package com.nariit.pi6000.ua.filter;

import com.google.common.net.HttpHeaders;
import com.nariit.pi6000.framework.remoting.HessianClient;
import com.nariit.pi6000.framework.remoting.ServiceFactory;
import com.nariit.pi6000.framework.util.StringUtil;
import com.nariit.pi6000.ua.bizc.IFuncBizc;
import com.nariit.pi6000.ua.bizc.IMenuBizc;
import com.nariit.pi6000.ua.bizc.IRoleResPrvBizc;
import com.nariit.pi6000.ua.cache.PXCacheManager;
import com.nariit.pi6000.ua.cas.client.util.AssertionHolder;
import com.nariit.pi6000.ua.constant.CacheConstant;
import com.nariit.pi6000.ua.integrate.vo.User;
import com.nariit.pi6000.ua.session.HttpSessionManager;
import com.nariit.pi6000.ua.util.WebUtil;
import io.dcloud.common.DHInterface.IFeature;
import java.io.IOException;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import net.sf.ehcache.Cache;
import net.sf.ehcache.Element;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Component;

@Component
/* loaded from: classes3.dex */
public class MenuAccessFilter extends AccessControlFilter {
    static Logger log = LoggerFactory.getLogger(MenuAccessFilter.class);

    @HessianClient("pi6000-ua-web")
    IFuncBizc funcBizc;

    @HessianClient("pi6000-ua-web")
    IMenuBizc menuBizc;

    private boolean checkMenuPathAccess(Set<String> set, String str) {
        if (set.size() <= 0 || str == null) {
            return false;
        }
        String extractURLParam = WebUtil.extractURLParam(str, "pmID");
        Iterator<String> it = set.iterator();
        while (it.hasNext()) {
            if (it.next().indexOf(extractURLParam) > -1) {
                return true;
            }
        }
        return false;
    }

    private boolean checkUrlPerm(String str, ServletRequest servletRequest) {
        try {
            Set<String> pMUrlPermission = getPMUrlPermission((HttpServletRequest) servletRequest);
            if (pMUrlPermission != null) {
                if (checkMenuPathAccess(pMUrlPermission, str)) {
                    return true;
                }
            }
        } catch (Exception unused) {
        }
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        Set<String> menuPermission = getMenuPermission(httpServletRequest);
        if (menuPermission != null && checkMenuPathAccess(menuPermission, str)) {
            return true;
        }
        Set<String> uRLPermission = getURLPermission(httpServletRequest);
        if (uRLPermission == null) {
            return false;
        }
        Iterator<String> it = uRLPermission.iterator();
        while (it.hasNext()) {
            if (this.matcher.matches(it.next(), str)) {
                return true;
            }
        }
        return false;
    }

    private Cache getCache() {
        return PXCacheManager.getInstance().getCache(CacheConstant.USER_URL_PERMISSION_CACHE);
    }

    private Set<String> getMenuPermission(HttpServletRequest httpServletRequest) {
        String str = "MENU_" + HttpSessionManager.getSessionId(httpServletRequest);
        Cache cache = getCache();
        Element element = cache != null ? cache.get(str) : null;
        String userIDFromSession = getUserIDFromSession(httpServletRequest);
        if (userIDFromSession == null) {
            return null;
        }
        if (element != null) {
            return ((Map) element.getObjectValue()).keySet();
        }
        Map<String, String> menusAcePrvByUsrID = this.menuBizc.getMenusAcePrvByUsrID(userIDFromSession, this.ua.getAppID());
        cache.put(new Element(str, menusAcePrvByUsrID));
        if (log.isInfoEnabled()) {
            Iterator<Map.Entry<String, String>> it = menusAcePrvByUsrID.entrySet().iterator();
            while (it.hasNext()) {
                log.info("已授权的菜单：{}", it.next().getKey());
            }
        }
        return menusAcePrvByUsrID.keySet();
    }

    private Set<String> getURLPermission(HttpServletRequest httpServletRequest) {
        String str = "URL_" + HttpSessionManager.getSessionId(httpServletRequest);
        Cache cache = getCache();
        Element element = cache.get(str);
        String userIDFromSession = getUserIDFromSession(httpServletRequest);
        if (userIDFromSession == null) {
            return null;
        }
        if (element != null) {
            return ((Map) element.getObjectValue()).keySet();
        }
        Map<String, String> funcServicePrvByUsrID = this.funcBizc.getFuncServicePrvByUsrID(userIDFromSession, this.ua.getAppID());
        cache.put(new Element(str, funcServicePrvByUsrID));
        if (log.isInfoEnabled()) {
            Iterator<Map.Entry<String, String>> it = funcServicePrvByUsrID.entrySet().iterator();
            while (it.hasNext()) {
                log.info("已授权的URL：{}", it.next().getKey());
            }
        }
        return funcServicePrvByUsrID.keySet();
    }

