package com.baosight.buapx.security.filter;

import com.baosight.buapx.security.common.AntPathMatcher;
import com.baosight.buapx.security.common.ClassUtils;
import com.baosight.buapx.security.common.ConstString;
import com.baosight.buapx.security.common.CookieUtil;
import com.baosight.buapx.security.common.PathMatcher;
import com.baosight.buapx.security.common.UrlConstructor;
import com.baosight.buapx.security.exception.BuapxAuthException;
import com.baosight.buapx.security.exception.ClassInstanceException;
import com.baosight.buapx.security.handler.HandlerUtils;
import com.baosight.buapx.security.handler.IAuthPostHandler;
import com.baosight.buapx.security.loginbiz.UserRedirectMananger;
import com.baosight.buapx.security.properties.BuapxClientProperties;
import com.baosight.buapx.security.properties.PropertiesManagerContainer;
import com.baosight.buapx.security.userdetails.SecurityUserInfo;
import com.baosight.buapx.security.validate.BuapxAuthValidateManager;
import com.baosight.buapx.security.validate.IBuapxValidate;
import java.io.IOException;
import java.util.Date;
import java.util.List;
import java.util.Map;
import java.util.TreeMap;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.dom4j.DocumentException;
import org.jasig.cas.client.util.CommonUtils;

/* loaded from: input_file:lib/cas_client_all-1.0.0.jar:com/baosight/buapx/security/filter/BuapxAuthenticationFilter.class */
public class BuapxAuthenticationFilter implements Filter {
    private IBuapxValidate buapxValidate;
    private Filter securityFilter;
    private Filter reloginFilter;
    private BuapxClientProperties buapxClientProperties;
    private String callBackUrl;
    private String reloginUri;
    private List<IAuthPostHandler> postHandlers;
    private UserRedirectMananger userRedirectManager;
    private Log log = LogFactory.getLog(BuapxAuthenticationFilter.class);
    private PathMatcher pathMarch = new AntPathMatcher();

    public void destroy() {
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        SecurityUserInfo auth;
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        if (!isCallBackUri(httpServletRequest.getServletPath())) {
            if (isReloginUri(httpServletRequest.getServletPath())) {
                this.reloginFilter.doFilter(httpServletRequest, httpServletResponse, filterChain);
                return;
            }
            if (StringUtils.isEmpty(httpServletRequest.getServletPath())) {
                httpServletRequest.getRequestURI();
            }
            this.log.debug("preppare to execute  securityFilter.doFilter");
            this.securityFilter.doFilter(servletRequest, servletResponse, filterChain);
            return;
        }
        System.out.print("获取路径:" + httpServletRequest.getServletPath());
        this.log.debug("in call_back.jsp.......................,para=" + httpServletRequest.getQueryString());
        System.out.print("获取参数:" + httpServletRequest.getQueryString());
        try {
            if (this.buapxClientProperties.getClientType().toLowerCase().equals(ConstString.CLIENT_TYPE_LTPA)) {
                String remoteUser = httpServletRequest.getRemoteUser();
                if (StringUtils.isEmpty(remoteUser)) {
                    throw new BuapxAuthException("获取LTPA用户失败");
                }
                auth = new SecurityUserInfo(remoteUser, null, null);
                httpServletRequest.getSession().setAttribute(ConstString.SESSION_URL, auth);
            } else {
                this.log.debug("Prepare to connect to CAS auth tickect.....");
                auth = this.buapxValidate.auth(httpServletRequest, httpServletResponse);
                this.log.debug("CAS auth tickect ok,return casuser=" + auth.getCasUser() + " bizsysUser=" + auth.getUserName());
            }
            onSuccessAuth(httpServletRequest, httpServletResponse, auth);
        } catch (BuapxAuthException e) {
            onFailureAuth(httpServletRequest, httpServletResponse);
        }
    }

    private void onSuccessAuth(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, SecurityUserInfo securityUserInfo) throws IOException {
        this.log.debug("in onSuccessAuth, to execute.....");
        for (int i = 0; i < this.postHandlers.size(); i++) {
            IAuthPostHandler iAuthPostHandler = this.postHandlers.get(i);
            try {
                iAuthPostHandler.handle(httpServletRequest, httpServletResponse, securityUserInfo, true);
            } catch (Exception e) {
                this.log.debug("登录后处理[" + iAuthPostHandler.getClass().getName() + "]发生异常");
                e.printStackTrace();
            }
        }
        if (this.buapxClientProperties.getIsCluster()) {
            CookieUtil.addCookie(httpServletResponse, this.buapxClientProperties.getDomain(), String.valueOf(this.buapxClientProperties.getPlatName()) + ConstString.SESSION_URL, new Date().toString(), 0);
        }
        CookieUtil.addCookie(httpServletResponse, this.buapxClientProperties.getDomain(), String.valueOf(this.buapxClientProperties.getPlatName()) + ConstString.CAS_USER_ATTRIBUTE_NAME, securityUserInfo.getCasUser(), 0);
        sendRedirectOnSuccess(httpServletRequest, httpServletResponse, securityUserInfo);
    }

