package com.nariit.pi6000.ua.filter;

import com.jsepc.portal.sso.Helper;
import com.nariit.pi6000.framework.platform.PXBeanFactory;
import com.nariit.pi6000.framework.platform.Platform;
import com.nariit.pi6000.framework.remoting.ServiceFactory;
import com.nariit.pi6000.framework.util.AntPathMatcher;
import com.nariit.pi6000.framework.util.DateUtil;
import com.nariit.pi6000.framework.util.JsonUtil;
import com.nariit.pi6000.framework.util.StringUtil;
import com.nariit.pi6000.ua.bizc.IUserBizc;
import com.nariit.pi6000.ua.cas.client.util.AssertionHolder;
import com.nariit.pi6000.ua.config.AbstractAuthProperties;
import com.nariit.pi6000.ua.config.UaProperties;
import com.nariit.pi6000.ua.controller.AuthController;
import com.nariit.pi6000.ua.exception.LimitedSessionException;
import com.nariit.pi6000.ua.exception.SingleLoginException;
import com.nariit.pi6000.ua.po.User;
import com.nariit.pi6000.ua.session.HttpSessionManager;
import com.nariit.pi6000.ua.util.Mail;
import com.nariit.pi6000.ua.util.MailUtil;
import com.nariit.pi6000.ua.util.WebUtil;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.URLDecoder;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.core.Ordered;
import org.springframework.util.Assert;
import org.springframework.web.filter.OncePerRequestFilter;

/* loaded from: classes3.dex */
public class AuthFilter extends OncePerRequestFilter implements Ordered {
    public static final String KICKOUT_MODE = "kickout";
    public static final String SINGLE_MODE = "single";
    static Logger log = LoggerFactory.getLogger(AuthFilter.class);

    @Value("${px.ua.actionAlarm:false}")
    boolean actionAlarm;
    AntPathMatcher matcher = new AntPathMatcher();
    private int order = 100;

    private void checkLoginMode(User user) {
        String loginMode = ((UaProperties) PXBeanFactory.getBean(UaProperties.class)).getLoginMode();
        if (loginMode.equals("kickout")) {
            HttpSessionManager.kickOutUser(user.getName());
        } else if (loginMode.equals("single")) {
            HttpSessionManager.singleLogin(user.getName());
        }
    }

    private void limitUserSessin() {
        int maxSession = ((UaProperties) PXBeanFactory.getBean(UaProperties.class)).getMaxSession();
        if (maxSession > 0) {
            System.out.println("最大会话数:" + maxSession);
            if (maxSession > 0) {
                HttpSessionManager.limitedSession(maxSession);
            }
        }
    }

    public static void main(String[] strArr) {
        System.out.println("http://localhost:8083/pi6000-ua-web/ua-mgr".replace("ua-mgr", ""));
    }

    private void saveSessionFromSSO(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        String str;
        if (HttpSessionManager.isAuthc(httpServletRequest)) {
            return;
        }
        str = "false";
        User user = null;
        if (((UaProperties) PXBeanFactory.getBean(UaProperties.class)).isJsSSO()) {
            try {
                String newGenerateUserCode = Helper.newGenerateUserCode(httpServletRequest);
                if (StringUtil.isNotEmpty(newGenerateUserCode)) {
                    user = ((IUserBizc) ServiceFactory.getUAService(IUserBizc.class)).getUserById(newGenerateUserCode);
                    log.info("单点登录用户代码:{}", newGenerateUserCode);
                    Assert.notNull(user, "用户实体为空");
                }
            } catch (Exception e) {
                log.error("获取江苏权限用户代码出错", e);
            }
        } else if (AssertionHolder.getAssertion() != null) {
            String name = AssertionHolder.getAssertion().getPrincipal().getName();
            Object obj = AssertionHolder.getAssertion().getPrincipal().getAttributes().get("isweak");
            str = obj != null ? (String) obj : "false";
            if (name != null) {
                try {
                    name = URLDecoder.decode(name, "UTF-8");
                } catch (UnsupportedEncodingException e2) {
                    log.error("解码用户名出错", e2);
                }
                log.info("获取凭证用户:{}", name);
                if (JsonUtil.isJsonObjectString(name)) {
                    String str2 = (String) JsonUtil.parseMap(name).get("iscUserId");
                    log.info("iscUserId:{}", str2);
                    user = ((IUserBizc) ServiceFactory.getUAService(IUserBizc.class)).getUser(str2);
                } else {
                    user = StringUtil.equals(Platform.getProperty("px.ua.authName", AuthController.FULLNAME_MODE), "username") ? ((IUserBizc) ServiceFactory.getUAService(IUserBizc.class)).getUserByLoginName(name) : ((IUserBizc) ServiceFactory.getUAService(IUserBizc.class)).getUserByFullName(name);
                }
                if (user != null) {
                    user.setPwd("");
                }
                Assert.notNull(user, String.format("用户[%s]在PI6000权限系统中不存在，请确认权限服务使用的是用户登录名还是用户的中文名， 请与单点登录服务中的用户名保持一致。", name));
            }
        }
        if (user != null) {
            limitUserSessin();
            checkLoginMode(user);
            setSessionTimeout(httpServletRequest.getSession());
            HttpSessionManager.saveUserSession(httpServletRequest, user, str);
            HttpSessionManager.addAccessTokenCookie(httpServletResponse, user);
        }
    }

