package com.cisdigital.ua.cas.client.core.filter;

import com.cisdigital.ua.cas.client.core.consts.CasConsts;
import com.cisdigital.ua.cas.client.core.exception.CasAuthException;
import com.cisdigital.ua.cas.client.core.exception.CasClientException;
import com.cisdigital.ua.cas.client.core.exception.ClassInstanceException;
import com.cisdigital.ua.cas.client.core.handler.HandlerUtils;
import com.cisdigital.ua.cas.client.core.handler.IAuthPostHandler;
import com.cisdigital.ua.cas.client.core.loginbiz.UserRedirectMananger;
import com.cisdigital.ua.cas.client.core.model.SecurityUserInfo;
import com.cisdigital.ua.cas.client.core.properties.CasClientProperties;
import com.cisdigital.ua.cas.client.core.properties.PropertiesManagerContainer;
import com.cisdigital.ua.cas.client.core.utils.ClassUtils;
import com.cisdigital.ua.cas.client.core.utils.CookieUtil;
import com.cisdigital.ua.cas.client.core.utils.StringUtils;
import com.cisdigital.ua.cas.client.core.utils.UrlConstructor;
import com.cisdigital.ua.cas.client.core.validate.CasAuthValidateManager;
import com.cisdigital.ua.cas.client.core.validate.CasValidate;
import java.io.IOException;
import java.util.Date;
import java.util.List;
import java.util.Map;
import java.util.TreeMap;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.jasig.cas.client.util.CommonUtils;

/* loaded from: input_file:lib/ua-client-cas-core-1.0.4.jar:com/cisdigital/ua/cas/client/core/filter/AuthenticationFilter.class */
public class AuthenticationFilter implements Filter {
    private static final Log log = LogFactory.getLog(AuthenticationFilter.class);
    private CasValidate casValidate;
    private Filter securityFilter;
    private CasClientProperties casClientProperties;
    private String callBackUrl;
    private List<IAuthPostHandler> postHandlers;
    private UserRedirectMananger userRedirectManager;

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        if (!isCallBackUri(httpServletRequest.getServletPath())) {
            if (StringUtils.isEmpty(httpServletRequest.getServletPath())) {
                httpServletRequest.getRequestURI();
            }
            log.debug("preppare to execute securityFilter.doFilter");
            this.securityFilter.doFilter(servletRequest, servletResponse, filterChain);
            return;
        }
        log.debug("in call_back.jsp.......................,para=" + httpServletRequest.getQueryString());
        try {
            log.debug("Prepare to connect to CAS auth tickect.....");
            SecurityUserInfo auth = this.casValidate.auth(httpServletRequest, httpServletResponse);
            log.debug("CAS auth tickect ok,return casuser=" + auth.getCasUser() + " bizsysUser=" + auth.getUserName());
            onSuccessAuth(httpServletRequest, httpServletResponse, auth);
        } catch (CasAuthException e) {
            onFailureAuth(httpServletRequest, httpServletResponse);
        }
    }

    public void destroy() {
    }

    private void onSuccessAuth(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, SecurityUserInfo securityUserInfo) throws IOException {
        log.debug("in onSuccessAuth, to execute.....");
        for (int i = 0; i < this.postHandlers.size(); i++) {
            IAuthPostHandler iAuthPostHandler = this.postHandlers.get(i);
            try {
                iAuthPostHandler.handle(httpServletRequest, httpServletResponse, securityUserInfo, true);
            } catch (Exception e) {
                log.error("登录后处理[" + iAuthPostHandler.getClass().getName() + "]发生异常", e);
            }
        }
        if (this.casClientProperties.getIsCluster()) {
            CookieUtil.addCookie(httpServletResponse, this.casClientProperties.getDomain(), this.casClientProperties.getPlatName() + CasConsts.SESSION_URL, new Date().toString(), 0);
        }
        CookieUtil.addCookie(httpServletResponse, this.casClientProperties.getDomain(), this.casClientProperties.getPlatName() + CasConsts.CAS_USER_ATTRIBUTE_NAME, securityUserInfo.getCasUser(), 0);
        sendRedirectOnSuccess(httpServletRequest, httpServletResponse, securityUserInfo);
    }

    private void onFailureAuth(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        for (IAuthPostHandler iAuthPostHandler : this.postHandlers) {
            try {
                iAuthPostHandler.handle(httpServletRequest, httpServletResponse, null, false);
            } catch (Exception e) {
                log.error("登录后处理[" + iAuthPostHandler.getClass().getName() + "]发生异常", e);
            }
        }
        forwardToErrorPage(httpServletRequest, httpServletResponse);
    }