    private void onFailureAuth(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        for (int i = 0; i < this.postHandlers.size(); i++) {
            IAuthPostHandler iAuthPostHandler = this.postHandlers.get(i);
            try {
                iAuthPostHandler.handle(httpServletRequest, httpServletResponse, null, false);
            } catch (Exception e) {
                this.log.debug("登录后处理[" + iAuthPostHandler.getClass().getName() + "]发生异常");
                e.printStackTrace();
            }
        }
        forwardToErrorPage(httpServletRequest, httpServletResponse);
    }

    protected void sendRedirectOnSuccess(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, SecurityUserInfo securityUserInfo) throws IOException {
        String appDefaultTargetUrl = this.buapxClientProperties.getAppDefaultTargetUrl();
        String parameter = httpServletRequest.getParameter(UrlConstructor.ORIGINAL_TARGET_URI);
        if (!appDefaultTargetUrl.startsWith("http://") && !appDefaultTargetUrl.startsWith("https://")) {
            appDefaultTargetUrl = String.valueOf(httpServletRequest.getContextPath()) + appDefaultTargetUrl;
        }
        if (!parameter.startsWith("http://") && !parameter.startsWith("https://")) {
            parameter = String.valueOf(httpServletRequest.getContextPath()) + parameter;
        }
        if (this.buapxClientProperties.getRedirectToOriginal()) {
            appDefaultTargetUrl = httpServletResponse.encodeRedirectURL(parameter);
        }
        String parameter2 = httpServletRequest.getParameter("sendToSource");
        if (!StringUtils.isEmpty(parameter2) && parameter2.equalsIgnoreCase("true")) {
            httpServletResponse.sendRedirect(httpServletResponse.encodeRedirectURL(parameter));
            return;
        }
        String constructRedirectUrl = this.userRedirectManager.constructRedirectUrl(httpServletRequest, securityUserInfo.getUserName(), appDefaultTargetUrl);
        if (this.buapxClientProperties.getIsCluster()) {
            if (!(!StringUtils.isEmpty(CookieUtil.getCookieByName(httpServletRequest, new StringBuilder(String.valueOf(this.buapxClientProperties.getPlatName())).append(ConstString.SESSION_URL).toString()))) && !StringUtils.isEmpty(constructRedirectUrl)) {
                appDefaultTargetUrl = constructRedirectUrl;
            }
        } else if (!StringUtils.isEmpty(constructRedirectUrl)) {
            appDefaultTargetUrl = constructRedirectUrl;
        }
        String constructUrl = UrlConstructor.constructUrl(appDefaultTargetUrl, constructAwaredServicePropertiesFromRequest(this.buapxClientProperties, httpServletRequest));
        this.log.debug("Lastly  response.sendRedirect=" + constructUrl);
        httpServletResponse.sendRedirect(httpServletResponse.encodeRedirectURL(constructUrl));
    }

    private boolean isCallBackUri(String str) {
        System.out.print(">>>>>>测试有返回地址" + str);
        return this.callBackUrl.equals(str);
    }

    private boolean isReloginUri(String str) {
        return this.reloginUri.equals(str);
    }

