);
        ISessionStore sessionStore = SessionStoreFactory.getSessionStore();
        TenantUser user = sessionStore.getUser(savedUserId);
        if (user != null) {
            String str3 = "";
            try {
                str3 = TokenGenerator.genToken(savedUserId, user.getLoginTs().longValue(), sessionStore.findSeed());
            } catch (EncryptException e) {
                this.logger.error("Fail to generate cookie!", e);
            }
            HashMap hashMap = new HashMap();
            hashMap.put(CasClientUtils.COOKIE_USERNAME_KEY, savedUserId);
            hashMap.put(CasClientUtils.COOKIE_TOKEN_KEY, str3);
            for (String str4 : hashMap.keySet()) {
                Cookie cookie = new Cookie(str4, URLEncoder.encode((String) hashMap.get(str4)));
                cookie.setPath("/");
                cookie.setMaxAge(0);
                cookie.setHttpOnly(true);
                httpServletResponse.addCookie(cookie);
            }
            return;
        }
        TenantUser tenantUser = new TenantUser();
        tenantUser.setUserId(savedUserId);
        long currentTimeMillis = System.currentTimeMillis();
        tenantUser.setLoginTs(Long.valueOf(currentTimeMillis));
        String str5 = "";
        try {
            str5 = TokenGenerator.genToken(savedUserId, currentTimeMillis, sessionStore.findSeed());
        } catch (EncryptException e2) {
            this.logger.error("Fail to generate cookie!", e2);
        }
        HashMap hashMap2 = new HashMap();
        hashMap2.put(CasClientUtils.COOKIE_USERNAME_KEY, savedUserId);
        hashMap2.put(CasClientUtils.COOKIE_TOKEN_KEY, str5);
        tenantUser.setCreationTime(currentTimeMillis);
        tenantUser.setLastTimeUsed(currentTimeMillis);
        for (String str6 : hashMap2.keySet()) {
            Cookie cookie2 = new Cookie(str6, URLEncoder.encode((String) hashMap2.get(str6)));
            cookie2.setPath("/");
            cookie2.setMaxAge(-1);
            cookie2.setHttpOnly(true);
            httpServletResponse.addCookie(cookie2);
        }
        try {
            sessionStore.setUser(savedUserId, tenantUser);
        } catch (Exception e3) {
            this.logger.error("登陆信息写入到redis缓存中失败", e3);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void saveAssertion(String str, Assertion assertion) {
        Object obj;
        if (assertion != null) {
            AttributePrincipal principal = assertion.getPrincipal();
            String str2 = "";
            if (principal != null && (obj = principal.getAttributes().get("userId")) != null) {
                str2 = obj.toString();
            }
            if (str2 == null || str2.equalsIgnoreCase("")) {
                return;
            }
            SessionStoreFactory.getSessionStore().setAssertion(str + "__" + str2, assertion);
        }
    }

    private String getCasUrl(FilterConfig filterConfig) {
        String propertyByKey = YhtClientPropertyUtil.getPropertyByKey("cas.url");
        if (CommonUtils.isBlank(propertyByKey)) {
            propertyByKey = getPropertyFromInitParams(filterConfig, "casServerUrlPrefix", null);
        }
        return propertyByKey;
    }

    public boolean isRedirectAfterTokenValidation() {
        return this.redirectAfterTokenValidation;
    }

    public void setRedirectAfterTokenValidation(boolean z) {
        this.redirectAfterTokenValidation = z;
    }

    public boolean isUseAccessToken() {
        return this.useAccessToken;
    }

    public void setUseAccessToken(boolean z) {
        this.useAccessToken = z;
    }

    protected final String constructServiceUrl2(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        return SsoClientHelper.constructServiceUrl(httpServletRequest, httpServletResponse, null, AuthenticationFilter2.myServerName, SingleSignOutHandler.DEFAULT_ARTIFACT_PARAMETER_NAME, true);
    }
}