    private void sendAlarmMail(String str) {
        if (this.actionAlarm) {
            new ArrayList();
            Mail mail = (Mail) PXBeanFactory.getBean(Mail.class);
            List<String> receiver = mail.getReceiver();
            if (receiver == null || receiver.size() <= 0) {
                return;
            }
            mail.setReceiver(receiver);
            mail.setSubject("越权访问");
            mail.setMessage(str);
            MailUtil.send(mail);
        }
    }

    private void setSessionTimeout(HttpSession httpSession) {
        httpSession.setMaxInactiveInterval(((UaProperties) PXBeanFactory.getBean(UaProperties.class)).getMaxSessionTimeout());
        log.info("设置超时时间之后：{}", Integer.valueOf(httpSession.getMaxInactiveInterval()));
    }

    public boolean authzRequestURL(ServletRequest servletRequest, ServletResponse servletResponse) throws Exception {
        String pathWithinApplication = WebUtil.getPathWithinApplication((HttpServletRequest) servletRequest);
        for (String str : ((AbstractAuthProperties) PXBeanFactory.getBean(AbstractAuthProperties.class)).getLoginAutzPath()) {
            if (isReverseMatch(str, pathWithinApplication)) {
                break;
            }
            if (this.matcher.match(str, pathWithinApplication)) {
                boolean onPreHandle = ((AuthAccessFilter) PXBeanFactory.getBean(AuthAccessFilter.class)).onPreHandle(servletRequest, servletResponse);
                if (!onPreHandle) {
                    log.info("校验登录认证url:{} false", pathWithinApplication);
                }
                return onPreHandle;
            }
        }
        Iterator<String> it = ((AbstractAuthProperties) PXBeanFactory.getBean(AbstractAuthProperties.class)).getUrlAutzPath().iterator();
        while (it.hasNext()) {
            if (this.matcher.match(it.next(), pathWithinApplication)) {
                boolean onPreHandle2 = ((MenuAccessFilter) PXBeanFactory.getBean(MenuAccessFilter.class)).onPreHandle(servletRequest, servletResponse);
                if (!onPreHandle2) {
                    log.info("校验菜单功能url:{} false", pathWithinApplication);
                }
                return onPreHandle2;
            }
        }
        return true;
    }

    protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
        String pathWithinQueryParam = WebUtil.getPathWithinQueryParam(httpServletRequest);
        if (this.matcher.match("/*/logout", pathWithinQueryParam)) {
            HttpSessionManager.logout(httpServletRequest);
        }
        if (((AbstractAuthProperties) PXBeanFactory.getBean(AbstractAuthProperties.class)).validateWhiteList(httpServletRequest)) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        if (((UaProperties) PXBeanFactory.getBean(UaProperties.class)).isSSO()) {
            try {
                saveSessionFromSSO(httpServletRequest, httpServletResponse);
            } catch (LimitedSessionException unused) {
                HttpSessionManager.ssoLogout(httpServletRequest, httpServletResponse);
                return;
            } catch (SingleLoginException unused2) {
                HttpSessionManager.ssoLogout(httpServletRequest, httpServletResponse);
                return;
            }
        }
        String str = "wt:" + WebUtil.getPathWithinApplication(httpServletRequest);
        if (HttpSessionManager.getAttribute(httpServletRequest, str) != null) {
            HttpSessionManager.removeAttribute(httpServletRequest, str);
            ((AbstractAuthProperties) PXBeanFactory.getBean(AbstractAuthProperties.class)).addLoginAuthz(WebUtil.getPathWithinApplication(httpServletRequest));
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        HttpSessionManager.saveClientContext(httpServletRequest);
        log.info("---------------------开始保存AuthFilter 中登录用户上下文----------------------------");
        try {
            boolean authzRequestURL = authzRequestURL(httpServletRequest, httpServletResponse);
            if (authzRequestURL) {
                filterChain.doFilter(httpServletRequest, httpServletResponse);
                log.info("---------------------结束AuthFilter 过滤器----------------------------");
                return;
            }
            log.info("校验：{}：{}  sid:{}", new Object[]{pathWithinQueryParam, Boolean.valueOf(authzRequestURL), HttpSessionManager.getSessionId(httpServletRequest)});
            if (((UaProperties) PXBeanFactory.getBean(UaProperties.class)).isActionAudit() && HttpSessionManager.isAuthc(httpServletRequest)) {
                String str2 = (String) HttpSessionManager.getAttribute(httpServletRequest, HttpSessionManager.USER_ID_KEY);
                String str3 = (String) HttpSessionManager.getAttribute(httpServletRequest, HttpSessionManager.AUTH_USER_KEY);
                String ipAddr = WebUtil.getIpAddr(httpServletRequest);
                String str4 = "用户[" + str3 + "]于[" + DateUtil.formatLongTime(DateUtil.now()) + "]越权访问地址[" + WebUtil.getPathWithinApplication(httpServletRequest) + "]。";
                ((IUserBizc) ServiceFactory.getUAService(IUserBizc.class)).recordActionAuditLog(str2, str3, ((UaProperties) PXBeanFactory.getBean(UaProperties.class)).getAppID(), ipAddr, 1, str4);
                sendAlarmMail(str4);
            }
        } catch (Exception e) {
            log.error("认证异常", e);
        }
    }

    public int getOrder() {
        return this.order;
    }

    public boolean isReverseMatch(String str, String str2) {
        return StringUtil.startsWithIgnoreCase(str, "!") && this.matcher.match(str.substring(1), str2);
    }

    public void setOrder(int i) {
        this.order = i;
    }
}