    private String getUserIDFromSession(HttpServletRequest httpServletRequest) {
        Object attribute = HttpSessionManager.getAttribute(httpServletRequest, HttpSessionManager.USER_ID_KEY);
        if (attribute != null) {
            return attribute.toString();
        }
        return null;
    }

    public Set<String> getPMUrlPermission(HttpServletRequest httpServletRequest) {
        String str = "PMURL_" + HttpSessionManager.getSessionId(httpServletRequest);
        Cache cache = getCache();
        Element element = cache.get(str);
        String userIDFromSession = getUserIDFromSession(httpServletRequest);
        if (userIDFromSession == null) {
            return null;
        }
        if (element != null) {
            return ((Map) element.getObjectValue()).keySet();
        }
        Map<String, String> pMServicePrvByUsrID = ((IRoleResPrvBizc) ServiceFactory.getUAService(IRoleResPrvBizc.class)).getPMServicePrvByUsrID(userIDFromSession, this.ua.getAppID());
        cache.put(new Element(str, pMServicePrvByUsrID));
        if (log.isDebugEnabled()) {
            Iterator<Map.Entry<String, String>> it = pMServicePrvByUsrID.entrySet().iterator();
            while (it.hasNext()) {
                log.info("已授权的PMURL：{}", it.next().getKey());
            }
        }
        return pMServicePrvByUsrID.keySet();
    }

    public String getUnauthorizedUrl(ServletRequest servletRequest) {
        return this.auth.getUnauthURL();
    }

    @Override // com.nariit.pi6000.ua.filter.AccessControlFilter
    protected boolean isAccessAllowed(ServletRequest servletRequest, ServletResponse servletResponse) throws Exception {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        String pathWithinApplication = WebUtil.getPathWithinApplication(httpServletRequest);
        if (this.auth.isIgnoreUrl(pathWithinApplication)) {
            return true;
        }
        if (this.ua.isSSO()) {
            if (AssertionHolder.getAssertion() != null) {
                if (AssertionHolder.getAssertion().getPrincipal().getName() != null) {
                    if (checkUrlPerm(pathWithinApplication, servletRequest)) {
                        return true;
                    }
                    redirectToUnauthorized(servletRequest, servletResponse);
                    return false;
                }
            } else if (((User) httpServletRequest.getSession().getAttribute(HttpSessionManager.ISC_USER_OBJECT_KEY)) != null) {
                if (checkUrlPerm(pathWithinApplication, servletRequest)) {
                    return true;
                }
                redirectToUnauthorized(servletRequest, servletResponse);
                return false;
            }
        }
        if (isLoginRequest(servletRequest, servletResponse)) {
            return true;
        }
        if (HttpSessionManager.isAuthc(servletRequest)) {
            return checkUrlPerm(pathWithinApplication, servletRequest);
        }
        return false;
    }

    @Override // com.nariit.pi6000.ua.filter.AccessControlFilter
    protected boolean onAccessDenied(ServletRequest servletRequest, ServletResponse servletResponse) throws Exception {
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        String header = ((HttpServletRequest) servletRequest).getHeader(HttpHeaders.X_REQUESTED_WITH);
        if (HttpSessionManager.isAuthc(servletRequest)) {
            if (StringUtil.equalsIgnoreCase(header, IFeature.F_XMLHTTPREQUEST)) {
                httpServletResponse.setHeader("sessionstate", "authfailed");
                httpServletResponse.setHeader("redirecturl", this.ua.getRedirectUrl(servletRequest));
                return false;
            }
            redirectToUnauthorized(servletRequest, servletResponse);
        } else {
            if (StringUtil.equalsIgnoreCase(header, IFeature.F_XMLHTTPREQUEST)) {
                httpServletResponse.setHeader("sessionstate", "timeout");
                httpServletResponse.setHeader("redirecturl", this.ua.getRedirectUrl(servletRequest));
                return false;
            }
            saveRequestAndRedirectToLogin(servletRequest, servletResponse);
        }
        return false;
    }

    public void redirectToUnauthorized(ServletRequest servletRequest, ServletResponse servletResponse) throws IOException {
        WebUtil.clearSavedRequest(servletRequest);
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        if (httpServletResponse.isCommitted()) {
            return;
        }
        httpServletResponse.sendRedirect(WebUtil.getContextPath((HttpServletRequest) servletRequest) + getUnauthorizedUrl(servletRequest));
        servletResponse.flushBuffer();
    }
}
