package com.xdja.uaas.sso.client.filter;

import com.alibaba.fastjson.JSON;
import com.xdja.uaas.sso.client.filter.HttpUtils;
import com.xdja.uaas.sso.client.filter.ValidationResp;
import com.xdja.uaas.sso.client.util.ValidationUtil;
import java.io.IOException;
import java.io.PrintWriter;
import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/* loaded from: input_file:com/xdja/uaas/sso/client/filter/ValidationFilter.class */
public class ValidationFilter extends AbstractCasFilter {
    public static final String CAS_PERSON_INFO = "cas_person_info";
    private static final String APP_CREDENTIAL = "appCredential";
    private static final String SUCCESS = "0";
    private String casServerValidationUrl;

    public String getCasServerValidationUrl() {
        return this.casServerValidationUrl;
    }

    public void setCasServerValidationUrl(String str) {
        this.casServerValidationUrl = str;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.xdja.uaas.sso.client.filter.AbstractCasFilter
    public void initInternal(FilterConfig filterConfig) throws ServletException {
        super.initInternal(filterConfig);
        setCasServerValidationUrl(getPropertyFromInitParams(filterConfig, AbstractCasFilter.SSO_SERVER_VALIDATION_URL, null));
        ValidationUtil.initLogoutUrl(getPropertyFromInitParams(filterConfig, AbstractCasFilter.SSO_SERVER_LOGOUT_URL, null));
        this.log.trace("加载 CasServerValidationUrl: " + this.casServerValidationUrl);
    }

    @Override // com.xdja.uaas.sso.client.filter.AbstractCasFilter
    public void init() {
        super.init();
        CommonUtils.assertNotNull(this.casServerValidationUrl, "casServerValidationUrl不能为空.");
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        List<String> whiteList = getWhiteList();
        if (whiteList != null && !whiteList.isEmpty() && whiteList.contains(httpServletRequest.getServletPath())) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        String safeGetParameter = CommonUtils.safeGetParameter(httpServletRequest, AbstractCasFilter.USER_CREDENTIAL);
        if (CommonUtils.isBlank(safeGetParameter)) {
            safeGetParameter = CookieUtils.getCookieValue(httpServletRequest, AbstractCasFilter.USER_CREDENTIAL, false);
        }
        if (CommonUtils.isBlank(safeGetParameter)) {
            safeGetParameter = httpServletRequest.getHeader(AbstractCasFilter.USER_CREDENTIAL);
        }
        String header = httpServletRequest.getHeader(APP_CREDENTIAL);
        if (CommonUtils.isBlank(safeGetParameter)) {
            this.log.warn("没有用户凭证信息,校验失败");
            redirectToLogin(httpServletRequest, httpServletResponse);
            return;
        }
        ValidationResp.IdentifyPersonInfoDTO validate = validate(safeGetParameter, header);
        if (validate == null) {
            CookieUtils.addCookie(httpServletResponse, CAS_PERSON_INFO, validate, 0, true);
            CookieUtils.addCookie(httpServletResponse, AbstractCasFilter.USER_CREDENTIAL, safeGetParameter, 0, false);
            fail(httpServletRequest, httpServletResponse);
            redirectToLogin(httpServletRequest, httpServletResponse);
            return;
        }
        httpServletRequest.getSession().setAttribute("SSO_USER", validate.getPersonCode());
        CookieUtils.addCookie(httpServletResponse, CAS_PERSON_INFO, validate, null, true);
        CookieUtils.addCookie(httpServletResponse, AbstractCasFilter.USER_CREDENTIAL, safeGetParameter, null, false);
        success(httpServletRequest, httpServletResponse, safeGetParameter);
        filterChain.doFilter(httpServletRequest, httpServletResponse);
    }

    protected void success(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String str) {
    }