    public void init(FilterConfig filterConfig) throws ServletException {
        this.log.trace("初始化统一认证客户端...");
        System.out.print(">>>>>>>>>初始化客户端\n");
        String initParameter = filterConfig.getInitParameter("configFile");
        System.out.print(">>>>>>>>>获取配置文件名称fileName,这里是空很重要:" + initParameter + "\n");
        String str = CommonUtils.isBlank(initParameter) ? "buapx_cas-client22222.xml" : initParameter;
        this.log.trace("尝试使用配置文件：" + str);
        System.out.print(">>>>>>>>>使用配置文件:" + str + "\n");
        PropertiesManagerContainer.init(str);
        try {
            this.buapxClientProperties = (BuapxClientProperties) PropertiesManagerContainer.getProperties(BuapxClientProperties.class);
            if (this.log.isTraceEnabled()) {
                this.log.trace("配置回调入口.");
            }
            this.callBackUrl = this.buapxClientProperties.getAppCallBack();
            System.out.print(">>>>>>>>>>配置回调入口" + this.callBackUrl + "\n");
            if (this.log.isTraceEnabled()) {
                this.log.trace("配置重登陆入口.");
            }
            System.out.print(">>>>>>>>>>配置重登陆入口\n");
            this.reloginUri = this.buapxClientProperties.getAppRelogin();
            if (this.log.isDebugEnabled()) {
                this.log.debug("callback url:" + this.callBackUrl);
            }
            System.out.print(">>>>>>>>>>callback url:" + this.callBackUrl + "\n");
            this.buapxValidate = new BuapxAuthValidateManager();
            this.log.trace("初始化验证器...");
            System.out.print(">>>>>>>>>>初始化验证器\n");
            this.buapxValidate.init(filterConfig);
            this.securityFilter = new BuapxSecurityFilter();
            this.log.trace("初始化安全过滤器...");
            System.out.print(">>>>>>>>>>危险，这里报错点，初始化安全过滤器\n");
            this.securityFilter.init(filterConfig);
            this.reloginFilter = new BuapxReloginFilter();
            this.log.trace("初始化重登陆过滤器...");
            System.out.print(">>>>>>>>>>初始化重登陆过滤器\n");
            this.reloginFilter.init(filterConfig);
            initHandlers(this.buapxClientProperties.getPostHandlers());
            initRedirectManager(this.buapxClientProperties.getUserRedirectManager());
            this.log.trace("统一认证客户端初始化完成.");
            System.out.print(">>>>>>>>>>统一认证客户端初始化完成\n");
        } catch (DocumentException e) {
            e.printStackTrace();
            if (this.log.isErrorEnabled()) {
                this.log.error(e);
            }
            throw new RuntimeException((Throwable) e);
        } catch (IOException e2) {
            if (this.log.isErrorEnabled()) {
                this.log.error(e2);
            }
            e2.printStackTrace();
            throw new RuntimeException(e2);
        }
    }

    private void initHandlers(String[] strArr) {
        if (this.log.isTraceEnabled()) {
            this.log.trace("初始化post handlers...");
        }
        System.out.print(">>>>>>>>>>初始化post handlers...\n");
        try {
            this.postHandlers = HandlerUtils.getHandler(strArr, IAuthPostHandler.class);
            if (this.log.isDebugEnabled()) {
                this.log.debug("post handlers:" + this.postHandlers.size());
                System.out.print(">>>>>>>>>>post handlers:" + this.postHandlers.size() + "\n");
            }
        } catch (ClassInstanceException e) {
            if (this.log.isErrorEnabled()) {
                this.log.error(e.getMessage());
            }
            throw new RuntimeException(e);
        }
    }

    private void initRedirectManager(String str) {
        if (this.log.isTraceEnabled()) {
            this.log.trace("初始化userRedirectMananger...");
        }
        System.out.print(">>>>>>>>>>初始化userRedirectManange,以下可能报错\n");
        try {
            this.userRedirectManager = (UserRedirectMananger) ClassUtils.getInstance(str, UserRedirectMananger.class);
            if (this.log.isDebugEnabled()) {
                this.log.debug("post handlers:" + this.postHandlers.size());
            }
        } catch (ClassInstanceException e) {
            if (this.log.isErrorEnabled()) {
                this.log.error(e.getMessage());
            }
            throw new RuntimeException(e);
        }
    }

    private void forwardToErrorPage(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        try {
            httpServletRequest.getRequestDispatcher(this.buapxClientProperties.getAuthErrorPage()).forward(httpServletRequest, httpServletResponse);
        } catch (ServletException e) {
            e.printStackTrace();
        } catch (IOException e2) {
            e2.printStackTrace();
        }
    }

    private static Map<String, String> constructAwaredServicePropertiesFromRequest(BuapxClientProperties buapxClientProperties, HttpServletRequest httpServletRequest) {
        TreeMap treeMap = new TreeMap();
        String[] awaredServiceProperties = buapxClientProperties.getAwaredServiceProperties();
        if (awaredServiceProperties != null) {
            for (String str : awaredServiceProperties) {
                String parameter = httpServletRequest.getParameter(str);
                if (!StringUtils.isEmpty(parameter)) {
                    treeMap.put(str, parameter);
                }
            }
        }
        return treeMap;
    }
}