    protected void sendRedirectOnSuccess(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, SecurityUserInfo securityUserInfo) throws IOException {
        String appDefaultTargetUrl = this.casClientProperties.getAppDefaultTargetUrl();
        String parameter = httpServletRequest.getParameter(UrlConstructor.ORIGINAL_TARGET_URI);
        if (!appDefaultTargetUrl.startsWith("http://") && !appDefaultTargetUrl.startsWith("https://")) {
            appDefaultTargetUrl = httpServletRequest.getContextPath() + appDefaultTargetUrl;
        }
        if (!parameter.startsWith("http://") && !parameter.startsWith("https://")) {
            parameter = httpServletRequest.getContextPath() + parameter;
        }
        if (this.casClientProperties.getRedirectToOriginal()) {
            appDefaultTargetUrl = httpServletResponse.encodeRedirectURL(parameter);
        }
        String parameter2 = httpServletRequest.getParameter("sendToSource");
        if (!StringUtils.isEmpty(parameter2) && parameter2.equalsIgnoreCase("true")) {
            httpServletResponse.sendRedirect(httpServletResponse.encodeRedirectURL(parameter));
            return;
        }
        String constructRedirectUrl = this.userRedirectManager.constructRedirectUrl(httpServletRequest, securityUserInfo.getUserName(), appDefaultTargetUrl);
        if (this.casClientProperties.getIsCluster()) {
            if (StringUtils.isEmpty(CookieUtil.getCookieByName(httpServletRequest, this.casClientProperties.getPlatName() + CasConsts.SESSION_URL)) && !StringUtils.isEmpty(constructRedirectUrl)) {
                appDefaultTargetUrl = constructRedirectUrl;
            }
        } else if (!StringUtils.isEmpty(constructRedirectUrl)) {
            appDefaultTargetUrl = constructRedirectUrl;
        }
        String constructUrl = UrlConstructor.constructUrl(appDefaultTargetUrl, constructAwaredServicePropertiesFromRequest(this.casClientProperties, httpServletRequest));
        log.debug("Lastly  response.sendRedirect=" + constructUrl);
        httpServletResponse.sendRedirect(httpServletResponse.encodeRedirectURL(constructUrl));
    }

    private boolean isCallBackUri(String str) {
        return this.callBackUrl.equals(str);
    }

    public void init(FilterConfig filterConfig) throws ServletException {
        log.trace("初始化统一认证客户端...");
        String initParameter = filterConfig.getInitParameter("configFile");
        String str = CommonUtils.isBlank(initParameter) ? "buapx_cas-client.xml" : initParameter;
        log.trace("尝试使用配置文件：" + str);
        PropertiesManagerContainer.init(str);
        try {
            this.casClientProperties = PropertiesManagerContainer.getProperties();
            if (log.isTraceEnabled()) {
                log.trace("配置回调入口.");
            }
            this.callBackUrl = this.casClientProperties.getAppCallBack();
            if (log.isDebugEnabled()) {
                log.debug("callback url:" + this.callBackUrl);
            }
            this.casValidate = new CasAuthValidateManager();
            log.trace("初始化CAS登录验证器...");
            this.casValidate.init(filterConfig);
            this.securityFilter = new SecurityFilter();
            log.trace("初始化安全过滤器...");
            this.securityFilter.init(filterConfig);
            initPostHandlers(this.casClientProperties.getPostHandlers());
            initRedirectManager(this.casClientProperties.getUserRedirectManager());
            log.trace("统一认证客户端初始化完成.");
        } catch (Exception e) {
            if (log.isErrorEnabled()) {
                log.error(e);
            }
            throw new CasClientException(e);
        }
    }

    private void initPostHandlers(String[] strArr) {
        if (log.isTraceEnabled()) {
            log.trace("初始化post handlers...");
        }
        try {
            this.postHandlers = HandlerUtils.getHandler(strArr);
            if (log.isDebugEnabled()) {
                log.debug("post handlers:" + this.postHandlers.size());
            }
        } catch (ClassInstanceException e) {
            if (log.isErrorEnabled()) {
                log.error("后置处理器加载失败：" + e.getMessage(), e);
            }
            throw new CasClientException(e);
        }
    }

    private void initRedirectManager(String str) {
        if (log.isTraceEnabled()) {
            log.trace("初始化userRedirectMananger...");
        }
        try {
            this.userRedirectManager = (UserRedirectMananger) ClassUtils.getInstance(str, UserRedirectMananger.class);
            if (log.isDebugEnabled()) {
                log.debug("post handlers:" + this.postHandlers.size());
            }
        } catch (ClassInstanceException e) {
            if (log.isErrorEnabled()) {
                log.error(e.getMessage());
            }
            throw new CasClientException(e);
        }
    }

    private void forwardToErrorPage(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        try {
            httpServletRequest.getRequestDispatcher(this.casClientProperties.getAuthErrorPage()).forward(httpServletRequest, httpServletResponse);
        } catch (Exception e) {
            log.error(e.getMessage(), e);
        }
    }

    private static Map<String, String> constructAwaredServicePropertiesFromRequest(CasClientProperties casClientProperties, HttpServletRequest httpServletRequest) {
        TreeMap treeMap = new TreeMap();
        String[] awaredServiceProperties = casClientProperties.getAwaredServiceProperties();
        if (awaredServiceProperties != null) {
            for (String str : awaredServiceProperties) {
                String parameter = httpServletRequest.getParameter(str);
                if (!StringUtils.isEmpty(parameter)) {
                    treeMap.put(str, parameter);
                }
            }
        }
        return treeMap;
    }
}