    protected void fail(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
    }

    private void redirectToLogin(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        String constructServiceUrl = constructServiceUrl(httpServletRequest, httpServletResponse);
        if (this.log.isDebugEnabled()) {
            this.log.debug("访问地址: " + constructServiceUrl);
        }
        String constructRedirectUrl = CommonUtils.constructRedirectUrl(this.casServerLoginUrl, getServiceParameterName(), constructServiceUrl);
        if (this.log.isDebugEnabled()) {
            this.log.debug("重定向到 \"" + constructRedirectUrl + "\"");
        }
        if (!isAjaxReq(httpServletRequest)) {
            httpServletResponse.sendRedirect(constructRedirectUrl);
            return;
        }
        httpServletResponse.setStatus(401);
        httpServletResponse.setCharacterEncoding("UTF-8");
        httpServletResponse.setContentType("application/json;charset=UTF-8");
        AuthOrValiError authOrValiError = new AuthOrValiError();
        authOrValiError.setMessage("Ajax请求重定向");
        authOrValiError.setSsoUrl(constructRedirectUrl);
        PrintWriter printWriter = null;
        try {
            printWriter = httpServletResponse.getWriter();
            printWriter.write(JSON.toJSONString(authOrValiError));
            printWriter.flush();
            if (printWriter != null) {
                printWriter.close();
            }
        } catch (Throwable th) {
            if (printWriter != null) {
                printWriter.close();
            }
            throw th;
        }
    }

    public ValidationResp.IdentifyPersonInfoDTO validate(String str, String str2) throws ValidationException {
        String str3 = this.casServerValidationUrl;
        HashMap hashMap = new HashMap(2);
        hashMap.put(AbstractCasFilter.USER_CREDENTIAL, str);
        if (str2 != null && str2.length() > 0) {
            hashMap.put(APP_CREDENTIAL, str2);
        }
        ValidationReq validationReq = new ValidationReq();
        if (this.log.isDebugEnabled()) {
            this.log.debug("校验用户凭证>>>url:【{}】,Header:【{}】,param:【{}】", new Object[]{str3, JSON.toJSONString(hashMap), JSON.toJSONString(validationReq)});
        }
        HttpUtils.ResponseWrap execute = HttpUtils.createGet(str3).addHeaders(hashMap).execute();
        if (execute == null) {
            this.log.error("调用接口失败:返回结果为空,url:【{}】,Header:【{}】,param:【{}】", new Object[]{str3, JSON.toJSONString(hashMap), JSON.toJSONString(validationReq)});
            throw new ValidationException("验证服务无响应");
        }
        if (200 != execute.statusCode()) {
            this.log.error("调用接口失败url:【{}】,Header:【{}】,param:【{}】,:返回HTTP状态码错误{},", new Object[]{str3, JSON.toJSONString(hashMap), JSON.toJSONString(validationReq), Integer.valueOf(execute.statusCode())});
            throw new ValidationException("返回HTTP状态码错误" + execute.statusCode());
        }
        ValidationResp validationResp = (ValidationResp) JSON.parseObject(execute.getString(), ValidationResp.class);
        if (!SUCCESS.equals(validationResp.getCode())) {
            this.log.error("调用接口失败url:【{}】,Header:【{}】,param:【{}】,:返回业务状态码错误：{},错误信息：{}", new Object[]{str3, JSON.toJSONString(hashMap), JSON.toJSONString(validationReq), validationResp.getCode(), validationResp.getMessage()});
            return null;
        }
        if (this.log.isDebugEnabled()) {
            this.log.debug("校验用户凭证>>>url:【{}】,Header:【{}】,param:【{}】, 校验通过", new Object[]{str3, JSON.toJSONString(hashMap), JSON.toJSONString(validationReq)});
        }
        return validationResp.getIdentifyPersonInfo();
    }

    private String constructValidationUrl(String str, String str2) {
        HashMap hashMap = new HashMap(2);
        this.log.debug("Placing URL parameters in map.");
        hashMap.put(AbstractCasFilter.USER_CREDENTIAL, str);
        hashMap.put(getServiceParameterName(), encodeUrl(str2));
        StringBuilder sb = new StringBuilder((hashMap.size() * 10) + this.casServerValidationUrl.length() + 1);
        sb.append(this.casServerValidationUrl);
        int i = 0;
        for (Map.Entry entry : hashMap.entrySet()) {
            String str3 = (String) entry.getKey();
            String str4 = (String) entry.getValue();
            if (str4 != null) {
                int i2 = i;
                i++;
                sb.append((i2 != 0 || this.casServerValidationUrl.contains("?")) ? "&" : "?");
                sb.append(str3);
                sb.append("=");
                sb.append(str4);
            }
        }
        return sb.toString();
    }

    private String encodeUrl(String str) {
        if (str == null) {
            return null;
        }
        try {
            return URLEncoder.encode(str, "UTF-8");
        } catch (UnsupportedEncodingException e) {
            return str;
        }
    }
}
